The field of technology is data processing, or, more specifically, methods, apparatus, and products for providing authorization and authentication in a cloud for a user of a storage array.
Data centers may include many computing components including servers, network devices, and storage arrays. As the need for storage of large amounts of data and efficient access to that data increases, storage array technology is advancing. Such storage arrays may provide persistent storage for any number of computing devices in a data center. Given that many data centers provide services to many different users, various considerations must be taken into account to provide efficient, useful, and secure access to and administration of storage arrays. Security of storage array administration and access to storage array services may be highly complex.
Methods, apparatus, and products for providing authorization and authentication in a cloud for a user of a storage array are disclosed. In some embodiments, providing such authorization and authentication includes: receiving, by a cloud-based security module from a client-side array services module, user credentials; authenticating, by the cloud-based security module, the user credentials; identifying, by the cloud-based security module, authorized access privileges defining one or more storage array services accessible by the user; generating, by the cloud-based security module, a token representing the authentication of the user credentials and the authorized access privileges; and providing, by the cloud-based security module to the client-side array services module, the token.
In some embodiments, providing authorization and authentication in a cloud for a user of a storage array includes receiving, by a storage array access module from a client-side array services module, a token representing authentication of user credentials and authorized access privileges defining one or more storage array services accessible by the user, where the token is generated by a cloud-based security module upon authentication of the user credentials and identification of authorized access privileges for the user; receiving, by the storage array access module from the user, a user access request to one or more storage array services; and determining, by the storage array access module, whether to grant the user access request in dependence upon the authorized access privileges represented by the token.
The foregoing and other objects, features and advantages of the invention will be apparent from the following more particular descriptions of exemplary embodiments of the invention as illustrated in the accompanying drawings wherein like reference numbers generally represent like parts of exemplary embodiments of the invention.
Exemplary methods, apparatus, and products for providing authorization and authentication in a cloud for a user of a storage array in accordance with the present invention are described with reference to the accompanying drawings, beginning with
The computing devices (164-170) in the example of
The local area network (160) of
The example storage arrays (102, 104) of
Each storage controller (106, 112) may be implemented in a variety of ways, including as an FPGA (Field Programmable Gate Array), a PLC (Programmable Logic Chip), an ASIC (Application Specific Integrated Circuit), or computing device that includes discrete components such as a central processing unit, computer memory, and various adapters. Each storage controller (106, 112) may, for example, include a data communications adapter configured to support communications via the SAN (158) and the LAN (160). Only one of the storage controllers (112) in the example of
Each write buffer device (148, 152) may be configured to receive, from the storage controller (106, 112), data to be stored in the storage devices (146). Such data may originate from any one of the computing devices (164-170). In the example of
A ‘storage device’ as the term is used in this specification refers to any device configured to record data persistently. The term ‘persistently’ as used here refers to a device's ability to maintain recorded data after loss of a power source. Examples of storage devices may include mechanical, spinning hard disk drives, Solid-state drives (“Flash drives”), and the like.
In addition to being coupled to the computing devices through the SAN (158), the storage arrays may also be coupled to the computing devices through the LAN (160) and to one or more cloud service providers through the Internet (172). One example cloud service in
Another example cloud service in
The system of
The cloud-based security module may receive, from a client-side array services module, user credentials. Such user credentials may take various forms including, for example, a user identifier and password.
A client-side array services module is a module of automated computing machinery that includes computer hardware, computer software, or an aggregation of hardware and software that is configured to present, locally, a user interface for accessing cloud-based storage array services. A client-side array services module be implemented in a variety of ways, as a command-line interface, a graphical user interface (‘GUI’), as a web service, as a web browser or component of a web browser, or the like. The client-side array services module may access services provided by the storage array services provider (176) through an application program interface (API) presented by the storage array services provider.
In some embodiments, the client-side array services module may be a web browser configured for cross-domain resource sharing. Web browsers configured according to the HTML 5 standard, for example, may implement CORS (Cross-Origin Resource Sharing). CORS enables one web page in a first domain to request resources provided by a second web page in a second domain. To that end, the client-side array services module (178) in the example of
The client-side array services module (178) may be provide one or more service options to a user of a storage array. Such service options may be services supported by the cloud-based storage array services provider (176). Upon selection of one of those service options, the client-side array services module (178) may prompt a user for user credentials and receive those user credentials through one or more user input devices. The client-array services module (178) may then provide those user credentials to the identity provider through the LAN (160) and Internet (172).
