Encryption of data in storage systems
First Claim
Patent Images
1. A method, comprising:
- receiving, by a computational device, a request to access data from a requestor, wherein the data is legacy data that is stored in a storage unit, wherein the legacy data is pre-existing data, wherein the legacy data is stored in the storage unit in an unencrypted state at least until the time an attempt is made to access the legacy data, and wherein data that is not legacy data is stored in the storage unit in an encrypted state;
determining, by the computational device, that the requestor is authorized to access the data;
determining, by the computational device, that the data is not encrypted, in response to determining that the requestor is authorized to access the data;
requesting, by the computational device, an encryption key from the requestor, in response to determining that the data is not encrypted;
receiving the encryption key from the requestor;
encrypting the data by using the encryption key; and
migrating all legacy data stored in the storage unit to encrypted data stored in the storage unit over an extended period of time.
1 Assignment
0 Petitions
Accused Products
Abstract
Provided are a method, system and article of manufacture, wherein a request to access data is received from a requestor. A determination is made as to whether the requestor is authorized to access the data. In response to determining that the requestor is authorized to access the data, a determination is made as to whether the data is encrypted. An encryption key is requested from the requester, in response to determining that the data is not encrypted.
-
Citations
18 Claims
-
1. A method, comprising:
-
receiving, by a computational device, a request to access data from a requestor, wherein the data is legacy data that is stored in a storage unit, wherein the legacy data is pre-existing data, wherein the legacy data is stored in the storage unit in an unencrypted state at least until the time an attempt is made to access the legacy data, and wherein data that is not legacy data is stored in the storage unit in an encrypted state; determining, by the computational device, that the requestor is authorized to access the data; determining, by the computational device, that the data is not encrypted, in response to determining that the requestor is authorized to access the data; requesting, by the computational device, an encryption key from the requestor, in response to determining that the data is not encrypted; receiving the encryption key from the requestor; encrypting the data by using the encryption key; and migrating all legacy data stored in the storage unit to encrypted data stored in the storage unit over an extended period of time. - View Dependent Claims (2, 3)
-
-
4. A system, comprising:
-
memory; and processor coupled to the memory, wherein the processor executes; receiving, from a requestor, a request to access data, wherein the data is legacy data that is stored in a storage unit, wherein the legacy data is pre-existing data, wherein the legacy data is stored in the storage unit in an unencrypted state at least until the time an attempt is made to access the legacy data, and wherein data that is not legacy data is stored in the storage unit in an encrypted state; determining that the requestor is authorized to access the data; determining that the data is not encrypted, in response to determining that the requestor is authorized to access the data; requesting an encryption key from the requestor, in response to determining that the data is not encrypted; receiving the encryption key from the requestor; encrypting the data by using the encryption key; and migrating all legacy data stored in the storage unit to encrypted data stored in the storage unit over an extended period of time. - View Dependent Claims (5, 6)
-
-
7. A system, comprising:
-
a processor; a host; and a storage subsystem having the processor, wherein the storage subsystem receives from the host a request to access data, wherein the data is legacy data that is stored in a storage unit, wherein the legacy data is pre-existing data, wherein the legacy data is stored in the storage unit in an unencrypted state at least until the time an attempt is made to access the legacy data, and wherein data that is not legacy data is stored in the storage unit in an encrypted state, wherein the storage subsystem determines that the host is authorized to access the data, wherein the storage subsystem determines that the data is not encrypted, in response to determining that the host is authorized to access the data, wherein the storage subsystem requests an encryption key, in response to determining that the data is not encrypted, wherein the storage subsystem receives the encryption key from the host, wherein the storage subsystem encrypts the data by using the encryption key, and wherein the storage subsystem migrates all legacy data stored in the storage unit to encrypted data stored in the storage unit over an extended period of time. - View Dependent Claims (8, 9)
-
-
10. A computer readable storage medium, wherein code stored in the computer readable storage medium when executed by a machine causes operations, the operations comprising:
-
receiving, from a requestor, a request to access data, wherein the data is legacy data that is stored in a storage unit, wherein the legacy data is pre-existing data, wherein the legacy data is stored in the storage unit in an unencrypted state at least until the time an attempt is made to access the legacy data, and wherein data that is not legacy data is stored in the storage unit in an encrypted state; determining that the requestor is authorized to access the data; determining that the data is not encrypted, in response to determining that the requestor is authorized to access the data; requesting an encryption key from the requestor, in response to determining that the data is not encrypted; receiving the encryption key from the requestor; encrypting the data by using the encryption key; and migrating all legacy data stored in the storage unit to encrypted data stored in the storage unit over an extended period of time. - View Dependent Claims (11, 12)
-
-
13. A method for deploying computer infrastructure, comprising integrating computer-readable code into a controller, wherein the code in combination with the controller performs:
-
receiving, by the controller, a request to access data from a requestor, wherein the data is legacy data that is stored in a storage unit, wherein the legacy data is pre-existing data, wherein the legacy data is stored in the storage unit in an unencrypted state at least until the time an attempt is made to access the legacy data, and wherein data that is not legacy data is stored in the storage unit in an encrypted state; determining, by the controller, that the requestor is authorized to access the data; determining, by the controller, that the data is not encrypted, in response to determining that the requestor is authorized to access the data; requesting, by the controller, an encryption key from the requestor, in response to determining that the data is not encrypted; receiving the encryption key from the requestor; encrypting the data by using the encryption key; and migrating all legacy data stored in the storage unit to encrypted data stored in the storage unit over an extended period of time. - View Dependent Claims (14, 15)
-
-
16. A system, comprising:
-
a processor; means for receiving, by the processor, a request to access data from a requestor, wherein the data is legacy data that is stored in a storage unit, wherein the legacy data is pre-existing data, wherein the legacy data is stored in the storage unit in an unencrypted state at least until the time an attempt is made to access the legacy data, and wherein data that is not legacy data is stored in the storage unit in an encrypted state; means for determining, by the processor, that the requestor is authorized to access the data; means for determining, by the processor, that the data is not encrypted, in response to determining that the requestor is authorized to access the data; means for requesting, by the processor, an encryption key from the requestor, in response to determining that the data is not encrypted; means for receiving the encryption key from the requestor; means for encrypting the data by using the encryption key; and means for migrating all legacy data stored in the storage unit to encrypted data stored in the storage unit over an extended period of time. - View Dependent Claims (17, 18)
-
Specification