Loading...
Please wait, while we are loading the content...
Data Protection in A Storage System Using External Secrets
| Content Provider | The Lens |
|---|---|
| Abstract | A system, method, and computer-readable storage medium for protecting a set of storage devices using a secret sharing scheme in combination with an external secret. An initial master secret is generated and then transformed into a final master secret using an external secret. A plurality of shares are generated from the initial master secret and distributed to the storage devices. The data of each storage device is encrypted with a device-specific key, and this key is encrypted using the final master secret. In order to read the data on a given storage device, the initial master secret reconstructed from a threshold number of shares and the external secret is retrieved. Next, the initial master secret is transformed into the final master secret using the external secret, and then the final master secret is used to decrypt the encrypted key of a given storage device. |
| Related Links | https://www.lens.org/lens/patent/009-156-205-361-001/frontpage |
| Language | English |
| Publisher Date | 2019-04-16 |
| Access Restriction | Open |
| Content Type | Text |
| Resource Type | Patent |
| Jurisdiction | United States of America |
| Date Applied | 2013-11-06 |
| Applicant | Pure Storage Inc |
| Application No. | 201314073618 |
| Claim | A computing system comprising a plurality of storage devices, wherein the computing system is configured to: reconstruct an initial master secret using a threshold number of shares of a plurality of shares retrieved from the plurality of storage devices; transform the initial master secret into a final master secret using one or more external secrets, wherein the one or more external secrets are stored separately from the computing system; use the final master secret and a plurality of device specific values to decrypt a plurality of unique device keys stored on the plurality of storage devices including for each storage device, use the final master secret and a device specific value that is specific to the hardware of the storage device to decrypt a unique device key that is stored on the storage device; and for each storage device of the plurality of storage devices: decrypt data on the storage device with one of the decrypted unique device keys, wherein the unique device key that decrypts the data on one storage device is different than any other unique device key that decrypts data on any other storage device of the plurality of storage devices; encrypt data on the storage device with the unique device key, wherein the unique device key that encrypts the data on one storage device is different than any other unique device key that encrypts data on any other storage device; and encrypt each device key using the final master secret and a particular device-specific value that is specific to the computing device; store information on how to retrieve the one or more external secrets, wherein the information is stored on at least one storage device of the plurality of storage devices; and store a checksum on at least one storage device, wherein the checksum is used to validate the final master secret. The computing system as recited in claim 1 , wherein the computing system is further configured to: store a corresponding encrypted device key on each storage device; and store a separate share of the plurality of shares on each storage device of the plurality of storage devices. The computing system as recited in claim 1 , further comprising a server configured to: store the one or more external secrets; and destroy data stored in the computing system by making the one or more external secrets inaccessible. The computing system as recited in claim 1 , wherein the one or more external secrets are stored on a universal serial bus (USB) key token, smart card, or remote server, and the computing system is further configured to: for each computing device, encrypt each device key using the final master secret and a particular device-specific value that is specific to the storage device. A method comprising: reconstructing an initial master secret using a threshold number of shares of a plurality of shares retrieved from the plurality of storage devices; transforming the initial master secret into a final master secret using one or more external secrets, wherein the one or more external secrets are stored separately form the computing system; using the final master secret and a plurality of device specific values to decrypt a plurality of unique device keys stored on the plurality of storage devices including for each storage device, use the final master secret and a device specific value that is specific to the hardware of the storage device to decrypt a unique device key that is stored on the storage device; and for each storage device of the plurality of storage devices: decrypting data on the storage device with one of the decrypted unique device keys, wherein the unique device key that decrypts the data on one storage device is different than any other unique device key that decrypts data on any other storage device of