HOT ENCRYPTION SUPPORT PRIOR TO STORAGE DEVICE ENROLMENT

A storage system (system) includes two storage devices (first device and second device). The first device stores encrypted user data prior to being enrolled with an external key server. The system generates a device access key (DAK) and a device encryption key (DEK) used to encrypt such user data an...

Full description

Saved in:
Bibliographic Details
Main Authors Gazit, Ronen, Margalit, Amit, Barzik, Zah, Leneman, Ofer
Format Patent
LanguageEnglish
Published 21.02.2019
Subjects
CALCULATING
COMPUTING
COUNTING
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRIC DIGITAL DATA PROCESSING
ELECTRICITY
PHYSICS
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online AccessGet full text

Cover

More Information
Summary:A storage system (system) includes two storage devices (first device and second device). The first device stores encrypted user data prior to being enrolled with an external key server. The system generates a device access key (DAK) and a device encryption key (DEK) used to encrypt such user data and encrypts the DEK with the DAK to generate an encrypted DEK (DEK′). The system stores DEK′ in the second device and stores DAK in the first device. The system enrolls the first device with the key server and receives a secure encryption key (SEK). The system obtains DEK′ and DAK, which are subsequently deleted from the first and second storage device, respectively. A new DAK′ is generated utilizing SEK and a first device identifier. The DEK is encrypted utilizing DAK′ to form DEK″. The system indicates DAK′ is an externally derived key and saves DEK″ to the second device.
Bibliography:Application Number: US201715679382