METHOD, SYSTEM, AND PROGRAM FOR SECURELY PROVIDING KEYS TO ENCODE AND DECODE DATA IN A STORAGE CARTRIDGE

US 20110040986A1
Filed: 10/26/2010
Published: 02/17/2011
Est. Priority Date: 10/11/2001
Status: Active Grant

First Claim

Patent Images

1-43. -43. (canceled)

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided is a method, system, and program for enabling access to data in a storage medium within one of a plurality of storage cartridges capable of being mounted into a interface device. An association is provided of at least one coding key to a plurality of storage cartridges. A determination is made of one coding key associated with one target storage cartridge, wherein the coding key is capable of being used to access data in the storage medium within the target storage cartridge. The determined coding key is encrypted. The coding key is subsequently decrypted to use to decode and code data stored in the storage medium.

52 Citations

88 Claims

1-43. -43. (canceled)

44. A method for accessing data in a read/write storage medium within one of a plurality of storage cartridges mounted into a plurality of interface devices, comprising:
- providing an association of at least one coding key to the plurality of storage cartridges;
  
  encrypting the at least one coding key and storing the encrypted at least one coding key in at least one of the storage cartridges;
  
  receiving, by a receiving interface device comprising one of the plurality of interface devices, an Input/Output (I/O) request to a target storage cartridge comprising one of the plurality of storage cartridges;
  
  mounting, by the receiving interface device, the target storage cartridge in response to the I/O request;
  
  reading, by the receiving interface device, the encrypted coding key from the mounted target storage cartridge;
  
  transmitting, by the receiving interface device, the read encrypted coding key to a host;
  
  receiving, by the receiving interface device, the coding key encrypted by the host;
  
  decrypting, by the receiving interface device, the coding key encrypted by the host to use for the I/O request;
  
  performing a read or write operation in response to the I/O request by decoding read data or coding write data using the decrypted coding key.
- View Dependent Claims (45, 46, 47, 48, 49, 57, 58)
- - 45. The method of claim 44, wherein the association of the at least one coding key to the plurality of storage cartridges associates one key with the plurality of storage cartridges, wherein the one key encodes data written to the storage mediums and decodes data read from the storage mediums of the plurality of storage cartridges.
  - 46. The method of claim 44, wherein the association of the at least one coding key to the plurality of storage cartridges associates a different key with each storage cartridge, wherein the key associated with one storage cartridge is used to encode data written to the storage medium and decode data read from the storage medium of the storage cartridge.
  - 47. The method of claim 44, wherein the coding key comprises a seed value that is used to generate an additional key that is used to directly decode and encode the data in the storage medium in the storage cartridge.
  - 48. The method of claim 44, wherein encrypting the coding key further comprises:
    - encrypting, by the host, the coding key with a first key, wherein the interface devices use a second key to decrypt the coding key encrypted with the first key.
  - 49. The method of claim 44, wherein encrypting the coding key further comprises:
    - encrypting the coding key with a first key, wherein the host uses a second key to decrypt the coding key encrypted with the first key, wherein the host encrypts the coding key by encrypting the coding key with a third key, wherein the interface devices uses a fourth key to decrypt the coding key encrypted by the host with the third key.
  - 57. The method of claim 44, wherein the storage cartridges comprise tape media and the data on the storage cartridges coded and decoded using the at least one coding key comprises archival data.
  - 58. The method of claim 49, wherein the first key comprises a host public key, wherein the second key comprises a host private key, wherein the third key comprises an interface device public key and wherein the fourth key comprises an interface device private key.

50. A method performed by an interface device for accessing data in a removable storage cartridge including a read/write storage medium coupled to the interface device, comprising:
- receiving an encrypted coding key from a host system with an Input/Output (I/O) request directed to the storage cartridge;
  
  mounting the storage cartridge in response to the I/O request;
  
  decrypting the encrypted coding key to produce the coding key;
  
  performing a read or write operation in response to the I/O request by decoding read or coding write data using the coding key; and
  
  storing the received encrypted coding key in the storage medium to use for subsequent I/O requests.
- View Dependent Claims (51, 52, 53, 54, 55, 56, 59)
- - 51. The method of claim 50, wherein encoding the data with the coding key compresses the data and wherein decoding the data written to the storage medium decompresses the data, and wherein the data is only encoded or decoded using the coding key.
  - 52. The method of claim 50, wherein the coding key is encrypted by a first key maintained at the host system, further comprising;
    - maintaining, by the interface device, a second key to decrypt data encrypted using the first key, wherein the interface device uses the second key to decrypt the coding key encrypted with the first key.
  - 53. The method of claim 52, wherein the second key is stored in an integrated circuit non-volatile memory that is only accessible to decrypting logic that uses the second key to decrypt data encrypted using the first key.
  - 54. The method of claim 53, further comprising:
    - transmitting the coding key decrypted using the decrypting logic to encoder/decoder logic, wherein the encoder/decoder logic uses the coding key to encode and decode data to the storage medium.
  - 55. The method of claim 52, further comprising:
    - storing the coding key encrypted with the first key within the storage cartridge;
      
      receiving an input/output (I/O) request directed to the storage cartridge; and
      
      accessing the encrypted coding key from the storage cartridge, wherein the accessed coding key is decrypted using the second key, and wherein the decrypted coding key is used to encode and decode data to execute the I/O request to the storage cartridge.
  - 56. The method of claim 50, wherein the received encrypted coding key is encrypted by a first key maintained at the host system, wherein the host system maintains a second key to decrypt data encrypted using the first key, wherein the interface device decrypts the encrypted coding key by:
    - receiving, with the I/O request, from the host system, the second key encrypted by the host system using a third key, wherein data encrypted using the third key is decrypted using a fourth key;
      
      accessing the fourth key;
      
      using the fourth key to decrypt the encrypted second key received from the host system; and
      
      using the decrypted second key to decrypt the received coding key encrypted using the first key.
  - 59. The method of claim 56, wherein the first key comprises a host public key, wherein the second key comprises a host private key, wherein the third key comprises an interface device public key and wherein the fourth key comprises an interface device private key.

60. A system for accessing data in a read/write storage medium within one of a plurality of storage cartridges and to communicate with a host, comprising:
- an interface device having a controller for performing operations, the operations comprising;
  
  receiving an Input/Output (I/O) request to a target storage cartridge comprising one of the plurality of storage cartridges, wherein at least one coding key is associated with the plurality of storage cartridges, wherein encrypted coding keys are stored in the storage cartridges;
  
  mounting the target storage cartridge in response to the I/O request;
  
  reading the encrypted coding key from the mounted target storage cartridge;
  
  transmitting the read encrypted coding key to the host;
  
  receiving the coding key encrypted by the host;
  
  decrypting the coding key encrypted by the host to use for the I/O request; and
  
  performing a read or write operation in response to the I/O request by decoding read or coding write data using the decrypted coding key.
- View Dependent Claims (61, 62, 63, 64, 65, 66)
- - 61. The system of claim 60, wherein the association of the at least one coding key to the plurality of storage cartridges associates one key with the plurality of storage cartridges, wherein the one key encodes data written to the storage mediums and decodes data read from the storage mediums of the plurality of storage cartridges.
  - 62. The system of claim 60, wherein the association of the at least one coding key to the plurality of storage cartridges associates a different key with each storage cartridge, wherein the key associated with one storage cartridge is used to encode data written to the storage medium and decode data read from the storage medium of the storage cartridge.
  - 63. The system of claim 60, wherein encrypting the coding key further comprises:
    - encrypting, by the host, the coding key with a first key, wherein the interface devices use a second key to decrypt the coding key encrypted with the first key.
  - 64. The system of claim 60, wherein encrypting the coding key further comprises:
    - encrypting the coding key with a first key, wherein the host uses a second key to decrypt the coding key encrypted with the first key, wherein the host encrypts the coding key by encrypting the coding key with a third key, wherein the interface devices uses a fourth key to decrypt the coding key encrypted by the host with the third key.
  - 65. The system of claim 60, wherein the storage cartridges comprise tape media and the data on the storage cartridges coded and decoded using the at least one coding key comprises archival data.
  - 66. The system of claim 64, wherein the first key comprises a host public key, wherein the second key comprises a host private key, wherein the third key comprises an interface device public key and wherein the fourth key comprises an interface device private key.

