| 发明名称 | Multi-drive cooperation to generate an encryption key | ||
| 摘要 | A system, method, and computer-readable storage medium for protecting a set of storage devices using a secret sharing scheme. The data of each storage device is encrypted with a key, and the key is encrypted based on a shared secret and a device-specific value. Each storage device stores a share and its encrypted key, and if a number of storage devices above a threshold are available, then the shared secret can be reconstructed from the shares and used to decrypt the encrypted keys. Otherwise, the secret cannot be reconstructed if less than the threshold number of storage devices are accessible, and then data on the storage devices will be unreadable. | ||
| 申请公布号 | US9548972(B2) | 申请公布日期 | 2017.01.17 |
| 申请号 | US201414258826 | 申请日期 | 2014.04.22 |
| 申请人 | Pure Storage, Inc. | 发明人 | Miller Ethan;Colgrove John;Hayes John |
| 分类号 | H04L29/06;H04L9/08;G06F21/78 | 主分类号 | H04L29/06 |
| 代理机构 | Kennedy Lenart Spraggins LLP | 代理人 | Lenart Edward J.;Kennedy Lenart Spraggins LLP |
| 主权项 | 1. A method comprising: for each storage device of the plurality of storage devices, encrypt data on the storage device with a device key, wherein the device key that encrypts the data on one storage device is different than another device key that encrypts data on another storage device; use a master secret to both encrypt all of the device keys used to encrypt data on the plurality of storage devices, and to generate a plurality of shares from the master secret; and for a first storage device of the plurality of storage devices, store a first share of the plurality of shares from the master secret, a first device key encrypted using the master secret, and first storage device data encrypted with the first device key. | ||
| 地址 | Mountain View CA US | ||