Adding or replacing disks with re-key processing

US 9,582,676 B2
Filed: 12/29/2011
Issued: 02/28/2017
Est. Priority Date: 01/31/2005
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving a command, at a first storage device, to clone a second storage device, wherein the first storage device and second storage device are storage devices in a multiple storage device network presented as a virtual disk;

copying data from the second storage device to the first storage device, which comprises reconstructing cryptographically split data from the second storage device;

re-keying the first storage device by changing an encryption key of the first storage device to an encryption key matching an encryption key of the second storage device; and

establishing, by the first storage device, secure communications with the encryption key;

wherein the data copied to the first storage device from the second storage device is provided to a client device through the virtual disk.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a network of multiple storage devices, a storage device may become faulty and need to be replaced or additional capacity may need to be added through additional storage devices. When the storage devices communicate through a secure communications link using an encryption key for cryptographically splitting data, replacement or new storage devices may be re-keyed using an encryption key from an existing or prior storage device on the secure data network. After the storage device is re-keyed, the new or replacement storage device may continue to function on the secure data network without requiring changes to clients accessing the secure data network.

18 Citations

View as Search Results

17 Claims

1. A method, comprising:
- receiving a command, at a first storage device, to clone a second storage device, wherein the first storage device and second storage device are storage devices in a multiple storage device network presented as a virtual disk;
  
  copying data from the second storage device to the first storage device, which comprises reconstructing cryptographically split data from the second storage device;
  
  re-keying the first storage device by changing an encryption key of the first storage device to an encryption key matching an encryption key of the second storage device; and
  
  establishing, by the first storage device, secure communications with the encryption key;
  
  wherein the data copied to the first storage device from the second storage device is provided to a client device through the virtual disk.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, further comprising receiving a request from a client computing device through the secure communications.
  - 3. The method of claim 1, in which the step of copying the data comprises cloning the second storage device on the first storage device.
  - 4. The method of claim 1, in which the first storage device is located remote from the second storage device.
  - 5. The method of claim 1, in which the first storage device is a network attached storage (NAS) device.

6. A computer program product, comprising:
- a non-transitory computer readable medium comprising;
  
  code to receive a command, at a first storage device, to clone a second storage device, wherein the first storage device and second storage device are storage devices in a multiple storage device network presented as a virtual disk;
  
  code to copy data from the second storage device to the first storage device, which comprises reconstructing cryptographically split data from the second storage device;
  
  code to re-key the first storage device by changing an encryption key of the first storage device to an encryption key matching an encryption key of the second storage device; and
  
  code to establish, by the first storage device, secure communications with the encryption key,wherein the data copied to the first storage device from the second storage device is provided to a client device through the virtual disk.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The computer program product of claim 6, in which the medium further comprises code to receive a request from a client computing device through the secure communications.
  - 8. The computer program product of claim 6, in which the medium further comprises code to clone the second storage device on the first storage device.
  - 9. The computer program product of claim 6, in which the first storage device is located remote from the second storage device.
  - 10. The computer program product of claim 6, in which the first storage device is a network attached storage (NAS) device.

11. An apparatus, comprising:
- a processor,a memory connected to the processor;
  
  a secure boot device connected to the processor; and
  
  a network adapter connected to the processor,in which the processor is configured;
  
  to receive a command, through the network adapter, to clone a second storage device onto a first storage device, wherein the first storage device and second storage device are storage devices in a multiple storage device network presented as a virtual disk;
  
  to copy data from the second storage device to the memory, which comprises reconstructing cryptographically split data from the second storage device;
  
  to re-key the secure boot device by changing an encryption key of the first storage device to an encryption key matching an encryption key of the second storage device; and
  
  to establish, through the network adapter, secure communications with the encryption key,wherein the data copied to the first storage device from the second storage device is provided to a client device through the virtual disk.
- View Dependent Claims (12, 13, 14)
- - 12. The apparatus of claim 11, in which the processor is further configured to receive a request from a client computing device through the secure communications.
  - 13. The apparatus of claim 11, in which the processor is further configured to clone the second storage device on the first storage device.
  - 14. The apparatus of claim 11, further comprising a universal serial bus (USB) connected to the secure boot device and the processor.

15. The apparatus of claim 11, in which the secure boot device is integrated into the apparatus.

16. The apparatus of claim 11, in which the apparatus is located remote from the second storage device.

17. The apparatus of claim 11, in which the apparatus is a network attached storage (NAS) device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Unisys Corporation
Original Assignee
Unisys Corporation
Inventors
Obligacion, Eric T.
Primary Examiner(s)
BAYOU, YONAS A

Application Number

US13/339,457
Publication Number

US 20130173930A1
Time in Patent Office

1,888 Days
Field of Search

713/193
US Class Current

1/1
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 3/0622   in relation to access

G06F 3/0632   by initialisation or re-ini...

G06F 3/067   Distributed or networked st...

H04L 63/0428   wherein the data content is...

Adding or replacing disks with re-key processing

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

18 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Adding or replacing disks with re-key processing

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links