Abstract: A method for encrypting data includes receiving a block of plaintext for a data set at one or more computers, acquiring a cryptographic key for the data set, generating an initialization vector for the block of plaintext based on the block of plaintext, and encrypting the block of plaintext using the cryptographic key and the initialization vector.

Abstract: A data encryption system with encryption integrity verification includes an encryption engine configured to receive an unencrypted data packet and generate an encrypted data packet based at least in part on the unencrypted data packet. The system also includes a decryption engine in electronic communication with the encryption engine, the decryption engine configured to receive the encrypted data packet and generate a decrypted data packet based at least in part on the encrypted data packet. The system further includes a comparator in electronic communication with the encryption engine and the decryption engine, the comparator configured to receive the unencrypted and decrypted data packets, determine whether the unencrypted and decrypted data packets are identical, and present the encrypted data packet as an output when the unencrypted and decrypted data packets are identical.

Abstract: A multiple field nonce particularly suited for use in encryption algorithms associated with data storage has at least one field unique to each data storage device to avoid the possibility of the same nonce value being used to store more than one data string. Additional fields may be based on the number of times at least one encryption key is associated with the storage device and on a number assigned to the particular string of data.

Abstract: A system, method and data storage device for encrypting data to provide at-rest data encryption of data in the data storage device. The system includes a compression engine for receiving a host data stream packet and selectively generating a compressed data packet, and an encryption engine in electronic communication with the compression engine for receiving an unencrypted data packet from the compression engine. The unencrypted data packet comprises the compressed data packet when the compression engine generates the compressed data packet. The unencrypted data packet comprises the host data packet when the compression engine does not generate the compressed data packet. The encryption engine generates an encrypted data packet having an encrypted component corresponding to the unencrypted data packet and a set of meta data indicative of one or more characteristic of the encrypted data packet.

Abstract: A system for data storage includes a switch node, a meta-data server, a plurality of storage servers having at least one respective data storage device, and a scalable interconnect. The scalable interconnect couples the switch node, the meta-data server, and the storage servers. At least one of the switch node, the meta-data server and the storage servers includes a hierarchical storage manager (HSM). When information is received at the switch node, the HSM presents the information substantially simultaneously to the storage servers for storage at the respective data storage devices.

Abstract: A system for object-based archival data storage includes an object-based storage subsystem having respective data storage devices, at least one file presentation interface that interfaces to client platforms, an administration interface having graphical user interface (GUI) and a command line interface (CLI), a meta data subsystem for storing meta data about files, and includes a virtual file subsystem having a virtual file server (VFS), a policy subsystem, and a scalable interconnect to couple the object-based storage subsystem, the at least one file presentation interface, the administration interface, the meta data subsystem, and the policy subsystem, wherein the policy subsystem provides system rules predetermined by a user for at least one of hash based integrity checking, read-only/write-ability/erase-ability control, and duplicate data treatment corresponding to files and file objects.

Abstract: A system for object-based archival data storage includes an object-based storage subsystem having respective data storage devices, at least one file presentation interface that interfaces to client platforms, an administration interface having graphical user interface (GUI) and a command line interface (CLI), a meta data subsystem for storing meta data about files, and includes a virtual file subsystem having a virtual file server (VFS), a policy subsystem that provides system rules predetermined by a user, and a scalable interconnect to couple the object-based storage subsystem, the at least one file presentation interface, the administration interface, the meta data subsystem, and the policy subsystem, wherein the meta data subsystem stores meta data about data files and object files including local file system location, object identification for data, hash, and presented file system information.

Abstract: A system that securely registers components in a first system is presented. During operation, the first system receives a request from an intermediary system to obtain configuration information related to the components in the first system. In response to the request, the first system: (1) encrypts configuration information for the first system using a first encryption key; (2) encrypts the first encryption key using a second encryption key; and (3) sends the encrypted configuration information and the encrypted first encryption key to the intermediary system so that the intermediary system can forward the encrypted configuration information and the encrypted first encryption key to the second system, whereby the encrypted configuration information is cryptographically opaque to the intermediary system. Next, the second system uses the configuration information to register the components in the first system.

Abstract: A system that remotely authenticates a command is presented. During operation, an authentication system receives the command from an intermediary system, wherein the command is to be executed on a target system. Next, the authentication system authenticates the intermediary system. If the intermediary system is successfully authenticated, the authentication system authenticates the command using a private key for the authentication system to produce an authenticated command. Next, the authentication system sends the authenticated command to the intermediary system, thereby enabling the intermediary system to send the authenticated command to the target system so that the target system can use a public key for the authentication system to verify and execute the command.

