Secure data deduplication

US 9,336,092 B1
Filed: 01/01/2015
Issued: 05/10/2016
Est. Priority Date: 01/01/2015
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

transmitting to a server for storage, a plurality of data chunks, plain signatures, and encryption signatures, each data chunk being encrypted using an encryption key and associated with a plain signature and an encryption signature, the plain signature being based on an unencrypted version of a data chunk, and the encryption signature being based on an encrypted version of the data chunk;

after the transmitting, requesting and receiving a current encryption key;

encrypting a new data chunk using the current encryption key to obtain a new encryption signature;

transmitting, by a processor of a client, via wired communication network, to a deduplication engine of the server the new encryption signature, and a new plain signature based on an unencrypted version of the new data chunk for the server to compare the new plain signature against the plurality of plain signatures, and the new encryption signature against the plurality of encryption signatures; and

when the new encryption signature does not match an encryption signature of a data chunk encrypted using the encryption key, and the new plain signature matches a plain signature of the data chunk, transmitting to the server the new data chunk encrypted using the current encryption key to replace the data chunk encrypted using the encryption key.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Data chunks encrypted using an encryption key are backed up to a server. Each chunk is associated with plain and encryption signatures. The plain signature is based on an unencrypted version of a chunk. The encryption signature is based on an encrypted version of the chunk. A new data chunk is identified and a new plain signature for the new chunk is calculated. A request is made for a current key and the new chunk is encrypted using the current key to obtain a new encryption signature. The new encryption and plain signatures are sent to the server for comparison against the existing encryption and plain signatures. If the new encryption signature does not match an encryption signature of an existing chunk and the new plain signature matches a plain signature of the existing chunk, the new chunk is transmitted to the server to replace the existing chunk.

59 Citations

View as Search Results

15 Claims

1. A method comprising:
- transmitting to a server for storage, a plurality of data chunks, plain signatures, and encryption signatures, each data chunk being encrypted using an encryption key and associated with a plain signature and an encryption signature, the plain signature being based on an unencrypted version of a data chunk, and the encryption signature being based on an encrypted version of the data chunk;
  
  after the transmitting, requesting and receiving a current encryption key;
  
  encrypting a new data chunk using the current encryption key to obtain a new encryption signature;
  
  transmitting, by a processor of a client, via wired communication network, to a deduplication engine of the server the new encryption signature, and a new plain signature based on an unencrypted version of the new data chunk for the server to compare the new plain signature against the plurality of plain signatures, and the new encryption signature against the plurality of encryption signatures; and
  
  when the new encryption signature does not match an encryption signature of a data chunk encrypted using the encryption key, and the new plain signature matches a plain signature of the data chunk, transmitting to the server the new data chunk encrypted using the current encryption key to replace the data chunk encrypted using the encryption key.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1 comprising:
    - if the new encryption signature matches the encryption signature of the data chunk encrypted using the encryption key, not transmitting to the server the new data chunk encrypted using the current encryption key.
  - 3. The method of claim 1 comprising:
    - if the new plain signature does not match the plain signature of the data chunk encrypted using the encryption key, transmitting to the server the new data chunk encrypted using the current encryption key for the server to store.
  - 4. The method of claim 1 comprising:
    - encrypting the data chunk using the encryption key to generate an encrypted data chunk; and
      
      hashing the encrypted data chunk to obtain the encryption signature.
  - 5. The method of claim 1 wherein the encrypting the new data chunk comprises:
    - encrypting the new data chunk using the current encryption key to generate an encrypted new data chunk; and
      
      hashing the encrypted new data chunk to obtain the new encryption signature.

