REKEYING IN ASSOCIATION WITH AN ENCRYPTION KEY HIERARCHY

Abstract

Methods, systems, and devices for data management are described. A data management system (DMS) may store encrypted backup data across one or more storage locations using a hierarchical encryption key management design. The hierarchical design may include data encryption keys (DEKs) that are used to encrypt the backup data, and may also include one or more layers of key encryption keys (KEKs). For example, a root KEK may be implemented at the top of the hierarchy and may be used to encrypt intermediary KEKs, while intermediary KEKs may be implemented at one or more lower levels of the hierarchy and may be used to encrypt other intermediary KEKs and/or the DEKs, with the DEKs at the bottom of the hierarchy and used to encrypt data. In some examples, the root KEK may be wrapped by a customer master key, enabling customers of the DMS to provide their own encryption keys.

CPC Classifications