Computing system and data decryption method and computer system with remote copy facility

US 20030037247A1
Filed: 03/19/2001
Published: 02/20/2003
Est. Priority Date: 05/23/2000
Status: Active Grant

First Claim

Patent Images

1. A computing system being a first computing system connected with a second computing system by a communication channel wherein:

said first computing system receives encrypted data from said second computing system, and stores said encrypted data without decrypting.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computing system and encryption/decryption method realizes assurance of security and improvement of throughput in a remote system. For this purpose, encrypted data is written to a storage system, it is determined whether data in the storage system is ciphertext or plaintext, and encrypted data is read, decrypted and re-written in storage asynchronously with writing encrypted data to storage.

90 Citations

View as Search Results

28 Claims

1. A computing system being a first computing system connected with a second computing system by a communication channel wherein:
- said first computing system receives encrypted data from said second computing system, and stores said encrypted data without decrypting.

2. A computing system being a first computing system connected with a second computing system by a communication channel wherein:
- said first computing system has a storage system, receives encrypted data from said second computing system, and stores said encrypted data without decrypting in said storage system.
- View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 3. The computing system recited in claim 2, wherein:
    - said first computing system has a network connection device, receives a cryptographic key and encrypted data from said second computing system, and stores said encrypted data without decrypting in said storage system.
  - 4. The computing system recited in claim 2, wherein:
    - said first computing system has a processor system, receives a cryptographic key and encrypted data from said second computing system, and stores said encrypted data without decrypting in said storage system.
  - 5. The computing system recited in claim 2, wherein:
    - said processor system reads encrypted data from said storage system, decrypts it, and further writes it in said storage system.
  - 6. The computing system recited in claim 2, wherein:
    - said network connection device reads encrypted data from said storage system, decrypts it, and further writes it in said storage system.
  - 7. The computing system recited in claim 2, wherein:
    - said storage system reads encrypted data within said storage system itself and decrypts and writes it.
  - 8. The computing system recited in claim 2, wherein:
    - said first computing system has a decryption device, said decryption device reads encrypted data from said storage system, decrypts it, and further writes it in said storage system.
  - 9. The computing system recited in claim 5, wherein:
    - reading of encrypted data from said storage system and writing of decrypted data are performed with respect to the same storage position in said storage system.
  - 10. The computing system recited in claim 5, wherein:
    - received encrypted data is stored in sequence of receipt without decryption in said storage system, and reading of encrypted data from said storage system and writing of decrypted data are such that writing is to a position being different from the position read in said storage system.
  - 11. The computing system recited in claim 5, wherein:
    - the interval of reading of encrypted data in said first computing system is an interval of fixed time.
  - 12. The computing system recited in claim 5, wherein:
    - reading of encrypted data in said first computing system is started by request from the storage system in said first computing system.
  - 13. The computing system recited in claim 5, wherein:
    - an encryption key is received from the storage system in said first computing system.
  - 14. The computing system recited in claim 5, wherein:
    - an encryption key is received from the network connection device in said first computing system.
  - 15. The computing system recited in claim 5, wherein:
    - an encryption key is received from the processor system in said first computing system.

16. An encryption and decryption method comprising the steps of:
- reading encrypted data from a storage system that stores encrypted data received in a computing system without decrypting;
  
  decrypting it; and
  
  further writing it to said storage system.

17. An encryption and decryption method comprising the steps of:
- passing a cryptographic key to a decryption device from a storage system that stores the cryptographic key and encrypted data which is not decrypted, received in a computing system;
  
  sequentially sending said received encrypted data to said decryption device;
  
  decrypting it; and
  
  further writing it from said decryption device to said storage system.

