Data encryption and decryption techniques

Asymmetric key encryption algorithm uses two pairs of keys, which are used for encryption. These two different keys are used for encrypting the data and for decrypting the data. The public key is made available to anyone whereas the secret key is only made available to the receiver side of the message.

This provides more security as compared to symmetric key encryption. Public keys are the keys that are basically used to encrypt the message for the receiver. This cryptography is an encryption system that is based on two pairs of keys. The private key usually used with the asymmetric encryption algorithm as one can use the same key for encrypting and decrypting the data. It is also known as PSK, is a shared secret key that was earlier shared between two different organizations or people using a secure channel before it is used.

Here some of them are mentioned. It is very helpful over the internet as most of us working on the internet, and where an attacker can easily access your data, so in order to prevent this, we use the encryption technique.

I hope the What is Encryption and Decryption Techniques module was very useful and understandable to all and you all must enjoy reading the module and gained a lot of knowledge about what is encryption and decryption techniques. For much more amazing modules stay connected with us. It should be noted that an embodiment in accordance with techniques herein may provide such storage services using code that executes on the data storage system or another component other than the data storage system e.

In at least one embodiment, at least some of the storage services may be reside in the data storage system. For example, a block-based storage service may include code that is executed by an HA or otherwise is provided in a service e. The DA may also be further characterized in at least one embodiment as a controller providing access to external physical drives or storage devices located on one or more external data storage systems rather than local physical drives located in the same physical storage system as the DA such as illustrated in FIG.

It should be noted that data storage system global memory, such as denoted by 25 b in FIG. In such an embodiment, all portions of the global memory may be generally accessible to all directors. Particular one or more portions of the global memory may be local with respect to a particular director with remaining non-local portions of the global memory accessible to the particular director using a communications fabric, such as an Infiniband TB fabric.

The foregoing as may be included in at least one embodiment of techniques herein is described in more detail below. Included in FIG. Each of the directors 37 a - 37 n represents one of the HAs, RAs, or DAs that may be included in a data storage system. Each of the directors may be, for example, a processor or a printed circuit board that includes a processor and other hardware components. In an embodiment disclosed herein, there may be up to sixteen directors coupled to the memory Other embodiments may use a higher or lower maximum number of directors that may vary.

For example, an embodiment in accordance with techniques herein may support up to directors per data storage system, such as a data storage array. The representation of FIG. In addition, a sending one of the directors 37 a - 37 n may be able to broadcast a message to all of the other directors 37 a - 37 n at the same time.

A host may be able to access data, such as stored on a LUN of a data storage system, using one or more different paths from the host to the data storage system.

A data storage system device, such as a LUN, may be accessible over multiple paths between the host and data storage system as described in more detail below.

Thus, a host may select one of possibly multiple paths over which to access data of a storage device. It should be noted that the particular exemplary architecture of a data storage system such as, for example, in FIGS.

Those skilled in the art will appreciate that techniques herein may be used with any suitable data storage system. For example, FIG. Some embodiments may use separate physical fabrics for each of data movement and control communications between data storage system components. Alternatively, some embodiments may use a same shared physical fabric for both data movement and control communication functionality rather than have a separate control communications fabric such as illustrated in FIG.

It should be noted that although examples of techniques herein may be made with respect to a physical data storage system and its physical components e.

Data storage systems may perform data services such as, for example, encryption and decryption of data stored on PDs. For at least some data storage customers, it is a critical security requirement to store data on PDs in an encrypted form. As known in the data storage industry, SEDs have built-in data encryption and decryption capability within the PD.

However, many PDs e. Additionally, the SEDs must be supported in the customer's particular data storage system associated configuration and protocols used. For example, a data storage system may use PDs that communicate with the data storage system and its components e. As such, SEDs may not be an option if unsupported or unavailable for use in the customer's data storage system. Further, the associated additional cost of SEDs, if available and supported in the customer's data storage system, may be undesirable.

As such, described in following paragraphs are techniques that provide a more cost-effective and flexible approach to perform encryption and decryption using another hardware HW device.

In at least one embodiment, the HW device may be a dedicated HW device used to perform only desired encryption and decryption of data stored on PDs of the data storage system. In such an embodiment, the HW device may perform encryption, decryption and optionally one or more other specified operations or data-related services such as, for example, generation of hashes e.

In this manner, the encryption and decryption processing, as well as any optional additional specified services and operations, may be performed by the additional HW device thereby using processors or CPUs of the additional HW device rather than processors or CPUs of the data storage system, or other components of the data storage system. In such an embodiment, the specified operations and services e.

Additionally, such techniques may be used with a DMA direct memory access -based protocol such as NVMe used for communication between the PDs and the data storage system e. In at least one embodiment, the HW device may perform any desired decryption of data read from a PD and encryption of data written to a PD.

In at least one embodiment, PDs of the data storage system may include non-volatile storage devices that are connected to, and communicate over, a PCIe bus. NVMe may be characterized as an open logical device interface specification for accessing non-volatile storage media e. DMA enables low-latency peer-to-peer data transfers between systems, devices and components on the PCIe bus. Systems, components and devices supporting DMA that are connected to the PCIe bus can directly access the memory of peer systems, devices and components connected to the PCIe bus when performing read and write operations.

Such DMA-based read and write operations are performed and allow direct access, for example, a memory of a system such as the data storage system, independently of the CPU of the system e. For example, in at least one embodiment, devices of the data storage system and PDs may be connected to, and communicate over, a PCIe bus using the NVMe protocol.

The target memory location may be, for example, a memory location that is local to the DA e. The source memory location may be, for example, a memory location that is local to the DA e.

