Patent•
Method and system for disaster recovery of data from a storage device
14 May 2003-
TL;DR: In this article, a method and system for securely managing the storage and retrieval of data is proposed, which may include receiving a first disaster recovery code and acquiring a first password corresponding to the first code.
Abstract: Aspects of the invention provide a method and system for securely managing the storage and retrieval of data Securely managing the storage and retrieval of data may include receiving a first disaster recovery code and acquiring a first password corresponding to the first disaster recovery code A first disaster recovery key may be generated based on the first disaster recovery code and the first password Another aspect of the invention may also include generating the received first disaster recovery code based on said first password and the first disaster recovery key The generated disaster recovery code may be securely stored on at least a portion of a storage device or a removable media Data stored on the storage device may be encrypted using the first generated disaster recovery key Additionally, data read from the storage device may be decrypted using the generated first disaster recovery key
Citations
More filters
Patent•
09 Oct 2007
TL;DR: In this paper, an improved system for accessing data within a distributed data storage network (DDSN) is disclosed, in which traffic is routed to individual slice servers within the DDSN in accordance with objective criteria as well as user-defined policies.
Abstract: An improved system for accessing data within a distributed data storage network (“DDSN”) is disclosed. In a system implementing the disclosed invention, traffic is routed to individual slice servers within the DDSN in accordance with objective criteria as well as user-defined policies. In accordance with one aspect of the disclosed invention, when a data segment is written to a DDSN, the segment is divided into multiple data slices, which are simultaneously transmitted to different slice servers. In accordance with another aspect of the disclosed invention, when a data segment is read from a DDSN, a list of slice servers, each containing a data slice that could be used to reconstruct the requested data segment, is assembled, and sorted in accordance with a preference rating assigned to each of the slice servers. Sufficient data slices to reconstruct the data segment are then read in accordance with the preference ranking of the slice servers.
941 citations
Patent•
IBM1
TL;DR: In this paper, the original data to be stored is separated into a number of data'slices' or shares (22, 24, 26, 28, 30, and 32) and stored on separate digital data storage devices (34, 36, 38, 40, 42, and 44) as a way of increasing privacy and security.
Abstract: A billing process is disclosed for an information dispersal system or digital data storage system. The original data to be stored is separated into a number of data 'slices' or shares (22, 24, 26, 28, 30, and 32). These data subsets are stored on separate digital data storage devices (34, 36, 38, 40, 42, and 44) as a way of increasing privacy and security. A set of metadata tables are created, separate from the dispersed file share storage, to maintain information about the original data size of each block, file or set of file shares dispersed on the grid.
936 citations
Patent•
19 Nov 2010
TL;DR: In this paper, a block-based interface to a dispersed data storage network is disclosed, which accepts read and write commands from a file system resident on a user's computer and generates network commands that are forwarded to slice servers.
Abstract: A block-based interface to a dispersed data storage network is disclosed. The disclosed interface accepts read and write commands from a file system resident on a user's computer and generates network commands that are forwarded to slice servers that form the storage component of the dispersed data storage network. The slice servers then fulfill the read and write commands.
929 citations
Patent•
26 Apr 2011
TL;DR: In this article, a system, method, and apparatus for implementing a plurality of dispersed data storage networks using a set of slice servers are disclosed, with each information record corresponding to a distributed data storage network.
Abstract: A system, method, and apparatus for implementing a plurality of dispersed data storage networks using a set of slice servers are disclosed. A plurality of information records are maintained, with each information record corresponding to a dispersed data storage network. The information record maintains what slice servers are used to implement the dispersed data storage network, as well as other information needed to administer a DDSN, such as the information dispersal algorithm used, how data is stored, and whether data is compressed or encrypted.
916 citations
Patent•
27 Sep 2006
TL;DR: An efficient method for breaking source data into smaller subsets and storing those subsets along with coded information about some of the other data subsets on different storage nodes is described in this article.
Abstract: An efficient method for breaking source data into smaller data subsets and storing those subsets along with coded information about some of the other data subsets on different storage nodes such that the original data can be recreated from a portion of those data subsets in an efficient manner.
900 citations
References
More filters
Patent•
19 Sep 1994TL;DR: In this article, the signator of an electronic document can be verified by embedding a security object, for example, supported by an object linking and embedding (OLE) capability, in the electronic document at a location selected by the signators.
