×

Distributed data set encryption and decryption

  • US 9,946,718 B2
  • Filed: 09/01/2017
  • Issued: 04/17/2018
  • Est. Priority Date: 07/27/2015
  • Status: Active Grant
First Claim
Patent Images

1. An apparatus comprising a processor component and a storage to store instructions that, when executed by the processor component, cause the processor component to perform operations comprising:

  • generate, by the processor component, multiple map entries in map data that is descriptive of an arrangement of multiple encrypted data blocks of a data set within a data file to be maintained by one or more storage devices, wherein;

    each map entry of the multiple map entries is to correspond to an encrypted data block of the multiple encrypted data blocks, and is to include an indication of a data block size of the corresponding encrypted data block; and

    each map entry is to include data block encryption data that is separately generated and used to encrypt a portion of the data set to generate the corresponding encrypted data block;

    divide, by the processor component, the map data into a map base and multiple map extensions in response to completion of generation of the multiple map entries in the map data, wherein;

    the multiple map extensions comprises at least a first map extension and a second map extension;

    the first map extension comprises a first subset of the multiple map entries that corresponds to a first subset of the multiple encrypted data blocks, and the first map extension is to be encrypted to generate a first encrypted map extension;

    the second map extension comprises a second subset of the multiple map entries that corresponds to a second subset of the multiple encrypted data blocks, and the second map extension is to be encrypted to generate a second encrypted map extension;

    the map base comprises multiple extension pointers; and

    the multiple extension pointers comprises at least a first extension pointer that points to a first location within the data file at which the first encrypted map extension is to be stored, and a second extension pointer that points to a second location within the data file at which the second encrypted map extension is to be stored;

    use, by the processor component, first map block encryption data to encrypt the first map extension to generate the first encrypted map extension;

    transmit the first encrypted map extension to the one or more storage devices to be stored at the first location within the data file;

    store the first map block encryption data within the second map extension;

    use, by the processor component, second map block encryption data to encrypt the second map extension to generate the second encrypted map extension after storage of the first map block encryption data within the second map block;

    transmit the second encrypted map extension to the one or more storage devices to be stored at the second location within the data file;

    store the second map block encryption data within the map base;

    use, by the processor component, third map block encryption data to encrypt the map base to generate an encrypted map base after storage of the second map block encryption data within the map base; and

    transmit the encrypted map base to the one or more storage devices to be stored at a third location within the data file.

View all claims
  • 0 Assignments
Timeline View
Assignment View
    ×
    ×