METHOD FOR CONFIGURING THE ENCRYPTION POLICY FOR A FIBRE CHANNEL DEVICE
First Claim
1. A method for Implementing encryption comprising:
- interfacing with a first transport medium;
interfacing with a second transport medium;
maintaining a centralized encryption policy for a plurality of devices connected to at least one of the first transport medium or the second transport medium;
receiving data from an initiator device destined for a specified target device using the first transport medium;
determining whether to encrypt the data based on an identification for at least one of the initiator device and the target device according to the centralized encryption policy;
if the data should be encrypted based on the centralized encryption policy, encrypting the data and forwarding the encrypted data to the target device using the second transport medium; and
otherwise forwarding the unencrypted data to the target device.
5 Assignments
0 Petitions
Accused Products
Abstract
A data encryption engine and method for using to selectively encrypt communications. Data is received from a source device into the data encryption engine. The data encryption engine determines whether or not to encrypt the data based on a source device preference, a target device preference, a comparison of priority numbers for the source device and target device, the transport medium, the relationship between the source device and target device, a type/level of encryption or some combination. If the data is determined to need encryption, the data encryption device may encrypt the data or may flag the data for encryption by the target device. Otherwise the unencrypted data may be forwarded to the target device.
-
Citations
20 Claims
-
1. A method for Implementing encryption comprising:
-
interfacing with a first transport medium; interfacing with a second transport medium; maintaining a centralized encryption policy for a plurality of devices connected to at least one of the first transport medium or the second transport medium; receiving data from an initiator device destined for a specified target device using the first transport medium; determining whether to encrypt the data based on an identification for at least one of the initiator device and the target device according to the centralized encryption policy; if the data should be encrypted based on the centralized encryption policy, encrypting the data and forwarding the encrypted data to the target device using the second transport medium; and otherwise forwarding the unencrypted data to the target device. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system for encrypting information comprising:
-
a plurality of ports for communicating with a plurality of devices; a memory for storing a set of instructions; and a processor for executing the set of instructions, wherein the set of instructions is operable to; establish an interface with an initiator device having a first transport medium; establish an interface with a target device having a second transport medium; maintain a centralized encryption policy for a plurality of devices connected to at least one of the first transport medium or the second transport medium; receive data from the initiator device destined for the first target device using the first transport medium; determine whether to encrypt the data based on an identification for at least one of the initiator device and the target device according to the centralized encryption policy; if the data should be encrypted based on the centralized encryption policy, encrypt the data and forward the encrypted data to a target device connected to the second transport medium; and otherwise forward the unencrypted data to the target device. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A data encryption engine, comprising:
-
a memory for storing a set of instructions; and a processor for executing the set of instructions, wherein the set of instructions is operable to; establish an interface with an initiator device having a first transport medium; establish an interface with a first target device having a second transport medium; maintain a centralized encryption policy for a plurality of devices connected to at least one of the first transport medium or the second transport medium; receive data from the initiator device destined for a specified target using the first transport medium; determine whether to encrypt the data based on an identity for at least one of the initiator device and the target device according to the centralized encryption policy; if the data should be encrypted based on the centralized encryption policy, encrypt the data and forwarding the encrypted data to a target device connected to the second transport medium, and otherwise forward the unencrypted data to the target device. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. A method comprising:
-
receiving a fibre channel frame from an initiator containing Small Computing System Interface (SCSI) block data; determining the World Wide Name (WWN) of the initiator from the frame; and determining whether to encrypt data received from the initiator based on an encryption policy associated with the identity of the initiator, wherein if the initiator has an associated encryption policy, encrypting the SCSI block data according to the encryption policy and forwarding the encrypted SCSI block data to a target device, and if the initiator does not have an associated encryption policy, forwarding the unencrypted SCSI block data to a target device. - View Dependent Claims (20)
-
Specification