Secure data replication in a storage grid

US 9,811,677 B2
Filed: 07/03/2014
Issued: 11/07/2017
Est. Priority Date: 07/03/2014
Status: Active Grant

First Claim

Patent Images

1. A method for secure data replication in a storage grid, comprising:

producing a storage key from a key share of each of at least two storage clusters from a storage grid of at least three storage clusters;

producing a grid key from the storage key and an external secret;

producing once encrypted data from the grid key and data received for storage in the storage grid;

producing twice encrypted data, at a first one of the at least three storage clusters, from the storage key and the once encrypted data;

storing the twice encrypted data in the first one of the at least three storage clusters;

sending the once encrypted data to a second one of the at least three storage clusters;

producing a replicated version of the twice encrypted data, at the second one of the at least three storage clusters, from the once encrypted data as received at the second one of the at least three storage clusters; and

storing the replicated version of the twice encrypted data in the second one of the at least three storage clusters.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for securing data in a storage grid is provided. The method includes generating a storage key from key shares of at least two storage clusters of a storage grid having at least three storage clusters and generating a grid key from the storage key and an external secret. The method includes encrypting data with the grid key to yield once encrypted data and encrypting the once encrypted data with the storage key to yield twice encrypted data. The method includes storing the twice encrypted data in a first storage cluster of the storage grid and storing the twice encrypted data in a second storage cluster of the storage grid, wherein at least one method operation is performed by a processor.

Citations

7 Claims

1. A method for secure data replication in a storage grid, comprising:
- producing a storage key from a key share of each of at least two storage clusters from a storage grid of at least three storage clusters;
  
  producing a grid key from the storage key and an external secret;
  
  producing once encrypted data from the grid key and data received for storage in the storage grid;
  
  producing twice encrypted data, at a first one of the at least three storage clusters, from the storage key and the once encrypted data;
  
  storing the twice encrypted data in the first one of the at least three storage clusters;
  
  sending the once encrypted data to a second one of the at least three storage clusters;
  
  producing a replicated version of the twice encrypted data, at the second one of the at least three storage clusters, from the once encrypted data as received at the second one of the at least three storage clusters; and
  
  storing the replicated version of the twice encrypted data in the second one of the at least three storage clusters.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein:
    - storing the twice encrypted data in the first one of the at least three storage clusters comprises;
      
      storing the twice encrypted data in a first solid-state memory having flash; and
      
      storing the replicated version of the twice encrypted data in the second one of the at least three storage clusters comprises;
      
      storing the replicated version of the twice encrypted data in a second solid-state memory having flash.
  - 3. The method of claim 1, further comprising:
    - performing data reduction via one of pattern removal, compression, or deduplication, prior to producing the once encrypted data.
  - 4. The method of claim 1, further comprising:
    - acknowledging a data write, responsive to a commitment of the first one of the at least three storage clusters to store the twice encrypted data and a commitment of the second one of the at least three storage clusters to store the replicated version of the twice encrypted data.
  - 5. The method of claim 1, further comprising:
    - providing the external secret from a smart card to at least one of the at least three storage clusters.
  - 6. The method of claim 1, further wherein the replicated version of the twice encrypted data at the second one of the at least three storage clusters is produced from the once encrypted data as received at the second one of the at least three storage clusters and one of the storage key or a further produced storage key.
  - 7. The method of claim 1, further comprising:
    - producing once decrypted data from one of the storage key or a regenerated storage key, andthe replicated version of the twice encrypted data in the second one of the at least three storage clusters;
      
      sending the once decrypted data to one of the first one of the at least three storage clusters, or a third one of the at least three storage clusters; and
      
      producing twice decrypted data from one of the grid key or a regenerated grid key, and the once decrypted data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Pure Storage, Inc.
Original Assignee
Pure Storage, Inc.
Inventors
Hayes, John, Botes, Par, Miller, Ethan
Primary Examiner(s)
Tran, Tri

Application Number

US14/323,772
Publication Number

US 20160004877A1
Time in Patent Office

1,223 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 21/6218   to a system of files or obj...

G06F 21/6227   where protection concerns t...

G06F 21/78   to assure secure storage of...

H04L 9/0861   Generation of secret inform...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/14   using a plurality of keys o...

Secure data replication in a storage grid

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

7 Claims

Specification

Solutions

Use Cases

Quick Links

Secure data replication in a storage grid

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

7 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links