Adding or replacing disks with re-key processing
First Claim
Patent Images
1. A method, comprising:
- receiving a command, at a first storage device, to clone a second storage device, wherein the first storage device and second storage device are storage devices in a multiple storage device network presented as a virtual disk;
copying data from the second storage device to the first storage device, which comprises reconstructing cryptographically split data from the second storage device;
re-keying the first storage device by changing an encryption key of the first storage device to an encryption key matching an encryption key of the second storage device; and
establishing, by the first storage device, secure communications with the encryption key;
wherein the data copied to the first storage device from the second storage device is provided to a client device through the virtual disk.
9 Assignments
0 Petitions
Accused Products
Abstract
In a network of multiple storage devices, a storage device may become faulty and need to be replaced or additional capacity may need to be added through additional storage devices. When the storage devices communicate through a secure communications link using an encryption key for cryptographically splitting data, replacement or new storage devices may be re-keyed using an encryption key from an existing or prior storage device on the secure data network. After the storage device is re-keyed, the new or replacement storage device may continue to function on the secure data network without requiring changes to clients accessing the secure data network.
18 Citations
17 Claims
-
1. A method, comprising:
-
receiving a command, at a first storage device, to clone a second storage device, wherein the first storage device and second storage device are storage devices in a multiple storage device network presented as a virtual disk; copying data from the second storage device to the first storage device, which comprises reconstructing cryptographically split data from the second storage device; re-keying the first storage device by changing an encryption key of the first storage device to an encryption key matching an encryption key of the second storage device; and establishing, by the first storage device, secure communications with the encryption key; wherein the data copied to the first storage device from the second storage device is provided to a client device through the virtual disk. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer program product, comprising:
a non-transitory computer readable medium comprising; code to receive a command, at a first storage device, to clone a second storage device, wherein the first storage device and second storage device are storage devices in a multiple storage device network presented as a virtual disk; code to copy data from the second storage device to the first storage device, which comprises reconstructing cryptographically split data from the second storage device; code to re-key the first storage device by changing an encryption key of the first storage device to an encryption key matching an encryption key of the second storage device; and code to establish, by the first storage device, secure communications with the encryption key, wherein the data copied to the first storage device from the second storage device is provided to a client device through the virtual disk. - View Dependent Claims (7, 8, 9, 10)
-
11. An apparatus, comprising:
-
a processor, a memory connected to the processor; a secure boot device connected to the processor; and a network adapter connected to the processor, in which the processor is configured; to receive a command, through the network adapter, to clone a second storage device onto a first storage device, wherein the first storage device and second storage device are storage devices in a multiple storage device network presented as a virtual disk; to copy data from the second storage device to the memory, which comprises reconstructing cryptographically split data from the second storage device; to re-key the secure boot device by changing an encryption key of the first storage device to an encryption key matching an encryption key of the second storage device; and to establish, through the network adapter, secure communications with the encryption key, wherein the data copied to the first storage device from the second storage device is provided to a client device through the virtual disk. - View Dependent Claims (12, 13, 14)
-
-
15. The apparatus of claim 11, in which the secure boot device is integrated into the apparatus.
-
16. The apparatus of claim 11, in which the apparatus is located remote from the second storage device.
-
17. The apparatus of claim 11, in which the apparatus is a network attached storage (NAS) device.
Specification