-
公开(公告)号:US07908472B2
公开(公告)日:2011-03-15
申请号:US09900515
申请日:2001-07-06
申请人: Michael Freed , Elango Gannesan , Praveen Patnala
发明人: Michael Freed , Elango Gannesan , Praveen Patnala
IPC分类号: H04L29/06 , H04L9/32 , H04L9/28 , G06F12/14 , G06F7/04 , G06F17/00 , G06F15/16 , G06F15/173 , H04K1/00
摘要: An acceleration apparatus is adapted to operate in a direct mode and a proxy mode. In the direct mode, the acceleration apparatus decrypts data packets received from a client and forwards the decrypted data packets to a server using a communication session negotiated by the client and the server. In the proxy mode, the acceleration apparatus responds to the client on behalf of the server and forwards the decrypted data packets to the server using a communication session negotiated by the acceleration device and the server. The acceleration apparatus automatically switches from the direct mode to the proxy mode upon detection of a communication error associated with the communication session negotiated by the client and the server.
摘要翻译: 加速装置适于以直接模式和代理模式操作。 在直接模式中,加速装置解密从客户端接收的数据分组,并使用由客户机和服务器协商的通信会话将解密的数据分组转发到服务器。 在代理模式中,加速装置代表服务器对客户端进行响应,并使用由加速设备和服务器协商的通信会话将解密的数据分组转发到服务器。 在检测到与客户机和服务器协商的通信会话相关联的通信错误时,加速设备自动地从直接模式切换到代理模式。
-
2.发明申请公开(公告)号:US20090252330A1
公开(公告)日:2009-10-08
申请号:US12061597
申请日:2008-04-02
IPC分类号: H04L9/08
CPC分类号: H04L9/0822 , H04L9/0825 , H04L9/0836 , H04L9/0894
摘要: Efficient mechanisms are provided for transferring key objects associated with disk logical unit numbers and tape cartridges from one data center to another data center. A request is received to transfer a source data center key object from a source data center to a destination data center. The source data center key object corresponds to a data block, such as a disk logical unit number (LUN) or a tape cartridge, maintained in a storage area network (SAN) and includes a unique identifier, an encrypted key, and a wrapper unique identifier. The encrypted key is decrypted using a source data center key hierarchy. Key information is transmitted from the source data center to the destination data center. A destination data center key object is generated using a destination data center key hierarchy.
摘要翻译: 提供了高效的机制,用于将与磁盘逻辑单元号和磁带盒相关联的关键对象从一个数据中心传输到另一个数据中心。 接收到将源数据中心密钥对象从源数据中心传送到目的地数据中心的请求。 源数据中心密钥对象对应于维护在存储区域网络(SAN)中的数据块,例如磁盘逻辑单元号(LUN)或磁带盒,并且包括唯一标识符,加密密钥和包装器唯一 标识符 使用源数据中心密钥层次结构解密加密密钥。 密钥信息从源数据中心发送到目的数据中心。 使用目标数据中心密钥层次结构生成目标数据中心密钥对象。
-
公开(公告)号:US09071589B1
公开(公告)日:2015-06-30
申请号:US12061600
申请日:2008-04-02
CPC分类号: H04L63/065 , H04L9/0822 , H04L9/0825 , H04L9/0833 , H04L67/1097
摘要: An encryption key management system is provided for storage area network devices. A create key request is received at a storage area network switch. The key is created at the storage area network switch and the created key request is transmitted to a key management center. The key object is stored in the key management center and includes a unique identifier, an encrypted key, a wrapper unique identifier, and a key entity. The encrypted key can later be decrypted to generate a decrypted key. The encrypted key is decrypted using keying material accessed using the wrapper unique identifier that identifies another key object.
摘要翻译: 为存储区域网络设备提供加密密钥管理系统。 在存储区域网络交换机处接收到创建密钥请求。 密钥是在存储区域网络交换机上创建的,所创建的密钥请求被发送到密钥管理中心。 密钥对象存储在密钥管理中心,包括唯一标识符,加密密钥,包装唯一标识符和密钥实体。 加密密钥可以随后被解密以生成解密的密钥。 使用识别另一个关键对象的包装器唯一标识符访问密钥材料来解密加密密钥。
-
4.发明授权公开(公告)号:US08989388B2
公开(公告)日:2015-03-24
申请号:US12061597
申请日:2008-04-02
CPC分类号: H04L9/0822 , H04L9/0825 , H04L9/0836 , H04L9/0894
摘要: Efficient mechanisms are provided for transferring key objects associated with disk logical unit numbers and tape cartridges from one data center to another data center. A request is received to transfer a source data center key object from a source data center to a destination data center. The source data center key object corresponds to a data block, such as a disk logical unit number (LUN) or a tape cartridge, maintained in a storage area network (SAN) and includes a unique identifier, an encrypted key, and a wrapper unique identifier. The encrypted key is decrypted using a source data center key hierarchy. Key information is transmitted from the source data center to the destination data center. A destination data center key object is generated using a destination data center key hierarchy.
摘要翻译: 提供了高效的机制,用于将与磁盘逻辑单元号和磁带盒相关联的关键对象从一个数据中心传输到另一个数据中心。 接收到将源数据中心密钥对象从源数据中心传送到目的地数据中心的请求。 源数据中心密钥对象对应于维护在存储区域网络(SAN)中的数据块,例如磁盘逻辑单元号(LUN)或磁带盒,并且包括唯一标识符,加密密钥和包装器唯一 标识符 使用源数据中心密钥层次结构解密加密密钥。 密钥信息从源数据中心发送到目的数据中心。 使用目标数据中心密钥层次结构生成目标数据中心密钥对象。
-
5.发明授权公开(公告)号:US08855318B1
公开(公告)日:2014-10-07
申请号:US12061604
申请日:2008-04-02
CPC分类号: H04L9/0822 , H04L9/085 , H04L9/0866 , H04L9/14 , H04L63/06 , H04L2209/24
摘要: Mechanisms are provided for generating a master key used to secure key objects associated with data blocks in a data center. A cryptographic node creation request is received. It is determined that a master key can not be obtained from another cryptographic node in the data center. A master key is generated. The master key is included in a key hierarchy used to encrypt a data center key object, the data center key object corresponding to a data block maintained in a storage area network (SAN), where the data center key object includes a unique identifier, an encrypted key, and a wrapper unique identifier. The master key is split into N shares, with M shares required to recreate the master key, wherein M is less than N. The N shares are distributed to different entities.
摘要翻译: 提供了用于生成用于保护与数据中心中的数据块相关联的密钥对象的主密钥的机制。 接收加密节点创建请求。 确定不能从数据中心中的另一密码节点获得主密钥。 生成主密钥。 主密钥被包括在用于加密数据中心密钥对象的密钥层级中,数据中心密钥对象对应于维护在存储区域网络(SAN)中的数据块,其中数据中心密钥对象包括唯一标识符, 加密密钥和封装唯一标识符。 主密钥分为N股,M股需要重新创建主密钥,其中M小于N。N股分配给不同的实体。
-
-
-
-
搜索结果
5 条记录 (耗时 0.014 秒)
