Methodology for vaulting data encryption keys with encrypted storage
US8190921B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Dec 27, 2007 |
| Grant date | May 29, 2012 |
| Priority date | — |
| Expiry date | Mar 25, 2031 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/6209
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A method is provided to allow for encryption keys to be safely vaulted and for restarts after system failures, even when an external key server is not accessible. In one embodiment, the encryption keys are stored in memory in an encrypted format, the encryption keys being encrypted with a key encryption key (KEK). The data stored in a write cache may be encrypted and written to a vault, protecting it from unauthorized access, but the key table may be written directly to the data vault without need for any further encryption. Because the encryption keys are themselves encrypted, the encryption keys are protected from unauthorized access, ensuring the security of all the encrypted data stored on disk. This embodiment allows the data storage system to be restarted without accessing an external key server. In another embodiment, the KEK is stored in persistent storage within the data storage system, allowing for unattended restart. To enhance security, the KEK may be stored in ROM in a hardened location. Embodiments are also provided for apparatus for practicing the method.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.