Peer to peer key synchronization

US 8,611,542 B1
Filed: 04/26/2007
Issued: 12/17/2013
Est. Priority Date: 04/26/2007
Status: Active Grant

First Claim

Patent Images

1. A system for synchronizing objects over a network, comprising:

a processor;

a memory coupled to the processor;

a sequence counter and a local peer counter maintained in the memory, the sequence counter configured to provide a sequence number to each object that is created or modified at the system, wherein the sequence counter is incremented and a new sequence number is generated when a new object is created or an existing object is modified, wherein the local peer counter indicates a number of objects received from a peer during previous synchronizations and wherein the local peer counter is configured to be sent to the peer so that the system can be updated and synchronized with the peer;

the processor configured to receive a peer counter from the peer, the received peer counter to indicate a number of the objects received by the peer during previous synchronizations, so that after completion of each previous synchronization the peer has all objects created or modified by the system up to a point in time associated with the previous synchronizations; and

the processor further configured to compare the sequence counter to the received peer counter, determine that the system and peer are synchronized if the sequence counter and the received peer counter are the same, and send one or more particular objects having sequence numbers that are greater than the received peer counter and corresponding to the objects created or modified by the system after the previous synchronizations to synchronize the system with the peer if the sequence counter and the received peer counter are not the same.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Apparatus and method for synchronizing objects, e, g., encryption key objects, between pairs of appliances, particularly lifetime key management (LKM) appliances. Each LKM has a local sequence counter where increasing sequence numbers are generated and applied to objects. A peer counter is used to indicate the sequence number of an object synchronized from a peer appliance. When two appliances are synchronized, only those new objects with sequence numbers at least equal to or higher than that within the other appliance are transferred. When synchronized to each other, each appliance will have an up-to-date stored set of objects for all of the appliances in the group. Each object has a unique identification number that are compared to eliminate duplicate objects. During synchronization, if unique identification numbers match between a newly received object and a previously stored key, version numbers may be used to determine which object the receiving appliance should store.

109 Citations

View as Search Results

19 Claims

1. A system for synchronizing objects over a network, comprising:
- a processor;
  
  a memory coupled to the processor;
  
  a sequence counter and a local peer counter maintained in the memory, the sequence counter configured to provide a sequence number to each object that is created or modified at the system, wherein the sequence counter is incremented and a new sequence number is generated when a new object is created or an existing object is modified, wherein the local peer counter indicates a number of objects received from a peer during previous synchronizations and wherein the local peer counter is configured to be sent to the peer so that the system can be updated and synchronized with the peer;
  
  the processor configured to receive a peer counter from the peer, the received peer counter to indicate a number of the objects received by the peer during previous synchronizations, so that after completion of each previous synchronization the peer has all objects created or modified by the system up to a point in time associated with the previous synchronizations; and
  
  the processor further configured to compare the sequence counter to the received peer counter, determine that the system and peer are synchronized if the sequence counter and the received peer counter are the same, and send one or more particular objects having sequence numbers that are greater than the received peer counter and corresponding to the objects created or modified by the system after the previous synchronizations to synchronize the system with the peer if the sequence counter and the received peer counter are not the same.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1 wherein the system and the peer each have a unique global identifier to be distributed to each of the system and the peer.
  - 3. The system of claim 1, wherein each object has a unique global identifier.
  - 4. The system of claim 3 wherein the processor is further configured to execute a duplication identifier process to determine whether a first object received by the system from the peer is a duplicate of a previously received object.
  - 5. The system of claim 4 wherein a version number is associated with each object wherein the version number is incremented whenever each object is modified, wherein if a duplicate object is found and a newly received object has a higher version number, the newly received object replaces a previously received object.
  - 6. The system of claim 1 wherein each object is an encryption key object.
  - 7. The system of claim 1 wherein the system is a lifetime key management appliance.
  - 8. The system of claim 1 wherein the processor is a storage encryption processor.

