Method and apparatus for achieving data security in a distributed cloud computing environment

US 9,137,304 B2
Filed: 05/25/2011
Issued: 09/15/2015
Est. Priority Date: 05/25/2011
Status: Active Grant

First Claim

Patent Images

1. Apparatus for providing data storage services for a client, in accordance with a cloud computing model wherein a client platform is operably connected to a cloud storage broker and a plurality of remote cloud storage platforms, the apparatus comprising:

a user interface at the cloud storage broker;

a cloud storage interface at the cloud storage broker;

a memory at the cloud storage broker; and

at least one processor operably coupled to the user interface, cloud storage interface and memory and configured to;

receive a first client request for cloud storage services associated with a data item;

in response to the first client request, determine a first rule of a plurality of first rules used to divide the data item of the client request into a plurality of data item portions and determine a second rule of a plurality of second rules used to allocate the plurality of the data item portions among the plurality of remote cloud storage platforms;

generate at least one random number;

communicate indicia of the first rule and the second rule and the at least one random number to the client to;

divide the data item into a plurality of data item portions in accordance with the determined first rule of the plurality of first rules, wherein dividing the data item varies independently from other data items and, the at least one random number is used to determine a size of the plurality of the data item portions based on the determined first rule; and

allocate the respective portions among a number of the plurality of remote cloud storage platforms in accordance with the determined second rule of the plurality of second rules, wherein the number of the plurality of remote cloud storage platforms being based on the determined second rule, which defines that the plurality of the data item portions are stored in the at least one random number of the plurality of remote cloud storage platforms, wherein responsive to a second client request for data retrieval services, an inverse of the determined first rule and the determined second rule facilitates retrieval and reassembly of the data item.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A distributed cloud storage system includes a cloud storage broker logically residing between a client platform and a plurality of remote cloud storage platforms. The cloud storage broker mediates execution of a cloud storage process that involves dividing a data item into multiple portions and allocating the portions to multiple selected cloud storage platforms according to first and second rules defining a key known only to the cloud storage broker or to the client. At some later time when it is desired to retrieve the data item, the key is retrieved from storage and the rules are executed in a reverse fashion to retrieve and reassemble the data item.

Citations

20 Claims

1. Apparatus for providing data storage services for a client, in accordance with a cloud computing model wherein a client platform is operably connected to a cloud storage broker and a plurality of remote cloud storage platforms, the apparatus comprising:
- a user interface at the cloud storage broker;
  
  a cloud storage interface at the cloud storage broker;
  
  a memory at the cloud storage broker; and
  
  at least one processor operably coupled to the user interface, cloud storage interface and memory and configured to;
  
  receive a first client request for cloud storage services associated with a data item;
  
  in response to the first client request, determine a first rule of a plurality of first rules used to divide the data item of the client request into a plurality of data item portions and determine a second rule of a plurality of second rules used to allocate the plurality of the data item portions among the plurality of remote cloud storage platforms;
  
  generate at least one random number;
  
  communicate indicia of the first rule and the second rule and the at least one random number to the client to;
  
  divide the data item into a plurality of data item portions in accordance with the determined first rule of the plurality of first rules, wherein dividing the data item varies independently from other data items and, the at least one random number is used to determine a size of the plurality of the data item portions based on the determined first rule; and
  
  allocate the respective portions among a number of the plurality of remote cloud storage platforms in accordance with the determined second rule of the plurality of second rules, wherein the number of the plurality of remote cloud storage platforms being based on the determined second rule, which defines that the plurality of the data item portions are stored in the at least one random number of the plurality of remote cloud storage platforms, wherein responsive to a second client request for data retrieval services, an inverse of the determined first rule and the determined second rule facilitates retrieval and reassembly of the data item.
- View Dependent Claims (2, 3)
- - 2. The apparatus of claim 1, further comprising:
    - a rule generator module for creating at least one of the determined first and second rules to be used for respective data storage transactions; and
      
      a file storage index that maintains a database with information on various user data items including the determined first rule and the second rule and the at least one random number used for storing the various user data items.
  - 3. The apparatus of claim 2, wherein the at least one processor is further configured to:
    - receive the second client request for the data retrieval services associated with the data item;
      
      consult the file storage index to identify the indicia of the determined first rule and the determined second rule used to store the data item; and
      
      communicate the indicia, in response to the second client request, of the determined first rule and the determined second rule.

