| 发明名称 | Systems and methods for accessing storage or network based replicas of encryped volumes with no additional key management | ||
| 摘要 | A computer implemented method for creating an encrypted logical unit is provided. A first identification number is received, the first identification number associated with a first encryption key used to encrypt a first logical unit. The first identification number and the first encryption key are stored at a first secure location, where the first secure location provides the first encryption key to a requester in response to receiving the first identification number from the requester, assuming the requester provides security credentials. A first metadata storage space is defined on the first logical unit, the first metadata storage space comprising a region on the first logical unit that remains unencrypted. The first identification number is stored in the first metadata storage space on the first logical unit. | ||
| 申请公布号 | US8966281(B1) | 申请公布日期 | 2015.02.24 |
| 申请号 | US201313778269 | 申请日期 | 2013.02.27 |
| 申请人 | EMC Corporation | 发明人 | Raizen Helen S.;Freund David W.;Harwood John;Bappe Michael E. |
| 分类号 | H04L9/08;H04L29/06 | 主分类号 | H04L9/08 |
| 代理机构 | Daly, Crowley, Mofford & Durkee, LLP | 代理人 | Daly, Crowley, Mofford & Durkee, LLP |
| 主权项 | 1. A computer implemented method for creating an encrypted virtual logical unit (VLU), the method comprising the unordered steps of: providing a first input/output (I/O) filter system configured as part of a first I/O stack in operable communication with a first host, the first host comprising a processor; disposing the first I/O filter system on the first I/O stack so as to enable the I/O filter system to present a virtual logical unit (VLU) to the first host, the VLU associated with at least one data storage device, the first VLU comprising a first plaintext metadata storage space and a first encrypted data storage space in operable communication with the first I/O filter system, wherein: the first plaintext metadata storage space comprises an unencrypted plaintext region on the first VLU that is configured to remain unencrypted, to store unencrypted metadata, to be available only for read and write I/O commands that originate from the first I/O filter system, and to be unavailable for read and write I/O commands that originate from entities disposed above or executing above the first I/O filter system;the first encrypted data storage space comprises a region on the first VLU that is configured to store encrypted information that has been encrypted with and can be decrypted using an encryption key; andthe first I/O filter system is configured to ensure that all communications between the first VLU and entities disposed above or executing above the first I/O filter system in the first I/O stack, including reads and writes to the first VLU, pass through the first I/O filter system; configuring the first I/O filter system to store in the first plaintext metadata storage space on the first VLU, a first unique identification number (UIN) that is independent of the encryption key, wherein the first UIN is usable to retrieve the encryption key from a secure location. | ||
| 地址 | Hopkinton MA US | ||