Storage system for data encryption

US 8,200,965 B2
Filed: 10/20/2009
Issued: 06/12/2012
Est. Priority Date: 07/21/2005
Status: Expired due to Fees

First Claim

Patent Images

1. A storage system, comprising:

a host interface connected via a network to a host computer;

a disk interface connected to a disk drive;

a memory module that stores control information of the storage system and that functions as a cache memory;

a processor that controls the storage system;

a mutual network that interconnects the host interface, the disk interface, the memory module and the processor; and

an encryption module that encrypts data read/written by the host computer,wherein a first logical volume and a second logical volume are set in the disk drive, and the first logical volume and the second logical volume are paired with each other,wherein the memory module stores a first encryption key assigned to the first logical volume and a second encryption key, which is different from the first encryption key, assigned to the second logical volume,wherein the encryption module encrypts data to be written in the first logical volume with the first encryption key,wherein the disk interface writes the data encrypted with the first encryption key in the first logical volume,wherein the encryption module encrypts data, which is a copy of the data written in the first logical volume, with the second encryption key, andwherein the disk interface writes the data encrypted with the second encryption key in the second logical volume.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A storage system including a host interface connected via a network to a host computer; a disk interface connected to a disk drive; a memory module that stores control information of a cache memory for an access to the disk drive and the storage system; a processor that controls the storage system; a network that interconnects the host interface, the disk interface, the memory module, and the processor; and an encryption module that encrypts data read/written by the host computer, in which the processor reads data from an area of the disk drive from the memory module, decrypts the read data with a corresponding encryption key, encrypts the decrypted data with a different encryption key, and writes the encrypted data in a different area.

Citations

10 Claims

1. A storage system, comprising:
- a host interface connected via a network to a host computer;
  
  a disk interface connected to a disk drive;
  
  a memory module that stores control information of the storage system and that functions as a cache memory;
  
  a processor that controls the storage system;
  
  a mutual network that interconnects the host interface, the disk interface, the memory module and the processor; and
  
  an encryption module that encrypts data read/written by the host computer,wherein a first logical volume and a second logical volume are set in the disk drive, and the first logical volume and the second logical volume are paired with each other,wherein the memory module stores a first encryption key assigned to the first logical volume and a second encryption key, which is different from the first encryption key, assigned to the second logical volume,wherein the encryption module encrypts data to be written in the first logical volume with the first encryption key,wherein the disk interface writes the data encrypted with the first encryption key in the first logical volume,wherein the encryption module encrypts data, which is a copy of the data written in the first logical volume, with the second encryption key, andwherein the disk interface writes the data encrypted with the second encryption key in the second logical volume.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The storage system according to claim 1, wherein the disk interface has the encryption module,wherein the host interface stores data to be written in the first logical volume in a cache memory area of the memory module,wherein the encryption module encrypts data stored in the cache memory area, andwherein the disk interface writes the encrypted data in the first logical volume and the second logical volume.
  - 3. The storage system according to claim 1, wherein the disk interface reads data from the first logical volume,wherein the encryption module decrypts the read data with the first encryption key,wherein the encryption module encrypts the decrypted data with the second encryption key, andwherein the processor copies data in the first logical volume to the second logical volume, by writing the data encrypted with the second encryption key in the second logical volume.
  - 4. The storage system according to claim 1, wherein the encryption module encrypts data to be written in the first logical volume,wherein the host interface stores the encrypted data in a cache memory area of the memory module, andwherein the disk interface writes the encrypted data stored in the cache memory area in the first logical volume and the second logical volume.
  - 5. The storage system according to claim 1, wherein the memory module has the encryption module,wherein the host interface stores data to be written in the first logical volume in a cache memory area of the memory module,wherein the encryption module encrypts data stored in the cache memory area, andwherein the disk interface writes the encrypted data in the first logical volume and the second logical volume.

6. A data writing method for a storage system which includes a host interface connected via a network to a host computer, a disk interface connected to a disk drive, a memory module that stores control information of the storage system and that functions as a cache memory, a processor that controls the storage system, a mutual network that interconnects the host interface, the disk interface, the memory module and the processor, and an encryption module that encrypts data read/written by the host computer,wherein a first logical volume and a second logical volume are set in the disk drive, and the first logical volume and the second logical volume are paired with each other, andwherein the memory module stores a first encryption key assigned to the first logical volume and a second encryption key, which is different from the first encryption key, assigned to the second logical volume, said data writing method comprising the steps of:
- instructing, by the processor, the encryption module to encrypt data to be written in the first logical volume with the first encryption key;
  
  instructing, by the processor, the disk interface to write the data encrypted with the first encryption key in the first logical volume;
  
  instructing, by the processor, the encryption module to encrypt the data which is a copy of the data written in the first logical volume with the second encryption key; and
  
  instructing, by the processor, the disk interface to write the data encrypted with the second encryption key in the second logical volume.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The data writing method according to claim 6, wherein the disk interface has the encryption module,wherein said data writing method further comprising the steps of:
    - instructing, by the processor, the host interface to store data to be written in the first logical volume in a cache memory area of the memory module;
      
      instructing, by the processor, the encryption module to encrypt data stored in the cache memory area; and
      
      instructing, by the processor, the disk interface to write the encrypted data in the first logical volume and the second logical volume.
  - 8. The data writing method according to claim 6, further comprising the steps of:
    - instructing, by the processor, the disk interface to read data from the first logical volume;
      
      instructing, by the processor, the encryption module to decrypt the read data with the first encryption key;
      
      instructing, by the processor, the encryption module to encrypt the decrypted data with the second encryption key; and
      
      instructing, by the processor, the disk interface to write the data encrypted with the second encryption key in the second logical volume so that data in the first logical volume is copied to the second logical volume.
  - 9. The data writing method according to claim 6, further comprising the steps of:
    - instructing, by the processor, the encryption module to encrypt data to be written in the first logical volume;
      
      instructing, by the processor, the host interface to store the encrypted data in a cache memory area of the memory module; and
      
      instructing, by the processor, the disk interface to write the encrypted data stored in the cache memory area in the first logical volume and the second logical volume.
  - 10. The data writing method according to claim 6, wherein the memory module has the encryption module,wherein said data writing method further comprising the steps of:
    - instructing, by the processor, the host interface to store data to be written in the first logical volume in a cache memory area of the memory module;
      
      instructing, by the processor, the encryption module to encrypt data stored in the cache memory area; and
      
      instructing, by the processor, the disk interface to write the encrypted data in the first logical volume and the second logical volume.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hitachi, Ltd.
Original Assignee
Hitachi, Ltd.
Inventors
Fujibayashi, Akira, Mizuno, Makio
Primary Examiner(s)
DADA, BEEMNET W

Application Number

US12/581,933
Publication Number

US 20100042832A1
Time in Patent Office

966 Days
Field of Search

713/165, 713/162, 713/167, 713/189, 713/190, 726/27, 726/30, 726/32, 726/33
US Class Current

713/165
CPC Class Codes

G06F 11/1076   Parity data used in redunda...

G06F 11/1435   using file system or storag...

G06F 11/2069   Management of state, config...

G06F 21/6218   to a system of files or obj...

G06F 2201/84   Using snapshots, i.e. a log...

G06F 2221/2107   File encryption

H04L 63/0428   wherein the data content is...

Storage system for data encryption

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Storage system for data encryption

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links