WO2008020932A2 - Service de sauvegarde en ligne optimisée et abstraite et de gestion de biens numériques - Google Patents

Service de sauvegarde en ligne optimisée et abstraite et de gestion de biens numériques Download PDF

Info

Publication number
WO2008020932A2
WO2008020932A2 PCT/US2007/015746 US2007015746W WO2008020932A2 WO 2008020932 A2 WO2008020932 A2 WO 2008020932A2 US 2007015746 W US2007015746 W US 2007015746W WO 2008020932 A2 WO2008020932 A2 WO 2008020932A2
Authority
WO
WIPO (PCT)
Prior art keywords
server application
file system
storage
digital assets
relational file
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/US2007/015746
Other languages
English (en)
Other versions
WO2008020932A3 (fr
Inventor
Benjamin B. Widheim
Michael C. Fisher
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ELEPHANTDRIVE LLC
Original Assignee
ELEPHANTDRIVE LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ELEPHANTDRIVE LLC filed Critical ELEPHANTDRIVE LLC
Publication of WO2008020932A2 publication Critical patent/WO2008020932A2/fr
Publication of WO2008020932A3 publication Critical patent/WO2008020932A3/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/18File system types
    • G06F16/188Virtual file systems

Definitions

  • the present invention relates to data storage and more particularly to an easy-to- use and cost-effective online storage technique for digital assets that secures the digital assets and may remotely destroy digital assets in stored repositories in the event the stored digital assets are compromised.
  • Offline and hardware-based approaches include: external hard drives; in-system redundant array of inexpensive disks (RAID) configurations (i.e., configuring a desktop or laptop with multiple redundant disks); saving to floppy, compact disc, or digital disks; and in-home file and storage servers.
  • Online and software-based approaches include: traditional online backup to a single managed storage system (i.e., online lockers); publicly available low-cost storage and application programming interfaces (APIs); and peer to peer storage systems.
  • Conventional security techniques can be divided into two categories - “blocking” solutions and "obfuscation” solutions. Blocking approaches create perimeters around individual digital assets or groups of digital assets.
  • applying password protection to a file creates a perimeter around the file through which, theoretically, only a password holder may pass.
  • user logins and permission sets erect a blocking perimeter through which only users with knowledge of the password may pass.
  • Other instances of blocking include BIOS level password protection or bio-metric identification protection at the firmware or hardware level.
  • Obfuscation solutions differ from blocking solutions. Rather than creating a perimeter around the digital assets, obfuscation solutions alter the data of the assets. Typically, obfuscation solutions use encryption algorithms to re-constitute the data in such a way as to make them effectively gibberish for unauthorized users lacking the access to the encryption algorithm and the encryption key. These solutions suffer from the similar vulnerabilities, such as the dictionary attacks mentioned above, and rely heavily on keeping keys secured. [0008] All of the offline data storage approaches have similar shortcomings for consumers. They require administration of additional hardware, and in some cases, administration that requires significant technical skill.
  • Offline data storage approaches have fixed limits on their capacities - you can only store so much on any given disk, drive, or array, after which you must decide what to keep and what to delete, or add additional space. These approaches are all subject to loss, theft, and damage. And these approaches are all exposed to the "same-site" vulnerability - that is, certain events that can damage the primary copy of data can simultaneously damage the backup copy (e.g., in a fire or flood, both the computer and the backup media can be destroyed if they are housed in the same location).
  • the existing online approaches address many of the shortcomings of the offline solutions, but have drawbacks of their own.
  • the existing solutions have high switching costs, making it difficult for consumers to take advantage of technological advancements and lower pricing when it becomes available. If a storage repository that is more secure, more reliable, faster or more economical than existing options becomes available, a consumer will have to take the time and energy to re-create their backup copy and learn to navigate a new interface to enjoy the benefits of the enhanced offering.
  • Peer-to-Peer solutions they require that the host machine that is holding data to be on and available at all times.
  • the existing online approaches do not address the need for mobile access to data from portable devices other than notebook PCs.
  • the existing online approaches do not have easy-to-use interfaces that allow pocket-sized mobile devices to efficiently upload and download files.
  • Devices such as PDAs and cell phone are becoming more suitable for data transactions due to interface improvements and expanded memories to store digital assets.
  • the online options have shortcomings for their operators as well. Operators are faced with three challenges - the development of online backup and storage software, the marketing of that service to consumers, and the maintenance of enterprise class storage solutions.
  • This third challenge is an unnecessary burden to the operator, requiring time and energy on the part of the provider without providing any incremental value to the consumer, as well as a significant capital expenditure up front in order to accommodate large volumes of storage - a burden that can be mitigated, delayed, or avoided entirely by integration with an enterprise class Storage-as-a-Service provider.
  • the solution therefore, is to provide secure, efficient, and affordable online digital asset storage.
  • An online digital asset storage solution with strong security and efficiency will naturally be an affordable option.
  • the two things that drive up operational costs are overhead costs from inefficiencies in data management and losses due to security breaches. Even the most secure networks are susceptible to security breaches. When such breaches occur, immediate intrusion detection and data protection is of the highest importance.
  • the present invention overcomes these and other deficiencies of the prior art by enabling end users (individual consumers and corporate entities) to store their digital assets, automate backup procedures, and access their digital assets remotely over the Internet, by making use of the optimal mix of one or many storage repositories or repository services.