9. A system for synchronizing encryption keys between a lifetime key management (LKM) appliance and a peer, comprising:
- a processor operatively connected to the LKM appliance and configured to execute a synchronizing process;
  
  the LKM appliance configured to be coupled to the peer using a communications link to receive the encryption keys transmitted from the peer;
  
  the LKM appliance further configured to maintain a local sequence counter to assign sequence numbers to one or more encryption keys created or modified on the LKM appliance, wherein the local sequence counter is incremented and a new sequence number is generated when a new encryption key is added or an existing encryption key is modified;
  
  the LKM appliance further configured to maintain a peer counter to indicate a number of encryption keys received from the peer during previous synchronizations, so that after completion of each previous synchronization the LMK appliance has all encryption keys created or modified by the peer up to a point in time associated with the previous synchronization; and
  
  the LKM appliance further configured to synchronize with the peer by sending the peer counter to the peer, the LKM appliance further configured to receive only the encryption keys, from the peer, having peer sequence numbers that are greater than the peer counter sent from the LKM appliance to the peer and that correspond to encryption keys created or modified by the peer after the previous synchronizations.
- View Dependent Claims (10, 18)
- - 10. The system of claim 9 wherein each encryption key is associated with a key object comprising the encryption key, a unique identifier of the encryption key, a version number of the encryption key, and the sequence number of the encryption key.
  - 18. The system of claim 9 wherein the LKM appliance is further configured to determine that a duplicate object received from the peer has a higher version number than a first object previously received from the peer, the LKM appliance to replace the first object with the duplicate object in response to determining the duplicate object has the higher version number than the first object.

11. A method for synchronizing objects, comprising:
- maintaining, by a node having a processor, a node sequence counter that provides a sequence number to each node object that is created or modified, where the node sequence counter is incremented and a new node sequence number is included when a new node object is created and when an existing node object is modified at the node;
  
  maintaining, by the node, a first peer counter indicating a number of peer objects received by the node from a peer during previous synchronizations so that after completion of each previous synchronization the node has all the peer objects created or modified by the peer up to a point in time associated with the previous synchronization;
  
  sending the first peer counter from the node to the peer; and
  
  receiving, at the node, one or more peer objects stored on the peer, wherein each of the one or more peer objects stored on the peer has a peer sequence number that is greater than the first peer counter received by the peer from the node to synchronize the node and the peer, and wherein each of the one or more peer objects corresponds to the objects created or modified by the peer after the previous synchronizations.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 19)
- - 12. The method of claim 11 further comprising storing at the node the one or more peer objects sent to the node, wherein the one or more peer objects each including an encryption key, a unique identifier of the encryption key, a version number of the encryption key, and a sequence number.
  - 13. The method of claim 11 further comprising associating a first unique global identifier to the node and the peer.
  - 14. The method of claim 11 further comprising associating a unique global identifier to each object that is created or modified.
  - 15. The method of claim 14 further comprising determining that the unique global identifier of a specific object is a duplicate of a previous object previously received from the peer.
  - 16. The method of claim 14 further comprising:
    - associating a version number with each object; and
      
      incrementing the version number when each object is modified.
  - 17. The method of claim 16 further comprising:
    - in response to receiving a duplicate of a previously received object at the node and in response to the duplicate having a higher version number than the previously received object, replacing the previously received object with the duplicate.
  - 19. The method of claim 11 further comprising:
    - sending a second peer counter from the peer to the node indicating a number of the node objects received by the peer from the node during the previous synchronizations so that after completion of each previous synchronization the peer has all node objects created or modified by the node up to the point in time associated with the previous synchronizations; and
      
      receiving, at the peer, one or more node objects stored on the node, wherein each of the one or more node objects stored on the node has a node sequence number that is greater than the second peer counter received by the node from the peer to synchronize the peer and the node, and wherein each of the one or more node objects corresponds to the node objects created or modified by the node after the previous synchronizations.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NetApp, Inc.
Original Assignee
NetApp, Inc.
Inventors
Bojinov, Hristo, Subramanian, Ananthan, Ishii, Hiroshi
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
OLION, BRIAN L

Application Number

US11/740,490
Time in Patent Office

2,427 Days
Field of Search

380/277
US Class Current

380/277
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/061   for key exchange, e.g. in p...

H04L 67/1097   for distributed storage of ...

Peer to peer key synchronization

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

109 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Peer to peer key synchronization

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

109 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links