公开(公告)号：US08751828B1

公开(公告)日：2014-06-10

申请号：US12977789

申请日：2010-12-23

申请人： Helen Raizen ,  Michael Emerald Bappe ,  Edith Epstein ,  Atul Kabra ,  Cesareo Contreras ,  Assaf Natanzon ,  Harold Martin Sandstrom

发明人： Helen Raizen ,  Michael Emerald Bappe ,  Edith Epstein ,  Atul Kabra ,  Cesareo Contreras ,  Assaf Natanzon ,  Harold Martin Sandstrom

IPC分类号： G06F12/14

CPC分类号： H04L9/08 ,  G06F21/6218

摘要： A host in an encrypted data storage system sends encryption metadata associated with an encrypted logical volume (LV) from a key controller module to an encryption endpoint via a storage I/O stack. The encryption metadata identifies an encryption key and encrypted regions of the LV, and the sending results in establishment of one or more shared associations between the key controller module and the encryption endpoint which associates the encrypted LV with the encryption metadata for the encrypted LV. A data storage operation is performed on the encrypted LV by sending a data storage command from the key controller module to an encrypted region of the encryption endpoint via the storage I/O stack. The encryption endpoint uses the encryption metadata associated with the encrypted LV to cryptographically process data of the data storage operation.

摘要翻译： 加密数据存储系统中的主机经由存储I / O堆栈将与加密的逻辑卷（LV）相关联的加密元数据从密钥控制器模块发送到加密端点。 加密元数据识别LV的加密密钥和加密区域，并且发送结果建立密钥控制器模块和加密端点之间的一个或多个共享关联，其将加密的LV与加密的LV的加密元数据相关联。 通过经由存储I / O堆栈将数据存储命令从密钥控制器模块发送到加密端点的加密区域，对加密的LV进行数据存储操作。 加密端点使用与加密的LV相关联的加密元数据来密码地处理数据存储操作的数据。