Key protector for a storage volume using multiple keys
First Claim
1. A method of creating a key protector for a storage volume, the method comprising:
- generating an intermediate key with a computing device;
protecting, based at least in part on a public key of a public/private key pair of an entity, the intermediate key for encrypting and decrypting a volume master key;
encrypting based at least in part on the intermediate key, the volume master key for encrypting and decrypting one or more volume encryption keys that are used to encrypt the storage volume; and
storing a key protector for the storage volume, the key protector being associated with the entity and including both the encrypted volume master key and the intermediate key.
2 Assignments
0 Petitions
Accused Products
Abstract
A key protector for a storage volume is created by generating an intermediate key and protecting, based at least in part on a public/private key pair, the intermediate key. A volume master key for encrypting and decrypting one or more volume encryption keys that are used to encrypt the storage volume can be encrypted in different manners, including being encrypted based at least in part on the intermediate key. A key protector for the storage volume is stored that includes both the encrypted volume master key and information indicating how to obtain the intermediate key. Subsequently, the key protector can be accessed and, based at least in part on a private key of the entity associated with the key protector, the intermediate key can be decrypted. The intermediate key can then be used to decrypt the volume master key.
37 Citations
18 Claims
-
1. A method of creating a key protector for a storage volume, the method comprising:
-
generating an intermediate key with a computing device; protecting, based at least in part on a public key of a public/private key pair of an entity, the intermediate key for encrypting and decrypting a volume master key; encrypting based at least in part on the intermediate key, the volume master key for encrypting and decrypting one or more volume encryption keys that are used to encrypt the storage volume; and storing a key protector for the storage volume, the key protector being associated with the entity and including both the encrypted volume master key and the intermediate key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method of accessing an encrypted storage volume, the method comprising:
-
obtaining a private key of an entity associated with a key protector stored on the encrypted storage volume, the private key being of a public/private key pair; obtaining, based at least in part on the private key, an intermediate key for encrypting and decrypting a volume master key; and using the intermediate key by a computing device to decrypt the volume master key from the key protector for decrypting one or more volume encryption keys that are used to decrypt the storage volume. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A computer-readable storage device that includes computer-executable instructions, which when executed by a computing device, cause the computing device to:
-
generate an intermediate key with a computing device; protect, based at least in part on a public key of a public/private key pair of an entity, the intermediate key for encrypting and decrypting a volume master key; encrypt based at least in part on the intermediate key, the volume master key for encrypting and decrypting one or more volume encryption keys that are used to encrypt the storage volume; and store a key protector for the storage volume, the key protector being associated with the entity and including both the encrypted volume master key and the intermediate key.
-
Specification