Multiple data center data security
First Claim
1. A computer-implemented method of securely replicating backup data in a network having a production site and a plurality of remote sites, comprising:
- generating in the production site a data encryption key, and in each remote site a respective key encryption key that are each sent to the production site;
encrypting in the production site a plurality of encrypted keys using the plurality of key encryption keys, with one encrypted key per remote site;
transmitting to each remote site the encrypted keys for the other remote sites and not a remote site'"'"'s own encrypted key;
encrypting, in the production site, the backup data to create a plurality of encrypted data blocks using the data encryption key;
designating, in the event of a defined condition, a selected remote site to become the new production site; and
receiving in the new production site from a remaining remote site a key encryption key generated by the remaining remote site to enable the new production site to decrypt the data encryption key and use the decrypted data encryption key to decrypt the encrypted data blocks.
9 Assignments
0 Petitions
Accused Products
Abstract
Securely replicating backup data in a network having a production site and a plurality of remote sites by generating in the production site a data encryption key, and in each remote site a respective key encryption key that are sent to the production site; encrypting a plurality of encrypted keys using the plurality of key encryption keys with one encrypted key per remote site, and transmitting to each remote site the encrypted keys for the other remote sites and not a remote site'"'"'s own encrypted key; encrypting the data to create encrypted data blocks using the data encryption key; designating a selected remote site to become the new production site if the production site fails; and receiving in the new production site from a remaining remote site a key encryption key generated by the remaining remote site to enable the new production site to decrypt the data encryption key and use the decrypted data encryption key to decrypt the encrypted data blocks.
17 Citations
18 Claims
-
1. A computer-implemented method of securely replicating backup data in a network having a production site and a plurality of remote sites, comprising:
-
generating in the production site a data encryption key, and in each remote site a respective key encryption key that are each sent to the production site; encrypting in the production site a plurality of encrypted keys using the plurality of key encryption keys, with one encrypted key per remote site; transmitting to each remote site the encrypted keys for the other remote sites and not a remote site'"'"'s own encrypted key; encrypting, in the production site, the backup data to create a plurality of encrypted data blocks using the data encryption key; designating, in the event of a defined condition, a selected remote site to become the new production site; and receiving in the new production site from a remaining remote site a key encryption key generated by the remaining remote site to enable the new production site to decrypt the data encryption key and use the decrypted data encryption key to decrypt the encrypted data blocks. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer-implemented method of requiring access to at least three remote sites to recover data in a network, comprising:
-
generating at each remote site Si, a respective key encryption key, kn; transmitting each key encryption key to a production site using public key system, wherein the production site S0 selects a data encryption key k0; encrypting k0 using two encryption keys in multiple combinations to create encrypted keys Cij; transmitting to each remote site S0 only encrypted keys;
Cij=fki (fkj (k0)) i=1 . . . N−
1, j=i+1 . . . N as long as i≠
n and j≠
n;encrypting each clear data block to create an encrypted data block E; and replicating E to all the remote sites, such that E=fk0 (D) so that in the event of occurrence of a defined condition, any remote site can become a new production site. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A system configured to securely replicate backup data in a network having a production site and a plurality of remote sites, comprising:
-
a remote site component generating in each remote site a respective key encryption key that are sent to the production site; a production site component generating a data encryption key and encrypting a plurality of encrypted keys using the plurality of key encryption keys, with one encrypted key per remote site; a transmission component transmitting to each remote site the encrypted keys for the other remote sites and not a remote site'"'"'s own encrypted key; a backup component encrypting the data to create a plurality of encrypted data blocks using the data encryption key; a disaster recovery component designating, in the event of a defined condition, a selected remote site to become the new production site, and receiving in the new production site from a remaining remote site a key encryption key generated by the remaining remote site to enable the new production site to decrypt the data encryption key and use the decrypted data encryption key to decrypt the encrypted data blocks. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification