Encryption key recovery in the event of storage management failure

Assignee

• EMC Corporation · US

Inventors

• John S. Harwood · Boston, US
• Thomas E. Linnell · Northborough, US
• John T. Fitzgerald · Mansfield, US
• Amnon Izhar · Brookline, US
• Charles E. Arsenault · Westborough, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F21/6209
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

A data processing system stores encrypted data. Object identifiers are assigned to storage objects, and data encryption keys are assigned to the storage objects. When performing an operation upon a storage object, data encryption key failure may occur due to a corrupt or incorrect key. In this case, a copy of the data encryption key is fetched from a key server. It is possible for the association of the object identifiers with the data encryption keys to become lost or confused, so that the key server may fail to provide the correct key for a specified object identifier. Therefore, an absolute key identifier that is unique across the key server namespace also is stored in association with the object identifier in the storage system and in the key store of the key server, and the absolute key identifier is used as a failsafe for recovery of encrypted data.