Removable circuit for unlocking self-encrypting data storage devices
First Claim
Patent Images
1. An apparatus comprising:
- a circuit configured to;
connect to be removable from a first server via physical and electrical connections to the first server without physically modifying the first server, and disconnect from the first server without physically modifying the first server;
transmit, from the first server to a second server, a request for an encryption key corresponding to data storage device (“
DSD”
) coupled to the first server;
determine a unique identifier corresponding to the DSD;
provide the unique identifier corresponding to the DSD to the second server; and
receive the encryption key from the second server and provide the encryption key to the DSD to unlock the DSD;
unlock the DSD with the encryption key;
determine if there is an unregistered DSD coupled to the first server, an unregistered DSD is a DSD that does not have a corresponding encryption key stored in the second server;
obtain a unique identifier from the unregistered DSD;
provide the unique identifier and a request for an encryption key to the second server;
receive the encryption key from the second server; and
lock the unregistered DSD with the encryption key to register the unregistered DSD.
1 Assignment
0 Petitions
Accused Products
Abstract
Data storage devices (“DSDs”) can be cryptographically locked, and may be unlocked with encryption keys. One or more encryption keys may be stored remotely in a key server, and may be retrieved by a removable circuit that can be coupled to a server, such as a data server, email server, file system server, other server, or other system. The removable circuit can determine which of the DSDs are locked, and may transmit a request to the key server for encryption keys corresponding to the locked DSDs. The removable circuit can unlock the locked DSDs with the encryption keys provided by the key server.
-
Citations
16 Claims
-
1. An apparatus comprising:
a circuit configured to; connect to be removable from a first server via physical and electrical connections to the first server without physically modifying the first server, and disconnect from the first server without physically modifying the first server; transmit, from the first server to a second server, a request for an encryption key corresponding to data storage device (“
DSD”
) coupled to the first server;determine a unique identifier corresponding to the DSD; provide the unique identifier corresponding to the DSD to the second server; and receive the encryption key from the second server and provide the encryption key to the DSD to unlock the DSD; unlock the DSD with the encryption key; determine if there is an unregistered DSD coupled to the first server, an unregistered DSD is a DSD that does not have a corresponding encryption key stored in the second server; obtain a unique identifier from the unregistered DSD; provide the unique identifier and a request for an encryption key to the second server; receive the encryption key from the second server; and lock the unregistered DSD with the encryption key to register the unregistered DSD. - View Dependent Claims (2, 3, 4)
-
5. A system comprising:
a management device configured to be connectable and removable from a first server via physical and electrical connections to the first server without physically modifying the first server, and disconnect from the first server without physically modifying the first server, the management device including; an interface circuit; a memory including executable instructions that, when executed by a processor, cause the processor to; perform an unlock process including; determine a unique identifier corresponding to a data storage device (“
DSD”
) coupled to the first server via the interface circuit;transmit to a second server the unique identifier corresponding to the DSD and a request for an encryption key corresponding to the unique identifier; receive the encryption key from the second server and provide the encryption key to the DSD to unlock the DSD; unlock the DSD with the encryption key; perform a registration process including; determine if there is an unregistered DSD coupled to the first server, an unregistered DSD is a DSD that does not have a corresponding encryption key stored in the second server; obtain a unique identifier from the unregistered DSD; provide the unique identifier and a request for an encryption key to the second server; receive the encryption key from the second server; and lock the unregistered DSD with the encryption key. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13)
-
14. A method comprising:
-
determining an unique identifier corresponding to a data storage device (“
DSD”
) coupled to a first server;transmitting from a circuit to a second server the unique identifier corresponding to the DSD and a request for an encryption key corresponding to the unique identifier, where the circuit is configured to be connectable and removable from the first server via physical and electrical connections to the first server without physically modifying the first server, and disconnect from the first server without physically modifying the first server; receiving the encryption key from the second server; providing the encryption key to the DSD to unlock the DSD; unlocking the DSD with the encryption key; determining if there is an unregistered DSD coupled to the first server, an unregistered DSD is a DSD that does not have a corresponding encryption key stored in the second server; obtaining a unique identifier for the unregistered DSD; providing the unique identifier and a request for an encryption key to the second server; receiving the encryption key from the second server; and locking the unregistered DSD with the encryption key to register the unregistered DSD. - View Dependent Claims (15, 16)
-
Specification