Method, system, and program for securely providing keys to encode and decode data in a storage cartridge
First Claim
1. A method for accessing data in a read/write storage medium within one of a plurality of storage cartridges mounted into a plurality of interface devices, comprising:
- providing an association of at least one coding key to the plurality of storage cartridges;
encrypting, by a host device, the at least one coding key;
storing, by one of the plurality of interface devices, the encrypted coding key in at least one of the storage cartridges;
receiving, by a receiving interface device comprising one of the plurality of interface devices, an Input/Output (I/O) request to a target storage cartridge comprising one of the plurality of storage cartridges;
mounting, by the receiving interface device, the target storage cartridge in response to the I/O request;
reading, by the receiving interface device, the encrypted coding key from the mounted target storage cartridge;
transmitting, by the receiving interface device, the read encrypted coding key to the host device;
producing a re-encrypted coding key by decrypting the transmitted encrypted coding key by the host device and re-encrypting the coding key by the host device with the public key of the receiving interface device;
transmitting by the host device the re-encrypted coding key to the receiving interface device;
receiving, by the receiving interface device, the re-encrypted coding key;
decrypting, by the receiving interface device, the re-encrypted coding key;
performing a read or write operation in response to the I/O request by decoding read or coding write data using the decrypted re-encrypted coding key.
1 Assignment
0 Petitions
Accused Products
Abstract
Provided is a method, system, and program for enabling access to data in a storage medium within one of a plurality of storage cartridges capable of being mounted into a interface device. An association is provided of at least one coding key to a plurality of storage cartridges. A determination is made of one coding key associated with one target storage cartridge, wherein the coding key is capable of being used to access data in the storage medium within the target storage cartridge. The determined coding key is encrypted. The coding key is subsequently decrypted to use to decode and code data stored in the storage medium.
101 Citations
38 Claims
-
1. A method for accessing data in a read/write storage medium within one of a plurality of storage cartridges mounted into a plurality of interface devices, comprising:
-
providing an association of at least one coding key to the plurality of storage cartridges; encrypting, by a host device, the at least one coding key; storing, by one of the plurality of interface devices, the encrypted coding key in at least one of the storage cartridges; receiving, by a receiving interface device comprising one of the plurality of interface devices, an Input/Output (I/O) request to a target storage cartridge comprising one of the plurality of storage cartridges; mounting, by the receiving interface device, the target storage cartridge in response to the I/O request; reading, by the receiving interface device, the encrypted coding key from the mounted target storage cartridge; transmitting, by the receiving interface device, the read encrypted coding key to the host device; producing a re-encrypted coding key by decrypting the transmitted encrypted coding key by the host device and re-encrypting the coding key by the host device with the public key of the receiving interface device; transmitting by the host device the re-encrypted coding key to the receiving interface device; receiving, by the receiving interface device, the re-encrypted coding key; decrypting, by the receiving interface device, the re-encrypted coding key; performing a read or write operation in response to the I/O request by decoding read or coding write data using the decrypted re-encrypted coding key. - View Dependent Claims (2, 3, 4, 5, 6, 14, 15)
-
-
7. A method performed by an interface device for accessing data in a removable storage cartridge including a read/write storage medium coupled to the interface device, comprising:
-
receiving an encrypted coding key encrypted by a host device; providing an association of at least one coding key to a plurality of storage cartridges; storing by the interface device the encrypting coding key in at least one of the storage cartridges; receiving an Input/Output (I/O) request directed to a target storage cartridge; mounting by the interface device the target storage cartridge in response to the I/O request; reading by the interface device the encrypted coding key from the mounted target storage cartridge; transmitting by the interface device the read encrypted coding key to the host device; producing by the interface device a re-encrypted coding key by receiving from the host device a re-encrypted coding key comprising the transmitted encrypted coding key decrypted and then encrypted by a public key of the interface device; decrypting the re-encrypted coding key; and performing by the interface device a read or write operation in response to the I/O request by decoding read or coding write data using the decrypted re-encrypted coding key. - View Dependent Claims (8, 9, 10, 11, 12, 13, 16)
-
-
17. A system for accessing data in a read/write storage medium within one of a plurality of storage cartridges and to communicate with a host device, comprising:
an interface device having a controller for performing operations, the operations comprising; receiving an Input/Output (I/O) request to a target storage cartridge comprising one of the storage cartridges, wherein at least one coding key encrypted by the host device is associated with the plurality of storage cartridges, wherein the coding key associated with the storage cartridge is used to decode and code data in the storage cartridge, and wherein encrypted coding keys are stored in the storage cartridges; mounting the target storage cartridge in response to the I/O request; reading the encrypted coding key from the mounted target storage cartridge; transmitting the read encrypted coding key to the host device; receiving, from the host device, a re-encrypted coding key produced by the host device by decrypting the transmitted encrypted coding key and re-encrypting the coding key with the public key of the interface device; decrypting the re-encrypted coding key encrypted; and performing a read or write operation in response to the I/O request by decoding read or coding write data using the decrypted re-encrypted coding key. - View Dependent Claims (18, 19, 20, 21, 22, 23)
-
24. An article of manufacture comprising at least one of a computer readable media and hardware including an Input/Output (I/O Manager) and controller for accessing data in a read/write storage medium within one of a plurality of storage cartridges mounted into a plurality of interface devices, wherein the controller and I/O manager are executed to perform operations, the operations comprising:
-
providing, by the I/O manager, an association of at least one coding key to the plurality of storage cartridges; encrypting, by the I/O manager, the coding keys; storing, by the controller, the encrypted coding keys in at least one of the storage cartridges; receiving, by the controller, an Input/Output (I/O) request to a target storage cartridge comprising one of the storage cartridges; mounting, by the controller, the target storage cartridge in response to the I/O request; reading, by the controller, the encrypted coding key from the mounted target storage cartridge; transmitting, by the controller, the read encrypted coding key to the I/O manager; producing, by the I/O manager, a re-encrypted coding key by decrypting the transmitted encrypted coding key and re-encrypting the coding key with the public key of the interface device transmitting, by the I/O manager, the re-encrypted coding key to the controller; receiving, by the controller, from the I/O manager, the re-encrypted coding key; decrypting, by the controller, the re-encrypted coding key; and performing a read or write operation in response to the I/O request by decoding read or coding write data using the decrypted re-encrypted coding key. - View Dependent Claims (25, 26, 27, 28, 29, 30)
-
-
31. An article of manufacture comprising at least one of a computer readable media and hardware including a controller in an interface device for accessing data in a read/write storage medium within one of a plurality of storage cartridges mounted into a plurality of interface devices and for communicating with host devices, wherein the controller is executed to perform:
-
receiving an encrypted coding key encrypted by the host device, wherein at least one coding key encrypted by the host device is associated with the plurality of storage cartridges, wherein the coding key associated with the storage cartridge is used to decode and code data in the storage cartridge, and wherein encrypted coding keys are stored in the storage cartridges; receiving an Input/Output (I/O) request directed to a target storage cartridge comprising one of the storage cartridges; mounting the target storage cartridge in response to the I/O request; reading the encrypted coding key from the mounted target storage cartridge; transmitting the read encrypted coding key to the host device; receiving from the host device a re-encrypted coding key produced by the host device by decrypting the encrypted coding key and re-encrypting the decrypted coding key with the public key of the interface device; decrypting the re-encrypted coding key; and performing a read or write operation in response to the I/O request by decoding read or coding write data using the decrypted re-encrypted coding key. - View Dependent Claims (32, 33, 34, 35, 36, 37, 38)
-
Specification