US20160321133A1 - Verifying accurate storage in a data storage system - Google Patents
Verifying accurate storage in a data storage systemDownload PDFInfo
- Publication number
- US20160321133A1 US20160321133A1US14/874,198US201514874198AUS2016321133A1US 20160321133 A1US20160321133 A1US 20160321133A1US 201514874198 AUS201514874198 AUS 201514874198AUS 2016321133 A1US2016321133 A1US 2016321133A1
- Authority
- US
- United States
- Prior art keywords
- data file
- post
- checksum
- request
- storage system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/08—Error detection or correction by redundancy in data representation, e.g. by using checking codes
- G06F11/10—Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's
- G06F11/1004—Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's to protect a block of data words, e.g. CRC or checksum
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0602—Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
- G06F3/0614—Improving the reliability of storage systems
- G06F3/0619—Improving the reliability of storage systems in relation to data integrity, e.g. data losses, bit errors
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0628—Interfaces specially adapted for storage systems making use of a particular technique
- G06F3/0638—Organizing or formatting or addressing of data
- G06F3/064—Management of blocks
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0628—Interfaces specially adapted for storage systems making use of a particular technique
- G06F3/0646—Horizontal data movement in storage systems, i.e. moving data in between storage devices or systems
- G06F3/065—Replication mechanisms
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0668—Interfaces specially adapted for storage systems adopting a particular infrastructure
- G06F3/0671—In-line storage system
- G06F3/0683—Plurality of storage devices
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
- H04L63/064—Hierarchical key distribution, e.g. by multi-tier trusted parties
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/062—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying encryption of the keys
Definitions
- Computer systemsare currently in wide use. Some computer systems use remotely located services to accomplish a variety of different things.
- the remotely located servicesfor instance, can provide remote data storage for a client.
- a cloud service provider that provides such a servicegenerally stores customer data remotely from the premises of the customer and provides one or more services relative to the data. Examples of such cloud services include remote file storage and sharing, electronic mail, hosted applications, etc.
- a post-encryption checksumis generated for a file to be stored on a remote storage location. It can be generated before sending the encrypted file to the remote storage system.
- a post-write checksumcan be received from the remote storage system. The post-write checksum is generated after the encrypted file is written there. A comparison of the two checksums indicates whether the file has been correctly written to the remote storage system.
- FIG. 1is a block diagram of one example of a data storage architecture.
- FIGS. 2A and 2B(collectively referred to herein as FIG. 2 ) show a flow diagram illustrating one example of the operation of the architecture shown in FIG. 1 in storing data.
- FIG. 3is a flow diagram illustrating one example of the operation of a third party storage system in storing data.
- FIG. 4is a flow diagram illustrating one example of the operation of a local computing system in receiving and decrypting data.
- FIG. 5Ais a more detailed block diagram of one example of a deleted file processing system.
- FIG. 5Bis a flow diagram illustrating one example of the operation of the architecture shown in FIG. 1 in processing a file to be deleted.
- FIG. 6is a block diagram of one example of the architecture shown in FIG. 1 , deployed in a cloud computing architecture.
- FIGS. 7-9show examples of mobile devices that can be used in any of the architectures of the previous figures.
- FIG. 10is a block diagram of one example of a computing environment that can be used in any of the architectures shown in the previous figures.
- FIG. 1is a block diagram of one example of a data storage architecture 100 .
- Architecture 100illustratively includes one or more clients 102 that interact with local computing system 104 . They can interact with systems 104 in order to store information on a remote third party blob storage system 106 and on one or more backup storage systems 108 .
- backup storage system 108can be a remote third party blob storage system similar to that shown at 106 , or it can be different.
- FIG. 1also shows that, in one example, architecture 100 includes a key provider system 110 and a master key storage system 112 .
- Systems 104 , 106 , 108 , 110 , and 112illustratively communicate with one another over a network 114 .
- client 102can provide a data stream (e.g., a file) 116 to local computing system 104 which prepares it for storage on system 106 , and provides it to system 106 for storage.
- Local computing system 104also validates that the file 116 has been accurately written to system 106 (and it may also verify that it has been accurately stored on backup system 108 ) and then provides a commit response 118 to client 102 indicating that the write has been successful. In doing so, it can use key provider system 110 and master key storage system 112 , among other things.
- local computing system 104illustratively includes a set of processors or servers 120 , and a local application data store 122 that stores applications 124 , a set of encrypted unique key per blob (UKPB) keys 126 and it can store other items 128 .
- System 104also illustratively includes shredding component 130 , per blob encryption/decryption system 132 , checksum generator system 133 , comparison system 134 , key encryption/decryption system 136 , communication component 137 , and it can include a variety of other items 138 .
- remote third party blob storage system 106illustratively includes one or more data stores 140 - 141 that store a set of encrypted blobs 142 - 144 , and that can include other items 146 as well.
- System 106also illustratively includes a checksum generator component 148 , one or more processors and servers 150 , deleted file processing system 152 , and it can include other items 154 .
- FIG. 1also shows that, in one example, key provider system 110 includes key ring management system 156 , key generator component 158 , one or more processors or servers 160 , and it can include other items 162 .
- Master key storage system 112illustratively includes one or more data stores 164 that store a set of master keys 166 - 168 , and that can store other items 170 .
- System 112also includes one or more processors or servers 172 , master key rotation system 174 , and it can include other items 176 .
- shredding component 130illustratively splits the file into a plurality of different blobs. It will be noted that, while shredding splits the file on a letter or word basis, the present discussion also includes chunking which splits the file on a paragraph basis. Both types of splitting, or others, can be used as well.
- Per blob encryption/decryption system 132obtains an encryption key from key generator component 158 in key provider system 110 and encrypts each blob with its own encryption key.
- the key provider system 110can be a standalone service or endpoint, or arranged in another way.
- Checksum generator system 133generates a checksum for the pre-encrypted value of the blob and for the post-encryption value of the blob.
- the checksumis a message digest (MD) 5 checksum although others can be used as well.
- System 104then sends the encrypted blob to system 106 for storage.
- System 106writes the encrypted blob to one of data stores 140 - 141 .
- the different blobs for a fileare illustratively stored across different data stores 140 - 141 and even across different systems 106 - 108 .
- Checksum generator component 148generates a post-write checksum for the encrypted blob, after it is written on a data store 140 - 141 , and provides that checksum back to local computing system 104 .
- Checksum comparison system 134compares the post-encryption checksum generated by system 133 and the post-write checksum generated by component 148 to ensure that they are the same. If they are, system 104 can provide commit 118 back to client 102 . In one example, system 104 can perform the same operations with respect to backup storage system 108 to ensure that the encrypted blob is also accurately written to backup storage system 108 , before it provides commit 118 to client 102 .
- a checksum of the initial non-encrypted filecan be generated and then after it is written into the remote storage system, computing system 104 can go through the entire retrieval and decryption process and validate that the resulting file was the same as the initial file before considering the commit to be complete. This may take more time and network resources to accomplish, but may be more precise.
- Key encryption/decryption system 136also illustratively obtains a master key from key provider system 110 and encrypts the UKPB key used to encrypt the blobs sent to system 106 for storage.
- the encrypted UKPB keys 126are then stored on local application data store 122 .
- the master keysare then deleted from system 104 , but are provided to master key storage system 112 for storage.
- systems 104 , 106 , 108 and 112are all in separate physical and geographic locations. Also, in one example, the rights to different information are separated. For example, system 104 is unable to enumerate files that are stored in system 106 . Thus, if access to systems 112 and 106 were obtained maliciously, this only means that specific parts of specific files that are already known can be obtained. A scan for other files cannot be done. Also having control of system 104 only means that what one already knows about is what could be retrieved. Each local computing system component has its own set of keys with the locations they map to. They are not aware of each other's data.
- a surreptitious userFor a surreptitious user to obtain an unencrypted copy of any files 116 that are stored on storage system 106 , that user must have access not only to the encrypted UKPB keys 126 on system 104 , but the user must also have access to the master keys on master key storage system 112 , and to the encrypted blob itself, which is stored on storage system 106 .
- the surreptitious usermust have access to three disparate systems, and a knowledge of how to use the master key, encrypted UKPB keys and encrypted blob, in order to gain access to an unencrypted form of the data.
- Deleted file processing system 152can also process files where a request has been received in order to delete those files.
- Architecture 100also ensures that, after a desired amount of time, deleted filters are no longer recoverable. This involves using the key ring management system 156 to obtain a key that will expire within a predefined amount of time, and this is described in greater detail below with respect to FIG. 5 .
- FIGS. 2A and 2B(collectively referred to herein as FIG. 2 ) illustrate a flow diagram showing one example of the operation of architecture 100 in encrypting and storing data at remote third party blob storage system 106 .
- Communication component 137 in local computing system 104first detects that data is to be stored on storage system 106 . This is indicated by block 190 in FIG. 2 .
- Component 137can detect an input from a client 102 , as indicated by block 192 .
- the datacan be a data stream 194 , a received file 196 , or other data 198 , and a request to store it on remote third party system 106 .
- System 104then prepares the data for storage on system 106 .
- the preparationis performed on-the-fly, as indicated by block 202 .
- shredding component 130illustratively divides the received file 116 into blobs of data, as it is received. Again, this can include a variety of kinds of splitting, such as chunking or shredding or other splitting.
- Thisis indicated by block 204 . It can perform other preparation operations as well, as indicated by block 206 .
- Checksum generator system 133then generates a pre-encryption checksum for each blob, as it is being processed. This is indicated by block 208 , and it can be used when decrypting to validate a file, but is not used to validate the transfer of the file into systems 106 or 108 .
- encryption/decryption system 132obtains a UKPB key from key generator component 158 in key provider system 110 . This is indicated by block 210 in FIG. 2 . Again, system 110 need not be a standalone service or endpoint.
- System 132then encrypts each blob with a corresponding UKPB key. This is indicated by block 212 in FIG. 2 .
- Checksum generator system 133then generates a first post-encryption checksum for each blob. This is indicated by block 214 .
- Communication component 137then sends each encrypted blob to the remote third party blob storage system 106 . This is indicated by block 216 . It will be noted that it can also send the encrypted blob to a redundant or backup storage system 108 . This is indicated by block 218 . It can provide the data to other locations as well, as indicated by block 220 .
- Remote third party blob storage system 106then receives the encrypted blob, writes it to data store 140 and generates a post-write checksum for it.
- the operation of system 106is described in greater detail below with respect to FIG. 3 .
- Checksum comparison system 134then receives the post-write checksum that is calculated by checksum generator component 148 on the third party blob storage system 106 . This is indicated by block 222 in FIG. 2 . It can also receive any other checksums that are generated by any other backup storage systems 108 . This is indicated by block 224 . It can receive other values generated from other systems as well, as indicated by block 226 .
- Comparison system 134compares the post-encryption checksum generated by checksum generator system 133 on local computing system 104 against the post-write checksum generated by component 148 on storage system 106 , after the encrypted blob has been written to data store 140 . This is indicated by block 228 in FIG. 2 . It can also compare the checksum generated by local computing system 104 against other post-write checksums generated by other backup storage systems 108 . This is indicated by block 230 . It can compare the values to other items as well, and this is indicated by block 232 .
- checksumsare not the same, this means that the write operation to write the encrypted blob to a data store 140 - 141 or to system 108 , has failed. Determining whether the checksums are the same is indicated by block 234 in FIG. 2 .
- System 104determines whether any retries are to be attempted, as indicated by block 236 . If not, client 102 is notified that the write failed, as indicated by block 238 . In another example, before notifying the client of a write failure, the system can fall back to writing the file into a local cache and retry the whole process later on a timer interval until it succeeds.
- the client 102is notified if both the commits to systems 106 and 108 and the commit to the local cache all failed. However, if, at block 236 , the system is to retry writing the blob to storage system 106 , then processing reverts to block 216 where the encrypted blob is again sent to the remote third party blob storage system 106 .
- checksum comparison system 134determines that the post-encryption checksum generated on local computing system 104 is the same as the post-write checksum generated by component 148 in third party storage system 106 , then it can send commit 118 to client 102 indicating that the write has been successful. This is indicated by block 240 in FIG. 2 . Also, system 104 can wait to send the commit 118 until both the post-write checksum generated by third party storage system 106 and the post-write checksum generated by backup storage system 108 are compared and found to be the same as the post-encryption checksum generated by system 104 . All of these architectures are contemplated herein.
- key encryption/decryption system 136obtains a master key from key provider system 110 . This is indicated by block 242 in FIG. 2 . It then encrypts the UKPB keys that were used to encrypt the blobs sent to storage system 106 (and storage system 108 ), with the master key. This is indicated by block 244 . It then sends the master key to master key storage system 112 , where the master key is stored in data store 164 , without keeping any copies of the master key on local computing system 104 . Deleting the master key from the local computing system 104 is indicated by block 246 , and storing the master key on master key storage system 112 is indicated by block 248 .
- the master keyscan be rotated according to a system employed by master key rotation system 174 . Rotating the master keys provides even another level of security to the information stored in architecture 100 . Rotating the keys is indicated by block 250 .
- the master keyscan be processed in other ways as well, as indicated by block 252 .
- Key encryption/decryption system 136then stores the encrypted UKPB keys 126 in local application data store 122 . This is indicated by block 254 in FIG. 2 . It can thus be seen that, in one example, the encrypted data, the encrypted keys, and the master keys are all needed to decrypt the data and are all stored at geographically separate locations (or facilities).
- FIG. 3is a flow diagram illustrating one example of the operation of remote third party blob storage system 106 in receiving and storing an encrypted blob on data store 140 .
- System 106first receives an encrypted blob for storage. This is indicated by block 260 in FIG. 3 . It then writes the encrypted blob to data store 140 . This is indicated by block 262 .
- Checksum generator component 148then calculates a post-write checksum for the encrypted blob that it has just written to data store 140 . This is indicated by block 264 . It then sends the post-write checksum to the local computing system 104 from which it received the encrypted blob. This is indicated by block 266 .
- FIG. 4is a flow diagram illustrating one example of the operation of local computing system 104 in receiving and decrypting a file (or encrypted blob) from third party blob storage system 106 .
- Communication component 137 in local computing system 104first detects a request to access a file. This is indicated by block 270 .
- client 102may provide a data access request to access a file that is stored on storage system 106 .
- blob encryption/decryption system 132then obtains the encrypted blobs for the requested file, from storage system 106 .
- Thisis indicated by block 272 .
- component 137requests the encrypted blob from one of the storage systems 106 and 108 on a first computing thread. This is indicated by block 273 .
- the requestmay be sent to the geographically closest system 106 or 108 , as indicated by block 275 , or to another system, as indicated by block 277 .
- component 137schedules a second request to be sent, after a delay period, on a second computing thread, to the other storage system (e.g., to system 108 if the first request is sent to system 106 ). This is indicated by block 279 . If the first request fails, component 137 immediately sends the second request, without waiting for the delay period. This is indicated by block 281 .
- the two threadscan illustratively cancel one another. Therefore, as soon as the results are returned on one thread, the other thread is canceled. This is indicated by block 283 .
- the encrypted blobscan be obtained in other ways as well.
- System 132also obtains the master key stored on data store 164 , for master key storage system 112 , that was used to encrypt the UKPB keys 126 that were, themselves, used to encrypt the blobs corresponding to the requested file. Obtaining the master key or keys is indicated by block 274 . Key encryption/decryption system 136 then uses the master key to decrypt the encrypted UKPB keys 126 . This is indicated by block 276 . Once the keys are decrypted, blob encryption/decryption system 132 uses the UKPB keys to decrypt the blobs associated with the requested file. This is indicated by block 278 .
- FIG. 5Ashows one example of a more detailed block diagram of deleted file processing system 152 .
- System 152illustratively includes an elapsed time identifier component 326 . It also illustratively includes remaining retention time identifier component 328 , file re-encryption/decryption component 330 , and it can include a variety of other items 332 as well.
- FIG. 5Bis a flow diagram illustrating one example of the operation of deleted file processing system 152 in processing files that have been marked for deletion from remote third party blob storage system 106 .
- architecture 100provides a variety of different levels of deletion. For example, if a user at client 102 deletes a file, it may go to the client's recycle bin for a predefined amount of time, before it is deleted from the user's recycle bin (either automatically or by the user actively deleting it from the recycle bin). Once it is deleted from the user's recycle bin, the file can then be provided to an administrator's recycle bin, in case the user later decides that he or she wishes to recover the file again. It may remain in the administrator's recycle bin for a predetermined amount of time, unless the administrator actively deletes it from his or her recycle bin.
- architecture 100provides an additional level of deletion processing. This can be performed by deleted file processing system 152 . This processing can also be used to ensure client 102 that, after a file is deleted by a user, and after a predetermined amount of time has elapsed, the file will actually be deleted from remote third party blob storage system 106 (and any backup storage systems 108 where it is stored), and will no longer be accessible.
- Deleted file processing system 152first detects that a file is to be deleted from third party blob storage system 106 . This is indicated by block 300 in FIG. 5 . For instance, it may be that a user at client 102 has indicated that a file is to be deleted. In another example, it may be that the administrator of local computing system 104 has indicated that a file is to be deleted from his or her recycle bin. In any case, a file has been identified for deletion from third party storage system 106 .
- Deleted file processing system 152then identifies any applicable intervening deletion levels that may have already occurred. This is indicated by block 302 . For instance, it may be that the identified file was first placed in the user's recycle bin for a predetermined amount of time, or until the user actively deleted it from his or her recycle bin. This is indicated by block 304 . It may also be that the deleted file was then placed in an administrative recycle bin where it remained for a predetermined amount of time, or until the administrator actively deleted it from his or her recycle bin. This is indicated by block 306 . There may be a variety of other intervening deletion levels that had undergone processing as well, and this is indicated by block 308 .
- Elapsed time identifier component 326then identifies any elapsed time that was used in performing the intervening deletion levels. This is indicated by block 310 . For instance, it may be that the file was first placed in the user's recycle bin for 30 days, after which it was deleted from there and placed in the administrator's recycle bin. It may have remained in the administrator's recycle bin for an additional 10 days, after which it was deleted from there. Thus, the elapsed time that was consumed by the intervening deletion levels, in that case, would be 40 days.
- remote third party blob storage system 106has provided assurance to clients 102 that, once a file is deleted, the file will be inaccessible after a predefined period (such as 60 days).
- a predefined periodsuch as 60 days.
- remaining retention time identifieridentifies how much time remains before the file is to be completely inaccessible, and it obtains a corresponding key from the key ring management system 156 in key provider system 110 . This is indicated by block 312 .
- key ring management system 156generates a key every day and assigns that key a predetermined expiration date. For example, it may be that every key issued by key ring management system 156 has a life of 60 days, after which it expires and is no longer valid or usable to decrypt information in architecture 100 . Based on the already elapsed time, and the remaining retention time, deleted file processing system 152 illustratively obtains a key from key ring management system 156 so that the key only has a remaining life corresponding to the remaining retention time for the file to be deleted. In the scenario described above, assume that the elapsed time for the intervening deletion levels is 40 days.
- deleted file processing system 152obtains a key from key ring management system 156 that has a remaining life of 20 days. Obtaining the key for the remaining retention time for a deleted file is indicated by block 314 . It can obtain the key in other ways as well, as indicated by block 316 .
- System 152then re-encrypts the file to be deleted with the obtained key. This is indicated by block 318 . Until that key expires, the deleted file will still be accessible by system 104 . If it requests the deleted file from storage system 106 , storage system 106 can use that key to decrypt the file that has been marked for deletion, and provide it, to system 104 . Thus, while the key is unexpired, the file is still accessible by local computing system 104 . This is indicated by blocks 320 and 322 in FIG. 5B . However, after the obtained key, with which the deleted file was re-encrypted, has expired, then the file is no longer accessible within architecture 100 . This is indicated by block 324 .
- architecture 100defines a storage platform that greatly enhances security of stored data.
- the surreptitious userFor a surreptitious user to obtain an unencrypted form of data stored on storage system 106 , the surreptitious user must have access to not only the encrypted blobs 140 - 144 on storage system 106 , but also to one or more master keys 166 - 168 on master key storage system 112 , and to encrypted UKPB keys 126 on local computing system 104 .
- the surreptitious usermust also have knowledge of how to assemble this information and use it in order to decrypt the encrypted UKPB keys 126 and the encrypted blobs.
- storage system 106can provide an indication as to the maximum retention time for a deleted file.
- the key obtained from the key ring management system 156will expire and the deleted file will no longer be accessible within architecture 100 . This can provide additional security to users of client 102 , so that they know that their data, once deleted, will actually be deleted from the entire architecture, and no copies of the data will remain in any of the storage systems 106 - 108 .
- the systemcan provide quicker response times. By requesting data from two different systems, and then using the data from the quickest responding system, fast data access times can be achieved.
- processors and serversinclude computer processors with associated memory and timing circuitry, not separately shown. They are functional parts of the systems or devices to which they belong and are activated by, and facilitate the functionality of the other components or items in those systems.
- the user actuatable input mechanismscan be text boxes, check boxes, icons, links, drop-down menus, search boxes, etc. They can also be actuated in a wide variety of different ways. For instance, they can be actuated using a point and click device (such as a track ball or mouse). They can be actuated using hardware buttons, switches, a joystick or keyboard, thumb switches or thumb pads, etc. They can also be actuated using a virtual keyboard or other virtual actuators. In addition, where the screen on which they are displayed is a touch sensitive screen, they can be actuated using touch gestures. Also, where the device that displays them has speech recognition components, they can be actuated using speech commands.
- a number of data storeshave also been discussed. It will be noted they can each be broken into multiple data stores. All can be local to the systems accessing them, all can be remote, or some can be local while others are remote. All of these configurations are contemplated herein.
- the figuresshow a number of blocks with functionality ascribed to each block. It will be noted that fewer blocks can be used so the functionality is performed by fewer components. Also, more blocks can be used with the functionality distributed among more components.
- FIG. 6is a block diagram of architecture 100 , shown in FIG. 1 , except that its elements are disposed in a cloud computing architecture 500 .
- Cloud computingprovides computation, software, data access, and storage services that do not require end-user knowledge of the physical location or configuration of the system that delivers the services.
- cloud computingdelivers the services over a wide area network, such as the internet, using appropriate protocols.
- cloud computing providersdeliver applications over a wide area network and they can be accessed through a web browser or any other computing component.
- Software or components of architecture 100 as well as the corresponding datacan be stored on servers at a remote location.
- the computing resources in a cloud computing environmentcan be consolidated at a remote data center location or they can be dispersed.
- Cloud computing infrastructurescan deliver services through shared data centers, even though they appear as a single point of access for the user.
- the components and functions described hereincan be provided from a service provider at a remote location using a cloud computing architecture.
- theycan be provided from a conventional server, or they can be installed on client devices directly, or in other ways.
- Cloud computingboth public and private provides substantially seamless pooling of resources, as well as a reduced need to manage and configure underlying hardware infrastructure.
- a public cloudis managed by a vendor and typically supports multiple consumers using the same infrastructure. Also, a public cloud, as opposed to a private cloud, can free up the end users from managing the hardware.
- a private cloudmay be managed by the organization itself and the infrastructure is typically not shared with other organizations. The organization still maintains the hardware to some extent, such as installations and repairs, etc.
- FIG. 6specifically shows that systems 106 , 108 , 110 and 112 can be located in cloud 502 (which can be public, private, or a combination where portions are public while others are private). Therefore, user(s) 506 use a client system 102 and local computing system 104 to access those systems through cloud 502 .
- cloud 502which can be public, private, or a combination where portions are public while others are private. Therefore, user(s) 506 use a client system 102 and local computing system 104 to access those systems through cloud 502 .
- FIG. 6also depicts another example of a cloud architecture.
- FIG. 6shows that it is also contemplated that some elements of architecture 100 are disposed in cloud 502 while others are not.
- data stores 122 , 140 and 164can be disposed outside of cloud 502 , and accessed through cloud 502 .
- key provider system 110(or other systems) can be outside of cloud 502 . Regardless of where they are located, they can be accessed directly by system 104 , through a network (either a wide area network or a local area network), they can be hosted at a remote site by a service, or they can be provided as a service through a cloud or accessed by a connection service that resides in the cloud. All of these architectures are contemplated herein.
- architecture 100can be disposed on a wide variety of different devices. Some of those devices include servers, desktop computers, laptop computers, tablet computers, or other mobile devices, such as palm top computers, cell phones, smart phones, multimedia players, personal digital assistants, etc.
- FIG. 7is a simplified block diagram of one illustrative example of a handheld or mobile computing device that can be used as a user's or client's hand held device 16 , in which the present system (or parts of it) can be deployed.
- FIGS. 8-9are examples of handheld or mobile devices.
- FIG. 7provides a general block diagram of the components of a client device 16 that can run components of architecture 100 or that interacts with architecture 100 , or both.
- a communications link 13is provided that allows the handheld device to communicate with other computing devices and under some embodiments provides a channel for receiving information automatically, such as by scanning.
- Examples of communications link 13include an infrared port, a serial/USB port, a cable network port such as an Ethernet port, and a wireless network port allowing communication though one or more communication protocols including General Packet Radio Service (GPRS), LTE, HSPA, HSPA+and other 3G and 4G radio protocols, 1Xrtt, and Short Message Service, which are wireless services used to provide cellular access to a network, as well as Wi-Fi protocols, and Bluetooth protocol, which provide local wireless connections to networks.
- GPRSGeneral Packet Radio Service
- LTELong Term Evolution
- HSPAHigh Speed Packet Access
- HSPA+and other 3G and 4G radio protocols3G and 4G radio protocols
- 1Xrtt3G and 4G radio protocols
- Short Message ServiceShort Message Service
- SD card interface 15In other examples, applications or systems are received on a removable Secure Digital (SD) card that is connected to a SD card interface 15 .
