US 12,081,663 B2
Key management and key policies for data encryption in a storage appliance
Jamie Pocas, Milford, MA (US); and Radia J. Perlman, Redmond, WA (US)
Assigned to EMC IP HOLDING COMPANY LLC, Hopkinton, MA (US)
Filed by EMC IP Holding Company LLC, Hopkinton, MA (US)
Filed on Jan. 28, 2021, as Appl. No. 17/160,981.
Prior Publication US 2022/0239478 A1, Jul. 28, 2022
Int. Cl. H04L 9/08 (2006.01); H04L 9/14 (2006.01)
CPC H04L 9/0891 (2013.01) [H04L 9/0825 (2013.01); H04L 9/0894 (2013.01); H04L 9/14 (2013.01)] 18 Claims
OG exemplary drawing
 
1. A method comprising:
determining that resources are available for performing key related operations in a storage system and are not used by other workloads;
using the available resources:
evaluating keys associated with a storage system to identify an oldest key;
identifying data stored in the storage system that is encrypted with the oldest key;
generating a newest key during a key introduction period, wherein the newest key is the most recently generated key and the key introduction period is a time period that triggers the generation of the newest key and is independent of other key related operations; and
rekeying the identified data only with the newest key;
encrypting new data added to the storage system only with the newest key, wherein a length of the key introduction period is configured to manage an amount of data associated with each of the keys and to keep an overall age of the keys below a threshold age.