CPC H04L 9/0825 (2013.01) [H04L 9/083 (2013.01); H04L 9/0827 (2013.01); H04L 63/0442 (2013.01); H04L 63/166 (2013.01)] | 19 Claims |
1. A computer-implemented method for securely retrieving an encryption key, the method comprising:
intercepting, by a second encryption daemon implemented within a second storage system, an unencrypted key request from a second storage device located within the second storage system;
determining, by the second encryption daemon, that the second encryption daemon is unable to establish a secure communications channel between the second encryption daemon and an encryption key server for securely retrieving the requested key;
identifying, by the second encryption daemon, metadata indicating that a first encryption daemon is capable of communicating with the encryption key server,
wherein the first encryption daemon is implemented within a first storage system that is separate from the second storage system,
wherein the first storage system and the second storage system are included within a storage matrix;
sending the unencrypted key request from the second encryption daemon to the first encryption daemon, utilizing a hardwired connection between the second encryption daemon and the first encryption daemon;
encrypting, by the first encryption daemon, the unencrypted key request to create an encrypted key request;
sending the encrypted key request from the first encryption daemon to the encryption key server, utilizing a secure communications channel;
receiving, from the encryption key server at the first encryption daemon, an encrypted response, utilizing the secure communications channel;
decrypting, by the first encryption daemon, the encrypted response to obtain the requested key; and
sending the requested key from the first encryption daemon to the second encryption daemon,
wherein the encryption key server is assigned from a plurality of encryption key servers for retrieving the requested key based on the second storage device.
|