[go: up one dir, main page]

WO2002093314A3 - Encryption based security system for network storage - Google Patents

Encryption based security system for network storage Download PDF

Info

Publication number
WO2002093314A3
WO2002093314A3 PCT/US2002/015421 US0215421W WO02093314A3 WO 2002093314 A3 WO2002093314 A3 WO 2002093314A3 US 0215421 W US0215421 W US 0215421W WO 02093314 A3 WO02093314 A3 WO 02093314A3
Authority
WO
WIPO (PCT)
Prior art keywords
network interface
storage
security system
based security
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/US2002/015421
Other languages
French (fr)
Other versions
WO2002093314A2 (en
Inventor
Dan Avida
Serge Plotkin
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Decru Inc
Original Assignee
Decru Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Decru Inc filed Critical Decru Inc
Priority to EP02734438A priority Critical patent/EP1388061A4/en
Priority to US10/478,386 priority patent/US8335915B2/en
Priority to AU2002305607A priority patent/AU2002305607A1/en
Publication of WO2002093314A2 publication Critical patent/WO2002093314A2/en
Publication of WO2002093314A3 publication Critical patent/WO2002093314A3/en
Anticipated expiration legal-status Critical
Priority to US11/350,047 priority patent/US8423780B2/en
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/85Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/30Definitions, standards or architectural aspects of layered protocol stacks
    • H04L69/32Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
    • H04L69/322Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
    • H04L69/329Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The presently preferred embodiment of the invention provides an encryption based security system for network storage that separates the ability to access storage from the ability to access the stored data. This is achieved by keeping all the data encrypted on the storage devices (12). Logically, the invention comprises a device that has two network interfaces: one is a clear text network interface that connects to one or more clients, and the other is a secure network interface that is connected to one or more persistent storage servers. Functionally, each network interface supports multiple network nodes (13). That is, the clear text network interface supports multiple client machines, and the secure network interface supports one or more storage servers (12).
PCT/US2002/015421 2001-05-17 2002-05-14 Encryption based security system for network storage Ceased WO2002093314A2 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
EP02734438A EP1388061A4 (en) 2001-05-17 2002-05-14 Encryption based security system for network storage
US10/478,386 US8335915B2 (en) 2002-05-14 2002-05-14 Encryption based security system for network storage
AU2002305607A AU2002305607A1 (en) 2001-05-17 2002-05-14 Encryption based security system for network storage
US11/350,047 US8423780B2 (en) 2002-05-14 2006-02-07 Encryption based security system for network storage

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US29208801P 2001-05-17 2001-05-17
US60/292,088 2001-05-17

Publications (2)

Publication Number Publication Date
WO2002093314A2 WO2002093314A2 (en) 2002-11-21
WO2002093314A3 true WO2002093314A3 (en) 2003-05-15

Family

ID=23123156

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2002/015421 Ceased WO2002093314A2 (en) 2001-05-17 2002-05-14 Encryption based security system for network storage

Country Status (3)

Country Link
EP (1) EP1388061A4 (en)
AU (1) AU2002305607A1 (en)
WO (1) WO2002093314A2 (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6931530B2 (en) 2002-07-22 2005-08-16 Vormetric, Inc. Secure network file access controller implementing access control and auditing
US7143288B2 (en) 2002-10-16 2006-11-28 Vormetric, Inc. Secure file system server architecture and methods
US7334124B2 (en) 2002-07-22 2008-02-19 Vormetric, Inc. Logical access block processing protocol for transparent secure file storage
US8042155B1 (en) 2006-09-29 2011-10-18 Netapp, Inc. System and method for generating a single use password based on a challenge/response protocol
US8190905B1 (en) 2006-09-29 2012-05-29 Netapp, Inc. Authorizing administrative operations using a split knowledge protocol
US8196182B2 (en) 2007-08-24 2012-06-05 Netapp, Inc. Distributed management of crypto module white lists
US8245050B1 (en) 2006-09-29 2012-08-14 Netapp, Inc. System and method for initial key establishment using a split knowledge protocol
US8607046B1 (en) 2007-04-23 2013-12-10 Netapp, Inc. System and method for signing a message to provide one-time approval to a plurality of parties
US8611542B1 (en) 2007-04-26 2013-12-17 Netapp, Inc. Peer to peer key synchronization
US8824686B1 (en) 2007-04-27 2014-09-02 Netapp, Inc. Cluster key synchronization
US9774445B1 (en) 2007-09-04 2017-09-26 Netapp, Inc. Host based rekeying