- SD card interface 15 and communication links 13communicate with a processor 17 (which can also embody processors 120 , 150 , 160 or 172 from FIG. 1 ) along a bus 19 that is also connected to memory 21 and input/output (I/O) components 23 , as well as clock 25 and location system 27 .
- processor 17which can also embody processors 120 , 150 , 160 or 172 from FIG. 1
- bus 19that is also connected to memory 21 and input/output (I/O) components 23 , as well as clock 25 and location system 27 .
- I/Oinput/output
- I/O components 23are provided to facilitate input and output operations.
- I/O components 23 for various embodiments of the device 16can include input components such as buttons, touch sensors, multi-touch sensors, optical or video sensors, voice sensors, touch screens, proximity sensors, microphones, tilt sensors, and gravity switches and output components such as a display device, a speaker, and or a printer port.
- Other I/O components 23can be used as well.
- Clock 25illustratively comprises a real time clock component that outputs a time and date. It can also, illustratively, provide timing functions for processor 17 .
- Location system 27illustratively includes a component that outputs a current geographical location of device 16 .
- Thiscan include, for instance, a global positioning system (GPS) receiver, a LORAN system, a dead reckoning system, a cellular triangulation system, or other positioning system. It can also include, for example, mapping software or navigation software that generates desired maps, navigation routes and other geographic functions.
- GPSglobal positioning system
- Memory 21stores operating system 29 , network settings 31 , applications 33 , application configuration settings 35 , data store 37 , communication drivers 39 , and communication configuration settings 41 .
- Memory 21can include all types of tangible volatile and non-volatile computer-readable memory devices. It can also include computer storage media (described below).
- Memory 21stores computer readable instructions that, when executed by processor 17 , cause the processor to perform computer-implemented steps or functions according to the instructions.
- device 16can have a client system 24 which can run various business applications or embody parts or all of architecture 100 .
- Processor 17can be activated by other components to facilitate their functionality as well.
- Examples of the network settings 31include things such as proxy information, Internet connection information, and mappings.
- Application configuration settings 35include settings that tailor the application for a specific enterprise or user.
- Communication configuration settings 41provide parameters for communicating with other computers and include items such as GPRS parameters, SMS parameters, connection user names and passwords.
- Applications 33can be applications that have previously been stored on the device 16 or applications that are installed during use, although these can be part of operating system 29 , or hosted external to device 16 , as well.
- FIG. 8shows one example in which device 16 is a tablet computer 600 .
- computer 600is shown with user interface display screen 602 .
- Screen 602can be a touch screen (so touch gestures from a user's finger 604 can be used to interact with the application) or a pen-enabled interface that receives inputs from a pen or stylus. It can also use an on-screen virtual keyboard. Of course, it might also be attached to a keyboard or other user input device through a suitable attachment mechanism, such as a wireless link or USB port, for instance.
- Computer 600can also illustratively receive voice inputs as well.
- Device 16can be, a feature phone, smart phone or mobile phone.
- the phonecan include a set of keypads for dialing phone numbers, a display capable of displaying images including application images, icons, web pages, photographs, and video, and control buttons for selecting items shown on the display.
- the phonecan include an antenna for receiving cellular phone signals such as General Packet Radio Service (GPRS) and 1Xrtt, and Short Message Service (SMS) signals.
- GPRSGeneral Packet Radio Service
- 1Xrtt1Xrtt
- SMSShort Message Service
- the phonealso includes a Secure Digital (SD) card slot that accepts a SD card.
- SDSecure Digital
- the mobile devicecan also be a personal digital assistant or a multimedia player or a tablet computing device, etc. (hereinafter referred to as a PDA).
- the PDAcan include an inductive screen that senses the position of a stylus (or other pointers, such as a user's finger) when the stylus is positioned over the screen. This allows the user to select, highlight, and move items on the screen as well as draw and write.
- the PDAcan also include a number of user input keys or buttons which allow the user to scroll through menu options or other display options which are displayed on the display, and allow the user to change applications or select user input functions, without contacting the display.
- the PDAcan also include an internal antenna and an infrared transmitter/receiver that allow for wireless communication with other computers as well as connection ports that allow for hardware connections to other computing devices.
- Such hardware connectionsare typically made through a cradle that connects to the other computer through a serial or USB port. As such, these connections are non-network connections.
- FIG. 9shows that the phone can be a smart phone 71 .
- Smart phone 71has a touch sensitive display 73 that displays icons or tiles or other user input mechanisms 75 .
- Mechanisms 75can be used by a user to run applications, make calls, perform data transfer operations, etc.
- smart phone 71is built on a mobile operating system and offers more advanced computing capability and connectivity than a feature phone.
- FIG. 10is one example of a computing environment in which architecture 100 , or parts of it, (for example) can be deployed.
- an example system for implementing some embodimentsincludes a general-purpose computing device in the form of a computer 810 .
- Components of computer 810may include, but are not limited to, a processing unit 820 (which can comprise processors 120 , 150 , 160 or 172 ), a system memory 830 , and a system bus 821 that couples various system components including the system memory to the processing unit 820 .
- the system bus 821may be any of several types of bus structures including a memory bus or memory controller, a peripheral bus, and a local bus using any of a variety of bus architectures.
- such architecturesinclude Industry Standard Architecture (ISA) bus, Micro Channel Architecture (MCA) bus, Enhanced ISA (EISA) bus, Video Electronics Standards Association (VESA) local bus, and Peripheral Component Interconnect (PCI) bus also known as Mezzanine bus.
- ISAIndustry Standard Architecture
- MCAMicro Channel Architecture
- EISAEnhanced ISA
- VESAVideo Electronics Standards Association
- PCIPeripheral Component Interconnect
- Computer 810typically includes a variety of computer readable media.
- Computer readable mediacan be any available media that can be accessed by computer 810 and includes both volatile and nonvolatile media, removable and non-removable media.
- Computer readable mediamay comprise computer storage media and communication media.
- Computer storage mediais different from, and does not include, a modulated data signal or carrier wave. It includes hardware storage media including both volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data.
- Computer storage mediaincludes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by computer 810 .
- Communication mediatypically embodies computer readable instructions, data structures, program modules or other data in a transport mechanism and includes any information delivery media.
- modulated data signalmeans a signal that has one or more of its characteristics set or changed in such a manner as to encode information in the signal.
- communication mediaincludes wired media such as a wired network or direct-wired connection, and wireless media such as acoustic, RF, infrared and other wireless media. Combinations of any of the above should also be included within the scope of computer readable media.
- the system memory 830includes computer storage media in the form of volatile and/or nonvolatile memory such as read only memory (ROM) 831 and random access memory (RAM) 832 .
- ROMread only memory
- RAMrandom access memory
- BIOSbasic input/output system 833
- RAM 832typically contains data and/or program modules that are immediately accessible to and/or presently being operated on by processing unit 820 .
- FIG. 10illustrates operating system 834 , application programs 835 , other program modules 836 , and program data 837 .
- the computer 810may also include other removable/non-removable volatile/nonvolatile computer storage media.
- FIG. 10illustrates a hard disk drive 841 that reads from or writes to non-removable, nonvolatile magnetic media, and an optical disk drive 855 that reads from or writes to a removable, nonvolatile optical disk 856 such as a CD ROM or other optical media.
- Other removable/non-removable, volatile/nonvolatile computer storage mediathat can be used in the exemplary operating environment include, but are not limited to, magnetic tape cassettes, flash memory cards, digital versatile disks, digital video tape, solid state RAM, solid state ROM, and the like.
- the hard disk drive 841is typically connected to the system bus 821 through a non-removable memory interface such as interface 840
- optical disk drive 855are typically connected to the system bus 821 by a removable memory interface, such as interface 850 .
- the functionality described hereincan be performed, at least in part, by one or more hardware logic components.
- illustrative types of hardware logic componentsinclude Field-programmable Gate Arrays (FPGAs), Program-specific Integrated Circuits (ASICs), Program-specific Standard Products (ASSPs), System-on-a-chip systems (SOCs), Complex Programmable Logic Devices (CPLDs), etc.
- the drives and their associated computer storage media discussed above and illustrated in FIG. 10provide storage of computer readable instructions, data structures, program modules and other data for the computer 810 .
- hard disk drive 841is illustrated as storing operating system 844 , application programs 845 , other program modules 846 , and program data 847 .
- operating system 844application programs 845 , other program modules 846 , and program data 847 are given different numbers here to illustrate that, at a minimum, they are different copies.
- a usermay enter commands and information into the computer 810 through input devices such as a keyboard 862 , a microphone 863 , and a pointing device 861 , such as a mouse, trackball or touch pad.
- Other input devicesmay include a joystick, game pad, satellite dish, scanner, or the like.
- These and other input devicesare often connected to the processing unit 820 through a user input interface 860 that is coupled to the system bus, but may be connected by other interface and bus structures, such as a parallel port, game port or a universal serial bus (USB).
- a visual display 891 or other type of display deviceis also connected to the system bus 821 via an interface, such as a video interface 890 .
- computersmay also include other peripheral output devices such as speakers 897 and printer 896 , which may be connected through an output peripheral interface 895 .
- the computer 810is operated in a networked environment using logical connections to one or more remote computers, such as a remote computer 880 .
- the remote computer 880may be a personal computer, a hand-held device, a server, a router, a network PC, a peer device or other common network node, and typically includes many or all of the elements described above relative to the computer 810 .
- the logical connections depicted in FIG. 10include a local area network (LAN) 871 and a wide area network (WAN) 873 , but may also include other networks.
- LANlocal area network
- WANwide area network
- Such networking environmentsare commonplace in offices, enterprise-wide computer networks, intranets and the Internet.
- the computer 810When used in a LAN networking environment, the computer 810 is connected to the LAN 871 through a network interface or adapter 870 .
- the computer 810When used in a WAN networking environment, the computer 810 typically includes a modem 872 or other means for establishing communications over the WAN 873 , such as the Internet.
- the modem 872which may be internal or external, may be connected to the system bus 821 via the user input interface 860 , or other appropriate mechanism.
- program modules depicted relative to the computer 810may be stored in the remote memory storage device.
- FIG. 10illustrates remote application programs 885 as residing on remote computer 880 . It will be appreciated that the network connections shown are exemplary and other means of establishing a communications link between the computers may be used.
- a data encryption systemthat receives a data file to be stored on a remote storage system and transforms the data file by encrypting the data file with a file-specific encryption key to obtain an encrypted data file;
- checksum generator componentthat generates a post-encryption checksum on the encrypted data file
- a checksum comparison systemthat receives a first post-write checksum from the remote storage system, the first post-write checksum being generated from the encrypted data file after being written to the remote storage system, and compares the first post-write checksum to the post-encryption checksum to determine whether the encrypted data file is correctly written to the remote storage system and generates a comparison output signal indicative of a result of the comparison.
- the communication componentreceives a storage request from a client to store the data file on the remote storage system, and wherein the communication component indicates to the client that the data file has been successfully written to the remote storage system, when the comparison output signal indicates that the first post-write checksum and the post-encryption checksum are the same.
- the communication componentsends the encrypted data file to a remote backup storage system for storage on the backup storage system.
- checksum comparison systemreceives a second post-write checksum from the remote backup storage system, the second post-write checksum being generated from the encrypted data file after being written to the remote backup storage system, and compares the second post-write checksum to the post-encryption checksum to determine whether the encrypted data file is correctly written to the remote backup storage system and generates a comparison output signal indicative of a result of the comparison.
- the computing systemreceives a storage request from a client to store the data file on the remote storage system, and wherein the communication component indicates to the client that the data file has been successfully written to the remote storage system, when the comparison output signal indicates that the first post-write checksum and the post-encryption checksum are the same, and that the second post-write checksum and the post-encryption checksum are the same.
- the communication componentin response to receiving a data access request, for the data file, from the client, the communication component is configured to send a first request for the encrypted data file to the remote storage location on a first computing thread and to schedule a second request to the remote backup storage location on a second thread to occur after a delay period.
- the communication componentis configured to send the second request to the backup storage location within the delay period if the first request fails within the delay period.
- the communication componentis configured to cancel a given one of the first request and the second request when the encrypted data file is returned in response another one of the first request or the second request.
- receiving the data fileincludes receiving a storage request from a client to store the data file on the remote storage system.
- sending the encrypted data file to the remote storage systemcomprises:
- a communication componentconfigured to receive a storage request from a client to store the data file on the remote storage system
- a data encryption systemconfigured to transform the data file by encrypting the data file with a file-specific encryption key to obtain an encrypted data file, the communication component sending the encrypted data file to the remote storage system and a backup remote storage system;
- checksum generator componentthat generates a post-encryption checksum on the encrypted data file
- a checksum comparison systemthat receives a first post-write checksum from the remote storage system and a second post-write checksum from the backup remote storage system, the first post-write checksum being generated from the encrypted data file after being written to the remote storage system, and the second post-write checksum being generated from the encrypted data file after being written to the remote backup storage system, the checksum comparison system comparing the first post-write checksum to the post-encryption checksum and comparing the second post-write checksum to the post-encryption checksum and generating a comparison output signal indicative of a result of the comparison, the communication component confirming to the client that the data file is successfully stored on the remote storage location if the comparison signal indicates that the post-encryption checksum is the same as both the first and second post-write checksums.
- the communication componentin response to receiving a data access request for the data file from the client, the communication component is configured to send a first request for the encrypted data file to the remote storage location on a first computing thread and to schedule a second request to the remote backup storage location on a second thread to be sent after a delay period, and wherein the communication component is configured to send the second request to the backup storage location within the delay period if the first request fails within the delay period.
- the communication componentis configured to cancel a given one of the first request and the second request when the encrypted data file is returned in response to another one of the first request or the second request.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Human Computer Interaction (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Databases & Information Systems (AREA)
- Quality & Reliability (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
Description
- The present application is based on and claims the benefit of U.S. provisional patent application Ser. No. 62/155,886 filed May 1, 2015, and U.S. provisional patent application Ser. No. 62/155,975 filed May 1, 2015 the content of which is hereby incorporated by reference in its entirety.
- Computer systems are currently in wide use. Some computer systems use remotely located services to accomplish a variety of different things. The remotely located services, for instance, can provide remote data storage for a client.
- A cloud service provider that provides such a service generally stores customer data remotely from the premises of the customer and provides one or more services relative to the data. Examples of such cloud services include remote file storage and sharing, electronic mail, hosted applications, etc.
- For many customers of the cloud services, such as corporations or other organizations, sensitive and/or confidential information may be stored remotely from the corporation's physical facility. Thus, for some customers of the cloud service, it is important that access to any of the customer's data be strictly controlled. For instance, it may be that customers of cloud services wish to have visibility into actions taken on their content, and wish to have control over access to their content in the cloud, in order to trust the cloud service provider.
- In addition, it can be difficult for some organizations that use cloud services to trust that, when a client asks for data to be deleted from the storage system (which is hosted by a third party), it is actually going to be deleted from both hard drive and backup systems within the third party's storage system. On some systems, orphan copies of the data may remain for unknown periods of time, without the knowledge of the client. This data can be compromised when the third party storage system is subjected to surreptitious attack.
- Further, users of cloud storage services often wish to verify that data is properly written. This can be quite difficult, and can often consume local storage resources, such as local caching of data.
- The discussion above is merely provided for general background information and is not intended to be used as an aid in determining the scope of the claimed subject matter.
- A post-encryption checksum is generated for a file to be stored on a remote storage location. It can be generated before sending the encrypted file to the remote storage system. A post-write checksum can be received from the remote storage system. The post-write checksum is generated after the encrypted file is written there. A comparison of the two checksums indicates whether the file has been correctly written to the remote storage system.
- This Summary is provided to introduce a selection of concepts in a simplified form that are further described below in the Detailed Description. This Summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used as an aid in determining the scope of the claimed subject matter. The claimed subject matter is not limited to implementations that solve any or all disadvantages noted in the background.
FIG. 1 is a block diagram of one example of a data storage architecture.FIGS. 2A and 2B (collectively referred to herein asFIG. 2 ) show a flow diagram illustrating one example of the operation of the architecture shown inFIG. 1 in storing data.FIG. 3 is a flow diagram illustrating one example of the operation of a third party storage system in storing data.FIG. 4 is a flow diagram illustrating one example of the operation of a local computing system in receiving and decrypting data.FIG. 5A is a more detailed block diagram of one example of a deleted file processing system.FIG. 5B is a flow diagram illustrating one example of the operation of the architecture shown inFIG. 1 in processing a file to be deleted.FIG. 6 is a block diagram of one example of the architecture shown inFIG. 1 , deployed in a cloud computing architecture.FIGS. 7-9 show examples of mobile devices that can be used in any of the architectures of the previous figures.FIG. 10 is a block diagram of one example of a computing environment that can be used in any of the architectures shown in the previous figures.FIG. 1 is a block diagram of one example of adata storage architecture 100.Architecture 100 illustratively includes one ormore clients 102 that interact withlocal computing system 104. They can interact withsystems 104 in order to store information on a remote third partyblob storage system 106 and on one or morebackup storage systems 108. It will be noted thatbackup storage system 108 can be a remote third party blob storage system similar to that shown at106, or it can be different.FIG. 1 also shows that, in one example,architecture 100 includes akey provider system 110 and a masterkey storage system 112.Systems network 114.- In one example,
client 102 can provide a data stream (e.g., a file)116 tolocal computing system 104 which prepares it for storage onsystem 106, and provides it tosystem 106 for storage.Local computing system 104 also validates that thefile 116 has been accurately written to system106 (and it may also verify that it has been accurately stored on backup system108) and then provides acommit response 118 toclient 102 indicating that the write has been successful. In doing so, it can usekey provider system 110 and masterkey storage system 112, among other things. - In the example shown in
FIG. 1 ,local computing system 104 illustratively includes a set of processors orservers 120, and a localapplication data store 122 that storesapplications 124, a set of encrypted unique key per blob (UKPB)keys 126 and it can storeother items 128.System 104 also illustratively includesshredding component 130, per blob encryption/decryption system 132,checksum generator system 133,comparison system 134, key encryption/decryption system 136,communication component 137, and it can include a variety ofother items 138.FIG. 1 also shows that, in one example, remote third partyblob storage system 106 illustratively includes one or more data stores140-141 that store a set of encrypted blobs142-144, and that can includeother items 146 as well.System 106 also illustratively includes achecksum generator component 148, one or more processors andservers 150, deletedfile processing system 152, and it can includeother items 154. - In addition,
FIG. 1 also shows that, in one example,key provider system 110 includes keyring management system 156,key generator component 158, one or more processors orservers 160, and it can includeother items 162. Masterkey storage system 112 illustratively includes one ormore data stores 164 that store a set of master keys166-168, and that can storeother items 170.System 112 also includes one or more processors orservers 172, masterkey rotation system 174, and it can includeother items 176. - Before describing the overall operation of
architecture 100, a brief overview of its operation, and some of the items inarchitecture 100, will first be provided. Whenlocal computing system 104 receivesdata 116 fromclient 102, for storage onsystem 106,shredding component 130 illustratively splits the file into a plurality of different blobs. It will be noted that, while shredding splits the file on a letter or word basis, the present discussion also includes chunking which splits the file on a paragraph basis. Both types of splitting, or others, can be used as well. Per blob encryption/decryption system 132 obtains an encryption key fromkey generator component 158 inkey provider system 110 and encrypts each blob with its own encryption key. Thekey provider system 110 can be a standalone service or endpoint, or arranged in another way.Checksum generator system 133 generates a checksum for the pre-encrypted value of the blob and for the post-encryption value of the blob. In one example, the checksum is a message digest (MD) 5 checksum although others can be used as well.System 104 then sends the encrypted blob tosystem 106 for storage.System 106 writes the encrypted blob to one of data stores140-141. The different blobs for a file are illustratively stored across different data stores140-141 and even across different systems106-108.Checksum generator component 148 generates a post-write checksum for the encrypted blob, after it is written on a data store140-141, and provides that checksum back tolocal computing system 104.Checksum comparison system 134 compares the post-encryption checksum generated bysystem 133 and the post-write checksum generated bycomponent 148 to ensure that they are the same. If they are,system 104 can provide commit118 back toclient 102. In one example,system 104 can perform the same operations with respect tobackup storage system 108 to ensure that the encrypted blob is also accurately written tobackup storage system 108, before it provides commit118 toclient 102. - In another example, a checksum of the initial non-encrypted file can be generated and then after it is written into the remote storage system,
computing system 104 can go through the entire retrieval and decryption process and validate that the resulting file was the same as the initial file before considering the commit to be complete. This may take more time and network resources to accomplish, but may be more precise. - Key encryption/
decryption system 136 also illustratively obtains a master key fromkey provider system 110 and encrypts the UKPB key used to encrypt the blobs sent tosystem 106 for storage. Theencrypted UKPB keys 126 are then stored on localapplication data store 122. The master keys are then deleted fromsystem 104, but are provided to masterkey storage system 112 for storage. - In one example,
systems system 104 is unable to enumerate files that are stored insystem 106. Thus, if access tosystems system 104 only means that what one already knows about is what could be retrieved. Each local computing system component has its own set of keys with the locations they map to. They are not aware of each other's data. Therefore, for a surreptitious user to obtain an unencrypted copy of anyfiles 116 that are stored onstorage system 106, that user must have access not only to theencrypted UKPB keys 126 onsystem 104, but the user must also have access to the master keys on masterkey storage system 112, and to the encrypted blob itself, which is stored onstorage system 106. Thus, the surreptitious user must have access to three disparate systems, and a knowledge of how to use the master key, encrypted UKPB keys and encrypted blob, in order to gain access to an unencrypted form of the data. - Deleted
file processing system 152 can also process files where a request has been received in order to delete those files.Architecture 100 also ensures that, after a desired amount of time, deleted filters are no longer recoverable. This involves using the keyring management system 156 to obtain a key that will expire within a predefined amount of time, and this is described in greater detail below with respect toFIG. 5 . FIGS. 2A and 2B (collectively referred to herein asFIG. 2 ) illustrate a flow diagram showing one example of the operation ofarchitecture 100 in encrypting and storing data at remote third partyblob storage system 106.Communication component 137 inlocal computing system 104 first detects that data is to be stored onstorage system 106. This is indicated byblock 190 inFIG. 2 .Component 137 can detect an input from aclient 102, as indicated byblock 192. The data can be adata stream 194, a receivedfile 196, orother data 198, and a request to store it on remotethird party system 106.System 104 then prepares the data for storage onsystem 106. This is indicated byblock 200. In one example, the preparation is performed on-the-fly, as indicated byblock 202. For instance, shreddingcomponent 130 illustratively divides the receivedfile 116 into blobs of data, as it is received. Again, this can include a variety of kinds of splitting, such as chunking or shredding or other splitting. This is indicated byblock 204. It can perform other preparation operations as well, as indicated byblock 206.Checksum generator system 133 then generates a pre-encryption checksum for each blob, as it is being processed. This is indicated byblock 208, and it can be used when decrypting to validate a file, but is not used to validate the transfer of the file intosystems decryption system 132 obtains a UKPB key fromkey generator component 158 inkey provider system 110. This is indicated byblock 210 inFIG. 2 . Again,system 110 need not be a standalone service or endpoint.System 132 then encrypts each blob with a corresponding UKPB key. This is indicated byblock 212 inFIG. 2 .Checksum generator system 133 then generates a first post-encryption checksum for each blob. This is indicated byblock 214.Communication component 137 then sends each encrypted blob to the remote third partyblob storage system 106. This is indicated byblock 216. It will be noted that it can also send the encrypted blob to a redundant orbackup storage system 108. This is indicated byblock 218. It can provide the data to other locations as well, as indicated byblock 220.- Remote third party
blob storage system 106 then receives the encrypted blob, writes it todata store 140 and generates a post-write checksum for it. The operation ofsystem 106 is described in greater detail below with respect toFIG. 3 . Checksum comparison system 134 then receives the post-write checksum that is calculated bychecksum generator component 148 on the third partyblob storage system 106. This is indicated byblock 222 inFIG. 2 . It can also receive any other checksums that are generated by any otherbackup storage systems 108. This is indicated byblock 224. It can receive other values generated from other systems as well, as indicated byblock 226.Comparison system 134 then compares the post-encryption checksum generated bychecksum generator system 133 onlocal computing system 104 against the post-write checksum generated bycomponent 148 onstorage system 106, after the encrypted blob has been written todata store 140. This is indicated byblock 228 inFIG. 2 . It can also compare the checksum generated bylocal computing system 104 against other post-write checksums generated by otherbackup storage systems 108. This is indicated byblock 230. It can compare the values to other items as well, and this is indicated byblock 232.- If the checksums are not the same, this means that the write operation to write the encrypted blob to a data store140-141 or to
system 108, has failed. Determining whether the checksums are the same is indicated byblock 234 inFIG. 2 .System 104 then determines whether any retries are to be attempted, as indicated byblock 236. If not,client 102 is notified that the write failed, as indicated by block238. In another example, before notifying the client of a write failure, the system can fall back to writing the file into a local cache and retry the whole process later on a timer interval until it succeeds. In such an example, theclient 102 is notified if both the commits tosystems block 236, the system is to retry writing the blob tostorage system 106, then processing reverts to block216 where the encrypted blob is again sent to the remote third partyblob storage system 106. - If, at
block 234, checksumcomparison system 134 determines that the post-encryption checksum generated onlocal computing system 104 is the same as the post-write checksum generated bycomponent 148 in thirdparty storage system 106, then it can send commit118 toclient 102 indicating that the write has been successful. This is indicated byblock 240 inFIG. 2 . Also,system 104 can wait to send the commit118 until both the post-write checksum generated by thirdparty storage system 106 and the post-write checksum generated bybackup storage system 108 are compared and found to be the same as the post-encryption checksum generated bysystem 104. All of these architectures are contemplated herein. - At some point in the processing, key encryption/
decryption system 136 obtains a master key fromkey provider system 110. This is indicated byblock 242 inFIG. 2 . It then encrypts the UKPB keys that were used to encrypt the blobs sent to storage system106 (and storage system108), with the master key. This is indicated byblock 244. It then sends the master key to masterkey storage system 112, where the master key is stored indata store 164, without keeping any copies of the master key onlocal computing system 104. Deleting the master key from thelocal computing system 104 is indicated byblock 246, and storing the master key on masterkey storage system 112 is indicated byblock 248. - It will also be noted that, in one example, the master keys can be rotated according to a system employed by master
key rotation system 174. Rotating the master keys provides even another level of security to the information stored inarchitecture 100. Rotating the keys is indicated byblock 250. The master keys can be processed in other ways as well, as indicated byblock 252. - Key encryption/
decryption system 136 then stores theencrypted UKPB keys 126 in localapplication data store 122. This is indicated byblock 254 inFIG. 2 . It can thus be seen that, in one example, the encrypted data, the encrypted keys, and the master keys are all needed to decrypt the data and are all stored at geographically separate locations (or facilities). FIG. 3 is a flow diagram illustrating one example of the operation of remote third partyblob storage system 106 in receiving and storing an encrypted blob ondata store 140.System 106 first receives an encrypted blob for storage. This is indicated byblock 260 inFIG. 3 . It then writes the encrypted blob todata store 140. This is indicated byblock 262.Checksum generator component 148 then calculates a post-write checksum for the encrypted blob that it has just written todata store 140. This is indicated byblock 264. It then sends the post-write checksum to thelocal computing system 104 from which it received the encrypted blob. This is indicated byblock 266.FIG. 4 is a flow diagram illustrating one example of the operation oflocal computing system 104 in receiving and decrypting a file (or encrypted blob) from third partyblob storage system 106.Communication component 137 inlocal computing system 104 first detects a request to access a file. This is indicated byblock 270. In one example, for instance,client 102 may provide a data access request to access a file that is stored onstorage system 106.- In response, blob encryption/
decryption system 132 then obtains the encrypted blobs for the requested file, fromstorage system 106. This is indicated byblock 272. This can be done in a variety of different ways. In one example,component 137 requests the encrypted blob from one of thestorage systems block 273. The request may be sent to the geographicallyclosest system block 275, or to another system, as indicated byblock 277. At the same time,component 137 schedules a second request to be sent, after a delay period, on a second computing thread, to the other storage system (e.g., tosystem 108 if the first request is sent to system106). This is indicated byblock 279. If the first request fails,component 137 immediately sends the second request, without waiting for the delay period. This is indicated byblock 281. The two threads can illustratively cancel one another. Therefore, as soon as the results are returned on one thread, the other thread is canceled. This is indicated byblock 283. The encrypted blobs can be obtained in other ways as well. System 132 also obtains the master key stored ondata store 164, for masterkey storage system 112, that was used to encrypt theUKPB keys 126 that were, themselves, used to encrypt the blobs corresponding to the requested file. Obtaining the master key or keys is indicated byblock 274. Key encryption/decryption system 136 then uses the master key to decrypt theencrypted UKPB keys 126. This is indicated byblock 276. Once the keys are decrypted, blob encryption/decryption system 132 uses the UKPB keys to decrypt the blobs associated with the requested file. This is indicated byblock 278. It then assembles the decrypted shreds (or blobs) and outputs the decrypted file to the requestingclient 102. Assembling the shreds from the decrypted blobs is indicated byblock 280, and outputting the decrypted file toclient 102 is indicated byblock 282.FIG. 5A shows one example of a more detailed block diagram of deletedfile processing system 152.System 152 illustratively includes an elapsedtime identifier component 326. It also illustratively includes remaining retentiontime identifier component 328, file re-encryption/decryption component 330, and it can include a variety ofother items 332 as well.FIG. 5B is a flow diagram illustrating one example of the operation of deletedfile processing system 152 in processing files that have been marked for deletion from remote third partyblob storage system 106. It should be noted that, in one example,architecture 100 provides a variety of different levels of deletion. For example, if a user atclient 102 deletes a file, it may go to the client's recycle bin for a predefined amount of time, before it is deleted from the user's recycle bin (either automatically or by the user actively deleting it from the recycle bin). Once it is deleted from the user's recycle bin, the file can then be provided to an administrator's recycle bin, in case the user later decides that he or she wishes to recover the file again. It may remain in the administrator's recycle bin for a predetermined amount of time, unless the administrator actively deletes it from his or her recycle bin.- In one example, in accordance with the scenario described with respect to
FIG. 5B ,architecture 100 provides an additional level of deletion processing. This can be performed by deletedfile processing system 152. This processing can also be used to ensureclient 102 that, after a file is deleted by a user, and after a predetermined amount of time has elapsed, the file will actually be deleted from remote third party blob storage system106 (and anybackup storage systems 108 where it is stored), and will no longer be accessible. - Deleted
file processing system 152 first detects that a file is to be deleted from third partyblob storage system 106. This is indicated byblock 300 inFIG. 5 . For instance, it may be that a user atclient 102 has indicated that a file is to be deleted. In another example, it may be that the administrator oflocal computing system 104 has indicated that a file is to be deleted from his or her recycle bin. In any case, a file has been identified for deletion from thirdparty storage system 106. - Deleted
file processing system 152 then identifies any applicable intervening deletion levels that may have already occurred. This is indicated byblock 302. For instance, it may be that the identified file was first placed in the user's recycle bin for a predetermined amount of time, or until the user actively deleted it from his or her recycle bin. This is indicated byblock 304. It may also be that the deleted file was then placed in an administrative recycle bin where it remained for a predetermined amount of time, or until the administrator actively deleted it from his or her recycle bin. This is indicated byblock 306. There may be a variety of other intervening deletion levels that had undergone processing as well, and this is indicated byblock 308. - Elapsed
time identifier component 326 then identifies any elapsed time that was used in performing the intervening deletion levels. This is indicated byblock 310. For instance, it may be that the file was first placed in the user's recycle bin for 30 days, after which it was deleted from there and placed in the administrator's recycle bin. It may have remained in the administrator's recycle bin for an additional 10 days, after which it was deleted from there. Thus, the elapsed time that was consumed by the intervening deletion levels, in that case, would be 40 days. - It is assumed for the sake of the present discussion that remote third party
blob storage system 106 has provided assurance toclients 102 that, once a file is deleted, the file will be inaccessible after a predefined period (such as 60 days). In that case, once elapsedtime identifier component 326 has identified the time that was consumed in the intervening deletion levels, remaining retention time identifier identifies how much time remains before the file is to be completely inaccessible, and it obtains a corresponding key from the keyring management system 156 inkey provider system 110. This is indicated byblock 312. - In one example, key
ring management system 156 generates a key every day and assigns that key a predetermined expiration date. For example, it may be that every key issued by keyring management system 156 has a life of 60 days, after which it expires and is no longer valid or usable to decrypt information inarchitecture 100. Based on the already elapsed time, and the remaining retention time, deletedfile processing system 152 illustratively obtains a key from keyring management system 156 so that the key only has a remaining life corresponding to the remaining retention time for the file to be deleted. In the scenario described above, assume that the elapsed time for the intervening deletion levels is 40 days. Assume thatstorage system 106 has indicated that any deleted file will no longer be accessible after a period of 60 days. In that case,component 328 identifies the remaining retention time for the file to be 20 days. Therefore, deletedfile processing system 152 obtains a key from keyring management system 156 that has a remaining life of 20 days. Obtaining the key for the remaining retention time for a deleted file is indicated byblock 314. It can obtain the key in other ways as well, as indicated byblock 316. System 152 then re-encrypts the file to be deleted with the obtained key. This is indicated byblock 318. Until that key expires, the deleted file will still be accessible bysystem 104. If it requests the deleted file fromstorage system 106,storage system 106 can use that key to decrypt the file that has been marked for deletion, and provide it, tosystem 104. Thus, while the key is unexpired, the file is still accessible bylocal computing system 104. This is indicated byblocks FIG. 5B . However, after the obtained key, with which the deleted file was re-encrypted, has expired, then the file is no longer accessible withinarchitecture 100. This is indicated byblock 324.- It can thus be seen that
architecture 100 defines a storage platform that greatly enhances security of stored data. For a surreptitious user to obtain an unencrypted form of data stored onstorage system 106, the surreptitious user must have access to not only the encrypted blobs140-144 onstorage system 106, but also to one or more master keys166-168 on masterkey storage system 112, and toencrypted UKPB keys 126 onlocal computing system 104. The surreptitious user must also have knowledge of how to assemble this information and use it in order to decrypt theencrypted UKPB keys 126 and the encrypted blobs. In addition,storage system 106 can provide an indication as to the maximum retention time for a deleted file. Once that retention time is reached, the key obtained from the keyring management system 156 will expire and the deleted file will no longer be accessible withinarchitecture 100. This can provide additional security to users ofclient 102, so that they know that their data, once deleted, will actually be deleted from the entire architecture, and no copies of the data will remain in any of the storage systems106-108. - Further, the system can provide quicker response times. By requesting data from two different systems, and then using the data from the quickest responding system, fast data access times can be achieved.
- The present discussion has mentioned processors and servers. In one embodiment, the processors and servers include computer processors with associated memory and timing circuitry, not separately shown. They are functional parts of the systems or devices to which they belong and are activated by, and facilitate the functionality of the other components or items in those systems.
- Also, a number of user interface displays have been discussed. They can take a wide variety of different forms and can have a wide variety of different user actuatable input mechanisms disposed thereon. For instance, the user actuatable input mechanisms can be text boxes, check boxes, icons, links, drop-down menus, search boxes, etc. They can also be actuated in a wide variety of different ways. For instance, they can be actuated using a point and click device (such as a track ball or mouse). They can be actuated using hardware buttons, switches, a joystick or keyboard, thumb switches or thumb pads, etc. They can also be actuated using a virtual keyboard or other virtual actuators. In addition, where the screen on which they are displayed is a touch sensitive screen, they can be actuated using touch gestures. Also, where the device that displays them has speech recognition components, they can be actuated using speech commands.
- A number of data stores have also been discussed. It will be noted they can each be broken into multiple data stores. All can be local to the systems accessing them, all can be remote, or some can be local while others are remote. All of these configurations are contemplated herein.
- Also, the figures show a number of blocks with functionality ascribed to each block. It will be noted that fewer blocks can be used so the functionality is performed by fewer components. Also, more blocks can be used with the functionality distributed among more components.
FIG. 6 is a block diagram ofarchitecture 100, shown inFIG. 1 , except that its elements are disposed in acloud computing architecture 500. Cloud computing provides computation, software, data access, and storage services that do not require end-user knowledge of the physical location or configuration of the system that delivers the services. In various embodiments, cloud computing delivers the services over a wide area network, such as the internet, using appropriate protocols. For instance, cloud computing providers deliver applications over a wide area network and they can be accessed through a web browser or any other computing component. Software or components ofarchitecture 100 as well as the corresponding data, can be stored on servers at a remote location. The computing resources in a cloud computing environment can be consolidated at a remote data center location or they can be dispersed. Cloud computing infrastructures can deliver services through shared data centers, even though they appear as a single point of access for the user. Thus, the components and functions described herein can be provided from a service provider at a remote location using a cloud computing architecture. Alternatively, they can be provided from a conventional server, or they can be installed on client devices directly, or in other ways.- The description is intended to include both public cloud computing and private cloud computing. Cloud computing (both public and private) provides substantially seamless pooling of resources, as well as a reduced need to manage and configure underlying hardware infrastructure.
- A public cloud is managed by a vendor and typically supports multiple consumers using the same infrastructure. Also, a public cloud, as opposed to a private cloud, can free up the end users from managing the hardware. A private cloud may be managed by the organization itself and the infrastructure is typically not shared with other organizations. The organization still maintains the hardware to some extent, such as installations and repairs, etc.
