| 发明名称 | Community-based de-duplication for encrypted data | ||
| 摘要 | Technologies for de-duplicating encrypted content include fragmenting a file into blocks on a computing device, encrypting each block, and storing each encrypted block on a content data server with associated keyed hashes and member identifications. The computing device additionally transmits each encrypted block with an associated member encryption key and member identification to a key server. As part of the de-duplication process, the content data server stores only one copy of the encrypted data for a particular associated keyed hash, and the key server similarly associates a single member encryption key with the keyed hash. To retrieve the file, the computing device receives the encrypted blocks with their associated keyed hashes and member identifications from the content data server and receives the corresponding member decryption key from the key server. The computing device decrypts each block using the member decryption keys and combines to blocks to generate the file. | ||
| 申请公布号 | US9116849(B2) | 申请公布日期 | 2015.08.25 |
| 申请号 | US201313799318 | 申请日期 | 2013.03.13 |
| 申请人 | Intel Corporation | 发明人 | Nayshtut Alex;Ben-Shalom Omer;Yoshii Terry H. |
| 分类号 | G06F21/60;G06F11/14;H04L9/08;G06F21/62 | 主分类号 | G06F21/60 |
| 代理机构 | Barnes & Thornburg LLP | 代理人 | Barnes & Thornburg LLP |
| 主权项 | 1. A computing device for retrieving content from a content data server in a data de-duplication system, the computing device comprising: a communication module to: receive from the content data server (i) encrypted blocks of a fragmented file, (ii) a keyed hash associated with each of the encrypted blocks, and (iii) a member identification for each encrypted block that identifies a computing device that has previously stored the corresponding encrypted block on the content data server;receive an encrypted file decryption key for each of the encrypted blocks from a key server in response to transmitting the keyed hash and the member identification associated with each corresponding encrypted block to the key server;transmit each received encrypted file decryption key that is encrypted with a member encryption key corresponding to another member device, other than the computing device, to the another member device for decryption with a member decryption key of the another member device; andreceive, from the another member device, the decrypted file decryption key corresponding to the each received encrypted file decryption key that is encrypted with the member encryption key of the another member device; and a cryptographic module to (i) decrypt each encrypted file decryption key that is encrypted with a member encryption key of the computing device with a corresponding member decryption key of the computing device and (ii) decrypt each of the encrypted blocks using the decrypted file decryption key associated with each corresponding encrypted block. | ||
| 地址 | Santa Clara CA US | ||