Storage device deleting encryption key, method of operating the same, and method of operating electronic device including the same
US-2024086336-A1 · Mar 14, 2024 · US
Tracking replica data using key management
US9830278B1 · US · B1
| Field | Value |
|---|---|
| Publication number | US-9830278-B1 |
| Application number | US-201615275926-A |
| Country | US |
| Kind code | B1 |
| Filing date | Sep 26, 2016 |
| Priority date | Mar 6, 2008 |
| Publication date | Nov 28, 2017 |
| Grant date | Nov 28, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Source and replica data in a storage area network is tracked during management of data encryption keys. Association of source and replica data allows for all copies of customer information in an enterprise to be managed as a single entity for deletion or tracked for management purposes by using referenced data encryption keys upon creation of replicas. Any replica from a source storage object can be created using the source storage object data encryption key or an associated key and tracked by these keys as a subset of the number of replicas created. Management of the data encryption keys can control the lifetime of data on a storage array and in the storage area network without managing every replicated instance for the lifetime of the data.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer-implemented method for generating a wrapped data encryption key, the method comprising: generating, at a server, an encryption key based on a secure pseudo-random number generator; concatenating an object identifier to the encryption key, the object identifier associated with an object to be encrypted; generating a ciphertext by encrypting the concatenated encryption key with a key encryption key; generating an authenticity code by encrypting the encrypted concatenated encryption key with a redundancy key; and generating a wrapped data encryption key by concatenating the ciphertext with the authenticity code. 2. The method of claim 1 , further comprising: receiving, at a storage processor from a host processor via a storage area network, a request to write the object to a logical unit number of a disk drive set; receiving, from the server via a computer network, the wrapped data encryption key; encrypting the object with the wrapped data encryption key; and storing the object to the logical unit number. 3. The method of claim 1 , further comprising: receiving, at a second storage processor from the first storage processor via the storage area network, a request to replicate the object; storing, by the second storage processor, the object in a second logical unit number of a second disk drive set; and transmitting, by the second storage processor to the server via a computer network, an request to associate the wrapped encryption key with the object stored in the second logical unit number of the second disk drive set. 4. A system for generating a wrapped data encryption key, the method comprising: a processor; a memory storing instructions, the instructions being adapted to cause the processor to execute steps comprising: generating, at a server, an encryption key based on a secure pseudo-random number generator; concatenating an object identifier to the encryption key, the object identifier associated with an object to be encrypted; generating a ciphertext by encrypting the concatenated encryption key with a key encryption key; generating an authenticity code by encrypting the encrypted concatenated encryption key with a redundancy key; and generating a wrapped data encryption key by concatenating the ciphertext with the authenticity code. 5. The system of claim 4 , the instructions being adapted to cause the processor to execute steps comprising: receiving, at a storage processor from a host processor via a storage area network, a request to write the object to a logical unit number of a disk drive set; receiving, from the server via a computer network, the wrapped data encryption key; encrypting the object with the wrapped data encryption key; and storing the object to the logical unit number. 6. The system of claim 3 , the instructions being adapted to cause the processor to execute steps comprising: receiving, at a second storage processor from the first storage processor via the storage area network, a request to replicate the object; storing, by the second storage processor, the object in a second logical unit number of a second disk drive set; and transmitting, by the second storage processor to the server via a computer network, an request to associate the wrapped encryption key with the object stored in the second logical unit number of the second disk drive set. 7. A non-transitory computer readable medium including computer code adapted to be executed on electronic computer hardware, the code comprising: code for generating, at a server, an encryption key based on a secure pseudo-random number generator; code for concatenating an object identifier to the encryption key, the object identifier associated with an object to be encrypted; code for generating a ciphertext by encrypting the concatenated encryption key with a key encryption key; code for generating an authenticity code by encrypting the encrypted concatenated encryption key with a redundancy key; and code for generating a wrapped data encryption key by concatenating the ciphertext with the authenticity code. 8. The non-transitory computer readable medium of claim 7 , the code further comprising: code for receiving, at a storage processor from a host processor via a storage area network, a request to write the object to a logical unit number of a disk drive set; code for receiving, from the server via a computer network, the wrapped data encryption key; code for encrypting the object with the wrapped data encryption key; and code for storing the object to the logical unit number. 9. The non-transitory computer readable medium of claim 7 , the code further comprising: code for receiving, at a second storage processor from the first storage processor via the storage area network, a request to replicate the object; code for storing, by the second storage processor, the object in a second logical unit number of a second disk drive set; and code for transmitting, by the second storage processor to the server via a computer network, an request to associate the wrapped encryption key with the object stored in the second logical unit number of the second disk drive set.
Assignees
Inventors
Classifications
for key exchange, e.g. in peer-to-peer networks (cryptographic mechanisms or cryptographic arrangements for key agreement H04L9/0838) · CPC title
Distributed or networked storage systems, e.g. storage area networks [SAN], network attached storage [NAS] · CPC title
- G06F12/1408Primary
by using cryptography (for digital transmission H04L9/00) · CPC title
Disk arrays, e.g. RAID, JBOD · CPC title
Replication mechanisms · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9830278B1 cover?
- Source and replica data in a storage area network is tracked during management of data encryption keys. Association of source and replica data allows for all copies of customer information in an enterprise to be managed as a single entity for deletion or tracked for management purposes by using referenced data encryption keys upon creation of replicas. Any replica from a source storage object c…
- Who is the assignee on this patent?
- Emc Ip Holding Co Llc
- What technology area does this patent fall under?
- Primary CPC classification G06F12/1408. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Nov 28 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).