Redundant array of encrypting disks
First Claim
1. A method of storing redundant encrypted data, said method comprising:
- computing parity from a first data member and a second data member, encrypting the first data member with a first data encryption key and storing the encrypted first data member in a first data storage device, encrypting the second data member with a second data encryption key and storing the encrypted second data member in a second data storage device, and encrypting the parity with a third data encryption key and storing the encrypted parity in a third data storage device, wherein the first data encryption key is not identical to the second data encryption key, the second data encryption key is not identical to the third data encryption key, and the third data encryption key is not identical to the first data encryption key; and
recovering from a failure to read and decrypt data from the encrypted data member in one of the first data storage device and the second data storage device by reading and decrypting data from the other of the first data storage device and the second data storage device and by reading and decrypting parity from the third data storage device and performing a parity computation upon the decrypted data from said other of the first data storage device and the second data storage device and the decrypted parity from the third data storage device; and
which further includes detecting a loss of a proper key for decrypting data read from the encrypted data member in said one of the first data storage device and the second data storage device, and in response to detecting the loss of a proper key for decrypting data read from the encrypted data member in said one of the first data storage device and the second data storage device, recovering from the loss of a proper key for decrypting data read from the encrypted data member in said one of the first data storage device and the second data storage device by;
assigning a new data encryption key to said one of the first data storage device and the second data storage device;
recovering the data member stored in encrypted form in said one of the first data storage device and the second data storage device by reading and decrypting data from the other of the first data storage device and the second data storage device and reading and decrypting parity from the third data storage device and performing a parity computation upon the decrypted data from said other of the first data storage device and the second data storage device and the decrypted parity from the third data storage device in order to compute the recovered data member; and
encrypting the recovered data member with the new data encryption key and storing the encrypted recovered data member in said one of the first data storage device and the second data storage device.
9 Assignments
0 Petitions
Accused Products
Abstract
By placing an encryption function below a RAID function and requiring independence of encryption functionality along the same boundaries of data member independence of the RAID function, failures of the encryption and key management for individual encryption functions can be recovered with the same data rebuild mechanism as the RAID function. For example, in a RAID set of disk drives, each data partition and each parity partition has a respective data encryption key for storing encrypted data or encrypted parity in the partition, and a LUN or logical volume is mapped to a stripe of data partitions and an associated parity partition across the RAID set so that the data rebuild mechanism of the RAID function may recover from a loss of a single data encryption key without compromising security of the LUN or logical volume.
-
Citations
18 Claims
-
1. A method of storing redundant encrypted data, said method comprising:
-
computing parity from a first data member and a second data member, encrypting the first data member with a first data encryption key and storing the encrypted first data member in a first data storage device, encrypting the second data member with a second data encryption key and storing the encrypted second data member in a second data storage device, and encrypting the parity with a third data encryption key and storing the encrypted parity in a third data storage device, wherein the first data encryption key is not identical to the second data encryption key, the second data encryption key is not identical to the third data encryption key, and the third data encryption key is not identical to the first data encryption key; and recovering from a failure to read and decrypt data from the encrypted data member in one of the first data storage device and the second data storage device by reading and decrypting data from the other of the first data storage device and the second data storage device and by reading and decrypting parity from the third data storage device and performing a parity computation upon the decrypted data from said other of the first data storage device and the second data storage device and the decrypted parity from the third data storage device; and which further includes detecting a loss of a proper key for decrypting data read from the encrypted data member in said one of the first data storage device and the second data storage device, and in response to detecting the loss of a proper key for decrypting data read from the encrypted data member in said one of the first data storage device and the second data storage device, recovering from the loss of a proper key for decrypting data read from the encrypted data member in said one of the first data storage device and the second data storage device by; assigning a new data encryption key to said one of the first data storage device and the second data storage device; recovering the data member stored in encrypted form in said one of the first data storage device and the second data storage device by reading and decrypting data from the other of the first data storage device and the second data storage device and reading and decrypting parity from the third data storage device and performing a parity computation upon the decrypted data from said other of the first data storage device and the second data storage device and the decrypted parity from the third data storage device in order to compute the recovered data member; and encrypting the recovered data member with the new data encryption key and storing the encrypted recovered data member in said one of the first data storage device and the second data storage device. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A redundant storage system for storing encrypted data, said redundant storage system comprising:
-