Upon receipt, the IDP may authenticate the user credentials, identify authorized access privileges defining one or more storage array services accessible by the user, generate a token representing the authentication of the user credentials and the authorized access privileges; and provide the token to the client-side array services module (178). The access privileges for a user define the user's accessibility to storage array services. Different users may be provided access to different services for security purposes. Users may granted be access to services for all storage arrays or only subset of all of the storage arrays. Further, a ‘user’ may be a user of the storage array (one who stores and retrieves data in the storage array) or a system administrator that manages the storage array.
The access privileges may be defined in the cloud-based security module (the IDP in the example of
The client-side array services module may then provide the token to a storage array access module (180). The storage array access module (180) is a module of automated computing machinery that includes computer hardware, computer software, or an aggregation of hardware and software that is configured to perform various tasks for the storage array and provide results of services to a user. The storage array access module (180) may receive software to execute that performs the services provided by the storage array services provider (176). The storage array access module (180) may also receive configuration information from the storage array services provider (176) where such information is utilized by the storage array access module (180) to configure the storage array. The storage array access module (180) may operate in such a way that the module does not appear directly to a user through the client-side array services module. That is, a user, if authorized, my access various services provided by the storage array services provider (176) through utilization of the storage array access module (180), even without knowledge of the storage array access module's (180) operation.
The storage array access module (180) in the example of
Throughout this process, a user need only “sign-on” a single time to access services at the storage array even though a third party (the IDP in this example) provides the authentication and authorization. Such a single sign on is enabled in the client-side array services module (178) through the cross-domain resource sharing provided by the client-side array services module (178). After authentication and authorization, as long as the user maintains a session with the client-side array services module (178) and the client-side array services module (178) maintains the token generated by the IDP (174), the user need not sign in again to subsequently access services at the storage array.
Although the IDP (174) in the example of
Although the storage array services provider (176) and identity provider (174) in the example of
The arrangement of computing devices, storage arrays, cloud-based service providers, networks and other devices making up the exemplary system illustrated in
Providing authorization and authentication in a cloud for a user of a storage array in accordance with embodiments of the present invention is generally implemented with computers. In the system of
The computer (202) of
As mentioned above, the cloud-based security module (226) receives the user credentials (228) from a client-side array services module (178) and returns the token to the client-side array services module (178). The client-side array services module (178) may be implemented as a module of computer program instructions stored in RAM (240) and executed by a processor (not shown) of the client-side user computer (204). In the example of
The client-side array services module (178) may be configured for providing authorization and authentication in a cloud for a user of a storage array in accordance with embodiments of the present invention. To that end, the client-side array services module (178) may receive the user credentials (178) prior to authentication and authorization; provide the user credentials (178) to the cloud-based security module (226); and receive, from the cloud-based security module (226) after authorization and authentication, the token (232). Finally, the client-side array services module (178) may provide the token (232) to the storage array access module (180).
The client-side array services module (178) may also receive a user request (236) to access services provided by the storage array access module (180). Such requests may be received prior to or after authorization and authentication of the user credentials. When receiving such a storage array service access request prior to authorization and authentication of the user credential, the client-side array services module (178) may redirect the user from a web page (or other interface) that displays storage array service options, to a sign-on webpage for capturing user credentials.
The storage array access module (180) may be implemented as a module of computer program instructions stored in RAM (238) and executed by a processor (not shown) of the storage array (102). The storage array access module may also be configured for providing authorization and authentication in a cloud for a user of a storage array in accordance with embodiments of the present invention by: receiving, from the client-side array services module (178), the token (232); receiving, from the user via the client-side array services module (178), a user access request (236) to one or more storage array services; and determining whether to grant the user access request (236) in dependence upon the authorized access privileges represented by the token (232). If the storage array access module (180) grants the user access request (236), the storage array access module may perform the one or more requested services and return, to the client-side array services module (178) via the LAN (160), a result (242) of the request. User's will also recognize that a cloud-based storage array services provider not shown here may, in some embodiments, act as a proxy for communications between the storage array access module (180) and the client-side array services module.