- In the example shown in
FIG. 6 , some items are similar to those shown inFIG. 1 and they are similarly numbered.FIG. 6 specifically shows thatsystems client system 102 andlocal computing system 104 to access those systems throughcloud 502. FIG. 6 also depicts another example of a cloud architecture.FIG. 6 shows that it is also contemplated that some elements ofarchitecture 100 are disposed incloud 502 while others are not. By way of example,data stores cloud 502, and accessed throughcloud 502. In another example, key provider system110 (or other systems) can be outside ofcloud 502. Regardless of where they are located, they can be accessed directly bysystem 104, through a network (either a wide area network or a local area network), they can be hosted at a remote site by a service, or they can be provided as a service through a cloud or accessed by a connection service that resides in the cloud. All of these architectures are contemplated herein.- It will also be noted that
architecture 100, or portions of it, can be disposed on a wide variety of different devices. Some of those devices include servers, desktop computers, laptop computers, tablet computers, or other mobile devices, such as palm top computers, cell phones, smart phones, multimedia players, personal digital assistants, etc. FIG. 7 is a simplified block diagram of one illustrative example of a handheld or mobile computing device that can be used as a user's or client's hand helddevice 16, in which the present system (or parts of it) can be deployed.FIGS. 8-9 are examples of handheld or mobile devices.FIG. 7 provides a general block diagram of the components of aclient device 16 that can run components ofarchitecture 100 or that interacts witharchitecture 100, or both. In thedevice 16, acommunications link 13 is provided that allows the handheld device to communicate with other computing devices and under some embodiments provides a channel for receiving information automatically, such as by scanning. Examples of communications link13 include an infrared port, a serial/USB port, a cable network port such as an Ethernet port, and a wireless network port allowing communication though one or more communication protocols including General Packet Radio Service (GPRS), LTE, HSPA, HSPA+and other 3G and 4G radio protocols, 1Xrtt, and Short Message Service, which are wireless services used to provide cellular access to a network, as well as Wi-Fi protocols, and Bluetooth protocol, which provide local wireless connections to networks.- In other examples, applications or systems are received on a removable Secure Digital (SD) card that is connected to a
SD card interface 15.SD card interface 15 andcommunication links 13 communicate with a processor17 (which can also embodyprocessors FIG. 1 ) along abus 19 that is also connected tomemory 21 and input/output (I/O)components 23, as well asclock 25 andlocation system 27. - I/
O components 23, in one embodiment, are provided to facilitate input and output operations. I/O components 23 for various embodiments of thedevice 16 can include input components such as buttons, touch sensors, multi-touch sensors, optical or video sensors, voice sensors, touch screens, proximity sensors, microphones, tilt sensors, and gravity switches and output components such as a display device, a speaker, and or a printer port. Other I/O components 23 can be used as well. Clock 25 illustratively comprises a real time clock component that outputs a time and date. It can also, illustratively, provide timing functions forprocessor 17.Location system 27 illustratively includes a component that outputs a current geographical location ofdevice 16. This can include, for instance, a global positioning system (GPS) receiver, a LORAN system, a dead reckoning system, a cellular triangulation system, or other positioning system. It can also include, for example, mapping software or navigation software that generates desired maps, navigation routes and other geographic functions.Memory 21stores operating system 29,network settings 31,applications 33,application configuration settings 35,data store 37,communication drivers 39, and communication configuration settings41.Memory 21 can include all types of tangible volatile and non-volatile computer-readable memory devices. It can also include computer storage media (described below).Memory 21 stores computer readable instructions that, when executed byprocessor 17, cause the processor to perform computer-implemented steps or functions according to the instructions. Similarly,device 16 can have aclient system 24 which can run various business applications or embody parts or all ofarchitecture 100.Processor 17 can be activated by other components to facilitate their functionality as well.- Examples of the
network settings 31 include things such as proxy information, Internet connection information, and mappings.Application configuration settings 35 include settings that tailor the application for a specific enterprise or user. Communication configuration settings41 provide parameters for communicating with other computers and include items such as GPRS parameters, SMS parameters, connection user names and passwords. Applications 33 can be applications that have previously been stored on thedevice 16 or applications that are installed during use, although these can be part ofoperating system 29, or hosted external todevice 16, as well.FIG. 8 shows one example in whichdevice 16 is atablet computer 600. InFIG. 8 ,computer 600 is shown with userinterface display screen 602.Screen 602 can be a touch screen (so touch gestures from a user's finger604 can be used to interact with the application) or a pen-enabled interface that receives inputs from a pen or stylus. It can also use an on-screen virtual keyboard. Of course, it might also be attached to a keyboard or other user input device through a suitable attachment mechanism, such as a wireless link or USB port, for instance.Computer 600 can also illustratively receive voice inputs as well.- Additional examples of
devices 16 can be used as well.Device 16 can be, a feature phone, smart phone or mobile phone. The phone can include a set of keypads for dialing phone numbers, a display capable of displaying images including application images, icons, web pages, photographs, and video, and control buttons for selecting items shown on the display. The phone can include an antenna for receiving cellular phone signals such as General Packet Radio Service (GPRS) and 1Xrtt, and Short Message Service (SMS) signals. In some examples the phone also includes a Secure Digital (SD) card slot that accepts a SD card. - The mobile device can also be a personal digital assistant or a multimedia player or a tablet computing device, etc. (hereinafter referred to as a PDA). The PDA can include an inductive screen that senses the position of a stylus (or other pointers, such as a user's finger) when the stylus is positioned over the screen. This allows the user to select, highlight, and move items on the screen as well as draw and write. The PDA can also include a number of user input keys or buttons which allow the user to scroll through menu options or other display options which are displayed on the display, and allow the user to change applications or select user input functions, without contacting the display. The PDA can also include an internal antenna and an infrared transmitter/receiver that allow for wireless communication with other computers as well as connection ports that allow for hardware connections to other computing devices. Such hardware connections are typically made through a cradle that connects to the other computer through a serial or USB port. As such, these connections are non-network connections.
FIG. 9 shows that the phone can be asmart phone 71.Smart phone 71 has a touchsensitive display 73 that displays icons or tiles or otheruser input mechanisms 75.Mechanisms 75 can be used by a user to run applications, make calls, perform data transfer operations, etc. In general,smart phone 71 is built on a mobile operating system and offers more advanced computing capability and connectivity than a feature phone.- Note that other forms of the
devices 16 are possible. FIG. 10 is one example of a computing environment in whicharchitecture 100, or parts of it, (for example) can be deployed. With reference toFIG. 10 , an example system for implementing some embodiments includes a general-purpose computing device in the form of acomputer 810. Components ofcomputer 810 may include, but are not limited to, a processing unit820 (which can compriseprocessors system memory 830, and asystem bus 821 that couples various system components including the system memory to theprocessing unit 820. Thesystem bus 821 may be any of several types of bus structures including a memory bus or memory controller, a peripheral bus, and a local bus using any of a variety of bus architectures. By way of example, and not limitation, such architectures include Industry Standard Architecture (ISA) bus, Micro Channel Architecture (MCA) bus, Enhanced ISA (EISA) bus, Video Electronics Standards Association (VESA) local bus, and Peripheral Component Interconnect (PCI) bus also known as Mezzanine bus. Memory and programs described with respect toFIG. 1 can be deployed in corresponding portions ofFIG. 10 .Computer 810 typically includes a variety of computer readable media. Computer readable media can be any available media that can be accessed bycomputer 810 and includes both volatile and nonvolatile media, removable and non-removable media. By way of example, and not limitation, computer readable media may comprise computer storage media and communication media. Computer storage media is different from, and does not include, a modulated data signal or carrier wave. It includes hardware storage media including both volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed bycomputer 810. Communication media typically embodies computer readable instructions, data structures, program modules or other data in a transport mechanism and includes any information delivery media. The term “modulated data signal” means a signal that has one or more of its characteristics set or changed in such a manner as to encode information in the signal. By way of example, and not limitation, communication media includes wired media such as a wired network or direct-wired connection, and wireless media such as acoustic, RF, infrared and other wireless media. Combinations of any of the above should also be included within the scope of computer readable media.- The
system memory 830 includes computer storage media in the form of volatile and/or nonvolatile memory such as read only memory (ROM)831 and random access memory (RAM)832. A basic input/output system833 (BIOS), containing the basic routines that help to transfer information between elements withincomputer 810, such as during start-up, is typically stored inROM 831.RAM 832 typically contains data and/or program modules that are immediately accessible to and/or presently being operated on by processingunit 820. By way of example, and not limitation,FIG. 10 illustratesoperating system 834,application programs 835,other program modules 836, andprogram data 837. - The
computer 810 may also include other removable/non-removable volatile/nonvolatile computer storage media. By way of example only,FIG. 10 illustrates ahard disk drive 841 that reads from or writes to non-removable, nonvolatile magnetic media, and anoptical disk drive 855 that reads from or writes to a removable, nonvolatileoptical disk 856 such as a CD ROM or other optical media. Other removable/non-removable, volatile/nonvolatile computer storage media that can be used in the exemplary operating environment include, but are not limited to, magnetic tape cassettes, flash memory cards, digital versatile disks, digital video tape, solid state RAM, solid state ROM, and the like. Thehard disk drive 841 is typically connected to thesystem bus 821 through a non-removable memory interface such asinterface 840, andoptical disk drive 855 are typically connected to thesystem bus 821 by a removable memory interface, such asinterface 850. - Alternatively, or in addition, the functionality described herein can be performed, at least in part, by one or more hardware logic components. For example, and without limitation, illustrative types of hardware logic components that can be used include Field-programmable Gate Arrays (FPGAs), Program-specific Integrated Circuits (ASICs), Program-specific Standard Products (ASSPs), System-on-a-chip systems (SOCs), Complex Programmable Logic Devices (CPLDs), etc.
- The drives and their associated computer storage media discussed above and illustrated in
FIG. 10 , provide storage of computer readable instructions, data structures, program modules and other data for thecomputer 810. InFIG. 10 , for example,hard disk drive 841 is illustrated as storingoperating system 844,application programs 845,other program modules 846, andprogram data 847. Note that these components can either be the same as or different fromoperating system 834,application programs 835,other program modules 836, andprogram data 837.Operating system 844,application programs 845,other program modules 846, andprogram data 847 are given different numbers here to illustrate that, at a minimum, they are different copies. - A user may enter commands and information into the
computer 810 through input devices such as akeyboard 862, amicrophone 863, and apointing device 861, such as a mouse, trackball or touch pad. Other input devices (not shown) may include a joystick, game pad, satellite dish, scanner, or the like. These and other input devices are often connected to theprocessing unit 820 through auser input interface 860 that is coupled to the system bus, but may be connected by other interface and bus structures, such as a parallel port, game port or a universal serial bus (USB). Avisual display 891 or other type of display device is also connected to thesystem bus 821 via an interface, such as avideo interface 890. In addition to the monitor, computers may also include other peripheral output devices such asspeakers 897 andprinter 896, which may be connected through an outputperipheral interface 895. - The
computer 810 is operated in a networked environment using logical connections to one or more remote computers, such as aremote computer 880. Theremote computer 880 may be a personal computer, a hand-held device, a server, a router, a network PC, a peer device or other common network node, and typically includes many or all of the elements described above relative to thecomputer 810. The logical connections depicted inFIG. 10 include a local area network (LAN)871 and a wide area network (WAN)873, but may also include other networks. Such networking environments are commonplace in offices, enterprise-wide computer networks, intranets and the Internet. - When used in a LAN networking environment, the
computer 810 is connected to theLAN 871 through a network interface or adapter870. When used in a WAN networking environment, thecomputer 810 typically includes amodem 872 or other means for establishing communications over theWAN 873, such as the Internet. Themodem 872, which may be internal or external, may be connected to thesystem bus 821 via theuser input interface 860, or other appropriate mechanism. In a networked environment, program modules depicted relative to thecomputer 810, or portions thereof, may be stored in the remote memory storage device. By way of example, and not limitation,FIG. 10 illustratesremote application programs 885 as residing onremote computer 880. It will be appreciated that the network connections shown are exemplary and other means of establishing a communications link between the computers may be used. - It should also be noted that the different embodiments described herein can be combined in different ways. That is, parts of one or more embodiments can be combined with parts of one or more other embodiments. All of this is contemplated herein.
- is a computing system, comprising:
- a data encryption system that receives a data file to be stored on a remote storage system and transforms the data file by encrypting the data file with a file-specific encryption key to obtain an encrypted data file;
- a checksum generator component that generates a post-encryption checksum on the encrypted data file;
- a communication component that sends the encrypted data file to the remote storage system; and
- a checksum comparison system that receives a first post-write checksum from the remote storage system, the first post-write checksum being generated from the encrypted data file after being written to the remote storage system, and compares the first post-write checksum to the post-encryption checksum to determine whether the encrypted data file is correctly written to the remote storage system and generates a comparison output signal indicative of a result of the comparison.
- is the computing system of any or all previous examples wherein the communication component receives a storage request from a client to store the data file on the remote storage system, and wherein the communication component indicates to the client that the data file has been successfully written to the remote storage system, when the comparison output signal indicates that the first post-write checksum and the post-encryption checksum are the same.
- is the computing system of any or all previous examples wherein the communication component sends the encrypted data file to a remote backup storage system for storage on the backup storage system.
- is the computing system of any or all previous examples wherein the checksum comparison system receives a second post-write checksum from the remote backup storage system, the second post-write checksum being generated from the encrypted data file after being written to the remote backup storage system, and compares the second post-write checksum to the post-encryption checksum to determine whether the encrypted data file is correctly written to the remote backup storage system and generates a comparison output signal indicative of a result of the comparison.
- is the computing system of any or all previous examples wherein the computing system receives a storage request from a client to store the data file on the remote storage system, and wherein the communication component indicates to the client that the data file has been successfully written to the remote storage system, when the comparison output signal indicates that the first post-write checksum and the post-encryption checksum are the same, and that the second post-write checksum and the post-encryption checksum are the same.
- is the computing system of any or all previous examples wherein, in response to receiving a data access request, for the data file, from the client, the communication component is configured to send a first request for the encrypted data file to the remote storage location on a first computing thread and to schedule a second request to the remote backup storage location on a second thread to occur after a delay period.
- is the computing system of any or all previous examples wherein the communication component is configured to send the second request to the backup storage location within the delay period if the first request fails within the delay period.
- is the computing system of any or all previous examples wherein the communication component is configured to cancel a given one of the first request and the second request when the encrypted data file is returned in response another one of the first request or the second request.
- is a computer implemented method, comprising:
- receiving a data file to be stored on a remote storage system;
- transforming the data file by encrypting the data file with a file-specific encryption key to obtain an encrypted data file;
- generating a post-encryption checksum on the encrypted data file;
- sending the encrypted data file to the remote storage system;
- receiving a first post-write checksum from the remote storage system, the first post-write checksum being generated from the encrypted data file after being written to the remote storage system;
- comparing the first post-write checksum to the post-encryption checksum to determine whether the encrypted data file; and
- generating a comparison output signal indicative of a result of the comparison.
- is the computer implemented method of any or all previous examples wherein receiving the data file includes receiving a storage request from a client to store the data file on the remote storage system.
- is the computer implemented method of any or all previous examples wherein sending the encrypted data file to the remote storage system comprises:
- sending the encrypted data file to a remote backup storage system for storage on the backup storage system.
- is the computer implemented method of any or all previous examples and further comprising:
- receiving a second post-write checksum from the remote backup storage system, the second post-write checksum being generated from the encrypted data file after being written to the remote backup storage system;
- comparing the second post-write checksum to the post-encryption checksum; and
- generating a comparison output signal indicative of a result of the comparison.
- is the computer implemented method of any or all previous examples and further comprising:
- indicating to the client that the data file has been successfully written to the remote storage system, when the comparison output signal indicates that the first post-write checksum and the post-encryption checksum are the same, and that the second post-write checksum and the post-encryption checksum are the same.
- is the computer implemented method of any or all previous examples and further comprising:
- receiving a data access request, for the data file, from the client;
- sending a first request for the encrypted data file to the remote storage location on a first computing thread in response to the data request; and
- scheduling a second request to the remote backup storage location on a second thread to occur after a delay period, in response to the data request.
- is the computer implemented method of any or all previous examples and further comprising:
- detecting that the first request failed within the delay period; and
- in response to detecting that the first request failed, sending the second request to the backup storage location within the delay period.
- is the computer implemented method of any or all previous examples and further comprising:
- cancelling a given one of the first request and the second request when the encrypted data file is returned in response another one of the first request or the second request.
- is the computer implemented method of any or all previous examples and further comprising:
- decrypting the encrypted data file with the file-specific encryption key; and
- returning the data file to the client in response to the data request.
- is a computing system, comprising:
- a communication component configured to receive a storage request from a client to store the data file on the remote storage system;
- a data encryption system configured to transform the data file by encrypting the data file with a file-specific encryption key to obtain an encrypted data file, the communication component sending the encrypted data file to the remote storage system and a backup remote storage system;
- a checksum generator component that generates a post-encryption checksum on the encrypted data file; and
- a checksum comparison system that receives a first post-write checksum from the remote storage system and a second post-write checksum from the backup remote storage system, the first post-write checksum being generated from the encrypted data file after being written to the remote storage system, and the second post-write checksum being generated from the encrypted data file after being written to the remote backup storage system, the checksum comparison system comparing the first post-write checksum to the post-encryption checksum and comparing the second post-write checksum to the post-encryption checksum and generating a comparison output signal indicative of a result of the comparison, the communication component confirming to the client that the data file is successfully stored on the remote storage location if the comparison signal indicates that the post-encryption checksum is the same as both the first and second post-write checksums.
- is the computing system of any or all previous examples wherein, in response to receiving a data access request for the data file from the client, the communication component is configured to send a first request for the encrypted data file to the remote storage location on a first computing thread and to schedule a second request to the remote backup storage location on a second thread to be sent after a delay period, and wherein the communication component is configured to send the second request to the backup storage location within the delay period if the first request fails within the delay period.
- is the computing system of any or all previous examples wherein the communication component is configured to cancel a given one of the first request and the second request when the encrypted data file is returned in response to another one of the first request or the second request.
- Although the subject matter has been described in language specific to structural features and/or methodological acts, it is to be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or acts described above. Rather, the specific features and acts described above are disclosed as example forms of implementing the claims.
Claims (20)
1. A computing system, comprising:
a data encryption system that receives a data file to be stored on a remote storage system and transforms the data file by encrypting the data file with a file-specific encryption key to obtain an encrypted data file;
a checksum generator component that generates a post-encryption checksum on the encrypted data file;
a communication component that sends the encrypted data file to the remote storage system; and
a checksum comparison system that receives a first post-write checksum from the remote storage system, the first post-write checksum being generated from the encrypted data file after being written to the remote storage system, and compares the first post-write checksum to the post-encryption checksum to determine whether the encrypted data file is correctly written to the remote storage system and generates a comparison output signal indicative of a result of the comparison.
2. The computing system ofclaim 1 wherein the communication component receives a storage request from a client to store the data file on the remote storage system, and wherein the communication component indicates to the client that the data file has been successfully written to the remote storage system, when the comparison output signal indicates that the first post-write checksum and the post-encryption checksum are the same.
3. The computing system ofclaim 1 wherein the communication component sends the encrypted data file to a remote backup storage system for storage on the backup storage system.
4. The computing system ofclaim 3 wherein the checksum comparison system receives a second post-write checksum from the remote backup storage system, the second post-write checksum being generated from the encrypted data file after being written to the remote backup storage system, and compares the second post-write checksum to the post-encryption checksum to determine whether the encrypted data file is correctly written to the remote backup storage system and generates a comparison output signal indicative of a result of the comparison.
5. The computing system ofclaim 4 wherein the computing system receives a storage request from a client to store the data file on the remote storage system, and wherein the communication component indicates to the client that the data file has been successfully written to the remote storage system, when the comparison output signal indicates that the first post-write checksum and the post-encryption checksum are the same, and that the second post-write checksum and the post-encryption checksum are the same.
6. The computing system ofclaim 3 wherein, in response to receiving a data access request, for the data file, from the client, the communication component is configured to send a first request for the encrypted data file to the remote storage location on a first computing thread and to schedule a second request to the remote backup storage location on a second thread to occur after a delay period.
7. The computing system ofclaim 6 wherein the communication component is configured to send the second request to the backup storage location within the delay period if the first request fails within the delay period.
8. The computing system ofclaim 7 wherein the communication component is configured to cancel a given one of the first request and the second request when the encrypted data file is returned in response another one of the first request or the second request.
9. A computer implemented method, comprising:
receiving a data file to be stored on a remote storage system;
transforming the data file by encrypting the data file with a file-specific encryption key to obtain an encrypted data file;
generating a post-encryption checksum on the encrypted data file;
sending the encrypted data file to the remote storage system;
receiving a first post-write checksum from the remote storage system, the first post-write checksum being generated from the encrypted data file after being written to the remote storage system;
comparing the first post-write checksum to the post-encryption checksum to determine whether the encrypted data file; and
generating a comparison output signal indicative of a result of the comparison.
10. The computer implemented method ofclaim 9 wherein receiving the data file includes receiving a storage request from a client to store the data file on the remote storage system.
11. The computer implemented method ofclaim 10 wherein sending the encrypted data file to the remote storage system comprises:
sending the encrypted data file to a remote backup storage system for storage on the backup storage system.
12. The computer implemented method ofclaim 11 and further comprising:
receiving a second post-write checksum from the remote backup storage system, the second post-write checksum being generated from the encrypted data file after being written to the remote backup storage system;
comparing the second post-write checksum to the post-encryption checksum; and
generating a comparison output signal indicative of a result of the comparison.
13. The computer implemented method ofclaim 12 and further comprising:
indicating to the client that the data file has been successfully written to the remote storage system, when the comparison output signal indicates that the first post-write checksum and the post-encryption checksum are the same, and that the second post-write checksum and the post-encryption checksum are the same.
14. The computer implemented method ofclaim 11 and further comprising:
receiving a data access request, for the data file, from the client;
sending a first request for the encrypted data file to the remote storage location on a first computing thread in response to the data request; and
scheduling a second request to the remote backup storage location on a second thread to occur after a delay period, in response to the data request.
15. The computer implemented method ofclaim 14 and further comprising:
detecting that the first request failed within the delay period; and
in response to detecting that the first request failed, sending the second request to the backup storage location within the delay period.
16. The computer implemented method ofclaim 15 and further comprising:
cancelling a given one of the first request and the second request when the encrypted data file is returned in response another one of the first request or the second request.
17. The computer implemented method ofclaim 16 and further comprising:
decrypting the encrypted data file with the file-specific encryption key; and
returning the data file to the client in response to the data request.
18. A computing system, comprising:
a communication component configured to receive a storage request from a client to store the data file on the remote storage system;
a data encryption system configured to transform the data file by encrypting the data file with a file-specific encryption key to obtain an encrypted data file, the communication component sending the encrypted data file to the remote storage system and a backup remote storage system;
a checksum generator component that generates a post-encryption checksum on the encrypted data file; and
a checksum comparison system that receives a first post-write checksum from the remote storage system and a second post-write checksum from the backup remote storage system, the first post-write checksum being generated from the encrypted data file after being written to the remote storage system, and the second post-write checksum being generated from the encrypted data file after being written to the remote backup storage system, the checksum comparison system comparing the first post-write checksum to the post-encryption checksum and comparing the second post-write checksum to the post-encryption checksum and generating a comparison output signal indicative of a result of the comparison, the communication component confirming to the client that the data file is successfully stored on the remote storage location if the comparison signal indicates that the post-encryption checksum is the same as both the first and second post-write checksums.
19. The computing system ofclaim 18 wherein, in response to receiving a data access request for the data file from the client, the communication component is configured to send a first request for the encrypted data file to the remote storage location on a first computing thread and to schedule a second request to the remote backup storage location on a second thread to be sent after a delay period, and wherein the communication component is configured to send the second request to the backup storage location within the delay period if the first request fails within the delay period.
20. The computing system ofclaim 19 wherein the communication component is configured to cancel a given one of the first request and the second request when the encrypted data file is returned in response to another one of the first request or the second request.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US14/874,198US20160321133A1 (en) | 2015-05-01 | 2015-10-02 | Verifying accurate storage in a data storage system |
| PCT/US2016/029916WO2016178928A1 (en) | 2015-05-01 | 2016-04-29 | Verifying accurate storage in a data storage system |
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US201562155886P | 2015-05-01 | 2015-05-01 | |
| US201562155975P | 2015-05-01 | 2015-05-01 | |
| US14/874,198US20160321133A1 (en) | 2015-05-01 | 2015-10-02 | Verifying accurate storage in a data storage system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| US20160321133A1true US20160321133A1 (en) | 2016-11-03 |
Family
ID=57204938
Family Applications (3)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| US14/874,198AbandonedUS20160321133A1 (en) | 2015-05-01 | 2015-10-02 | Verifying accurate storage in a data storage system |
| US14/874,125ActiveUS10050780B2 (en) | 2015-05-01 | 2015-10-02 | Securely storing data in a data storage system |
| US16/036,035Active2035-10-14US10826689B2 (en) | 2015-05-01 | 2018-07-16 | Securely storing data in a data storage system |
Family Applications After (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| US14/874,125ActiveUS10050780B2 (en) | 2015-05-01 | 2015-10-02 | Securely storing data in a data storage system |
| US16/036,035Active2035-10-14US10826689B2 (en) | 2015-05-01 | 2018-07-16 | Securely storing data in a data storage system |
Country Status (2)
| Country | Link |
|---|---|
| US (3) | US20160321133A1 (en) |
| WO (2) | WO2016178927A1 (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160285632A1 (en)* | 2015-03-24 | 2016-09-29 | Canon Kabushiki Kaisha | Information processing apparatus, encryption apparatus, and control method |
| US11068606B2 (en)* | 2017-09-20 | 2021-07-20 | Citrix Systems, Inc. | Secured encrypted shared cloud storage |
| US20220335147A1 (en)* | 2021-04-14 | 2022-10-20 | Bank Of America Corporation | System for implementing enhanced file encryption technique |
| US11606104B1 (en)* | 2021-12-08 | 2023-03-14 | Amazon Technologies, Inc. | Data integrity protection |
Families Citing this family (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160321133A1 (en)* | 2015-05-01 | 2016-11-03 | Microsoft Technology Licensing, Llc | Verifying accurate storage in a data storage system |
| US10581617B2 (en) | 2015-12-23 | 2020-03-03 | Mcafee, Llc | Method and apparatus for hardware based file/document expiry timer enforcement |
| US10127399B1 (en)* | 2015-12-29 | 2018-11-13 | EMC IP Holding Company LLC | Secrets as a service |
| US10601782B2 (en)* | 2016-04-01 | 2020-03-24 | Egnyte, Inc. | Systems and methods for proxying encryption key communications between a cloud storage system and a customer security module |
| US10187203B2 (en)* | 2016-08-30 | 2019-01-22 | Workday, Inc. | Secure storage encryption system |
| US10177908B2 (en)* | 2016-08-30 | 2019-01-08 | Workday, Inc. | Secure storage decryption system |
| US10460118B2 (en) | 2016-08-30 | 2019-10-29 | Workday, Inc. | Secure storage audit verification system |
| US10469254B2 (en) | 2017-03-29 | 2019-11-05 | Intuit Inc. | Method and system for hierarchical cryptographic key management |
| US10491576B1 (en)* | 2017-06-16 | 2019-11-26 | Intuit Inc. | System and method for security breach response using hierarchical cryptographic key management |
| CN109561047B (en) | 2017-09-26 | 2021-04-13 | 安徽问天量子科技股份有限公司 | Encrypted data storage system and method based on key remote storage |
| US11768763B2 (en)* | 2020-07-08 | 2023-09-26 | Pure Storage, Inc. | Flash secure erase |
| DE102020213611A1 (en) | 2020-10-29 | 2022-05-05 | Robert Bosch Gesellschaft mit beschränkter Haftung | Procedure for applying cryptographic functions to data using different keys |
| US20230102111A1 (en)* | 2021-09-30 | 2023-03-30 | Lenovo Global Technology (United States) Inc. | Securing customer sensitive information on private cloud platforms |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030191955A1 (en)* | 2001-05-10 | 2003-10-09 | Ranco Incorporated Of Delaware | System and method for securely upgrading firmware |
| US20060026347A1 (en)* | 2004-07-29 | 2006-02-02 | Ching-Hai Hung | Method for improving data reading performance and storage system for performing the same |
| US20080270834A1 (en)* | 2007-04-24 | 2008-10-30 | Nanya Technology Corporation | Control method for read operation of memory |
| US20100306578A1 (en)* | 2005-09-30 | 2010-12-02 | Cleversafe, Inc. | Range based rebuilder for use with a dispersed data storage network |
| US20120042162A1 (en)* | 2010-08-12 | 2012-02-16 | International Business Machines Corporation | Cloud Data Management |
| US20140359276A1 (en)* | 2013-05-30 | 2014-12-04 | Cleversafe, Inc. | Securing data in a dispersed storage network |
Family Cites Families (36)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4317957A (en)* | 1980-03-10 | 1982-03-02 | Marvin Sendrow | System for authenticating users and devices in on-line transaction networks |
| US4503287A (en)* | 1981-11-23 | 1985-03-05 | Analytics, Inc. | Two-tiered communication security employing asymmetric session keys |
| US4731840A (en)* | 1985-05-06 | 1988-03-15 | The United States Of America As Represented By The United States Department Of Energy | Method for encryption and transmission of digital keying data |
| US4941176A (en)* | 1988-08-11 | 1990-07-10 | International Business Machines Corporation | Secure management of keys using control vectors |
| US5940507A (en)* | 1997-02-11 | 1999-08-17 | Connected Corporation | Secure file archive through encryption key management |
| EP1650757A1 (en) | 1997-05-13 | 2006-04-26 | Kabushiki Kaisha Toshiba | Information ciphering method and apparatus, information reproducing method and apparatus |
| US8335915B2 (en) | 2002-05-14 | 2012-12-18 | Netapp, Inc. | Encryption based security system for network storage |
| JP2004254027A (en) | 2003-02-19 | 2004-09-09 | Toshiba Corp | Server device, key management device, encryption communication method, and program |
| WO2006017362A2 (en)* | 2004-07-13 | 2006-02-16 | Freedom Software, Inc. | Storing and distributing encrypted digital content |
| US7472332B2 (en) | 2005-07-26 | 2008-12-30 | International Business Machines Corporation | Method for the reliability of host data stored on fibre channel attached storage subsystems |
| CA2618135C (en)* | 2005-08-09 | 2014-10-28 | Nexsan Technologies Canada Inc. | Data archiving system |
| US20100316219A1 (en) | 2007-08-06 | 2010-12-16 | David Boubion | Systems and methods for simultaneous integrated multiencrypted rotating key communication |
| EP2186250B1 (en)* | 2007-08-31 | 2019-03-27 | IP Reservoir, LLC | Method and apparatus for hardware-accelerated encryption/decryption |
| WO2010002408A1 (en) | 2008-07-02 | 2010-01-07 | Hewlett-Packard Development Company, L.P. | Verification of remote copies of data |
| US8335933B2 (en) | 2009-02-13 | 2012-12-18 | Microsoft Corporation | Two-party storage of encrypted sensitive information |
| US8117496B2 (en) | 2009-06-18 | 2012-02-14 | International Business Machines Corporation | Detecting and recovering from silent data errors in application cloning systems |
| US20110055559A1 (en) | 2009-08-27 | 2011-03-03 | Jun Li | Data retention management |
| US8364985B1 (en) | 2009-12-11 | 2013-01-29 | Network Appliance, Inc. | Buffer-caches for caching encrypted data via copy-on-encrypt |
| US8495472B1 (en) | 2010-08-06 | 2013-07-23 | Amazon Technologies, Inc. | Method and system for performing financial reconciliation between two systems using checksums |
| US20120117040A1 (en) | 2010-11-10 | 2012-05-10 | Oracle International Corporaton | Method and System for Verifying Data Stored on a Medium |
| US20120179909A1 (en) | 2011-01-06 | 2012-07-12 | Pitney Bowes Inc. | Systems and methods for providing individual electronic document secure storage, retrieval and use |
| US8788815B1 (en) | 2011-01-31 | 2014-07-22 | Gazzang, Inc. | System and method for controlling access to decrypted data |
| US8943315B1 (en) | 2011-06-08 | 2015-01-27 | Google Inc. | System and method for controlling the upload of data already accessible to a server |
| US8806269B2 (en) | 2011-06-28 | 2014-08-12 | International Business Machines Corporation | Unified, workload-optimized, adaptive RAS for hybrid systems |
| US8862889B2 (en)* | 2011-07-02 | 2014-10-14 | Eastcliff LLC | Protocol for controlling access to encryption keys |
| US8745384B2 (en)* | 2011-08-11 | 2014-06-03 | Cisco Technology, Inc. | Security management in a group based environment |
| US8621196B2 (en)* | 2011-10-28 | 2013-12-31 | Verizon Patent And Licensing Inc. | Booting from an encrypted ISO image |
| US8856519B2 (en) | 2012-06-30 | 2014-10-07 | International Business Machines Corporation | Start method for application cryptographic keystores |
| US9316890B2 (en) | 2012-08-01 | 2016-04-19 | Ricoh Company, Ltd. | Projector positioning |
| US8862561B1 (en) | 2012-08-30 | 2014-10-14 | Google Inc. | Detecting read/write conflicts |
| US8868834B2 (en) | 2012-10-01 | 2014-10-21 | Edgecast Networks, Inc. | Efficient cache validation and content retrieval in a content delivery network |
| US9628268B2 (en)* | 2012-10-17 | 2017-04-18 | Box, Inc. | Remote key management in a cloud-based environment |
| US20140300983A1 (en) | 2013-04-05 | 2014-10-09 | Front Porch Digital, Inc. | Media storage and management system |
| US9397832B2 (en)* | 2014-08-27 | 2016-07-19 | International Business Machines Corporation | Shared data encryption and confidentiality |
| US9397833B2 (en)* | 2014-08-27 | 2016-07-19 | International Business Machines Corporation | Receipt, data reduction, and storage of encrypted data |
| US20160321133A1 (en)* | 2015-05-01 | 2016-11-03 | Microsoft Technology Licensing, Llc | Verifying accurate storage in a data storage system |
- 2015
- 2015-10-02USUS14/874,198patent/US20160321133A1/ennot_activeAbandoned
- 2015-10-02USUS14/874,125patent/US10050780B2/enactiveActive
- 2016
- 2016-04-29WOPCT/US2016/029914patent/WO2016178927A1/ennot_activeCeased
- 2016-04-29WOPCT/US2016/029916patent/WO2016178928A1/ennot_activeCeased
- 2018
- 2018-07-16USUS16/036,035patent/US10826689B2/enactiveActive
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030191955A1 (en)* | 2001-05-10 | 2003-10-09 | Ranco Incorporated Of Delaware | System and method for securely upgrading firmware |
| US20060026347A1 (en)* | 2004-07-29 | 2006-02-02 | Ching-Hai Hung | Method for improving data reading performance and storage system for performing the same |
| US20100306578A1 (en)* | 2005-09-30 | 2010-12-02 | Cleversafe, Inc. | Range based rebuilder for use with a dispersed data storage network |
| US20080270834A1 (en)* | 2007-04-24 | 2008-10-30 | Nanya Technology Corporation | Control method for read operation of memory |
| US20120042162A1 (en)* | 2010-08-12 | 2012-02-16 | International Business Machines Corporation | Cloud Data Management |
| US20140359276A1 (en)* | 2013-05-30 | 2014-12-04 | Cleversafe, Inc. | Securing data in a dispersed storage network |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160285632A1 (en)* | 2015-03-24 | 2016-09-29 | Canon Kabushiki Kaisha | Information processing apparatus, encryption apparatus, and control method |
| US10038556B2 (en)* | 2015-03-24 | 2018-07-31 | Canon Kabushiki Kaisha | Information processing apparatus, encryption apparatus, and control method |
| US11068606B2 (en)* | 2017-09-20 | 2021-07-20 | Citrix Systems, Inc. | Secured encrypted shared cloud storage |
| US20220335147A1 (en)* | 2021-04-14 | 2022-10-20 | Bank Of America Corporation | System for implementing enhanced file encryption technique |
| US11610004B2 (en)* | 2021-04-14 | 2023-03-21 | Bank Of America Corporation | System for implementing enhanced file encryption technique |
| US20230169190A1 (en)* | 2021-04-14 | 2023-06-01 | Bank Of America Corporation | System for implementing enhanced file encryption technique |
| US20230177178A1 (en)* | 2021-04-14 | 2023-06-08 | Bank Of America Corporation | System for implementing enhanced file encryption technique |
| US11899803B2 (en)* | 2021-04-14 | 2024-02-13 | Bank Of America Corporation | System for implementing enhanced file encryption technique |
| US11928223B2 (en)* | 2021-04-14 | 2024-03-12 | Bank Of America Corporation | System for implementing enhanced file encryption technique |
| US11606104B1 (en)* | 2021-12-08 | 2023-03-14 | Amazon Technologies, Inc. | Data integrity protection |
Also Published As
| Publication number | Publication date |
|---|---|
| US10826689B2 (en) | 2020-11-03 |
| US20160321461A1 (en) | 2016-11-03 |
| US10050780B2 (en) | 2018-08-14 |
| WO2016178927A1 (en) | 2016-11-10 |
| WO2016178928A1 (en) | 2016-11-10 |
| US20190081775A1 (en) | 2019-03-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10826689B2 (en) | Securely storing data in a data storage system | |
| US9992172B2 (en) | Secure key management in a data storage system | |
| US10775956B2 (en) | Electronic data storage re-sharing notification | |
| EP3186746B1 (en) | Sharing content with permission control using near field communication | |
| US9111110B2 (en) | Retroactive shared content item links | |
| US20140032228A1 (en) | Security and data isolation for tenants in a business data system | |
| US20150059004A1 (en) | System, method, and computer program product for creation, transmission,and tracking of electronic document | |
| US10726146B2 (en) | Data custodian model and platform for public clouds | |
| US10547621B2 (en) | Persistent mutable sharing of electronic content | |
| JP2018536207A (en) | Synchronization protocol for multi-premises hosting of digital content items | |
| US20180124155A1 (en) | Network-based group communication and file sharing system | |
| US10944752B2 (en) | Transfer of secure external sharing link | |
| US20210232673A1 (en) | Securing physical access to file contents | |
| US20240037066A1 (en) | File access permission revocation notification | |
| US20180262486A1 (en) | Quick response (qr) code for secure provisioning | |
| US20170364692A1 (en) | Electronic file sharing link granularity | |
| US11777798B2 (en) | Cloud-mastered settings | |
| US10530860B2 (en) | Single multi-instance tenant computing system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| AS | Assignment | Owner name:MICROSOFT TECHNOLOGY LICENSING, LLC, WASHINGTON Free format text:ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:OLIVER, DAVID CHARLES;WANG, MING-WEI;WINTER, DAN;AND OTHERS;SIGNING DATES FROM 20151005 TO 20151030;REEL/FRAME:036934/0842 | |
| STCB | Information on status: application discontinuation | Free format text:ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |