Abstract
A server may be divided into one or more divisions, which each may include at least one processing device and one or more data sources. Each data source may include a media encryption key (MEK) that encrypts/decrypts the contents of the data source. The MEK may be encrypted. A processing device of a division may include a node secret seed (NSS) that the processing device may use with a key derivation function to generate an access key. The processing device can use the access key to decrypt the MEK of a data source. To secure the NSS, the processing device may encrypt the NSS, send the encrypted NSS to another processing device outside the division, and the other processing device can encrypt the already-encrypted NSS again and send the double wrapped NSS back to the first processing device. The server may have an access key emergency data recovery procedure.
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.
Recommended Citation
Eisner, Alex; Kunzman, Charles; Stubblefield, Adam; McCune, Jon; Desai, Smriti; Belleville, Brian; and Yoon, HanBin, "Modular Storage Key Management for Heterogeneous Hardware and Software", Technical Disclosure Commons, (August 28, 2023)
https://www.tdcommons.org/dpubs_series/6184