| CPC G06F 21/602 (2013.01) [G06F 3/0604 (2013.01); G06F 3/0619 (2013.01); G06F 3/0622 (2013.01); G06F 3/0623 (2013.01); G06F 3/065 (2013.01); G06F 3/0659 (2013.01); G06F 3/067 (2013.01); G06F 3/0673 (2013.01); G06F 11/1453 (2013.01); G06F 11/1464 (2013.01); G06F 16/164 (2019.01); G06F 16/1748 (2019.01); G06F 16/1824 (2019.01); G06F 21/6218 (2013.01); H04L 9/0816 (2013.01); H04L 9/14 (2013.01); H04L 67/1097 (2013.01); G06F 21/107 (2023.08); H04L 2209/30 (2013.01)] | 17 Claims |
|
1. A method comprising:
receiving, by a first storage system from a client computing device, data encrypted using a first encryption key;
storing, on the first storage system, the data encrypted using a second encryption key;
receiving an indication that a second storage system has access to the first encryption key;
determining, by the first storage system, that a trust relationship exists between the client computing device and the second storage system based on the indication that the second storage system has access to the first encryption key, wherein the trust relationship indicates that the second storage system is trusted to decrypt information encrypted by the client computing device using the first encryption key; and
based on the determination that the trust relationship exists, sending, from the first storage system to the second storage system, the data, wherein sending the data causes the second storage system to service an input/output (‘I/O’) operation directed to the data and wherein the data sent from the first storage system to the second storage system is unencrypted in response to receiving a signed certificate from a key server authorizing the second storage system.
|