Securing backing storage data passed through a network

US 8,726,043 B2
Filed: 04/29/2009
Issued: 05/13/2014
Est. Priority Date: 04/29/2009
Status: Active Grant

First Claim

Patent Images

1. A method to secure data read from a storage device before passing the data to a network, comprising:

reading data from the storage device before passing the data to the network;

evaluating the data to determine whether the data read from the storage device is in encrypted form or whether the data read from the storage device is in unencrypted form, wherein evaluating the data to determine whether the data read from the storage device is in encrypted form comprises examining a table associated with the data read from the storage device;

performing entropy analysis on the data read from the storage device and wherein the evaluating the data comprises determining based on the entropy analysis whether the data read from the storage device is in encrypted form or unencrypted form;

wherein determining based on the entropy analysis whether the data read from the storage device is in encrypted form or unencrypted form includes;

examining each file of data read from the storage device to identify header information indicating that the respective file is either compressed or uncompressed;

identifying each file as either compressed or uncompressed based on the examination of the header information;

performing entropy analysis on the data read from the storage device corresponding to each file that is identified as uncompressed; and

determining based on the entropy analysis whether the data read from the storage device corresponding to each file is in encrypted form;

encrypting the data when the data is determined to be in unencrypted form;

passing the data read from the storage device without further encrypting when it is determined that the data read from the storage device is in encrypted form;

passing the encrypted data to the network; and

storing the encrypted data in a cache.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques described herein generally relate to methods, data processing devices and computer readable media to ensure that data stored in a remote backing storage device are in encrypted form before that data is transferred to another device or over a network. In some examples, the methods, data processing devices and computer readable media may be arranged to encrypt the data passed to the network when the data stored in the backing storage device is in unencrypted form. Also disclosed are methods, data processing devices and computer readable media that identify when the data stored in the backing storage device is in unencrypted form, including methods that may detect that the data may appear to be in encrypted form as a result of the data being compressed.

49 Citations

View as Search Results

13 Claims

1. A method to secure data read from a storage device before passing the data to a network, comprising:
- reading data from the storage device before passing the data to the network;
  
  evaluating the data to determine whether the data read from the storage device is in encrypted form or whether the data read from the storage device is in unencrypted form, wherein evaluating the data to determine whether the data read from the storage device is in encrypted form comprises examining a table associated with the data read from the storage device;
  
  performing entropy analysis on the data read from the storage device and wherein the evaluating the data comprises determining based on the entropy analysis whether the data read from the storage device is in encrypted form or unencrypted form;
  
  wherein determining based on the entropy analysis whether the data read from the storage device is in encrypted form or unencrypted form includes;
  
  examining each file of data read from the storage device to identify header information indicating that the respective file is either compressed or uncompressed;
  
  identifying each file as either compressed or uncompressed based on the examination of the header information;
  
  performing entropy analysis on the data read from the storage device corresponding to each file that is identified as uncompressed; and
  
  determining based on the entropy analysis whether the data read from the storage device corresponding to each file is in encrypted form;
  
  encrypting the data when the data is determined to be in unencrypted form;
  
  passing the data read from the storage device without further encrypting when it is determined that the data read from the storage device is in encrypted form;
  
  passing the encrypted data to the network; and
  
  storing the encrypted data in a cache.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1 wherein performing entropy analysis on the data read from the storage device comprises examining the data read from the storage device to determine a degree of randomness associated with the data.
  - 3. The method of claim 2 wherein examining the data read from the storage device to determine the degree of randomness associated with the data comprises examining the data on a byte-by-byte basis.
  - 4. The method of claim 1, further comprising encrypting the data read from the storage device for each file that is identified as compressed before passing the data read from the storage device corresponding to the file to the network.

5. A remote data storage system including data security, comprising:
- a storage device to store data in either encrypted form or unencrypted form; and
  
  an electronic device coupled to the storage device, the electronic device being configured to;
  
  examine data read from the storage device before the data is passed to a network to identify data read from the storage device as either stored in encrypted form or stored in unencrypted form, wherein the data is identified as either stored in encrypted form or stored in unencrypted form by examination of a table associated with the data read from the storage device;
  
  examine each file of data read from the storage device to identify header information indicating that the respective file is either compressed or uncompressed;
  
  identify each file as either compressed or uncompressed based on the examination of the header information;
  
  perform entropy analysis on the data read from the storage device corresponding to each file that is identified as uncompressed;
  