  • the present invention is distinguished, at least in part, from other online backup and storage offerings because it serves as an intelligent aggregator of the available "wholesale alternatives" - the two good examples of which are providing direct access to a professionally managed hardware solution and providing frictionless intermediated access to a low-cost service provider of storage space.
  • the decoupling of the management tools from the data itself allows storage to be offered to users at the lowest cost per unit of security and reliability over time, without imposing any switching costs on the user as the menu of options changes.
  • the present invention enables individuals to remotely destroy their original digital assets in the event that their device becomes compromised as a result of loss or theft while preserving the copies stored by the service.
  • the present invention can be used in tandem with other blocking and obfuscation techniques.
  • the present invention alone can also be used to provide network data security to users without the need to deploy any further security techniques.
  • the present invention offers storage advantages to both the end users and operators over currently available offerings.
  • the present invention eliminates the switching costs of moving to a service that takes advantage of better or cheaper technologies either not available or not economical at the time they selected a backup service.
  • the present invention allows an online backup and storage business to be created with minimal initial capital outlay, by leveraging one or more storage services as opposed to investing in self- managed storage hardware at the outset. It also allows an online backup and storage business to narrowly focus its resources - existing businesses must invest resources into three key areas: developing management and control software, marketing their software or service to users, and managing enterprise storage.
  • the present invention obviates the need for an online backup and storage business to worry about enterprise storage management, thus reducing the expense structure and optimizing resources against software development and product marketing. [0017]
  • the present invention offers advantages over currently available offerings in data security.
  • the end user's digital assets are now redundantly stored; the digital assets are in a location separate from their primary host, eliminating "same-site" vulnerabilities.
  • the present invention requires little additional cooperation or discipline from end users to be effective after its initial setup.
  • the algorithms in the present invention are modular and scalable, capable of adapting to the different enterprise database platforms.
  • the invention is scalable in that it is capable of handing a spectrum of end-users without any impact on system performance: from consumer home storage to corporation storage.
  • the modularity of the system allows for the seamless addition of both new software and hardware to the system as the numbers of users increase.
  • the present invention provides an additional layer of proactive protection, and, in the event it is successfully deployed, confirmation of the implemented counter-measure. Unlike other security systems, this invention takes a proactive role in eliminating or minimizing the risks associated with compromised devices. This confirmation is extremely valuable; it gives an end user piece of mind that the sensitive data that may have been exposed has been destroyed or encrypted - end users may confidently declare that the exposure risk has been minimized or eliminated. Furthermore, because the invention is tied to a system remote from a user's primary host, end users enjoy the benefit of being able to destroy the compromised instance of the data while retaining a usable and easily accessible copy.
  • the present invention offers advantages to both end users and operators over current offerings by utilizing a management algorithm that efficiently allocates system resources to maximize them. This is beneficial to the operators because it saves on overhead costs, such as the need to purchase more hardware. Although this backend process is invisible to end users, the cost savings for the operators allows the operators to offer a cheaper alternative to the cycle of purchasing new hardware and incurring switching costs.
  • the present invention offers advantages to both end users and operators by utilizing a management algorithm that decreases the data access time by separating the metadata from the encrypted data and storing the metadata in a separate file system.
  • the metadata relational file system serves as an index that speeds up file access time because it eliminates the necessity of searching through large files through each separate database each time there is a request to access a file. This makes the end user experience of accessing data faster and decreases operator overhead in using system resources to locate files and other digital assets.
  • the present invention offers advantages in terms of data security both physically and over the network. Portable data storage devices such as USB flash drives or other portable hard drives are susceptible to theft, damage or loss during transit.
  • the present invention eliminates this possibility since the physical storage of a user's data is located in one or more secured locations.
  • the present invention also provides far greater data network security. Although most consumers may have antivirus or firewall software running on their systems to protect their data from unauthorized access, such consumers may not be unaware of any system vulnerabilities. Indeed, consumers may not even be aware of any malicious software running on their computer systems that is already compromising their data security.
  • the present invention utilizes diagnostic algorithms to detect suspicious network activity and prevent unauthorized access to data.
  • the present invention offers advantages in expanding the types of devices that are allowed to remotely access data.
  • Personal portable digital devices such as PDAs and cell phones would be able to remotely download data previously uploaded, or upload data that is currently stored on the portable device.
  • FIG. 1 illustrates an online backup and digital asset management system according to an embodiment of the invention.
  • FIG. 2 illustrates a security application providing data security in an online backup and digital asset management system according to an alternate embodiment of the invention.