the plurality of storage devices; encrypting data on the storage device with the unique device key, wherein the unique device key that encrypts the data on one storage device is different than any other unique device key that encrypts data on any other storage device; and encrypt each device key using the final master secret and a particular device-specific value that is specific to the computing device; store information on how to retrieve the one or more external secrets, wherein the information is stored on at least one storage device of the plurality of storage devices; and store a checksum on at least one storage device, wherein the checksum is used to validate the final master secret. The method as recited in claim 5 , further comprising: storing a corresponding encrypted device key on each storage device; and storing a separate share of the plurality of shares on each storage device of the plurality of storage devices. The method as recited in claim 5 , further comprising: storing the one or more external secrets on a server; and destroying data stored in the computing system by making the one or more external secrets inaccessible from the server. The method as recited in claim 5 , wherein the one or more external secrets is stored on a universal serial bus (USB) key token, smart card, or remote server, and the method further comprises: for each computing device, encrypting each device key using the final master secret and a particular device-specific value that is specific to the computing device. A non-transitory computer readable storage medium comprising program instructions, wherein the program instructions are executable to: reconstruct an initial master secret using a threshold number of shares of a plurality of shares retrieved from the plurality of storage devices; transform the initial master secret into a final master secret using one or more external secrets, wherein the one or more external secrets are stored separately form the computing system; use the final master secret and a plurality of device specific values to decrypt a plurality of unique device keys stored on the plurality of storage devices including for each storage device, use the final master secret and a device specific value that is specific to the hardware of the storage device to decrypt a unique device key that is stored on the storage device; and for each storage device of the plurality of storage devices: decrypt data on the storage device with one of the decrypted unique device keys, wherein the unique device key that decrypts the data on one storage device is different than any other unique device key that decrypts data on any other storage device of the plurality of storage devices; encrypt data on the storage device with the unique device key, wherein the unique device key that encrypts the data on one storage device is different than any other unique device key that encrypts data on any other storage device; and encrypt each device key using the final master secret and a particular device-specific value that is specific to the computing device; store information on how to retrieve the one or more external secrets, wherein the information is stored on at least one storage device of the plurality of storage devices; and store a checksum on at least one storage device, wherein the checksum is used to validate the final master secret. The non-transitory computer readable storage medium as recited in claim 9 , wherein the program instructions are further executable to: store a corresponding encrypted device key on each storage device; and store a separate share of the plurality of shares on each storage device of the plurality of storage devices. The non-transitory computer readable storage medium as recited in claim 9 , wherein the program instructions are further executable to: store the one or more external secrets on a server; and destroy data stored in the computing system by making the one or more external secrets inaccessible from the server. |
| CPC Classification | TRANSMISSION OF DIGITAL INFORMATION; e.g. TELEGRAPHIC COMMUNICATION ELECTRIC DIGITAL DATA PROCESSING |
| Examiner | Farid Homayounmehr Suman Debnath |
| Extended Family | 106-550-427-173-702 050-717-567-670-796 045-188-130-854-443 043-931-541-521-788 158-375-712-708-439 073-069-904-583-450 029-474-879-100-974 044-960-170-199-687 170-815-106-205-55X 070-884-941-197-737 044-911-590-097-31X 152-127-293-906-762 186-950-171-950-743 027-973-418-231-457 038-642-405-082-029 063-092-140-925-969 009-156-205-361-001 |
| Patent ID | 10263770 |
| Inventor/Author | Miller Ethan Colgrove John Hayes John |
| IPC | H04L9/08 G06F21/62 |
| Status | Active |
| Owner | Pure Storage Inc |
| Simple Family | 106-550-427-173-702 063-092-140-925-969 050-717-567-670-796 043-931-541-521-788 170-815-106-205-55X 158-375-712-708-439 152-127-293-906-762 038-642-405-082-029 027-973-418-231-457 186-950-171-950-743 009-156-205-361-001 |
| CPC (with Group) | H04L9/0822 G06F21/6218 G06F2221/2107 H04L9/085 H04L9/0897 |
| Issuing Authority | United States Patent and Trademark Office (USPTO) |
| Kind | Patent/New European patent specification (amended specification after opposition procedure) |
