METHOD FOR CONFIGURING THE ENCRYPTION POLICY FOR A FIBRE CHANNEL DEVICE

US 20090274300A1
Filed: 05/05/2008
Published: 11/05/2009
Est. Priority Date: 05/05/2008
Status: Active Grant

First Claim

Patent Images

1. A method for Implementing encryption comprising:

interfacing with a first transport medium;

interfacing with a second transport medium;

maintaining a centralized encryption policy for a plurality of devices connected to at least one of the first transport medium or the second transport medium;

receiving data from an initiator device destined for a specified target device using the first transport medium;

determining whether to encrypt the data based on an identification for at least one of the initiator device and the target device according to the centralized encryption policy;

if the data should be encrypted based on the centralized encryption policy, encrypting the data and forwarding the encrypted data to the target device using the second transport medium; and

otherwise forwarding the unencrypted data to the target device.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data encryption engine and method for using to selectively encrypt communications. Data is received from a source device into the data encryption engine. The data encryption engine determines whether or not to encrypt the data based on a source device preference, a target device preference, a comparison of priority numbers for the source device and target device, the transport medium, the relationship between the source device and target device, a type/level of encryption or some combination. If the data is determined to need encryption, the data encryption device may encrypt the data or may flag the data for encryption by the target device. Otherwise the unencrypted data may be forwarded to the target device.

60 Citations

View as Search Results

20 Claims

1. A method for Implementing encryption comprising:
- interfacing with a first transport medium;
  
  interfacing with a second transport medium;
  
  maintaining a centralized encryption policy for a plurality of devices connected to at least one of the first transport medium or the second transport medium;
  
  receiving data from an initiator device destined for a specified target device using the first transport medium;
  
  determining whether to encrypt the data based on an identification for at least one of the initiator device and the target device according to the centralized encryption policy;
  
  if the data should be encrypted based on the centralized encryption policy, encrypting the data and forwarding the encrypted data to the target device using the second transport medium; and
  
  otherwise forwarding the unencrypted data to the target device.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein maintaining a centralized encryption policy comprises maintaining a data encryption preference for the initiator device.
  - 3. The method of claim 1, wherein maintaining a centralized encryption policy comprises maintaining a data encryption preference for the target device.
  - 4. The method of claim 1, wherein maintaining a centralized encryption policy comprises maintaining an encryption policy for communication between the initiator device and the target device associated with the initiator device.
  - 5. The method of claim 1, wherein maintaining a centralized encryption policy comprises:
    - maintaining a priority designator for the initiator device;
      
      maintaining a priority designator the target device; and
      
      comparing the priority designator for the initiator device with the priority designator for the target device to determine an encryption policy, wherein the determination of whether to encrypt the data is based on the outcome of the comparison between the priority designator for the initiator device with the priority designator for the target device.
  - 6. The method of claim 1, wherein maintaining a centralized encryption policy comprises:
    - maintaining a designator of a type of data encryption to be performed, wherein if the data should be encrypted, encrypting the data according to the designated type of encryption to be performed.

7. A system for encrypting information comprising:
- a plurality of ports for communicating with a plurality of devices;
  
  a memory for storing a set of instructions; and
  
  a processor for executing the set of instructions, wherein the set of instructions is operable to;
  
  establish an interface with an initiator device having a first transport medium;
  
  establish an interface with a target device having a second transport medium;
  
  maintain a centralized encryption policy for a plurality of devices connected to at least one of the first transport medium or the second transport medium;
  
  receive data from the initiator device destined for the first target device using the first transport medium;
  
  determine whether to encrypt the data based on an identification for at least one of the initiator device and the target device according to the centralized encryption policy;
  
  if the data should be encrypted based on the centralized encryption policy, encrypt the data and forward the encrypted data to a target device connected to the second transport medium; and
  
  otherwise forward the unencrypted data to the target device.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system of claim 7, wherein the system is operable to maintain a data encryption preference for the initiator device.
  - 9. The system of claim 7, wherein the system is operable to maintain a data encryption preference for the target device.
  - 10. The system of claim 7, wherein the system is operable to:
    - maintain a data encryption policy for communication between the initiator device and the target device associated with the initiator device.
  - 11. The system of claim 7, wherein the system is operable to:
    - maintain a priority designator for the initiator device;
      
      maintain a priority designator for the target device; and
      
      compare the priority designator for the initiator device with the priority designator for the target device to determine an encryption policy, wherein the determination of whether to encrypt the data is based on the outcome of the comparison between the priority designator for the initiator device with the priority designator for the target device.
  - 12. The system of claim 7, wherein the system is operable to:
    - maintain a designator of a type of data encryption to be performed, wherein if the data should be encrypted, the system is operable to encrypt the data according to the designated type of encryption to be performed.

13. A data encryption engine, comprising:
- a memory for storing a set of instructions; and
  
  a processor for executing the set of instructions, wherein the set of instructions is operable to;
  
  establish an interface with an initiator device having a first transport medium;
  
  establish an interface with a first target device having a second transport medium;
  
  maintain a centralized encryption policy for a plurality of devices connected to at least one of the first transport medium or the second transport medium;
  
  receive data from the initiator device destined for a specified target using the first transport medium;
  
  determine whether to encrypt the data based on an identity for at least one of the initiator device and the target device according to the centralized encryption policy;
  
  if the data should be encrypted based on the centralized encryption policy, encrypt the data and forwarding the encrypted data to a target device connected to the second transport medium, andotherwise forward the unencrypted data to the target device.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The engine of claim 13, wherein the system is operable to maintain a data encryption preference for the initiator device.
  - 15. The engine of claim 13, wherein the system is operable to maintain a data encryption preference for the first target device.
  - 16. The engine of claim 13, wherein the system is operable to:
    - maintain a data encryption policy for communication between the initiator device and a target device associated with the initiator device.
  - 17. The engine of claim 13, wherein the system is operable to:
    - maintain a priority designator for the initiator device;
      
      maintain a priority designator the target device; and
      
      compare the priority designator for the initiator device with the priority designator for the target device to determine an encryption policy, wherein the determination to encrypt the data is based on the outcome of the comparison between the priority designator for the initiator device with the priority designator for the target device.
  - 18. The engine of claim 13, wherein the system is operable to:
    - maintain a designator of a type of data encryption to be performed, wherein if the data should be encrypted, the system is operable to encrypt the data according to the designated type of encryption to be performed.

19. A method comprising:
- receiving a fibre channel frame from an initiator containing Small Computing System Interface (SCSI) block data;
  
  determining the World Wide Name (WWN) of the initiator from the frame; and
  
  determining whether to encrypt data received from the initiator based on an encryption policy associated with the identity of the initiator, wherein if the initiator has an associated encryption policy, encrypting the SCSI block data according to the encryption policy and forwarding the encrypted SCSI block data to a target device, andif the initiator does not have an associated encryption policy, forwarding the unencrypted SCSI block data to a target device.
- View Dependent Claims (20)
- - 20. The method of claim 19, wherein the associated encryption policy comprises an encryption type, wherein if the data should be encrypted, the data is encrypted according to the designated encryption type.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CF DB EZ LLC (FIG LLC (d/b/a Fortress Investment Group LLC))
Original Assignee
Crossroads Systems (Texas) Incorporated (Crossroads Systems, Inc.)
Inventors
DeLine, Peter A., Tou, Patrick S.

Granted Patent

US 8,601,258 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/255
CPC Class Codes

H04L 63/0428 wherein the data content is...

H04L 67/1097 for distributed storage of ...

METHOD FOR CONFIGURING THE ENCRYPTION POLICY FOR A FIBRE CHANNEL DEVICE

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

60 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD FOR CONFIGURING THE ENCRYPTION POLICY FOR A FIBRE CHANNEL DEVICE

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

60 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links