an array of data storage devices including at least a first data storage device, a second data storage device, and a third data storage device; and at least one data processor coupled to the data storage devices for storing encrypted data in the data storage devices; wherein said at least one data processor is programmed to compute parity from a first data member and a second data member to encrypt the first data member with a first data encryption key and to store the encrypted first data member in the first data storage device, to encrypt the second data member with a second data encryption key and to store the encrypted second data member in the second data storage device, and to encrypt the parity with a third data encryption key and to store the encrypted parity in the third data storage device, wherein the first data encryption key is not identical to the second data encryption key, the second data encryption key is not identical to the third data encryption key, and the third data encryption key is not identical to the first data encryption key; wherein said at least one data processor is further programmed to recover from a failure to read and decrypt data from the encrypted data member in one of the first data storage device and the second data storage device by reading and decrypting data from the other of the first data storage device and the second data storage device and by reading and decrypting parity from the third data storage device and performing a parity computation upon the decrypted data from said other of the first data storage device and the second data storage device and the decrypted parity from the third data storage device; and wherein said at least one data processor is further programmed to detect a loss of a proper key for decrypting data read from the encrypted data member in said one of the first data storage device and the second data storage device, and in response to detecting the loss of a proper key for decrypting data read from the encrypted data member in said one of the first data storage device and the second data storage device, to recover from the loss of a proper key for decrypting data read from the encrypted data member in said one of the first data storage device and the second data storage device by; assigning a new data encryption key to said one of the first data storage device and the second data storage device; recovering the data member stored in encrypted form in said one of the first data storage device and the second data storage device by reading and decrypting data from the other of the first data storage device and the second data storage device and reading and decrypting parity from the third data storage device and performing a parity computation upon the decrypted data from said other of the first data storage device and the second data storage device and the decrypted parity from the third data storage device in order to compute the recovered data member; and encrypting the recovered data member with the new data encryption key and storing the encrypted recovered data member in said one of the first data storage device and the second data storage device. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
-
-
15. A redundant storage system containing encrypted data, said redundant storage system comprising:
-
an array of disk drives including at least a first disk drive, a second disk drive, and a third disk drive, and at least one data processor coupled to the disk drives for accessing encrypted data in the disk drives; wherein each disk drive includes at least a first partition of data storage and a second partition of data storage; wherein each partition of data storage contains encrypted data or encrypted parity that has been encrypted with a respective different data encryption key for each partition of each of the disk drives so that the data encryption key for each one of the partitions is not identical to the data encryption key for any of the other partitions, parity encrypted in one of the first partitions having been computed from the data that is encrypted and stored in the other of the first partitions, and parity encrypted in one of the second partitions having been computed from the data that is encrypted and stored in the other of the second partitions; wherein said at least one data processor is programmed to recover from a failure to read and decrypt encrypted data in any one of the partitions by reading and decrypting encrypted parity that was computed from the data encrypted in said any one of the partitions and by reading and decrypting encrypted data from other partitions from which the decrypted parity was computed and by performing a parity computation upon the decrypted data and the decrypted parity; and wherein said at least one data processor is further programmed to detect a loss of a proper key for decrypting data read from said any one of the partitions, and in response to detecting the loss of a proper key for decrypting data read from said any one of the partitions, to recover from the loss of a proper key for decrypting data read from said any one of the partitions by; assigning a new data encryption key to said any one of the partitions; recovering the data stored in encrypted form in said any one of the partitions by reading and decrypting encrypted parity that was computed from the data encrypted in said any one of the partitions and by reading and decrypting encrypted data from other partitions from which the decrypted parity was computed and by performing a parity computation upon the decrypted data and the decrypted parity in order to compute the recovered data stored in encrypted form in said any one of the partitions; and encrypting the recovered data with the new data encryption key and storing the encrypted recovered data in said any one of the partitions; and which is further programmed to assign a first logical unit number (LUN) or logical volume of storage to a first host processor and to map the LUN or logical volume of storage to the first partitions and to provide the first host processor with read and write data access to the first LUN or logical volume by providing the first host processor with read and write access to encrypted data in the first partitions, and wherein the parity encrypted in said one of the first partitions is not computed from data of any other host processor; and which is further programmed to assign a second logical unit number (LUN) or logical volume of storage to a second host processor and to map the second LUN or logical volume of storage to the second partitions and to provide the second host processor with read and write data access to the LUN or logical volume by providing the second host processor with read and write access to encrypted data in the second partitions, and wherein the parity encrypted in said one of the second partitions is not computed from data of any other host processor. - View Dependent Claims (16, 17, 18)
-
Specification