DATA ENCRYPTION KEY SHARING FOR A STORAGE SYSTEM
First Claim
Patent Images
1. A method for key sharing with a storage system, performed by a security manager, comprising:
- sharing a first key with a host system; and
sharing the first key with a storage system, so that the host system encrypts a file or data with the first key and sends the encrypted file or data to the storage system, the storage system decrypts the encrypted file or data with the first key, compresses the decrypted file or data, and re-encrypts the decrypted file or data.
4 Assignments
0 Petitions
Accused Products
Abstract
A method for key sharing with a storage system, performed by a network device or security manager is provided. The method includes sharing a first key with a host system and sharing the first key with a storage system. The host system encrypts a file or data with the first key and sends the encrypted file or data to the storage system. The storage system decrypts the encrypted file or data with the first key, compresses the decrypted file or data, and re-encrypts the decrypted file or data.
-
Citations
24 Claims
-
1. A method for key sharing with a storage system, performed by a security manager, comprising:
-
sharing a first key with a host system; and sharing the first key with a storage system, so that the host system encrypts a file or data with the first key and sends the encrypted file or data to the storage system, the storage system decrypts the encrypted file or data with the first key, compresses the decrypted file or data, and re-encrypts the decrypted file or data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A security manager, comprising:
-
a network device, connectable to a network and having at least one processor; and the at least one processor configured to share a first key with a host system and share the first key with a storage system that is configured to receive a file encrypted by the host system with the first key and decrypt the encrypted file with the first key. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A method for key sharing with a plurality of storage systems, performed by a security manager, comprising:
-
generating a plurality of keys; determining which storage system, of the plurality of storage systems, or which host system, of a plurality of host systems, uses which key or keys, of the plurality of keys; and distributing the plurality of keys, in accordance with the determining, so that each storage system, of the plurality of storage systems, can receive a file or data encrypted with a first key by a host system, decrypt the encrypted file or data with the first key, compress the decrypted file or data, reencrypt the compressed decrypted file or data. - View Dependent Claims (18, 19)
-
-
20. A method for encryption, performed by a secure data system, comprising:
-
passing a write request from an application layer to a secure file system layer; determining that the write request is approved by access control, at the secure file system layer; passing a request to write a secure file, from the secure file system layer through a file system layer to a secure volume manager layer; encrypting data and encrypting metadata relating to the data, at the secure volume manager layer; and sending the encrypted data and the encrypted metadata from the secure volume manager layer to storage. - View Dependent Claims (21, 22, 23, 24)
-
Specification