Disk array device and data management method for disk array device

摘要

A disk array device comprises a first storage unit that stores encrypted user data, a second storage unit that is different from the first storage unit and locks and stores configuration information including a first encrypted authentication key that unlocks the encrypted user data, a management unit that includes a decoder that decodes the first encrypted authentication key and a control unit that unlocks the locked configuration information using a second authentication key, the management unit managing data using the first and second authentication keys. the management unit includes a configuration information recovery portion that unlocks the locked configuration information by using the second authentication key and recovers the configuration information during booting and a user data unlocking portion that decodes the first encrypted authentication key included in the configuration information and unlocks the encrypted user data stored in the first storage unit by using the first decoded authentication key.

主权项

1. A disk array device comprising:
a first storage unit configured to store encrypted user data obtained by encrypting user data; a second storage unit different from the first storage unit and configured to lock and store configuration information including a first encrypted authentication key that unlocks the encrypted user data; and a management unit including a decoder configured to decode the first encrypted authentication key and a control unit configured to unlock the locked configuration information using a second authentication key, the management unit configured to manage data using the first and second authentication keys, wherein: the management unit comprises:
a configuration information recovery portion configured to unlock the locked configuration information by using the second authentication key and to recover the configuration information during booting; anda user data unlocking portion configured to decode the first encrypted authentication key included in the recovered configuration information and to unlock the encrypted user data stored in the first storage unit by using the first decoded authentication;the first storage unit is a pool configured of a plurality of storage devices;the second storage unit is configured to store only the configuration information; andwhen the second storage unit is unbound, the control unit sets an authentication key of a storage unit that is unbound from the first authentication key to a default authentication key.