Method, system, and program for securely providing keys to encode and decode data in a storage cartridge

US 7,865,440 B2
Filed: 10/11/2001
Issued: 01/04/2011
Est. Priority Date: 10/11/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A method for accessing data in a read/write storage medium within one of a plurality of storage cartridges mounted into a plurality of interface devices, comprising:

providing an association of at least one coding key to the plurality of storage cartridges;

encrypting, by a host device, the at least one coding key;

storing, by one of the plurality of interface devices, the encrypted coding key in at least one of the storage cartridges;

receiving, by a receiving interface device comprising one of the plurality of interface devices, an Input/Output (I/O) request to a target storage cartridge comprising one of the plurality of storage cartridges;

mounting, by the receiving interface device, the target storage cartridge in response to the I/O request;

reading, by the receiving interface device, the encrypted coding key from the mounted target storage cartridge;

transmitting, by the receiving interface device, the read encrypted coding key to the host device;

producing a re-encrypted coding key by decrypting the transmitted encrypted coding key by the host device and re-encrypting the coding key by the host device with the public key of the receiving interface device;

transmitting by the host device the re-encrypted coding key to the receiving interface device;

receiving, by the receiving interface device, the re-encrypted coding key;

decrypting, by the receiving interface device, the re-encrypted coding key;

performing a read or write operation in response to the I/O request by decoding read or coding write data using the decrypted re-encrypted coding key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided is a method, system, and program for enabling access to data in a storage medium within one of a plurality of storage cartridges capable of being mounted into a interface device. An association is provided of at least one coding key to a plurality of storage cartridges. A determination is made of one coding key associated with one target storage cartridge, wherein the coding key is capable of being used to access data in the storage medium within the target storage cartridge. The determined coding key is encrypted. The coding key is subsequently decrypted to use to decode and code data stored in the storage medium.

101 Citations

View as Search Results

38 Claims

1. A method for accessing data in a read/write storage medium within one of a plurality of storage cartridges mounted into a plurality of interface devices, comprising:
- providing an association of at least one coding key to the plurality of storage cartridges;
  
  encrypting, by a host device, the at least one coding key;
  
  storing, by one of the plurality of interface devices, the encrypted coding key in at least one of the storage cartridges;
  
  receiving, by a receiving interface device comprising one of the plurality of interface devices, an Input/Output (I/O) request to a target storage cartridge comprising one of the plurality of storage cartridges;
  
  mounting, by the receiving interface device, the target storage cartridge in response to the I/O request;
  
  reading, by the receiving interface device, the encrypted coding key from the mounted target storage cartridge;
  
  transmitting, by the receiving interface device, the read encrypted coding key to the host device;
  
  producing a re-encrypted coding key by decrypting the transmitted encrypted coding key by the host device and re-encrypting the coding key by the host device with the public key of the receiving interface device;
  
  transmitting by the host device the re-encrypted coding key to the receiving interface device;
  
  receiving, by the receiving interface device, the re-encrypted coding key;
  
  decrypting, by the receiving interface device, the re-encrypted coding key;
  
  performing a read or write operation in response to the I/O request by decoding read or coding write data using the decrypted re-encrypted coding key.
- View Dependent Claims (2, 3, 4, 5, 6, 14, 15)
- - 2. The method of claim 1, wherein the association of the at least one coding key to the plurality of storage cartridges associates one key with the plurality of storage cartridges, wherein the one key encodes data written to the storage mediums and decodes data read from the storage mediums of the plurality of storage cartridges.
  - 3. The method of claim 1, wherein the association of the at least one coding key to the plurality of storage cartridges associates a different key with each storage cartridge, wherein the key associated with one storage cartridge is used to encode data written to the storage medium and decode data read from the storage medium of the storage cartridge.
  - 4. The method of claim 1, wherein the coding key comprises a seed value that is used to generate an additional key that is used to directly decode and encode the data in the storage medium in the storage cartridge.
  - 5. The method of claim 1, wherein encrypting the coding key further comprises:
    - encrypting, by the host device, the coding key with a first key, wherein the interface devices use a second key to decrypt the coding key encrypted with the first key.
  - 6. The method of claim 1, wherein encrypting the coding key further comprises:
    - encrypting the coding key with a first key, wherein the host device uses a second key to decrypt the coding key encrypted with the first key, wherein the host device re-encrypts the coding key by re-encrypting the coding key with a third key, wherein the interface devices uses a fourth key to decrypt the re-encrypted coding key encrypted by the host device with the third key.
  - 14. The method of claim 1, wherein the storage cartridges comprise tape media and the data on the storage cartridges coded and decoded using the at least one coding key comprises archival data.
  - 15. The method of claim 6, wherein the first key comprises a host public key, wherein the second key comprises a host private key, wherein the third key comprises an interface device public key and wherein the fourth key comprises an interface device private key.

