Data storage drive with target of opportunity recognition

US 10,445,254 B2
Filed: 05/30/2015
Issued: 10/15/2019
Est. Priority Date: 01/08/2008
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

receiving, by a computer, a request to store data on data storage media;

obtaining, by the computer, a data key;

generating, by the computer, an encryption encapsulated data key using the data key;

generating, by the computer, a session encrypted data key using the data key;

providing the session encrypted data key to a machine configured to write encrypted data to the data storage media, the session encrypted data key being configured for use by the machine in writing encrypted data to the data storage media by extracting and using the data key embedded in the session encrypted data key; and

providing the encryption encapsulated data key to the machine for enabling the machine to store the encryption encapsulated data key with the data on the data storage media.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method according to one embodiment includes receiving a request to store data on media, and generating a data key. An encryption encapsulated data key is generated using the data key. A session encrypted data key is generated using the data key. The encryption encapsulated data key and session encrypted data key are provided for use in writing encrypted data to the media. A method according to another embodiment includes receiving a request to read data from media, and receiving an encryption encapsulated data key. The encryption encapsulated data key is processed to obtain a data key. A session encrypted data key is generated using the data key. The encryption encapsulated data key and session encrypted data key are provided for use in reading the encrypted data from the media.

Citations

20 Claims

1. A computer-implemented method, comprising:
- receiving, by a computer, a request to store data on data storage media;
  
  obtaining, by the computer, a data key;
  
  generating, by the computer, an encryption encapsulated data key using the data key;
  
  generating, by the computer, a session encrypted data key using the data key;
  
  providing the session encrypted data key to a machine configured to write encrypted data to the data storage media, the session encrypted data key being configured for use by the machine in writing encrypted data to the data storage media by extracting and using the data key embedded in the session encrypted data key; and
  
  providing the encryption encapsulated data key to the machine for enabling the machine to store the encryption encapsulated data key with the data on the data storage media.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the data storage media is removable media.
  - 3. The method of claim 1, wherein the data storage media is a part of a tape cartridge.
  - 4. The method of claim 1, wherein the encryption encapsulated data key includes an encrypted version of the data key.
  - 5. The method of claim 1, wherein the session encrypted data key includes an encrypted version of the data key.
  - 6. The method of claim 1, comprising discarding the data key after generating the encryption encapsulated data key and session encrypted data key therewith, wherein the encryption encapsulated data key and session encrypted data key are provided without an unencrypted data key to the machine.
  - 7. The method of claim 1, comprising:
    - sending the data to the machine for encryption thereof by the machine using the data key, wherein the machine extracts the data key from the session encrypted data key and uses the data key to encrypt the data.
  - 8. The method of claim 1, comprising extracting the data key from the session encrypted data key, using the extracted data key to encode a data stream, and writing the encoded data stream to the data storage media.
  - 9. The method of claim 8, comprising writing the encryption encapsulated data key to the data storage media.
  - 10. The method of claim 1, comprising making a determination of whether to perform a special operation;
    - performing the special operation in response to determining that the special operation is to be performed; and
      
      after performing the special operation, allowing storing of the data.
  - 11. The method of claim 10, wherein the special operation is performing a servo format integrity check.

12. A computer-implemented method, comprising:
- receiving, by a computer, a request to read data from data storage media;
  
  receiving, by the computer from a machine configured to read encrypted data from the data storage media, an encryption encapsulated data key stored on the data storage media;
  
  processing the encryption encapsulated data key to obtain a data key;
  
  generating a session encrypted data key using the data key; and
  
  providing the session encrypted data key to the machine for use by the machine in reading the encrypted data from the data storage media, the session encrypted data key being configured for use by the machine in reading encrypted data from the data storage media by extracting and using the data key embedded in the session encrypted data key; and
  
  receiving the data from the machine in unencrypted form.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The method of claim 12, wherein the data storage media is removable media.
  - 14. The method of claim 12, wherein the data storage media is a part of a tape cartridge.
  - 15. The method of claim 12, wherein the machine is configured to extract the data key from the session encrypted data key and use the data key for unencoding the data read from the data storage media.
  - 16. The method of claim 12, comprising discarding the data key after generating the session encrypted data key therewith, wherein the session encrypted data key is provided without an unencrypted data key to the machine.
  - 17. The method of claim 12, comprising determining whether to perform a special operation;
    - performing the special operation in response to determining that the special operation is to be performed; and
      
      after performing the special operation, allowing reading of the data.
  - 18. The method of claim 17, wherein the special operation is performing a servo format integrity check.

19. A computer program product for reading data from data storage media, the computer program product comprising a non-transitory computer readable storage medium having program instructions embodied therewith, the program instructions executable by a processing circuit to cause the processing circuit to perform a method, comprising:
- receiving, by the processing circuit, a request to read data from data storage media;
  
  receiving, by the processing circuit, an encryption encapsulated data key read from the data storage media;
  
  processing, by the processing circuit, the encryption encapsulated data key to obtain a data key;
  
  generating, by the processing circuit, a session encrypted data key using the data key;
  
  discarding the data key after generating the session encrypted data key therewith;
  
  providing, by the processing circuit, the session encrypted data key to a machine configured to read encrypted data from the data storage media for use by the machine configured to read encrypted data from the data storage media in reading the encrypted data from the data storage media, wherein the session encrypted data key is provided without an unencrypted data key to the machine; and
  
  receiving the data from the machine in unencrypted form.
- View Dependent Claims (20)
- - 20. The computer program product of claim 19, wherein the encryption encapsulated data key is read from the data storage media, wherein the data key is extracted from the encryption encapsulated data key, wherein the session encrypted data key is generated using the data key extracted from the encryption encapsulated data key, wherein the session encrypted data key is provided to a machine configured to extract the data key from the session encrypted data key and use the data key to decode the data from the data storage media.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Greco, Paul M., Jaquette, Glen A.
Primary Examiner(s)
Goodchild, William J.

Application Number

US14/726,521
Publication Number

US 20150261691A1
Time in Patent Office

1,599 Days
Field of Search

None
US Class Current
CPC Class Codes

G05D 3/00   Control of position or dire...

G06F 12/1408   by using cryptography for d...

G06F 2212/1052   Security improvement

G11B 15/689   Control of the cassette cha...

G11B 17/228   Control systems for magazin...

H04L 2209/24   Key scheduling, i.e. genera...

H04L 9/0822   using key encryption key

Data storage drive with target of opportunity recognition

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Data storage drive with target of opportunity recognition

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links