Computing system and data decryption method and computer system with remote copy facility
First Claim
Patent Images
1. A computing system being a first computing system connected with a second computing system by a communication channel wherein:
- said first computing system receives encrypted data from said second computing system, and stores said encrypted data without decrypting.
3 Assignments
0 Petitions
Accused Products
Abstract
A computing system and encryption/decryption method realizes assurance of security and improvement of throughput in a remote system. For this purpose, encrypted data is written to a storage system, it is determined whether data in the storage system is ciphertext or plaintext, and encrypted data is read, decrypted and re-written in storage asynchronously with writing encrypted data to storage.
90 Citations
28 Claims
-
1. A computing system being a first computing system connected with a second computing system by a communication channel wherein:
said first computing system receives encrypted data from said second computing system, and stores said encrypted data without decrypting.
-
2. A computing system being a first computing system connected with a second computing system by a communication channel wherein:
said first computing system has a storage system, receives encrypted data from said second computing system, and stores said encrypted data without decrypting in said storage system. - View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
16. An encryption and decryption method comprising the steps of:
-
reading encrypted data from a storage system that stores encrypted data received in a computing system without decrypting;
decrypting it; and
further writing it to said storage system.
-
-
17. An encryption and decryption method comprising the steps of:
-
passing a cryptographic key to a decryption device from a storage system that stores the cryptographic key and encrypted data which is not decrypted, received in a computing system;
sequentially sending said received encrypted data to said decryption device;
decrypting it; and
further writing it from said decryption device to said storage system.
-
-
18. A computer system with remote copy facility comprising:
-
a main center consisting of a primary disk subsystem group having a control means that is connected to an upper layer device and performs sending and receiving of data and a storage means that performs storage of said data; and
a remote center, which is disposed in a place apart from said primary disk subsystem group, consisting of a secondary disk subsystem group having a control means and receives encrypted data transferred from said primary disk subsystem group and a storage means that performs storage of said transferred data, wherein said primary disk subsystem group updates a cryptographic key at a specified interval or an irregular interval, also interrupts said data transfer to said secondary disk subsystem group and transfers the updated cryptographic key to said secondary disk subsystem group. - View Dependent Claims (19, 21, 22, 23, 24, 25)
-
-
20. A computer system with remote copy facility comprising:
-
a main center consisting of a primary disk subsystem group having a control means that is connected to an upper layer device and performs sending and receiving of data and a storage means that performs storage of said data; and
a remote center, which is disposed in a place apart from said primary disk subsystem group, consisting of a secondary disk subsystem group having a control means and receives encrypted data transferred from said primary disk subsystem group and a storage means that performs storage of said transferred data, wherein said primary disk subsystem group, during execution of data write processing, determines whether or not it is time for updating the cryptographic key for encrypted data transfer, and if it is time for updating, updates said cryptographic key, also transfers it to said secondary subsystem assigning a sequence number to said updated cryptographic key, and associates it with the transferred data assigned with the sequence number.
-
-
26. A computer system with remote copy facility comprising:
-
a main center consisting of a primary disk subsystem group being connected to an upper layer device and receiving data transfer from said upper layer device; and
a remote center consisting of a secondary disk subsystem group being connected with said primary disk subsystem group of said main center and receiving data transfer, wherein said primary disk subsystem group has a remote copy control information storage component that stores control information stipulating whether or not encrypted data transfer is performed when remote copying data to said secondary disk subsystem group, and performs data encryption when said control information stipulates to perform encrypted data transfer; and
said secondary disk subsystem group confirms said control information of said primary disk subsystem group, and performs processing appropriate to the encryption with respect to the transferred data when said control information is to perform encrypted data transfer.
-
-
27. A remote copy method of a storage system comprising:
-
a local storage system that stores data written from an upper layer device; and
a remote storage system that stores a copy of said data, wherein comprising;
a step where said local storage system encrypts said data with a cryptographic key;
a step where said encrypted data is transferred from said local storage system to said remote storage system;
a step where said cryptographic key is iteratively updated; and
a step where said updated cryptographic key is transferred from said local storage system to said remote storage system, wherein said encryption step uses the updated cryptographic key after said cryptographic key was updated. - View Dependent Claims (28)
-
Specification