4. Apparatus for providing data storage services for a client, in accordance with a cloud computing model wherein a client platform is operably connected to a cloud storage broker and a plurality of remote cloud storage platforms, the apparatus at the cloud storage broker comprising:
- a user interface;
  
  a cloud storage interface;
  
  a memory; and
  
  at least one processor operably coupled to the user interface, cloud storage interface and memory and configured to;
  
  receive a client request for cloud storage services associated with a data item;
  
  in response to the client request, determine a first rule of a plurality of first rules used to divide the data item into a plurality of data item portions and determine a second rule of a plurality of second rules used to allocate the plurality of the data item portions among the plurality of remote cloud storage platforms;
  
  generate a plurality of random numbers;
  
  divide the data item into the plurality of the data item portions of a random size in accordance with the determined first rule of the plurality of first rules, wherein the random size defined by the determined first rule based on at least one of the plurality of random numbers; and
  
  allocate respective data portions of the plurality of the data item portions among a number of the plurality of remote cloud storage platforms in accordance with the determined second rule of the plurality of rules, wherein the number of the plurality of remote cloud storage platforms being based on the determined second rule, which uses at least a different one of the plurality of random numbers to define the number of the plurality of remote cloud storage platforms, wherein an inverse of the determined first rule and the determined second rule facilitate retrieval and reassembly of the data item to yield a reassembled data item.
- View Dependent Claims (5, 6)
- - 5. The apparatus of claim 4, further comprising:
    - a rule generator module for creating at least one of the first and second rules to be used for respective data storage transactions; and
      
      a file storage index for maintaining a record of an indicia of the first and second rules used for respective data storage transactions, wherein the indicia of the first and second rules includes the at least one of the plurality of random numbers and the at least a different one of the plurality of random numbers.
  - 6. The apparatus of claim 5, wherein the at least one processor is further configured to:
    - receive a client request for data retrieval services associated with the data item;
      
      consult the file storage index to identify the indicia of the determined first rule and the determined second rule that were used for the data storage services of the data item;
      
      execute the inverse of the determined first rule and the determined second rule to retrieve and reassemble the data item, yielding the reassembled data item; and
      
      deliver the reassembled data item in response to the client request.

7. Apparatus for providing data storage services of a client platform, in accordance with a cloud computing model, the client platform operably connected to a cloud storage broker and a plurality of remote cloud storage platforms, the apparatus comprising:
- a memory; and
  
  at least one processor operably coupled to the memory and configured to;
  
  send a request for cloud storage services of a data item to the cloud storage broker;
  
  responsive to the request, receive by the client platform from the cloud storage broker an indicia of;
  
  (a) selected cloud storage platforms of the plurality of remote cloud storage platforms for cloud storage of the data item, wherein each of the selected cloud storage platforms are to store an allocated portion of the data item;
  
  (b) a first rule that defines a manner of dividing the data item into a plurality of data item portions, wherein consecutive portions of the plurality of the data item portions have different randomly selected sizes and the plurality of the data item portions being respective in number to the selected cloud storage platforms; and
  
  (c) a second rule that defines a manner of allocating the respective ones of the plurality of the data item portions among the selected cloud storage platforms; and
  
  divide, by the client platform, the data item into the plurality of the data item portions according to the first rule and allocate by the client platform the respective ones of the plurality of the data item portions among the selected cloud storage platforms according to the second rule, wherein an inverse of the first rule and the second rule facilitate retrieval and reassembly of the data item to yield a reassembled data item.
- View Dependent Claims (8)
- - 8. The apparatus of claim 7, wherein the at least one processor is further configured to:
    - send to the cloud storage broker, a request for data retrieval services associated with the data item;
      
      responsive to the request, receive from the cloud storage broker an indicia of the first rule and the second rule; and
      
      execute the inverse of the first rule and the second rule to retrieve and reassemble the data item from the plurality of the data item portions.

9. A method for providing data storage services in a client in a cloud computing model where a client platform being operably connected to a cloud storage broker and a plurality of remote cloud storage platforms, the method comprising:
- receiving a client request for cloud storage services associated with a data item, wherein the client request includes security requirements for the data item;
  
  choosing selected cloud storage platforms of the plurality of remote cloud storage platforms for cloud storage of the data item;
  
  identifying a first rule among a plurality of first rules based on the security requirements, wherein the first rule defines a manner of dividing the data item into a plurality of data item portions, wherein the manner of dividing the data item varies independently from other data items and wherein the plurality of the data item portions have a random size determined by a random number generator;
  
  identifying a second rule among a plurality of second rules based on the security requirements, wherein the second rule defines a manner of allocating respective portions of the plurality of the data item portions among a random number of the selected cloud storage platforms, the random number of the selected cloud storage platforms defined by the random number generator, wherein an inverse of the first rule and the second rule facilitate retrieval and reassembly of the data item to yield a reassembled data item; and
  
  communicating indicia of the first rule and the second rule to the client, thereby enabling the client to divide the data item into the plurality of the data item portions according to the first rule and to allocate the respective portions of the plurality of the data item portions among the selected cloud storage platforms according to the second rule.
- View Dependent Claims (10, 11)
- - 10. The method of claim 9, further comprising:
    - receiving a client request for data retrieval services associated with the data item;
      
      consulting, in response to the client request, a file storage index to identify the indicia of the first and second rules that were used to store the data item; and
      
      communicating the indicia of the first and second rules to the client platform, thereby enabling the client platform to retrieve and reassemble the plurality of the data item portions according to the inverse of the first and second rule to form the data item.
  - 11. An article of manufacture comprising a processor-readable non-transitory storage medium storing one or more software programs which when executed by a processor associated with a cloud storage broker perform the steps of the method of claim 9.

12. A method for providing data storage services for a client, in accordance with a cloud computing model wherein a client platform is operably connected to a cloud storage broker and a plurality of remote cloud storage platforms, the method comprising:
- receiving a client request for cloud storage services associated with a data item;
  
  choosing selected cloud storage platforms of the plurality of remote cloud storage platforms for cloud storage of the data item;
  
  identifying a first rule that defines a manner of dividing the data item into a plurality of data item portions, wherein consecutive portions of the plurality of the data item portions of the data item have different randomly selected sizes;
  
  identifying a second rule that defines storing the plurality of the data item portions in a random sequence among the selected cloud storage platforms;
  
  obtaining the data item; and
  
  dividing the data item into the plurality of the data item portions according to the first rule and allocating respective ones of the plurality of the data item portions among the selected cloud storage platforms according to the second rule, wherein an inverse of the first and second rules facilitating retrieval and reassembly of the data item to yield a reassembled data item.
- View Dependent Claims (13, 14)
- - 13. The method of claim 12, further comprising:
    - receiving a client request for data retrieval services associated with the data item;
      
      consulting a file storage index to identify indicia of the first and second rules that were used to store the data item;
      
      executing the inverse of the first and second rules to retrieve and reassemble the plurality of the data item portions to yield a reassembled data item; and
      
      delivering the reassembled data item to the client platform.
  - 14. An article of manufacture comprising a processor-readable non-transitory storage medium storing one or more software programs which when executed by a processor associated with a cloud storage platform perform the steps of the method of claim 12.

15. In a cloud storage system including a client platform operably connected to a cloud storage broker and a plurality of remote cloud storage platforms, a method for providing distributed cloud storage of a data item comprising:
- dividing the data item into a plurality of data item portions according to a first rule, wherein the first rule defines that consecutive portions of the plurality of the data item portions of the data item have different randomly selected sizes;
  
  allocating the plurality of the data item portions to a plurality of selected cloud storage platforms according to a second rule, wherein the second rule defines a random number that determines a number the plurality of selected cloud storage platforms for storing the plurality of the data item portions; and
  
  retaining indicia of the first and second rules for later data retrieval, wherein an inverse of the first and the second rule facilitating retrieval and reassembly of the data item to yield a reassembled data item.
- View Dependent Claims (16, 17, 18)
- - 16. The method of claim 15, wherein the step of dividing and allocating is performed by the client platform, responsive to receiving indicia of the first and second rules from the cloud storage broker.
  - 17. The method of claim 15, wherein the step of dividing and allocating is performed by the cloud storage broker.
  - 18. The method of claim 15, further comprising:
    - executing the inverse of the first and second rules to retrieve and reassemble the data item.

