公开(公告)号：US20230421389A1

公开(公告)日：2023-12-28

申请号：US17808777

申请日：2022-06-24

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Christopher Anthony Grant Hillier ,  Gareth David Richards ,  Ludovic Emmanuel Paul Noel Jacquin ,  Thomas M. Laffey

IPC: H04L9/32 ,  G06F21/64 ,  G06F21/60 ,  H04L41/0893

CPC classification number: H04L9/3263 ,  G06F21/64 ,  G06F21/602 ,  H04L41/0893

Abstract: A process includes communicating by a first device, with a second device. The communicating includes the first device receiving data from the second device that represents a certificate. The certificate binds a hierarchy of logical identifiers to a cryptographic key. The hierarchy of identifiers includes a first logical identifier that corresponds to a group membership. The process includes authenticating, by the first device, the second device based on the certificate. The process includes allowing, by the first device, a secure connection to be set up between the first device and the second device based on whether the first logical identifier represents that the second device is a member of a first group of devices of which the first device is a member.

公开(公告)号：US11226867B2

公开(公告)日：2022-01-18

申请号：US16398069

申请日：2019-04-29

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Gareth David Richards ,  Glenn S. Watkins ,  John Michael Czerkowicz

IPC: G06F11/14 ,  H04L9/08 ,  H04L29/08 ,  G06F9/455 ,  G06F21/62

Abstract: Example implementations relate to encrypting data objects. In an example, data objects of a file system instance contained by a security domain are encrypted using a Data Encryption Key that is specific to the security domain and is wrapped by a Key Encryption Key shared exclusively within a cluster. A backup of the file system instance is created on a backup node. The backup includes at least some of the encrypted data objects. The DEK is sent to the backup node. The backup node cannot decrypt the backup unless the backup node is a member of the cluster and has access to the KEK to unwrap the DEK.

公开(公告)号：US12244733B2

公开(公告)日：2025-03-04

申请号：US17808777

申请日：2022-06-24

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Christopher Anthony Grant Hillier ,  Gareth David Richards ,  Ludovic Emmanuel Paul Noel Jacquin ,  Thomas M. Laffey

IPC: H04L9/32 ,  G06F21/60 ,  G06F21/64 ,  H04L41/0893

Abstract: A process includes communicating by a first device, with a second device. The communicating includes the first device receiving data from the second device that represents a certificate. The certificate binds a hierarchy of logical identifiers to a cryptographic key. The hierarchy of identifiers includes a first logical identifier that corresponds to a group membership. The process includes authenticating, by the first device, the second device based on the certificate. The process includes allowing, by the first device, a secure connection to be set up between the first device and the second device based on whether the first logical identifier represents that the second device is a member of a first group of devices of which the first device is a member.

公开(公告)号：US20200341860A1

公开(公告)日：2020-10-29

申请号：US16398069

申请日：2019-04-29

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Gareth David Richards ,  Glenn S. Watkins ,  John Michael Czerkowicz

IPC: G06F11/14 ,  H04L9/08 ,  H04L29/08 ,  G06F21/62 ,  G06F9/455

Abstract: Example implementations relate to encrypting data objects. In an example, data objects of a file system instance contained by a security domain are encrypted using a Data Encryption Key that is specific to the security domain and is wrapped by a Key Encryption Key shared exclusively within a cluster. A backup of the file system instance is created on a backup node. The backup includes at least some of the encrypted data objects. The DEK is sent to the backup node. The backup node cannot decrypt the backup unless the backup node is a member of the cluster and has access to the KEK to unwrap the DEK.

公开(公告)号：US11100235B2

公开(公告)日：2021-08-24

申请号：US16397661

申请日：2019-04-29

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Gareth David Richards ,  Glenn S. Watkins ,  John Michael Czerkowicz

IPC: G06F21/60 ,  G06F11/14 ,  G06F21/62 ,  H04L9/32 ,  G06F16/901 ,  H04L9/08

Abstract: Example implementations relate to encrypting data objects. In an example, data objects of a file system instance contained by a security domain are encrypted using a Data Encryption Key that is specific to the security domain and is wrapped by a Key Encryption Key shared exclusively within a cluster. A root object of the file system instance is encrypted using a Metadata Encryption Key. A backup of the file system instance is created on a backup node. The Data Encryption Key and the Metadata Encryption Key are sent to the backup node.

公开(公告)号：US20200342117A1

公开(公告)日：2020-10-29

申请号：US16397661

申请日：2019-04-29

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Gareth David Richards ,  Glenn S. Watkins ,  John Michael Czerkowicz

IPC: G06F21/60 ,  G06F11/14 ,  G06F21/62 ,  H04L9/08 ,  G06F16/901 ,  H04L9/32

Abstract: Example implementations relate to encrypting data objects. In an example, data objects of a file system instance contained by a security domain are encrypted using a Data Encryption Key that is specific to the security domain and is wrapped by a Key Encryption Key shared exclusively within a cluster. A root object of the file system instance is encrypted using a Metadata Encryption Key. A backup of the file system instance is created on a backup node. The Data Encryption Key and the Metadata Encryption Key are sent to the backup node.

公开(公告)号：US11113408B2

公开(公告)日：2021-09-07

申请号：US16105214

申请日：2018-08-20

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Gareth David Richards ,  Michael William Francis Healey, Jr.

IPC: G06F21/60 ,  G06F21/62 ,  H04L9/08 ,  H04L9/14

Abstract: A method for use in managing a secure object store in a computing system includes: securing the secure object store including creating, maintaining, and using a hierarchical key system and accessing an encrypted data object using the Node Key Encryption Key and a selected one of the Data Encryption Keys. The securing includes: generating a Node Key Encryption Key; generating a plurality of Data Encryption Keys that are encrypted using the Node Key Encryption Key; and encrypting a plurality of data objects using the Data Encryption Keys, each data object being encrypted by a respective Data Encryption Key.

公开(公告)号：US20200057859A1

公开(公告)日：2020-02-20

申请号：US16105214

申请日：2018-08-20

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Gareth David Richards ,  Michael William Francis Healey, JR.

IPC: G06F21/60 ,  H04L9/08 ,  H04L9/14 ,  G06F21/62

Abstract: A method for use in managing a secure object store in a computing system includes: securing the secure object store including creating, maintaining, and using a hierarchical key system and accessing an encrypted data object using the Node Key Encryption Key and a selected one of the Data Encryption Keys. The securing includes: generating a Node Key Encryption Key; generating a plurality of Data Encryption Keys that are encrypted using the Node Key Encryption Key; and encrypting a plurality of data objects using the Data Encryption Keys, each data object being encrypted by a respective Data Encryption Key.