Method and system for automatically migrating encryption keys between key managers in a network storage system

Assignee

• NetApp, Inc. · US

Inventors

• Robert James Przykucki, JR. · Redwood City, US
• Gaurav Agarwal · San Jose, US
• Leo Janze · Alamo, US
• Logan Jennings · Menlo Park, US
• Robert Bartozynski · San Mateo, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L67/1097
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Embodiments of the present invention provide a method and system, in a network storage system, for a remote key manager performing cryptographic operations upon a failure of a protected key manager, using a hardware encryption key (key) automatically migrated from the protected key manager. During initialization, the protected and remote key managers authenticate the communication channel (e.g. trustee link) between each other. A new key generated by dedicated hardware of the protected key manager is used by the protected key manager to perform cryptographic operations on data of a storage server. The remote key manager then requests and obtains the new key from the protected key manager across the trustee link. Upon a failure of the protected key manager, the remote key manager performs cryptographic operations on data of the storage server using the migrated key, ensuring accessibility and security of such data.