Method and apparatus for achieving data security in a distributed cloud computing environment
First Claim
1. Apparatus for providing data storage services for a client, in accordance with a cloud computing model wherein a client platform is operably connected to a cloud storage broker and a plurality of remote cloud storage platforms, the apparatus comprising:
- a user interface at the cloud storage broker;
a cloud storage interface at the cloud storage broker;
a memory at the cloud storage broker; and
at least one processor operably coupled to the user interface, cloud storage interface and memory and configured to;
receive a first client request for cloud storage services associated with a data item;
in response to the first client request, determine a first rule of a plurality of first rules used to divide the data item of the client request into a plurality of data item portions and determine a second rule of a plurality of second rules used to allocate the plurality of the data item portions among the plurality of remote cloud storage platforms;
generate at least one random number;
communicate indicia of the first rule and the second rule and the at least one random number to the client to;
divide the data item into a plurality of data item portions in accordance with the determined first rule of the plurality of first rules, wherein dividing the data item varies independently from other data items and, the at least one random number is used to determine a size of the plurality of the data item portions based on the determined first rule; and
allocate the respective portions among a number of the plurality of remote cloud storage platforms in accordance with the determined second rule of the plurality of second rules, wherein the number of the plurality of remote cloud storage platforms being based on the determined second rule, which defines that the plurality of the data item portions are stored in the at least one random number of the plurality of remote cloud storage platforms, wherein responsive to a second client request for data retrieval services, an inverse of the determined first rule and the determined second rule facilitates retrieval and reassembly of the data item.
4 Assignments
0 Petitions
Accused Products
Abstract
A distributed cloud storage system includes a cloud storage broker logically residing between a client platform and a plurality of remote cloud storage platforms. The cloud storage broker mediates execution of a cloud storage process that involves dividing a data item into multiple portions and allocating the portions to multiple selected cloud storage platforms according to first and second rules defining a key known only to the cloud storage broker or to the client. At some later time when it is desired to retrieve the data item, the key is retrieved from storage and the rules are executed in a reverse fashion to retrieve and reassemble the data item.
-
Citations
20 Claims
-
1. Apparatus for providing data storage services for a client, in accordance with a cloud computing model wherein a client platform is operably connected to a cloud storage broker and a plurality of remote cloud storage platforms, the apparatus comprising:
-
a user interface at the cloud storage broker; a cloud storage interface at the cloud storage broker; a memory at the cloud storage broker; and at least one processor operably coupled to the user interface, cloud storage interface and memory and configured to; receive a first client request for cloud storage services associated with a data item; in response to the first client request, determine a first rule of a plurality of first rules used to divide the data item of the client request into a plurality of data item portions and determine a second rule of a plurality of second rules used to allocate the plurality of the data item portions among the plurality of remote cloud storage platforms; generate at least one random number; communicate indicia of the first rule and the second rule and the at least one random number to the client to; divide the data item into a plurality of data item portions in accordance with the determined first rule of the plurality of first rules, wherein dividing the data item varies independently from other data items and, the at least one random number is used to determine a size of the plurality of the data item portions based on the determined first rule; and allocate the respective portions among a number of the plurality of remote cloud storage platforms in accordance with the determined second rule of the plurality of second rules, wherein the number of the plurality of remote cloud storage platforms being based on the determined second rule, which defines that the plurality of the data item portions are stored in the at least one random number of the plurality of remote cloud storage platforms, wherein responsive to a second client request for data retrieval services, an inverse of the determined first rule and the determined second rule facilitates retrieval and reassembly of the data item. - View Dependent Claims (2, 3)
-
-
4. Apparatus for providing data storage services for a client, in accordance with a cloud computing model wherein a client platform is operably connected to a cloud storage broker and a plurality of remote cloud storage platforms, the apparatus at the cloud storage broker comprising:
-
a user interface; a cloud storage interface; a memory; and at least one processor operably coupled to the user interface, cloud storage interface and memory and configured to; receive a client request for cloud storage services associated with a data item; in response to the client request, determine a first rule of a plurality of first rules used to divide the data item into a plurality of data item portions and determine a second rule of a plurality of second rules used to allocate the plurality of the data item portions among the plurality of remote cloud storage platforms; generate a plurality of random numbers; divide the data item into the plurality of the data item portions of a random size in accordance with the determined first rule of the plurality of first rules, wherein the random size defined by the determined first rule based on at least one of the plurality of random numbers; and allocate respective data portions of the plurality of the data item portions among a number of the plurality of remote cloud storage platforms in accordance with the determined second rule of the plurality of rules, wherein the number of the plurality of remote cloud storage platforms being based on the determined second rule, which uses at least a different one of the plurality of random numbers to define the number of the plurality of remote cloud storage platforms, wherein an inverse of the determined first rule and the determined second rule facilitate retrieval and reassembly of the data item to yield a reassembled data item. - View Dependent Claims (5, 6)
-
-
7. Apparatus for providing data storage services of a client platform, in accordance with a cloud computing model, the client platform operably connected to a cloud storage broker and a plurality of remote cloud storage platforms, the apparatus comprising:
-
a memory; and at least one processor operably coupled to the memory and configured to; send a request for cloud storage services of a data item to the cloud storage broker; responsive to the request, receive by the client platform from the cloud storage broker an indicia of;
(a) selected cloud storage platforms of the plurality of remote cloud storage platforms for cloud storage of the data item, wherein each of the selected cloud storage platforms are to store an allocated portion of the data item;
(b) a first rule that defines a manner of dividing the data item into a plurality of data item portions, wherein consecutive portions of the plurality of the data item portions have different randomly selected sizes and the plurality of the data item portions being respective in number to the selected cloud storage platforms; and
(c) a second rule that defines a manner of allocating the respective ones of the plurality of the data item portions among the selected cloud storage platforms; anddivide, by the client platform, the data item into the plurality of the data item portions according to the first rule and allocate by the client platform the respective ones of the plurality of the data item portions among the selected cloud storage platforms according to the second rule, wherein an inverse of the first rule and the second rule facilitate retrieval and reassembly of the data item to yield a reassembled data item. - View Dependent Claims (8)
-
-
9. A method for providing data storage services in a client in a cloud computing model where a client platform being operably connected to a cloud storage broker and a plurality of remote cloud storage platforms, the method comprising:
-
receiving a client request for cloud storage services associated with a data item, wherein the client request includes security requirements for the data item; choosing selected cloud storage platforms of the plurality of remote cloud storage platforms for cloud storage of the data item; identifying a first rule among a plurality of first rules based on the security requirements, wherein the first rule defines a manner of dividing the data item into a plurality of data item portions, wherein the manner of dividing the data item varies independently from other data items and wherein the plurality of the data item portions have a random size determined by a random number generator; identifying a second rule among a plurality of second rules based on the security requirements, wherein the second rule defines a manner of allocating respective portions of the plurality of the data item portions among a random number of the selected cloud storage platforms, the random number of the selected cloud storage platforms defined by the random number generator, wherein an inverse of the first rule and the second rule facilitate retrieval and reassembly of the data item to yield a reassembled data item; and communicating indicia of the first rule and the second rule to the client, thereby enabling the client to divide the data item into the plurality of the data item portions according to the first rule and to allocate the respective portions of the plurality of the data item portions among the selected cloud storage platforms according to the second rule. - View Dependent Claims (10, 11)
-
-
12. A method for providing data storage services for a client, in accordance with a cloud computing model wherein a client platform is operably connected to a cloud storage broker and a plurality of remote cloud storage platforms, the method comprising:
-
receiving a client request for cloud storage services associated with a data item; choosing selected cloud storage platforms of the plurality of remote cloud storage platforms for cloud storage of the data item; identifying a first rule that defines a manner of dividing the data item into a plurality of data item portions, wherein consecutive portions of the plurality of the data item portions of the data item have different randomly selected sizes; identifying a second rule that defines storing the plurality of the data item portions in a random sequence among the selected cloud storage platforms; obtaining the data item; and dividing the data item into the plurality of the data item portions according to the first rule and allocating respective ones of the plurality of the data item portions among the selected cloud storage platforms according to the second rule, wherein an inverse of the first and second rules facilitating retrieval and reassembly of the data item to yield a reassembled data item. - View Dependent Claims (13, 14)
-
-
15. In a cloud storage system including a client platform operably connected to a cloud storage broker and a plurality of remote cloud storage platforms, a method for providing distributed cloud storage of a data item comprising:
-
dividing the data item into a plurality of data item portions according to a first rule, wherein the first rule defines that consecutive portions of the plurality of the data item portions of the data item have different randomly selected sizes; allocating the plurality of the data item portions to a plurality of selected cloud storage platforms according to a second rule, wherein the second rule defines a random number that determines a number the plurality of selected cloud storage platforms for storing the plurality of the data item portions; and retaining indicia of the first and second rules for later data retrieval, wherein an inverse of the first and the second rule facilitating retrieval and reassembly of the data item to yield a reassembled data item. - View Dependent Claims (16, 17, 18)
-
-
19. Apparatus of a cloud storage broker for providing data storage services, in accordance with a cloud computing model wherein a client platform is operably connected to a cloud storage broker and a plurality of remote cloud storage platforms, the apparatus comprising:
-
a user interface; a cloud storage interface; a memory; and at least one processor operably coupled to the user interface, the cloud storage interface and the memory, the at least one processor configured to; receive a client request for cloud storage services associated with a data item; in response to the client request, determine a first rule of a plurality of first rules for dividing the data item into a plurality of data item portions, and determine a second rule of a plurality of second rules for allocating respective ones of the plurality of the data item portions among the plurality of remote cloud storage platforms, wherein an inverse of the first rule and the second rule facilitating retrieval and reassembly of the data item to yield a reassembled data item; determine whether to participate in data flow for the data item; when participating in the data flow for the data item; divide the data item into the plurality of the data item portions in accordance with the first rule of the plurality of first rules, wherein dividing the plurality of the data item portions such that each varies independently from other data portions of the plurality of the data item portions and a size of the each of the plurality of the data item portions defined by the first rule is determined using at least one random number; and allocate the respective ones of the plurality of the data item portions among the plurality of remote cloud storage platforms in accordance with the second rule of the plurality of second rules, wherein the second rule defines that the plurality of the data item portions are stored in the at least one random number of the plurality of remote cloud storage platforms; and when not participating in the data flow for the data item; communicate indicia of the first rule and the second rule and the at least one random number and second rules to the client platform, thereby enabling the client to divide the data item into the plurality of the data item portions in accordance with the first rule of the plurality of first rules and allocate the respective ones of the plurality of the data item portions among the plurality of remote cloud storage platforms in accordance with the second rule of the plurality of second rules. - View Dependent Claims (20)
-
Specification