Abstract: Methods and systems are provided for verifying use of encryption keys. A request for verification information may be sent by a network element (e.g., server), with the request comprising combination of one or more identifiers, the combination associated with a particular I/O operation. The request may be sent to another element, which may be a centralized encryption management element (e.g., management server). In response to the request, key use verification information generated for the particular I/O operation may be received, and may be used thereafter in validating a corresponding encryption key, which may be used during data encryption or decryption, based on the received key use verification information and locally generated verification information associated with the particular I/O operation. The one or more identifiers include at least one of a target identifier, a LUN identifier, and a LBA range identifier.

Abstract: Embodiments of the invention are directed to automatically populating a database of names and secrets in an authentication server by sending one or more lists of one or more names and secrets by a network management software to an authentication server. Furthermore, some embodiments provide that the lists being sent are encrypted and/or embedded in otherwise inconspicuous files.

Abstract: Embodiments of the invention are directed to automatically populating a database of names and secrets in an authentication server by sending one or more lists of one or more names and secrets by a network management software to an authentication server. Furthermore, some embodiments provide that the lists being sent are encrypted and/or embedded in otherwise inconspicuous files.

Abstract: Methods and systems are provided for verifying use of encryption keys. A request for verification information may be sent by a network element (e.g., server), with the request comprising combination of one or more identifiers, the combination associated with a particular I/O operation. The request may be sent to another element, which may be a centralized encryption management element (e.g., management server). In response to the request, key use verification information generated for the particular I/O operation may be received, and may be used thereafter in validating a corresponding encryption key, which may be used during data encryption or decryption, based on the received key use verification information and locally generated verification information associated with the particular I/O operation. The one or more identifiers include at least one of a target identifier, a LUN identifier, and a LBA range identifier.

Abstract: A method for sending encrypted data in response to a request for an I/O operation. The method includes the steps of requesting a data encryption key, the request including one or more identifiers unique to the I/O operation; receiving a data encryption key attached with a first key use fingerprint, independently generating a second key use fingerprint in response to the one or more identifiers; comparing the first and the second key use fingerprints; and if the first key use fingerprint matches the second key use fingerprint, using the data encryption key to encrypt the data to be sent. In one embodiment, the one or more identifiers include at least one of a target identifier, a LUN identifier, and a LBA range identifier.

Abstract: Embodiments of the invention are directed to automatically populating a database of names and secrets in an authentication server by sending one or more lists of one or more names and secrets by a network management software to an authentication server. Furthermore, some embodiments provide that the lists being sent are encrypted and/or embedded in otherwise inconspicuous files.

Abstract: Embodiments of the invention are directed to automatically populating a database of names and secrets in an authentication server by sending one or more lists of one or more names and secrets by a network management software to an authentication server. Furthermore, some embodiments provide that the lists being sent are encrypted and/or embedded in otherwise inconspicuous files.

Abstract: Embodiments of the invention are directed to automatically populating a database of names and secrets in an authentication server by sending one or more lists of one or more names and secrets by a network management software to an authentication server. Furthermore, some embodiments provide that the lists being sent are encrypted and/or embedded in otherwise inconspicuous files.

Abstract: Embodiments of the invention are directed to automatically populating a database of names and secrets in an authentication server by sending one or more lists of one or more names and secrets by a network management software to an authentication server. Furthermore, some embodiments provide that the lists being sent are encrypted and/or embedded in otherwise inconspicuous files.

Abstract: A method for sending encrypted data in response to a request for an I/O operation. The method includes the steps of requesting a data encryption key, the request including one or more identifiers unique to the I/O operation; receiving a data encryption key attached with a first key use fingerprint, independently generating a second key use fingerprint in response to the one or more identifiers; comparing the first and the second key use fingerprints; and if the first key use fingerprint matches the second key use fingerprint, using the data encryption key to encrypt the data to be sent. In one embodiment, the one or more identifiers include at least one of a target identifier, a LUN identifier, and a LBA range identifier.

Abstract: Embodiments of the invention are directed to automatically populating a database of names and secrets in an authentication server by sending one or more lists of one or more names and secrets by a network management software to an authentication server. Furthermore, some embodiments provide that the lists being sent are encrypted and/or embedded in otherwise inconspicuous files.