Tracking replica data using key management
First Claim
1. A computer-implemented method for generating a wrapped data encryption key, the method comprising:
- generating, at a server, an encryption key based on a secure pseudo-random number generator;
concatenating an object identifier to the encryption key, the object identifier associated with an object to be encrypted;
generating a ciphertext by encrypting the concatenated encryption key with a key encryption key;
generating an authenticity code by encrypting the encrypted concatenated encryption key with a redundancy key; and
generating a wrapped data encryption key by concatenating the ciphertext with the authenticity code.
6 Assignments
0 Petitions
Accused Products
Abstract
Source and replica data in a storage area network is tracked during management of data encryption keys. Association of source and replica data allows for all copies of customer information in an enterprise to be managed as a single entity for deletion or tracked for management purposes by using referenced data encryption keys upon creation of replicas. Any replica from a source storage object can be created using the source storage object data encryption key or an associated key and tracked by these keys as a subset of the number of replicas created. Management of the data encryption keys can control the lifetime of data on a storage array and in the storage area network without managing every replicated instance for the lifetime of the data.
-
Citations
9 Claims
-
1. A computer-implemented method for generating a wrapped data encryption key, the method comprising:
-
generating, at a server, an encryption key based on a secure pseudo-random number generator; concatenating an object identifier to the encryption key, the object identifier associated with an object to be encrypted; generating a ciphertext by encrypting the concatenated encryption key with a key encryption key; generating an authenticity code by encrypting the encrypted concatenated encryption key with a redundancy key; and generating a wrapped data encryption key by concatenating the ciphertext with the authenticity code. - View Dependent Claims (2, 3, 6)
-
-
4. A system for generating a wrapped data encryption key, the method comprising:
-
a processor; a memory storing instructions, the instructions being adapted to cause the processor to execute steps comprising; generating, at a server, an encryption key based on a secure pseudo-random number generator; concatenating an object identifier to the encryption key, the object identifier associated with an object to be encrypted; generating a ciphertext by encrypting the concatenated encryption key with a key encryption key; generating an authenticity code by encrypting the encrypted concatenated encryption key with a redundancy key; and generating a wrapped data encryption key by concatenating the ciphertext with the authenticity code. - View Dependent Claims (5)
-
-
7. A non-transitory computer readable medium including computer code adapted to be executed on electronic computer hardware, the code comprising:
-
code for generating, at a server, an encryption key based on a secure pseudo-random number generator; code for concatenating an object identifier to the encryption key, the object identifier associated with an object to be encrypted; code for generating a ciphertext by encrypting the concatenated encryption key with a key encryption key; code for generating an authenticity code by encrypting the encrypted concatenated encryption key with a redundancy key; and code for generating a wrapped data encryption key by concatenating the ciphertext with the authenticity code. - View Dependent Claims (8, 9)
-
Specification