公开(公告)号：US08300831B2

公开(公告)日：2012-10-30

申请号：US12767723

申请日：2010-04-26

申请人： David Ray Kahler ,  Anjul Mathur ,  Richard Anthony Ripberger ,  Jacob Lee Sheppard ,  Glen Alan Jaquette

发明人： David Ray Kahler ,  Anjul Mathur ,  Richard Anthony Ripberger ,  Jacob Lee Sheppard ,  Glen Alan Jaquette

IPC分类号： H04L9/00

CPC分类号： H04L9/083 ,  H04L9/0825

摘要： Provided are a computer program product, system and method for a redundant key server encryption environment. A key server transmits public keys associated with the key server and at least one device to at least one remote key server. The key server receives from the at least one remote key server public keys associated with the at least one remote key server. The key server receives a request for an encryption key from a requesting device comprising one of the at least one device and generates the encryption key for use by the requesting device to unlock a storage. The key server generates a first wrapped encryption key by encrypting the encryption key with a requesting device public key associated with the requesting device. The key server generates a second wrapped encryption key by encrypting the encryption key with a public key associated with the key server. At least one additional wrapped encryption key is generated for each of the at least one remote key server by encrypting the encryption key with the at least one public key provided by the at least one remote key server. The key server transmits the first, second and the at least one additional wrapped encryption key to the requesting device.

摘要翻译： 提供了一种用于冗余密钥服务器加密环境的计算机程序产品，系统和方法。 密钥服务器将与密钥服务器和至少一个设备相关联的公钥传送到至少一个远程密钥服务器。 密钥服务器从与至少一个远程密钥服务器相关联的至少一个远程密钥服务器公钥接收。 密钥服务器从包括至少一个设备之一的请求设备接收到对加密密钥的请求，并且生成加密密钥以供请求设备使用以解锁存储。 密钥服务器通过使用与请求设备相关联的请求设备公钥对加密密钥进行加密来生成第一封包加密密钥。 密钥服务器通过使用与密钥服务器相关联的公钥加密加密密钥来生成第二封包加密密钥。 通过利用由至少一个远程密钥服务器提供的至少一个公共密钥对加密密钥进行加密，为至少一个远程密钥服务器中的每一个生成至少一个附加的包装加密密钥。 密钥服务器将第一，第二和至少一个附加的包装加密密钥发送到请求设备。

公开(公告)号：US08494170B2

公开(公告)日：2013-07-23

申请号：US13453730

申请日：2012-04-23

申请人： David Ray Kahler ,  Anjul Mathur ,  Richard Anthony Ripberger ,  Jacob Lee Sheppard ,  Glen Alan Jaquette

发明人： David Ray Kahler ,  Anjul Mathur ,  Richard Anthony Ripberger ,  Jacob Lee Sheppard ,  Glen Alan Jaquette

IPC分类号： H04L29/06

CPC分类号： H04L9/083 ,  H04L9/0825

摘要： Provided are a computer program product, system and method for a redundant key server encryption environment. A key server receives from at least one remote key server public keys associated with the at least one remote key server. The key server receives a request for an encryption key from a requesting device and generates the encryption key for use by the requesting device to unlock a storage. The key server generates a first wrapped encryption key by encrypting the encryption key with a requesting device public key, a second wrapped encryption key by encrypting the encryption key with a public key associated with the key server, and at least one additional wrapped encryption key by encrypting the encryption key with the at least one public key provided by the at least one remote key server. The key server transmits the generated keys to the requesting device.

摘要翻译： 提供了一种用于冗余密钥服务器加密环境的计算机程序产品，系统和方法。 密钥服务器从至少一个远程密钥服务器接收与所述至少一个远程密钥服务器相关联的公钥。 密钥服务器从请求设备接收到加密密钥的请求，并生成加密密钥以供请求设备使用以解锁存储。 密钥服务器通过用请求设备公钥加密加密密钥来生成第一包装加密密钥，第二包装加密密钥通过用与密钥服务器相关联的公钥加密加密密钥，以及至少一个附加的包装加密密钥由 使用由所述至少一个远程密钥服务器提供的所述至少一个公共密钥加密所述加密密钥。 密钥服务器将生成的密钥发送到请求设备。

