会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 61. 发明授权
    • Storage apparatus and data management method
    • 存储设备和数据管理方法
    • US08098824B2
    • 2012-01-17
    • US12010056
    • 2008-01-18
    • Kyoko MikamiNobuyuki Osaki
    • Kyoko MikamiNobuyuki Osaki
    • H04L9/00
    • H04L9/083G06F11/2074G06F21/6218G06F21/805H04L9/0891
    • Provided is a storage system that includes a first storage apparatus and a second storage apparatus each connected to a host computer. The first and second storage apparatuses each include a controller and a disk drive. The controller manages an encryption status and an encryption key for each of a data volume and a journal volume in the disk drive. The controller in the first storage apparatus receives a write request from the host computer, creates a journal based on write data, encrypts the journal, and stores in an order the journal in a storage area in the journal volume. The controller in the order the encrypted journal stored in the journal volume, decrypts the journal, and transmits the decrypted journal to the second storage apparatus.
    • 提供了一种存储系统,其包括每个连接到主计算机的第一存储装置和第二存储装置。 第一和第二存储装置各自包括控制器和磁盘驱动器。 控制器管理磁盘驱动器中的每个数据卷和日志卷的加密状态和加密密钥。 第一存储装置中的控制器从主计算机接收写入请求,基于写入数据创建日志,加密日志,并将日志存储在日志卷中的存储区域中。 控制器按照存储在日志卷中的加密日志的顺序解密日志,并将解密的日志传送到第二存储装置。
    • 65. 发明申请
    • COMPUTER SYSTEM, MANAGEMENT TERMINAL, STORAGE SYSTEM AND ENCRYPTION MANAGEMENT METHOD
    • 计算机系统,管理终端,存储系统和加密管理方法
    • US20080263368A1
    • 2008-10-23
    • US11968752
    • 2008-01-03
    • Kyoko MIKAMINobuyuki OsakiYuri Hiraiwa
    • Kyoko MIKAMINobuyuki OsakiYuri Hiraiwa
    • G06F12/14H04L9/28
    • G06F12/1408G06F21/80G06F21/85H04L9/0637H04L63/0464
    • To provide a computer system in which an encryption-decryption process performed by one encryption-decryption module can be moved to the other encryption-decryption module without stopping the process for a read/write request from a host computer. The computer system has a host computer 200, and a storage system 400, 500 for storing the encrypted data in a storage area. The storage system 400 provides a storage area of the storage system 500 as the storage area of its own for accepting access from the host computer 200. In performing a process for changing for the data encrypted and stored by the destination source 500, the move destination 400 encrypts the data decrypted by the move source 500, the move source 500 further encrypts and stores the data encrypted by the move destination 400 in the move source 500, and after all the data is stored, the move source 500 decrypts and stores the further encrypted data in the block.
    • 提供一种计算机系统,其中由一个加密 - 解密模块执行的加密 - 解密处理可以移动到另一加密 - 解密模块,而不停止来自主计算机的读/写请求的处理。 计算机系统具有主计算机200和用于将加密数据存储在存储区域中的存储系统400,500。 存储系统400提供存储系统500的存储区域作为其自己的存储区域,用于接受来自主机计算机200的访问。 在执行用于改变由目的地源500加密和存储的数据的处理时,移动目的地400对由移动源500解密的数据进行加密,移动源500进一步加密并将由移动目的地400加密的数据存储在 移动源500,并且在所有数据被存储之后,移动源500将进一步加密的数据解密并存储在块中。
    • 66. 发明申请
    • Computer system, storage system, and data management method for updating encryption key
    • 用于更新加密密钥的计算机系统,存储系统和数据管理方法
    • US20080260159A1
    • 2008-10-23
    • US12010049
    • 2008-01-18
    • Nobuyuki Osaki
    • Nobuyuki Osaki
    • H04L9/06
    • H04L9/0891G06F21/80H04L63/0464
    • A computer system encrypts write-data to be written to the volume in response to a write command. The system transmits a rekey command from host computer system to the storage system when the key data stored in the host key data memory is changed to second key data. The storage system receives the rekey command transmitted from host computer system and stores the first and second key data contained in the received rekey command to a volume key data memory of the storage system. The storage system reads out data encrypted with the first key data from an original block address in the volume. The storage system decrypts the data read out from the volume using the first key data. The storage system encrypts the data decrypted by the first key data using the second key data, and writs the data encrypted with the second key data to the original block address.