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8352726B2 (en) 2003-11-07 2013-01-08 Netapp, Inc. Data storage and/or retrieval
US7162647B2 (en) 2004-03-11 2007-01-09 Hitachi, Ltd. Method and apparatus for cryptographic conversion in a data storage system
US7383462B2 (en) 2004-07-02 2008-06-03 Hitachi, Ltd. Method and apparatus for encrypted remote copy for secure data backup and restoration
US7502923B2 (en) 2004-09-16 2009-03-10 Nokia Corporation Systems and methods for secured domain name system use based on pre-existing trust
US7428642B2 (en) 2004-10-15 2008-09-23 Hitachi, Ltd. Method and apparatus for data storage
US7272727B2 (en) 2005-04-18 2007-09-18 Hitachi, Ltd. Method for managing external storage devices
US7801871B2 (en) 2005-08-09 2010-09-21 Nexsan Technologies Canada Inc. Data archiving system
US7886158B2 (en) 2005-09-08 2011-02-08 Hitachi, Ltd. System and method for remote copy of encrypted data
US8898452B2 (en) 2005-09-08 2014-11-25 Netapp, Inc. Protocol translation
US8171307B1 (en) 2006-05-26 2012-05-01 Netapp, Inc. Background encryption of disks in a large cluster
US8255704B1 (en) 2006-08-24 2012-08-28 Netapp, Inc. Pool encryption with automatic detection

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4588991A (en) * 1983-03-07 1986-05-13 Atalla Corporation File access security method and means
US5065429A (en) * 1989-04-03 1991-11-12 Lang Gerald S Method and apparatus for protecting material on storage media
US5150407A (en) * 1991-12-16 1992-09-22 Chan Steve S C Secured data storage devices
US5235641A (en) * 1990-03-13 1993-08-10 Hitachi, Ltd. File encryption method and file cryptographic system
US5235642A (en) * 1992-07-21 1993-08-10 Digital Equipment Corporation Access control subsystem and method for distributed computer system using locally cached authentication credentials
US5720034A (en) * 1995-12-07 1998-02-17 Case; Jeffrey D. Method for secure key production
US5940507A (en) * 1997-02-11 1999-08-17 Connected Corporation Secure file archive through encryption key management
US6175924B1 (en) * 1997-06-20 2001-01-16 International Business Machines Corp. Method and apparatus for protecting application data in secure storage areas
US6185684B1 (en) * 1998-08-28 2001-02-06 Adobe Systems, Inc. Secured document access control using recipient lists

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6981141B1 (en) * 1998-05-07 2005-12-27 Maz Technologies, Inc Transparent encryption and decryption with algorithm independent cryptographic engine that allows for containerization of encrypted files

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4588991A (en) * 1983-03-07 1986-05-13 Atalla Corporation File access security method and means
US5065429A (en) * 1989-04-03 1991-11-12 Lang Gerald S Method and apparatus for protecting material on storage media
US5235641A (en) * 1990-03-13 1993-08-10 Hitachi, Ltd. File encryption method and file cryptographic system
US5150407A (en) * 1991-12-16 1992-09-22 Chan Steve S C Secured data storage devices
US5235642A (en) * 1992-07-21 1993-08-10 Digital Equipment Corporation Access control subsystem and method for distributed computer system using locally cached authentication credentials
US5720034A (en) * 1995-12-07 1998-02-17 Case; Jeffrey D. Method for secure key production
US5940507A (en) * 1997-02-11 1999-08-17 Connected Corporation Secure file archive through encryption key management
US6175924B1 (en) * 1997-06-20 2001-01-16 International Business Machines Corp. Method and apparatus for protecting application data in secure storage areas
US6185684B1 (en) * 1998-08-28 2001-02-06 Adobe Systems, Inc. Secured document access control using recipient lists

