公开(公告)号：US09396341B1

公开(公告)日：2016-07-19

申请号：US14675252

申请日：2015-03-31

Applicant: EMC Corporation

Inventor： Surendar Chandra ,  Darren Sawyer

IPC: G06F12/14 ,  G06F21/60

CPC classification number: H04L9/32 ,  G06F17/30156 ,  G06F21/602 ,  G06F21/6272 ,  H04L63/0428

Abstract: The present invention addresses encryption systems and methods in the de-duplication of data in a multi-tenant environment. The system provides isolation between tenants' stored data and the storage system. The tenants' data is broken down into many smaller raw data items. Fingerprints are generated for the raw data and compared to fingerprints of raw data previously stored on the storage system. The raw data and fingerprint are encrypted with a single use key (SUK) by the storage system. The SUK encrypted fingerprint is wrapped with a storage system key and stored with other fingerprints. The SUK encrypted fingerprint is also returned to the tenants and wrapped with a tenant key. The use of tenant key wraps allows the tenant data to be protected and confidential to each tenant but allows the raw data to be shared by all tenants.

Abstract translation: 本发明涉及多租户环境中数据重复删除中的加密系统和方法。 系统提供了租户存储数据与存储系统之间的隔离。 租户的数据被分解成许多较小的原始数据项。 为原始数据生成指纹，并与以前存储在存储系统上的原始数据的指纹进行比较。 原始数据和指纹由存储系统的单个使用密钥（SUK）加密。 SUK加密指纹用存储系统密钥包装并与其他指纹一起存储。 SUK加密指纹也返回到租户，并用租户钥匙包裹。 使用租户钥匙包允许租户数据对每个租户进行保护和保密，但允许所有租户共享原始数据。

公开(公告)号：US09602283B1

公开(公告)日：2017-03-21

申请号：US15187434

申请日：2016-06-20

Applicant: EMC Corporation

Inventor： Surendar Chandra ,  Darren Sawyer

IPC: G06F12/14 ,  G06F21/60 ,  H04L9/32 ,  G06F17/30

CPC classification number: H04L9/32 ,  G06F17/30156 ,  G06F21/602 ,  G06F21/6272 ,  H04L63/0428

Abstract: The present invention addresses encryption systems and methods in the de-duplication of data in a multi-tenant environment. The system provides isolation between tenants' stored data and the storage system. Tenant keys are assigned to tenants. The storage system stores raw data objects backed up for the tenants and fingerprints, corresponding to the data objects, in a single use key encrypted format. Fingerprints are wrapped with a storage system key held by the storage system. A request is received to retrieve data backed up for a tenant. The request includes fingerprints corresponding to the data objects to retrieve, and a tenant key, the fingerprints being in the single use key encrypted format and wrapped with the tenant key. The received fingerprints are unwrapped using the tenant key to retrieve data objects corresponding to the received fingerprints. The data objects are transmitted to the tenant and the tenant key is removed.

公开(公告)号：US09535779B1

公开(公告)日：2017-01-03

申请号：US14341669

申请日：2014-07-25

Applicant: EMC Corporation

Inventor： Ao Ma ,  Surendar Chandra ,  Frederick Douglis ,  Guanlin Lu

IPC: G06F11/00 ,  G06F11/07 ,  G06F11/30

CPC classification number: G06F11/076 ,  G06F11/00 ,  G06F11/0727 ,  G06F11/3034

Abstract: Techniques for determining vulnerability of disks are described herein. According to one embodiment, for each of a plurality of disks representing a redundant array of independent disks (RAID), a reallocated sector count associated with the disk is obtained, the reallocated sector count representing a number of sectors that have been reallocated due to an error of a storage transaction to the disk. A failure probability of the disk given the obtained reallocated sector count is determined using a predictive model, wherein the predictive model was generated based on history operating data of a set of known disks. Thereafter, a failure probability of at least two of the disks in the RAID is determined based on the failure probability of each of the disks to determine vulnerability of the RAID.

Abstract translation: 本文描述了用于确定磁盘的脆弱性的技术。 根据一个实施例，对于表示独立盘（RAID）的冗余阵列的多个盘中的每一个，获得与盘相关联的重新分配的扇区计数，所述重新分配的扇区数表示由于 存储事务到磁盘的错误。 使用预测模型确定给定所获得的重新分配的扇区计数的盘的故障概率，其中基于一组已知磁盘的历史操作数据生成预测模型。 此后，基于每个磁盘的故障概率来确定RAID中至少两个磁盘的故障概率，以确定RAID的漏洞。

公开(公告)号：US09195851B1

公开(公告)日：2015-11-24

申请号：US14207078

申请日：2014-03-12

Applicant: EMC Corporation

Inventor： Surendar Chandra

IPC: H04L29/06 ,  G06F21/62 ,  H04L9/08

CPC classification number: G06F21/62 ,  G06F21/6218 ,  H04L9/0825 ,  H04L9/0894

Abstract: Exemplary methods for offloading encryption to a client include receiving from a first client a first encrypted data and a corresponding first encrypted key, and decrypting the first encrypted key to recover a first key, without decrypting the first encrypted data. In one embodiment, the methods further include encrypting the first key using a second key to create a second encrypted key, wherein the second key is available only to the storage system, and storing the second encrypted key and the first encrypted data as received, without having to decrypt and re-encrypt the first encrypted data.

Abstract translation: 用于将加密卸载到客户端的示例性方法包括从第一客户端接收第一加密数据和对应的第一加密密钥，并且解密第一加密密钥以恢复第一密钥，而不解密第一加密数据。 在一个实施例中，所述方法还包括使用第二密钥来加密第一密钥以创建第二加密密钥，其中第二密钥仅对存储系统可用，并且如接收到的那样存储第二加密密钥和第一加密数据，而没有 必须对第一加密数据进行解密和重新加密。

公开(公告)号：US08836548B1

公开(公告)日：2014-09-16

申请号：US14098213

申请日：2013-12-05

Applicant: EMC Corporation

Inventor： Surendar Chandra

IPC: H03M7/00 ,  H03M7/30 ,  G06F17/30 ,  G11B20/14 ,  H03M7/40

CPC classification number: H03M7/30 ,  G06F17/30011 ,  G06F17/30076 ,  G06F17/30864 ,  G11B20/00007 ,  G11B20/1419 ,  H03M7/00 ,  H03M7/3091 ,  H03M7/40 ,  H03M7/607

Abstract: A computer-implemented method for compressing data is disclosed. The method starts with determining a way to read a received data block in its native endian format of at a storage system, where the data block contains a set of data and the determination is based on sampling a subset from a set of data and checking variation of the values. The method selects a base value for the data block based on the determined way to read the data block and generates a set of updated data, where each value of the set of updated data corresponds to the base value and an original value. The method separates each data within the set of updated data into two portions with different bit-value distribution patterns and compresses one portion with a first algorithm while compresses another portion with a second algorithm different from the first.

Abstract translation: 公开了一种用于压缩数据的计算机实现的方法。 该方法开始于确定在存储系统处以其本机端格式读取接收到的数据块的方式，其中数据块包含一组数据，并且该确定基于从一组数据中采样子集并检查变化 的价值观。 该方法基于确定的读取数据块的方式来选择数据块的基值，并生成一组更新数据，其中更新数据组的每个值对应于基本值和原始值。 该方法将更新数据集中的每个数据分成具有不同比特值分布模式的两部分，并用第一算法压缩一部分，同时用与第一算法不同的第二算法压缩另一部分。