| 发明名称 | Chunk-level client side encryption in hierarchical content addressable storage systems | ||
| 摘要 | Techniques for chunk-level client side encryption are provided. In a content-addressable storage system, a plurality of chunks is used to implement a hierarchical file system. The hierarchical file system supports both encrypted and non-encrypted volumes. A folders and files layer makes calls directly to a chunk system layer for operations involving non-encrypted volumes. The folders and files layer makes calls to a volume encryption layer for operations involving encrypted volumes. The volume encryption layer receives calls from the folders and files layer through an API that matches the API through which the chunk system layer receives calls from the folders and files layer. | ||
| 申请公布号 | US9411749(B2) | 申请公布日期 | 2016.08.09 |
| 申请号 | US201514962816 | 申请日期 | 2015.12.08 |
| 申请人 | upthere, inc. | 发明人 | Boeuf Julien;Rawat Sachin |
| 分类号 | G06F12/14;G06F12/02;G06F12/12;G06F3/06;H04L29/06;G11C15/04;G06F17/30 | 主分类号 | G06F12/14 |
| 代理机构 | Hickman Palermo Becker Bingham LLP | 代理人 | Hickman Palermo Becker Bingham LLP |
| 主权项 | 1. A system, comprising: one or more processors; one or more computer-readable media storing one or more computer programs for execution by the one or more processors, the one or more computer programs comprising instructions for: using a plurality of chunks to implement a hierarchical file system comprising a plurality of volumes in a content-addressable storage system;wherein each volume of the plurality of volumes is an encrypted volume or a non-encrypted volume;storing a plurality of unencrypted chunks in the content-addressable storage system corresponding to the non-encrypted volumes;storing a plurality of encrypted chunks in the content-addressable storage system corresponding to the encrypted volumes;providing an application for execution on a client computer, wherein the application is configured to perform: obtaining volume state information for a particular volume, the volume state information comprising a chunk key for a root chunk of a hierarchy of chunks corresponding to the particular volume;retrieving particular data stored in the content-addressable storage system for the particular volume by performing: when the particular volume is not encrypted, retrieving one or more unencrypted chunks from the content-addressable storage system corresponding to the particular data;when the particular volume is encrypted, retrieving one or more encrypted chunks from the content-addressable storage system corresponding to the particular data, and decrypting the one or more encrypted chunks, wherein, when the particular volume is not encrypted, retrieving the particular data is performed by a folders and files layer of the application that make calls directly to a chunk system layer that retrieves one or more unencrypted chunks from the content-addressable storage system, wherein, when the particular volume is encrypted, retrieving the particular data is performed by a volume encryption layer of the application that make calls directly to a chunk system layer that retrieves one or more unencrypted chunks from the content-addressable storage system. | ||
| 地址 | Palo Alto CA US | ||