Computer systems typically have a limited, finite storage capacity on the site where they are installed and used. Invariably, with time, the system gets over-loaded and this capacity becomes operationally insufficient. Nevertheless, it often happens that the electronic data generated by a computer system has archival value and cannot be casually discarded. Moreover, for security reasons, or for compliance with good business practices, it may be desirable to remove such electronic data from a host server at an operating location, and place it into secure storage. In such cases it is often preferable to place the data into long term, non-temporary storage at an off-site storage facility. If so, it is important the electronic data be moved directly from the user site to a storage device at the storage facility, quickly and conveniently. A well-known Transmission Control Protocol (TCP) is typically used for this purpose.
In accordance with TCP, a stream of electronic data (i.e. a data file) that is to be transferred into storage from a host server is broken down into an “x+1” number of data packets. These data packets are then numbered from “0” to “x” and, in toto, include 32 K bytes of data. Collectively, these data packets are referred to as the “data area.” TCP, however, also requires the use of a “header.” In use, this header precedes the first data packet, and includes the address of the storage facility where the data is to be sent. TCP, however, provides for only two addresses in the header. These are: 1) the source address, and 2) the destination address. Also, whenever it is desirable to encrypt the electronic data for storage, as is most often the case, the header must remain in clear text. It cannot be encrypted. This is so in order to reveal the destination address of the encrypted electronic data (data file) in the header, as it is being transferred into storage.
It happens that most data storage facilities will serve several customers, and will thus have several different storage devices. Indeed, such facilities may even dedicate specific storage devices to particular customers. In such cases, when a data file arrives at a storage facility, additional routing to a particular storage device is required. As indicated above, the header of a TCP transmission does not provide for routing beyond the main address (i.e. destination address) of the storage facility. In order to handle this situation, it has been the practice to place the sub-address of a particular storage device in the first 48 bytes of the “0” data packet in the data area of the TCP protocol. Typically, this is done using the so-called ISCSI protocol. Thus, when an encrypted data area has arrived at a storage facility, the “0” data packet in the data area has required decryption in order to determine the final destination of the storage device where the data is to be stored.
In light of the above, it is an object of the present invention to provide a method and system for transferring encrypted electronic data from a host server, via the main address of a storage facility, to a final sub-address of a storage device, wherein the sub-address of the storage device in the data area of a TCP protocol remains in clear text. Another object of the present invention is to provide a method and system for transferring encrypted electronic data wherein the encryption/decryption functions are minimized. Still another object of the present invention is to provide a method and system for transferring encrypted electronic data that is easy to use, simple to implement and comparatively cost effective.