Systems and methods for validating ownership of deduplicated data

US 8,769,627 B1
Filed: 12/08/2011
Issued: 07/01/2014
Est. Priority Date: 12/08/2011
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for validating ownership of deduplicated data, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:

identifying a request from a remote client to store a data object in a data store that already comprises an instance of the data object;

in response to the request, verifying that the remote client possesses the data object by issuing, to the remote client;

a random offset;

a random value that is different than the random offset;

a randomized challenge, the randomized challenge comprising a request for an authentication token demonstrating possession of the data object, the authentication token comprising a hash of a combination of the random value and a random sample of the data object, wherein the random sample is based on the random offset;

in response to the randomized challenge, receiving the authentication token from the remote client;

in response to receiving the authentication token from the remote client, storing the data object in the data store on behalf of the remote client.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented method for validating ownership of deduplicated data may include (1) identifying a request from a remote client to store a data object in a data store that already includes an instance of the data object, (2) in response to the request, verifying that the remote client possesses the data object by (i) issuing a randomized challenge to the remote client, the randomized challenge including a random value which, when combined with at least a portion of the data object, produces an authentication token demonstrating possession of the data object and, in response to the randomized challenge, (ii) receiving the authentication token from the remote client; and, in response to receiving the authentication token from the remote client, (3) storing the data object in the data store on behalf of the remote client. Various other methods and systems are also disclosed.

46 Citations

View as Search Results

20 Claims

1. A computer-implemented method for validating ownership of deduplicated data, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
- identifying a request from a remote client to store a data object in a data store that already comprises an instance of the data object;
  
  in response to the request, verifying that the remote client possesses the data object by issuing, to the remote client;
  
  a random offset;
  
  a random value that is different than the random offset;
  
  a randomized challenge, the randomized challenge comprising a request for an authentication token demonstrating possession of the data object, the authentication token comprising a hash of a combination of the random value and a random sample of the data object, wherein the random sample is based on the random offset;
  
  in response to the randomized challenge, receiving the authentication token from the remote client;
  
  in response to receiving the authentication token from the remote client, storing the data object in the data store on behalf of the remote client.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer-implemented method of claim 1, wherein:
    - the data store comprises a deduplicated data store;
      
      storing the data object in the data store on behalf of the remote client comprises adding a reference associating the remote client with the instance of the data object within the deduplicated data store.
  - 3. The computer-implemented method of claim 1, wherein the hash is generated by hashing, using a predetermined hash function, the random sample of the data object with the random value appended.
  - 4. The computer-implemented method of claim 1, wherein the random value is procured using a random number generator.
  - 5. The computer-implemented method of claim 1, wherein the authentication token is smaller than the data object.
  - 6. The computer-implemented method of claim 1, wherein:
    - the data store stores data for a plurality of owners;
      
      an owner within the plurality of owners has access only to data marked as stored by the owner.
  - 7. The computer-implemented method of claim 1, wherein:
    - the request to store the data object in the data store comprises a request to back up the data object to the data store;
      
      the request comprises a fingerprint of the data object to uniquely identify the data object;
      
      verifying that the remote client possesses the data object comprises verifying that the fingerprint is not being used within the request to spoof possession of the data object.

8. A computer-implemented method for validating ownership of deduplicated data, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
- identifying a request from a remote client to retrieve a data object from a data store;
  
  in response to the request, verifying that the remote client is authorized to retrieve the data object by identifying an ownership relation between the remote client and the data object, the ownership relation having been previously generated on the data store based on;
  
  issuing a random offset to the remote client;
  
  issuing a random value that is different than the random offset to the remote client;
  
  issuing a randomized challenge to the remote client, the randomized challenge comprising a request for an authentication token demonstrating possession of the data object, the authentication token comprising a hash of a combination of the random value and a random sample of the data object, wherein the random sample is based on the random offset;
  
  in response to the randomized challenge, receiving the authentication token from the remote client;
  
  in response to identifying the ownership relation between the remote client and the data object, fulfilling the request from the remote client to retrieve the data object from the data store by transmitting the data object to the remote client.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The computer-implemented method of claim 8, wherein:
    - the data store comprises a deduplicated data store;
      
      the ownership relation comprises a reference associating the remote client with an instance of the data object within the deduplicated data store.
  - 10. The computer-implemented method of claim 8, wherein the hash is generated by hashing, using a predetermined hash function, the random sample of the data object with the random value appended.
  - 11. The computer-implemented method of claim 8, wherein the random value is procured using a random number generator.
  - 12. The computer-implemented method of claim 8, wherein the authentication token is smaller than the data object.
  - 13. The computer-implemented method of claim 8, wherein:
    - the data store stores data for a plurality of owners;
      
      an owner within the plurality of owners has access only to data marked as stored by the owner.

14. A system for validating ownership of deduplicated data, the system comprising:
- an identification module programmed to identify a request from a remote client to store a data object in a data store that already comprises an instance of the data object;
  
  a challenge module programmed to, in response to the request, verify that the remote client possesses the data object by issuing, to the remote client;
  
  a random offset;
  
  a random value that is different than the random offset;
  
  a randomized challenge, the randomized challenge comprising a request for an authentication token demonstrating possession of the data object, the authentication token comprising a hash of a combination of the random value and a random sample of at lest a portion of the data object, wherein the random sample is based on the random offset;
  
  an authentication module programmed to, in response to the randomized challenge, receive the authentication token from the remote client;
  
  a storage module programmed to, in response to receiving the authentication token from the remote client, store the data object in the data store on behalf of the remote client;
  
  at least one processor configured to execute the identification module, the challenge module, the authentication module, and the storage module.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The system of claim 14, wherein:
    - the data store comprises a deduplicated data store;
      
      the storage module is programmed to store the data object in the data store on behalf of the remote client by adding a reference associating the remote client with the instance of the data object within the deduplicated data store.
  - 16. The system of claim 14, wherein the hash is generated by hashing, using a predetermined hash function, the random sample of the data object with the random value appended.
  - 17. The system of claim 14, wherein the challenge module procures the random value using a random number generator.
  - 18. The system of claim 14, wherein the authentication token is smaller than the data object.
  - 19. The system of claim 14, wherein:
    - the data store stores data for a plurality of owners,an owner within the plurality of owners has access only to data marked as stored by the owner.
  - 20. The system of claim 14, wherein:
    - the request to store the data object in the data store comprises a request to back up the data object to the data store;
      
      the request comprises a fingerprint of the data object to uniquely identify the data object;
      
      the challenge module is programmed to verify that the remote client possesses the data object by verifying that the fingerprint is not being used within the request to spoof possession of the data object.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Veritas Technologies, LLC (Whitehouse Group Ltd.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Guo, Fanglu, Efstathopoulos, Petros
Primary Examiner(s)
Zecher, Cordelia
Assistant Examiner(s)
MCCOY, RICHARD ANTHONY

Application Number

US13/314,496
Time in Patent Office

936 Days
Field of Search

726/4, 726/5, 726/16, 726/21, 726/23, 726 27- 30, 705901-909, 705 50- 59, 713/159, 713/161, 713/162, 713/167, 713/165, 713/166, 713/170, 713171-181, 713/190, 380/201, 380227-234
US Class Current

726/4
CPC Class Codes

G06F 11/1448   Management of the data invo...

G06F 11/1453   using de-duplication of the...

G06F 11/1464   for networked environments

G06F 16/1748   De-duplication implemented ...

G06F 3/067   Distributed or networked st...

Systems and methods for validating ownership of deduplicated data

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

46 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Systems and methods for validating ownership of deduplicated data

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

46 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others