18. A computer system with remote copy facility comprising:
- a main center consisting of a primary disk subsystem group having a control means that is connected to an upper layer device and performs sending and receiving of data and a storage means that performs storage of said data; and
  
  a remote center, which is disposed in a place apart from said primary disk subsystem group, consisting of a secondary disk subsystem group having a control means and receives encrypted data transferred from said primary disk subsystem group and a storage means that performs storage of said transferred data, wherein said primary disk subsystem group updates a cryptographic key at a specified interval or an irregular interval, also interrupts said data transfer to said secondary disk subsystem group and transfers the updated cryptographic key to said secondary disk subsystem group.
- View Dependent Claims (19, 21, 22, 23, 24, 25)
- - 19. The computer system with remote copy facility recited in claim 18, wherein:
    - said primary disk subsystem group creates data having the same data length and data pattern as data transferred to said secondary disk subsystem group, and embeds said cryptographic key in said created data.
  - 21. The computer system with remote copy facility recited in claim 18, wherein:
    - data encrypted and transferred from said primary disk subsystem group to said secondary disk subsystem group is kept without decrypting in the storage means of said remote center, and is decrypted in time of disaster recovery.
  - 22. The computer system with remote copy facility recited in claim 21, wherein:
    - when data is encrypted and transferred from said primary disk subsystem group to said secondary disk subsystem group, said cryptographic key is remote copied to and kept at another remote center disposed in a place separate from said remote center, and data is decrypted using the cryptographic key kept at said other remote center in time of disaster recovery.
  - 23. An encryption system of the computer system with remote copy facility recited in claim 21, wherein:
    - when data encrypted and transferred from said primary disk subsystem group to said secondary disk subsystem group is decrypted, it is decrypted only when a specific portion of a record concerning said data was searched.
  - 24. The computer system with remote copy facility recited in claim 18, wherein:
    - said primary disk subsystem group and said secondary disk subsystem group are connected via a storage area network.
  - 25. The computer system with remote copy facility recited in claim 18, wherein:
    - data transfer between said primary disk subsystem group and said secondary disk subsystem group is performed by synchronous transfer or asynchronous transfer.

20. A computer system with remote copy facility comprising:
- a main center consisting of a primary disk subsystem group having a control means that is connected to an upper layer device and performs sending and receiving of data and a storage means that performs storage of said data; and
  
  a remote center, which is disposed in a place apart from said primary disk subsystem group, consisting of a secondary disk subsystem group having a control means and receives encrypted data transferred from said primary disk subsystem group and a storage means that performs storage of said transferred data, wherein said primary disk subsystem group, during execution of data write processing, determines whether or not it is time for updating the cryptographic key for encrypted data transfer, and if it is time for updating, updates said cryptographic key, also transfers it to said secondary subsystem assigning a sequence number to said updated cryptographic key, and associates it with the transferred data assigned with the sequence number.

26. A computer system with remote copy facility comprising:
- a main center consisting of a primary disk subsystem group being connected to an upper layer device and receiving data transfer from said upper layer device; and
  
  a remote center consisting of a secondary disk subsystem group being connected with said primary disk subsystem group of said main center and receiving data transfer, wherein said primary disk subsystem group has a remote copy control information storage component that stores control information stipulating whether or not encrypted data transfer is performed when remote copying data to said secondary disk subsystem group, and performs data encryption when said control information stipulates to perform encrypted data transfer; and
  
  said secondary disk subsystem group confirms said control information of said primary disk subsystem group, and performs processing appropriate to the encryption with respect to the transferred data when said control information is to perform encrypted data transfer.

27. A remote copy method of a storage system comprising:
- a local storage system that stores data written from an upper layer device; and
  
  a remote storage system that stores a copy of said data, wherein comprising;
  
  a step where said local storage system encrypts said data with a cryptographic key;
  
  a step where said encrypted data is transferred from said local storage system to said remote storage system;
  
  a step where said cryptographic key is iteratively updated; and
  
  a step where said updated cryptographic key is transferred from said local storage system to said remote storage system, wherein said encryption step uses the updated cryptographic key after said cryptographic key was updated.
- View Dependent Claims (28)
- - 28. The remote copy method of the storage system recited in claim 27, wherein:
    - the frequency of iteration of the step where said cryptographic key is updated is determined from the time for deciphering said cryptographic key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Hitachi, Ltd.
Inventors
Oeda, Takashi, Nozawa, Masafumi, Takamatsu, Hisashi, Morishita, Noboru, Obara, Kiyohiro

Granted Patent

US 6,966,001 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/193
CPC Class Codes

H04L 63/0428 wherein the data content is...

H04L 67/01 Protocols

Computing system and data decryption method and computer system with remote copy facility

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

90 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Computing system and data decryption method and computer system with remote copy facility

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

90 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links