Initializing, maintaining, updating and recovering secure operation within an integrated system employing a data access control function
First Claim
1. A method of migrating data encrypted using a first key set to data encrypted using a second key set, said method comprising:
- performing multiple writes of encrypted data using a first key set;
employing a usage counter to count each use of the first key set to write encrypted data; and
automatically transitioning to a second key set when the count of the usage counter exceeds a defined threshold, the automatically transitioning comprising;
modifying an access table to indicated that encrypted data in a current data location is to be decrypted using the first key set, and is to be re-encrypted using the second key set when undergoing storage to a new data location;
decrypting the encrypted data using the first key set;
re-encrypting, by a data access control function within an integrated system, the data using the second key set, wherein the decrypting and the re-encrypting comprise reading the encrypted data from the current data location, decrypting the encrypted data using the first key set, then writing the data as encrypted data to the new data location employing the second key set; and
modifying the access table further with the new data location being defined for encryption and decryption with the second key set.
3 Assignments
0 Petitions
Accused Products
Abstract
Techniques are provided for initializing, maintaining, updating and recovering secure operation within an integrated system. The techniques, which employ a data access control function within the integrated system, include authenticating by a current level of software a next level of software within an integrated system. The authenticating occurs before control is passed to the next level of software. Further, an ability of the next level of software to modify an operational characteristic of the integrated system can be selectively limited via the data access control function. Techniques are also provided for initializing secure operation of the integrated system, for migrating data encrypted using a first key set to data encrypted using a second key set, for updating software and keys within the integrated system, and for recovering integrated system functionality following a trigger event.
-
Citations
15 Claims
-
1. A method of migrating data encrypted using a first key set to data encrypted using a second key set, said method comprising:
-
performing multiple writes of encrypted data using a first key set;
employing a usage counter to count each use of the first key set to write encrypted data; and
automatically transitioning to a second key set when the count of the usage counter exceeds a defined threshold, the automatically transitioning comprising;
modifying an access table to indicated that encrypted data in a current data location is to be decrypted using the first key set, and is to be re-encrypted using the second key set when undergoing storage to a new data location;
decrypting the encrypted data using the first key set;
re-encrypting, by a data access control function within an integrated system, the data using the second key set, wherein the decrypting and the re-encrypting comprise reading the encrypted data from the current data location, decrypting the encrypted data using the first key set, then writing the data as encrypted data to the new data location employing the second key set; and
modifying the access table further with the new data location being defined for encryption and decryption with the second key set. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system of migrating data encrypted using a first key set to data encrypted using a second key set, said system comprising:
-
means for performing multiple writes of encrypted data using a first key set;
means for employing a usage counter to count each use of the first key set to write encrypted data; and
means for automatically transitioning to a second key set when the count of the usage counter exceeds a defined threshold, the means for automatically transitioning comprising;
means for modifying an access table to indicate that encrypted data in a current data location is to be decrypted using the first key set, and is to be re-encrypted using the second key set when undergoing storage to a new data location;
means for decrypting the encrypted data using the first key set;
means for re-encrypting, by a data access control function within an integrated system, the data using the second key set, wherein the decrypting and the re-encrypting comprise reading the encrypted data from the current data location, decrypting the encrypted data using the first key set, then writing the data as encrypted data to the new data location employing the second key set; and
means for modifying the access table further with the new data location being defined for encryption and decryption with the second key set. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. At least one program storage device readable by a machine embodying at least one program of instructions executable by the machine to perform a method of migrating data encrypted using a first key set to data encrypted using a second key set, said method comprising:
-
performing multiple writes of encrypted data using a first key set;
employing a usage counter to count each use of the first key set to write encrypted data; and
automatically transitioning to a second key set when the count of the usage counter exceeds a defined threshold, the automatically transitioning comprising;
modifying an access table to indicated that encrypted data in a current data location is to be decrypted using the first key set, and is to be re-encrypted using the second key set when undergoing storage to a new data location;
decrypting the encrypted data using the first key set;
re-encrypting, by a data access control function within an integrated system, the data using the second key set, wherein the decrypting and the re-encrypting comprise reading the encrypted data from the current data location, decrypting the encrypted data using the first key set, then writing the data as encrypted data to the new data location employing the second key set; and
modifying the access table further with the new data location being defined for encryption and decryption with the second key set.
-
Specification