DISTRIBUTION OF STORAGE AREA NETWORK ENCRYPTION KEYS ACROSS DATA CENTERS
First Claim
1. A method, comprising:
- receiving a request to transfer a source data center key object from a source data center to a destination data center, the source data center key object corresponding to a data block maintained in a storage area network (SAN), wherein the source data center key object includes a unique identifier, an encrypted key, and a wrapper unique identifier;
decrypting the encrypted key using a source data center key hierarchy;
transmitting key information from the source data center to the destination data center;
generating a destination data center key object using a destination data center key hierarchy.
1 Assignment
0 Petitions
Accused Products
Abstract
Efficient mechanisms are provided for transferring key objects associated with disk logical unit numbers and tape cartridges from one data center to another data center. A request is received to transfer a source data center key object from a source data center to a destination data center. The source data center key object corresponds to a data block, such as a disk logical unit number (LUN) or a tape cartridge, maintained in a storage area network (SAN) and includes a unique identifier, an encrypted key, and a wrapper unique identifier. The encrypted key is decrypted using a source data center key hierarchy. Key information is transmitted from the source data center to the destination data center. A destination data center key object is generated using a destination data center key hierarchy.
-
Citations
23 Claims
-
1. A method, comprising:
-
receiving a request to transfer a source data center key object from a source data center to a destination data center, the source data center key object corresponding to a data block maintained in a storage area network (SAN), wherein the source data center key object includes a unique identifier, an encrypted key, and a wrapper unique identifier; decrypting the encrypted key using a source data center key hierarchy; transmitting key information from the source data center to the destination data center; generating a destination data center key object using a destination data center key hierarchy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A system, comprising:
-
an interface operable to receive a request to transfer a source data center key object from a source data center to a destination data center, the source data center key object corresponding to a data block maintained in a storage area network (SAN), wherein the source data center key object includes a unique identifier, an encrypted key, and a wrapper unique identifier; a processor operable to decrypt the encrypted key using a source data center key hierarchy and provide the key information from the source data center to the destination data center; wherein the destination data center generates a destination data center key object using a destination data center key hierarchy. - View Dependent Claims (19, 20, 21, 22)
-
-
23. A system, comprising:
-
means for receiving a request to transfer a source data center key object from a source data center to a destination data center, the source data center key object corresponding to a data block maintained in a storage area network (SAN), wherein the source data center key object includes a unique identifier, an encrypted key, and a wrapper unique identifier; means for decrypting the encrypted key using a source data center key hierarchy; means for transmitting key information from the source data center to the destination data center; means for generating a destination data center key object using a destination data center key hierarchy.
-
Specification