Method and apparatus for encrypted remote copy for secure data backup and restoration
First Claim
1. A method, comprising the steps of:
- encrypting original data stored at a source volume with an encryption algorithm;
storing the encrypted data in a target volume;
creating an encryption information record comprising identifiers for each of the source volume of the original data, the target volume, and the encryption algorithm used to encrypt the original data; and
storing the encryption information record at a location other than the source volume of the original data.
1 Assignment
0 Petitions
Accused Products
Abstract
Data at a primary storage system is encrypted and remote copied to a secondary storage system. A Remote Copy Configuration Information (RCCI) is created that identifies the encryption mechanism, keys, data source volume, and target volume for the remote copy. The RCCI is backed up on a trusted computer system. In one embodiment, the secondary storage system is an off-site data storage system managed by a third party. Upon detection of a failure in the primary storage system, the encrypted data and RCCI are transferred to a tertiary server, which is optionally created upon detection of the failure, and operations of the failed primary server are resumed by the tertiary server. In one embodiment, the failure is detected by loss of a heart beat signal transmitted from the primary storage system to a management server that initiates the transfers to the tertiary server.
-
Citations
65 Claims
-
1. A method, comprising the steps of:
-
encrypting original data stored at a source volume with an encryption algorithm;
storing the encrypted data in a target volume;
creating an encryption information record comprising identifiers for each of the source volume of the original data, the target volume, and the encryption algorithm used to encrypt the original data; and
storing the encryption information record at a location other than the source volume of the original data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
-
-
32. A method, comprising the steps of:
-
receiving an authentication request for storing an encryption information record from a primary storage system at a secure server, said encryption information record comprising identifiers for each of a source volume in the primary storage system storing original data, a target volume storing encrypted data of the original data, and an encryption algorithm used to encrypt the original data;
verifying the authentication request at the secure server;
if the authentication request is verified, storing the encryption information record on the secured server;
transferring encrypted data from the target volume to a tertiary storage system;
decrypting the encrypted data using the encryption information record at a tertiary server of the tertiary storage system; and
resuming operations of the primary storage system at the tertiary server using the decrypted data. - View Dependent Claims (33, 34, 35, 36, 37)
-
-
38. A data system, comprising:
-
a primary storage system comprising at least one source volume of data storage stored with original data;
a secondary storage system comprising at least one target volume of data storage stored with an encrypted backup copy of the original data; and
a management server;
wherein;
the primary storage system further comprises cryptographic information and a decryption and restoration mechanism to decrypt and restore encrypted data from the secondary storage system to the primary storage system, said cryptographic information including identifiers for each of said source volume of the original data, said target volume, and an encryption algorithm used to encrypt the original data; and
the management server maintains a back-up copy of the cryptographic information. - View Dependent Claims (39, 40, 41, 42)
-
-
43. A data system, comprising:
-
a primary storage system comprising at least one data volume and an encryption mechanism configured to encrypt and remote copy original data stored on the primary storage system;
a secondary storage system comprising at least one data volume; and
a secure system;
wherein the primary storage system is configured to encrypt data stored on the primary storage system, remotely copy the encrypted data to the secondary storage system, prepare a remote copy configuration information (RCCI) record identifying information the encrypted data that is remotely copied to the secondary storage system, and transfer the RCCI to the secure system, and said RCCI record includes identifiers for each of an source volume in the primary storage system storing the original data, an target volume in the secondary storage system storing the encrypted data, and an encryption algorithm used to encrypt the original data. - View Dependent Claims (44, 45, 46, 47, 48, 49)
-
-
50. A method, comprising the steps of:
-
encrypting original data stored in a source volume of data of a primary storage system;
storing the encrypted data to a target volume on a secondary storage system; and
storing information identifying the encryption on at least one restoration capable storage system, said information identifying the encryption including identifiers for each of the source volume, the target volume, and an encryption algorithm used to encrypt the original data, wherein said at least one restoration capable storage system is configured to perform restoration of the encrypted data from the secondary storage system. - View Dependent Claims (51, 52, 53, 54, 55, 56, 57, 58)
-
-
59. A method comprising the steps of:
-
encrypting original data stored in a source volume;
creating an information record identifying an encryption mechanism and a key used to encrypt the original data; and
storing the information record in a target volume, wherein the information record includes identifiers for each of the source volume, the target volume, and an encryption algorithm used to encrypt the original data. - View Dependent Claims (60, 61, 62, 63, 64, 65)
-
Specification