SELECTIVE ENCRYPTION OF DATA STORED ON REMOVABLE MEDIA IN AN AUTOMATED DATA STORAGE LIBRARY
First Claim
1. A method for encrypting data on a removable media data cartridge in a data storage library, comprising:
- establishing one or more cartridge encryption policies;
receiving a request from a host to access a specified data cartridge stored in a storage cell in the library;
transporting the specified data cartridge from the storage cell to a storage drive;
selecting an encryption policy for the specified data cartridge from the one or more cartridge encryption policies;
in response to the selected encryption policy obtaining an encryption key for the specified data cartridge; and
encrypting data on the specified data cartridge in accordance with the obtained encryption key.
3 Assignments
0 Petitions
Accused Products
Abstract
In an automated data storage library, selective encryption for data stored or to be stored on removable media is provided. One or more encryption policies are established, each policy including a level of encryption one or more encryption keys and the identity of one or more data cartridges. The encryption policies are stored in a policy table and the encryption keys are stored in a secure key server. A host requests access to a specified data cartridge and the cartridge is transported from a storage shelf in the library to a storage drive. Based on the identity of the specified cartridge the corresponding encryption policy is selected from the table and the appropriate encryption key is obtained from the key server. The storage drive encrypts data in accordance with the key and stores the data on the media within the specified data cartridge.
86 Citations
42 Claims
-
1. A method for encrypting data on a removable media data cartridge in a data storage library, comprising:
-
establishing one or more cartridge encryption policies; receiving a request from a host to access a specified data cartridge stored in a storage cell in the library; transporting the specified data cartridge from the storage cell to a storage drive; selecting an encryption policy for the specified data cartridge from the one or more cartridge encryption policies; in response to the selected encryption policy obtaining an encryption key for the specified data cartridge; and encrypting data on the specified data cartridge in accordance with the obtained encryption key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method for encrypting data on removable media in a data storage library, comprising:
-
creating an encryption policy table; entering one or more encryption policies into the table; associating one or more data cartridges with each encryption policy entered, each data cartridge having a cartridge identifier; receiving a request from a host to access a specified data cartridge; transporting the specified data cartridge from the storage cell to a storage drive; selecting the encryption policy from the encryption table with which the specified data cartridge is associated; in response to the selected encryption policy, obtaining an encryption key for the specified data cartridge; and encrypting data on the specified data cartridge in accordance with the obtained encryption key. - View Dependent Claims (17, 18, 19, 20, 21, 22)
-
-
23. A data storage system, comprising:
-
a plurality of storage shelves for storing data cartridges within a library housing unit, a data storage cartridge including data storage medium; a data storage drive operable to write data to and/or read data from the data storage medium; a library controller coupled to receive data access requests from a host computer; a robot accessor for transporting data storage cartridges between the storage shelves and the data storage drive under the direction of the library controller; a key server, coupled to the library controller, on which one or more encryption keys are stored; an encryption policy table in which are stored one or more encryption policies and, for each encryption policy, the identity of one or more data cartridges associated with the encryption policy; and a library-drive interface through which the data storage drive may transmit a request for an encryption key to the library controller and through which the library controller, after obtaining the requested encryption key from the key server, may transmit the requested encryption key to the data storage drive. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30)
-
-
31. A controller associated with a data storage library, comprising:
-
a user interface through which to receive a user input of one or more encryption policies and one or more cartridge identifiers to be associated with each encryption policy, each cartridge identifier representing a data cartridge or a range of data cartridges; a library-drive interface through which to transmit the encryption policies and associated cartridge identifiers to a storage drive in the library; a host interface through which to receive a request from a host to access a specified data cartridge stored in a storage cell in the library; an accessor interface through which to control a robotic accessor to transport the specified data cartridge to a storage drive; the library-drive interface further operable to receive a request from the storage drive for an encryption key in response to the storage drive matching the specified data cartridge with a corresponding encryption policy; means for obtaining the requested encryption key; and the library-drive interface further operable to transmit the encryption key to the storage drive, whereupon the storage drive may encrypt data being written to the specified data cartridge. - View Dependent Claims (32, 33, 34)
-
-
35. A data storage drive within a data storage library, comprising:
-
a user interface through which to receive a user input of one or more encryption policies and one or more cartridge identifiers to be associated with each encryption policy, each cartridge identifier representing a data cartridge stored in the library; means for obtaining a cartridge identifier of a data cartridge loaded into the storage drive; means for matching the identifier with an associated encryption policy; and a library-drive interface operable to; transmit a request to a key server for an encryption key in response to matching the cartridge identifier with a corresponding encryption policy; to receive the requested encryption key; and an encryption module to encrypt data being written to the loaded data cartridge. - View Dependent Claims (36, 37)
-
-
38. A computer program product of a computer readable medium usable with a programmable computer, the computer program product having computer-readable code embodied therein for encrypting data on removable media in a data storage library, the computer-readable code comprising instructions for:
-
creating an encryption policy table; entering one or more encryption policies into the table; associating one or more data cartridges with each encryption policy entered, each data cartridge having a cartridge identifier; receiving a request from a host to access a specified data cartridge; transporting the specified data cartridge from the storage cell to a storage drive; selecting the encryption policy from the encryption table with which the specified data cartridge is associated; in response to the selected encryption policy, obtaining an encryption key for the specified data cartridge; and encrypting data on the specified data cartridge in accordance with the obtained encryption key. - View Dependent Claims (39, 40, 41, 42)
-
Specification