Backups of file system instances of encrypted data objects

Backups of file system instances of encrypted data objects

Example implementations relate to encrypting data objects. In an example, data objects of a file system instance contained by a security domain are encrypted using a Data Encryption Key that is specific to the security domain and is wrapped by a Key Encryption Key shared exclusively within a cluster...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: WATKINS GLENN S, CZERKOWICZ JOHN MICHAEL, RICHARDS GARETH DAVID
Format: Patent
Sprache:chi ; eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Example implementations relate to encrypting data objects. In an example, data objects of a file system instance contained by a security domain are encrypted using a Data Encryption Key that is specific to the security domain and is wrapped by a Key Encryption Key shared exclusively within a cluster. A backup of the file system instance is created on a backup node. The backup includes at least some of the encrypted data objects. The DEK is sent to the backup node. The backup node cannot decrypt the backup unless the backup node is a member of the cluster and has access to the KEK to unwrap theDEK. 示例实施方式涉及对数据对象进行加密。在示例中,使用数据加密密钥对安全域所包含的文件系统实例的数据对象进行加密,所述数据加密密钥特定于所述安全域并且通过群集内专门共享的密钥加密密钥进行包装。在备份节点上创建所述文件系统实例的备份。所述备份包括经加密数据对象中的至少一些经加密数据对象。将所述DEK发送到所述备份节点。除非所述备份节点是所述集群的成员并且有权访问所述KEK以将所述DEK解包,否则所述备份节点无法对所述备份进行解密。