发明名称 |
MANAGEMENT OF ENCRYPTION KEYS FOR MULTI-MODE NETWORK STORAGE DEVICE |
摘要 |
One method for managing encryption includes identifying an available or a secure mode. During restarts a passphrase must be entered in secure mode but not in available mode. Further, a master key is created for encrypting volume keys, where master and volume encryption keys are not stored in non-volatile memory (NVRAM) nor in disk storage. A half-key is created by encrypting the master key with a secure key, the secure key and the encrypted volume encryption keys being stored in disk storage. The half-key is stored in NVRAM only in available mode but not in secure mode. The master key is recreated during a restart when operating in the available mode by decrypting the NVRAM half-key with the secure key from disk storage. Further, the passphrase must be entered by an operator to recreate the half-key and the master key during a restart in the secure mode. |
申请公布号 |
US2016342532(A1) |
申请公布日期 |
2016.11.24 |
申请号 |
US201615153706 |
申请日期 |
2016.05.12 |
申请人 |
Nimble Storage, Inc. |
发明人 |
Peacock John Kent;Barszczak Tomasz;Rowe Brian |
分类号 |
G06F12/14;H04L9/08;G06F3/06 |
主分类号 |
G06F12/14 |
代理机构 |
|
代理人 |
|
主权项 |
1. A method comprising:
identifying one of an available mode or a secure mode for a network storage device, wherein the available mode does not require entering a passphrase for restarts of the network storage device and the secure mode requires entering the passphrase for restarts, the network storage device including a non-volatile memory and disk storage; creating a master key used for encrypting volume keys in the network storage device, wherein the master key and the volume keys are not stored in the non-volatile memory nor in the disk storage; creating a half key by encrypting the master key with a secure key, wherein the secure key and the encrypted volume keys are stored in the disk storage; storing the half key in the non-volatile memory when operating in available mode and keeping the half key out of the non-volatile memory when operating in secure mode; recreating the master key, during a restart when operating in the available mode, by decrypting the half key stored in the non-volatile memory with the secure key stored in disk storage; and requesting the passphrase to be entered by an operator, during a restart when operating in the secure mode, to recreate the half key and the master key. |
地址 |
San Jose CA US |