Browse Prior Art Database

Asynchronous encryption key loading to prevent manual intervention in high availability clustered system

IP.com Disclosure Number: IPCOM000224129D
Publication Date: 2012-Dec-11
Document File: 2 page(s) / 69K

Publishing Venue

The IP.com Prior Art Database

Abstract

System to load encryption key asynchronously in high availability clustered system. This system enables shorter service outage time as manual key loading operation is eliminated when failover invoked.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 58% of the total text.

Page 01 of 2

Asynchronous encryption key loading to prevent manual intervention in high availability clustered system

System to load encryption key asynchronously in high availability clustered system. This system enables shorter service outage time as manual key loading operation is eliminated when failover invoked.

Disclosed is a system for Asynchronous encryption key loading to prevent manual intervention in high availability clustered system.

Encryption key used for file encryption and decryption in encrypted filesystem need to be loaded to a program by entering passphrase known only by the file owner. This is because file access permission mechanism is not effective to protect access from privileaged user. Privileaged user can switch to the user as well as change meta data of the file.

The challenge here is entering passphrase means manual intervention is required. This is not the case when system is started, but is the case where the systems are clustered for high availability. When a system fails, the service need to be restarted on the other system. However, without manually entering passphrase, the program started automatically cannot decrypt the encrpypted files, so the service cannot be resumed. It is true that an operator can enter passphrase when failover occur, but it takes some time due to manual intervention, which extend service outage time (Figure-1).

The core of ideas are follows.


1. Generates a program with encryption key loaded in advance to make encrypt...