| 发明名称 | Content aware hierarchical encryption for secure storage systems | ||
| 摘要 | In one embodiment, metadata of a data object to be stored in a storage system is received, where the metadata is in a hierarchical structure having multiple levels, each level having multiple nodes and each node being one of a root node, a leaf node and an intermediate node. Each leaf node represents a deduplicated segment associated with the data object. The hierarchical structure is traversed to encrypt each of the nodes in a bottom-up approach, starting from leaf nodes, using different keys. A child key for encrypting content of a child node is stored in a parent node that references the child node, and the child key is encrypted by a parent key associated with the parent node. The encrypted content of the nodes are then stored in one or more storage units of the storage system in a deduplicated manner. | ||
| 申请公布号 | US9432192(B1) | 申请公布日期 | 2016.08.30 |
| 申请号 | US201414229364 | 申请日期 | 2014.03.28 |
| 申请人 | EMC Corporation | 发明人 | Pogde Prashant;Botelho Fabiano C.;Garg Nitin |
| 分类号 | H04K1/00;H04L9/30 | 主分类号 | H04K1/00 |
| 代理机构 | Blakely, Sokoloff, Taylor & Zafman LLP | 代理人 | Blakely, Sokoloff, Taylor & Zafman LLP |
| 主权项 | 1. A computer-implemented method, comprising: receiving metadata of a data object to be stored in a storage system, wherein the metadata is represented in a hierarchical structure having a plurality of levels, each level having a plurality of nodes and each node being one of a root node, a leaf node and an intermediate node, and wherein each leaf node represents a deduplicated segment associated with the data object and each parent node stores metadata of its one or more child nodes; traversing the hierarchical structure to encrypt each of the nodes in a bottom-up approach, starting from leaf nodes, using a plurality of different keys, wherein a child key for encrypting content of a child node is stored in a parent node that references the child node, and wherein the child key is encrypted together with content of the parent node by a parent key associated with the parent node, wherein traversing the hierarchical structure to encrypt each of the nodes in a bottom-up approach comprises for a given first node as a parent node to one or more second nodes as child nodes, obtaining a first fingerprint of content of the first node,encrypting, using a first key derived from the first fingerprint, content of the first node and one or more second keys that encrypt the second nodes, andstoring the encrypted first node having content of the first node and the one or more second keys embedded therein in the storage system; andstoring the encrypted content of the plurality of nodes in one or more storage units of the storage system in a deduplicated manner. | ||
| 地址 | Hopkinton MA US | ||