Redundant array of encrypting disks

US 8,799,681 B1
Filed: 03/06/2008
Issued: 08/05/2014
Est. Priority Date: 12/27/2007
Status: Active Grant

First Claim

Patent Images

1. A method of storing redundant encrypted data, said method comprising:

computing parity from a first data member and a second data member, encrypting the first data member with a first data encryption key and storing the encrypted first data member in a first data storage device, encrypting the second data member with a second data encryption key and storing the encrypted second data member in a second data storage device, and encrypting the parity with a third data encryption key and storing the encrypted parity in a third data storage device, wherein the first data encryption key is not identical to the second data encryption key, the second data encryption key is not identical to the third data encryption key, and the third data encryption key is not identical to the first data encryption key; and

recovering from a failure to read and decrypt data from the encrypted data member in one of the first data storage device and the second data storage device by reading and decrypting data from the other of the first data storage device and the second data storage device and by reading and decrypting parity from the third data storage device and performing a parity computation upon the decrypted data from said other of the first data storage device and the second data storage device and the decrypted parity from the third data storage device; and

which further includes detecting a loss of a proper key for decrypting data read from the encrypted data member in said one of the first data storage device and the second data storage device, and in response to detecting the loss of a proper key for decrypting data read from the encrypted data member in said one of the first data storage device and the second data storage device, recovering from the loss of a proper key for decrypting data read from the encrypted data member in said one of the first data storage device and the second data storage device by;

assigning a new data encryption key to said one of the first data storage device and the second data storage device;

recovering the data member stored in encrypted form in said one of the first data storage device and the second data storage device by reading and decrypting data from the other of the first data storage device and the second data storage device and reading and decrypting parity from the third data storage device and performing a parity computation upon the decrypted data from said other of the first data storage device and the second data storage device and the decrypted parity from the third data storage device in order to compute the recovered data member; and

encrypting the recovered data member with the new data encryption key and storing the encrypted recovered data member in said one of the first data storage device and the second data storage device.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

By placing an encryption function below a RAID function and requiring independence of encryption functionality along the same boundaries of data member independence of the RAID function, failures of the encryption and key management for individual encryption functions can be recovered with the same data rebuild mechanism as the RAID function. For example, in a RAID set of disk drives, each data partition and each parity partition has a respective data encryption key for storing encrypted data or encrypted parity in the partition, and a LUN or logical volume is mapped to a stripe of data partitions and an associated parity partition across the RAID set so that the data rebuild mechanism of the RAID function may recover from a loss of a single data encryption key without compromising security of the LUN or logical volume.

97 Citations

View as Search Results

18 Claims

1. A method of storing redundant encrypted data, said method comprising:
- computing parity from a first data member and a second data member, encrypting the first data member with a first data encryption key and storing the encrypted first data member in a first data storage device, encrypting the second data member with a second data encryption key and storing the encrypted second data member in a second data storage device, and encrypting the parity with a third data encryption key and storing the encrypted parity in a third data storage device, wherein the first data encryption key is not identical to the second data encryption key, the second data encryption key is not identical to the third data encryption key, and the third data encryption key is not identical to the first data encryption key; and
  
  recovering from a failure to read and decrypt data from the encrypted data member in one of the first data storage device and the second data storage device by reading and decrypting data from the other of the first data storage device and the second data storage device and by reading and decrypting parity from the third data storage device and performing a parity computation upon the decrypted data from said other of the first data storage device and the second data storage device and the decrypted parity from the third data storage device; and
  
  which further includes detecting a loss of a proper key for decrypting data read from the encrypted data member in said one of the first data storage device and the second data storage device, and in response to detecting the loss of a proper key for decrypting data read from the encrypted data member in said one of the first data storage device and the second data storage device, recovering from the loss of a proper key for decrypting data read from the encrypted data member in said one of the first data storage device and the second data storage device by;
  
  assigning a new data encryption key to said one of the first data storage device and the second data storage device;
  
