CONFIGURING HOST SETTINGS TO SPECIFY AN ENCRYPTION SETTING AND A KEY LABEL REFERENCING A KEY ENCYRPTION KEY TO USE TO ENCRYPT AN ENCRYPTION KEY PROVIDED TO A STORAGE DRIVE TO USE TO ENCRYPT DATA FROM THE HOST
First Claim
1. An article of manufacture including code to communicate data to a removable storage medium coupled to a storage drive managing read and write access to the removable storage medium and to perform operations, the operations comprising:
- receiving user settings to configure a data class having data attributes with encryption settings;
storing the data class with the received user encryption settings;
receiving a job indicating a data set to store to the removable storage medium;
determining a data class having data class attributes matching data attributes of the data set indicated in the job;
determining from the determined data class whether to encrypt the data; and
transmitting the data set and a command to encrypt the data set to the storage drive in response to determining that the determined data class indicates to encrypt the data, wherein the command to encrypt the data set causes the storage drive to encrypt the data sets written to the removable storage medium with an encryption key.
1 Assignment
0 Petitions
Accused Products
Abstract
Provided are a method, system, and article of manufacture for configuring host settings to specify encryption and a key label referencing a key encrypting key to use to encrypt an encryption key provided to a storage drive to use to encrypt data from the host. User settings are received to configure a data class having data attributes with encryption settings. The data class is stored with the received user encryption settings. A job is received indicating a data set to store to a removable storage medium. A data class is determined having data class attributes matching data attributes of the data set indicated in the job. A determination is made from the determined data class whether to encrypt the data. The data set and a command to encrypt the data set are transmitted to a storage drive in response to determining that the determined data class indicates to encrypt the data, wherein the command to encrypt the data set causes the storage drive to encrypt the data sets written to the removable storage medium with an encryption key.
-
Citations
20 Claims
-
1. An article of manufacture including code to communicate data to a removable storage medium coupled to a storage drive managing read and write access to the removable storage medium and to perform operations, the operations comprising:
-
receiving user settings to configure a data class having data attributes with encryption settings; storing the data class with the received user encryption settings; receiving a job indicating a data set to store to the removable storage medium; determining a data class having data class attributes matching data attributes of the data set indicated in the job; determining from the determined data class whether to encrypt the data; and transmitting the data set and a command to encrypt the data set to the storage drive in response to determining that the determined data class indicates to encrypt the data, wherein the command to encrypt the data set causes the storage drive to encrypt the data sets written to the removable storage medium with an encryption key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A storage drive in communication with a host system and a key manager and configured to perform read and write operations with respect to a removable storage medium coupled to the storage drive, comprising:
-
an interface for coupling to one removable storage medium; an encryption engine to encrypt and decrypt data written to the coupled removable storage medium; an Input/Output manager to cause operations, the operations comprising; receiving a write request from the host system having indicating to encrypt the data and a key label identifying a key encrypting key to use to encrypt an encryption key the storage drive uses to encrypt and decrypt data; sending a request to the key manager with the key label for an encryption key; receiving from the key manager the encryption key to use to encrypt the data from the host system; invoking the encryption engine to use the encryption key to encrypt the data from the host system written to the coupled removable storage medium. - View Dependent Claims (10)
-
-
11. A system, comprising:
-
a class manager executed to receive user settings to configure a data class having data attributes with encryption settings and store the data class with the received user encryption settings; and a class selection routine executed to; receive a job indicating a data set to store to a removable storage medium; determine a data class having data class attributes matching data attributes of the data set indicated in the job; determine from the determined data class whether to encrypt the data; and generate a write command to transmit the data set and a command to encrypt the data set to a storage drive in response to determining that the determined data class indicates to encrypt the data, wherein the command to encrypt the data set causes the storage drive to encrypt the data sets written to the removable storage medium with an encryption key. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A method, comprising:
-
receiving user settings to configure a data class having data attributes with encryption settings; storing the data class with the received user encryption settings; receiving a job indicating a data set to store to a removable storage medium; determining a data class having data class attributes matching data attributes of the data set indicated in the job; determining from the determined data class whether to encrypt the data; and transmitting the data set and a command to encrypt the data set to a storage drive in response to determining that the determined data class indicates to encrypt the data, wherein the command to encrypt the data set causes the storage drive to encrypt the data sets written to the removable storage medium with an encryption key. - View Dependent Claims (17, 18, 19, 20)
-
Specification