EFFICIENT VOLUME ENCRYPTION
First Claim
1. A computer system, comprising:
- a first region including a base image in the form of machine readable code stored on a non-volatile storage medium;
a second region including a machine image in the form of machine readable code stored on a non-volatile storage medium; and
a deduplicator;
wherein the second region machine image comprises a base part sufficiently similar to the base image for deduplication, and a part special to the second region machine image;
wherein the first region base image and the second region machine image are deduplicated by the deduplicator; and
wherein the second region special part is encrypted by full disk encryption using a key not available to the first region.
5 Assignments
0 Petitions
Accused Products
Abstract
A computer system comprises a first region including a base image in the form of machine readable code stored on a non-volatile storage medium, a second region including a machine image in the form of machine readable code stored on a non-volatile storage medium, and a deduplicator. The second region machine image comprises a base part sufficiently similar to the base image for deduplication, and a part special to the second region machine image. The first region base image and the second region machine image are deduplicated by the deduplicator. The second region special part is encrypted by full disk encryption using a key not available to the first region. Methods of, and computer programs for, implementing such a system are described.
125 Citations
16 Claims
-
1. A computer system, comprising:
-
a first region including a base image in the form of machine readable code stored on a non-volatile storage medium; a second region including a machine image in the form of machine readable code stored on a non-volatile storage medium; and a deduplicator; wherein the second region machine image comprises a base part sufficiently similar to the base image for deduplication, and a part special to the second region machine image; wherein the first region base image and the second region machine image are deduplicated by the deduplicator; and wherein the second region special part is encrypted by full disk encryption using a key not available to the first region. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method of operating a computer system, comprising:
-
providing in a first region a base image in the form of machine readable code stored on a non-volatile storage medium; permitting the base image to be copied into a second region to form a base part of a machine image in machine readable code stored on a non-volatile storage medium; permitting only a part of the second region other than the base part to be encrypted using a key not available to the first region; and deduplicating the first region base image and the second region machine image. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A non-volatile computer-readable storage medium containing code operable to cause a suitable computer to:
-
copy a base image from a first region into a second region to form a base part of a machine image; permit only a part of the second region other than the base part to be encrypted using a key not available to the first region; and deduplicate the first region base image and the second region machine image. - View Dependent Claims (12, 13, 14, 15, 16)
-
Specification