Maintaing encryption keys to provide encryption on top of data deduplication
First Claim
1. A computer-implemented method, comprising:
- generating an encryption key based upon data content of a portion of data to be encrypted by the encryption key;
storing the encryption key as one of a plurality of encryption keys within a subset of storage, each of the plurality of encryption keys generated based upon corresponding data content;
calculating a checksum representing the plurality of encryption keys;
calculating, in response to receiving an input/output (I/O) request for data encrypted by the encryption key, a verification checksum representing the plurality of encryption keys;
modifying the checksum to a reserved value in response to determining the checksum and the verification checksum do not match due to a corruption of the plurality of encryption keys;
repairing the plurality of encryption keys; and
recalculating the checksum in response to the repairing of the plurality of encryption keys.
2 Assignments
0 Petitions
Accused Products
Abstract
Exemplary methods, apparatuses, and systems generate an encryption key based upon data content of a portion of data to be encrypted by the encryption key. The encryption key is stored as one of a plurality of encryption keys within a subset of storage. Each of the plurality of encryption keys is generated based upon corresponding data content. A checksum representing the plurality of encryption keys is calculated. In response to receiving an input/output (I/O) request for data encrypted by the encryption key, a verification checksum representing the plurality of encryption keys is calculated. The requested data is decrypted using the encryption key in response to verifying the checksum and verification checksum match.
15 Citations
17 Claims
-
1. A computer-implemented method, comprising:
-
generating an encryption key based upon data content of a portion of data to be encrypted by the encryption key; storing the encryption key as one of a plurality of encryption keys within a subset of storage, each of the plurality of encryption keys generated based upon corresponding data content; calculating a checksum representing the plurality of encryption keys; calculating, in response to receiving an input/output (I/O) request for data encrypted by the encryption key, a verification checksum representing the plurality of encryption keys; modifying the checksum to a reserved value in response to determining the checksum and the verification checksum do not match due to a corruption of the plurality of encryption keys; repairing the plurality of encryption keys; and recalculating the checksum in response to the repairing of the plurality of encryption keys. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A non-transitory computer-readable medium storing instructions, which when executed by a processing device, cause the processing device to perform a method comprising:
-
generating an encryption key based upon data content of a portion of data to be encrypted by the encryption key; storing the encryption key as one of a plurality of encryption keys within a subset of storage, each of the plurality of encryption keys generated based upon corresponding data content; calculating a checksum representing the plurality of encryption keys; calculating, in response to receiving an input/output (I/O) request for data encrypted by the encryption key, a verification checksum representing the plurality of encryption keys; modifying the checksum to a reserved value in response to determining the checksum and the verification checksum do not match due to a corruption of the plurality of encryption keys; repairing the plurality of encryption keys; and recalculating the checksum in response to the repairing of the plurality of encryption keys. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. An apparatus comprising:
-
a processing device; and a memory coupled to the processing device, the memory storing instructions which, when executed by the processing device, cause the apparatus to; generate an encryption key based upon data content of a portion of data to be encrypted by the encryption key; store the encryption key as one of a plurality of encryption keys within a subset of storage, each of the plurality of encryption keys generated based upon corresponding data content; calculate a checksum representing the plurality of encryption keys;
calculate, in response to receiving an input/output (I/O) request for data encrypted by the encryption key, a verification checksum representing the plurality of encryption keys;modify the checksum to a reserved value in response to determining the checksum and the verification checksum do not match due to a corruption of the plurality of encryption keys; repair the plurality of encryption keys; and recalculate the checksum in response to the repairing of the plurality of encryption keys. - View Dependent Claims (14, 15, 16, 17)
-
Specification