Storage and recovery of cryptographic key identifiers
First Claim
1. A method of storing a cryptographic key identifier on a logical disk having a plurality of blocks, the method comprising:
- compressing data that is stored in one or more blocks of the plurality of blocks;
encrypting the compressed data stored in the one or more blocks with a cryptographic key, the cryptographic key (i) being identified by the cryptographic key identifier, and (ii) being stored in a storage device separate from the logical disk having the plurality of blocks;
storing the cryptographic key identifier with the encrypted compressed data in the one or more blocks, wherein the cryptographic key identifier is stored as metadata; and
for each of the one or more blocks in which the cryptographic key identifier is stored, providing a marker that indicates presence of the cryptographic key identifier in that block;
wherein a block identifier is assigned to the logical disk and the cryptographic key identifier is associated with the block identifier.
1 Assignment
0 Petitions
Accused Products
Abstract
Example embodiments provide various techniques for storing and recovering a cryptographic key identifier that may be used to recover encrypted data. The cryptographic key identifier may be stored with the encrypted data itself. In an example, the cryptographic key identifier may be stored in particular blocks on a logical disk that are specifically designated to store the cryptographic key identifier. To store the cryptographic key identifiers in the designated blocks, the data within the blocks is compressed to fit the cryptographic key identifiers within the blocks. This cryptographic key identifier can be recovered at a later time by locating the designated blocks and retrieving the cryptographic key identifier from the blocks.
-
Citations
19 Claims
-
1. A method of storing a cryptographic key identifier on a logical disk having a plurality of blocks, the method comprising:
-
compressing data that is stored in one or more blocks of the plurality of blocks; encrypting the compressed data stored in the one or more blocks with a cryptographic key, the cryptographic key (i) being identified by the cryptographic key identifier, and (ii) being stored in a storage device separate from the logical disk having the plurality of blocks; storing the cryptographic key identifier with the encrypted compressed data in the one or more blocks, wherein the cryptographic key identifier is stored as metadata; and for each of the one or more blocks in which the cryptographic key identifier is stored, providing a marker that indicates presence of the cryptographic key identifier in that block; wherein a block identifier is assigned to the logical disk and the cryptographic key identifier is associated with the block identifier. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method of storing a cryptographic key identifier on a logical disk having a plurality of blocks, the method comprising:
-
receiving a request to write a first data to a first block of the plurality of blocks and a second data to a second block of the plurality of blocks, the first block and the second block being provided as part of the logical disk, the logical disk being an area of usable storage capacity on one or more physical storage devices; identifying that the first block and the second block are each configured to store the cryptographic key identifier, the cryptographic key identifier being configured to identify a cryptographic key; compressing the first data to generate a first compressed data; compressing the second data to generate a second compressed data; encrypting the first and second compressed data with the cryptographic key, the cryptographic key being stored in a storage device separate from the logical disk; storing the cryptographic key identifier and the first encrypted compressed data in the first block of the plurality of blocks; storing the cryptographic key identifier and the second encrypted compressed data in the second block of the plurality of blocks; and providing a marker with each of the first block and the second block in order to indicate presence of the cryptographic key identifier being stored with each of the first block and the second block; wherein the cryptographic key identifier is stored as metadata. - View Dependent Claims (9, 10, 11, 12)
-
-
13. A computing device comprising:
-
at least one processor; and a non-transitory machine-readable medium in communication with the at least one processor, the machine-readable medium being configured to store a storage network processing module, the storage network processing module being executed by the at least one processor to perform operations comprising; receiving a request to write a first data to a first block of a plurality of blocks and a second data to a second block of the plurality of blocks, the first block and the second block being located on a storage device; identifying that the first block and the second block are each configured to store a cryptographic key identifier, the cryptographic key identifier being configured to identify a cryptographic key associated with storage device; compressing the first data to generate a first compressed data; compressing the second data to generate a second compressed data; encrypting the first and second compressed data with the cryptographic key, the cryptographic key being stored in a key storage device separate from the storage device; storing the cryptographic key identifier and the first encrypted compressed data in the first block of the plurality of blocks, wherein the cryptographic key identifier is stored as metadata; storing the cryptographic key identifier and the second encrypted compressed data in the second block of the plurality of blocks, wherein the cryptographic key identifier is stored as metadata; and providing a marker with each of the first block and the second block in order to indicate presence of the cryptographic key identifier being stored with each of the first block and the second block. - View Dependent Claims (14, 15, 16, 17)
-
-
18. A method of recovering a cryptographic key, the method being performed by a processor and comprising:
-
identifying individual blocks in a plurality blocks of a logical disk that provide a marker for a cryptographic key identifier, the marker indicating presence of the cryptographic key identifier in that block, wherein the cryptographic key identifier is stored as metadata, wherein the identified individual blocks include data previously encrypted using the cryptographic key; reading metadata from the individual blocks that includes the marker; determining the cryptographic key identifier from the data read from the individual blocks that provide the marker; and retrieving the cryptographic key using the cryptographic key identifier; wherein a block identifier is assigned to the logical disk and the cryptographic key identifier is associated with the block identifier. - View Dependent Claims (19)
-
Specification