System and method for signature based data container recognition
First Claim
1. A computer-implemented method for signature based recognition of a data container, the method comprising:
- creating, by a storage system associated with a security appliance, the data container;
in response to creating the data container, generating, by the security appliance, a signature of the data container by examining encrypted contents of a plurality of the data blocks contained within the data container, wherein the signature is generated using a one-way function;
associating, by the security appliance, the generated signature with an encryption key by creating an entry in a data container signature structure;
storing, on the security appliance, the signature and associated encryption key for subsequent data container signature based recognition by storing the entry within the data;
generating a new signature, when data in any of the one or more blocks utilized as the signature is modified, wherein the new signature is stored by the security appliance.
3 Assignments
0 Petitions
Accused Products
Abstract
A system and method for signature based data container recognition is provided. When a new data container, such as a lun, is created, a security appliance generates a signature of the data container, by, e.g., examining the contents of one or more data blocks of the data container. The generated signature is then associated with the appropriate encryption key for the data container and is stored either within a configuration database of the security appliance or on a key management system operating within a security appliance environment. To identify the encryption key associated with a data container, the security appliance generates a signature of the data container and compares the generated signature with the stored signatures. Should there be a matching signature, the security appliance utilizes the encryption key associated with the matching signature to process data access requests to/from the data container.
-
Citations
20 Claims
-
1. A computer-implemented method for signature based recognition of a data container, the method comprising:
-
creating, by a storage system associated with a security appliance, the data container;
in response to creating the data container, generating, by the security appliance, a signature of the data container by examining encrypted contents of a plurality of the data blocks contained within the data container, wherein the signature is generated using a one-way function;associating, by the security appliance, the generated signature with an encryption key by creating an entry in a data container signature structure; storing, on the security appliance, the signature and associated encryption key for subsequent data container signature based recognition by storing the entry within the data; generating a new signature, when data in any of the one or more blocks utilized as the signature is modified, wherein the new signature is stored by the security appliance. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A non-transitory computer readable medium containing executable program instructions executed by a processor, comprising:
- program instructions that create, on a storage system associated with a security appliance, a data container;
program instructions that generate a signature of the data container on the security appliance by examining encrypted contents of a plurality of the data blocks contained within the data container in response to the creation of the data container;
wherein the signature is generated using a one-way function;
program instructions that associate the generated, on the security appliance, signature with an encryption key by creating an entry in a data container signature structure;
program instructions that store, on the security appliance, the signature and associated encryption key for subsequent data container signature based recognition by storing the entry within the data container signature data structure; and
program instructions that generates a new signature, when data in any of the one or more blocks utilized as the signature is modified, wherein the new signature is stored by the security appliance.
- program instructions that create, on a storage system associated with a security appliance, a data container;
-
11. A system for signature based recognition of a data container, the system comprising:
- a processor, a storage system configured to export and create the data container; and
a security appliance operatively interconnected with the storage system, the security appliance configured to generate a signature of the data container by examining encrypted contents of a plurality of the data blocks contained within the data container in response to the creation of the data container, wherein the signature is generated using a one-way function;
associate the generated signature with an encryption key by creating an entry in a data container signature structure and store the generated signature and associated encryption key for subsequent data container signature based recognition by storing the entry within the data container signature data structure;
generating a new signature, when data in any of the one or more blocks utilized as the signature is modified, wherein the new signature is stored by the security appliance. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- a processor, a storage system configured to export and create the data container; and
Specification