| CPC H04L 9/0825 (2013.01) [H04L 9/083 (2013.01); H04L 9/0866 (2013.01); H04L 9/0894 (2013.01)] | 19 Claims |
|
1. A storage system comprising:
a communication interface to communicate with a host system that is able to access data stored by the storage system; and
a controller to:
receive a request for a data encryption key from the host system over a network, the request comprising an identifier of the host system or an identifier of a storage object to be accessed;
in response to the request, retrieve, from a key manager system, the data encryption key for the host system, wherein the controller is to retrieve the data encryption key for the host system from the key manager system by sending, to the key manager system, a request including a key identifier that is based on the identifier of the host system or the identifier of the storage object to be accessed, and wherein the storage system is separate from each of the host system and the key manager system;
encrypt the data encryption key retrieved from the key manager system using a first key, to produce an encrypted data encryption key;
send the encrypted data encryption key to the host system; and
receive, from the host system, encrypted data encrypted using the data encryption key.
|