    • 计算机系统响应于写命令加密要写入卷的写数据。 当存储在主机密钥数据存储器中的密钥数据被改变为第二密钥数据时,系统将主机计算机系统的密钥命令发送到存储系统。 存储系统接收从主计算机系统发送的重新命令命令,并将包含在接收到的重命令命令中的第一和第二密钥数据存储到存储系统的卷密钥数据存储器。 存储系统从卷中的原始块地址读出利用第一密钥数据加密的数据。 存储系统使用第一密钥数据解密从卷读出的数据。 存储系统使用第二密钥数据对由第一密钥数据解密的数据进行加密,并将用第二密钥数据加密的数据写入原始块地址。
    • 67. 发明申请
    • Redundant configuration method of a storage system maintenance/management apparatus
    • 一种存储系统维护/管理装置的冗余配置方法
    • US20080244580A1
    • 2008-10-02
    • US12007334
    • 2008-01-09
    • Takahiro FujitaHirokazu IkedaNobuyuki Osaki
    • Takahiro FujitaHirokazu IkedaNobuyuki Osaki
    • G06F12/00G06F9/46
    • G06F11/2028G06F3/0617G06F3/0635G06F3/067G06F11/2041G06F11/2069G06F11/2092H04L41/0668H04L41/0695H04L67/1097
    • Provided is a method of managing a computer system including a plurality of storage systems and a plurality of management appliances for managing the plurality of storage systems. A first management appliance and a second management appliance hold an identifier of a first storage system and management data obtained from the first storage system. The method includes the steps of: selecting a third management appliance from the plurality of management appliances when a failure occurs in the first management appliance; transmitting the identifier held in the second management appliance from the second management appliance to the selected third management appliance; and holding the identifier transmitted from the second management appliance in the selected third management appliance. Thus, it is possible to prevent, after failing-over due to an abnormality of a maintenance/management appliance, a single point of failure from occurring to reduce reliability of the maintenance/management appliance.
    • 提供一种管理包括多个存储系统和多个用于管理多个存储系统的管理设备的计算机系统的方法。 第一管理设备和第二管理设备保存第一存储系统的标识符和从第一存储系统获得的管理数据。 该方法包括以下步骤:当在第一管理设备中发生故障时,从多个管理设备中选择第三管理设备; 将保持在第二管理设备中的标识从第二管理设备传送到所选择的第三管理设备; 以及在所选择的第三管理设备中保存从第二管理设备发送的标识符。 因此,可以防止由于维护/管理设备的异常而导致的故障发生之后发生单点故障以降低维护/管理设备的可靠性。
    • 68. 发明申请
    • METHOD AND APPARATUS FOR ENCRYPTION WITH RAID IN STORAGE SYSTEM
    • 在存储系统中加密RAID的方法和装置
    • US20080092029A1
    • 2008-04-17
    • US11537557
    • 2006-09-29
    • Hiroshi ArakawaNobuyuki Osaki
    • Hiroshi ArakawaNobuyuki Osaki
    • G06F11/00H03M13/00
    • G06F11/1076G06F21/6218G06F2211/1009
    • The described methodology provides users with the ability to specify flexible encryption options in a storage system using RAID technology. The users can use the system to achieve a configuration which achieves a desired balance between security and system load/performance. Specifically, one aspect of the methodology enables the user to enable or disable the encryption of the redundant parity information. Change of the data causes change of the parity information and, when parity is not encrypted, a close analysis of parity change may enable one to reconstruct the all or some of the encrypted data. Therefore, when a user chooses the encryption of the parity information, it becomes more difficult to reconstruct the plain data from the encrypted data. The described storage system also provides a function for monitoring and reporting the current or projected utilization of various computer resources including processor and memory utilization, which assists the user in selecting the proper security option.