67. A system for accessing data in a removable storage cartridge including a read/write storage medium and in communication with a host system, comprising:
- an interface device having a controller for performing operations, the operations comprising;
  
  receiving an encrypted coding key from the host system with an Input/Output (I/O) request directed to the storage cartridge;
  
  mounting the storage cartridge in response to the I/O request;
  
  decrypting the encrypted coding key;
  
  performing using the decrypted coding key to encode data to write to the storage medium in response to the I/O request comprising a write request;
  
  using the decrypted coding key to decode data written to the storage medium in response to the I/O request comprising a read request; and
  
  storing the received encrypted coding key in the storage medium to use for subsequent I/O requests.
- View Dependent Claims (68, 69, 70, 71, 72, 73)
- - 68. The system of claim 67, wherein the coding key is encrypted by a first key maintained at the host system, wherein the operations further comprise:
    - maintaining a second key to decrypt data encrypted using the first key, wherein the interface device uses the second key to decrypt the coding key encrypted with the first key.
  - 69. The system of claim 68, wherein the second key is stored in an integrated circuit non-volatile memory that is only accessible to decrypting logic that uses the second key to decrypt data encrypted using the first key.
  - 70. The system of claim 69, wherein the operations further comprise:
    - transmitting the coding key decrypted using the decrypting logic to encoder/decoder logic, wherein the encoder/decoder logic uses the coding key to encode and decode data to the storage medium.
  - 71. The system of claim 68, wherein the operations further comprise:
    - storing the coding key encrypted with the first key within the storage cartridge;
      
      receiving an input/output (I/O) request directed to the storage cartridge; and
      
      accessing the encrypted coding key from the storage cartridge, wherein the accessed coding key is decrypted using the second key, and wherein the decrypted coding key is used to encode and decode data to execute the I/O request to the storage cartridge.
  - 72. The system of claim 67, wherein the received encrypted coding key is encrypted by a first key maintained at the host system, wherein the host system maintains a second key to decrypt data encrypted using the first key, wherein the interface device decrypts the encrypted coding key by:
    - receiving, with the I/O request, from the host system, the second key encrypted by the host system using a third key, wherein data encrypted using the third key is decrypted using a fourth key;
      
      accessing the fourth key;
      
      using the fourth key to decrypt the encrypted second key received from the host system; and
      
      using the decrypted second key to decrypt the received coding key encrypted using the first key.
  - 73. The system of claim 72, wherein the first key comprises a host public key, wherein the second key comprises a host private key, wherein the third key comprises an interface device public key and wherein the fourth key comprises an interface device private key.

74. An article of manufacture comprising at least one of a computer readable storage media and hardware including an Input/Output (I/O Manager) and controller for accessing data in a read/write storage medium within one of a plurality of storage cartridges mounted into a plurality of interface devices and to communicate with a host, wherein the controller and I/O manager are executed to perform:
- providing, by the I/O manager, an association of at least one coding key to the plurality of storage cartridges;
  
  encrypting, by the I/O manager, the coding keys and storing the encrypted coding keys in the storage cartridges;
  
  receiving, by the controller, an Input/Output (I/O) request to a target storage cartridge comprising one of the plurality of storage cartridges;
  
  mounting, by the controller, the target storage cartridge in response to the I/O request;
  
  reading, by the controller, the encrypted coding key from the mounted target storage cartridge;
  
  transmitting, by the controller, the read encrypted coding key to the host;
  
  receiving, by the controller, the coding key encrypted by the host;
  
  decrypting, by the controller, the coding key encrypted by the host to use for the I/O request;
  
  using, by the controller, the decrypted coding key to decode data to read in the target storage cartridge including the encrypted coding key in response to the I/O request comprising a read request; and
  
  using, by the controller, the decrypted coding key to code data to write to the target storage cartridge including the encrypted coding key in response to the I/O request comprising a write request.
- View Dependent Claims (75, 76, 77, 78, 79, 80)
- - 75. The article of manufacture of claim 74, wherein the association of the at least one coding key to the plurality of storage cartridges associates one key with the plurality of storage cartridges, wherein the one key encodes data written to the storage mediums and decode data read from the storage mediums of the plurality of storage cartridges.
  - 76. The article of manufacture of claim 74, wherein the association of the at least one coding key to the plurality of storage cartridges associates a different key with each storage cartridge, wherein the key associated with one storage cartridge is used to encode data written to the storage medium and decode data read from the storage medium of the storage cartridge.
  - 77. The article of manufacture of claim 74, wherein the coding key comprises a seed value that is used to generate an additional key that is used to directly decode and encode the data in the storage medium in the storage cartridge.
  - 78. The article of manufacture of claim 74, wherein encrypting the coding key further comprises:
    - encrypting, by the I/O manager, the coding key with a first key, wherein the controller uses a second key to decrypt the coding key encrypted with the first key.
  - 79. The article of manufacture of claim 74, wherein encrypting the coding key further comprises:
    - encrypting the coding key with a first key, wherein the host uses a second key to decrypt the coding key encrypted with the first key, wherein the host encrypts the coding key by encrypting the coding key with a third key, wherein the controller uses a fourth key to decrypt the coding key encrypted by the host with the third key.
  - 80. The article of manufacture of claim 74, wherein the storage cartridges comprise tape media and the data on the storage cartridges coded and decoded using the at least one coding key comprises archival data.

