Distributed data set encryption and decryption
First Claim
1. An apparatus comprising a processor component and a storage to store instructions that, when executed by the processor component, cause the processor component to perform operations comprising:
- generate, by the processor component, multiple map entries in map data that is descriptive of an arrangement of multiple encrypted data blocks of a data set within a data file to be maintained by one or more storage devices, wherein;
each map entry of the multiple map entries is to correspond to an encrypted data block of the multiple encrypted data blocks, and is to include an indication of a data block size of the corresponding encrypted data block; and
each map entry is to include data block encryption data that is separately generated and used to encrypt a portion of the data set to generate the corresponding encrypted data block;
divide, by the processor component, the map data into a map base and multiple map extensions in response to completion of generation of the multiple map entries in the map data, wherein;
the multiple map extensions comprises at least a first map extension and a second map extension;
the first map extension comprises a first subset of the multiple map entries that corresponds to a first subset of the multiple encrypted data blocks, and the first map extension is to be encrypted to generate a first encrypted map extension;
the second map extension comprises a second subset of the multiple map entries that corresponds to a second subset of the multiple encrypted data blocks, and the second map extension is to be encrypted to generate a second encrypted map extension;
the map base comprises multiple extension pointers; and
the multiple extension pointers comprises at least a first extension pointer that points to a first location within the data file at which the first encrypted map extension is to be stored, and a second extension pointer that points to a second location within the data file at which the second encrypted map extension is to be stored;
use, by the processor component, first map block encryption data to encrypt the first map extension to generate the first encrypted map extension;
transmit the first encrypted map extension to the one or more storage devices to be stored at the first location within the data file;
store the first map block encryption data within the second map extension;
use, by the processor component, second map block encryption data to encrypt the second map extension to generate the second encrypted map extension after storage of the first map block encryption data within the second map block;
transmit the second encrypted map extension to the one or more storage devices to be stored at the second location within the data file;
store the second map block encryption data within the map base;
use, by the processor component, third map block encryption data to encrypt the map base to generate an encrypted map base after storage of the second map block encryption data within the map base; and
transmit the encrypted map base to the one or more storage devices to be stored at a third location within the data file.
0 Assignments
0 Petitions
Accused Products
Abstract
An apparatus may include a processor component caused to: generate map entries in map data descriptive of encrypted data blocks within a data file; use first map block encryption data to encrypt a first map extension of the map data; transmit the encrypted first map extension for storage within the data file; store the first map block encryption data within the second map extension; use second map block encryption data to encrypt a second map extension of the map data after storage of the first map block encryption data therein; transmit encrypted second map extension for storage within the data file; store the second map block encryption data within the map base; use third map block encryption data to encrypt a map base of the map data after storage of the second map block encryption data therein; and transmit the encrypted map base for storage within the data file.
-
Citations
30 Claims
-
1. An apparatus comprising a processor component and a storage to store instructions that, when executed by the processor component, cause the processor component to perform operations comprising:
-
generate, by the processor component, multiple map entries in map data that is descriptive of an arrangement of multiple encrypted data blocks of a data set within a data file to be maintained by one or more storage devices, wherein; each map entry of the multiple map entries is to correspond to an encrypted data block of the multiple encrypted data blocks, and is to include an indication of a data block size of the corresponding encrypted data block; and each map entry is to include data block encryption data that is separately generated and used to encrypt a portion of the data set to generate the corresponding encrypted data block; divide, by the processor component, the map data into a map base and multiple map extensions in response to completion of generation of the multiple map entries in the map data, wherein; the multiple map extensions comprises at least a first map extension and a second map extension; the first map extension comprises a first subset of the multiple map entries that corresponds to a first subset of the multiple encrypted data blocks, and the first map extension is to be encrypted to generate a first encrypted map extension; the second map extension comprises a second subset of the multiple map entries that corresponds to a second subset of the multiple encrypted data blocks, and the second map extension is to be encrypted to generate a second encrypted map extension; the map base comprises multiple extension pointers; and the multiple extension pointers comprises at least a first extension pointer that points to a first location within the data file at which the first encrypted map extension is to be stored, and a second extension pointer that points to a second location within the data file at which the second encrypted map extension is to be stored; use, by the processor component, first map block encryption data to encrypt the first map extension to generate the first encrypted map extension; transmit the first encrypted map extension to the one or more storage devices to be stored at the first location within the data file; store the first map block encryption data within the second map extension; use, by the processor component, second map block encryption data to encrypt the second map extension to generate the second encrypted map extension after storage of the first map block encryption data within the second map block; transmit the second encrypted map extension to the one or more storage devices to be stored at the second location within the data file; store the second map block encryption data within the map base; use, by the processor component, third map block encryption data to encrypt the map base to generate an encrypted map base after storage of the second map block encryption data within the map base; and transmit the encrypted map base to the one or more storage devices to be stored at a third location within the data file. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer-program product tangibly embodied in a non-transitory machine-readable storage medium, the computer-program product including instructions operable to cause a processor component to perform operations comprising:
