公开(公告)号：US20100086134A1

公开(公告)日：2010-04-08

申请号：US12244888

申请日：2008-10-03

申请人： Octavian T. Ureche ,  Scott A. Brender ,  Elden Theodore Christensen ,  Rajsekhar Das

发明人： Octavian T. Ureche ,  Scott A. Brender ,  Elden Theodore Christensen ,  Rajsekhar Das

IPC分类号： H04L9/06

CPC分类号： H04L9/08 ,  G06F21/80 ,  H04L9/0891

摘要： Full volume encryption can be applied to volumes in a clustering environment. To simplify the maintenance of keys relevant to such encrypted volumes, a cluster key table construct can be utilized, where each entry of the cluster key table corresponds to an encrypted volume and comprises an identification of the encrypted volume and a key needed to access that volume. Keys can be protected by encrypting them with a key specific to each computing device storing the cluster key table. Updates can be propagated among the computing devices in the cluster by first decrypting the keys and then reencrypting them with a key specific to each computing device as they are stored on those computing devices. Access control requirements can also be added to the entries in the cluster key table. Alternative access control requirements can be accommodated by assigning multiple independent entries to a single encrypted volume.

摘要翻译： 完整卷加密可以应用于群集环境中的卷。 为了简化与这种加密卷相关的密钥的维护，可以利用集群密钥表结构，其中集群密钥表的每个条目对应于加密卷，并且包括加密卷的标识和访问该卷所需的密钥 。 可以使用特定于存储群集密钥表的每个计算设备的密钥对密钥进行加密来保护密钥。 可以通过首先对密钥进行解密，然后在每个计算设备存储在这些计算设备上的每个计算设备特定的密钥来重新加密，从而可以在群集中的计算设备之间传播更新。 访问控制要求也可以添加到群集密钥表中的条目。 可以通过将多个独立条目分配给单个加密卷来实现替代的访问控制要求。

公开(公告)号：US08411863B2

公开(公告)日：2013-04-02

申请号：US12244888

申请日：2008-10-03

申请人： Octavian T. Ureche ,  Scott A. Brender ,  Elden Theodore Christensen ,  Rajsekhar Das

发明人： Octavian T. Ureche ,  Scott A. Brender ,  Elden Theodore Christensen ,  Rajsekhar Das

IPC分类号： H04L9/00

CPC分类号： H04L9/08 ,  G06F21/80 ,  H04L9/0891

摘要： Full volume encryption can be applied to volumes in a clustering environment. To simplify the maintenance of keys relevant to such encrypted volumes, a cluster key table construct can be utilized, where each entry of the cluster key table corresponds to an encrypted volume and comprises an identification of the encrypted volume and a key needed to access that volume. Keys can be protected by encrypting them with a key specific to each computing device storing the cluster key table. Updates can be propagated among the computing devices in the cluster by first decrypting the keys and then reencrypting them with a key specific to each computing device as they are stored on those computing devices. Access control requirements can also be added to the entries in the cluster key table. Alternative access control requirements can be accommodated by assigning multiple independent entries to a single encrypted volume.

摘要翻译： 完整卷加密可以应用于群集环境中的卷。 为了简化与这种加密卷相关的密钥的维护，可以利用集群密钥表结构，其中集群密钥表的每个条目对应于加密卷，并且包括加密卷的标识和访问该卷所需的密钥 。 可以使用特定于存储群集密钥表的每个计算设备的密钥对密钥进行加密来保护密钥。 可以通过首先对密钥进行解密，然后在每个计算设备存储在这些计算设备上的每个计算设备特定的密钥来重新加密，从而可以在群集中的计算设备之间传播更新。 访问控制要求也可以添加到群集密钥表中的条目。 可以通过将多个独立条目分配给单个加密卷来实现替代的访问控制要求。