Turning back to the components of the computer (202), also stored in RAM (214) is an operating system (234). Examples of operating systems useful in computers configured for providing authorization and authentication in a cloud for a user of a storage array according to embodiments of the present invention include UNIX™ Linux™, Microsoft Windows™, and others as will occur to those of skill in the art. The operating system (234) and the cloud-based security module (226) in the example of
The computer (202) of
The example computer (202) of
The exemplary computer (202) of
Readers of skill in the art will recognize that the components of the computer (202) as depicted in
As mentioned above, the storage array (102) and the client-side user computer (204) may include many similar components as the computer (202). For further explanation, therefore,
The processor (314) is also coupled for data communications through PCIe (Peripheral Component Interface express) links (308, 310, 312, 322) to several Fibre Channel host bus adapters (302, 304), an Ethernet adapter (306), and a PCIe switch (324). The Fibre Channel host bus adapters (308, 310) may couple the storage controller to a storage area network, such the SAN (158) depicted in the example of
Readers of skill in the art will recognize that these components, protocols, adapters, and architectures are for illustration only, not limitation. Such a storage controller may be implemented in a variety of different ways. Each such way is well within the scope of the present invention.
For further explanation,
In the example of
The cloud-based security module (226) then authenticates and authorizes the user credentials and, through a “POST” HTTP instruction provides a signed token representing both authentication of the user credentials and authorization of the user to access one or more storage array services. The term ‘signed token’ refers to a token that includes a digital signature verifying the authenticity of the sender, in this case, the cloud-based security module. The client-side array services module operates as a proxy and provides the token to the storage array access module (180). The storage array access module, determines, in dependence upon the token, whether the user (402) is authorized for the particular access request. In the example of
Readers of skill in the art will recognize that
For further explanation,
The method of
The method of
The method of
The method of
The method of
The method of
The method of
The method of
In some embodiments, the authorized access privileges may be effectively tiered so that the access privileges provided represented in the token are only a low or base level of authorization. In some embodiments, the access privileges may be further defined in the storage array access module itself for a plurality of users. That is, the storage array may include even higher level, finer grained, or even contradictory access privileges relative to those stored in the cloud-based security module. In this way, the storage array access module may determine whether to grant an access request by the user in dependence upon both the token and the access privileges defined in the storage array access module.
Readers of skill in the art will recognize that once a user receives (506) a token from the cloud-based security module (226), a session may be instantiated between the user and the storage array such that the user need not provide credentials upon each subsequent access request. That is, a user may be authenticated and authorized once by the cloud-based security module to instantiate a session, then the user may proceed to make multiple access requests without reauthenticating or reauthorizing until the session ends. A session may end in a variety of manners including after a predefined amount of time, after a period of timeout due to inactivity, an explicit selection by the user to exit the session (logging-out, for example), or the like.
For further explanation,
The method of
Also in the method of
Also in the example of
Readers of skill in the art will recognize that, like
Exemplary embodiments of the present invention are described largely in the context of a fully functional computer system. Readers of skill in the art will recognize, however, that the present invention also may be embodied in a computer program product disposed upon computer readable media for use with any suitable data processing system. Such computer readable storage media may be any transitory or non-transitory media. Examples of such media include storage media for machine-readable information, including magnetic media, optical media, or other suitable media. Examples of such media also include magnetic disks in hard drives or diskettes, compact disks for optical drives, magnetic tape, and others as will occur to those of skill in the art. Persons skilled in the art will immediately recognize that any computer system having suitable programming means will be capable of executing the steps of the method of the invention as embodied in a computer program product. Persons skilled in the art will recognize also that, although some of the exemplary embodiments described in this specification are oriented to software installed and executing on computer hardware, nevertheless, alternative embodiments implemented as firmware, as hardware, or as an aggregation of hardware and software are well within the scope of embodiments of the present invention.
It will be understood from the foregoing description that modifications and changes may be made in various embodiments of the present invention without departing from its true spirit. The descriptions in this specification are for purposes of illustration only and are not to be construed in a limiting sense. The scope of the present invention is limited only by the language of the following claims.
This application is a continuation application of and claims priority from U.S. patent application Ser. No. 14/726,446, filed on May 29, 2015.
