Systems and methods for securely deduplicating data owned by multiple entities
First Claim
1. A computer-implemented method for securely deduplicating data owned by multiple entities, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
- identifying a first data segment to store on a third-party storage system that provides storage for a plurality of clients;
identifying a client-specific database maintained by the third-party storage system that contains fingerprints of deduplicated data segments stored on the third-party storage system by a client within the plurality of clients, wherein each fingerprint stored within the client-specific database is encrypted with a client-specific encryption key that is unique to the client;
identifying a third-party database maintained by the third-party storage system that contains fingerprints of deduplicated data segments stored on the third-party storage system by the plurality of clients, wherein each fingerprint stored within the third-party database is encrypted with a third-party public encryption key that is different from the client-specific encryption key;
generating a fingerprint based on the first data segment;
determining, by generating a query using the client-specific encryption key, that the fingerprint is not identified in the client-specific fingerprint database;
determining, by generating a query using the third-party public encryption key, that the fingerprint is not identified in the third-party fingerprint database;
in response to determining that the fingerprint is not identified in both the client-specific fingerprint database and the third-party fingerprint database;
encrypting the first data segment with the third-party public encryption key;
transmitting the encrypted first data segment to the third-party storage system.
7 Assignments
0 Petitions
Accused Products
Abstract
A computer-implemented method for securely deduplicating data owned by multiple entities may include 1) identifying a first data segment to store on a third-party storage system, 2) identifying a client-specific database for fingerprints of deduplicated data segments stored on the third-party storage system, 3) identifying a third-party database for fingerprints of deduplicated data segments stored on the third-party storage system, 4) generating a fingerprint based on the first data segment, 5) determining that the fingerprint is not identified in the client-specific fingerprint database, 6) determining that the fingerprint is not identified in the third-party fingerprint database, 7) encrypting the first data segment with a third-party public encryption key, and then 8) transmitting the encrypted first data segment to the third-party storage system. Various other methods, systems, and computer-readable media are also disclosed.
42 Citations
20 Claims
-
1. A computer-implemented method for securely deduplicating data owned by multiple entities, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
-
identifying a first data segment to store on a third-party storage system that provides storage for a plurality of clients; identifying a client-specific database maintained by the third-party storage system that contains fingerprints of deduplicated data segments stored on the third-party storage system by a client within the plurality of clients, wherein each fingerprint stored within the client-specific database is encrypted with a client-specific encryption key that is unique to the client; identifying a third-party database maintained by the third-party storage system that contains fingerprints of deduplicated data segments stored on the third-party storage system by the plurality of clients, wherein each fingerprint stored within the third-party database is encrypted with a third-party public encryption key that is different from the client-specific encryption key; generating a fingerprint based on the first data segment; determining, by generating a query using the client-specific encryption key, that the fingerprint is not identified in the client-specific fingerprint database; determining, by generating a query using the third-party public encryption key, that the fingerprint is not identified in the third-party fingerprint database; in response to determining that the fingerprint is not identified in both the client-specific fingerprint database and the third-party fingerprint database; encrypting the first data segment with the third-party public encryption key; transmitting the encrypted first data segment to the third-party storage system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A system for securely deduplicating data owned by multiple entities, the system comprising:
at least one processor configured to execute; an identification module that; identifies a first data segment to store on a third-party storage system that provides storage for a plurality of clients; identifies a client-specific database maintained by the third-party storage system that contains fingerprints of deduplicated data segments stored on the third-party storage system by a client within the plurality of clients, wherein each fingerprint stored within the client-specific database is encrypted with a client-specific encryption key that is unique to the client; identifies a third-party database maintained by the third-party storage system that contains fingerprints of deduplicated data segments stored on the third-party storage system by the plurality of clients, wherein each fingerprint stored within the third-party database is encrypted with a third-party public encryption key that is different from the client-specific encryption key; a generation module that generates a fingerprint based on the first data segment; a determination module that; determines, by generating a query using the client-specific encryption key, that the fingerprint is not identified in the client-specific fingerprint database; determines, by generating a query using the third-party public encryption key, that the fingerprint is not identified in the third-party fingerprint database; an encryption module and a transmission module that, in response to the determination that the fingerprint is not identified in both the client-specific fingerprint database and the third-party fingerprint database; encrypt the first data segment with a third-party public encryption key; transmit the encrypted first data segment to the third-party storage system. - View Dependent Claims (15, 16, 17, 18, 19)
-
20. A non-transitory computer-readable-storage medium comprising one or more computer-executable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
-
identify a first data segment to store on a third-party storage system that provides storage for a plurality of clients; identify a client-specific database maintained by the third-party storage system that contains fingerprints of deduplicated data segments stored on the third-party storage system by a client within the plurality of clients, wherein each fingerprint stored within the client-specific database is encrypted with a client-specific encryption key that is unique to the client; identify a third-party database maintained by the third-party storage system that contains fingerprints of deduplicated data segments stored on the third-party storage system by the plurality of clients, wherein each fingerprint stored within the third-party database is encrypted with a third-party public encryption key that is different from the client-specific encryption key; generate a fingerprint based on the first data segment; determine, by generating a query using the client-specific encryption key, that the fingerprint is not identified in the client-specific fingerprint database; determine, by generating a query using the third-party public encryption key, that the fingerprint is not identified in the third-party fingerprint database; in response to determining that the fingerprint is not identified in both the client-specific fingerprint database and the third-party fingerprint database; encrypt the first data segment with the third-party public encryption key; transmit the encrypted first data segment to the third-party storage system.
-
Specification