Crypto-erasure resilient to network outage
First Claim
1. A computer-implemented method executed by one or more processors, the method comprising:
- receiving, at the one or more processors over a network, a local copy of a set of keys from an external key server located remotely from a data storage;
initiating utilization of the local copy of the set of keys for one or more of encrypting data and decrypting data, the local copy of the set of keys comprising at least one cryptographic key associated with encrypted data stored on the data storage;
storing the local copy of the set of keys in a memory of the data storage;
on occurrence of a polling time interval, sending, over the network by the one or more processors executing a server polling component, a status request to the external key server requesting a status of the set of keys stored on the external key server;
on determining a key available response to the status request is received from the external key server at the one or more processors over the network, continuing the utilization of the local copy of the set of keys, the key available response indicating an enabled status of the set of keys stored on the external key server; and
on determining a key unavailable response to the status request is received from the external key server at the one or more processors over the network, performing a key failure action to prevent the continued utilization of the local copy of the set of keys, the key unavailable response indicating at least one key in the set of keys stored on the external key server is disabled.
8 Assignments
0 Petitions
Accused Products
Abstract
Examples are generally directed towards providing a server polling component for remote cryptographic key erasure resilient to network outage. A set of keys received from a server are stored on data storage. The data storage sends a status request to the server. If a key enabled status is received, the data storage continues normal operations. If a key disabled status is received, a key failure action is performed. The key failure action includes deleting one or more of the keys in the set of keys or shutting down one or more storage devices of the data storage. If no response is received from the server, the data storage iteratively resends the status request at retry time intervals until a response is received from the server or until a time out period expires. On expiration of the time out period, the key failure action is performed.
-
Citations
9 Claims
-
1. A computer-implemented method executed by one or more processors, the method comprising:
-
receiving, at the one or more processors over a network, a local copy of a set of keys from an external key server located remotely from a data storage; initiating utilization of the local copy of the set of keys for one or more of encrypting data and decrypting data, the local copy of the set of keys comprising at least one cryptographic key associated with encrypted data stored on the data storage; storing the local copy of the set of keys in a memory of the data storage; on occurrence of a polling time interval, sending, over the network by the one or more processors executing a server polling component, a status request to the external key server requesting a status of the set of keys stored on the external key server; on determining a key available response to the status request is received from the external key server at the one or more processors over the network, continuing the utilization of the local copy of the set of keys, the key available response indicating an enabled status of the set of keys stored on the external key server; and on determining a key unavailable response to the status request is received from the external key server at the one or more processors over the network, performing a key failure action to prevent the continued utilization of the local copy of the set of keys, the key unavailable response indicating at least one key in the set of keys stored on the external key server is disabled. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
Specification