  • Embodiments of the present invention and their advantages may be understood by referring to Figs. 1 and 2, and are described in the context of an online digital asset backup and storage technique.
  • the present invention utilizes, among other things, low-cost or free disk space provided by, for example, major online enterprises looking to monetize their existing investments in storage infrastructure, currently embodied in Storage-as-a-Service offerings such as Amazon Web Services' Simple Storage Service (S3), Omnidrive, Streamload, Box.net, ElephantDrive, and others.
  • S3 Amazon Web Services' Simple Storage Service
  • Omnidrive Omnidrive
  • Streamload Streamload
  • Box.net Box.net
  • ElephantDrive and others.
  • the present invention addresses the shortcoming of the offline/hardware-based solutions.
  • the present invention also addresses the problems presented by conventional online/software-based solutions.
  • decoupling the metadata from the binary objects By decoupling the metadata from the binary objects, a fully abstracted storage solution is enabled.
  • a user's digital assets may be stored in any storage repository or storage service, and the present invention dynamically shift objects from one repository or service to another. This can be done while the user accesses and manages his or her objects, using the same interface regardless of where the object is housed. This solves the problem of high switching costs associated with migrating from one solution to another, as migration can be affected behind the scenes. Users can enjoy the technological enhancements and cost savings without expending time and energy or learning a new interface.
  • Fig. 1 illustrates an online backup and digital asset management system 100 according to an embodiment of the invention.
  • the online backup and digital asset management system 100 comprises: a relational file system 110, a client program 120, and a server application 130.
  • the relational file system 110, the client program 120, and the server application 130 may be implemented as software and/or hardware.
  • the relational file system 110 decouples metadata from object data, i.e., digital assets (referred to as "digital objects" in the figure).
  • This file system is unique, providing multiple improvements over existing file systems such as FAT or NTFS, as it uses a database and advanced data structures to manage and index metadata, along with its relationship to actual storage.
  • Metadata is data about data.
  • metadata comprises "implicit" information about a file such as the title, subject, author, file format, and the size of the file.
  • the file system 110 expands on traditional set of datum by allowing the integration of "explicit" metadata, such as tagging.
  • metadata is highly customizable and can be expanded to include other characteristics regarding a data file - that metadata could include executable software code or scripts.
  • An algorithm in the server application 130 evaluates a number of metrics, such as response latency, capacity, availability, failure rates, and cost to govern the initial storage and movement of objects. These metrics give feedback as to the efficacy of performance of the digital asset management system 100. Accordingly, the algorithm in server application 130 manages the distribution of data in digital asset management system 100 by evaluating several factors for efficient file access. These factors are weighted by the system operators and can be dynamically implemented into the digital asset management system. For example, home consumer multimedia files that would be accessed more often than corporate backup data would be stored in or relocated to physical storage that are faster to access, similar to a cache in a computer system. Some of the factors considered by the management algorithm would include file size, file format, and prior frequency of access.
  • the relational file system 110 stores the relationships that can exist between objects and users, and the relationships that can exist between objects themselves.
  • SIS Single Instance Storage
  • the global file system may take multiple users' directories that have different but similar binary objects, match them based on a hashing algorithm, the implementation of which is apparent to one of ordinary skill in the art, and merge similarities into a single binary object (or instance) and create references to that binary object.
  • Hash matching is performed in real-time (when an object is presented by the user for addition to the global file system, it is first checked against a global hash map to determine what portions of the binary object are needed, if any) and asynchronously, consolidating more granular portions of binary objects after longer arguments have been introduced. Additionally, the relational file system 110 identifies the attributes that the binary objects may have, including physical location or locations of each of the binary object itself.
  • the relational file system 110 divides metadata about a particular object into three distinct categories: Implicit, Explicit, and Operational.
  • Implicit metadata includes all attributes inherent to the binary object, including its type, size, name, creation dates, modification dates, and access dates, anything included by the metadata contained with the original binary object as it existed on the users file system, and read by client software.
  • Implicit metadata in the relational file system is also inclusive of inherent qualities derived from the file, such as access histories (download, update, etc) and type category (audio, video, image, document). This latter piece of metadata assists in creating more intuitive user interfaces to data by breaking down the traditional hierarchical layout of file systems.
  • Explicit metadata is information supplied by users or a group of users that describe the binary objects with keywords that are later indexed for simple retrieval, sometimes known as "tagging.”
  • Operational metadata is specific to the relational file system, and never exposed to a user. This is inclusive of address information (where the actual binary arguments are stored), encryption information, compression information, and its relationship to other objects in the system (i.e. the binary object is dependent on another for some or all of its actual binary data).
  • These locations are storage repositories or frames, representative of one or more virtual volumes (e.g., SRl, SR2, SR3, and/or SR4).