6. A system for deduplicating, the system comprising:
- a processor-based system executed on a computer system and configured to;
  
  transmit to a server for storage a plurality of data chunks, plain signatures, and encryption signatures, each data chunk being encrypted using an encryption key and associated with a plain signature and an encryption signature, the plain signature being based on an unencrypted version of a data chunk, and the encryption signature being based on an encrypted version of the data chunk;
  
  after the transmission, request and receive a current encryption key;
  
  encrypt a new data chunk using the current encryption key to obtain a new encryption signature;
  
  transmit, via wired communication network, to a deduplication engine of the server the new encryption signature, and a new plain signature based on an unencrypted version of the new data chunk for the server to compare the new plain signature against the plurality of plain signatures, and the new encryption signature against the plurality of encryption signatures; and
  
  when the new encryption signature does not match an encryption signature of a data chunk encrypted using the encryption key, and the new plain signature matches a plain signature of the data chunk, transmit to the server the new data chunk encrypted using the current encryption key to replace the data chunk encrypted using the encryption key.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The system of claim 6 wherein the processor-based system is configured to:
    - if the new encryption signature matches the encryption signature of the data chunk encrypted using the encryption key, not transmit to the server the new data chunk encrypted using the current encryption key.
  - 8. The system of claim 6 wherein the processor-based system is configured to:
    - if the new plain signature does not match the plain signature of the data chunk encrypted using the encryption key, transmit to the server the new data chunk encrypted using the current encryption key for the server to store.
  - 9. The system of claim 6 wherein the processor-based system is configured to:
    - encrypt the data chunk using the encryption key to generate an encrypted data chunk; and
      
      hash the encrypted data chunk to obtain the encryption signature.
  - 10. The system of claim 6 wherein the processor-based system is configured to:
    - encrypt the new data chunk using the current encryption key to generate an encrypted new data chunk; and
      
      hash the encrypted new data chunk to obtain the new encryption signature.

11. A computer program product, comprising a non-transitory computer-readable medium having a computer-readable program code embodied therein, the computer-readable program code adapted to be executed by one or more processors to implement a method comprising:
- transmitting to a server for storage a plurality of data chunks, plain signatures, and encryption signatures, each data chunk being encrypted using an encryption key and associated with a plain signature and an encryption signature, the plain signature being based on an unencrypted version of a data chunk, and the encryption signature being based on an encrypted version of the data chunk;
  
  after the transmitting, requesting and receiving a current encryption key;
  
  encrypting a new data chunk using the current encryption key to obtain a new encryption signature;
  
  transmitting, via wired communication network, to a deduplication engine of the server the new encryption signature, and a new plain signature based on an unencrypted version of the new data chunk for the server to compare the new plain signature against the plurality of plain signatures, and the new encryption signature against the plurality of encryption signatures; and
  
  when the new encryption signature does not match an encryption signature of a data chunk encrypted using the encryption key, and the new plain signature matches a plain signature of the data chunk, transmitting to the server the new data chunk encrypted using the current encryption key to replace the data chunk encrypted using the encryption key.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The computer program product of claim 11 wherein the method comprises:
    - if the new encryption signature matches the encryption signature of the data chunk encrypted using the encryption key, not transmitting to the server the new data chunk encrypted using the current encryption key.
  - 13. The computer program product of claim 11 wherein the method comprises:
    - if the new plain signature does not match the plain signature of the data chunk encrypted using the encryption key, transmitting to the server the new data chunk encrypted using the current encryption key for the server to store.
  - 14. The computer program product of claim 11 wherein the method comprises:
    - encrypting the data chunk using the encryption key to generate an encrypted data chunk; and
      
      hashing the encrypted data chunk to obtain the encryption signature.
  - 15. The computer program product of claim 11 wherein the encrypting the new data chunk comprises:
    - encrypting the new data chunk using the current encryption key to generate an encrypted new data chunk; and
      
      hashing the encrypted new data chunk to obtain the new encryption signature.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
EMC Corporation (Dell Technologies Inc.)
Inventors
Li, Junxu
Primary Examiner(s)
Patel, Haresh N

Application Number

US14/588,446
Time in Patent Office

495 Days
Field of Search

713/150, 713/156, 713/168, 713/171, 713/189
US Class Current

1/1
CPC Class Codes

G06F 11/1453   using de-duplication of the...

G06F 11/1464   for networked environments

G06F 21/602   Providing cryptographic fac...

G06F 21/6209   to a single file or object,...

G06F 2201/00   Indexing scheme relating to...

Secure data deduplication

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

59 Citations

15 Claims

Specification

Use Cases

Quick Links

Others

Secure data deduplication

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

59 Citations

15 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others