×

LOG STRUCTURED VOLUME ENCRYPTION FOR VIRTUAL MACHINES

  • US 20130227303A1
  • Filed: 02/24/2012
  • Published: 08/29/2013
  • Est. Priority Date: 02/24/2012
  • Status: Active Grant
First Claim
Patent Images

1. A method implemented by one or more data processing apparatuses, the method comprising:

  • receiving a first request from a first virtual machine to store data in a log structured volume and based on the first request;

    obtaining the data and an access control list of one or more users authorized to access the data;

    obtaining a data key that has a data key identifier;

    encrypting, using the one or more data processing apparatuses, the data key and the access control list using a wrapping key to generate a wrapped blob;

    encrypting, using the one or more data processing apparatuses, the data using the data key to generate encrypted data;

    storing the wrapped blob and the encrypted data in the log structured volume; and

    providing the data key identifier to one or more users on the access control list; and

    receiving a second request from a second virtual machine to obtain a snapshot of the data and based on the second request;

    obtaining an unwrapped blob containing the data key and the access control list;

    obtaining the data key and the access control list from the unwrapped blob; and

    authenticating a user associated with the second request and authorizing the user against the access control list and, upon a determination that the user is authenticated and authorized;

    decrypting, using the one or more data processing apparatuses, the data using the data key; and

    providing a snapshot of the data to the second virtual machine.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×