STORAGE SECURITY USING CRYPTOGRAPHIC SPLITTING
First Claim
1. A method of securing data in a data storage network, the method comprising:
- receiving at a secure storage appliance a block of data for storage on a volume, the volume associated with a plurality of shares distributed across a plurality of physical storage devices;
cryptographically splitting the block of data received by the secure storage appliance into a plurality of secondary data blocks;
cryptographically splitting the session key into a plurality of session key fragments;
encrypting each of the plurality of secondary data blocks with a different session key, each session key associated with at least one of the plurality of shares; and
encrypting each of the plurality of session key fragments with a workgroup key associated with a source of the block of data.
7 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for securing data in a data storage network are disclosed. One method includes receiving at a secure storage appliance a block of data for storage on a volume, the volume associated with a plurality of shares distributed across a plurality of physical storage devices. The method further includes cryptographically splitting the block of data received by the secure storage appliance into a plurality of secondary data blocks, and cryptographically splitting the session key into a plurality of session key fragments. The method further includes encrypting each of the plurality of secondary data blocks with a different session key, each session key associated with at least one of the plurality of shares, and encrypting each of the plurality of session key fragments with a workgroup key associated with a source of the block of data.
198 Citations
22 Claims
-
1. A method of securing data in a data storage network, the method comprising:
-
receiving at a secure storage appliance a block of data for storage on a volume, the volume associated with a plurality of shares distributed across a plurality of physical storage devices; cryptographically splitting the block of data received by the secure storage appliance into a plurality of secondary data blocks; cryptographically splitting the session key into a plurality of session key fragments; encrypting each of the plurality of secondary data blocks with a different session key, each session key associated with at least one of the plurality of shares; and encrypting each of the plurality of session key fragments with a workgroup key associated with a source of the block of data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A secure storage appliance comprising a programmable circuit configured to execute program instructions which, when executed, configure the secure storage appliance to:
-
receive from a client device a block of data for storage on a volume, the volume associated with a plurality of shares distributed across a plurality of physical storage devices; cryptographically split the block of data into a plurality of secondary data blocks; cryptographically split the session key into a plurality of session key fragments; encrypt each of the plurality of secondary data blocks with a different session key, each session key associated with at least one of the plurality of shares; and encrypt each of the plurality of session key fragments with a workgroup key associated with a source of the block of data. - View Dependent Claims (12, 13, 14)
-
-
15. A secure data storage network comprising:
-
a client device; a plurality of physical storage devices; a secure storage appliance communicatively connected to the client device and the plurality of physical storage devices, the secure storage appliance including a programmable circuit configured to execute program instructions which, when executed, cause the secure storage appliance to; receive from the client device a block of data for storage on a volume, the volume associated with a plurality of shares distributed across the plurality of physical storage devices; cryptographically split the block of data into a plurality of secondary data blocks; cryptographically split the session key into a plurality of session key fragments; encrypt each of the plurality of secondary data blocks with a different session key, each session key associated with at least one of the plurality of shares; and encrypt each of the plurality of session key fragments with a workgroup key associated with a source of the block of data. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22)
-
Specification