7. A method performed by an interface device for accessing data in a removable storage cartridge including a read/write storage medium coupled to the interface device, comprising:
- receiving an encrypted coding key encrypted by a host device;
  
  providing an association of at least one coding key to a plurality of storage cartridges;
  
  storing by the interface device the encrypting coding key in at least one of the storage cartridges;
  
  receiving an Input/Output (I/O) request directed to a target storage cartridge;
  
  mounting by the interface device the target storage cartridge in response to the I/O request;
  
  reading by the interface device the encrypted coding key from the mounted target storage cartridge;
  
  transmitting by the interface device the read encrypted coding key to the host device;
  
  producing by the interface device a re-encrypted coding key by receiving from the host device a re-encrypted coding key comprising the transmitted encrypted coding key decrypted and then encrypted by a public key of the interface device;
  
  decrypting the re-encrypted coding key; and
  
  performing by the interface device a read or write operation in response to the I/O request by decoding read or coding write data using the decrypted re-encrypted coding key.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 16)
- - 8. The method of claim 7, wherein encoding the data with the coding key compresses the data and wherein decoding the data written to the storage medium decompresses the data, and wherein the data is only encoded or decoded using the coding key.
  - 9. The method of claim 7, wherein the coding key is encrypted by a first key maintained at the host device, further comprising;
    - maintaining, by the interface device, a second key to decrypt data encrypted using the first key, wherein the interface device uses the second key to decrypt the coding key encrypted with the first key.
  - 10. The method of claim 9, wherein the second key is stored in an integrated circuit non-volatile memory that is only accessible to decrypting logic that uses the second key to decrypt data encrypted using the first key.
  - 11. The method of claim 10, further comprising:
    - transmitting the coding key decrypted using the decrypting logic to encoder/decoder logic, wherein the encoder/decoder logic uses the coding key to encode and decode data to the storage medium.
  - 12. The method of claim 9, further comprising:
    - storing the coding key encrypted with the first key within the storage cartridge;
      
      receiving an input/output (I/O) request directed to the storage cartridge; and
      
      accessing the encrypted coding key from the storage cartridge, wherein the accessed coding key is decrypted using the second key, and wherein the decrypted coding key is used to encode and decode data to execute the I/O request to the storage cartridge.
  - 13. The method of claim 7, wherein the received encrypted coding key is encrypted by a first key maintained at the host device, wherein the host device maintains a second key to decrypt data encrypted using the first key, wherein the interface device decrypts the encrypted coding key by:
    - receiving, with the I/O request, from the host device, the second key encrypted by the host device using a third key, wherein data encrypted using the third key is decrypted using a fourth key;
      
      accessing the fourth key;
      
      using the fourth key to decrypt the encrypted second key received from the host device; and
      
      using the decrypted second key to decrypt the received coding key encrypted using the first key.
  - 16. The method of claim 13, wherein the first key comprises a host public key, wherein the second key comprises a host private key, wherein the third key comprises an interface device public key and wherein the fourth key comprises an interface device private key.

17. A system for accessing data in a read/write storage medium within one of a plurality of storage cartridges and to communicate with a host device, comprising:
- an interface device having a controller for performing operations, the operations comprising;
  
  receiving an Input/Output (I/O) request to a target storage cartridge comprising one of the storage cartridges, wherein at least one coding key encrypted by the host device is associated with the plurality of storage cartridges, wherein the coding key associated with the storage cartridge is used to decode and code data in the storage cartridge, and wherein encrypted coding keys are stored in the storage cartridges;
  
  mounting the target storage cartridge in response to the I/O request;
  
  reading the encrypted coding key from the mounted target storage cartridge;
  
  transmitting the read encrypted coding key to the host device;
  
  receiving, from the host device, a re-encrypted coding key produced by the host device by decrypting the transmitted encrypted coding key and re-encrypting the coding key with the public key of the interface device;
  