  recovering the data member stored in encrypted form in said one of the first data storage device and the second data storage device by reading and decrypting data from the other of the first data storage device and the second data storage device and reading and decrypting parity from the third data storage device and performing a parity computation upon the decrypted data from said other of the first data storage device and the second data storage device and the decrypted parity from the third data storage device in order to compute the recovered data member; and
  
  encrypting the recovered data member with the new data encryption key and storing the encrypted recovered data member in said one of the first data storage device and the second data storage device.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method as claimed in claim 1, which further includes deleting the first data encryption key, the second data encryption key, and the third data encryption key, so that plaintext of the encrypted first data member stored in the first data storage device and plaintext of the second encrypted data member stored in the second data storage device cannot be exposed prior to any deletion of the encrypted first data member from the first data storage device and any deletion of the second encrypted data member from the second data storage device.
  - 3. The method as claimed in claim 1, which further includes assigning a logical unit number (LUN) or logical volume of storage to a host processor and mapping the LUN or logical volume of storage to the first data member and the second data member and providing the host processor with read and write data access to the LUN or logical volume by providing the host processor with read and write access to the first data storage device and the second data storage device, and wherein the parity is not computed from data of any other host processor.
  - 4. The method as claimed in claim 1, wherein each of the first data storage device, the second data storage device, and the third data storage device includes a first partition of storage and a second partition of storage, and each partition of storage contains either encrypted data or encrypted parity that has been encrypted with a respective different data encryption key for each partition of each of the storage devices, wherein the parity encrypted in one of the first partitions is computed from the data that is encrypted and stored in the other of the first partitions, and the parity encrypted in one of the second partitions is computed from the data that is encrypted and stored in the other of the second partitions.
  - 5. The method as claimed in claim 4, which further includes assigning a first logical unit number (LUN) or logical volume of storage to a first host processor and mapping the first LUN or logical volume of storage to the first partitions and providing the first host processor with read and write data access to the first logical unit number (LUN) or logical volume of storage by providing the first host processor with read and write data access to the first partitions containing encrypted data, and assigning a second logical unit number (LUN) or logical volume of storage to a second host processor and mapping the second LUN or logical volume of storage to the second partitions and providing the second host processor with read and write data access to the second LUN or logical volume of storage by providing the second host processor with read and write data access to the second partitions containing encrypted data.
  - 6. The method as claimed in claim 1, which further includes attempting to recover the proper key from a key server in response to detecting the loss of a proper key for decrypting data read from the encrypted data member in said one of the first data storage device and the second data storage device.

7. A redundant storage system for storing encrypted data, said redundant storage system comprising:
- an array of data storage devices including at least a first data storage device, a second data storage device, and a third data storage device; and
  
  at least one data processor coupled to the data storage devices for storing encrypted data in the data storage devices;
  
  wherein said at least one data processor is programmed to compute parity from a first data member and a second data member to encrypt the first data member with a first data encryption key and to store the encrypted first data member in the first data storage device, to encrypt the second data member with a second data encryption key and to store the encrypted second data member in the second data storage device, and to encrypt the parity with a third data encryption key and to store the encrypted parity in the third data storage device, wherein the first data encryption key is not identical to the second data encryption key, the second data encryption key is not identical to the third data encryption key, and the third data encryption key is not identical to the first data encryption key;
  
  wherein said at least one data processor is further programmed to recover from a failure to read and decrypt data from the encrypted data member in one of the first data storage device and the second data storage device by reading and decrypting data from the other of the first data storage device and the second data storage device and by reading and decrypting parity from the third data storage device and performing a parity computation upon the decrypted data from said other of the first data storage device and the second data storage device and the decrypted parity from the third data storage device; and
  
  wherein said at least one data processor is further programmed to detect a loss of a proper key for decrypting data read from the encrypted data member in said one of the first data storage device and the second data storage device, and in response to detecting the loss of a proper key for decrypting data read from the encrypted data member in said one of the first data storage device and the second data storage device, to recover from the loss of a proper key for decrypting data read from the encrypted data member in said one of the first data storage device and the second data storage device by;
  
