EFFICIENT VOLUME ENCRYPTION

US 20120216052A1
Filed: 10/12/2011
Published: 08/23/2012
Est. Priority Date: 01/11/2011
Status: Abandoned Application

First Claim

Patent Images

1. A computer system, comprising:

a first region including a base image in the form of machine readable code stored on a non-volatile storage medium;

a second region including a machine image in the form of machine readable code stored on a non-volatile storage medium; and

a deduplicator;

wherein the second region machine image comprises a base part sufficiently similar to the base image for deduplication, and a part special to the second region machine image;

wherein the first region base image and the second region machine image are deduplicated by the deduplicator; and

wherein the second region special part is encrypted by full disk encryption using a key not available to the first region.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer system comprises a first region including a base image in the form of machine readable code stored on a non-volatile storage medium, a second region including a machine image in the form of machine readable code stored on a non-volatile storage medium, and a deduplicator. The second region machine image comprises a base part sufficiently similar to the base image for deduplication, and a part special to the second region machine image. The first region base image and the second region machine image are deduplicated by the deduplicator. The second region special part is encrypted by full disk encryption using a key not available to the first region. Methods of, and computer programs for, implementing such a system are described.

125 Citations

View as Search Results

16 Claims

1. A computer system, comprising:
- a first region including a base image in the form of machine readable code stored on a non-volatile storage medium;
  
  a second region including a machine image in the form of machine readable code stored on a non-volatile storage medium; and
  
  a deduplicator;
  
  wherein the second region machine image comprises a base part sufficiently similar to the base image for deduplication, and a part special to the second region machine image;
  
  wherein the first region base image and the second region machine image are deduplicated by the deduplicator; and
  
  wherein the second region special part is encrypted by full disk encryption using a key not available to the first region.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The computer system of claim 1, wherein the first region is a cloud and the second region is a user domain within the cloud.
  - 3. The computer system of claim 1, wherein the second region comprises a virtual machine, of which the second region machine image is a virtual disk image.
  - 4. The computer system of claim 1, wherein the second region comprises a virtual machine, of which the second region base part and the second region special part comprise separate virtual disk images.
  - 5. The computer system of claim 1, wherein the first region comprises a virtual machine, of which the first region base image is at least part of a virtual disk image.

6. A method of operating a computer system, comprising:
- providing in a first region a base image in the form of machine readable code stored on a non-volatile storage medium;
  
  permitting the base image to be copied into a second region to form a base part of a machine image in machine readable code stored on a non-volatile storage medium;
  
  permitting only a part of the second region other than the base part to be encrypted using a key not available to the first region; and
  
  deduplicating the first region base image and the second region machine image.
- View Dependent Claims (7, 8, 9, 10)
- - 7. A method according to claim 6, wherein the first region is a cloud and the second region is a user domain within the cloud, and wherein permitting the base image to be copied into the second region comprises permitting a user having control of the user domain to copy the base image into the user domain.
  - 8. A method according to claim 7, wherein permitting the user having control of the user domain to copy the base image into the user domain comprises permitting the user to create a virtual machine, of which the second region machine image is a virtual disk image.
  - 9. A method according to claim 6, wherein in the second region the base part and the other part are configured as virtual disk images, comprising encrypting and/or decrypting the other part using full disk encryption.
  - 10. A method according to claim 6, wherein the first region comprises a virtual machine, of which the first region base image is at least part of a virtual disk image, and wherein permitting the base image to be copied into the second region comprises permitting a user having control of the first region to copy said virtual machine to create another virtual machine.

11. A non-volatile computer-readable storage medium containing code operable to cause a suitable computer to:
- copy a base image from a first region into a second region to form a base part of a machine image;
  
  permit only a part of the second region other than the base part to be encrypted using a key not available to the first region; and
  
  deduplicate the first region base image and the second region machine image.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. A storage medium according to claim 11, further comprising code of a base image comprising at least an operating system for a computer.
  - 13. A storage medium according to claim 12, wherein the base image further comprises code of a disk encryptor utility configured to encrypt only said part of the second region other than the base part using a key not available to the first region.
  - 14. A storage medium according to claim 11, wherein said code operable to copy the base image into the second region comprises code operable to create a virtual machine of which the second region machine image is a virtual disk image.
  - 15. A storage medium according to claim 14, wherein said code operable to copy the base image is operable to copy at least part of a virtual disk image of a virtual machine from the first region into the second region to create another virtual machine.
  - 16. A storage medium according to claim 11, comprising code operable to configure the base part and the other part in the second region as virtual disk images, and code operable to encrypt and/or decrypt the other part using full disk encryption.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SafeNet Incorporated (Thales SA)
Original Assignee
SafeNet Incorporated (Thales SA)
Inventors
Dunn, Chris

Application Number

US13/271,868
Publication Number

US 20120216052A1
Time in Patent Office

Days
Field of Search
US Class Current

713/193
CPC Class Codes

G06F 21/78 to assure secure storage of...

EFFICIENT VOLUME ENCRYPTION

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

125 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

EFFICIENT VOLUME ENCRYPTION

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

125 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links