MANAGING ENCRYPTED DATA AND ENCRYPTION KEYS
First Claim
Patent Images
1. A method comprising:
- encrypting a first portion of a drive in a data center, using a first encryption key;
encrypting the first encryption key using a second encryption key to obtain an encrypted encryption key;
storing the second encryption key in a first location;
storing the encrypted encryption key in a second location, wherein the second location is inaccessible from outside the data center and wherein the second location is separate from the first location; and
providing, by a processing device, an access component to provide access to the encrypted encryption key, in a second portion of the drive, wherein the second portion of the drive is unencrypted and wherein the access component is unable to provide access to the encrypted encryption key from outside the data center.
1 Assignment
0 Petitions
Accused Products
Abstract
A data module encrypts a first portion of a drive in a data center using a first encryption key. The data module encrypts the first encryption key using a second encryption key to obtain an encrypted encryption key. The data module stores the second encryption key in a first location and stores the encrypted encryption key in a second location that is separate from the first location and that is inaccessible from outside the data center.
51 Citations
20 Claims
-
1. A method comprising:
-
encrypting a first portion of a drive in a data center, using a first encryption key; encrypting the first encryption key using a second encryption key to obtain an encrypted encryption key; storing the second encryption key in a first location; storing the encrypted encryption key in a second location, wherein the second location is inaccessible from outside the data center and wherein the second location is separate from the first location; and providing, by a processing device, an access component to provide access to the encrypted encryption key, in a second portion of the drive, wherein the second portion of the drive is unencrypted and wherein the access component is unable to provide access to the encrypted encryption key from outside the data center. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An apparatus comprising:
-
a memory to store one or more keys; a processing device coupled to the memory and to; encrypt a first portion of a drive in a data center, using a first encryption key; encrypt the first encryption key using a second encryption key to obtain an encrypted encryption key; store the second encryption key in a first location; store the encrypted encryption key at a second location, wherein the second location is separate from the first location; and provide an access component to provide access to the encrypted encryption key, in a second portion of the drive, wherein the second portion of the drive is unencrypted and wherein the access component is unable to provide access to the encrypted encryption key from outside the data center. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A non-transitory computer readable storage medium having instructions that, when executed by a processing device, cause the processing device to perform a method comprising:
-
encrypting a first portion of a drive in a data center, using a first encryption key; encrypting the first encryption key using a second encryption key to obtain an encrypted encryption key; storing the encrypted encryption key in a first location; storing the second encryption key at a second location, wherein the second location is inaccessible from outside the data center and wherein the second location is separate from the first location; and providing, by the processing device, an access component to provide access to the encrypted encryption key, in a second portion of the drive, wherein the second portion of the drive is unencrypted and wherein the access component is unable to provide access to the encrypted encryption key from outside the data center. - View Dependent Claims (19, 20)
-
Specification