Number | Name | Date | Kind |
---|---|---|---|
5706210 | Kumano et al. | Jan 1998 | A |
5799200 | Brant et al. | Aug 1998 | A |
5933598 | Scales et al. | Aug 1999 | A |
6012032 | Donovan et al. | Jan 2000 | A |
6055637 | Hudson | Apr 2000 | A |
6085333 | DeKoning et al. | Jul 2000 | A |
6643641 | Snyder | Nov 2003 | B1 |
6647514 | Umberger et al. | Nov 2003 | B1 |
6789162 | Talagala et al. | Sep 2004 | B1 |
7089272 | Garthwaite et al. | Aug 2006 | B1 |
7107389 | Inagaki et al. | Sep 2006 | B2 |
7146521 | Nguyen | Dec 2006 | B1 |
7334124 | Pham et al. | Feb 2008 | B2 |
7437530 | Rajan | Oct 2008 | B1 |
7493424 | Bali et al. | Feb 2009 | B1 |
7669029 | Mishra et al. | Feb 2010 | B1 |
7689609 | Lango et al. | Mar 2010 | B2 |
7743191 | Liao | Jun 2010 | B1 |
7899780 | Shmuylovich et al. | Mar 2011 | B1 |
8042163 | Karr | Oct 2011 | B1 |
8086585 | Brashers et al. | Dec 2011 | B1 |
8271700 | Annem et al. | Sep 2012 | B1 |
8387136 | Lee et al. | Feb 2013 | B2 |
8437189 | Montierth et al. | May 2013 | B1 |
8465332 | Hogan | Jun 2013 | B2 |
8527544 | Colgrove et al. | Sep 2013 | B1 |
8550546 | Breit | Oct 2013 | B2 |
8566546 | Marshak et al. | Oct 2013 | B1 |
8578442 | Banerjee | Nov 2013 | B1 |
8613066 | Brezinski et al. | Dec 2013 | B1 |
8620970 | English et al. | Dec 2013 | B2 |
8751463 | Chamness | Jun 2014 | B1 |
8762642 | Bates et al. | Jun 2014 | B2 |
8769622 | Chang | Jul 2014 | B2 |
8800009 | Beda, III et al. | Aug 2014 | B1 |
8812860 | Bray | Aug 2014 | B1 |
8850546 | Field et al. | Sep 2014 | B1 |
8898346 | Simmons | Nov 2014 | B1 |
8909854 | Yamagishi et al. | Dec 2014 | B2 |
8931041 | Banerjee | Jan 2015 | B1 |
8949863 | Coatney et al. | Feb 2015 | B1 |
8984602 | Bailey et al. | Mar 2015 | B1 |
8990905 | Bailey et al. | Mar 2015 | B1 |
9124569 | Hussain | Sep 2015 | B2 |
9134922 | Rajagopal et al. | Sep 2015 | B2 |
9209973 | Aikas | Dec 2015 | B2 |
9250823 | Kamat et al. | Feb 2016 | B1 |
9300660 | Borowiec | Mar 2016 | B1 |
9444822 | Borowiec | Sep 2016 | B1 |
9507532 | Colgrove et al. | Nov 2016 | B1 |
20020013802 | Mori et al. | Jan 2002 | A1 |
20030105810 | McCrory | Jun 2003 | A1 |
20030145172 | Galbraith et al. | Jul 2003 | A1 |
20030191783 | Wolczko et al. | Oct 2003 | A1 |
20030225961 | Chow et al. | Dec 2003 | A1 |
20040080985 | Chang et al. | Apr 2004 | A1 |
20040111573 | Garthwaite | Jun 2004 | A1 |
20040153844 | Ghose et al. | Aug 2004 | A1 |
20040193814 | Erickson et al. | Sep 2004 | A1 |
20040260967 | Guha et al. | Dec 2004 | A1 |
20050160416 | Jamison | Jul 2005 | A1 |
20050188246 | Emberty et al. | Aug 2005 | A1 |
20050216800 | Bicknell et al. | Sep 2005 | A1 |
20060015771 | Vana Gundy et al. | Jan 2006 | A1 |
20060129817 | Borneman et al. | Jun 2006 | A1 |
20060161726 | Lasser | Jul 2006 | A1 |
20060230245 | Gounares et al. | Oct 2006 | A1 |
20060239075 | Williams et al. | Oct 2006 | A1 |
20070022227 | Miki | Jan 2007 | A1 |
20070028068 | Golding et al. | Feb 2007 | A1 |
20070055702 | Fridella et al. | Mar 2007 | A1 |
20070109856 | Pellicone et al. | May 2007 | A1 |
20070150689 | Pandit et al. | Jun 2007 | A1 |
20070168321 | Saito et al. | Jul 2007 | A1 |
20070220227 | Long | Sep 2007 | A1 |
20070294563 | Bose | Dec 2007 | A1 |
20070294564 | Reddin et al. | Dec 2007 | A1 |
20080005587 | Ahlquist | Jan 2008 | A1 |
