-
公开(公告)号:US11153094B2
公开(公告)日:2021-10-19
申请号:US15965082
申请日:2018-04-27
发明人: Charles W. Kaufman
摘要: Techniques for providing secure deduplication in a data storage system using smaller hash values. The techniques employ a keyed hash function to generate keyed hash values for data blocks received at the data storage system. The keyed hash function can generate keyed hash values having an acceptable probability of accidental collision, in which each keyed hash value requires a reduced number of bits to represent them. By representing each keyed hash value with a number of bits less than the number required for a cryptographic hash value, the impact that an index table in main memory has on the amount of free memory space available can be reduced, while still providing an acceptable probability of accidental collision. The keyed hash function can be implemented as a keyed universal hash function, which can reduce the number of processor cycles required to generate a keyed hash value for each received data block.
-
2.发明授权公开(公告)号:US10860226B2
公开(公告)日:2020-12-08
申请号:US15965156
申请日:2018-04-27
发明人: Ping Zhang , Charles W. Kaufman , Gregory W. Lazar , Xuan Tang , Yi Fang , Xiongfei Chen
摘要: Techniques for synchronizing configuration information in a clustered storage environment. The techniques allow a system administrator or other user to make additions and/or updates to configuration information in one or more configuration files, which are automatically propagated for storage in multiple data storage appliances within a storage domain. By allowing a user to make changes to configuration files associated with a primary appliance within the storage domain, and automatically propagating the configuration files in a background process from the primary appliance to multiple secondary appliances within the storage domain, the user can more readily assure consistency of the configuration information, not only among the primary and secondary appliances within the storage domain, but also among previously unavailable or unreachable data storage appliance(s) that may be recovered and brought back on line within the storage domain.
-
公开(公告)号:US20190173675A1
公开(公告)日:2019-06-06
申请号:US16270254
申请日:2019-02-07
发明人: Charles W. Kaufman
IPC分类号: H04L9/08
摘要: Providing a server polling component for remote cryptographic key erasure resilient to network outage. A set of keys received from a server are stored on data storage. The data storage sends a status request to the server. If a key enabled status is received, the data storage continues normal operations. If a key disabled status is received, a key failure action is performed. The key failure action includes deleting one or more of the keys in the set of keys or shutting down one or more storage devices of the data storage. If no response is received from the server, the data storage iteratively resends the status request at retry time intervals until a response is received from the server or until a time out period expires. On expiration of the time out period, the key failure action is performed.
-
公开(公告)号:US20210264031A1
公开(公告)日:2021-08-26
申请号:US16798705
申请日:2020-02-24
发明人: Danny V. Dhillon , Charles W. Kaufman , Eric Baize
摘要: Methods, apparatus, and processor-readable storage media for prioritizing patching of vulnerable components are provided herein. An example computer-implemented method includes obtaining information indicative of a first set of components embedded in a software package; determining risk levels for respective ones of the components in the first set based on a data flow representation of the software package; and assigning a priority for patching a software vulnerability in a given component of the first set based at least in part on the risk level of the given component.
-
公开(公告)号:US10394646B1
公开(公告)日:2019-08-27
申请号:US14984749
申请日:2015-12-30
IPC分类号: G06F11/10
摘要: Described are techniques for performing data validation processing. An expected sequence of characters is determined that includes a plurality of groups. Each of the plurality of groups includes a first expected sequence of one or more characters representing encoded information and a second expected sequence of one or more data validation characters determined in accordance with a corresponding portion of the expected sequence. The portion includes at least the first expected sequence of one or more characters of the group. Data validation processing is incrementally performed as data for each of the plurality of groups is received. The data validation processing performed as data for each group is received uses a received sequence of one or more data validation characters corresponding to the second expected sequence of one or more data validation characters of each group.
-
6.发明申请公开(公告)号:US20190238346A1
公开(公告)日:2019-08-01
申请号:US15883565
申请日:2018-01-30
发明人: Radia J. Perlman , Charles W. Kaufman , Xuan Tang
摘要: A challenge/response authentication procedure determines whether a response is a correct response, a unique incorrect response, or a non-unique incorrect response, the unique incorrect response and non-unique incorrect response being differentiated by comparing the response value with a store of unique incorrect response values. For the correct response, client access to protected computer system resources is allowed, and the challenge value is discarded so as not to be used again. For the unique incorrect response, (1) when a predetermined limit of unique incorrect responses has not been reached, then the response value is added to the store of unique incorrect response values and the process is repeated with reuse of the challenge value, and (2) when the predetermined limit has been reached, then the client is locked out. For the non-unique incorrect response, the process is repeated with reuse of the challenge value.
-
公开(公告)号:US11550919B2
公开(公告)日:2023-01-10
申请号:US16798705
申请日:2020-02-24
发明人: Danny V. Dhillon , Charles W. Kaufman , Eric Baize
摘要: Methods, apparatus, and processor-readable storage media for prioritizing patching of vulnerable components are provided herein. An example computer-implemented method includes obtaining information indicative of a first set of components embedded in a software package; determining risk levels for respective ones of the components in the first set based on a data flow representation of the software package; and assigning a priority for patching a software vulnerability in a given component of the first set based at least in part on the risk level of the given component.
-
公开(公告)号:US11321443B2
公开(公告)日:2022-05-03
申请号:US16178904
申请日:2018-11-02
摘要: A method, computer program product, and computing system for coupling password-resetting content to an IT computing device. The password-resetting content is validated on the IT computing device. The password-resetting content is processed to reset one or more passwords associated with the IT computing device.
-
9.发明申请公开(公告)号:US20190332297A1
公开(公告)日:2019-10-31
申请号:US15965156
申请日:2018-04-27
发明人: Ping Zhang , Charles W. Kaufman , Gregory W. Lazar , Xuan Tang , Yi Fang , Xiongfei Chen
摘要: Techniques for synchronizing configuration information in a clustered storage environment. The techniques allow a system administrator or other user to make additions and/or updates to configuration information in one or more configuration files, which are automatically propagated for storage in multiple data storage appliances within a storage domain. By allowing a user to make changes to configuration files associated with a primary appliance within the storage domain, and automatically propagating the configuration files in a background process from the primary appliance to multiple secondary appliances within the storage domain, the user can more readily assure consistency of the configuration information, not only among the primary and secondary appliances within the storage domain, but also among previously unavailable or unreachable data storage appliance(s) that may be recovered and brought back on line within the storage domain.
-
公开(公告)号:US20220141210A1
公开(公告)日:2022-05-05
申请号:US17084922
申请日:2020-10-30
摘要: A technique for managing communications between a server and multiple clients includes configuring the server to support multiple sets of certificates for respective clients having respective root certificates. The technique further includes determining an indicator associated with a client root certificate during an initial handshake between a client and the server and providing the client with a server certificate associated with the indicator.
-
-
-
-
-
-
-
-
-
搜索结果
19 条记录 (耗时 0.016 秒)