  • the present invention implements an optimized storage algorithm, designed to match binary objects with their Implicit and Operational metadata for efficiency in storage, retrieval, and security.
  • Volumes in the system are given a score based on a weighted average of their associated cost (measured in price per gigabyte per month stored), availability (measured in mean time between observed failure), read/write/network throughput speeds (measured in observed kilobytes per second), capacity (measured in available gigabytes), and security (measured in a score based on availability of secure transfer protocols, physical location of disks, and mean time between compromise).
  • volumes with poor scores across availability and security will be dropped from the system and have its data/objects/digital assets transferred elsewhere; volumes with insufficient capacity become unavailable for additional storage while still maintaining availability for retrieval. Finally, the algorithm combines this score with Implicit metadata of the binary object to determine the most advantageous destination or group of destinations for its contents.
  • a binary object that has associated metadata that specifies the object as a type category of infrequently modified and accessed word processing documents is matched with a storage repository with high scores for reliability and security, such as commoditized disk arrays residing in an internally controlled secure datacenter.
  • a binary object with associated metadata describing the object as a type category of unmodified, but frequently accessed audio will be matched with a volume with high scores for capacity and throughput performance, such as Storage-as-a-Service offerings and peer to peer networks. Access and modification histories may dictate that an object be graduated to another storage repository, or replicated. During this process the hash signature of the binary contents of the object are verified on each end of a transfer, ensuring data integrity.
  • a storage repository or frame can comprise any type of network addressable storage, such as the internally managed Network Attached Storage (NAS), Fibre-Channel SCSI, or iSCSI storage architectures, or some other external storage service.
  • Virtual volumes include one layer of classification beyond a storage repository (storage repositories may have multiple volumes) and, once added as available targets in the system, are measured granularly on the basis of their cost, performance (speed), reliability (mean time between failure), and security. Volumes are virtualized in that they are controlled by the global relational file system, and can be added, expanded, or otherwise modified at any time.
  • the relation file system 110 uses these relationships and attributes as a guide, the relation file system 110 implements a normalized schema, in which entity types are organized to increase cohesion to eliminate data redundancy and store information about objects and users that will retain its relational integrity and allow a complete representation of the individual user's virtual file system to be viewed, modified, added to or deleted from.
  • the procedures for viewing, modifying, adding to, and deleting from are designed to ensure the integrity of the system, protecting against false positives.
  • the relational file system 110 is in communication with the server application 130.
  • the relational file system 110 receives object data and/or metadata as well as commands from the server application 130, carries out the commands, and transmits object data and/or metadata back to the server application 130 as requested. Communication between end users and the relational file system is performed through the server application exclusively.
  • the client program 120 interfaces end users to the system 100.
  • the client program 120 may be implemented as a software program capable of interacting with network- enabled programs such as browsers and messaging applications over a remote network 125, though it can also be implemented by embedded integrated circuits or other forms of hardware.
  • the client program 120 is able to request and receive data, and present a graphical representation of the data to a user.
  • the client program 120 can reside either on the server machines, on the client machines, or both.
  • the client program 120 enables the user to view, modify, add, and delete objects and metadata from the relational file system 110, as well as access the binary objects themselves upon request.
  • the client program 120 encrypts a binary object into an encrypted digital object 128 prior to sending them to the server application 130, and decrypts the digital object upon receiving them from the repository in which it is stored. Encryption can be implemented using any standard encryption scheme, the identification and implementation of which are apparent to one of ordinary skill in the art.
  • the server application 130 provides a web- based service that binds the metadata and objects provided by the client program 120 with the relational file system 110 and oversees the deposit of the objects into a storage repository (e.g., SRl, SR2, SR3, and/or SR4) or service.
  • a storage repository e.g., SRl, SR2, SR3, and/or SR4
  • the server application 130 may be implemented as a software program capable of interacting with other network-enabled programs over the remote network 125.
  • the server application 130 retrieves information from the relational file system 110 and delivers it to the client application 120.
  • the methodology for object retrieval is dictated by Operational metadata, specifying where the object is located amongst the group of virtual volumes, its encryption method and associated key, its compression method, and its dependence on other objects in the system. In the event that the object is encrypted or compressed, additional client software may be necessary.
  • the server application 130 receives formatted messages from the client application 110 to perform actions to add, modify, or delete binary objects and metadata on the relational file system 110, execute on these actions, and return confirmations or error messages to the client application 120.
  • Client messages are formatted in the form of Simple Object Access Protocol (SOAP) envelopes or Representational State Transfer (REST) messages to a secure HTTP server.
  • Binary objects can be transferred similarly, or streamed via common internet protocols, such as TCP or UDP.
  • the server application 130 manages acceptance and transfer of binary objects to be added to the relational file system 110, in whole or in part either directly to the storage repository or to the server application as an intermediary, and communicates the results to the client application 120.
