| 发明名称 |
CLIENT-SIDE ENCRYPTION IN A DEDUPLICATION BACKUP SYSTEM |
| 摘要 |
Client-side encryption in a deduplication backup system. In one example embodiment, a method includes a backup phase in which various steps are performed for each allocated plain text block stored in a source storage. One step includes hashing, using a first cryptographic hash function, the plain text block to generate a first hash. Another step includes hashing, using a second cryptographic hash function, the first hash to generate a second hash. Another step includes searching a key-value table of a deduplication storage to determine whether the second hash matches any key in the key-value table. Another step includes, upon determining that the second hash does not match any key in the key-value table, encrypting, using an encrypt/decrypt function, the plain text block using the first hash as an encryption password and inserting a key-value pair into the key-value table with the key being the second hash and the value being the encrypted block. |
| 申请公布号 |
US2016098568(A1) |
申请公布日期 |
2016.04.07 |
| 申请号 |
US201414508654 |
申请日期 |
2014.10.07 |
| 申请人 |
STORAGECRAFT TECHNOLOGY CORPORATION |
发明人 |
Bushman Nathan S.;Irish Dudley Melvin;Blair Jeffrey Dale;Mensel Adam Julian |
| 分类号 |
G06F21/60;G06F11/14;G06F17/30 |
主分类号 |
G06F21/60 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method for client-side encryption in a deduplication backup system, the method comprising:
a backup phase in which the following steps are performed for each allocated plain text block stored in a client-side source storage at a point in time:
hashing, using a first cryptographic hash function, the plain text block to generate a first hash;hashing, using a second cryptographic hash function, the first hash to generate a second hash;searching a key-value table of a deduplication storage to determine whether the second hash matches any key in the key-value table, each key-value pair in the key-value table including a key that is a hash and a value that is an encrypted block;upon determining that the second hash does not match any key in the key-value table, encrypting, using an encrypt/decrypt function, the plain text block using the first hash as an encryption password and inserting a key-value pair into the key-value table with the key being the second hash and the value being the encrypted block; andinserting an entry into an image map corresponding to the client-side source storage that includes the first hash and a position of the plain text block as stored in the client-side source storage to be subsequently used in a restore phase to restore the plain text block to the position, the entry in the image map not including the second hash, the image map being stored in a separate location from the key-value table; andencrypting the image map. |
| 地址 |
Draper UT US |
