Securing backing storage data passed through a network
First Claim
1. A method to secure data read from a storage device before passing the data to a network, comprising:
- reading data from the storage device before passing the data to the network;
evaluating the data to determine whether the data read from the storage device is in encrypted form or whether the data read from the storage device is in unencrypted form, wherein evaluating the data to determine whether the data read from the storage device is in encrypted form comprises examining a table associated with the data read from the storage device;
performing entropy analysis on the data read from the storage device and wherein the evaluating the data comprises determining based on the entropy analysis whether the data read from the storage device is in encrypted form or unencrypted form;
wherein determining based on the entropy analysis whether the data read from the storage device is in encrypted form or unencrypted form includes;
examining each file of data read from the storage device to identify header information indicating that the respective file is either compressed or uncompressed;
identifying each file as either compressed or uncompressed based on the examination of the header information;
performing entropy analysis on the data read from the storage device corresponding to each file that is identified as uncompressed; and
determining based on the entropy analysis whether the data read from the storage device corresponding to each file is in encrypted form;
encrypting the data when the data is determined to be in unencrypted form;
passing the data read from the storage device without further encrypting when it is determined that the data read from the storage device is in encrypted form;
passing the encrypted data to the network; and
storing the encrypted data in a cache.
3 Assignments
0 Petitions
Accused Products
Abstract
Techniques described herein generally relate to methods, data processing devices and computer readable media to ensure that data stored in a remote backing storage device are in encrypted form before that data is transferred to another device or over a network. In some examples, the methods, data processing devices and computer readable media may be arranged to encrypt the data passed to the network when the data stored in the backing storage device is in unencrypted form. Also disclosed are methods, data processing devices and computer readable media that identify when the data stored in the backing storage device is in unencrypted form, including methods that may detect that the data may appear to be in encrypted form as a result of the data being compressed.
49 Citations
13 Claims
-
1. A method to secure data read from a storage device before passing the data to a network, comprising:
-
reading data from the storage device before passing the data to the network; evaluating the data to determine whether the data read from the storage device is in encrypted form or whether the data read from the storage device is in unencrypted form, wherein evaluating the data to determine whether the data read from the storage device is in encrypted form comprises examining a table associated with the data read from the storage device; performing entropy analysis on the data read from the storage device and wherein the evaluating the data comprises determining based on the entropy analysis whether the data read from the storage device is in encrypted form or unencrypted form; wherein determining based on the entropy analysis whether the data read from the storage device is in encrypted form or unencrypted form includes; examining each file of data read from the storage device to identify header information indicating that the respective file is either compressed or uncompressed; identifying each file as either compressed or uncompressed based on the examination of the header information; performing entropy analysis on the data read from the storage device corresponding to each file that is identified as uncompressed; and determining based on the entropy analysis whether the data read from the storage device corresponding to each file is in encrypted form; encrypting the data when the data is determined to be in unencrypted form; passing the data read from the storage device without further encrypting when it is determined that the data read from the storage device is in encrypted form; passing the encrypted data to the network; and storing the encrypted data in a cache. - View Dependent Claims (2, 3, 4)
-
-
5. A remote data storage system including data security, comprising:
-
a storage device to store data in either encrypted form or unencrypted form; and an electronic device coupled to the storage device, the electronic device being configured to; examine data read from the storage device before the data is passed to a network to identify data read from the storage device as either stored in encrypted form or stored in unencrypted form, wherein the data is identified as either stored in encrypted form or stored in unencrypted form by examination of a table associated with the data read from the storage device; examine each file of data read from the storage device to identify header information indicating that the respective file is either compressed or uncompressed; identify each file as either compressed or uncompressed based on the examination of the header information; perform entropy analysis on the data read from the storage device corresponding to each file that is identified as uncompressed; determine based on the entropy analysis whether the data read from the storage device corresponding to each file is in encrypted form; encrypt the data when the data is determined to be in unencrypted form; pass the data read from the storage device without further encryption when it is determined that the data read from the storage device is in encrypted form; and pass the encrypted data to the network. - View Dependent Claims (6, 7, 8, 9)
-
-
10. A data processing system to secure data transferred over a network, comprising:
a computer system coupled to the network, comprising; a processor; and a data cache configured to store data for use by the processor; and a remote data storage system coupled to the network, the remote storage system comprising; a backing storage device configured to store backing storage data in either encrypted form or unencrypted form; and an electronic device coupled to the backing storage device, the electronic device configured to; identify the backing storage data as either encrypted or unencrypted and pass the backing storage data to the network, wherein identification of the backing storage data as either encrypted or unencrypted comprises an examination of a table associated with the backing storage data; examine each file of backing storage data read from the backing storage device to identify header information indicating that the respective file is either compressed or uncompressed; identify each file as either compressed or uncompressed based on examination of the header information; perform entropy analysis on the backing storage data read from the backing storage device corresponding to each file that is identified as uncompressed; determined based on the entropy analysis whether the backing storage data read from the backing storage device corresponding to each file is in encrypted form; encrypt the backing storage data when the backing storage data is determined to be in unencrypted form; pass the backing storage data read from the storage device without further encryption when it is determined that the backing storage data read from the backing storage device is in encrypted form; and pass the encrypted backing storage data to the network. - View Dependent Claims (11)
-
12. A non-transitory computer accessible medium having stored thereon computer executable instructions that, when executed by a processing unit, configure the processing unit to:
-
read data from a storage device before passing the data to a network, wherein the data is either in encrypted form or unencrypted form; identify the data read from the storage device as stored in either encrypted form or unencrypted form b examining a table associated with the data read from the storage device; examine each file of data read from storage device to identify header information indicating that the respective file is either compressed or uncompressed; identify each file as either compressed or uncompressed based on the examination of the header information; perform entropy analysis on the data read from the storage device corresponding to each file that is identified as uncompressed; determined based on the entropy analysis whether the data read from the storage device corresponding to each file is in encrypted form; pass the data read from the storage device without further encryption when it is determined that the data read from the storage device is in encrypted form; encrypt the data read from the storage device when the data read from the storage device is identified as stored in the storage device in unencrypted form; and pass the encrypted data to the network for storage in a cache. - View Dependent Claims (13)
-
Specification