The foregoing and other aspects of techniques herein are described in more detail in following paragraphs. Consistent with discussion above, the devices , and may all have connectivity to directly or indirectly and communicate over the PCIe bus The DA and PD may be included in a data storage system. The HW device may include one or more additional HW device components a that are local to the HW device and used by the HW device in performing desired processing for operations or services.

The components a may include, for example, one or more processors, memory, and the like. The DA may include one or more additional DA components a that are local to the DA and may be used by the DA in performing desired processing for operations or services in accordance with techniques herein. The components a may include, for example, one or more processors, memory, one or more drivers, and the like.

In at least one embodiment, the components a may include memory that stores data for use in connection with techniques herein. For example, the DA memory of a may include one or more memory locations where data is stored as a source or target location of a DMA operation e. The components a of the DA may include one or more drivers such as a driver used for communicating over the fabric for reading and writing data of the data storage system global memory GM , described in more detail in following paragraphs.

In at least one embodiment, the NVMe driver may be used for communicating over the PCIe bus in connection with techniques herein. The NVMe driver may program or instruct the PD regarding what operations the PD is to perform in connection with techniques herein.

The PD may include one or more PD components a in addition to the non-volatile storage media b used to store data. The one or more components a may include, for example, one or more processors, memory, and the like.

It should be noted that the devices of the example present a simplified view of devices that may be used in connection with techniques herein. In at least one embodiment, the HW device may be a microcontroller with firmware and hardware-assist functionality to perform desired service and operations, such as encryption and decryption.

However, more generally, the HW device may be implemented using any suitable hardware and known in the art. For example, in at least one embodiment, the HW device may be implemented as an ASIC application-specific integrated circuit including one or more processors that execute code stored in any suitable form of memory of the ASIC to perform desired processing by the HW device as described herein.

Before proceeding further with description regarding use of the HW device and other devices in performing encryption and decryption in connection with techniques herein, what will first be described is a more detailed example of components of the data storage system, including a distributed global memory, in at least one embodiment in accordance with techniques herein.

In this example , the data storage system may include a plurality of engines a - n. Each of the engines a - n may include components or devices thereon as illustrated. In particular, each of the engines may include two directors. For example, engine a may include two directors a - b. Each director of each of the engines a - n may have one or more front end interface connections that support connections to the hosts. Each director may also have one or more back end connections to physical backend storage devices non-volatile storage devices to access PDs.

In this manner, each director with a front end interface connection may perform processing and function as an HA or FA as described herein. Each director with a connection to backend PDs e.

Additionally, a director may also perform processing and function as an RA as described herein, for example, in connection with remote replication.

Each of the directors a , b of engine a , respectively, may also include a portion of global memory GM a , b and CPU sockets a , b. Each of the engines a - n may also include components similar to that as illustrated and described with respect to engine a. Directors across the engines a - n may communicate over a fabric The fabric may include, for example, a switch and connections between the switch and engines a - n.

In at least one embodiment, the fabric may be an IB fabric. The GM portion of each director may be characterized as local with respect to that particular director. For example, director a include GM portion a which is memory that is local to that particular director. Data stored in GM portion a may be directly accessed by a CPU or core of the director a without having to use the fabric For example, GM portion a may be memory e. Thus, the director a may directly access data of a locally without communicating over the fabric to access global memory.

As an alternative, the director a may also use the fabric to access data of a. Other GM portions b - d e. GM portion a may include information as described in more detail below that is accessed e. Thus, for example, a director of any of the engines a - n may communicate over the fabric to access data in GM portion a.

In a similar manner, any director of any of the engines a - n may generally communicate over fabric to access any GM portion comprising the global memory. Although a particular GM portion, such as a may be locally accessible to one of the directors, such as director a , any other director of any engine a - n may generally access the GM portion a. In such an embodiment as in FIG.

Collectively, the data storage system global memory including GM portions e. In at least one embodiment, there may be a maximum of 8 engines and thus 16 directors in a data storage system. The IB fabric may be used generally in embodiments with 1 or more engines e. In connection with techniques herein and with reference back to FIG. In this case, DMA transfers in connection with techniques herein may be performed by directly accessing memory locations e.

With reference back again to FIG. As a variation illustrating indirect connections, the HW device may be directly connected to a first PCIe bus not illustrated and have a first address on the first PCIe bus. As yet another variation illustrating possible indirect connections, the DA and HW device may be directly connected to a first PCIe bus and have different addresses on the first PCIe bus The foregoing are examples and additional variations are possible to provide desired connectivity between components and memory for use in performing techniques herein.

In at least one embodiment in accordance with techniques herein, there is a first path over the one or more PCIe buses between the PD and the DA where a DMA operation is performed to move data therebetween over the first path e. Using the second path in connection with techniques herein, the HW device fetches or reads the data from memory of the DA , performs processing e. Generally, the HW device may read the data to be processed from a first memory location of the DA and then store or write the results of the processed data to either the same first memory location of the DA e.

He was cheerful, friendly, and brought a smile to our face. We look forward to seeing him again. Thanks for the great customer service! He is consistently on time, friendly, happy, and has a smile on his face. People like this can be difficult to find so please let him know we appreciate his attitude and please ask DataShield to keep him around. They have the greatest attitudes.

They are helpful and considerate, plus they always have a smile on their face! They developed a schedule and plan for us that was realistic and manageable for our staff to work efficiently on both their daily responsibilities and this project. As a partner with the firm, I have the peace of mind knowing that all of these confidential records were securely destroyed. You can trust DataShield with your confidential information whether the project is large or small, paper or hard drives, they handle it all with a professional and knowledgeable staff.

DataShield has all necessary controls in place, so we can be confident that our private information is being properly disposed of. From pulverizing paper to shredding hard drives and other media they meet all of our information destruction needs. What is data encryption?