公开(公告)号：US20120233455A1

公开(公告)日：2012-09-13

申请号：US13453730

申请日：2012-04-23

申请人： David Ray Kahler ,  Anjul Mathur ,  Richard Anthony Ripberger ,  Jacob Lee Sheppard ,  Glen Alan Jaquette

发明人： David Ray Kahler ,  Anjul Mathur ,  Richard Anthony Ripberger ,  Jacob Lee Sheppard ,  Glen Alan Jaquette

IPC分类号： H04L9/28

CPC分类号： H04L9/083 ,  H04L9/0825

摘要： Provided are a computer program product, system and method for a redundant key server encryption environment. A key server receives from at least one remote key server public keys associated with the at least one remote key server. The key server receives a request for an encryption key from a requesting device and generates the encryption key for use by the requesting device to unlock a storage. The key server generates a first wrapped encryption key by encrypting the encryption key with a requesting device public key, a second wrapped encryption key by encrypting the encryption key with a public key associated with the key server, and at least one additional wrapped encryption key by encrypting the encryption key with the at least one public key provided by the at least one remote key server. The key server transmits the generated keys to the requesting device.

摘要翻译： 提供了一种用于冗余密钥服务器加密环境的计算机程序产品，系统和方法。 密钥服务器从至少一个远程密钥服务器接收与所述至少一个远程密钥服务器相关联的公钥。 密钥服务器从请求设备接收到加密密钥的请求，并生成加密密钥以供请求设备使用以解锁存储。 密钥服务器通过用请求设备公钥加密加密密钥来生成第一包装加密密钥，第二包装加密密钥通过用与密钥服务器相关联的公钥加密加密密钥，以及至少一个附加的包装加密密钥由 使用由所述至少一个远程密钥服务器提供的所述至少一个公共密钥加密所述加密密钥。 密钥服务器将生成的密钥发送到请求设备。

公开(公告)号：US20110261964A1

公开(公告)日：2011-10-27

申请号：US12767723

申请日：2010-04-26

申请人： David Ray Kahler ,  Anjul Mathur ,  Richard Anthony Ripberger ,  Jacob Lee Sheppard ,  Glen Alan Jaquette

发明人： David Ray Kahler ,  Anjul Mathur ,  Richard Anthony Ripberger ,  Jacob Lee Sheppard ,  Glen Alan Jaquette

IPC分类号： H04L9/08 ,  H04L9/00

CPC分类号： H04L9/083 ,  H04L9/0825

摘要： Provided are a computer program product, system and method for a redundant key server encryption environment. A key server transmits public keys associated with the key server and at least one device to at least one remote key server. The key server receives from the at least one remote key server public keys associated with the at least one remote key server. The key server receives a request for an encryption key from a requesting device comprising one of the at least one device and generates the encryption key for use by the requesting device to unlock a storage. The key server generates a first wrapped encryption key by encrypting the encryption key with a requesting device public key associated with the requesting device. The key server generates a second wrapped encryption key by encrypting the encryption key with a public key associated with the key server. At least one additional wrapped encryption key is generated for each of the at least one remote key server by encrypting the encryption key with the at least one public key provided by the at least one remote key server. The key server transmits the first, second and the at least one additional wrapped encryption key to the requesting device.

摘要翻译： 提供了一种用于冗余密钥服务器加密环境的计算机程序产品，系统和方法。 密钥服务器将与密钥服务器和至少一个设备相关联的公钥传送到至少一个远程密钥服务器。 密钥服务器从与至少一个远程密钥服务器相关联的至少一个远程密钥服务器公钥接收。 密钥服务器从包括至少一个设备之一的请求设备接收到对加密密钥的请求，并且生成加密密钥以供请求设备使用以解锁存储。 密钥服务器通过使用与请求设备相关联的请求设备公钥对加密密钥进行加密来生成第一封包加密密钥。 密钥服务器通过使用与密钥服务器相关联的公钥加密加密密钥来生成第二封包加密密钥。 通过利用由至少一个远程密钥服务器提供的至少一个公共密钥对加密密钥进行加密，为至少一个远程密钥服务器中的每一个生成至少一个附加的包装加密密钥。 密钥服务器将第一，第二和至少一个附加的包装加密密钥发送到请求设备。