    • 所描述的方法使用户能够使用RAID技术在存储系统中指定灵活的加密选项。 用户可以使用系统来实现在安全性和系统负载/性能之间实现所需平衡的配置。 具体来说,该方法的一个方面使得用户能够启用或禁用冗余奇偶校验信息的加密。 数据的更改导致奇偶校验信息的改变,并且当奇偶校验未被加密时,对奇偶校验改变的仔细分析可以使得能够重建全部或一些加密数据。 因此,当用户选择奇偶校验信息的加密时,从加密的数据中重建普通数据变得更加困难。 所描述的存储系统还提供用于监视和报告包括处理器和存储器利用在内的各种计算机资源的当前或预计利用率的功能,其帮助用户选择适当的安全选项。
    • 69. 发明申请
    • Method and apparatus for data recovery
    • 用于数据恢复的方法和装置
    • US20070271422A1
    • 2007-11-22
    • US11436677
    • 2006-05-19
    • Nobuyuki Osaki
    • Nobuyuki Osaki
    • G06F13/00
    • G06F21/78G06F21/568G06F21/6218
    • A storage system stores I/O operations in a journal volume in a chronological order and with assigned sequence numbers. When a predefined command to be logged is received, the storage system transmits a log of the command to an external server with the information of a particular sequence number of the I/O operation that is influenced by the command. When a log entry is identified as necessitating data recovery, such as by being issued maliciously, the I/O operations with sequence numbers larger than the particular sequence number of the identified log entry are discarded. A log analysis module is located separately from the storage system on the external server, and is able to identify the particular sequence number of the I/O operation which is affected by the malicious command so that instructions may be sent to the storage system regarding the sequence numbers of the commands to be discarded.
    • 存储系统按时间顺序将I / O操作存储在日志卷中并具有分配的序列号。 当接收到要记录的预定义命令时,存储系统使用受命令影响的I / O操作的特定序列号的信息向外部服务器发送该命令的日志。 当日志条目被识别为必需的数据恢复时,例如恶意发出的,具有大于所识别的日志条目的特定序列号的序列号的I / O操作被丢弃。 日志分析模块与外部服务器上的存储系统分开定位,并且能够识别受恶意命令影响的I / O操作的特定序列号,以便指令可以发送到存储系统 要丢弃的命令的序号。
    • 70. 发明申请
    • Apparatus and method for secure data disposal
    • 用于安全数据处理的装置和方法
    • US20070220277A1
    • 2007-09-20
    • US11385581
    • 2006-03-20
    • Nobuyuki Osaki
    • Nobuyuki Osaki
    • G06F12/14
    • G06F21/6245
    • When data is stored for a certain retention period, well prior to the expiration date, the storage controller starts encryption of data on a certain volume while ensuring data access from hosts, and repeats read and write of the data predefined number of times while also ensuring data access from hosts. When the expiration date is reached and if the encryption completes, the storage controller dispose of the encryption keys. Using this technique, one can reuse the volume for other purposes as soon as the expiration is reached. Because one can start this process even much earlier than the expiration date, one can balance the workload of the controller by scheduling the process in order to avoid the peak of the workload for the data disposal process. Also, it is possible to minimize the period to manage encryption keys which makes key management easier.
    • 当数据在特定保留期间存储时,在到期日之前,存储控制器开始对特定卷上的数据进行加密,同时确保从主机访问数据,并重复读取和写入数据预定义次数,同时确保 来自主机的数据访问。 当达到到期日期并且加密完成时,存储控制器处理加密密钥。 使用这种技术,一旦达到期限,就可以将该卷重用于其他目的。 因为可以在到期日期之前启动此过程,所以可以通过调度进程来平衡控制器的工作负载,以避免数据处理过程的工作负载峰值。 此外,可以最小化管理加密密钥的周期,从而使密钥管理更容易。