Abstract: The integrity or the signator of an electronic document can be verified by embedding a security object, for example, supported by an object linking and embedding (OLE) capability, in the electronic document at a location selected by the signator. The embedded security object includes security information and an identifier for invoking the processing of the security information. The security information may include a document digest that characterizes the electronic document at the time the security object was embedded, a signature digest that identifies the signator and that characterizes the instance of the embedded security object, and the signator's electronic chop, which may be the signator's digitized signature or other graphic image. In addition, the security information can be encrypted using either private key encryption or public key encryption. When the electronic document is later displayed, the identifier invokes processing that decrypts the security information and calculates the document digest based on the current state of the electronic document. The signator of the electronic document can be verified based upon the result of the decryption. The integrity of the electronic document can be verified if the decrypted document digest matches the calculated document digest. If the signator and the document integrity are confirmed, the electronic chop is displayed in the document. If, however, the signator or document integrity are not verified, the electronic chop is not displayed. In addition, a warning message may be displayed if verification fails.
565 citations
Patent•
21 Feb 1995TL;DR: In this paper, a system and method for data escrow cryptography are described, where an encrypting user encrypts a message using a secret storage key (KS) and attaches a data recovery field (DRF), including an access rule index (ARI) and KS, to the encrypted message.
Abstract: A system and method for data escrow cryptography are described. An encrypting user encrypts a message using a secret storage key (KS) and attaches a data recovery field (DRF), including an access rule index (ARI) and KS, to the encrypted message. The DRF and the encrypted message are stored in a storage device. To recover KS, a decrypting user extracts and sends the DRF to a data recovery center (DRC) that issues a challenge based on access rules (ARs) originally defined by the encrypting user. If the decrypting user meets the challenge, the DRC sends KS in a message to the decrypting user. Generally, KS need not be an encryption key but could represent any piece of confidential information that can fit inside the DRF. In all cases, the DRC limits access to decrypting users who can meet the challenge defined in either the ARs defined by the encrypting user or the ARs defined for override access.
232 citations
Patent•
10 Apr 1997TL;DR: In this article, a secure method to access data when the user has lost or forgotten the user password (261) was proposed, in which two encrypted versions of the access key are created (236, 270).
Abstract: The present invention is directed toward providing a secure method to access data when the user has lost or forgotten the user password (261). In accordance with the invention and in a system where decryption of an access key (232) will give access to data, two encrypted versions of the access key are created (236, 270). A first version (236) is formed using a key (264) formed with the user password. A second version (270) is formed using a public key (266) from a public-private key pair. Generally, data access can be had by decrypting the first encrypted version (236) of the access key (232) with the password key (264). However, if the password (261) is forgotten, access to data can be accomplished by decrypting the second encrypted version (270) of the access key (232) with the private key (280) from the public-private key pair. One embodiment of the invention requires the private key (280) to be stored at a remote site and for decryption using the private key to take place at the remote site. In this manner the user can gain access to data without significantly compromising the data security.
110 citations
Patent•
IBM1
TL;DR: In this article, a method and an apparatus is presented for updating flash memory that contains a write protected code, a first copy of rewritable recovery code, another copy of ReWR code, and a third copy of composite code.
Abstract: A method and an apparatus is presented for updating flash memory that contains a write protected code, a first copy of rewritable recovery code, a second copy of rewritable recovery code, and a rewritable composite code. Each block of rewritable code contains a checksum code to detect if the block of code has been corrupted. If it is detected that the first copy of the recovery code is corrupted then the second copy of the recovery code is copied into the first copy of the recovery code. If it is detected the second copy of the recovery code is corrupted then the first copy of the recovery code is copied into the second copy of the recovery code. The recovery code is responsible for checking and updating the composite code. If it is detected the composite code is corrupted then a fresh copy of the composite code is obtained from a removable storage device or a network connection. The data processing system is booted by executing the write protected code, the first copy of the recovery code, and the composite code. There is a minimum of redundant code by only replicating two copies of the recovery code while, at the same time, guaranteeing both the integrity and the updateability of the flash memory.
91 citations
Patent•
20 Oct 1997TL;DR: In this article, a key is encrypted by encoding, for example, by hashing, private information such as mother's maiden name and social security number, and the result is used as a key to encrypt the private key using DES or another symmetric encryption technique.
Abstract: A key such as a private key or key password of a private key is encrypted for storage, and may be decrypted if the private key becomes lost or unavailable. The key is encrypted by encoding, for example, by hashing, private information such as mother's maiden name and social security number, and the result is used as a key to encrypt the private key using DES or another symmetric encryption technique. The encrypted key is again encrypted, for example using asymmetric encryption, using the public key of a trusted party such as the certificate authority that generated the private key. The result may be stored as a key recovery file by the principal of the private key or another party. To decrypt the key recovery file, the private key corresponding to the public key used to encrypt the key recovery file is used to decrypt the key recovery file, for example by asymmetric decryption. The result is symmetrically decrypted using a key obtained by encoding, for example, by hashing, the private information in the same manner as was used to encrypt the key. The result of this decryption is the key.
64 citations