Processing

Please wait...

Settings

Settings

Goto Application

1. WO2010057194 - STORAGE SECURITY USING CRYPTOGRAPHIC SPLITTING

Publication Number WO/2010/057194
Publication Date 20.05.2010
International Application No. PCT/US2009/064818
International Filing Date 17.11.2009
IPC
G06F 21/62 2013.01
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
60Protecting data
62Protecting access to data via a platform, e.g. using keys or access control rules
G06F 21/78 2013.01
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
78to assure secure storage of data
H04L 29/06 2006.01
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
29Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/-H04L27/136
02Communication control; Communication processing
06characterised by a protocol
H04L 9/08 2006.01
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
9Arrangements for secret or secure communication
08Key distribution
CPC
G06F 21/62
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
60Protecting data
62Protecting access to data via a platform, e.g. using keys or access control rules
G06F 21/78
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
78to assure secure storage of data
G06F 2221/2107
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
2221Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
2107File encryption
H04L 63/0428
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
04for providing a confidential data exchange among entities communicating through data packet networks
0428wherein the data content is protected, e.g. by encrypting or encapsulating the payload
H04L 63/104
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
10for controlling access to network resources
104Grouping of entities
H04L 67/1097
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
67Network-specific arrangements or communication protocols supporting networked applications
10in which an application is distributed across nodes in the network
1097for distributed storage of data in a network, e.g. network file system [NFS], transport mechanisms for storage area networks [SAN] or network attached storage [NAS]
Applicants
  • UNISYS CORPORATION [US]/[US] (AllExceptUS)
Inventors
  • DODGSON, David
  • NEILL, Joseph
  • FARINA, Ralph, R.
  • CHIN, Edward
  • FRENCH, Albert
  • SUMMERS, Scott
  • JOHNSON, Robert
Agents
  • GREGSON, Richard, J.
Priority Data
12/272,01217.11.2008US
12/336,55817.12.2008US
12/336,55917.12.2008US
12/336,56217.12.2008US
12/336,56417.12.2008US
12/336,56817.12.2008US
Publication Language English (EN)
Filing Language English (EN)
Designated States
Title
(EN) STORAGE SECURITY USING CRYPTOGRAPHIC SPLITTING
(FR) SÉCURITÉ DE STOCKAGE PAR SÉPARATION CRYPTOGRAPHIQUE
Abstract
(EN)
Methods and systems for securing data in a data storage network are disclosed. One method includes receiving at a secure storage appliance a block of data for storage on a volume, the volume associated with a plurality of shares distributed across a plurality of physical storage devices. The method further includes cryptographically splitting the block of data received by the secure storage appliance into a plurality of secondary data blocks, and cryptographically splitting the session key into a plurality of session key fragments. The method further includes encrypting each of the plurality of secondary data blocks with a different session key, each session key associated with at least one of the plurality of shares, and encrypting each of the plurality of session key fragments with a workgroup key associated with a source of the block of data.
(FR)
L'invention concerne des procédés et des systèmes permettant de stocker de manière sécurisée des données dans un réseau de stockage de données. Un procédé consiste à recevoir au niveau d'un appareil de stockage sécurisé un bloc de données en vue d'un stockage sur un volume, ce volume étant associé à une pluralité de parts réparties parmi une pluralité de dispositifs de stockage physiques. Le procédé consiste aussi à séparer de manière cryptographique le bloc de données reçu par l'appareil de stockage sécurisé en une pluralité de blocs de données secondaires et à séparer de manière cryptographique la clé de session en une pluralité de fragments de clé de session. Le procédé consiste aussi à crypter chacun des blocs de données secondaires parmi la pluralité de ceux-ci avec une clé de session différente, chaque clé de session étant associée à au moins une des parts parmi la pluralité de celles-ci, et à crypter chacun des fragments de clé de session parmi la pluralité de ceux-ci avec une clé de groupe de travail associée à une source du bloc de données.
Latest bibliographic data on file with the International Bureau