Key verification system and method
First Claim
Patent Images
1. A method comprising:
- associating an encryption key with each of a plurality of storage objects within a data storage system, thus defining a plurality of encryption keys;
appending each of the plurality of encryption keys to include a key identifier tag, thus defining a plurality of tagged encryption keys, wherein the key identifier tag included within each tagged encryption key identifies the storage object with which the tagged encryption key is associated, wherein each of the storage objects are associated with one or more of a disk sector, disk platter, disk track, and disk cluster;
generating a key table for one or more input/output modules (I/O modules), each of the one or more I/O modules coupled to a plurality of disk drives associated with the data storage system;
receiving data to be stored within the data storage system;
identifying a destination storage object for storing the received data, wherein the destination storage object is chosen from the plurality of storage objects;
obtaining the tagged encryption key associated with one of the plurality of the destination storage objects from the key table;
confirming that the key identifier tag included within the obtained tagged encryption key identifies the destination storage object;
encrypting the received data using the obtained tagged encryption key; and
storing the received data within the destination storage object.
9 Assignments
0 Petitions
Accused Products
Abstract
A method, computer program product, and data storage system for associating an encryption key with each of a plurality of storage objects within a data storage system, thus defining a plurality of encryption keys. Each of the plurality of encryption keys is appended to include a key identifier tag, thus defining a plurality of tagged encryption keys. The key identifier tag included within each tagged encryption key identifies the storage object with which the tagged encryption key is associated.
19 Citations
14 Claims
-
1. A method comprising:
-
associating an encryption key with each of a plurality of storage objects within a data storage system, thus defining a plurality of encryption keys; appending each of the plurality of encryption keys to include a key identifier tag, thus defining a plurality of tagged encryption keys, wherein the key identifier tag included within each tagged encryption key identifies the storage object with which the tagged encryption key is associated, wherein each of the storage objects are associated with one or more of a disk sector, disk platter, disk track, and disk cluster; generating a key table for one or more input/output modules (I/O modules), each of the one or more I/O modules coupled to a plurality of disk drives associated with the data storage system; receiving data to be stored within the data storage system; identifying a destination storage object for storing the received data, wherein the destination storage object is chosen from the plurality of storage objects; obtaining the tagged encryption key associated with one of the plurality of the destination storage objects from the key table; confirming that the key identifier tag included within the obtained tagged encryption key identifies the destination storage object; encrypting the received data using the obtained tagged encryption key; and storing the received data within the destination storage object. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer program product residing on a non-transitory computer readable medium having a plurality of instructions stored thereon which, when executed by a processor, cause the processor to perform operations comprising:
-
associating an encryption key with each of a plurality of storage objects within a data storage system, thus defining a plurality of encryption keys; appending each of the plurality of encryption keys to include a key identifier tag, thus defining a plurality of tagged encryption keys, wherein the key identifier tag included within each tagged encryption key identifies the storage object with which the tagged encryption key is associated, wherein each of the storage objects are associated with one or more of a disk sector, disk platter, disk track, and disk cluster; generating a key table for one or more input/output modules (I/O modules), each of the one or more I/O modules coupled to a plurality of disk drives associated with the data storage system; receiving data to be stored within the data storage system; identifying a destination storage object for storing the received data, wherein the destination storage object is chosen from the plurality of storage objects; obtaining the tagged encryption key associated with one of the plurality of the destination storage objects from the key table; confirming that the key identifier tag included within the obtained tagged encryption key identifies the destination storage object; encrypting the received data using the obtained tagged encryption key; and storing the received data within the destination storage object. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A data storage system configured to perform operations comprising:
-
associating an encryption key with each of a plurality of storage objects within a data storage system, thus defining a plurality of encryption keys; appending each of the plurality of encryption keys to include a key identifier tag, thus defining a plurality of tagged encryption keys, wherein the key identifier tag included within each tagged encryption key identifies the storage object with which the tagged encryption key is associated, wherein each of the storage objects are associated with one or more of a disk sector, disk platter, disk track, and disk cluster; generating a key table for one or more input/output modules (I/O modules), each of the one or more I/O modules coupled to a plurality of disk drives associated with the data storage system; receiving data to be stored within the data storage system; identifying a destination storage object for storing the received data, wherein the destination storage object is chosen from the plurality of storage objects; obtaining the tagged encryption key associated with one of the plurality of the destination storage objects from the key table; confirming that the key identifier tag included within the obtained tagged encryption key identifies the destination storage object; encrypting the received data using the obtained tagged encryption key; and storing the received data within the destination storage object. - View Dependent Claims (12, 13, 14)
-
Specification