摘要 |
A data storage system employs data encryption to increase data security, and techniques for ensuring consistency of key information maintained and used throughout the system to reduce the likelihood that data will become non-recoverable due to the use of an incorrect encryption key. In one aspect, a verification process is performed between a key table at a central storage processor and key tables containing decrypted copies of the same information that are stored and utilized at separate input/output (I/O) modules. The verification process includes computing respective hash values at the I/O modules and at the storage processor and comparing the hash values to determine whether they match, a match indicating that the tables are consistent and a non-match indicating that the tables are not consistent. In another aspect, an I/O module performs a check prior to performing an encryption/decryption operation as part of processing an I/O command to ensure that the correct key will be utilized. This check involves comparing address information from the I/O command to address information stored in association with the data encryption key. If the address information is consistent, it indicates that the specified data encryption key is the correct key to be used for the encryption/decryption operation.
|