US Patent 10021075 Multiple data center data security

Securely replicating backup data in a network having a production site and a plurality of remote sites by generating in the production site a data encryption key, and in each remote site a respective key encryption key that are sent to the production site; encrypting a plurality of encrypted keys using the plurality of key encryption keys with one encrypted key per remote site, and transmitting to each remote site the encrypted keys for the other remote sites and not a remote site's own encrypted key; encrypting the data to create encrypted data blocks using the data encryption key; designating a selected remote site to become the new production site if the production site fails; and receiving in the new production site from a remaining remote site a key encryption key generated by the remaining remote site to enable the new production site to decrypt the data encryption key and use the decrypted data encryption key to decrypt the encrypted data blocks.