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP1388061A4 *

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6931530B2 (en) 2002-07-22 2005-08-16 Vormetric, Inc. Secure network file access controller implementing access control and auditing
US7334124B2 (en) 2002-07-22 2008-02-19 Vormetric, Inc. Logical access block processing protocol for transparent secure file storage
US7143288B2 (en) 2002-10-16 2006-11-28 Vormetric, Inc. Secure file system server architecture and methods
US7565532B2 (en) 2002-10-16 2009-07-21 Vormetric, Inc. Secure file system server architecture and methods
US8042155B1 (en) 2006-09-29 2011-10-18 Netapp, Inc. System and method for generating a single use password based on a challenge/response protocol
US8190905B1 (en) 2006-09-29 2012-05-29 Netapp, Inc. Authorizing administrative operations using a split knowledge protocol
US8245050B1 (en) 2006-09-29 2012-08-14 Netapp, Inc. System and method for initial key establishment using a split knowledge protocol
US8607046B1 (en) 2007-04-23 2013-12-10 Netapp, Inc. System and method for signing a message to provide one-time approval to a plurality of parties
US8611542B1 (en) 2007-04-26 2013-12-17 Netapp, Inc. Peer to peer key synchronization
US8824686B1 (en) 2007-04-27 2014-09-02 Netapp, Inc. Cluster key synchronization
US8196182B2 (en) 2007-08-24 2012-06-05 Netapp, Inc. Distributed management of crypto module white lists
US9774445B1 (en) 2007-09-04 2017-09-26 Netapp, Inc. Host based rekeying

Also Published As

Publication number Publication date
EP1388061A4 (en) 2010-11-03
EP1388061A2 (en) 2004-02-11
WO2002093314A2 (en) 2002-11-21
AU2002305607A1 (en) 2002-11-25

Similar Documents

Publication Publication Date Title
WO2002093314A3 (en) Encryption based security system for network storage
WO2001022650A3 (en) Server-side implementation of a cryptographic system
WO2001067705A3 (en) A data transfer and management system
WO2003032603A3 (en) Ip hopping for secure data transfer
WO2003032133A3 (en) Distributed security architecture for storage area networks (san)
WO1998058473A3 (en) Network security and integration method and system
WO2006124479A3 (en) Cifs for scalable nas architecture
WO2006050074A3 (en) System and method for providing a multi-credential authentication protocol
WO2000072500A3 (en) Information encryption system and method
WO2001097480A3 (en) System and method for controlling the access to digital works through a network
WO2002033884A3 (en) Method and apparatus for providing a key distribution center
CA2571608A1 (en) System and method for consolidating, securing and automating out-of-band access to nodes in a data network
WO2004081719A3 (en) Methods and systems for digital rights management of protected content
WO2002082767A3 (en) System and method for distributing security processing functions for network applications
CA2280869A1 (en) System for providing secure remote command execution network
EP1251423A3 (en) Access control system
WO2003003177A3 (en) System for and methods of administration of access control to numerous resources and objects
WO2001045049A8 (en) Secure gateway having user identification and password authentication
CA2375443A1 (en) Secure data exchange between data processing systems
WO2004046849A3 (en) Cryptographic methods and apparatus for secure authentication
WO2002017034A3 (en) System and method for highly scalable high-speed content-based filtering and load balancing in interconnected fabrics
WO2005001660A3 (en) Secure network privacy system using proxy server
CA2512658A1 (en) Security in area networks
WO2001033829A3 (en) Internet-based shared file service and distributed access control
CA2351078A1 (en) Methods and apparatus for secure content delivery over broadband access networks

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
WWE Wipo information: entry into national phase

Ref document number: 2002734438

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 10478386

Country of ref document: US

WWP Wipo information: published in national office

Ref document number: 2002734438

Country of ref document: EP

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP