Virtualized volume level messaging

US 10,742,661 B2
Filed: 02/14/2017
Issued: 08/11/2020
Est. Priority Date: 02/14/2017
Status: Active Grant

First Claim

Patent Images

1. A networked storage system comprising:

a plurality of physical storage devices configured to store data on a plurality of virtualized volumes, the virtualized volumes being distributed across two or more of the plurality of physical storage devices;

a key store configured to store a plurality of encryption keys; and

a secure messaging manager configured to;

encrypt a message to each of the plurality of virtualized volumes using a different encryption key for each of the plurality of virtualized volumes,receive a request from a client for communication with one of the plurality of virtualized volumes,determine an encryption key used to encrypt data to the one of the plurality of virtualized volumes,request the encryption key from the key store used to encrypt data to the one of the plurality of virtualized volumes from the key store, andencrypt the message to the one of the plurality of virtualized volumes with the encryption key,wherein messages sent between a first of the plurality of virtualized volumes and a first of the two or more physical storage devices are encrypted using a first of the plurality of encryption keys, and wherein messages sent between the first of the plurality of virtualized volumes and a second of the two or more physical storage devices are also encrypted using the first encryption key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Implementations and methods herein provide a networked storage system including a plurality of physical storage devices configured to store data on a plurality of virtualized volumes, a key store configured to store a plurality of encryption keys, and a secure messaging manager configured to encrypt a message to each of the plurality of virtualized volumes using a different encryption key.

21 Citations

14 Claims

1. A networked storage system comprising:
- a plurality of physical storage devices configured to store data on a plurality of virtualized volumes, the virtualized volumes being distributed across two or more of the plurality of physical storage devices;
  
  a key store configured to store a plurality of encryption keys; and
  
  a secure messaging manager configured to;
  
  encrypt a message to each of the plurality of virtualized volumes using a different encryption key for each of the plurality of virtualized volumes,receive a request from a client for communication with one of the plurality of virtualized volumes,determine an encryption key used to encrypt data to the one of the plurality of virtualized volumes,request the encryption key from the key store used to encrypt data to the one of the plurality of virtualized volumes from the key store, andencrypt the message to the one of the plurality of virtualized volumes with the encryption key,wherein messages sent between a first of the plurality of virtualized volumes and a first of the two or more physical storage devices are encrypted using a first of the plurality of encryption keys, and wherein messages sent between the first of the plurality of virtualized volumes and a second of the two or more physical storage devices are also encrypted using the first encryption key.
- View Dependent Claims (2, 3)
- - 2. The networked storage system of claim 1 wherein the key store is a local key store configured with the secure messaging manager.
  - 3. The networked storage system of claim 1, wherein the key store is configured remotely from the secure messaging manager.

4. A networked storage system, comprising:
- a plurality of physical storage devices configured to store data on a plurality of virtualized volumes, the virtualized volumes being distributed across two or more of the plurality of physical storage devices;
  
  a key store configured to store a plurality of encryption keys, wherein the plurality of encryption keys of the key store is a plurality of public keys and each of the plurality of virtualized volumes has a private key corresponding to the related one of the plurality of public keys; and
  
  a secure messaging manager configured to encrypt a message to each of the plurality of virtualized volumes using a different encryption key for each of the plurality of virtualized volumes, wherein the secure messaging manager is further configured to receive the encryption key from a client, wherein messages sent between a first of the plurality of virtualized volumes and a first of the two or more physical storage devices are encrypted using a first of the plurality of encryption keys, and wherein messages sent between the first of the plurality of virtualized volumes and a second of the two or more physical storage devices are also encrypted using the first encryption key, wherein the secure messaging manager is further configured to encrypt the message to one of the plurality of virtualized volumes using the one of the plurality of public keys related to the one of the plurality of virtualized volumes.
- View Dependent Claims (5, 6, 7, 8)
- - 5. The networked storage system of claim 4, wherein each of the plurality of virtualized volumes is configured to store data on more than one of the plurality of physical storage devices.
  - 6. The networked storage system of claim 4, further comprising a network controller configured to store a mapping between the plurality of virtualized volumes to the plurality of encryption keys.
  - 7. The networked storage system of claim 4, wherein the secure messaging manager is configured to establish a handshake with one or more of a plurality of drives using pre-shared keys (PSKs).
  - 8. The networked storage system of claim 4, wherein the secure messaging manager is configured to establish a handshake with one or more of a plurality of drives using certificates (CERTs).

9. A networked data storage system, comprising:
- a plurality of virtualized volumes distributed across two or more of a plurality of physical storage devices, messaging with each of the plurality of virtualized volumes being encrypted using a different key for each of the plurality of virtualized volumes, wherein messages sent between a first of the plurality of virtualized volumes and a first of the two or more physical storage devices are encrypted using a first encryption key, and wherein messages sent between the first virtualized volume stored and a second of the two or more physical storage devices are also encrypted using the first encryption keys;
  
  a secure messaging manager configured to receive a request from a client to store data to a network resource comprising a plurality of virtualized volumes and to determine an identity of a target virtualized volume; and
  
  a key store configured to store a plurality of encryption keys, each of the plurality of encryption keys relating to messaging with one of the plurality of virtualized volumes.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The networked data storage system of claim 9, wherein the key store is a local key store configured with the secure messaging manager.
  - 11. The networked data storage system of claim 9, wherein the key store is configured remotely from the secure messaging manager.
  - 12. The networked data storage system of claim 9, wherein each of the plurality of virtualized volumes is configured to store data on a plurality of physical storage devices.
  - 13. The networked data storage system of claim 12, wherein the secure messaging manager is further configured to establish a handshake with each of the plurality of physical storage drives using pre-shared keys (PSKs).
  - 14. The networked data storage system of claim 12, wherein the secure messaging manager is further configured to establish a handshake with each of the plurality of physical storage drives using certificates (CERTs).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Seagate Technology LLC (Seagate Technology Holdings Plc)
Original Assignee
Seagate Technology LLC (Seagate Technology Holdings Plc)
Inventors
Allo, Christopher N., Weiss, Richard O.
Primary Examiner(s)
Gelagay, Shewaye
Assistant Examiner(s)
Ayala, Kevin

Application Number

US15/432,657
Publication Number

US 20180234432A1
Time in Patent Office

1,274 Days
Field of Search

713170
US Class Current
CPC Class Codes

H04L 63/061 for key exchange, e.g. in p...

H04L 63/123 received data contents, e.g...

Virtualized volume level messaging

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

21 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Virtualized volume level messaging

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links