Secure data deduplication
First Claim
1. A method comprising:
- transmitting to a server for storage, a plurality of data chunks, plain signatures, and encryption signatures, each data chunk being encrypted using an encryption key and associated with a plain signature and an encryption signature, the plain signature being based on an unencrypted version of a data chunk, and the encryption signature being based on an encrypted version of the data chunk;
after the transmitting, requesting and receiving a current encryption key;
encrypting a new data chunk using the current encryption key to obtain a new encryption signature;
transmitting, by a processor of a client, via wired communication network, to a deduplication engine of the server the new encryption signature, and a new plain signature based on an unencrypted version of the new data chunk for the server to compare the new plain signature against the plurality of plain signatures, and the new encryption signature against the plurality of encryption signatures; and
when the new encryption signature does not match an encryption signature of a data chunk encrypted using the encryption key, and the new plain signature matches a plain signature of the data chunk, transmitting to the server the new data chunk encrypted using the current encryption key to replace the data chunk encrypted using the encryption key.
9 Assignments
0 Petitions
Accused Products
Abstract
Data chunks encrypted using an encryption key are backed up to a server. Each chunk is associated with plain and encryption signatures. The plain signature is based on an unencrypted version of a chunk. The encryption signature is based on an encrypted version of the chunk. A new data chunk is identified and a new plain signature for the new chunk is calculated. A request is made for a current key and the new chunk is encrypted using the current key to obtain a new encryption signature. The new encryption and plain signatures are sent to the server for comparison against the existing encryption and plain signatures. If the new encryption signature does not match an encryption signature of an existing chunk and the new plain signature matches a plain signature of the existing chunk, the new chunk is transmitted to the server to replace the existing chunk.
59 Citations
15 Claims
-
1. A method comprising:
-
transmitting to a server for storage, a plurality of data chunks, plain signatures, and encryption signatures, each data chunk being encrypted using an encryption key and associated with a plain signature and an encryption signature, the plain signature being based on an unencrypted version of a data chunk, and the encryption signature being based on an encrypted version of the data chunk; after the transmitting, requesting and receiving a current encryption key; encrypting a new data chunk using the current encryption key to obtain a new encryption signature; transmitting, by a processor of a client, via wired communication network, to a deduplication engine of the server the new encryption signature, and a new plain signature based on an unencrypted version of the new data chunk for the server to compare the new plain signature against the plurality of plain signatures, and the new encryption signature against the plurality of encryption signatures; and when the new encryption signature does not match an encryption signature of a data chunk encrypted using the encryption key, and the new plain signature matches a plain signature of the data chunk, transmitting to the server the new data chunk encrypted using the current encryption key to replace the data chunk encrypted using the encryption key. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system for deduplicating, the system comprising:
-
a processor-based system executed on a computer system and configured to; transmit to a server for storage a plurality of data chunks, plain signatures, and encryption signatures, each data chunk being encrypted using an encryption key and associated with a plain signature and an encryption signature, the plain signature being based on an unencrypted version of a data chunk, and the encryption signature being based on an encrypted version of the data chunk; after the transmission, request and receive a current encryption key; encrypt a new data chunk using the current encryption key to obtain a new encryption signature; transmit, via wired communication network, to a deduplication engine of the server the new encryption signature, and a new plain signature based on an unencrypted version of the new data chunk for the server to compare the new plain signature against the plurality of plain signatures, and the new encryption signature against the plurality of encryption signatures; and when the new encryption signature does not match an encryption signature of a data chunk encrypted using the encryption key, and the new plain signature matches a plain signature of the data chunk, transmit to the server the new data chunk encrypted using the current encryption key to replace the data chunk encrypted using the encryption key. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A computer program product, comprising a non-transitory computer-readable medium having a computer-readable program code embodied therein, the computer-readable program code adapted to be executed by one or more processors to implement a method comprising:
-
transmitting to a server for storage a plurality of data chunks, plain signatures, and encryption signatures, each data chunk being encrypted using an encryption key and associated with a plain signature and an encryption signature, the plain signature being based on an unencrypted version of a data chunk, and the encryption signature being based on an encrypted version of the data chunk; after the transmitting, requesting and receiving a current encryption key; encrypting a new data chunk using the current encryption key to obtain a new encryption signature; transmitting, via wired communication network, to a deduplication engine of the server the new encryption signature, and a new plain signature based on an unencrypted version of the new data chunk for the server to compare the new plain signature against the plurality of plain signatures, and the new encryption signature against the plurality of encryption signatures; and when the new encryption signature does not match an encryption signature of a data chunk encrypted using the encryption key, and the new plain signature matches a plain signature of the data chunk, transmitting to the server the new data chunk encrypted using the current encryption key to replace the data chunk encrypted using the encryption key. - View Dependent Claims (12, 13, 14, 15)
-
Specification