发明名称 |
Storage encryption |
摘要 |
Storage associated with a virtual machine or other type of device may be migrated between locations (e.g., physical devices, network locations, etc.). To maintain the security of the storage, a system may manage the encryption of the storage area such that a storage area is encrypted with a first encryption key that may be maintained through the migration. A header of the storage area, on the other hand, may be encrypted using a second encryption key and the first encryption key may be stored therein. Upon transfer, the header may be re-encrypted to affect the transfer of security. |
申请公布号 |
US9509501(B2) |
申请公布日期 |
2016.11.29 |
申请号 |
US201514679363 |
申请日期 |
2015.04.06 |
申请人 |
Citrix Systems, Inc. |
发明人 |
Bursell Michael |
分类号 |
G06F12/14;H04L9/08;G06F9/48;G06F21/62;G06F9/455;G06F21/60;H04L9/14;G06F3/06 |
主分类号 |
G06F12/14 |
代理机构 |
Banner & Witcoff, Ltd. |
代理人 |
Banner & Witcoff, Ltd. |
主权项 |
1. A non-transitory computer-readable medium storing instructions that, when executed by a processor of an apparatus, cause the apparatus to:
encrypt a storage area provisioned for a virtual or actual machine with a first encryption key, the storage area storing data; store the first encryption key in a header of the storage area, wherein the header and the data stored in the storage area are logically separate from one another; generate a second encryption key and store the second encryption key in the header; encrypt the header and the first encryption key stored therein with the second encryption key; and migrate the storage area, including:
decrypting the first encryption key with the second encryption key;encrypting the first encryption key with a third encryption key; andremoving the second encryption key from the header after encrypting the first encryption key with the third encryption key. |
地址 |
Fort Lauderdale FL US |