Systems and methods for transformation of logical data objects for storage

US 9,218,297 B2
Filed: 10/21/2014
Issued: 12/22/2015
Est. Priority Date: 05/31/2006
Status: Expired due to Fees

First Claim

Patent Images

1. A method for reading encrypted data from an encrypted logical object comprising a plurality of encrypted storage sections, said method comprising:

receiving, by a processor, a request to read a range of data stored in the encrypted logical object at a particular point in time;

identifying, in a plurality of log records associated with a plurality of encrypted storage sections, all entries related to the range of data in a first encrypted storage section before the particular point in time and including the particular point in time;

selecting each last updated entry from all the entries related to the range of data in the first encrypted storage section;

decrypting encrypted data associated with each selected last updated entry related to the range of data in the first encrypted storage section to generated first decrypted data; and

transmitting the first decrypted data within the range to a requestor.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for encrypting a plaintext logical data object for storage in a storage device operable with at least one storage protocol, creating, reading, writing, optimization and restoring thereof. Encrypting the plaintext logical data object comprises creating in the storage device an encrypted logical data object comprising a header and one or more allocated encrypted sections with predefined size; encrypting one or more sequentially obtained chunks of plaintext data corresponding to the plaintext logical data object thus giving rise to the encrypted data chunks; and sequentially accommodating the processed data chunks into said encrypted sections in accordance with an order said chunks received, wherein said encrypted sections serve as atomic elements of encryption/decryption operations during input/output transactions on the logical data object.

142 Citations

20 Claims

1. A method for reading encrypted data from an encrypted logical object comprising a plurality of encrypted storage sections, said method comprising:
- receiving, by a processor, a request to read a range of data stored in the encrypted logical object at a particular point in time;
  
  identifying, in a plurality of log records associated with a plurality of encrypted storage sections, all entries related to the range of data in a first encrypted storage section before the particular point in time and including the particular point in time;
  
  selecting each last updated entry from all the entries related to the range of data in the first encrypted storage section;
  
  decrypting encrypted data associated with each selected last updated entry related to the range of data in the first encrypted storage section to generated first decrypted data; and
  
  transmitting the first decrypted data within the range to a requestor.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising arranging the first decrypted data in an order in which the data was encrypted prior to transmitting the first decrypted data to the requestor.
  - 3. The method of claim 2, wherein transmitting the first decrypted data comprises transmitting the first decrypted data in an order in which the first encrypted data was stored.
  - 4. The method of claim 1, further comprising:
    - determining, by the processor, that the first encrypted storage section does not comprise all of the range of data; and
      
      identifying, in the plurality of log records, all entries related to the range of data in each remaining encrypted storage section before the particular point in time and including the particular point in time.
  - 5. The method of claim 4, further comprising:
    - selecting each last updated entry from all the entries related to the range of data in each remaining encrypted storage section;
      
      decrypting encrypted data associated with each selected last updated entry related to the range of data in each remaining encrypted storage section to generated remaining decrypted data; and
      
      transmitting the remaining decrypted data within the range to the requestor.
  - 6. The method of claim 5, further comprising:
    - storing the first decrypted data and the remaining decrypted data in cache prior to transmitting the first decrypted data and the remaining decrypted data to the requestor; and
      
      arranging the first decrypted data and the remaining decrypted data in the cache in an order in which the first decrypted data and the remaining decrypted data was stored in the encrypted logical object prior to transmission to the requestor.
  - 7. The method of claim 6, wherein transmitting the first decrypted data and the remaining decrypted data comprises transmitting the first decrypted data and the remaining decrypted data in the order in which the first decrypted data and the remaining decrypted data was stored in the encrypted logical object.

8. A system for reading data from an encrypted logical object, said system comprising:
- a processor; and
  
  a storage device coupled to said processor, wherein the storage device is configured to store computer code that, when executed by the processor, causes the processor to;
  
  receive a request to read a range of data stored in the encrypted logical object at a particular point in time,identify, in a plurality of log records associated with a plurality of encrypted storage sections, all entries related to the range of data in a first encrypted storage section before the particular point in time and including the particular point in time,select each last updated entry from all the entries related to the range of data in the first encrypted storage section,decrypt encrypted data associated with each selected last updated entry related to the range of data in the first encrypted storage section to generated first decrypted data, andtransmit the first decrypted data within the range to a requestor.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein the processor is further configured to arrange the first decrypted data in an order in which the data was encrypted prior to transmitting the first decrypted data to the requestor.
  - 10. The system of claim 8, wherein, when transmitting the first decrypted data, the processor is configured to transmit the first decrypted data in an order in which the first encrypted data was stored.
  - 11. The system of claim 8, wherein the processor is further configured to:
    - determine that the first encrypted storage section does not comprise all of the range of data; and
      
      identify, in the plurality of log records, all entries related to the range of data in each remaining encrypted storage section before the particular point in time and including the particular point in time.
  - 12. The system of claim 11, wherein the processor is further configured to:
    - select each last updated entry from all the entries related to the range of data in each remaining encrypted storage section;
      
      decrypt encrypted data associated with each selected last updated entry related to the range of data in each remaining encrypted storage section to generated remaining decrypted data; and
      
      transmit the remaining decrypted data within the range to the requestor.
  - 13. The system of claim 12, wherein the processor is further configured to:
    - store the first decrypted data and the remaining decrypted data in cache prior to transmitting the first decrypted data and the remaining decrypted data to the requestor; and
      
      arrange the first decrypted data and the remaining decrypted data in the cache in an order in which the first decrypted data and the remaining decrypted data was stored in the encrypted logical object prior to transmission to the requestor.
  - 14. The system of claim 13, wherein, when transmitting the first decrypted data and the remaining decrypted data, the processor is configured to transmit the first decrypted data and the remaining decrypted data in the order in which the first decrypted data and the remaining decrypted data was stored in the encrypted logical object.

15. A computer program product comprising a non-transitory computer-readable medium including a computer-readable program code embodied therein for reading data from an encrypted logical object comprising a plurality of encrypted storage sections, said computer program product comprising:
- computer code for receiving, by a processor, a request to read a range of data stored in the encrypted logical object at a particular point in time;
  
  computer code for identifying, in a plurality of log records associated with a plurality of encrypted storage sections, all entries related to the range of data in a first encrypted storage section before the particular point in time and including the particular point in time;
  
  computer code for selecting each last updated entry from all the entries related to the range of data in the first encrypted storage section;
  
  computer code for decrypting encrypted data associated with each selected last updated entry related to the range of data in the first encrypted storage section to generated first decrypted data; and
  
  computer code for transmitting the first decrypted data within the range to a requestor.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer program product of claim 15, further comprising computer code for arranging the first decrypted data in an order in which the data was encrypted prior to transmitting the first decrypted data to the requestor, wherein the computer code for transmitting the first decrypted data in an order in which the first encrypted data was stored.
  - 17. The computer program product of claim 15, further comprising:
    - computer code for determining, by the processor, that the first encrypted storage section does not comprise all of the range of data; and
      
      computer code for identifying, in the plurality of log records, all entries related to the range of data in each remaining encrypted storage section before the particular point in time and including the particular point in time.
  - 18. The computer program product of claim 17, further comprising:
    - computer code for selecting each last updated entry from all the entries related to the range of data in each remaining encrypted storage section;
      
      computer code for decrypting encrypted data associated with each selected last updated entry related to the range of data in each remaining encrypted storage section to generated remaining decrypted data; and
      
      computer code for transmitting the remaining decrypted data within the range to the requestor.
  - 19. The computer program product of claim 18, further comprising:
    - computer code for storing the first decrypted data and the remaining decrypted data in cache prior to transmitting the first decrypted data and the remaining decrypted data to the requestor; and
      
      computer code for arranging the first decrypted data and the remaining decrypted data in the cache in an order in which the first decrypted data and the remaining decrypted data was stored in the encrypted logical object prior to transmission to the requestor.
  - 20. The computer program product of claim 19, wherein the computer code for transmitting the first decrypted data and the remaining decrypted data comprises computer code for transmitting the first decrypted data and the remaining decrypted data in the order in which the first decrypted data and the remaining decrypted data was stored in the encrypted logical object.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Koifman, Chaim, Kedem, Nadav, Zohar, Avi
Primary Examiner(s)
Truong, Thanhnga B

Application Number

US14/519,481
Publication Number

US 20150074428A1
Time in Patent Office

427 Days
Field of Search

713/181, 713/193, 380/59, 710/68, 707/999.101
US Class Current

1/1
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 16/116   Details of conversion of fi...

G06F 16/1727   Details of free space manag...

G06F 21/602   Providing cryptographic fac...

G06F 2212/1052   Security improvement

H04L 69/04   Protocols for data compress...

H04L 9/0637   Modes of operation, e.g. ci...

Y10S 707/99942   Manipulating data structure...

Systems and methods for transformation of logical data objects for storage

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

142 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for transformation of logical data objects for storage

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

142 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links