公开(公告)号：WO2008118345A1

公开(公告)日：2008-10-02

申请号：PCT/US2008/003696

申请日：2008-03-20

Applicant: NETWORK APPLIANCE, INC.

Inventor： ZIMMELS, Ori ,  FRANDZEL, Yuval

IPC: G06F21/02

CPC classification number: G06F21/85 ,  G06F21/78

Abstract: A system and method for signature based data container recognition is provided. When a new data container, such as a lun, is created, a security appliance generates a signature of the data container, by, e.g., examining the contents of one or more data blocks of the data container. The generated signature is then associated with the appropriate encryption key for the data container and is stored either within a configuration database of the security appliance or on a key management system operating within a security appliance environment. To identify the encryption key associated with a data container, the security appliance generates a signature of the data container and compares the generated signature with the stored signatures. Should there be a matching signature, the security appliance utilizes the encryption key associated with the matching signature to process data access requests to/from the data container.

Abstract translation: 提供了一种基于签名的数据容器识别的系统和方法。 当创建诸如lun的新数据容器时，安全设备通过例如检查数据容器的一个或多个数据块的内容来生成数据容器的签名。 生成的签名然后与数据容器的适当的加密密钥相关联，并存储在安全设备的配置数据库内或在安全设备环境中运行的密钥管理系统上。 为了识别与数据容器相关联的加密密钥，安全设备生成数据容器的签名，并将生成的签名与存储的签名进行比较。 如果存在匹配的签名，则安全设备利用与匹配签名相关联的加密密钥来处理对数据容器的数据访问请求。

公开(公告)号：EP2143032A1

公开(公告)日：2010-01-13

申请号：EP08742167.3

申请日：2008-03-20

Applicant: Network Appliance, Inc.

Inventor： ZIMMELS, Ori ,  FRANDZEL, Yuval

IPC: G06F21/02

CPC classification number: G06F21/85 ,  G06F21/78

Abstract: A system and method for signature based data container recognition is provided. When a new data container, such as a lun, is created, a security appliance generates a signature of the data container, by, e.g., examining the contents of one or more data blocks of the data container. The generated signature is then associated with the appropriate encryption key for the data container and is stored either within a configuration database of the security appliance or on a key management system operating within a security appliance environment. To identify the encryption key associated with a data container, the security appliance generates a signature of the data container and compares the generated signature with the stored signatures. Should there be a matching signature, the security appliance utilizes the encryption key associated with the matching signature to process data access requests to/from the data container.