System and method for providing encryption in a storage network by storing a secured encryption key with encrypted archive data in an archive storage device
First Claim
1. A method for performing a storage operation in which one or more data streams write data to be stored to a data archive storage device, the method comprising:
- when a user requests encryption of at least part of the data to be stored in the storage operation, generating an encryption key associated with the at least part of the data to be stored;
when a data stream stores the at least part of the data to be stored, encrypting the at least part of the data to be stored with an encryption key to create an encrypted archive data set;
storing the encrypted archive data set on the data archive storage device; and
storing the encryption key on the data archive storage device, wherein the encryption key is stored in at least one of two user-selectable secure configurations, a first configuration being a scrambled configuration of the encryption key such that the scrambled encryption key is capable of being automatically unscrambled by the system, and a second configuration being an encrypted configuration such that the encrypted encryption key is capable of being decrypted by a password or information received from the user.
5 Assignments
0 Petitions
Accused Products
Abstract
In accordance with embodiments of the invention, a method is provided for performing a storage operation in a pipeline storage system in which one or more data streams containing data to be stored are written into data chunks. The method includes generating an encryption key associated with a first archive file to be stored when encryption is requested for the storage operation, encrypting the archive data from the data stream using the encryption key to create an encrypted data chunk when a data stream containing the archive file is processed in the pipeline storage system, storing the encrypted data chunk on a storage medium, and storing the encryption key in a manner accessible during a restore operation of the encrypted data chunk.
200 Citations
12 Claims
-
1. A method for performing a storage operation in which one or more data streams write data to be stored to a data archive storage device, the method comprising:
-
when a user requests encryption of at least part of the data to be stored in the storage operation, generating an encryption key associated with the at least part of the data to be stored; when a data stream stores the at least part of the data to be stored, encrypting the at least part of the data to be stored with an encryption key to create an encrypted archive data set; storing the encrypted archive data set on the data archive storage device; and storing the encryption key on the data archive storage device, wherein the encryption key is stored in at least one of two user-selectable secure configurations, a first configuration being a scrambled configuration of the encryption key such that the scrambled encryption key is capable of being automatically unscrambled by the system, and a second configuration being an encrypted configuration such that the encrypted encryption key is capable of being decrypted by a password or information received from the user. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system for encrypting archive data during a data storage operation, comprising:
-
means for generating an encryption key associated with the archive data, wherein the archive data is a copy of data created by a file system; means for encrypting the archive data with the encryption key to create an encrypted data set; means for storing the encrypted data set on a storage medium; means for storing the encryption key on the storage medium; and means for securing the encryption key, wherein the means for securing the encryption key include means for receiving input from a user indicating a selection of one of at least two different levels of security to be applied to the encryption key when storing the encryption key. - View Dependent Claims (7, 8)
-
-
9. A computer-readable medium whose contents cause a data storage system to perform a method of encrypting a copy of a data set created by a file system, the method comprising:
-
generating an encryption key associated with the copy of the data set; encrypting the copy of the data set with the encryption key to create an encrypted data set; receiving an indication from a user to store the encryption key in one of two user-selectable secure states; and storing the encrypted data set and the encryption key in the user-selected secure state on a storage device separate from the file system. - View Dependent Claims (10, 11)
-
-
12. A secondary storage device for use with a data storage system that stores data created by a file system, comprising:
-
an archive data set, stored in a storage medium associated with the secondary storage device, containing a set of data files created by the file system, wherein the archive data set is encrypted by the data storage system using an encryption key; the encryption key, stored in memory of the secondary storage device, used to encrypt the archive data set;
wherein the encryption key is stored in one of at least two secure states.
-
Specification