  determine based on the entropy analysis whether the data read from the storage device corresponding to each file is in encrypted form;
  
  encrypt the data when the data is determined to be in unencrypted form;
  
  pass the data read from the storage device without further encryption when it is determined that the data read from the storage device is in encrypted form; and
  
  pass the encrypted data to the network.
- View Dependent Claims (6, 7, 8, 9)
- - 6. The remote data storage system of claim 5 wherein the electronic device comprises a remote computer system.
  - 7. The remote data storage system of claim 5 wherein the electronic device comprises a controller.
  - 8. The remote data storage system of claim 5 wherein the electronic device further comprises a first component configured to detect a received authentication indication and a second component configured to inhibit output of the data from the remote data storage system when the authentication indication is not detected as received.
  - 9. The remote data storage system of claim 8 wherein the first component configured to detect the received authentication indication comprises a verification module, the verification module including a validation record storing authentication data.

10. A data processing system to secure data transferred over a network, comprising:
- a computer system coupled to the network, comprising;
  
  a processor; and
  
  a data cache configured to store data for use by the processor; and
  
  a remote data storage system coupled to the network, the remote storage system comprising;
  
  a backing storage device configured to store backing storage data in either encrypted form or unencrypted form; and
  
  an electronic device coupled to the backing storage device, the electronic device configured to;
  
  identify the backing storage data as either encrypted or unencrypted and pass the backing storage data to the network, wherein identification of the backing storage data as either encrypted or unencrypted comprises an examination of a table associated with the backing storage data;
  
  examine each file of backing storage data read from the backing storage device to identify header information indicating that the respective file is either compressed or uncompressed;
  
  identify each file as either compressed or uncompressed based on examination of the header information;
  
  perform entropy analysis on the backing storage data read from the backing storage device corresponding to each file that is identified as uncompressed;
  
  determined based on the entropy analysis whether the backing storage data read from the backing storage device corresponding to each file is in encrypted form;
  
  encrypt the backing storage data when the backing storage data is determined to be in unencrypted form;
  
  pass the backing storage data read from the storage device without further encryption when it is determined that the backing storage data read from the backing storage device is in encrypted form; and
  
  pass the encrypted backing storage data to the network.
- View Dependent Claims (11)
- - 11. The data processing system of claim 10 wherein the computer system includes a main memory, and wherein a portion of the main memory is used as the data cache.

12. A non-transitory computer accessible medium having stored thereon computer executable instructions that, when executed by a processing unit, configure the processing unit to:
- read data from a storage device before passing the data to a network, wherein the data is either in encrypted form or unencrypted form;
  
  identify the data read from the storage device as stored in either encrypted form or unencrypted form b examining a table associated with the data read from the storage device;
  
  examine each file of data read from storage device to identify header information indicating that the respective file is either compressed or uncompressed;
  
  identify each file as either compressed or uncompressed based on the examination of the header information;
  
  perform entropy analysis on the data read from the storage device corresponding to each file that is identified as uncompressed;
  
  determined based on the entropy analysis whether the data read from the storage device corresponding to each file is in encrypted form;
  
  pass the data read from the storage device without further encryption when it is determined that the data read from the storage device is in encrypted form;
  
  encrypt the data read from the storage device when the data read from the storage device is identified as stored in the storage device in unencrypted form; and
  
  pass the encrypted data to the network for storage in a cache.
- View Dependent Claims (13)
- - 13. The computer accessible medium of claim 12 further comprising computer executable instructions that, when executed by the processing unit, configure the processing unit to:
    - encrypt the data before the encrypted data is passed to the network when the data read from the storage device is identified as compressed.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Empire Technology Development LLC (Allied Inventors Management, LLC)
Original Assignee
Empire Technology Development LLC (Allied Inventors Management, LLC)
Inventors
Wolfe, Andrew, Conte, Thomas Martin
Primary Examiner(s)
LEMMA, SAMSON B

Application Number

US12/432,661
Publication Number

US 20100281247A1
Time in Patent Office

1,840 Days
Field of Search

713/193, 713/189, 713/150, 713/165, 713/167, 726/3, 726/15
US Class Current

713/193
CPC Class Codes

H04L 2209/08   Randomization, e.g. dummy o...

H04L 9/00   Cryptographic mechanisms or...

H04L 9/0631   Substitution permutation ne...

Securing backing storage data passed through a network

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

49 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Securing backing storage data passed through a network

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

49 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links