Secure data replication in a storage grid
First Claim
Patent Images
1. A method, comprising:
- twice-encrypting data, first by a first key that is generated from an external secret and a second key that is shared by a plurality of storage clusters of a storage grid to produce once encrypted data, and second by the second key to produce twice encrypted data;
storing the twice-encrypted data in one of the plurality of storage clusters;
replicating the twice-encrypted data from the once encrypted data; and
storing the replicated twice-encrypted data at a further one of the plurality of storage clusters.
0 Assignments
0 Petitions
Accused Products
Abstract
A method for securing data in a storage grid is provided. The method includes generating a storage key from key shares of at least two storage clusters of a storage grid having at least three storage clusters and generating a grid key from the storage key and an external secret. The method includes encrypting data with the grid key to yield once encrypted data and encrypting the once encrypted data with the storage key to yield twice encrypted data. The method includes storing the twice encrypted data in a first storage cluster of the storage grid and storing the twice encrypted data in a second storage cluster of the storage grid, wherein at least one method operation is performed by a processor.
-
Citations
20 Claims
-
1. A method, comprising:
- twice-encrypting data, first by a first key that is generated from an external secret and a second key that is shared by a plurality of storage clusters of a storage grid to produce once encrypted data, and second by the second key to produce twice encrypted data;
storing the twice-encrypted data in one of the plurality of storage clusters;
replicating the twice-encrypted data from the once encrypted data; and
storing the replicated twice-encrypted data at a further one of the plurality of storage clusters. - View Dependent Claims (2, 3, 4, 5, 6, 7)
- twice-encrypting data, first by a first key that is generated from an external secret and a second key that is shared by a plurality of storage clusters of a storage grid to produce once encrypted data, and second by the second key to produce twice encrypted data;
-
8. A tangible, non-transitory, computer-readable media having instructions thereupon which, when executed by processors in a storage grid, cause the processors to perform a method comprising:
- encrypting data, with a first encryption by a first key that is generated from an external secret and a second key that is shared by a plurality of storage clusters of the storage grid to produce once encrypted data, and a second encryption by the second key to produce twice-encrypted data;
storing, in a first one of a plurality of storage clusters of the storage grid, the twice-encrypted data;
replicating the twice-encrypted data from the once encrypted data; and
storing, in a second one of the plurality of storage clusters, the replicated twice-encrypted data. - View Dependent Claims (9, 10, 11, 12, 13)
- encrypting data, with a first encryption by a first key that is generated from an external secret and a second key that is shared by a plurality of storage clusters of the storage grid to produce once encrypted data, and a second encryption by the second key to produce twice-encrypted data;
-
14. A storage grid, comprising:
- three or more storage clusters configurable to cooperate as the storage grid and to share a second key;
one of the storage clusters configurable to twice-encrypt data, with first encryption by a first key that is based on an external secret and the second key to produce once encrypted data, and second encryption by the second key, and store the twice-encrypted data; and
a further one of the storage clusters configurable to replicate the twice-encrypted data from the once encrypted data, in cooperation with the one of the storage clusters, and store the replicated twice-encrypted data. - View Dependent Claims (15, 16, 17, 18, 19, 20)
- three or more storage clusters configurable to cooperate as the storage grid and to share a second key;
Specification