Storage system for data encryption
First Claim
1. A storage system, comprising:
- a host interface connected via a network to a host computer;
a disk interface connected to a disk drive;
a memory module that stores control information of the storage system and that functions as a cache memory;
a processor that controls the storage system;
a mutual network that interconnects the host interface, the disk interface, the memory module and the processor; and
an encryption module that encrypts data read/written by the host computer,wherein a first logical volume and a second logical volume are set in the disk drive, and the first logical volume and the second logical volume are paired with each other,wherein the memory module stores a first encryption key assigned to the first logical volume and a second encryption key, which is different from the first encryption key, assigned to the second logical volume,wherein the encryption module encrypts data to be written in the first logical volume with the first encryption key,wherein the disk interface writes the data encrypted with the first encryption key in the first logical volume,wherein the encryption module encrypts data, which is a copy of the data written in the first logical volume, with the second encryption key, andwherein the disk interface writes the data encrypted with the second encryption key in the second logical volume.
0 Assignments
0 Petitions
Accused Products
Abstract
A storage system including a host interface connected via a network to a host computer; a disk interface connected to a disk drive; a memory module that stores control information of a cache memory for an access to the disk drive and the storage system; a processor that controls the storage system; a network that interconnects the host interface, the disk interface, the memory module, and the processor; and an encryption module that encrypts data read/written by the host computer, in which the processor reads data from an area of the disk drive from the memory module, decrypts the read data with a corresponding encryption key, encrypts the decrypted data with a different encryption key, and writes the encrypted data in a different area.
-
Citations
10 Claims
-
1. A storage system, comprising:
-
a host interface connected via a network to a host computer; a disk interface connected to a disk drive; a memory module that stores control information of the storage system and that functions as a cache memory; a processor that controls the storage system; a mutual network that interconnects the host interface, the disk interface, the memory module and the processor; and an encryption module that encrypts data read/written by the host computer, wherein a first logical volume and a second logical volume are set in the disk drive, and the first logical volume and the second logical volume are paired with each other, wherein the memory module stores a first encryption key assigned to the first logical volume and a second encryption key, which is different from the first encryption key, assigned to the second logical volume, wherein the encryption module encrypts data to be written in the first logical volume with the first encryption key, wherein the disk interface writes the data encrypted with the first encryption key in the first logical volume, wherein the encryption module encrypts data, which is a copy of the data written in the first logical volume, with the second encryption key, and wherein the disk interface writes the data encrypted with the second encryption key in the second logical volume. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A data writing method for a storage system which includes a host interface connected via a network to a host computer, a disk interface connected to a disk drive, a memory module that stores control information of the storage system and that functions as a cache memory, a processor that controls the storage system, a mutual network that interconnects the host interface, the disk interface, the memory module and the processor, and an encryption module that encrypts data read/written by the host computer,
wherein a first logical volume and a second logical volume are set in the disk drive, and the first logical volume and the second logical volume are paired with each other, and wherein the memory module stores a first encryption key assigned to the first logical volume and a second encryption key, which is different from the first encryption key, assigned to the second logical volume, said data writing method comprising the steps of: -
instructing, by the processor, the encryption module to encrypt data to be written in the first logical volume with the first encryption key; instructing, by the processor, the disk interface to write the data encrypted with the first encryption key in the first logical volume; instructing, by the processor, the encryption module to encrypt the data which is a copy of the data written in the first logical volume with the second encryption key; and instructing, by the processor, the disk interface to write the data encrypted with the second encryption key in the second logical volume. - View Dependent Claims (7, 8, 9, 10)
-
Specification