81. An article of manufacture comprising at least one of a computer readable storage media and hardware including an Input/Output (I/O Manager) and controller for accessing data in a read/write storage medium within one of a plurality of storage cartridges mounted into a plurality of interface devices, wherein the controller and I/O manager are executed to perform:
- receiving, by the controller, an encrypted coding key from the I/O manager with an Input/Output (I/O) request directed to the storage cartridge;
  
  mounting, by the controller, the storage cartridge in response to the I/O request;
  
  decrypting, by the controller, the encrypted coding key;
  
  using, by the controller, the decrypted coding key to encode data to write to the storage medium in response to the I/O request comprising a write request;
  
  using, by the controller, the decrypted coding key to decode data written to the storage medium in response to the I/O request comprising a read request; and
  
  storing, by the controller, the received encrypted coding key in the storage medium to use for subsequent I/O requests.
- View Dependent Claims (82, 83, 84, 85, 86, 87, 88)
- - 82. The article of manufacture of claim 81, wherein encoding the data with the coding key compresses the data and wherein decoding the data written to the storage medium decompresses the data, and wherein the data is only encoded or decoded using the coding key.
  - 83. The article of manufacture of claim 81, wherein the coding key is encrypted by a first key maintained by the I/O manager, wherein the operations further comprise:
    - maintaining, by the controller, a second key to decrypt data encrypted using the first key, wherein the interface device uses the second key to decrypt the coding key encrypted with the first key.
  - 84. The article of manufacture of claim 83, wherein the second key is stored in an integrated circuit non-volatile memory that is only accessible to decrypting logic that uses the second key to decrypt data encrypted using the first key.
  - 85. The article of manufacture of claim 84, wherein the operations further comprise:
    - transmitting, by the controller, the coding key decrypted using the decrypting logic to encoder/decoder logic, wherein the encoder/decoder logic uses the coding key to encode and decode data to the storage medium.
  - 86. The article of manufacture of claim 83, wherein the operations further comprise:
    - storing, by the controller, the coding key encrypted with the first key within the storage cartridge;
      
      receiving, by the controller, an input/output (I/O) request directed to the storage cartridge; and
      
      accessing, by the controller, the encrypted coding key from the storage cartridge, wherein the accessed coding key is decrypted using the second key, and wherein the decrypted coding key is used to encode and decode data to execute the I/O request to the storage cartridge.
  - 87. The article of manufacture of claim 81, wherein the received encrypted coding key is encrypted by a first key maintained by the I/O manager, wherein the I/O manager maintains a second key to decrypt data encrypted using the first key, wherein the controller decrypts the encrypted coding key by:
    - receiving, with the I/O request, from the I/O manager he second key encrypted by the I/O manager using a third key, wherein data encrypted using the third key is decrypted using a fourth key;
      
      accessing the fourth key;
      
      using the fourth key to decrypt the encrypted second key received from the I/O manager andusing the decrypted second key to decrypt the received coding key encrypted using the first key.
  - 88. The article of manufacture of claim 87, wherein the first key comprises a host public key, wherein the second key comprises a host private key, wherein the third key comprises an interface device public key and wherein the fourth key comprises an interface device private key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Jaquette, Glen Alan

Granted Patent

US 9,317,720 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/193
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 21/80   in storage media based on m...

G06F 21/805   using a security table for ...

G06F 2221/2121   Chip on media, e.g. a disk ...

METHOD, SYSTEM, AND PROGRAM FOR SECURELY PROVIDING KEYS TO ENCODE AND DECODE DATA IN A STORAGE CARTRIDGE

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

52 Citations

88 Claims

Specification

Use Cases

Quick Links

Others

METHOD, SYSTEM, AND PROGRAM FOR SECURELY PROVIDING KEYS TO ENCODE AND DECODE DATA IN A STORAGE CARTRIDGE

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

52 Citations

88 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others