STORAGE DEVICE AND ITS CONTROL METHOD

US 20110296195A1
Filed: 05/25/2009
Published: 12/01/2011
Est. Priority Date: 05/25/2009
Status: Active Grant

First Claim

Patent Images

1. A storage device which partitions data from a host into a plurality of partitioned data and creates a parity based on the plurality of partitioned data, distributes the created parity and the plurality of partitioned data to a plurality of memory mediums configuring a same parity group, and encrypts and stores the created parity and the plurality of partitioned data therein, comprising:

a restoration unit for restoring the partitioned data or the parity stored in a memory medium to be subject to encryption re-key based on decrypted data of the partitioned data or the parity stored in each memory medium other than the memory medium to be subject to encryption re-key among the plurality of memory mediums;

a storage unit for storing the restored partitioned data or the parity in a backup memory medium while encrypting the restored partitioned data or the parity with a new encryption key; and

a memory medium swap unit for interchanging the backup memory medium and the memory medium to be subject to encryption re-key so that the backup memory medium will be a memory medium configuring the parity group and the memory medium to be subject to encryption re-key will be the backup memory medium;

wherein, by sequentially making each memory medium configuring the parity group to be the memory medium to be subject to encryption re-key, an encryption key of data stored in each memory medium configuring the parity group is updated to the new encryption key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided is a storage device which partitions data from a host into multiple partitioned data and distributes, encrypts and stores them together with a parity to and in multiple memory mediums. This storage device executes processing of restoring the partitioned data or the parity stored in a memory medium to be subject to encryption re-key based on decrypted data of the partitioned data or the parity stored in each memory medium other than the memory medium to be subject to encryption re-key among the multiple memory mediums, storing the restored partitioned data or the parity in a backup memory medium while encrypting the restored partitioned data or the parity with a new encryption key, and thereafter interchanging the backup memory medium and the memory medium to be subject to encryption re-key so that the backup memory medium will be a memory medium configuring the parity group and the memory medium to be subject to encryption re-key will be the backup memory medium.

71 Citations

View as Search Results

8 Claims

1. A storage device which partitions data from a host into a plurality of partitioned data and creates a parity based on the plurality of partitioned data, distributes the created parity and the plurality of partitioned data to a plurality of memory mediums configuring a same parity group, and encrypts and stores the created parity and the plurality of partitioned data therein, comprising:
- a restoration unit for restoring the partitioned data or the parity stored in a memory medium to be subject to encryption re-key based on decrypted data of the partitioned data or the parity stored in each memory medium other than the memory medium to be subject to encryption re-key among the plurality of memory mediums;
  
  a storage unit for storing the restored partitioned data or the parity in a backup memory medium while encrypting the restored partitioned data or the parity with a new encryption key; and
  
  a memory medium swap unit for interchanging the backup memory medium and the memory medium to be subject to encryption re-key so that the backup memory medium will be a memory medium configuring the parity group and the memory medium to be subject to encryption re-key will be the backup memory medium;
  
  wherein, by sequentially making each memory medium configuring the parity group to be the memory medium to be subject to encryption re-key, an encryption key of data stored in each memory medium configuring the parity group is updated to the new encryption key.
- View Dependent Claims (2, 3, 4)
- - 2. The storage device according to claim 1,wherein the storage unit provides the restored partitioned data or the parity and the new encryption key to the backup memory medium;
    - andwherein the backup memory medium encrypts the restored partitioned data or the parity provided from the storage unit with the new encryption key.
  - 3. The storage device according to claim 1,wherein the memory medium swap unit deletes data stored in the memory medium to be subject to encryption re-key after being swapd with the backup memory medium.
  - 4. The storage device according to claim 1,wherein, if a failure occurs which requires the use of the backup memory medium for recovery during processing of updating an encryption key of data stored in each memory medium configuring the parity group to the new encryption key, exchange processing of the encryption key is discontinued and, after recovery from the failure, processing to a memory medium that was subject to encryption re-key at the time the exchange processing of the encryption key was discontinued is resumed from the start.

5. A control method of a storage device which partitions data from a host into a plurality of partitioned data and creates a parity based on the plurality of partitioned data, distributes the created parity and the plurality of partitioned data to a plurality of memory mediums configuring a same parity group, and encrypts and stores the created parity and the plurality of partitioned data therein, comprising:
- a first step of restoring the partitioned data or the parity stored in a memory medium to be subject to encryption re-key based on decrypted data of the partitioned data or the parity stored in each memory medium other than the memory medium to be subject to encryption re-key among the plurality of memory mediums;
  
  a second step of storing the restored partitioned data or the parity in a backup memory medium while encrypting the restored partitioned data or the parity with a new encryption key; and
  
  a third step of interchanging the backup memory medium and the memory medium to be subject to encryption re-key so that the backup memory medium will be a memory medium configuring the parity group and the memory medium to be subject to encryption re-key will be the backup memory medium;
  
  wherein, by repeating the first to third steps while sequentially making each memory medium configuring the parity group to be the memory medium to be subject to encryption re-key, an encryption key of data stored in each memory medium configuring the parity group is updated to the new encryption key.
- View Dependent Claims (6, 7, 8)
- - 6. The control method of a storage device according to claim 5,wherein, at the second step, the restored partitioned data or the parity and the new encryption key are provided to the backup memory medium;
    - andwherein the restored partitioned data or the parity provided from the storage unit is encrypted with the new encryption key in the backup memory medium.
  - 7. The control method of a storage device according to claim 5, further comprising a fourth step of deleting data stored in the memory medium to be subject to encryption re-key after being swapd with the backup memory medium.
  - 8. The control method of a storage device according to claim 5,wherein, if a failure occurs which requires the use of the backup memory medium for recovery during processing of updating an encryption key of data stored in each memory medium configuring the parity group to the new encryption key, exchange processing of the encryption key is discontinued and, after recovery from the failure, processing to a memory medium that was subject to encryption re-key at the time the exchange processing of the encryption key was discontinued is resumed from the start.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hitachi, Ltd.
Original Assignee
Hitachi, Ltd.
Inventors
Okamoto, Takeki, Osaki, Nobuyuki, Asano, Masayasu, Nakagawa, Hirotaka

Granted Patent

US 8,341,425 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/189
CPC Class Codes

G06F 11/0727   in a storage system, e.g. i...

G06F 11/1008   in individual solid state d...

G06F 11/2094   Redundant storage or storag...

G06F 12/1408   by using cryptography for d...

G06F 21/78   to assure secure storage of...

G06F 21/805   using a security table for ...

G06F 2221/2107   File encryption

G06F 2221/2151   Time stamp

H04L 63/0464   using hop-by-hop encryption...

H04L 63/065   for group communications cr...

H04L 67/1097   for distributed storage of ...

H04L 69/40   for recovering from a failu...

H04L 9/0891   Revocation or update of sec...

STORAGE DEVICE AND ITS CONTROL METHOD

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

71 Citations

8 Claims

Specification

Solutions

Use Cases

Quick Links

STORAGE DEVICE AND ITS CONTROL METHOD

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

71 Citations

8 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links