Managing encrypted data and encryption keys
First Claim
Patent Images
1. A method comprising:
- encrypting a first portion of a drive in a computing device in a data center, using a first encryption key;
encrypting the first encryption key using a second encryption key to obtain an encrypted encryption key;
responsive to obtaining the encrypted encryption key, deleting the first encryption key;
responsive to deleting the first encryption key, storing the second encryption key in a first location within the data center;
storing the encrypted encryption key in a second location within the data center, wherein access to the second location from outside the data center is selectively prevented by an access server and wherein the second location is separate from the first location; and
providing, by a processing device, an access component located on a second portion of the drive, the access component providing access to the encrypted encryption key, wherein the second portion of the drive is unencrypted, and wherein the access component, via the access server, selectively prevents access to the encrypted encryption key from outside the data center when the drive is outside the data center and communicatively coupled to the data center;
wherein the access component further provides access to the second encryption key when the second encryption key is not stored on the computing device.
1 Assignment
0 Petitions
Accused Products
Abstract
A data module encrypts a first portion of a drive in a data center using a first encryption key. The data module encrypts the first encryption key using a second encryption key to obtain an encrypted encryption key. The data module stores the second encryption key in a first location and stores the encrypted encryption key in a second location that is separate from the first location and that is inaccessible from outside the data center.
11 Citations
17 Claims
-
1. A method comprising:
-
encrypting a first portion of a drive in a computing device in a data center, using a first encryption key; encrypting the first encryption key using a second encryption key to obtain an encrypted encryption key; responsive to obtaining the encrypted encryption key, deleting the first encryption key; responsive to deleting the first encryption key, storing the second encryption key in a first location within the data center; storing the encrypted encryption key in a second location within the data center, wherein access to the second location from outside the data center is selectively prevented by an access server and wherein the second location is separate from the first location; and providing, by a processing device, an access component located on a second portion of the drive, the access component providing access to the encrypted encryption key, wherein the second portion of the drive is unencrypted, and wherein the access component, via the access server, selectively prevents access to the encrypted encryption key from outside the data center when the drive is outside the data center and communicatively coupled to the data center;
wherein the access component further provides access to the second encryption key when the second encryption key is not stored on the computing device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An apparatus comprising:
-
a memory to store one or more keys; a processing device, coupled to the memory, to; encrypt a first portion of a drive in a computing device in a data center, using a first encryption key; encrypt the first encryption key using a second encryption key to obtain an encrypted encryption key; responsive to obtaining the encrypted encryption key, deleting the first encryption key; responsive to deleting the first encryption key, store the second encryption key in a first location within the data center; store the encrypted encryption key at a second location within the data center, wherein access to the second location from outside the data center is selectively prevented by an access server and wherein the second location is separate from the first location; and provide, by a processing device, an access component located on a second portion of the drive, the access component providing access to the encrypted encryption key, wherein the second portion of the drive is unencrypted, and wherein the access component, via the access server, selectively prevents access to the encrypted encryption key from outside the data center when the drive is outside the data center and communicatively coupled to the data center;
wherein the access component further provides access to the second encryption key when the second encryption key is not stored on the computing device. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A non-transitory computer readable storage medium having instructions that, when executed by a processing device, cause the processing device to perform operations comprising:
-
encrypting a first portion of a drive in a computing device in a data center, using a first encryption key; encrypting the first encryption key using a second encryption key to obtain an encrypted encryption key; responsive to obtaining the encrypted encryption key, deleting the first encryption key; responsive to deleting the first encryption key, storing the second encryption key in a first location within the data center; storing the encrypted encryption key in a second location within the data center, wherein access to the second location from outside the data center is selectively prevented by an access server and wherein the second location is separate from the first location; and providing, by a processing device, an access component located on a second portion of the drive, the access component providing access to the encrypted encryption key, wherein the second portion of the drive is unencrypted, and wherein the access component, via the access server, selectively prevents access to the encrypted encryption key from outside the data center when the drive is outside the data center and communicatively coupled to the data center;
wherein the access component further provides access to the second encryption key when the second encryption key is not stored on the computing device. - View Dependent Claims (17)
-
Specification