Management of encryption keys for multi-mode network storage device
US10089245B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | May 12, 2016 |
| Grant date | Oct 2, 2018 |
| Priority date | — |
| Expiry date | Nov 24, 2036 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2212/466
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
One method for managing encryption includes identifying an available or a secure mode. During restarts a passphrase must be entered in secure mode but not in available mode. Further, a master key is created for encrypting volume keys, where master and volume encryption keys are not stored in non-volatile memory (NVRAM) nor in disk storage. A half-key is created by encrypting the master key with a secure key, the secure key and the encrypted volume encryption keys being stored in disk storage. The half-key is stored in NVRAM only in available mode but not in secure mode. The master key is recreated during a restart when operating in the available mode by decrypting the NVRAM half-key with the secure key from disk storage. Further, the passphrase must be entered by an operator to recreate the half-key and the master key during a restart in the secure mode.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.