×

Encryption/decryption for data storage system with snapshot capability

  • US 9,679,165 B2
  • Filed: 03/18/2015
  • Issued: 06/13/2017
  • Est. Priority Date: 07/16/2012
  • Status: Active Grant
First Claim
Patent Images

1. A method for managing access to encrypted data of a data storage system wherein changing encryption keys are used to store write data to the data storage system, the method comprising:

  • providing a data storage system comprising a plurality of computer-readable drive storage devices, the data storage system storing a plurality of snapshots in at least a subset of the drive storage devices, wherein each snapshot or combination of snapshots provides a previous point-in-time copy of data in a volume of the data storage system, wherein a given snapshot identifies write data for the volume between a time when the snapshot is committed to disk as read-only and a time when a previous snapshot was committed to disk as read-only;

    storing in each snapshot, encrypted snapshot data comprising the write data for that particular snapshot;

    associating a decryption key identifier with each snapshot, the decryption key identifier identifying a decryption key corresponding to an encryption key utilized to encrypt the encrypted snapshot data for a particular snapshot, wherein the decryption key identifier is an identifier of the decryption key while not being or storing a decryption key itself and wherein the decryption key is not accessible to the data storage system;

    storing, with each snapshot, its associated decryption key identifier; and

    upon request for the encrypted snapshot data, providing access to the encrypted snapshot data and the decryption key identifier;

    wherein associating a decryption key identifier with each snapshot ensures accessibility to historical snapshot data if changing encryption keys are utilized.

View all claims
  • 15 Assignments
Timeline View
Assignment View
    ×
    ×