Network media access architecture and methods for secure storage
First Claim
1. A network media access controller providing a centralized control point for managing secure data storage in a network-attached data storage subsystem, said network media access controller comprising:
- a) a first network interface coupleable through a first network connection to a network-attached data storage subsystem including a storage device, wherein said network-attached data storage subsystem is responsive to a data storage command to store first data to said storage device;
b) a second network interface coupleable through a second network connection to a client computer system, wherein said client computer system selectively provides said data storage command with respect to second data; and
c) a network data processor coupled to said first network interface to provide said data storage command and first data and to said second network interface to receive said data storage command and second data, said network data processor including an encryptor coupled to selectively encrypt said second data to provide said first data based on an encryption key corresponding to said storage device.
1 Assignment
0 Petitions
Accused Products
Abstract
A network media access controller operates as a centralized control point for managing secure data storage in a network-attached data storage subsystem. The network media access controller includes first and second network interfaces. The first network interface is coupleable through a first network connection to a network-attached data storage subsystem including a storage device. The network-attached data storage subsystem is responsive to a data storage command to store first data to the storage device. The second network interface is coupleable through a second network connection to a client computer system. The client computer system selectively provides the data storage command with respect to second data. A network data processor is coupled to the first network interface to provide the data storage command and first data and to the second network interface to receive the data storage command and second data. The network data processor including an encryptor coupled to selectively encrypt the second data to provide the first data based on an encryption key corresponding to the storage device.
-
Citations
36 Claims
-
1. A network media access controller providing a centralized control point for managing secure data storage in a network-attached data storage subsystem, said network media access controller comprising:
-
a) a first network interface coupleable through a first network connection to a network-attached data storage subsystem including a storage device, wherein said network-attached data storage subsystem is responsive to a data storage command to store first data to said storage device;
b) a second network interface coupleable through a second network connection to a client computer system, wherein said client computer system selectively provides said data storage command with respect to second data; and
c) a network data processor coupled to said first network interface to provide said data storage command and first data and to said second network interface to receive said data storage command and second data, said network data processor including an encryptor coupled to selectively encrypt said second data to provide said first data based on an encryption key corresponding to said storage device. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A network storage access controller comprising:
-
a) a first network interface coupleable to an initiator network accessible by a plurality of network clients to exchange first network data, wherein said first network data contains unencrypted media-level storage data;
b) a second network interface coupleable to a target network through which a plurality of network storage volumes are accessible to exchange second network data, wherein said second network data contains encrypted media-level storage data; and
c) a controller coupled between said first and second network interfaces operative to convert between said first and second network data, said controller including a crypto processor to encrypt and decrypt media-level storage data contained in said first and second network data. - View Dependent Claims (8, 9, 10, 11)
-
- 12. A network storage controller supporting client access to network attached data storage, said network controller being coupleable in a communications network between a plurality of client computers and a plurality of data stores, wherein said network storage controller provides for the transfer of network data between said client computers and said data stores, wherein said network data includes media-level data and wherein said network access controller provides for the selective encryption and decryption of said media-level data transferred with respect to said plurality of data stores.
- 17. A network media access controller configured as a network proxy portal to provide storage security for clients with respect to network attached storage devices, said network media access controller comprising a network data processor coupleable between an initiator network and a target network to provide for the proxy transfer of predetermined network protocol data packets containing media-level data between said initiator and target networks, said network data processor being operative to selectively process said predetermined network protocol data packets to encrypt and decrypt media-level data.
-
24. A method of providing secure storage of data over a network connection, said method comprising the steps of:
-
a) first processing network data packets, transferred over a network between a client computer system and a storage system, to identify predetermined network data packets containing media-level data; and
b) second processing said predetermined network data packets to encrypt the media-level data contained in said predetermined network data packets being transferred to said storage system and to decrypt the media-level data contained in said predetermined network data packets being transferred to said client computer system. - View Dependent Claims (25, 26, 27)
-
-
28. A method of managing the secure storage of data in network attached storage systems, said method comprising the steps of:
-
a) establishing a network storage portal through which network storage data packets are passed between a client computer system and a network data store; and
b) crypto processing, on passage through said network storage portal, media-level data contained within network storage data packets to selectively encrypt, at said network storage portal, media-level data passed to said network data store and selectively decrypt, at said network storage portal, media-level data passed from said network data store. - View Dependent Claims (29, 30, 31, 32, 33)
-
-
34. A network media access controller comprising:
-
a) an initiator network interface coupleable through a first network to a client initiator, b) a target network interface coupleable through a second network to a storage target; and
c) a network data processor coupled between said initiator and target network interfaces, wherein said client initiator and storage target communicate storage data over said first and second networks using a data transfer protocol encapsulated by a network communications protocol, wherein said data transfer protocol provides for the storage and retrieval of media-level data, wherein said network data processor is operative to transfer network data packets conforming to said network communications protocol between said initiator and target network interfaces, said network data processor being further operative to selectively encrypt and decrypt media-level data contained within network data packets transferred between said initiator and target network interfaces. - View Dependent Claims (35, 36)
-
Specification