System and method for combining deduplication and encryption of data

US 9,086,819 B2
Filed: 07/25/2012
Issued: 07/21/2015
Est. Priority Date: 07/25/2012
Status: Active Grant

First Claim

Patent Images

1. A method for performing deduplication and encryption on data, said method comprising:

grouping at least a plurality of user equipment to at least one deduplication group by a controller module;

assigning deduplication parameters to the at least one group by said controller module;

assigning at least one encryption method and one encryption key to each of said user equipment by said controller module, wherein the at least one encryption method assigned to each of said user equipment is configured to be at least one of unique for each group and unique for certain groups in a network, wherein the encryption key assigned to each of said user equipment is at least one of a user key, a group key, a group key of said at least one group, and a combination of at least said user key, said group key, and said group key of said at least one group;

creating at least a block of data from said data to be deduplicated and encrypted;

computing at least unique signatures of said block of data by using at least an output of a signature computation function, wherein said output is used to verify at least authenticity of said block of data;

deduplicating at least said block of data by a deduplication and encryption module, wherein said deduplication parameters assigned to each of the at least one group are configured to be either one of different and the same;

performing deduplication on said block of data by using at least rolling checksum based block computation; and

encrypting said deduplicated data by said deduplication and encryption module, wherein said at least one encryption method and encryption key assigned to each of said user equipment are chosen based on the deduplication parameters of at least one of said at least one group.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The embodiments herein relate to data management and, more particularly, to global deduplication and encryption of data in data management systems. The user equipments (UE) are grouped under certain deduplication groups based on certain parameters such as rate of data exchange, frequency of data exchange, social closeness, work closeness, similarity of data and interests and so on, between those UEs. Further, specific deduplication and encryption parameters such as encryption method, encryption key, signature computation method, block computation method and so on are assigned to each group. Further, deduplication and encryption of data in each group is performed using the deduplication and encryption modes and parameters assigned to each group. The deduplication and encryption of data is performed in at least one of the UEs and/or a server. Further, the parameters used for deduplication and encryption are stored in specific databases and are encrypted for better security.

26 Citations

View as Search Results

18 Claims

1. A method for performing deduplication and encryption on data, said method comprising:
- grouping at least a plurality of user equipment to at least one deduplication group by a controller module;
  
  assigning deduplication parameters to the at least one group by said controller module;
  
  assigning at least one encryption method and one encryption key to each of said user equipment by said controller module, wherein the at least one encryption method assigned to each of said user equipment is configured to be at least one of unique for each group and unique for certain groups in a network, wherein the encryption key assigned to each of said user equipment is at least one of a user key, a group key, a group key of said at least one group, and a combination of at least said user key, said group key, and said group key of said at least one group;
  
  creating at least a block of data from said data to be deduplicated and encrypted;
  
  computing at least unique signatures of said block of data by using at least an output of a signature computation function, wherein said output is used to verify at least authenticity of said block of data;
  
  deduplicating at least said block of data by a deduplication and encryption module, wherein said deduplication parameters assigned to each of the at least one group are configured to be either one of different and the same;
  
  performing deduplication on said block of data by using at least rolling checksum based block computation; and
  
  encrypting said deduplicated data by said deduplication and encryption module, wherein said at least one encryption method and encryption key assigned to each of said user equipment are chosen based on the deduplication parameters of at least one of said at least one group.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method as in claim 1, wherein said controller module and said deduplication and encryption module comprise at least one of a server and said user equipment.
  - 3. The method as in claim 1, wherein said grouping of user equipment to said deduplication group is done statically by said deduplication and encryption module.
  - 4. The method as in claim 1, wherein said grouping of user equipment to said deduplication groups is done dynamically by said deduplication and encryption module.
  - 5. The method as in claim 1, wherein said deduplication of said block comprises of deduplicating various sized blocks.
  - 6. The method as in claim 1, wherein said deduplication of said data block further comprises:
    - fetching a signature of said data block by said deduplication and encryption module;
      
      comparing said signature with a database of signatures by said deduplication and encryption module; and
      
      adding at least one of a reference and said data to said database of signatures based on said comparison by said deduplication and encryption module.
  - 7. The method as in claim 6, wherein said reference is added to said database of signatures on said signature being present in said database of signatures by said deduplication and encryption module.
  - 8. The method as in claim 6, wherein said data is added to said database of signatures on said signature being absent in said database of signatures by said deduplication and encryption module.
  - 9. The method as in claim 1, wherein said encrypting further comprises:
    - identifying at least one of said at least one encryption method assigned to said user equipment by said deduplication and encryption module; and
      
      encrypting said block of data using said identified encryption method kcy by said deduplication and encryption module.
  - 10. The method as in claim 9, wherein said block of data is encrypted using at least one of an encryption key or a combination of plurality of encryption keys.
  - 11. The method as in claim 1, wherein said grouping of user equipment and said assignment of deduplication parameters are based on at least obtained parameters, and wherein said obtained parameters are obtained by monitoring at least one of:
    - a flow of data and a frequency of data between said user equipment;
      
      input from a user; and
      
      referring to a group directory system.

12. A system for performing deduplication and encryption on a data, said system comprising:
- a hardware processor; and
  
  a memory for storing computer executable instructions that when executed by the hardware processor, cause the hardware processor to perform at least;
  
  grouping at least a plurality of user equipment to at least one deduplication group by a controller module;
  
  assigning deduplication parameters to the at least one group by said controller module;
  
  assigning at least one encryption method and one encryption key to each of said user equipment by said controller module, wherein the at least one encryption method assigned to each of said user equipment is configured to be at least one of unique for each group and unique for certain groups in a network, wherein the encryption key assigned to each of said user equipment is at least one of a user key, a group key, a group key of said at least one group, and a combination of at least said user key, said group key, and said group key of said at least one group;
  
  creating, by said processor, at least a block of data from said data to be deduplicated and encrypted;
  
  computing, by said processor at least unique signatures of said block of data by using at least an output of a signature computation function, wherein said output is used to verify at least authenticity of said block of data;
  
  deduplicating at least said block of data by a deduplication and encryption module, wherein said deduplication parameters assigned to each of the at least one group are configured to be either one of different and the same;
  
  performing deduplication on said block of data by using at least rolling checksum based block computation; and
  
  encrypting said deduplicated data by said deduplication and encryption module, wherein said at least one encryption method and encryption key assigned to each of said user equipment are chosen based on the deduplication parameters of at least one of said at least one group.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The system as in claim 12, wherein said system is further configured to deduplicate various sized blocks.
  - 14. The system as in claim 12, wherein said system is further configured to deduplicate said data block by:
    - fetching a signature of said data block using said deduplication and encryption module;
      
      comparing said signature with a database of signatures using said deduplication and encryption module; and
      
      adding at least one of a reference and said data to said database of signatures based on said comparison using deduplication and encryption module.
  - 15. The system as in claim 14, wherein said deduplication and encryption module is configured to add said reference to said database of signature on said signature being present in said database of signatures.
  - 16. The system as in claim 14, wherein said deduplication and encryption module is configured to add said data to said database of signatures on said signature being absent in said database of signatures.
  - 17. The system as in claim 12, wherein said system is further configured to encrypt said deduplicated data by:
    - identifying at least one of said at least one encryption parameters encryption method assigned to said user equipment, by said deduplication and encryption module; and
      
      encrypting said data block using said identified encryption parameters encryption method, by said deduplication and encryption module.
  - 18. The system as in claim 17, wherein said system is further configured to encrypt said data block using at least one of an encryption key and a combination of plurality of encryption keys.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Vaultize Technologies Private Limited
Original Assignee
Anoosmar Technologies Private Limited
Inventors
Panchbudhe, Ankur, Kekre, Anand A.
Primary Examiner(s)
Najjar, Saleh
Assistant Examiner(s)
Shepperd, Eric W

Application Number

US13/557,981
Publication Number

US 20140032925A1
Time in Patent Office

1,091 Days
Field of Search

713/189
US Class Current

1/1
CPC Class Codes

G06F 16/1748   De-duplication implemented ...

G06F 21/602   Providing cryptographic fac...

G06F 2221/2107   File encryption

G06F 3/0608   Saving storage space on sto...

G06F 3/0623   in relation to content

G06F 3/0641   De-duplication techniques

G06F 3/067   Distributed or networked st...

H04L 63/0428   wherein the data content is...

System and method for combining deduplication and encryption of data

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

26 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for combining deduplication and encryption of data

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links