公开(公告)号：US10133883B2

公开(公告)日：2018-11-20

申请号：US12368032

申请日：2009-02-09

申请人： David Ray Kahler ,  Anjul Mathur ,  Richard Anthony Ripberger

发明人： David Ray Kahler ,  Anjul Mathur ,  Richard Anthony Ripberger

IPC分类号： G06F21/80 ,  G06F11/14 ,  G06F12/0804 ,  G06F21/81 ,  G06F12/0866

摘要： A method, system, and computer program product for safeguarding nonvolatile storage (NVS) data by a processor in communication with a memory device following a power loss event is provided. A first portion of the NVS data is encrypted using a first buffer module. Subsequently the first portion of the NVS data is transferred to at least one shared storage device, while a second portion of the NVS data is simultaneously encrypted using a second buffer module. The second portion of the NVS data is subsequently transferred to the at least one shared storage device.

公开(公告)号：US08140865B2

公开(公告)日：2012-03-20

申请号：US12367484

申请日：2009-02-06

申请人： David Ray Kahler ,  Richard Anthony Ripberger

发明人： David Ray Kahler ,  Richard Anthony Ripberger

IPC分类号： G06F21/00

CPC分类号： G06F21/6218

摘要： A computational device receives input information on characteristics of customer data, critical metadata, and non-critical metadata, and characteristics of disk array configurations, wherein customer data is to be stored encrypted, wherein critical metadata is to be stored non-encrypted, and wherein non-critical metadata is to be stored encrypted or non-encrypted. The computational device determines band boundary information based on the received input information. Encrypting disks with pre-established bands are created based on the band boundary information and the encrypting disks are pre-initialized.

摘要翻译： 计算设备接收关于客户数据，关键元数据和非关键元数据的特征以及磁盘阵列配置的特征的输入信息，其中客户数据要被加密地存储，其中关键元数据将要被非加密存储，并且其中 非关键元数据将被加密或未加密存储。 计算装置根据接收到的输入信息确定频带边界信息。 基于带边界信息创建具有预先建立的频带的磁盘加密，并且加密磁盘被预初始化。

公开(公告)号：US20100205453A1

公开(公告)日：2010-08-12

申请号：US12367484

申请日：2009-02-06

申请人： David Ray Kahler ,  Richard Anthony Ripberger

发明人： David Ray Kahler ,  Richard Anthony Ripberger

IPC分类号： H04L9/06 ,  G06F12/00

CPC分类号： G06F21/6218

摘要： A computational device receives input information on characteristics of customer data, critical metadata, and non-critical metadata, and characteristics of disk array configurations, wherein customer data is to be stored encrypted, wherein critical metadata is to be stored non-encrypted, and wherein non-critical metadata is to be stored encrypted or non-encrypted. The computational device determines band boundary information based on the received input information. Encrypting disks with pre-established bands are created based on the band boundary information and the encrypting disks are pre-initialized.

摘要翻译： 计算设备接收关于客户数据，关键元数据和非关键元数据的特征以及磁盘阵列配置的特征的输入信息，其中客户数据要被加密地存储，其中关键元数据将要被非加密存储，并且其中 非关键元数据将被加密或未加密存储。 计算装置根据接收到的输入信息确定频带边界信息。 基于带边界信息创建具有预先建立的频带的磁盘加密，并且加密磁盘被预初始化。

公开(公告)号：US07788530B2

公开(公告)日：2010-08-31

申请号：US11769620

申请日：2007-06-27

申请人： David Ray Kahler ,  Kurt Allen Lovrien ,  Jacob Lee Sheppard

发明人： David Ray Kahler ,  Kurt Allen Lovrien ,  Jacob Lee Sheppard

IPC分类号： G06F11/00 ,  G06F11/20

CPC分类号： G06F11/1417 ,  G06F11/2035 ,  G06F11/2046

摘要： In one version of the present invention, a system to configure a storage server despite an out-of-service storage adapter includes a storage array and a pair of storage servers connected to the storage array via a corresponding pair of storage adapters. The storage servers may be configured to retrieve configuration metadata from the storage array during a system initialization sequence and communicate the configuration metadata to the other storage server in case one of the storage servers is blocked from accessing the storage array due to an out-of-service storage adapter. The storage servers may also be configured to share a processing load despite the out-of-service storage adapter. The configuration metadata may include a variety of definitions and control parameters such as rank definitions, volume definitions, logical subsystem definitions, mirroring parameters, remote archiving parameters, a rank segment table, and page pointer data.

摘要翻译： 在本发明的一个版本中，尽管存在服务外存储适配器的配置存储服务器的系统包括经由相应的一对存储适配器连接到存储阵列的存储阵列和一对存储服务器。 存储服务器可以被配置为在系统初始化序列期间从存储阵列检索配置元数据，并且在存储服务器中的一个被阻止访问存储阵列的情况下将配置元数据传送到另一个存储服务器， 服务存储适配器。 也可以将存储服务器配置为共享处理负载，而不管服务器外的存储适配器。 配置元数据可以包括各种定义和控制参数，例如排名定义，卷定义，逻辑子系统定义，镜像参数，远程归档参数，等级段表和页指针数据。

公开(公告)号：US20090006428A1

公开(公告)日：2009-01-01

申请号：US11769620

申请日：2007-06-27

申请人： David Ray Kahler ,  Kurt Allen Lovrien ,  Jacob Lee Sheppard

发明人： David Ray Kahler ,  Kurt Allen Lovrien ,  Jacob Lee Sheppard

IPC分类号： G06F17/30

CPC分类号： G06F11/1417 ,  G06F11/2035 ,  G06F11/2046

摘要： In one version of the present invention, a system to configure a storage server despite an out-of-service storage adapter includes a storage array and a pair of storage servers connected to the storage array via a corresponding pair of storage adapters. The storage servers may be configured to retrieve configuration metadata from the storage array during a system initialization sequence and communicate the configuration metadata to the other storage server in case one of the storage servers is blocked from accessing the storage array due to an out-of-service storage adapter. The storage servers may also be configured to share a processing load despite the out-of-service storage adapter. The configuration metadata may include a variety of definitions and control parameters such as rank definitions, volume definitions, logical subsystem definitions, mirroring parameters, remote archiving parameters, a rank segment table, and page pointer data.

摘要翻译： 在本发明的一个版本中，尽管存在服务外存储适配器的配置存储服务器的系统包括经由相应的一对存储适配器连接到存储阵列的存储阵列和一对存储服务器。 存储服务器可以被配置为在系统初始化序列期间从存储阵列检索配置元数据，并且在存储服务器中的一个被阻止访问存储阵列的情况下将配置元数据传送到另一个存储服务器， 服务存储适配器。 也可以将存储服务器配置为共享处理负载，而不管服务器外的存储适配器。 配置元数据可以包括各种定义和控制参数，例如排名定义，卷定义，逻辑子系统定义，镜像参数，远程归档参数，等级段表和页指针数据。

公开(公告)号：US08930749B2

公开(公告)日：2015-01-06

申请号：US13437574

申请日：2012-04-02

申请人： Xue Dong Gao ,  Roah Jishi ,  David Ray Kahler ,  Keith Geoffrey Morrison ,  Karl Allen Nielsen ,  Micah Robison ,  Jeremy Leigh Royall

发明人： Xue Dong Gao ,  Roah Jishi ,  David Ray Kahler ,  Keith Geoffrey Morrison ,  Karl Allen Nielsen ,  Micah Robison ,  Jeremy Leigh Royall

IPC分类号： G06F11/00

CPC分类号： G06F11/1092 ,  G06F11/1461 ,  G06F11/1662 ,  G06F11/2094 ,  G06F2211/1059

摘要： For preventing data loss in storage systems a detection is made that a storage device in a plurality of storage devices is experiencing a malfunction. The type of malfunction is determined. A SMART rebuilding technique, a normal building technique, a data migration technique, or a user data backup technique is selected to preserve the data in the storage device based on the determined type of the malfunction. The selected technique is performed on the storage device.

摘要翻译： 为了防止存储系统中的数据丢失，检测到多个存储设备中的存储设备正在经历故障。 确定故障类型。 选择SMART重建技术，正常建筑技术，数据迁移技术或用户数据备份技术，以根据所确定的故障类型来保存存储设备中的数据。 所选择的技术在存储设备上执行。