19. Apparatus of a cloud storage broker for providing data storage services, in accordance with a cloud computing model wherein a client platform is operably connected to a cloud storage broker and a plurality of remote cloud storage platforms, the apparatus comprising:
- a user interface;
  
  a cloud storage interface;
  
  a memory; and
  
  at least one processor operably coupled to the user interface, the cloud storage interface and the memory, the at least one processor configured to;
  
  receive a client request for cloud storage services associated with a data item;
  
  in response to the client request, determine a first rule of a plurality of first rules for dividing the data item into a plurality of data item portions, and determine a second rule of a plurality of second rules for allocating respective ones of the plurality of the data item portions among the plurality of remote cloud storage platforms, wherein an inverse of the first rule and the second rule facilitating retrieval and reassembly of the data item to yield a reassembled data item;
  
  determine whether to participate in data flow for the data item;
  
  when participating in the data flow for the data item;
  
  divide the data item into the plurality of the data item portions in accordance with the first rule of the plurality of first rules, wherein dividing the plurality of the data item portions such that each varies independently from other data portions of the plurality of the data item portions and a size of the each of the plurality of the data item portions defined by the first rule is determined using at least one random number; and
  
  allocate the respective ones of the plurality of the data item portions among the plurality of remote cloud storage platforms in accordance with the second rule of the plurality of second rules, wherein the second rule defines that the plurality of the data item portions are stored in the at least one random number of the plurality of remote cloud storage platforms; and
  
  when not participating in the data flow for the data item;
  
  communicate indicia of the first rule and the second rule and the at least one random number and second rules to the client platform, thereby enabling the client to divide the data item into the plurality of the data item portions in accordance with the first rule of the plurality of first rules and allocate the respective ones of the plurality of the data item portions among the plurality of remote cloud storage platforms in accordance with the second rule of the plurality of second rules.
- View Dependent Claims (20)
- - 20. The apparatus of claim 19, wherein the at least one processor is further configured to:
    - receive a client request for data retrieval services associated with the data item;
      
      consult a file storage index to identify the indicia of the first rule and the second rule and the at least one random number used to store the data item;
      
      determine whether to participate in data flow for the data item;
      
      when participating in the data flow for the item;
      
      execute the inverse of the first rule and the second rule to retrieve and reassemble the plurality of the data item portions to generate a reassembled data item; and
      
      deliver the reassembled data item to the client platform; and
      
      when not participating in the data flow for the data item;
      
      communicate the indicia of the first rule and the second rule to the client, thereby enabling the client to retrieve and reassemble the plurality of the data item portions according to an inverse of the first rule and the second rule.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Alcatel-Lucent SA (Nokia Corporation)
Original Assignee
Alcatel-Lucent SA (Nokia Corporation)
Inventors
Novotny, Hanan M., DePaul, Kenneth E., Sankalia, Anish, Nta, Patrick, Larsen, Renaud
Primary Examiner(s)
Cho, Un C
Assistant Examiner(s)
Lou, Peian

Application Number

US13/115,599
Publication Number

US 20120303736A1
Time in Patent Office

1,574 Days
Field of Search

709201-203, 709212-226, 709230-232, 709/245, 709/246, 707/609, 707/636, 707/705, 707/715, 707/737, 707/753, 713/165, 726/26
US Class Current

1/1
CPC Class Codes

H04L 67/1008   based on parameters of serv...

H04L 67/101   based on network conditions

H04L 67/1014   based on the content of a r...

H04L 67/1019   Random or heuristic server ...

H04L 67/1021   based on client or server l...

H04L 67/1097   for distributed storage of ...

H04L 67/562   Brokering proxy services

Method and apparatus for achieving data security in a distributed cloud computing environment

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for achieving data security in a distributed cloud computing environment

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links