Storage system with controller key wrapping of data encryption key in metadata of stored data item

Assignee

• EMC IP Holding Company LLC · US

Inventors

• Radia J. Perlman · Acton, US
• Xuan Tang · Hopkinton, US
• Greg Lazar · Upton, US
• Thomas N. Dibb · Rutland, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L2463/062
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

An apparatus comprises a storage system, a key manager incorporated in or otherwise associated with the storage system, and an input-output controller coupled to the key manager and configured to control storage of data items in the storage system. The key manager is configured to determine a controller key accessible to the input-output controller and a plurality of data encryption keys utilizable by the input-output controller to encrypt the data items for storage in the storage system. A given one of the data items is encrypted using a particular one of the data encryption keys and has associated metadata that includes the particular data encryption key encrypted using the controller key. The metadata may comprise an inner wrapping of the particular data encryption key using the controller key and at least one outer wrapping of the inner wrapping using at least one additional key.