Managing distribution and retrieval of security key fragments among proxy storage devices

摘要

A method performed by a processor of a computer, includes obtaining a security key associated with data, dividing the security key into key fragments, and distributing different ones of the key fragments to different proxy storage devices. Key fragments are received from the proxy storage devices, a reconstructed security key is generated based on the key fragments received from the proxy storage devices, and programmatic access to the data is controlled based on the reconstructed security key. Related computer program products and systems are disclosed.

主权项

1. A method comprising:
performing operations as follows on a processor of a computer: obtaining a security key associated with data; dividing the security key into key fragments; distributing different ones of the key fragments to different proxy storage devices, wherein the obtaining a security key associated with data, the dividing the security key into key fragments, and the distributing different ones of the key fragments to different proxy storage devices are performed by program code that encapsulates application programming interfaces of the key management program; receiving the key fragments from the proxy storage devices; generating a reconstructed security key based on the key fragments received from the proxy storage devices; controlling programmatic access to the data based on the reconstructed security key, wherein the obtaining a security key associated with data, comprises obtaining a plurality of security keys managed by a key management program; and further comprising repeating for each of the plurality of security keys, the dividing the security key into key fragments and the distributing different ones of the key fragments to different proxy storage devices, wherein the key fragments from one of the plurality of security keys are distributed to a group of the proxy storage devices selected based on the group containing at least one proxy storage device that is not within another group of the proxy storage devices that receives distribution of key fragments from another one of the plurality of security keys.