  decrypting the re-encrypted coding key encrypted; and
  
  performing a read or write operation in response to the I/O request by decoding read or coding write data using the decrypted re-encrypted coding key.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. The system of claim 17, wherein the association of the at least one coding key to the plurality of storage cartridges associates one key with the plurality of storage cartridges, wherein the one key encodes data written to the storage mediums and decodes data read from the storage mediums of the plurality of storage cartridges.
  - 19. The system of claim 17, wherein the association of the at least one coding key to the plurality of storage cartridges associates a different key with each storage cartridge, wherein the key associated with one storage cartridge is used to encode data written to the storage medium and decode data read from the storage medium of the storage cartridge.
  - 20. The system of claim 17, wherein encrypting the coding key further comprises:
    - encrypting, by the I/O manager, the coding key with a first key, and wherein the controller uses a second key to decrypt the coding key encrypted with the first key.
  - 21. The system of claim 17, wherein encrypting the coding key further comprises:
    - encrypting the coding key with a first key, wherein the I/O manager uses a second key to decrypt the coding key encrypted with the first key, wherein the I/O manager encrypts the coding key by encrypting the coding key with a third key, wherein the controller uses a fourth key to decrypt the coding key encrypted by the host with the third key.
  - 22. The system of claim 17, wherein the storage cartridges comprise tape media and the data on the storage cartridges coded and decoded using the at least one coding key comprises archival data.
  - 23. The system of claim 21, wherein the first key comprises a host public key, wherein the second key comprises a host private key, wherein the third key comprises an interface device public key and wherein the fourth key comprises an interface device private key.

24. An article of manufacture comprising at least one of a computer readable media and hardware including an Input/Output (I/O Manager) and controller for accessing data in a read/write storage medium within one of a plurality of storage cartridges mounted into a plurality of interface devices, wherein the controller and I/O manager are executed to perform operations, the operations comprising:
- providing, by the I/O manager, an association of at least one coding key to the plurality of storage cartridges;
  
  encrypting, by the I/O manager, the coding keys;
  
  storing, by the controller, the encrypted coding keys in at least one of the storage cartridges;
  
  receiving, by the controller, an Input/Output (I/O) request to a target storage cartridge comprising one of the storage cartridges;
  
  mounting, by the controller, the target storage cartridge in response to the I/O request;
  
  reading, by the controller, the encrypted coding key from the mounted target storage cartridge;
  
  transmitting, by the controller, the read encrypted coding key to the I/O manager;
  
  producing, by the I/O manager, a re-encrypted coding key by decrypting the transmitted encrypted coding key and re-encrypting the coding key with the public key of the interface devicetransmitting, by the I/O manager, the re-encrypted coding key to the controller;
  
  receiving, by the controller, from the I/O manager, the re-encrypted coding key;
  
  decrypting, by the controller, the re-encrypted coding key; and
  
  performing a read or write operation in response to the I/O request by decoding read or coding write data using the decrypted re-encrypted coding key.
- View Dependent Claims (25, 26, 27, 28, 29, 30)
- - 25. The article of manufacture of claim 24, wherein the association of the at least one coding key to the plurality of storage cartridges associates one key with the plurality of storage cartridges, wherein the one key encodes data written to the storage mediums and decodes data read from the storage mediums of the plurality of storage cartridges.
  - 26. The article of manufacture of claim 24, wherein the association of the at least one coding key to the plurality of storage cartridges associates a different key with each storage cartridge, wherein the key associated with one storage cartridge is used to encode data written to the storage medium and decode data read from the storage medium of the storage cartridge.
  - 27. The article of manufacture of claim 24, wherein the coding key comprises a seed value that is used to generate an additional key that is used to directly decode and encode the data in the storage medium in the storage cartridge.
  - 28. The article of manufacture of claim 24, wherein encrypting the coding key further comprises:
    - encrypting, by the I/O manager, the coding key with a first key, wherein the controller uses a second key to decrypt the coding key encrypted with the first key.
  - 29. The article of manufacture of claim 24, wherein encrypting the coding key further comprises:
    - encrypting the coding key with a first key, wherein the I/O manager uses a second key to decrypt the coding key encrypted with the first key, wherein the I/O manager encrypts the coding key by encrypting the coding key with a third key, wherein the controller uses a fourth key to decrypt the coding key encrypted by the I/O manager with the third key.
  - 30. The article of manufacture of claim 24, wherein the storage cartridges comprise tape media and the data on the storage cartridges coded and decoded using the at least one coding key comprises archival data.

