Re-keying based on pre-generated keys
First Claim
Patent Images
1. A method for re-keying data, comprising:
- pre-generating encryption keys by a first security appliance of a plurality of security appliances before a re-key command is received at the first security appliance having a processor;
generating a minimum count of unused pre-generated encryption keys;
distributing the pre-generated encryption keys and the minimum count to a second security appliance of the plurality of security appliances;
storing the pre-generated encryption keys and the minimum count;
receiving the re-key command at the first security appliance to re-key a data container served by a storage system;
in response to receiving the re-key command, re-keying the data container with a pre-generated encryption key of the pre-generated encryption keys; and
generating, by at least one security appliance of the plurality of security appliances, additional pre-generated keys, wherein the additional pre-generated encryption keys are generated in response to reaching the minimum count.
0 Assignments
0 Petitions
Accused Products
Abstract
A system and method for pre-generating encryption keys for re-keying stored ciphertext. The encryption keys are illustratively distributed to LKMs and therefrom to the security appliances communicating with each other. A minimum number of un-used pre-generated encryption keys is established wherein when that number is reached more pre-generated encryption keys are created and distributed.
58 Citations
16 Claims
-
1. A method for re-keying data, comprising:
-
pre-generating encryption keys by a first security appliance of a plurality of security appliances before a re-key command is received at the first security appliance having a processor; generating a minimum count of unused pre-generated encryption keys; distributing the pre-generated encryption keys and the minimum count to a second security appliance of the plurality of security appliances; storing the pre-generated encryption keys and the minimum count; receiving the re-key command at the first security appliance to re-key a data container served by a storage system; in response to receiving the re-key command, re-keying the data container with a pre-generated encryption key of the pre-generated encryption keys; and generating, by at least one security appliance of the plurality of security appliances, additional pre-generated keys, wherein the additional pre-generated encryption keys are generated in response to reaching the minimum count. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system configured to re-key data, comprising:
-
a first security appliance of a plurality of security appliances configured to pre-generate an encryption key before a re-key command is received at the first security appliance having a processor, wherein the first security appliance distributes the pre-generated encryption key to a second security appliance; at least one processor configured to generate a minimum count of unused pre-generated encrypted keys; the first security appliance further configured to receive the re-key command to re-key a data container of the system; the first security appliance further configured to, in response to receiving the re-key command, re-key the data container with the pre-generated encryption key; and at least one other security appliance of the plurality of security appliances to generate an additional pre-generated key in response to reaching the minimum count. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer-readable storage medium stored with executable program instructions for execution by a processor, the computer-readable storage medium comprising:
-
program instructions that pre-generate an encryption key by a first computer of a plurality of computers before a re-key command is received at the first computer; program instructions that generate a minimum count of unused pre-generated encryption keys; program instructions that distribute the generated key and the minimum count to a second computer of the plurality of computers; program instructions that receive the re-key command at the first computer to re-key a data container served by the plurality of computers; program instructions that, in response to receiving the re-key command, re-key the data container with the pre-generated encryption key; and program instructions that generate, for at least one computer of the plurality of computers, additional pre-generated keys, wherein the additional pre-generated encryption keys are generated in response to reaching the minimum count. - View Dependent Claims (16)
-
Specification