Cross-region recovery of encrypted, erasure-encoded data
First Claim
1. A computer-implemented method for storing and recovering a data file, the method comprising:
- receiving a data file for storage;
producing encrypted, erasure-encoded fragments from the received data file by using first and second exclusive-OR (XOR) encryption techniques, and by using an XOR-based erasure-encoding technique, the second XOR encryption technique being different than the first XOR encryption technique;
storing at least some of the encrypted, erasure-encoded fragments in a plurality of storage devices, each storage device storing at least one of the encrypted, erasure-encoded fragments;
receiving a request to reconstruct the data file;
retrieving a number of encrypted, erasure-encoded fragments adequate to reconstruct the data file; and
reconstructing the data file from the retrieved, encrypted, erasure-encoded fragments.
1 Assignment
0 Petitions
Accused Products
Abstract
Reliable and efficient storage and reconstruction of secure data files is provided. Encrypted fragments are generated by exclusive-OR (XOR) based erasure-encoding and XOR encryption of data files. At least some of the encrypted fragments, and preferably at least two copies of such encrypted fragments, are stored at two or more locations, such as but not limited to two or more servers in two or more regional storage systems. Fragments are retrieved from one or more of the multiple locations and the original data file is reconstructed, even if different encryption techniques have been used. If not enough valid fragments from that original data file can be identified then hash values, checksums, seeds, and other techniques may be used to distinguish files and to identify related or identical files which may be used to reconstruct the data file.
-
Citations
24 Claims
-
1. A computer-implemented method for storing and recovering a data file, the method comprising:
-
receiving a data file for storage; producing encrypted, erasure-encoded fragments from the received data file by using first and second exclusive-OR (XOR) encryption techniques, and by using an XOR-based erasure-encoding technique, the second XOR encryption technique being different than the first XOR encryption technique; storing at least some of the encrypted, erasure-encoded fragments in a plurality of storage devices, each storage device storing at least one of the encrypted, erasure-encoded fragments; receiving a request to reconstruct the data file; retrieving a number of encrypted, erasure-encoded fragments adequate to reconstruct the data file; and reconstructing the data file from the retrieved, encrypted, erasure-encoded fragments. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer-implemented method for a computer system for storing and recovering a data file, the method comprising:
-
receiving a data file for storage; producing encrypted, erasure-encoded fragments from the received data file using a first exclusive-OR (XOR) encryption technique and an XOR-based erasure-encoding technique, the second XOR encryption technique being different than the first XOR encryption technique; storing at least one of the encrypted, erasure-encoded fragments in at least one storage device; either (1) sending the data file to a regional storage system for XOR encryption using a second XOR encryption technique and the XOR-based erasure-encoding technique, and for storage of at least one encrypted, erasure-encoded fragments produced thereby, or (2) generating fragments from the data file using the XOR-based erasure-encoding technique, and sending the fragments to a regional storage system for XOR encryption using a second XOR encryption technique, and for storage of at least one of the encrypted, erasure-encoded fragments produced thereby; receiving a request to reconstruct the data file; retrieving a number of encrypted, erasure-encoded fragments adequate to reconstruct the data file; and reconstructing the data file from the retrieved, encrypted, erasure-encoded fragments. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A system for storing and recovering a data file, the system comprising a computer, the computer comprising:
-
a memory device containing operating instructions and files; a network interface device for sending and receiving data over a network; a processor, communicatively coupled to the memory device and to network interface device, the processor executing operating instructions to; receive a data file for storage; produce encrypted, erasure-encoded fragments from the received data file using a first exclusive-OR (XOR) encryption technique and an XOR-based erasure-encoding technique; store at least one of the encrypted, erasure-encoded fragments in at least one storage device; either (1) send the data file to a regional storage system for XOR encryption using a second XOR encryption technique and the XOR-based erasure-encoding technique, and for storage of at least one encrypted, erasure-encoded fragments produced thereby, or (2) generate fragments from the data file using the XOR-based erasure-encoding technique, and send the fragments to a regional storage system for XOR encryption using a second XOR encryption technique, and for storage of at least one of the encrypted, erasure-encoded fragments produced thereby; the second XOR encryption technique being different than the first XOR encryption technique; receive a request to reconstruct the data file; retrieve a number of encrypted, erasure-encoded fragments adequate to reconstruct the data file; and reconstruct the data file from the retrieved, encrypted, erasure-encoded fragments. - View Dependent Claims (18, 19, 20)
-
-
21. A computer-readable storage medium having computer-executable instructions stored thereupon for storing and recovering a data file and the instructions, when executed by a computer, cause the computer to:
-
receive a data file for storage; produce encrypted, erasure-encoded fragments from the received data file using a first exclusive-OR (XOR) encryption technique and an XOR-based erasure-encoding technique; store at least one of the encrypted, erasure-encoded fragments in at least one storage device; either (1) send the data file to a regional storage system for XOR encryption using a second XOR encryption technique and the XOR-based erasure-encoding technique, and for storage of at least one encrypted, erasure-encoded fragments produced thereby, or (2) generate fragments from the data file using the XOR-based erasure-encoding technique, and send the fragments to a regional storage system for XOR encryption using a second XOR encryption technique, and for storage of at least one of the encrypted, erasure-encoded fragments produced thereby; the second XOR encryption technique being different than the first XOR encryption technique; receive a request to reconstruct the data file; retrieve a number of encrypted, erasure-encoded fragments adequate to reconstruct the data file; and reconstruct the data file from the retrieved, encrypted, erasure-encoded fragments. - View Dependent Claims (22, 23, 24)
-
Specification