HOT ENCRYPTION SUPPORT PRIOR TO STORAGE DEVICE ENROLMENT
A storage system (system) includes two storage devices (first device and second device). The first device stores encrypted user data prior to being enrolled with an external key server. The system generates a device access key (DAK) and a device encryption key (DEK) used to encrypt such user data an...
Saved in:
Main Authors | , , , |
---|---|
Format | Patent |
Language | English |
Published |
21.02.2019
|
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | A storage system (system) includes two storage devices (first device and second device). The first device stores encrypted user data prior to being enrolled with an external key server. The system generates a device access key (DAK) and a device encryption key (DEK) used to encrypt such user data and encrypts the DEK with the DAK to generate an encrypted DEK (DEK′). The system stores DEK′ in the second device and stores DAK in the first device. The system enrolls the first device with the key server and receives a secure encryption key (SEK). The system obtains DEK′ and DAK, which are subsequently deleted from the first and second storage device, respectively. A new DAK′ is generated utilizing SEK and a first device identifier. The DEK is encrypted utilizing DAK′ to form DEK″. The system indicates DAK′ is an externally derived key and saves DEK″ to the second device. |
---|---|
Bibliography: | Application Number: US201715679382 |