  • the server application 130 delivers access information in the form of a session key identifier to the client application 120, so that it can locate, request, and receive one or more binary object when a user instructs it to.
  • the server application 130 deposits the binary objects in one or more of the storage repositories (e.g., SRl, SR2, SR3, and SR4), and moves the binary objects from one repository to another while updating the relational file system 110 accordingly.
  • the online backup and digital asset management system 100 implements a security scheme that allows for the storage of the binary objects by third parties.
  • the security scheme comprises a mechanism for encrypting binary objects so that they can be stored by third parties, but never accessed by third parties.
  • the security scheme calculates and stores two file signatures or secure one-way hash values prior to encryption.
  • One signature can be stored in the relational file system 110 in plain text and used to verify the integrity of the object after download and decryption.
  • the other signature can be used as the key with which to encrypt the object.
  • This signature-key can then be encrypted with a separate pass-phrase contained in a certificate either supplied by the user or randomly generated by the server application and stored in the relational file system 110.
  • Such a system optimizes the balance between security and flexibility, offering "defense-in-depth" (an attacker would have to compromise several layers of security, encryption, and abstraction in order to compromise the system) while allowing for flexibility and sharing (digital assets can be shared by key-sharing, minimizing computation and binary manipulation).
  • the relational file system 110 physical servers on which the server/service applications are implemented are deployed in a secure data center facility with high-availability and high-throughput connectivity to the Internet.
  • One or more storage repositories are identified and attached to the server 130, either within the data center facility or in another such facility.
  • the repository or facility may be managed and/or hosted by a third party.
  • several storage repositories are employed, some internal (such as an internally managed storage array), and some external to the data center facility.
  • An alternate embodiment of the present invention may be understood by referring to Fig. 2 and is described in the context of ensuring the security of compromised client systems.
  • the present invention increases the security of digital assets by obscuring or deleting all original copies of digital assets associated with an end user whose original storage medium has been compromised and suspending access to the online, secured digital assets from the compromised medium. This adds significant value to online storage services. Regardless of whether an end user is a home consumer or a corporate enterprise, one must spend time and money to ensure their digital assets are safe from physical theft or malicious network attacks, but this system provides an additional failsafe mechanism in event that theft or attack is successful.
  • the present invention provides an economical alternative to the overhead costs associated with user-provided network security.
  • Fig. 2 illustrates the relationship between the server 130, the security mechanism
  • security mechanism 140 Upon detection of an unauthorized access to the global file system 100, the security mechanism 140 will take precedence over all other operations on server 130. Upon a network security breach, security mechanism 140 refers to relational file system 110 to identify all end users whose digital assets are affected by the unauthorized access and to freeze access to all digital assets related to the user from the compromised medium. Then, the security mechanism 140 will immediately either destroy or render unreadable all digital assets associated with the end users on the compromised medium, or destroy or render unreadable only the digital assets sought after by unauthorized access on the compromised medium. Prior to the destruction of any files as a result of a security breach of relational file system 110 and server 130, a copy of the files may be sent to the end user to ensure that files are immediately accessible..
  • the server 130 upon detecting a network activity indicating a network attack by an unauthorized user, such as a Denial-of-Service attack, will activate the security mechanism. All files that the unauthorized user is trying to access will be immediately encrypted such that the files effectively become gibberish for the unauthorized user.
  • the security mechanism 140 of the relational file system 110 and server 130 detects unauthorized system access by scanning systems logs for anomalies in network traffic, attempts at buffer overflow, any alterations in key system files or the database root directory, or suspicious activity in an end user account, such as a frequent change of passwords.
  • the security mechanism 140 deletes files and data to prevent unauthorized access, it first looks to relational database 110 to identify the metadata of the files being accessed to obtain the end users being affected by the unauthorized access. The security mechanism will then gather a set of all binary objects to be deleted from the physical repositories (SRl, SR2, SR3, and/or SR4).
  • the metadata regarding the end user and the locations of the digital assets on the physical repositories are not immediately deleted. Prior to the execution of the deletion command, the security mechanism 140 will ensure that an instance of the object is not lost by electronically sending a copy of all files to be deleted to the end user.
  • the hash signature is matched to binary objects on the target client file system for remote destruction. For example, a system user who has had their PC lost or stolen can notify the operators of the system that they wish their data to be destroyed.
  • a sentinel is set to listen for the MAC address of the network card(s) associated with the users account, and send hash signatures to the client service on the PC to destroy the successfully backed up content. The destruction may performed by overwriting the existing byte arguments with randomly generated binary arguments or, in the event of a full volume backup, removing the disk's partition.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Bioethics (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Data Mining & Analysis (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

La présente invention concerne un système et un procédé de stockage et de sécurité en ligne. Des biens numériques sont envoyés depuis des applications client à des applications serveur. Le serveur met en oeuvre un algorithme qui optimise le stockage de biens numériques. Le serveur extrait les métadonnées de biens numériques et stocke les métadonnées dans une base de données relationnelle. Le stockage de biens numériques va dépendre de l'analyse des métadonnées, des facteurs tels que le type de fichier, la fréquence d'utilisation et la fréquence d'accès étant pris en compte par l'algorithme d'optimisation de destination de stockage. Le serveur met également en oeuvre un algorithme qui protège les biens numériques d'un accès au réseau non autorisé. Lorsqu'une intrusion dans le réseau est détectée par l'algorithme de sécurité, les biens numériques des utilisateurs compromis seront bloqués, puis seront soit détruits, soit rendus illisibles pour l'utilisateur non autorisé. L'algorithme de sécurité peut ensuite envoyer une instance des biens numériques à l'utilisateur compromis afin d'assurer que les biens numériques restent accessibles.
PCT/US2007/015746 2006-07-10 2007-07-10 Service de sauvegarde en ligne optimisée et abstraite et de gestion de biens numériques Ceased WO2008020932A2 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US80691106P 2006-07-10 2006-07-10
US60/806,911 2006-07-10

