专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

61. 发明授权

US08250376B2 Method and apparatus for cryptographic conversion in a data storage system 有权
标题翻译：数据存储系统中密码转换的方法和装置
公开(公告)号：US08250376B2
公开(公告)日：2012-08-21
申请号：US12820432
申请日：2010-06-22
申请人： Nobuyuki Osaki
发明人： Nobuyuki Osaki
IPC分类号： G06F12/14
CPC分类号： H04L9/0894 , G06F21/80 , H04L9/088 , H04L9/14
摘要： When data is encrypted and stored for a long time, encryption key(s) and/or algorithm(s) should be updated so as not to be compromised due to malicious attack. To that end, stored encrypted data is converted in the storage system with new set of cryptographic criteria. During this process, read and write requests can be serviced.
摘要翻译：当长时间对数据进行加密和存储时，应更新加密密钥和/或算法，以免因恶意攻击而受到威胁。为此，存储的加密数据在存储系统中使用新的加密标准集进行转换。在此过程中，可以对读取和写入请求进行处理。

62. 发明授权

US08098824B2 Storage apparatus and data management method 有权
标题翻译：存储设备和数据管理方法
公开(公告)号：US08098824B2
公开(公告)日：2012-01-17
申请号：US12010056
申请日：2008-01-18
申请人： Kyoko Mikami , Nobuyuki Osaki
发明人： Kyoko Mikami , Nobuyuki Osaki
IPC分类号： H04L9/00
CPC分类号： H04L9/083 , G06F11/2074 , G06F21/6218 , G06F21/805 , H04L9/0891
摘要： Provided is a storage system that includes a first storage apparatus and a second storage apparatus each connected to a host computer. The first and second storage apparatuses each include a controller and a disk drive. The controller manages an encryption status and an encryption key for each of a data volume and a journal volume in the disk drive. The controller in the first storage apparatus receives a write request from the host computer, creates a journal based on write data, encrypts the journal, and stores in an order the journal in a storage area in the journal volume. The controller in the order the encrypted journal stored in the journal volume, decrypts the journal, and transmits the decrypted journal to the second storage apparatus.
摘要翻译：提供了一种存储系统，其包括每个连接到主计算机的第一存储装置和第二存储装置。第一和第二存储装置各自包括控制器和磁盘驱动器。控制器管理磁盘驱动器中的每个数据卷和日志卷的加密状态和加密密钥。第一存储装置中的控制器从主计算机接收写入请求，基于写入数据创建日志，加密日志，并将日志存储在日志卷中的存储区域中。控制器按照存储在日志卷中的加密日志的顺序解密日志，并将解密的日志传送到第二存储装置。

63. 发明授权

US07849271B2 System and method for intrusion protection of network storage 有权
标题翻译：网络存储入侵保护的系统和方法
公开(公告)号：US07849271B2
公开(公告)日：2010-12-07
申请号：US11761239
申请日：2007-06-11
申请人： Junji Kinoshita , Nobuyuki Osaki
发明人： Junji Kinoshita , Nobuyuki Osaki
IPC分类号： G06F12/14
CPC分类号： G06F3/0637 , G06F3/0622 , G06F3/067 , G06F21/805 , G06F2221/2101
摘要： Protection mechanism is provided for data stored in logical volumes, especially during the time the corresponding host computer is off line. Additionally, integrity check mechanism is provided for logical volume when the host computer is started, so that host computer can detect unauthorized access to its assigned logical volume during off-line period, and execute security check.
摘要翻译：为存储在逻辑卷中的数据提供保护机制，特别是在相应的主机离线时。另外，当主机启动时，为逻辑卷提供了完整性检查机制，使得主机可以在离线期间检测到未分配的对其分配的逻辑卷的访问，并执行安全检查。