-
generate, by the processor component, multiple map entries in map data that is descriptive of an arrangement of multiple encrypted data blocks of a data set within a data file to be maintained by one or more storage devices, wherein; each map entry of the multiple map entries is to correspond to an encrypted data block of the multiple encrypted data blocks, and is to include an indication of a data block size of the corresponding encrypted data block; and each map entry is to include data block encryption data that is separately generated and used to encrypt a portion of the data set to generate the corresponding encrypted data block; divide, by the processor component, the map data into a map base and multiple map extensions in response to completion of generation of the multiple map entries in the map data, wherein; the multiple map extensions comprises at least a first map extension and a second map extension; the first map extension comprises a first subset of the multiple map entries that corresponds to a first subset of the multiple encrypted data blocks, and the first map extension is to be encrypted to generate a first encrypted map extension; the second map extension comprises a second subset of the multiple map entries that corresponds to a second subset of the multiple encrypted data blocks, and the second map extension is to be encrypted to generate a second encrypted map extension; the map base comprises multiple extension pointers; and the multiple extension pointers comprises at least a first extension pointer that points to a first location within the data file at which the first encrypted map extension is to be stored, and a second extension pointer that points to a second location within the data file at which the second encrypted map extension is to be stored; use, by the processor component, first map block encryption data to encrypt the first map extension to generate the first encrypted map extension; transmit the first encrypted map extension to the one or more storage devices to be stored at the first location within the data file; store the first map block encryption data within the second map extension; use, by the processor component, second map block encryption data to encrypt the second map extension to generate the second encrypted map extension after storage of the first map block encryption data within the second map block; transmit the second encrypted map extension to the one or more storage devices to be stored at the second location within the data file; store the second map block encryption data within the map base; use, by the processor component, third map block encryption data to encrypt the map base to generate an encrypted map base after storage of the second map block encryption data within the map base; and transmit the encrypted map base to the one or more storage devices to be stored at a third location within the data file. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A computer-implemented method comprising:
-
generating, by a processor component, multiple map entries in map data that is descriptive of an arrangement of multiple encrypted data blocks of a data set within a data file to be maintained by one or more storage devices, wherein; each map entry of the multiple map entries is to correspond to an encrypted data block of the multiple encrypted data blocks, and is to include an indication of a data block size of the corresponding encrypted data block; and each map entry is to include data block encryption data that is separately generated and used to encrypt a portion of the data set to generate the corresponding encrypted data block; dividing, by the processor component, the map data into a map base and multiple map extensions in response to completing generation of the multiple map entries in the map data, wherein; the multiple map extensions comprises at least a first map extension and a second map extension; the first map extension comprises a first subset of the multiple map entries that corresponds to a first subset of the multiple encrypted data blocks, and the first map extension is to be encrypted to generate a first encrypted map extension; the second map extension comprises a second subset of the multiple map entries that corresponds to a second subset of the multiple encrypted data blocks, and the second map extension is to be encrypted to generate a second encrypted map extension; the map base comprises multiple extension pointers; and the multiple extension pointers comprises at least a first extension pointer that points to a first location within the data file at which the first encrypted map extension is to be stored, and a second extension pointer that points to a second location within the data file at which the second encrypted map extension is to be stored; using, by the processor component, first map block encryption data to encrypt the first map extension to generate the first encrypted map extension; transmitting the first encrypted map extension to the one or more storage devices to be stored at the first location within the data file; storing the first map block encryption data within the second map extension; using, by the processor component, second map block encryption data to encrypt the second map extension to generate the second encrypted map extension after storage of the first map block encryption data within the second map block; transmitting the second encrypted map extension to the one or more storage devices to be stored at the second location within the data file; storing the second map block encryption data within the map base; using, by the processor component, third map block encryption data to encrypt the map base to generate an encrypted map base after storage of the second map block encryption data within the map base; and transmitting the encrypted map base to the one or more storage devices to be stored at a third location within the data file. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
-
Specification