Three layer key wrapping for securing encryption keys in a data storage system

Assignee

• EMC IP Holding Company LLC · US

Inventors

• Lifeng Yang · Beijing, CN
• Jian Gao · Beijing, CN
• Xinlei Xu · Beijing, CN
• Ruiyong Jia · Beijing, CN
• Lili Chen · Beijing, CN

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L9/0877
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Securing encryption keys in a data storage system using three layer key wrapping that encrypts a data encryption key using a key encryption key, encrypts the key encryption key using a controller encryption key, and encrypts the controller encryption key using a public key of an asymmetric key pair. The private key is stored on a removable storage device. A separate encryption accelerator component decrypts the encryption keys in order to encrypt and/or decrypt host data from a memory of a storage processor. The removable storage drive must be inserted into a receptacle of the encryption accelerator for encryption and/or decryption to be performed, since the encryption accelerator accesses the private key from the removable storage device in order to decrypt the encrypted controller key. The encryption accelerator generates key handles for the storage processor to use when requesting encryption and/or decryption operations.