Use of Device Driver to Function as a Proxy Between an Encryption Capable Tape Drive and a Key Manager
First Claim
1. A storage system comprising:
- a host;
a storage device coupled to the host, the storage device interacting with storage media to store and retrieve information from the storage media, the storage device comprisingan encryption module, the encryption module enabling encryption and decryption of data stored on storage media; and
,a device driver executing on the host, the device driver checking for encryption related information from the storage device, the encryption related information being generated in response to a command issued by the host, when encryption related information is present, the device driver facilitating encryption independent of whether the host is encryption enabled.
1 Assignment
0 Petitions
Accused Products
Abstract
A tape system is provided with an encryption capable tape drive and an encryption enabled tape drive device driver for the encryption capable tape drive. The encryption enabled tape drive device driver functions as a proxy which connects the encryption capable tape drive to a key manager which serves keys to the tape drive. When the encryption capable device driver causes a command to be sent to the drive, the tape drive is configured to respond with a message that is intended for a key manager such as an External Key Manager (EKM). The encryption capable device driver recognizes that this is a message intended for the EKM and forwards that message to the EKM (e.g., via an Internet Protocol (IP) connection). The EKM then responds to the key request by issuing a new key (for a new cartridge which is to be written from beginning of tape (BOT)) or an existing key (for a cartridge which needs to be read). The device driver connects all EKM responses to the encryption capable tape drive and the EKM from which the encryption capable tape drive obtains its keys.
42 Citations
43 Claims
-
1. A storage system comprising:
-
a host; a storage device coupled to the host, the storage device interacting with storage media to store and retrieve information from the storage media, the storage device comprising an encryption module, the encryption module enabling encryption and decryption of data stored on storage media; and
,a device driver executing on the host, the device driver checking for encryption related information from the storage device, the encryption related information being generated in response to a command issued by the host, when encryption related information is present, the device driver facilitating encryption independent of whether the host is encryption enabled. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A storage device for interacting with storage media to store and retrieve information from the storage media comprising:
-
an encryption module, the encryption module enabling encryption and decryption of data stored on storage media; and
,a controller coupled to the encryption module, the controller interacting with the encryption module to enable storage and retrieval of information to and from the storage media; and
whereinthe storage device receives information from and transmits information to a device driver, the device driver checking for encryption related information from the storage device, the encryption related information being generated by the storage device in response to a command issued by the host, when encryption related information is present, the device driver facilitating encryption independent of whether the host is encryption enabled. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A device driver for executing on a host and communicating with a storage device, the device driver comprising:
-
a command initiation portion, the command initiation portion intercepting a command issued by the host to the storage device; an encryption portion, the encryption portion checking for encryption related information from the storage device, the encryption related information being generated by the storage device in response to a command issued by the host, when encryption related information is present, the device driver facilitating encryption independent of whether the host is encryption enabled; and
,a command execution portion, command execution portion executing the command after an encryption operation has completed execution. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. A method for facilitating encryption between an encryption enabled storage device and a host:
-
issuing a command to the storage device; intercepting encryption related information generated by the storage device in response to the command; determining whether the encryption related information indicates that an encryption operation is needed to be performed before the command can be executed by the encryption enabled storage device; performing an encryption operation independent of whether the host is encryption enabled when the encryption related information indicates that the encryption operation is needed; and
,executing the command after the encryption operation has completed execution. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36)
-
-
37. A storage system comprising:
-
a host; a storage device coupled to the host, the storage device interacting with storage media to store and retrieve information from the storage media; and
,a module coupled to the storage device; a device driver executing on the host, the device driver checking for special status information from the storage device, the special status information being generated in response to a command issued by the host, when the special status information is present, the device driver facilitating communication independent of whether the host is enabled to communicate with the module. - View Dependent Claims (38, 39, 40, 41, 42, 43)
-
Specification