| 发明名称 |
DATA PROTECTION IN A STORAGE SYSTEM USING EXTERNAL SECRETS |
| 摘要 |
A system, method, and computer-readable storage medium for protecting a set of storage devices using a secret sharing scheme in combination with an external secret. An initial master secret is generated and then transformed into a final master secret using an external secret. A plurality of shares are generated from the initial master secret and distributed to the storage devices. The data of each storage device is encrypted with a device-specific key, and this key is encrypted using the final master secret. In order to read the data on a given storage device, the initial master secret reconstructed from a threshold number of shares and the external secret is retrieved. Next, the initial master secret is transformed into the final master secret using the external secret, and then the final master secret is used to decrypt the encrypted key of a given storage device. |
| 申请公布号 |
US2015127946(A1) |
申请公布日期 |
2015.05.07 |
| 申请号 |
US201314073618 |
申请日期 |
2013.11.06 |
| 申请人 |
PURE STORAGE, INC. |
发明人 |
Miller Ethan;Colgrove John;Hayes John |
| 分类号 |
H04L9/08 |
主分类号 |
H04L9/08 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A computing system comprising a plurality of storage devices, wherein the computing system is configured to:
generate a plurality of shares from an initial master secret; store one or more shares on one or more storage devices of the plurality of storage devices; transform the initial master secret into a final master secret using one or more external secrets, wherein the one or more external secrets are stored separately from the computing system; and utilize the final master secret to encrypt at least a portion of data stored on each storage device of the plurality of storage devices. |
| 地址 |
Mountain View CA US |