20080077825 | Bello et al. | Mar 2008 | A1 |
20080162674 | Dahiya | Jul 2008 | A1 |
20080195833 | Park | Aug 2008 | A1 |
20080270678 | Cornwell et al. | Oct 2008 | A1 |
20080282045 | Biswas et al. | Nov 2008 | A1 |
20090077340 | Johnson et al. | Mar 2009 | A1 |
20090100115 | Park et al. | Apr 2009 | A1 |
20090198889 | Ito et al. | Aug 2009 | A1 |
20100052625 | Cagno et al. | Mar 2010 | A1 |
20100211723 | Mukaida | Aug 2010 | A1 |
20100246266 | Park et al. | Sep 2010 | A1 |
20100257142 | Murphy et al. | Oct 2010 | A1 |
20100262764 | Liu et al. | Oct 2010 | A1 |
20100325345 | Ohno et al. | Dec 2010 | A1 |
20100332754 | Lai et al. | Dec 2010 | A1 |
20110072290 | Davis et al. | Mar 2011 | A1 |
20110125955 | Chen | May 2011 | A1 |
20110131231 | Haas et al. | Jun 2011 | A1 |
20110154465 | Kuzin | Jun 2011 | A1 |
20110167221 | Pangal et al. | Jul 2011 | A1 |
20120023144 | Rub | Jan 2012 | A1 |
20120054264 | Haugh et al. | Mar 2012 | A1 |
20120079318 | Colgrove et al. | Mar 2012 | A1 |
20120131253 | McKnight et al. | May 2012 | A1 |
20120303919 | Hu et al. | Nov 2012 | A1 |
20120311000 | Post et al. | Dec 2012 | A1 |
20130007845 | Chang | Jan 2013 | A1 |
20130031414 | Dhuse et al. | Jan 2013 | A1 |
20130036272 | Nelson | Feb 2013 | A1 |
20130071087 | Motiwala | Mar 2013 | A1 |
20130145447 | Maron | Jun 2013 | A1 |
20130191555 | Liu | Jul 2013 | A1 |
20130198459 | Joshi et al. | Aug 2013 | A1 |
20130205173 | Yoneda | Aug 2013 | A1 |
20130219164 | Hamid | Aug 2013 | A1 |
20130227201 | Talagala et al. | Aug 2013 | A1 |
20130290607 | Chang et al. | Oct 2013 | A1 |
20130311434 | Jones | Nov 2013 | A1 |
20130318297 | Jibbe et al. | Nov 2013 | A1 |
20130332614 | Brunk et al. | Dec 2013 | A1 |
20140020083 | Fetik | Jan 2014 | A1 |
20140074850 | Noel et al. | Mar 2014 | A1 |
20140082715 | Grajek et al. | Mar 2014 | A1 |
20140086146 | Kim et al. | Mar 2014 | A1 |
20140090009 | Li et al. | Mar 2014 | A1 |
20140096220 | Da Cruz Pinto et al. | Apr 2014 | A1 |
20140101434 | Senthurpandi et al. | Apr 2014 | A1 |
20140164774 | Nord et al. | Jun 2014 | A1 |
20140173232 | Reohr et al. | Jun 2014 | A1 |
20140195636 | Karve et al. | Jul 2014 | A1 |
20140201512 | Seethaler et al. | Jul 2014 | A1 |
20140201541 | Paul et al. | Jul 2014 | A1 |
20140208155 | Pan | Jul 2014 | A1 |
20140215590 | Brand | Jul 2014 | A1 |
20140229654 | Goss et al. | Aug 2014 | A1 |
20140230017 | Saib | Aug 2014 | A1 |
20140258526 | Le Sant et al. | Sep 2014 | A1 |
20140282983 | Ju et al. | Sep 2014 | A1 |
20140285917 | Cudak et al. | Sep 2014 | A1 |
20140325262 | Cooper et al. | Oct 2014 | A1 |
20140351627 | Best et al. | Nov 2014 | A1 |
20140373104 | Gaddam et al. | Dec 2014 | A1 |
20140373126 | Hussain | Dec 2014 | A1 |
20150026387 | Sheredy et al. | Jan 2015 | A1 |
20150074463 | Jacoby et al. | Mar 2015 | A1 |
20150089569 | Sondhi et al. | Mar 2015 | A1 |
20150095515 | Krithivas et al. | Apr 2015 | A1 |
20150113203 | Dancho et al. | Apr 2015 | A1 |
20150121137 | McKnight et al. | Apr 2015 | A1 |
20150134920 | Anderson et al. | May 2015 | A1 |
20150149822 | Coronado et al. | May 2015 | A1 |
20150193169 | Sundaram et al. | Jul 2015 | A1 |
20150378888 | Zhang et al. | Dec 2015 | A1 |
20160098323 | Mutha et al. | Apr 2016 | A1 |
20160350009 | Cerreta et al. | Dec 2016 | A1 |
20160352720 | Hu et al. | Dec 2016 | A1 |
20160352830 | Borowiec et al. | Dec 2016 | A1 |
20160352834 | Borowiec et al. | Dec 2016 | A1 |
Number | Date | Country |
---|---|---|
0725324 | Aug 1996 | EP |
WO-2012087648 | Jun 2012 | WO |
WO -2013071087 | May 2013 | WO |
WO2013071087 | May 2013 | WO |
WO-2014110137 | Jul 2014 | WO |
WO-2016015008 | Dec 2016 | WO |
WO-2016190938 | Dec 2016 | WO |
WO-2016195759 | Dec 2016 | WO |
WO-2016195958 | Dec 2016 | WO |
WO-2016195961 | Dec 2016 | WO |
Entry |
---|
PCT Search Report and Written Opinion, dated Apr. 26, 2016; PCT Application No. PCT/US2016/015006, 12 pages. |
PCT Search Report and Written Opinion, dated May 4, 2016; 12 pages; PCT Application No. PCT/US2016/015008. |
Paul Sweere, Creating Storage Class Persistent Memory with NVDIMM, Published in Aug. 2013, Flash Memory Summit 2013, <http://ww.flashmemorysummit.com/English/Collaterals/Proceedings/2013/20130814—T2—Sweere.pdf>, 22 pages. |
PCMag. “Storage Array Definition”. Published May 10, 2013. <http://web.archive.org/web/20130510121646/http://www.pcmag.com/encyclopedia/term/52091/storage-array>, 2 pages. |
Google Search of “storage array define” perform by the Examiner on Nov. 4, 2015 for U.S. Appl. No. 14/725,278, Results limited to entries dated before 2012, 1 page. |
Techopedia. “What is a disk array”. Published Jan. 13, 2012. <http://web.archive.org/web/20120113053358/http://www.techopedia.com/definition/1009/disk-array>, 1 page. |
Webopedia. “What is a disk array”. Published May 26, 2011. <http://web/archive.org/web/20110526081214/http://www.webopedia.com/TERM/D/disk—array.html>, 2 pages. |
Li et al., Access Control for the Services Oriented Architecture, Proceedings of the 2007 ACM Workshop on Secure Web Services (SWS '07), Nov. 2007, pp. 9-17, ACM New York, NY. |
The International Search Report and the Written Opinion received from the International Searching Authority (ISA/EPO) for International Application No. PCT/US2016/015006, dated Apr. 29, 2016, 12 pages. |
The International Search Report and the Written Opinion received from the International Searching Authority (ISA/EPO) for International Application No. PCT/US2016/015008, dated May 4, 2016, 12 pages. |
C. Hota et al., Capability-based Cryptographic Data Access Control in Cloud Computing, Int. J. Advanced Networking and Applications, col. 1, Issue 1, dated Aug. 2011, 10 pages. |
The International Search Report and the Written Opinion received from the International Searching Authority (ISA/EPO) for International Application No. PCT/US2016/020410, dated Jul. 8, 2016, 17 pages. |
The International Search Report and the Written Opinion received from the International Searching Authority (ISA/EPO) for International Application No. PCT/US2016/032084, dated Jul. 18, 2016, 12 pages. |
Faith, “dictzip file format”, GitHub.com (online). [Accessed Jul. 28, 2015], 1 page, URL: https://github.com/fidlej/idzip. |
Wikipedia, “Convergent Encryption”, Wikipedia.org (online), accessed Sep. 8, 2015, 2 pages, URL: en.wikipedia.org/wiki/Convergent—encryption. |
Storer et al., “Secure Data Deduplication”, Proceedings of the 4th ACM International Workshop on Storage Security and Survivability (StorageSS'08), Oct. 2008, 10 pages, ACM New York, NY. USA. DOI: 10.1145/1456469.1456471. |
