TAPE DRIVE ENCRYPTION IN THE DATA PATH

US 20160212107A1
Filed: 01/21/2015
Published: 07/21/2016
Est. Priority Date: 01/21/2015
Status: Active Grant

First Claim

Patent Images

1. A method for providing data path encryption, the method comprising:

obtaining login parameters from a data source, the login parameters including an identification of a destination storage device;

receiving an encryption key for the destination storage device;

receiving a write command from the data source, the write command including data for writing to the destination storage device;

encrypting the data inside a firewall of the data source using the encryption key; and

routing the encrypted data over a data path to the destination storage device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Implementations described and claimed herein provide encryption in the data path. In one implementation, login parameters from a primary data center are obtained. The login parameters include an identification of a destination device. An encryption key corresponding to the destination device is received. A write command including data for writing to the destination device is received from the primary data center. The data is encrypted inside a firewall of the primary data center using the encryption key. The encrypted data is routed over a data path to the destination device. As such, the data is secure during transmission over the network to the destination device.

33 Citations

View as Search Results

20 Claims

1. A method for providing data path encryption, the method comprising:
- obtaining login parameters from a data source, the login parameters including an identification of a destination storage device;
  
  receiving an encryption key for the destination storage device;
  
  receiving a write command from the data source, the write command including data for writing to the destination storage device;
  
  encrypting the data inside a firewall of the data source using the encryption key; and
  
  routing the encrypted data over a data path to the destination storage device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the data source is associated with a primary data center and the destination storage device is a tape drive.
  - 3. The method of claim 1, wherein the encryption key is received from a key management appliance.
  - 4. The method of claim 3, wherein the key management appliance is included in a key management cluster.
  - 5. The method of claim 1, further comprising:
    - receiving a read command for the data from the data source;
      
      retrieving the encrypted data from the destination storage device;
      
      receiving the encryption key for the destination storage device; and
      
      decrypting the encrypted data inside the firewall of the data source.
  - 6. The method of claim 1, further comprising:
    - discovering the destination storage device; and
      
      listing the destination device in a table of available storage devices.
  - 7. The method of claim 1, wherein the data is cached prior to encryption.
  - 8. The method of claim 1, wherein the data is encrypted using an encrypting storage device.
  - 9. The method of claim 8, wherein the encrypting storage device is a tape drive.

10. One or more non-transitory tangible computer-readable storage media storing computer-executable instructions for performing a computer process on a computing system, the computer process comprising:
- obtaining login parameters from a data source, the login parameters including an identification of a destination storage device;
  
  receiving an encryption key for the destination storage device;
  
  receiving a write command from the data source, the write command including data for writing to the destination storage device;
  
  encrypting the data using the encryption key; and
  
  routing the encrypted data over a data path to the destination storage device.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The one or more non-transitory tangible computer-readable storage media of claim 10, wherein the data is cached prior to encryption.
  - 12. The one or more non-transitory tangible computer-readable storage media of claim 10, wherein the destination storage device is a tape drive.
  - 13. The one or more non-transitory tangible computer-readable storage media of claim 10, wherein the data is encrypted using an encryption format corresponding to the destination storage device.
  - 14. The one or more non-transitory tangible computer-readable storage media of claim 10, wherein the data source is associated with a primary data center and the data is encrypted inside a firewall of the primary data center.

15. A system for providing data path encryption, the system comprising:
- a destination storage device in communication with a data source over a network;
  
  a key management cluster having a plurality of key management appliances configured to generate and manage an encryption key for the destination storage device; and
  
  an encryption device deployed along a data path between the destination storage device and the data source and in communication with the key management cluster, the encryption device configured to encrypt data corresponding to a command to write the data to the destination storage device, the encryption device configured to obtain the command from the data source, the data being encrypted using the encryption key retrieved from the at least one key management appliance and sent securely over the data path to the destination storage device.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15, wherein the destination storage device is a tape drive.
  - 17. The system of claim 15, wherein the encryption device is an encrypting storage device.
  - 18. The system of claim 17, wherein the encrypting storage device is a tape drive.
  - 19. The system of claim 15, wherein the data source is associated with a primary data center and the encryption device is deployed along the data path inside a firewall of the primary data center.
  - 20. The system of claim 15, wherein the destination storage device is a remote storage device hosted in a cloud computing infrastructure.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Hostetter, David

Granted Patent

US 10,110,572 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 21/6218   to a system of files or obj...

H04L 63/02   for separating internal fro...

H04L 63/0471   applying encryption by an i...

H04L 63/06   for supporting key manageme...

H04L 63/062   for key distribution, e.g. ...

TAPE DRIVE ENCRYPTION IN THE DATA PATH

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

33 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

TAPE DRIVE ENCRYPTION IN THE DATA PATH

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

33 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links