31. An article of manufacture comprising at least one of a computer readable media and hardware including a controller in an interface device for accessing data in a read/write storage medium within one of a plurality of storage cartridges mounted into a plurality of interface devices and for communicating with host devices, wherein the controller is executed to perform:
- receiving an encrypted coding key encrypted by the host device, wherein at least one coding key encrypted by the host device is associated with the plurality of storage cartridges, wherein the coding key associated with the storage cartridge is used to decode and code data in the storage cartridge, and wherein encrypted coding keys are stored in the storage cartridges;
  
  receiving an Input/Output (I/O) request directed to a target storage cartridge comprising one of the storage cartridges;
  
  mounting the target storage cartridge in response to the I/O request;
  
  reading the encrypted coding key from the mounted target storage cartridge;
  
  transmitting the read encrypted coding key to the host device;
  
  receiving from the host device a re-encrypted coding key produced by the host device by decrypting the encrypted coding key and re-encrypting the decrypted coding key with the public key of the interface device;
  
  decrypting the re-encrypted coding key; and
  
  performing a read or write operation in response to the I/O request by decoding read or coding write data using the decrypted re-encrypted coding key.
- View Dependent Claims (32, 33, 34, 35, 36, 37, 38)
- - 32. The article of manufacture of claim 31, wherein encoding the data with the coding key compresses the data and wherein decoding the data written to the storage medium decompresses the data, and wherein the data is only encoded or decoded using the coding key.
  - 33. The article of manufacture of claim 31, wherein the coding key is encrypted by a first key maintained by the I/O manager, wherein the operations further comprise:
    - maintaining, by the controller, a second key to decrypt data encrypted using the first key, wherein the interface device uses the second key to decrypt the coding key encrypted with the first key.
  - 34. The article of manufacture of claim 33, wherein the second key is stored in an integrated circuit non-volatile memory that is only accessible to decrypting logic that uses the second key to decrypt data encrypted using the first key.
  - 35. The article of manufacture of claim 34, wherein the operations further comprise:
    - transmitting, by the controller, the coding key decrypted using the decrypting logic to encoder/decoder logic, wherein the encoder/decoder logic uses the coding key to encode and decode data to the storage medium.
  - 36. The article of manufacture of claim 33, wherein the operations further comprise:
    - storing, by the controller, the coding key encrypted with the first key within the storage cartridge;
      
      receiving, by the controller, an input/output (I/O) request directed to the storage cartridge; and
      
      accessing, by the controller, the encrypted coding key from the storage cartridge, wherein the accessed coding key is decrypted using the second key, and wherein the decrypted coding key is used to encode and decode data to execute the I/O request to the storage cartridge.
  - 37. The article of manufacture of claim 31, wherein the received encrypted coding key is encrypted by a first key maintained by the I/O manager, wherein the I/O manager maintains a second key to decrypt data encrypted using the first key, wherein the controller decrypts the encrypted coding key by:
    - receiving, with the I/O request, from the I/O manager he second key encrypted by the I/O manager using a third key, wherein data encrypted using the third key is decrypted using a fourth key;
      
      accessing the fourth key;
      
      using the fourth key to decrypt the encrypted second key received from the I/O manager andusing the decrypted second key to decrypt the received coding key encrypted using the first key.
  - 38. The article of manufacture of claim 37, wherein the first key comprises a host public key, wherein the second key comprises a host private key, wherein the third key comprises an interface device public key and wherein the fourth key comprises an interface device private key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Jaquette, Glen Alan
Primary Examiner(s)
Hewitt, II; Calvin L
Assistant Examiner(s)
Winter; John M

Application Number

US09/977,159
Publication Number

US 20030074319A1
Time in Patent Office

3,372 Days
Field of Search

705 50- 80, 705/51, 463/29, 463/25, 751/51
US Class Current

705/51
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 21/80   in storage media based on m...

G06F 21/805   using a security table for ...

G06F 2221/2121   Chip on media, e.g. a disk ...

Method, system, and program for securely providing keys to encode and decode data in a storage cartridge

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

101 Citations

38 Claims

Specification

Solutions

Use Cases

Quick Links

Method, system, and program for securely providing keys to encode and decode data in a storage cartridge

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

101 Citations

38 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links