Abstract: Methods and systems for account authorization mapping are described. An application server may transmit one or more authorization requests to one or more authorization entities associated with one or more applications. The application server may receive one or more access tokens associated with the one or more applications and may store one or more indications of authorization. The application server may further associate, at the authorization management entity, the one or more indications of authorization.

Abstract: A method for restoring an object comprises receiving a request to restore an object. Also, the method includes outputting a representation of available backup files and receiving a selection of at least one of the available backup files. Further, the method comprises restoring at least one of the selected backup files into a temporary location and mounting at least one of the restored backup files as a server. In addition, the method includes outputting a representation of available objects from the server and receiving a selection of at least one of the available objects to be restored from the server. Also, the method includes copying one or more selected objects from the server into an Active Directory.

Abstract: The present invention provides a computer implemented method, data processing system, and computer program product to restore an encrypted file. A computer receives a command to restore an encrypted file, wherein the encrypted file was previously backed up. The computer identifies a user associated with the encrypted file. The computer looks up a first keystore of the user based on the user, the first keystore having an active private key. The computer determines that a public key of the encrypted file fails to match an active public key of the first keystore. The computer restores a second keystore of the user to form a restored private key, wherein the second keystore was previously backed up. The computer responsive to a determination that the public key of the encrypted file fails to match the active public key of the first keystore, decrypts the encrypted file encryption key based on the restored private key to form a file encryption key.

Abstract: The various embodiments of the present invention include techniques for securing the use of data deduplication activities occurring in a source-deduplicating storage management system. These techniques are intended to prevent fake data backup, target data contamination, and data spoofing attacks initiated by a source. In one embodiment, one technique includes limiting chunk querying to authorized users. Another technique provides detection of attacks and unauthorized access to keys within the target system. Additional techniques include the combination of validating the existence of data from the source by validating the data chunk, validating a data sample of the data chunk, or validating a hash value of the data chunk. A further embodiment involves the use of policies to provide authorization levels for chunk sharing and linking within the target. These techniques separately and in combination provide a comprehensive strategy to avoid unauthorized access to data within the target storage system.

Abstract: A method for restoring an object comprises receiving a request to restore an object. Also, the method includes outputting a representation of available backup files and receiving a selection of at least one of the available backup files. Further, the method comprises restoring at least one of the selected backup files into a temporary location and mounting at least one of the restored backup files as a server. In addition, the method includes outputting a representation of available objects from the server and receiving a selection of at least one of the available objects to be restored from the server. Also, the method includes copying one or more selected objects from the server into an Active Directory.

Abstract: A method for restoring an object comprises receiving a request to restore an object. Also, the method includes outputting a representation of available backup files and receiving a selection of at least one of the available backup files. Further, the method comprises restoring at least one of the selected backup files into a temporary location and mounting at least one of the restored backup files as a server. In addition, the method includes outputting a representation of available objects from the server and receiving a selection of at least one of the available objects to be restored from the server. Also, the method includes copying one or more selected objects from the server into an Active Directory.

Abstract: Provided is a method, system and program for backing up the contents of a source storage device as an object in a data storage subsystem wherein the object contains image data representing the contents of the source storage device, and restoring the contents of the source storage device from the object to a file such as a flat file. The contents of the file may be copied to a target storage device to restore the contents of the source storage device from the file to the target storage device which may be the source storage device or another target storage device.

Abstract: File system objects of unknown type are backed up and restored. A list of file system objects is received from a file system. The file system objects are to be backed up. For each file system object that has a file type that is unknown, the following is performed. First, the file system is queried to obtain information regarding the file system object that is sufficient for the file system to later recreate the file system object if necessary. Second, the file system object and the information regarding the file system object are stored. Examples of file system object types of the file system that may be unknown to an application running on a Microsoft Windows® operating system include symbolic links, named pipes, and special device files.

Abstract: The various embodiments of the present invention include techniques for securing the use of data deduplication activities occurring in a source-deduplicating storage management system. These techniques are intended to prevent fake data backup, target data contamination, and data spoofing attacks initiated by a source. In one embodiment, one technique includes limiting chunk querying to authorized users. Another technique provides detection of attacks and unauthorized access to keys within the target system. Additional techniques include the combination of validating the existence of data from the source by validating the data chunk, validating a data sample of the data chunk, or validating a hash value of the data chunk. A further embodiment involves the use of policies to provide authorization levels for chunk sharing and linking within the target. These techniques separately and in combination provide a comprehensive strategy to avoid unauthorized access to data within the target storage system.

Abstract: A method for restoring an object comprises receiving a request to restore an object. Also, the method includes outputting a representation of available backup files and receiving a selection of at least one of the available backup files. Further, the method comprises restoring at least one of the selected backup files into a temporary location and mounting at least one of the restored backup files as a server. In addition, the method includes outputting a representation of available objects from the server and receiving a selection of at least one of the available objects to be restored from the server. Also, the method includes copying one or more selected objects from the server into an Active Directory.

Abstract: Provided are techniques for determining whether content of an object has changed. Under control of a backup system, opaque object attributes and a data identifier are received, wherein the data identifier is generated based on one or more relevant object attributes of the opaque object attributes that indicate whether at least one of the content of the object and one or more of the relevant object attributes has changed. The received data identifier is compared with a previously stored data identifier. In response to determining that the received data identifier and the previously stored data identifier do not match, it is determined that the content of the object has changed.

Abstract: The present invention provides a computer implemented method, data processing system, and computer program product to restore an encrypted file. A computer receives a command to restore an encrypted file, wherein the encrypted file was previously backed up. The computer identifies a user associated with the encrypted file. The computer looks up a first keystore of the user based on the user, the first keystore having an active private key. The computer determines that a public key of the encrypted file fails to match an active public key of the first keystore. The computer restores a second keystore of the user to form a restored private key, wherein the second keystore was previously backed up. The computer responsive to a determination that the public key of the encrypted file fails to match the active public key of the first keystore, decrypts the encrypted file encryption key based on the restored private key to form a file encryption key.

Abstract: Provided are techniques for determining whether content of an object has changed. Under control of a backup system, opaque object attributes and a data identifier are received, wherein the data identifier is generated based on one or more relevant object attributes of the opaque object attributes that indicate whether at least one of the content of the object and one or more of the relevant object attributes has changed. The received data identifier is compared with a previously stored data identifier. In response to determining that the received data identifier and the previously stored data identifier do not match, it is determined that the content of the object has changed.

Abstract: File system objects of unknown type are backed up and restored. A list of file system objects is received from a file system. The file system objects are to be backed up. For each file system object that has a file type that is unknown, the following is performed. First, the file system is queried to obtain information regarding the file system object that is sufficient for the file system to later recreate the file system object if necessary. Second, the file system object and the information regarding the file system object are stored. Examples of file system object types of the file system that may be unknown to an application running on a Microsoft Windows® operating system include symbolic links, named pipes, and special device files.

Abstract: Disclosed is a method, system, and program for ordering data. Portions of a logical volume are matched with portions of one or more physical extents. The one or more physical extents are ordered according to the order of the matched portions of the logical volume.

Abstract: Provided is a method, system and program for backing up the contents of a source storage device as an object in a data storage subsystem wherein the object contains image data representing the contents of the source storage device, and restoring the contents of the source storage device from the object to a file such as a flat file. The contents of the file may be copied to a target storage device to restore the contents of the source storage device from the file to the target storage device which may be the source storage device or another target storage device.

Abstract: Provided are a method, system, and program for performing an Input/Output (I/O) operation with respect to a logical device capable of being accessed by multiple host systems. Metadata in the logical device that is required in order to access the data in the logical device is overwritten to prevent at least one host system from accessing the data in the logical device represented by the overwritten metadata. An I/O operation is performed with respect to the logical device. Valid metadata is written to the logical device to enable host systems to access the data in the logical device represented by the metadata.

Abstract: Provided are a method, system, and program for performing an Input/Output (I/O) operation with respect to a logical device capable of being accessed by multiple host systems. Metadata in the logical device that is required in order to access the data in the logical device is overwritten to prevent at least one host system from accessing the data in the logical device represented by the overwritten metadata. An I/O operation is performed with respect to the logical device. Valid metadata is written to the logical device to enable host systems to access the data in the logical device represented by the metadata.

Abstract: Disclosed is a method, system, and program for ordering data. Portions of a logical volume are matched with portions of one or more physical extents. The one or more physical extents are ordered according to the order of the matched portions of the logical volume.