Publications (2)

Publication Number Publication Date
WO2008020932A2 true WO2008020932A2 (fr) 2008-02-21
WO2008020932A3 WO2008020932A3 (fr) 2008-09-04

Family

ID=39082506

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2007/015746 Ceased WO2008020932A2 (fr) 2006-07-10 2007-07-10 Service de sauvegarde en ligne optimisée et abstraite et de gestion de biens numériques

Country Status (1)

Country Link
WO (1) WO2008020932A2 (fr)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9928386B1 (en) 2015-06-08 2018-03-27 Amazon Technologies, Inc. Data protection system
US10055596B1 (en) 2015-06-08 2018-08-21 Amazon Technologies, Inc. Data protection system
CN112685425A (zh) * 2021-01-08 2021-04-20 东云睿连(武汉)计算技术有限公司 一种数据资产元信息处理系统和方法
CN118626455A (zh) * 2024-08-12 2024-09-10 山东富通信息科技有限公司 一种基于互联网的计算机数据管理方法及系统

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6502088B1 (en) * 1999-07-08 2002-12-31 International Business Machines Corporation Method and system for improved access to non-relational databases
US6941510B1 (en) * 2000-06-06 2005-09-06 Groove Networks, Inc. Method and apparatus for efficient management of XML documents
US7257107B2 (en) * 2003-07-15 2007-08-14 Highwall Technologies, Llc Device and method for detecting unauthorized, “rogue” wireless LAN access points

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9928386B1 (en) 2015-06-08 2018-03-27 Amazon Technologies, Inc. Data protection system
US10055596B1 (en) 2015-06-08 2018-08-21 Amazon Technologies, Inc. Data protection system
CN112685425A (zh) * 2021-01-08 2021-04-20 东云睿连(武汉)计算技术有限公司 一种数据资产元信息处理系统和方法
CN112685425B (zh) * 2021-01-08 2022-06-17 东云睿连(武汉)计算技术有限公司 一种数据资产元信息处理系统和方法
CN118626455A (zh) * 2024-08-12 2024-09-10 山东富通信息科技有限公司 一种基于互联网的计算机数据管理方法及系统

Also Published As

Publication number Publication date
WO2008020932A3 (fr) 2008-09-04

Similar Documents

Publication Publication Date Title
US20080052328A1 (en) Abstracted and optimized online backup and digital asset management service
US20250004996A1 (en) Universal file virtualization with disaggregated control plane, security plane and decentralized data plane
US20230259640A1 (en) Data storage systems and methods of an enforceable non-fungible token having linked custodial chain of property transfers prior to minting using a token-based encryption determination process
US9262643B2 (en) Encrypting files within a cloud computing environment
US8977661B2 (en) System, method and computer readable medium for file management
US20220292187A1 (en) Media agent hardening against ransomware attacks
US10445517B1 (en) Protecting data in insecure cloud storage
US9984006B2 (en) Data storage systems and methods
US8479304B1 (en) Selectively protecting against chosen plaintext attacks in untrusted storage environments that support data deduplication
US20140019497A1 (en) Modification of files within a cloud computing environment
CN103825953B (zh) 一种用户模式加密文件系统
JP6511161B2 (ja) データファイルの保護
Wani et al. File system anti-forensics–types, techniques and tools
US8924700B1 (en) Techniques for booting from an encrypted virtual hard disk
US20230185628A1 (en) Clustered container protection
US10628073B1 (en) Compression and encryption aware optimized data moving across a network
US20200004974A1 (en) Systems and methods for preventing leakage of protected document data
WO2008020932A2 (fr) Service de sauvegarde en ligne optimisée et abstraite et de gestion de biens numériques
US20250363237A1 (en) Virtualization for privacy control
Zhao et al. SafeSky: a secure cloud storage middleware for end-user applications
US11880482B2 (en) Secure smart containers for controlling access to data
US10917390B2 (en) Browser drag and drop file upload encryption enforcement
Paik et al. Data protection based on hidden space in windows against ransomware
Hasan et al. The techniques and challenges of immutable storage with applications in multimedia
Herath Ensuring Data Security with Azure Storage

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07836044

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

NENP Non-entry into the national phase

Ref country code: RU

122 Ep: pct application non-entry in european phase

Ref document number: 07836044

Country of ref document: EP

Kind code of ref document: A2