1. Technical Field
The present disclosure relates to managing cryptographic information.
2. Related Art
Electronic information is commonly stored in storage devices in a storage system that typically includes one or more storage devices. The storage system may be implemented in accordance with a variety of storage architectures including, but not limited to, a network-attached storage (“NAS”) environment, a storage area network (“SAN”) and a disk assembly directly attached to a client or host computer.
The storage system typically includes a storage operating system that organizes the stored information. The storage operating system may implement a high-level module, for example, a file system, to logically organize information stored on storage volumes as a hierarchical structure of data containers, such as files and logical units.
As the use of electronic information increases so are the security concerns surrounding stored data. Continuous efforts are being made to first encrypt and then store data in storage devices. Stand-alone encryption devices are now being used to encrypt data as data moves between computing systems/devices and storage devices. The encryption devices use encryption keys to protect data and then use dedicated key manager devices to manage the keys. Managing encryption keys with dedicated key managers has various challenges.
In conventional systems, most encryption devices operate with proprietary key management systems using different encryption key formats. For example, a laptop encryption system; office document encryption system; tape library encryption system; file system encryption system and electronic mail encryption system may all use different encryption formats and often use dedicated key management systems.
Typically, an encryption device uses a dedicated key management system for maintaining permissions, governing key access, key backup, key archival procedures, client management procedures, monitoring, update, disaster recovery mechanisms and other functions. Most key repositories use a proprietary protocol to provide key management services. Since multiple devices/encryption systems are used today for storing and managing information, the cost of these dedicated, individual key management systems can be prohibitive. Furthermore, it makes it very difficult to inter-operate and centrally manage the encryption keys used for securing data.
It is desirable to have a uniform centralized key management system that allows one to centrally manage keys that are originated by different encryption devices without the need for individual key managers.
Any enterprise server system should be able to support an automated mechanism of replicating encryption keys to remote servers. In part, this is to support data center mirroring, and to support geographically diverse locations. Therefore, it is desirable to have a centralized key management system that is able to replicate keys to different business units based on their needs. Conventional systems today do not provide this service because they are inflexible and mostly proprietary.
It is also desirable to store keys from multiple encryption devices in different formats and be able to automatically and safely retrieve keys from a centralized key manager. Since most key management systems are proprietary, they do not offer this flexibility across different operating platforms/formats.