Techniques for protecting data using an electronic encryption endpoint device
First Claim
1. A data storage array, comprising:
- a storage processor device;
a set of storage devices; and
an electronic encryption endpoint device having (i) a management interface coupled to the storage processor device, (ii) a storage device interface coupled to the set of storage devices, and (iii) a controller interconnected between the management interface and the storage device interface, the controller being arranged to;
receive a key encryption key through the management interface,decrypt a portion of a key table entry of a key table using the key encryption key to extract a data encryption key from the portion of the key table entry, the data encryption key being initially encrypted within the portion of the key table entry prior to decrypting the key table entry, andencrypt data from the storage processor device using the data encryption key and store the encrypted data in the set of storage devices through the storage device interface.
9 Assignments
0 Petitions
Accused Products
Abstract
An electronic encryption endpoint device includes a management interface, a storage device interface and a controller. The management interface is capable of operating as a control interface (e.g., connecting to an array controller). The storage device interface is arranged to communicate with a set of storage devices. The controller is arranged to (i) receive a key encryption key through the management interface, (ii) decrypt a portion of a key table entry of a key table using the key encryption key to extract a data encryption key from the portion of the key table entry, the data encryption key being initially encrypted within the portion of the key table entry prior to decrypting the portion of the key table entry, and (iii) encrypt data using the data encryption key and store the encrypted data in the set of storage devices through the storage device interface.
53 Citations
25 Claims
-
1. A data storage array, comprising:
-
a storage processor device; a set of storage devices; and an electronic encryption endpoint device having (i) a management interface coupled to the storage processor device, (ii) a storage device interface coupled to the set of storage devices, and (iii) a controller interconnected between the management interface and the storage device interface, the controller being arranged to; receive a key encryption key through the management interface, decrypt a portion of a key table entry of a key table using the key encryption key to extract a data encryption key from the portion of the key table entry, the data encryption key being initially encrypted within the portion of the key table entry prior to decrypting the key table entry, and encrypt data from the storage processor device using the data encryption key and store the encrypted data in the set of storage devices through the storage device interface. - View Dependent Claims (2, 3, 4)
-
-
5. An electronic encryption endpoint device, comprising:
-
a management interface; a storage device interface arranged to communicate with a set of storage devices; and a controller interconnected between the management interface and the storage device interface, the controller being arranged to; receive a key encryption key through the management interface, decrypt a portion of a key table entry of a key table using the key encryption key to extract a data encryption key from the portion of the key table entry, the data encryption key being initially encrypted within the portion of the key table entry prior to decrypting the key table entry, and encrypt the data using the data encryption key and store the encrypted data in the set of storage devices through the storage device interface. - View Dependent Claims (6, 7, 8)
-
-
9. A method of protecting data, the method comprising:
-
at an electronic encryption endpoint device, receiving a key encryption key; at the electronic encryption endpoint device, decrypting a portion of a key table entry of a key table using the key encryption key to extract a data encryption key from the portion of the key table entry, the data encryption key being initially encrypted within the portion of the key table entry prior to decrypting the key table entry; and at the electronic encryption endpoint device, encrypting the data using the data encryption key and storing the encrypted data in a set of storage devices. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
Specification