The International Search Report and the Written Opinion received from the International Searching Authority (ISA/EPO) for International Application No. PCT/US2016/016333, datled Jun. 8, 2016, 12 pages. |
ETSI, Network Function Virtualisation (NFV); Resiliency Requirements, ETSI GS NFCV-REL 001, V1.1.1, http://www.etsi.org/deliver/etsi—gs/NFV-REL/001—099/001/01.01.01—60/gs—NFV-REL001v010101p.pdf (online), dated Jan. 2015, 82 pages. |
The International Search Report and the Written Opinion received from the International Searching Authority (ISA/EPO) for International Application No. PCT/US2016/032052, dated Aug. 30, 2016, 17 pages. |
Microsoft, “Hybrid for SharePoint Server 2013—Security Reference Architecture”, <http://hybrid.office.com/img/Security—Reference—Architecture.pdf> (online), dated Oct. 2014, 53 pages. |
Microsoft, “Hybrid Identity”, <http://aka.ms/HybridldentityWp> (online), dated Apr. 2014, 36 pages. |
Microsoft, “Hybrid Identity Management”, <http://download.microsoft.com/download/E/A/E/EAE57CD1-A80B-423C-96BB-142FAAC630B9/Hybrid—Identity—Datasheet.pdf> (online), published Apr. 2014, 17 pages. |
Jacob Bellamy-Mcintyre et al., “Open ID and the Enterprise: A Model-based Analysis of Single Sign-On Authentication”, 2011 15th IEEE International Enterprise Distributed Object Computing Conference (EDOC), DOI: 10.1109/EDOC.2011.26, ISBN: 978-1-4577-0362-1, <https://www.cs.auckland.ac.nz/˜lutteroth/publications/McIntyreLutterothWeber2011-OpenID.pdf> (online), dated Aug. 29, 2011, 10 pages. |
The International Search Report and the Written Opinion received from the International Searching Authority (ISA/EPO) for International Application No. PCT/US2016/035492, dated Aug. 17, 2016, 10 pages. |
Li et al., “Access Control for the Services Oriented Architecture”, Proceedings of the 2007 ACM Workshop on Secure Web Services (SWS'07), Nov. 2007, pp. 9-17, ACM New York, NY. |
Kong, Using PCI Express As the Primary System Interconnect in Multiroot Compute, Storage, Communications and Embedded Systems, White Paper, IDT.com (online), Aug. 28, 2008, 12 pages, URL: www.idt.com/document/whp/idt-pcie-multi-root-white-paper. |
Hu et al., Container Marking: Combining Data Placement, Garbage Collection and Wear Levelling for Flash, 19th Annual IEEE International Symposium on Modelling, Analysis, and Simulation of Computer and Telecommunications Systems, Jul. 25-27, 2011, 11 pages, ISBN: 978-0-7695-4430-4, DOI: 10.1109/MASCOTS.2011.50. |
International Search Report and Written Opinion, PCT/US2016/036693, dated Aug. 29, 2016, 10 pages. |
International Search Report and Written Opinion, PCT/US2016/038758, dated Oct. 7, 2016, 10 pages. |
International Search Report and Written Opinion, PCT/U52016/040393, dated Sep. 22, 2016, 10 pages. |
International Search Report and Written Opinion, PCT/US2016/044020, dated Sep. 30, 2016, 11 pages. |
International Search Report and Written Opinion, PCT/US2016/044874, dated Oct. 7, 2016, 11 pages. |
International Search Report and Written Opinion, PCT/US2016/044875, dated Oct. 5, 2016, 13 pages. |
International Search Report and Written Opinion, PCT/US2016/044876, dated Oct. 21, 2016, 12 pages. |
International Search Report and Written Opinion, PCT/US2016/044877, dated Sep. 29, 2016, 13 pages. |
Number | Date | Country | |
---|---|---|---|
Parent | 14726446 | May 2015 | US |
Child | 15000822 | US |