  assigning a new data encryption key to said one of the first data storage device and the second data storage device;
  
  recovering the data member stored in encrypted form in said one of the first data storage device and the second data storage device by reading and decrypting data from the other of the first data storage device and the second data storage device and reading and decrypting parity from the third data storage device and performing a parity computation upon the decrypted data from said other of the first data storage device and the second data storage device and the decrypted parity from the third data storage device in order to compute the recovered data member; and
  
  encrypting the recovered data member with the new data encryption key and storing the encrypted recovered data member in said one of the first data storage device and the second data storage device.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
- - 8. The redundant storage system as claimed in claim 7, wherein said at least one data processor includes at least one input-output module coupled to the data storage devices for writing encrypted data to the data storage devices and reading encrypted data from the data storage devices, and wherein said at least one data processor is programmed to perform encryption and decryption by sending a request including a data encryption key to said at least one input-output module.
  - 9. The redundant storage system as claimed in claim 7, which is further programmed to delete the first data encryption key, the second data encryption key, and the third data encryption key, so that plaintext of the encrypted first data member stored in the first data storage device and plaintext of the second encrypted data member stored in the second data storage device cannot be exposed prior to any deletion of the encrypted first data member from the first data storage device and any deletion of the second encrypted data member from the second data storage device.
  - 10. The redundant storage system as claimed in claim 7, which is further programmed to assign a logical unit number (LUN) or logical volume of storage to a host processor and to assign the LUN or logical volume of storage to the first data member and the second data member and to provide the host processor with read and write data access to the LUN or logical volume by providing the host processor with read and write access to the first data storage device and the second data storage device, and wherein the parity is not computed from data from any other host processor.
  - 11. The redundant storage system as claimed in claim 7, wherein each of the first data storage device, the second data storage device, and the third data storage device includes a first partition of storage and a second partition of storage, and each partition of storage contains either encrypted data or encrypted parity that has been encrypted with a respective different data encryption key for each partition of each of the storage devices, wherein the parity encrypted in one of the first partitions has been computed from the data that is encrypted and stored in the other of the first partitions, and the parity encrypted in one of the second partitions has been computed from the data that is encrypted and stored in the other of the second partitions.
  - 12. The redundant storage system as claimed in claim 11, which is further programmed to assign a first logical unit number (LUN) or logical volume of storage to a first host processor and to map the first LUN or logical volume of storage to the first partitions and to provide the first host processor with read and write data access to the first logical unit number (LUN) or logical volume of storage by providing the first host processor with read and write data access to the first partitions, and to assign a second logical unit number (LUN) or logical volume of storage to a second host processor and to map the second LUN or logical volume of storage to the second partitions and to provide the second host processor with read and write data access to the second LUN or logical volume of storage by providing the second host processor with read and write data access to the second partitions.
  - 13. The redundant storage system as claimed in claim 7, wherein the first data storage device is a first disk drive, the second data storage device is a second disk drive, and the third data storage device is a third disk drive.
  - 14. The redundant storage system as claimed in claim 7, wherein the data processor is further programmed to attempt to recover the proper key from a key server in response in response to detecting the loss of a proper key for decrypting data read from the encrypted data member in said one of the first data storage device and the second data storage device.

15. A redundant storage system containing encrypted data, said redundant storage system comprising:
- an array of disk drives including at least a first disk drive, a second disk drive, and a third disk drive, andat least one data processor coupled to the disk drives for accessing encrypted data in the disk drives;
  
  wherein each disk drive includes at least a first partition of data storage and a second partition of data storage;
  
  wherein each partition of data storage contains encrypted data or encrypted parity that has been encrypted with a respective different data encryption key for each partition of each of the disk drives so that the data encryption key for each one of the partitions is not identical to the data encryption key for any of the other partitions, parity encrypted in one of the first partitions having been computed from the data that is encrypted and stored in the other of the first partitions, and parity encrypted in one of the second partitions having been computed from the data that is encrypted and stored in the other of the second partitions;
  
  wherein said at least one data processor is programmed to recover from a failure to read and decrypt encrypted data in any one of the partitions by reading and decrypting encrypted parity that was computed from the data encrypted in said any one of the partitions and by reading and decrypting encrypted data from other partitions from which the decrypted parity was computed and by performing a parity computation upon the decrypted data and the decrypted parity; and
  
  wherein said at least one data processor is further programmed to detect a loss of a proper key for decrypting data read from said any one of the partitions, and in response to detecting the loss of a proper key for decrypting data read from said any one of the partitions, to recover from the loss of a proper key for decrypting data read from said any one of the partitions by;
  
  assigning a new data encryption key to said any one of the partitions;
  
  recovering the data stored in encrypted form in said any one of the partitions by reading and decrypting encrypted parity that was computed from the data encrypted in said any one of the partitions and by reading and decrypting encrypted data from other partitions from which the decrypted parity was computed and by performing a parity computation upon the decrypted data and the decrypted parity in order to compute the recovered data stored in encrypted form in said any one of the partitions; and
  
  encrypting the recovered data with the new data encryption key and storing the encrypted recovered data in said any one of the partitions; and
  
  which is further programmed to assign a first logical unit number (LUN) or logical volume of storage to a first host processor and to map the LUN or logical volume of storage to the first partitions and to provide the first host processor with read and write data access to the first LUN or logical volume by providing the first host processor with read and write access to encrypted data in the first partitions, and wherein the parity encrypted in said one of the first partitions is not computed from data of any other host processor; and
  
  which is further programmed to assign a second logical unit number (LUN) or logical volume of storage to a second host processor and to map the second LUN or logical volume of storage to the second partitions and to provide the second host processor with read and write data access to the LUN or logical volume by providing the second host processor with read and write access to encrypted data in the second partitions, and wherein the parity encrypted in said one of the second partitions is not computed from data of any other host processor.
- View Dependent Claims (16, 17, 18)
- - 16. The redundant storage system as claimed in claim 15, wherein said at least one data processor is further programmed to compute parity from a first data member and a second data member, to encrypt the first data member with a first data encryption key and to store the encrypted first data member in the first partition of the first disk drive, to encrypt the second data member with a second data encryption key and to store the encrypted second data member in the first partition of the second disk drive, and to encrypt the parity with a third data encryption key and to store the encrypted parity in the first partition of the third disk drive.
  - 17. The redundant storage system as claimed in claim 15, which is further programmed to delete the data encryption key for the first partition of the first disk drive, to delete the data encryption key for the first partition of the second disk drive, and to delete the data encryption key for the first partition of the third disk drive, so that plaintext of the encrypted data stored in the first partitions cannot be exposed prior to any deletion of the encrypted data stored in the first partitions.
  - 18. The redundant storage system as claimed in claim 15, wherein the data processor is further programmed to attempt to recover the proper key from a key server in response to detecting the loss of a proper key for decrypting data read from said any one of the partitions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
EMC Corporation (Dell Technologies Inc.)
Inventors
Linnell, Thomas E., Harwood, John S., Fitzgerald, John T.
Primary Examiner(s)
HENNING, MATTHEW T

Application Number

US12/043,863
Time in Patent Office

2,343 Days
Field of Search

713/193
US Class Current

713/193
CPC Class Codes

G06F 11/1076   Parity data used in redunda...

G06F 21/62   Protecting access to data v...

G06F 21/6218   to a system of files or obj...

G06F 21/64   Protecting data integrity, ...

G06F 21/80   in storage media based on m...

G06F 2221/2107   File encryption

Redundant array of encrypting disks

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

97 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Redundant array of encrypting disks

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

97 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links