The invention relates generally to the field of data storage.
In data storage systems it is known to use a technique or service referred to as “data deduplication”. Data deduplication is realized as a specialized data compression technique for eliminating coarse-grained redundant data. The technique is used to improve storage utilization and can also be applied to network data transfers to reduce the amount of data that must be sent across a communications link. In the deduplication process, unique chunks of data, or byte patterns, are identified and stored during a process of analysis. As the analysis continues, other chunks are compared to the stored chunks, and whenever a match occurs the redundant chunk is replaced with a small reference that points to the stored chunk. Given that the same byte pattern may occur dozens, hundreds, or even thousands of times across an entire system, the amount of data that must be stored or transferred can be greatly reduced.
Another technique used in data storage systems is encrypted data storage, i.e., encrypting user data for persistent storage in encrypted form in the storage system, and providing user access to the data by decrypting it back into unencrypted form. Encryption generally improves data security, because the actual stored data (which is encrypted) has no meaning without the data encryption key. As long as keys can be protected separately from the storage devices, data is protected even when an attacker has direct access to the (encrypted) data actually residing on a storage device in the system.