Abstract: A system for object-based archival data storage includes an object-based storage subsystem having respective data storage devices, at least one file presentation interface that interfaces to client platforms, an administration interface having graphical user interface (GUI) and a command line interface (CLI), a meta data subsystem for storing meta data about files, and includes a virtual file subsystem having a virtual file server (VFS), a policy subsystem, and a scalable interconnect to couple the object-based storage subsystem, the at least one file presentation interface, the administration interface, the meta data subsystem, and the policy subsystem, wherein the policy subsystem provides system rules predetermined by a user for at least one of hash based integrity checking, read-only/write-ability/erase-ability control, and duplicate data treatment corresponding to files and file objects.

Abstract: One embodiment of the present invention provides a system that parallelizes the TCP-related actions of a network connection between two computer systems during a data transfer between the two computer systems. During operation, the first computer system partitions the data into two or more data segments, and assigns the data segments to multiple processing elements. These multiple processing elements subsequently prepare and send their assigned data segments to the second computer system in parallel using TCP.

Abstract: A system and method for storing data in a virtual file system using write once read many (WORM) protection includes a WORM server in communication with one or more storage devices and a controller in communication with the WORM server. A first time stamping process for creating a first time stamp for a data object based on instructions applied by the controller for storage on the WORM server. A second time stamping process for creating a second time stamp for the data object for storage on the WORM server. The second time stamping process creates the second time stamp for the data object and first time stamp to ensure the integrity of the data object stored on the system.

Abstract: A system and method for error detection in a data storage array includes one or more storage medium interconnected with a controller through a network. A data integrity engine in the controller applies a first error detection process to a data object to create one or more data blocks and associated parity codes. First and second error detection processes are applied to detect and repair errors in the data object.

Abstract: A system and a method for secure data storage includes one or more data storage devices. A storage area network places the one or more data storage devices in communication with one or more user interfaces. A secure data solution includes a log structured driver interfacing with the one or more data storage devices to encrypt and secure data stored thereon. The log structured driver encrypts and decrypts data into a plurality of segments created on the one or more data storage devices. The system includes a traffic masking pattern that is used to obscure activity on the system from potential attackers.

Abstract: A system for object-based archival data storage includes an object-based storage subsystem having respective data storage devices, an administration interface and a meta data subsystem for storing meta data about files. The system includes an algorithm for analyzing and conducting a reverse differential analysis and compression of data objects for storage and retrieval from the object storage subsystem.

Abstract: A system and method for secure generation and distribution of digital encryption keys is disclosed. The system may also be used to protect and distribute other types of secure information, including digital, audio, video, or analog data, or physical objects. The system may include a tamper-respondent secure token device, which may be configured to destroy or disable access to the secure information contained therein in response to attempts to physically or electronically breach the device. Outputs may be provided in a secure manner through various interfaces without using electricity (wires) or electromagnetic radiation. Inputs may be provided in a secure manner, including through the use of a gesture-based input interface. Destruction or disablement of the device and/or its secure contents may be provided upon detection of tamper attempts or upon input of a self-destruct command. Proof of the destruction or disablement of the device or its contents may be provided.

Abstract: A method, computer program product, and data processing system for continuously writing new data to a redundant array of independent storage devices without interrupting the writing of new data to the array to reconstruct missing data from a failed device or failed media is disclosed. A fault-tolerance scheme using multiple independent parity values is used to record data to the array. In the event that one of the volumes in the array fails, the remaining volumes continue being written to, but with fewer data or parity values being employed. The failed volume can then be reconstructed following the completion of writing the media set currently being written.

Abstract: A method, computer program product, and data processing system for generating and validating an upgradeable digital timestamp of a document is disclosed. The digital timestamp includes a hash value, a current time, and a digital signature. Over time, as computer and cryptanalytic technology progresses, upgrade timestamps are applied to the document that take advantage of more advanced, more difficult to break hash functions or digital signature schemes. These upgrade timestamps are applied preventatively at a point in time just prior to the timestamp's being able to be compromised.

Abstract: A method, system and program for generating parity in a data storage system are provided. The invention comprises organizing an incoming data block into a specified number of data stripes and cascading the data stripes into a parity creation mechanism. The parity creation mechanism creates a specified number of parity stripes based on the data stripes, wherein the number of parity stripes is independent of the size of the data block. The parity creation mechanism can operate offline to reconstruct lost data stripes and parity stripes without using critical system resources, wherein the number of devices required for stripe reconstruction is less than the combined number of data stripes and parity stripes.

Abstract: A data processing system, method, and product are disclosed for managing a virtual storage system. A first command is received from a host to store data utilizing a storage scheme. At least one second command is generated to write data according to the storage scheme to ones of the storage devices in response to the receipt of the first command. The at least one second command is then transmitted to the ones of the plurality of storage devices. Data is stored in the ones of the storage devices according to the storage scheme in response to a receipt of the second command by a storage device.