TAPE DRIVE ENCRYPTION IN THE DATA PATH
First Claim
1. A method for providing data path encryption, the method comprising:
- obtaining login parameters from a data source, the login parameters including an identification of a destination storage device;
receiving an encryption key for the destination storage device;
receiving a write command from the data source, the write command including data for writing to the destination storage device;
encrypting the data inside a firewall of the data source using the encryption key; and
routing the encrypted data over a data path to the destination storage device.
1 Assignment
0 Petitions
Accused Products
Abstract
Implementations described and claimed herein provide encryption in the data path. In one implementation, login parameters from a primary data center are obtained. The login parameters include an identification of a destination device. An encryption key corresponding to the destination device is received. A write command including data for writing to the destination device is received from the primary data center. The data is encrypted inside a firewall of the primary data center using the encryption key. The encrypted data is routed over a data path to the destination device. As such, the data is secure during transmission over the network to the destination device.
33 Citations
20 Claims
-
1. A method for providing data path encryption, the method comprising:
-
obtaining login parameters from a data source, the login parameters including an identification of a destination storage device; receiving an encryption key for the destination storage device; receiving a write command from the data source, the write command including data for writing to the destination storage device; encrypting the data inside a firewall of the data source using the encryption key; and routing the encrypted data over a data path to the destination storage device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. One or more non-transitory tangible computer-readable storage media storing computer-executable instructions for performing a computer process on a computing system, the computer process comprising:
-
obtaining login parameters from a data source, the login parameters including an identification of a destination storage device; receiving an encryption key for the destination storage device; receiving a write command from the data source, the write command including data for writing to the destination storage device; encrypting the data using the encryption key; and routing the encrypted data over a data path to the destination storage device. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A system for providing data path encryption, the system comprising:
-
a destination storage device in communication with a data source over a network; a key management cluster having a plurality of key management appliances configured to generate and manage an encryption key for the destination storage device; and an encryption device deployed along a data path between the destination storage device and the data source and in communication with the key management cluster, the encryption device configured to encrypt data corresponding to a command to write the data to the destination storage device, the encryption device configured to obtain the command from the data source, the data being encrypted using the encryption key retrieved from the at least one key management appliance and sent securely over the data path to the destination storage device. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification