beautypg.com

Glossary, Controller key, Controller-secured region – HP Secure Encryption User Manual

Page 71: Critical security parameters (csps), Crypto officer, Drive array, Drive encryption key, Drive key caching, Encrypted data

background image

Glossary 71

Glossary

ACU

Array Configuration Utility

Controller key

A key created by the controller and permanently saved to the Remote Key Manager after being wrapped by
the Master Encryption Key. This key is used on a temporary basis to alleviate potential bottlenecks to the

Remote Key Manager during volume creation/change events. Use of a Controller Key is on a temporary

basis only and is ultimately transitioned via a rekey operation to the appropriate Drive Encryption Key.

Controller-secured region

The section of a device where data and Critical Security Parameters can exist in an unencrypted format. This
boundary must be secured against tampering as acquiring this sensitive data may result in unauthorized

access to data.

Critical Security Parameters (CSPs)

An industry standard term referring to security related information such as keys, passwords, and so forth,

whose disclosure would compromise an encrypted system.

Crypto officer

Personnel who have permission to access the full range of encryption functions available on the controller.

This includes turning encryption on and off, resetting keys, importing Master Encryption Keys, and so forth.

Drive array

The group of physical drives containing a logical volume.

Drive encryption key

Key generated by the Smart Array controller for each physical drive that contains at least one encrypted

logical drive. The Drive Encryption Key for each physical drive is used to encrypt (wrap) the Volume
Encryption Keys for all of the logical drives resident on that physical drive.

Drive key caching

In Remote mode, the Drive Encryption Keys are typically stored on the Remote Key Manager. However, it is

possible to enable the controller to cache all of these Drive Encryption Keys necessary to decrypt attached

logical drives within the controller-secured region. This option is available to the user through HP SSA.

Encrypted data

Data that has been encrypted through the use of an encryption key.

See also other documents in the category HP Software: