Generating a unique encryption key

US 10,037,440 B1
Filed: 08/04/2017
Issued: 07/31/2018
Est. Priority Date: 06/03/2014
Status: Active Grant

First Claim

Patent Images

1. A method of utilizing a non-repeating identifier to encrypt data, the method comprising:

by a storage array controller;

receiving a request to write data to a storage device in a storage array;

selecting a segment-offset pair where the data will be stored, wherein the selected segment-offset pair is unique relative to every other segment-offset pair previously utilized by the storage device, wherein the selected segment-offset pair cannot be reutilized to service another request to write data to the storage device, and wherein multiple segment-offset pairs map to the same physical location within the storage device during the lifetime of the storage device;

utilizing the new segment identifier of the segment-offset pair to encrypt the data including utilizing an encryption key; and

writing the encrypted data to the storage device at the selected segment-offset pair.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Utilizing a non-repeating identifier to encrypt data, including: receiving a request to write data to a storage device; selecting a segment-offset pair where the data will be stored, where the selected segment-offset pair is unique to every other segment-offset pair utilized during the lifetime of the storage device; and encrypting the data in dependence upon an identifier of the segment-offset pair.

129 Citations

16 Claims

1. A method of utilizing a non-repeating identifier to encrypt data, the method comprising:
- by a storage array controller;
  
  receiving a request to write data to a storage device in a storage array;
  
  selecting a segment-offset pair where the data will be stored, wherein the selected segment-offset pair is unique relative to every other segment-offset pair previously utilized by the storage device, wherein the selected segment-offset pair cannot be reutilized to service another request to write data to the storage device, and wherein multiple segment-offset pairs map to the same physical location within the storage device during the lifetime of the storage device;
  
  utilizing the new segment identifier of the segment-offset pair to encrypt the data including utilizing an encryption key; and
  
  writing the encrypted data to the storage device at the selected segment-offset pair.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1 wherein selecting the segment-offset pair where the data will be stored further comprises:
    - determining whether an active segment has enough free space to store the data;
      
      responsive to determining that the active segment does have enough free space to store the data, storing the data in the active segment; and
      
      responsive to determining that the active segment does not have enough free space to store the data;
      
      creating a new segment; and
      
      storing the data in the new segment.
  - 3. The method of claim 2 wherein creating the new segment further comprises selecting a new segment identifier using a monotonically increasing number for the new segment identifier.
  - 4. The method of claim 2 wherein creating the new segment further comprises selecting a new segment identifier using a Bloom filter to verify that the new segment identifier is unique relative to all other segment identifiers previously utilized by the storage device.
  - 5. The method of claim 1 further comprising:
    - transmitting encrypted data to the storage device; and
      
      storing the encrypted data in the storage device.

6. An apparatus for utilizing a non-repeating identifier to encrypt data, the apparatus comprising a computer processor, a computer memory operatively coupled to the computer processor, the computer memory having disposed within it computer program instructions that, when executed by the computer processor, cause the apparatus to carry out the steps of:
- by a storage array controller;
  
  receiving a request to write data to a storage device in a storage array;
  
  selecting a segment-offset pair where the data will be stored, wherein the selected segment-offset pair is unique relative to every other segment-offset pair previously utilized by the storage device, wherein the selected segment-offset pair cannot be reutilized to service another request to write data to the storage device, and wherein multiple segment-offset pairs map to the same physical location within the storage device during the lifetime of the storage device;
  
  utilizing the new segment identifier of the segment-offset pair to encrypt the data including utilizing an encryption key; and
  
  writing the encrypted data to the storage device at the selected segment-offset pair.
- View Dependent Claims (7, 8, 9, 10, 11)
- - 7. The apparatus of claim 6 wherein selecting the segment-offset pair where the data will be stored further comprises:
    - determining whether an active segment has enough free space to store the data;
      
      responsive to determining that the active segment does have enough free space to store the data, storing the data in the active segment; and
      
      responsive to determining that the active segment does not have enough free space to store the data;
      
      creating a new segment; and
      
      storing the data in the new segment.
  - 8. The apparatus of claim 7 wherein creating the new segment further comprises selecting a new segment identifier using a monotonically increasing number for the new segment identifier.
  - 9. The apparatus of claim 7 wherein creating the new segment further comprises selecting a new segment identifier using a Bloom filter to verify that the new segment identifier is unique relative to all other segment identifiers previously utilized by the storage device.
  - 10. The apparatus of claim 6 further comprising computer program instructions that, when executed by the computer processor, cause the apparatus to carry out the steps of:
    - transmitting encrypted data to the storage device; and
      
      storing the encrypted data in the storage device.
  - 11. The apparatus of claim 6 further comprising computer program instructions that, when executed by the computer processor, cause the apparatus to carry out the steps of:
    - transmitting unencrypted data to the storage device; and
      
      storing encrypted data in the storage device.

12. A storage system for utilizing a non-repeating identifier to encrypt data, the storage system comprising a computer processor, a computer memory operatively coupled to the computer processor, the computer memory having disposed within it computer program instructions that, when executed by the computer processor, cause the storage system to carry out the steps of:
- by a storage array controller;
  
  receiving a request to write data to a storage device in a storage array;
  
  selecting a segment-offset pair where the data will be stored, wherein the selected segment-offset pair is unique relative to every other segment-offset pair previously utilized by the storage device, wherein the selected segment-offset pair cannot be reutilized to service another request to write data to the storage device, and wherein multiple segment-offset pairs map to the same physical location within the storage device during the lifetime of the storage device;
  
  utilizing the new segment identifier of the segment-offset pair to encrypt the data including utilizing an encryption key; and
  
  writing the encrypted data to the storage device at the selected segment-offset pair.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The storage system of claim 12 wherein selecting the segment-offset pair where the data will be stored further comprises:
    - determining whether an active segment has enough free space to store the data;
      
      responsive to determining that the active segment does have enough free space to store the data, storing the data in the active segment; and
      
      responsive to determining that the active segment does not have enough free space to store the data;
      
      creating a new segment; and
      
      storing the data in the new segment.
  - 14. The storage system of claim 13 wherein creating the new segment further comprises selecting a new segment identifier using a monotonically increasing number for the new segment identifier.
  - 15. The storage system of claim 13 wherein creating the new segment further comprises selecting a new segment identifier using a Bloom filter to verify that the new segment identifier is unique relative to all other segment identifiers previously utilized by the storage device.
  - 16. The storage system of claim 12 further comprising computer program instructions that, when executed, cause the storage system to carry out the steps of:
    - transmitting encrypted data to the storage device; and
      
      storing the encrypted data in the storage device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Pure Storage, Inc.
Original Assignee
Pure Storage, Inc.
Inventors
Colgrove, John, McAuliffe, Mark L., Miller, Ethan L., Neelakantam, Naveen, Sanvido, Marco, Vachharajani, Neil A., Vohra, Taher
Primary Examiner(s)
Rahman, Mahfuzur

Application Number

US15/669,279
Time in Patent Office

361 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/6227   where protection concerns t...

G06F 21/78   to assure secure storage of...

H04L 9/065   Encryption by serially and ...

H04L 9/0866   involving user or device id...

H04L 9/0894   Escrow, recovery or storing...

Generating a unique encryption key

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

129 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Generating a unique encryption key

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

129 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links