64. 发明申请

US20090327757A1 Computer system for managing storage area state of a storage system 失效
标题翻译：用于管理存储系统的存储区域状态的计算机系统
公开(公告)号：US20090327757A1
公开(公告)日：2009-12-31
申请号：US12155356
申请日：2008-06-03
申请人： Daisuke Kito , Kyoko Mikami , Nobuyuki Osaki
发明人： Daisuke Kito , Kyoko Mikami , Nobuyuki Osaki
IPC分类号： G06F12/14
CPC分类号： G06F21/80
摘要： There is provided a computer system, having a host and at least one storage system. The at least one storage system provides storage area includes at least one of an encrypted storage area and a plaintext storage area The at least one storage system is configured to: receive an instruction about what type of storage area is available to the host computer; present the encrypted storage area to the host as an available storage area separate from unavailable storage areas in the case of the type of storage area being available according to the instruction indicating “encrypted”; and present, in the case of the type of storage area being available according to the instruction indicating other than “encrypted”, one of both the encrypted storage area and the plaintext storage area to the host computer as available storage areas, and only the plaintext storage area as an available storage area.
摘要翻译：提供了一种具有主机和至少一个存储系统的计算机系统。所述至少一个存储系统提供存储区域，其包括加密存储区域和明文存储区域中的至少一个。所述至少一个存储系统被配置为：接收关于所述主机计算机可用的什么类型的存储区域的指令; 根据指示“加密”的指令，在存储区域类型可用的情况下，将加密的存储区域作为可用存储区域与可用存储区域分离; 并且在根据指示“加密”以外的指示的存储区域的类型的情况下，存在于主计算机的加密存储区域和明文存储区域之一作为可用存储区域，并且仅存在明文存储区域作为可用存储区域。

65. 发明申请

US20090094426A1 STORAGE SYSTEM 审中-公开
标题翻译：存储系统
公开(公告)号：US20090094426A1
公开(公告)日：2009-04-09
申请号：US12017725
申请日：2008-01-22
申请人： Hirokazu IKEDA , Nobuhiro Maki , Nobuyuki Osaki
发明人： Hirokazu IKEDA , Nobuhiro Maki , Nobuyuki Osaki
IPC分类号： G06F12/16
CPC分类号： G06F11/2074 , G06F11/2058 , G06F11/2064 , G06F2201/855
摘要： An object of the present invention is to reduce the required volume capacity and journal control resources by sharing the journal volumes of an asynchronous copy function and a CDP function.In a configuration where an asynchronous copy function and a CDP function share a journal volume, when the journal volume is updated, only the journal data provided to both a volume at remote locations and a base volume is set to be a target for deletion or overwriting.
摘要翻译：本发明的目的是通过共享异步复制功能和CDP功能的日志卷来减少所需的卷容量和日志控制资源。在异步复制功能和CDP功能共享日志卷的配置中，当更新日志卷时，只有提供给远程位置的卷和基本卷的日志数据才被设置为删除或覆盖的目标。

66. 发明申请

US20080260159A1 Computer system, storage system, and data management method for updating encryption key 有权
标题翻译：用于更新加密密钥的计算机系统，存储系统和数据管理方法
公开(公告)号：US20080260159A1
公开(公告)日：2008-10-23
申请号：US12010049
申请日：2008-01-18
申请人： Nobuyuki Osaki
发明人： Nobuyuki Osaki
IPC分类号： H04L9/06
CPC分类号： H04L9/0891 , G06F21/80 , H04L63/0464
摘要： A computer system encrypts write-data to be written to the volume in response to a write command. The system transmits a rekey command from host computer system to the storage system when the key data stored in the host key data memory is changed to second key data. The storage system receives the rekey command transmitted from host computer system and stores the first and second key data contained in the received rekey command to a volume key data memory of the storage system. The storage system reads out data encrypted with the first key data from an original block address in the volume. The storage system decrypts the data read out from the volume using the first key data. The storage system encrypts the data decrypted by the first key data using the second key data, and writs the data encrypted with the second key data to the original block address.
摘要翻译：计算机系统响应于写命令加密要写入卷的写数据。当存储在主机密钥数据存储器中的密钥数据被改变为第二密钥数据时，系统将主机计算机系统的密钥命令发送到存储系统。存储系统接收从主计算机系统发送的重新命令命令，并将包含在接收到的重命令命令中的第一和第二密钥数据存储到存储系统的卷密钥数据存储器。存储系统从卷中的原始块地址读出利用第一密钥数据加密的数据。存储系统使用第一密钥数据解密从卷读出的数据。存储系统使用第二密钥数据对由第一密钥数据解密的数据进行加密，并将用第二密钥数据加密的数据写入原始块地址。

67. 发明申请

US20080244580A1 Redundant configuration method of a storage system maintenance/management apparatus 有权
标题翻译：一种存储系统维护/管理装置的冗余配置方法
公开(公告)号：US20080244580A1
公开(公告)日：2008-10-02
申请号：US12007334
申请日：2008-01-09
申请人： Takahiro Fujita , Hirokazu Ikeda , Nobuyuki Osaki
发明人： Takahiro Fujita , Hirokazu Ikeda , Nobuyuki Osaki
IPC分类号： G06F12/00 , G06F9/46
CPC分类号： G06F11/2028 , G06F3/0617 , G06F3/0635 , G06F3/067 , G06F11/2041 , G06F11/2069 , G06F11/2092 , H04L41/0668 , H04L41/0695 , H04L67/1097
摘要： Provided is a method of managing a computer system including a plurality of storage systems and a plurality of management appliances for managing the plurality of storage systems. A first management appliance and a second management appliance hold an identifier of a first storage system and management data obtained from the first storage system. The method includes the steps of: selecting a third management appliance from the plurality of management appliances when a failure occurs in the first management appliance; transmitting the identifier held in the second management appliance from the second management appliance to the selected third management appliance; and holding the identifier transmitted from the second management appliance in the selected third management appliance. Thus, it is possible to prevent, after failing-over due to an abnormality of a maintenance/management appliance, a single point of failure from occurring to reduce reliability of the maintenance/management appliance.
摘要翻译：提供一种管理包括多个存储系统和多个用于管理多个存储系统的管理设备的计算机系统的方法。第一管理设备和第二管理设备保存第一存储系统的标识符和从第一存储系统获得的管理数据。该方法包括以下步骤：当在第一管理设备中发生故障时，从多个管理设备中选择第三管理设备; 将保持在第二管理设备中的标识从第二管理设备传送到所选择的第三管理设备; 以及在所选择的第三管理设备中保存从第二管理设备发送的标识符。因此，可以防止由于维护/管理设备的异常而导致的故障发生之后发生单点故障以降低维护/管理设备的可靠性。

68. 发明申请

US20080092029A1 METHOD AND APPARATUS FOR ENCRYPTION WITH RAID IN STORAGE SYSTEM 有权
标题翻译：在存储系统中加密RAID的方法和装置
公开(公告)号：US20080092029A1
公开(公告)日：2008-04-17
申请号：US11537557
申请日：2006-09-29
申请人： Hiroshi Arakawa , Nobuyuki Osaki
发明人： Hiroshi Arakawa , Nobuyuki Osaki
IPC分类号： G06F11/00 , H03M13/00
CPC分类号： G06F11/1076 , G06F21/6218 , G06F2211/1009
摘要： The described methodology provides users with the ability to specify flexible encryption options in a storage system using RAID technology. The users can use the system to achieve a configuration which achieves a desired balance between security and system load/performance. Specifically, one aspect of the methodology enables the user to enable or disable the encryption of the redundant parity information. Change of the data causes change of the parity information and, when parity is not encrypted, a close analysis of parity change may enable one to reconstruct the all or some of the encrypted data. Therefore, when a user chooses the encryption of the parity information, it becomes more difficult to reconstruct the plain data from the encrypted data. The described storage system also provides a function for monitoring and reporting the current or projected utilization of various computer resources including processor and memory utilization, which assists the user in selecting the proper security option.
摘要翻译：所描述的方法使用户能够使用RAID技术在存储系统中指定灵活的加密选项。用户可以使用系统来实现在安全性和系统负载/性能之间实现所需平衡的配置。具体来说，该方法的一个方面使得用户能够启用或禁用冗余奇偶校验信息的加密。数据的更改导致奇偶校验信息的改变，并且当奇偶校验未被加密时，对奇偶校验改变的仔细分析可以使得能够重建全部或一些加密数据。因此，当用户选择奇偶校验信息的加密时，从加密的数据中重建普通数据变得更加困难。所描述的存储系统还提供用于监视和报告包括处理器和存储器利用在内的各种计算机资源的当前或预计利用率的功能，其帮助用户选择适当的安全选项。

69. 发明申请

US20070271422A1 Method and apparatus for data recovery 失效
标题翻译：用于数据恢复的方法和装置
公开(公告)号：US20070271422A1
公开(公告)日：2007-11-22
申请号：US11436677
申请日：2006-05-19
申请人： Nobuyuki Osaki
发明人： Nobuyuki Osaki
IPC分类号： G06F13/00
CPC分类号： G06F21/78 , G06F21/568 , G06F21/6218
摘要： A storage system stores I/O operations in a journal volume in a chronological order and with assigned sequence numbers. When a predefined command to be logged is received, the storage system transmits a log of the command to an external server with the information of a particular sequence number of the I/O operation that is influenced by the command. When a log entry is identified as necessitating data recovery, such as by being issued maliciously, the I/O operations with sequence numbers larger than the particular sequence number of the identified log entry are discarded. A log analysis module is located separately from the storage system on the external server, and is able to identify the particular sequence number of the I/O operation which is affected by the malicious command so that instructions may be sent to the storage system regarding the sequence numbers of the commands to be discarded.
摘要翻译：存储系统按时间顺序将I / O操作存储在日志卷中并具有分配的序列号。当接收到要记录的预定义命令时，存储系统使用受命令影响的I / O操作的特定序列号的信息向外部服务器发送该命令的日志。当日志条目被识别为必需的数据恢复时，例如恶意发出的，具有大于所识别的日志条目的特定序列号的序列号的I / O操作被丢弃。日志分析模块与外部服务器上的存储系统分开定位，并且能够识别受恶意命令影响的I / O操作的特定序列号，以便指令可以发送到存储系统要丢弃的命令的序号。

70. 发明申请

US20070220277A1 Apparatus and method for secure data disposal 有权
标题翻译：用于安全数据处理的装置和方法
公开(公告)号：US20070220277A1
公开(公告)日：2007-09-20
申请号：US11385581
申请日：2006-03-20
申请人： Nobuyuki Osaki
发明人： Nobuyuki Osaki
IPC分类号： G06F12/14
CPC分类号： G06F21/6245
摘要： When data is stored for a certain retention period, well prior to the expiration date, the storage controller starts encryption of data on a certain volume while ensuring data access from hosts, and repeats read and write of the data predefined number of times while also ensuring data access from hosts. When the expiration date is reached and if the encryption completes, the storage controller dispose of the encryption keys. Using this technique, one can reuse the volume for other purposes as soon as the expiration is reached. Because one can start this process even much earlier than the expiration date, one can balance the workload of the controller by scheduling the process in order to avoid the peak of the workload for the data disposal process. Also, it is possible to minimize the period to manage encryption keys which makes key management easier.
摘要翻译：当数据在特定保留期间存储时，在到期日之前，存储控制器开始对特定卷上的数据进行加密，同时确保从主机访问数据，并重复读取和写入数据预定义次数，同时确保来自主机的数据访问。当达到到期日期并且加密完成时，存储控制器处理加密密钥。使用这种技术，一旦达到期限，就可以将该卷重用于其他目的。因为可以在到期日期之前启动此过程，所以可以通过调度进程来平衡控制器的工作负载，以避免数据处理过程的工作负载峰值。此外，可以最小化管理加密密钥的周期，从而使密钥管理更容易。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式