Storage system for data encryption

US 20070180239A1
Filed: 09/23/2005
Published: 08/02/2007
Est. Priority Date: 07/21/2005
Status: Active Grant

First Claim

Patent Images

1. A storage system, comprising:

a host interface connected via a network to a host computer;

a disk interface connected to a disk drive;

a memory module that stores control information of the storage system and that functions as a cache memory;

a processor that controls the storage system;

a mature network that interconnects the host interface, the disk interface, the memory module, and the processor; and

an encryption module that encrypts data read/written by the host computer, wherein, the processor;

reads data from a given area of the disk drive or of the memory module;

decrypts the read data with an encryption key corresponding to this data;

encrypts the decrypted data with an encryption key different from the one that has just been used to decrypt the data; and

writes the encrypted data in an area different from the given area.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided is a storage system including: a host interface connected via a network to a host computer; a disk interface connected to a disk drive; a memory module that stores control information of a cache memory for an access to the disk drive and the storage system; a processor that controls the storage system; a mature network that interconnects the host interface, the disk interface, the memory module, and the processor; and an encryption module that encrypts data read/written by the host computer, in which the processor reads data from a given area of the disk drive from the memory module, decrypts the read data with an encryption key corresponding to this data, encrypts the decrypted data with an encryption key different from the one that has just been used to decrypt the data, and writes the encrypted data in an area different from the given area. Accordingly, customers can be provided with a secure, highly reliable storage system with its confidentiality preserving capability enhanced.

91 Citations

View as Search Results

13 Claims

1. A storage system, comprising:
- a host interface connected via a network to a host computer;
  
  a disk interface connected to a disk drive;
  
  a memory module that stores control information of the storage system and that functions as a cache memory;
  
  a processor that controls the storage system;
  
  a mature network that interconnects the host interface, the disk interface, the memory module, and the processor; and
  
  an encryption module that encrypts data read/written by the host computer, wherein, the processor;
  
  reads data from a given area of the disk drive or of the memory module;
  
  decrypts the read data with an encryption key corresponding to this data;
  
  encrypts the decrypted data with an encryption key different from the one that has just been used to decrypt the data; and
  
  writes the encrypted data in an area different from the given area.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The storage system according to claim 1, wherein different encryption keys are assigned to different areas which store data.
  - 3. The storage system according to claim 1, further comprising, a first logical volume and a second logical volume are set in the disk drive, wherein, the processor:
    - reads data from the first logical volume;
      
      decrypts the read data with an encryption key assigned to the first logical volume;
      
      encrypts the decrypted data with an encryption key assigned to the second logical volume; and
      
      copies data in the first logical volume to the second logical volume, by writing the encrypted data in the second logical volume.
  - 4. The storage system according to claim 1, wherein the processor sends data to the encryption module for one of encryption and decryption of the data.
  - 5. The storage system according to claim 1, wherein the processor writes data in a cache memory area of the memory module for one of encryption and decryption of the data.
  - 6. The storage system according to claim 1, wherein, when the host computer makes a request for write data, the processor:
    - stores the data to be written to the disk drive in a cache memory area of the memory module;
      
      sends the stored data to be written to the disk drive to the encryption module; and
      
      writes the data encrypted by the encryption function in an area specified in the request for write data.
  - 7. The storage system according to claim 1, wherein the host interface has the encryption module.
  - 8. The storage system according to claim 1, wherein the disk interface has the encryption module.
  - 9. The storage system according to claim 1, wherein the memory module has the encryption module.
  - 10. The storage system according to claim 3, wherein, the first logical volume and the second logical volume are paired with each other as a copy pair, the processor:
    - when the host computer makes a request for write data in the first logical volume, encrypts the data to be written to the disk drive with an encryption key assigned to the first logical volume, and writes the encrypted data in the first logical volume and in the second logical volume; and
      
      when there is a change in copy pair state, changes the encryption key assigned to the first logical volume to another encryption key, encrypts the write data with the replacement encryption key, and writes the encrypted data in the first logical volume.
  - 11. The storage system according to claim 1, wherein, when the host computer makes a request for update data, the processor:
    - reads data requested to be updated;
      
      decrypts the read data with an encryption key corresponding to this data;
      
      encrypts the decrypted data with an encryption key different from the one that has just been used to decrypt the data; and
      
      writes the encrypted data in an area different from one where the data to be updated has been stored.
  - 12. The storage system according to claim 1, wherein, when the host computer makes a request for update data, the processor:
    - encrypts data requested to be updated with an encryption key different from one used to decrypt the data; and
      
      writes the encrypted data in an area different from one where the data to be updated has been stored.
  - 13. The storage system according to claim 1, wherein, when the host computer makes a request for update data, the processor module:
    - encrypts differential data, which represents a difference between data requested to be updated and updated data, with an encryption key corresponding to the differential data;
      
      writes the encrypted data in the given area;
      
      upon reception of a request for restore data from the host computer, obtains differential data corresponding to the request for restore data;
      
      decrypts the obtained differential data;
      
      restores, from the decrypted differential data, data corresponding to the request for restore data;
      
      encrypts the restored data with an encryption key different from one corresponding to the differential data; and
      
      writes the encrypted data in an area different from one where the differential data has been stored.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hitachi, Ltd.
Original Assignee
Hitachi, Ltd.
Inventors
Fujibayashi, Akira, Mizuno, Makio

Granted Patent

US 7,627,756 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/165
CPC Class Codes

G06F 11/1076   Parity data used in redunda...

G06F 11/1435   using file system or storag...

G06F 11/2069   Management of state, config...

G06F 21/6218   to a system of files or obj...

G06F 2201/84   Using snapshots, i.e. a log...

G06F 2221/2107   File encryption

H04L 63/0428   wherein the data content is...

Storage system for data encryption

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

91 Citations

13 Claims

Specification

Use Cases

Quick Links

Others

Storage system for data encryption

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

91 Citations

13 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others