Method, system, and program for securely providing keys to encode and decode data in a storage cartridge

US 9,317,720 B2
Filed: 10/26/2010
Issued: 04/19/2016
Est. Priority Date: 10/11/2001
Status: Active Grant

First Claim

Patent Images

1. A method for accessing data in a read/write storage medium within one of a plurality of storage cartridges mounted into a plurality of interface devices, comprising:

providing an association of at least one coding key to the plurality of storage cartridges, wherein the at least one coding key comprises a Most Recently Used (MRU) key generated by scrambling a list of entries in a random manner, wherein the MRU key initially comprises a list of every possible byte value scrambled in the random manner;

encrypting the at least one coding key and storing the encrypted at least one coding key in at least one of the storage cartridges;

receiving, by a receiving interface device comprising one of the plurality of interface devices, an Input/Output (I/O) request to a target storage cartridge comprising one of the plurality of storage cartridges, wherein the receiving interface device has a controller comprising at least one of hardware logic in a hardware device and a processor that executes logic or code to perform operations;

mounting, by the receiving interface device, the target storage cartridge in response to the I/O request;

reading, by the receiving interface device, the encrypted coding key from the mounted target storage cartridge;

transmitting, by the receiving interface device, the read encrypted coding key to a host;

receiving, by the receiving interface device, a host encrypted coding key encrypted with an encryption key of the receiving interface device, wherein the host encrypted coding key comprises the encrypted coding key, transmitted by the interface device to the host, which is decrypted by the host and re-encrypted by the host with the encryption key of the receiving interface device;

decrypting, by the receiving interface device, the host encrypted coding key to produce the coding key to use for the I/O request;

performing a read or write operation in response to the I/O request by decoding read data or coding write data using the coding key; and

performing, by the receiving interface device, read and write operations for multiple subsequent I/O requests by using, by the receiving interface device, the coding key to decode read data and code write data for multiple subsequent I/O requests to the target storage cartridge, wherein the coding key comprising the MRU key is used to encode data by replacing literals in the data with a pointer to a matching entry in the MRU key.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided is a method, system, and program for enabling access to data in a storage medium within one of a plurality of storage cartridges capable of being mounted into a interface device. An association is provided of at least one coding key to a plurality of storage cartridges. A determination is made of one coding key associated with one target storage cartridge, wherein the coding key is capable of being used to access data in the storage medium within the target storage cartridge. The determined coding key is encrypted. The coding key is subsequently decrypted to use to decode and code data stored in the storage medium.

52 Citations

22 Claims

1. A method for accessing data in a read/write storage medium within one of a plurality of storage cartridges mounted into a plurality of interface devices, comprising:
- providing an association of at least one coding key to the plurality of storage cartridges, wherein the at least one coding key comprises a Most Recently Used (MRU) key generated by scrambling a list of entries in a random manner, wherein the MRU key initially comprises a list of every possible byte value scrambled in the random manner;
  
  encrypting the at least one coding key and storing the encrypted at least one coding key in at least one of the storage cartridges;
  
  receiving, by a receiving interface device comprising one of the plurality of interface devices, an Input/Output (I/O) request to a target storage cartridge comprising one of the plurality of storage cartridges, wherein the receiving interface device has a controller comprising at least one of hardware logic in a hardware device and a processor that executes logic or code to perform operations;
  
  mounting, by the receiving interface device, the target storage cartridge in response to the I/O request;
  
  reading, by the receiving interface device, the encrypted coding key from the mounted target storage cartridge;
  
  transmitting, by the receiving interface device, the read encrypted coding key to a host;
  
  receiving, by the receiving interface device, a host encrypted coding key encrypted with an encryption key of the receiving interface device, wherein the host encrypted coding key comprises the encrypted coding key, transmitted by the interface device to the host, which is decrypted by the host and re-encrypted by the host with the encryption key of the receiving interface device;
  
  decrypting, by the receiving interface device, the host encrypted coding key to produce the coding key to use for the I/O request;
  
  performing a read or write operation in response to the I/O request by decoding read data or coding write data using the coding key; and
  
  performing, by the receiving interface device, read and write operations for multiple subsequent I/O requests by using, by the receiving interface device, the coding key to decode read data and code write data for multiple subsequent I/O requests to the target storage cartridge, wherein the coding key comprising the MRU key is used to encode data by replacing literals in the data with a pointer to a matching entry in the MRU key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the association of the at least one coding key to the plurality of storage cartridges associates one key with the plurality of storage cartridges, wherein the one key encodes data written to storage mediums and decodes data read from the storage mediums of the plurality of storage cartridges.
  - 3. The method of claim 1, wherein the association of the at least one coding key to the plurality of storage cartridges associates a different key with each storage cartridge, wherein the key associated with one storage cartridge is used to encode data written to the storage medium and decode data read from the storage medium of the storage cartridge.
  - 4. The method of claim 1, wherein the coding key comprises a seed value that is used to generate an additional key that is used to directly decode and encode the data in the storage medium in the storage cartridge.
  - 5. The method of claim 1, wherein encrypting the coding key further comprises:
    - encrypting, by the host, the coding key with a first key to produce the host encrypted coding key, wherein the interface devices use a second key to decrypt the coding key encrypted with the first key.
  - 6. The method of claim 1, wherein encrypting the coding key further comprises:
    - encrypting the coding key with a first key, wherein the host uses a second key to decrypt the coding key encrypted with the first key, wherein the host encrypts the coding key by encrypting the coding key with a third key, wherein the interface devices uses a fourth key to decrypt the coding key encrypted by the host with the third key.
  - 7. The method of claim 1, wherein the storage cartridges comprise tape media and the data on the storage cartridges coded and decoded using the at least one coding key comprises archival data.
  - 8. The method of claim 6, wherein the first key comprises a host public key, wherein the second key comprises a host private key, wherein the third key comprises an interface device public key and wherein the fourth key comprises an interface device private key.

9. A system for accessing data in a read/write storage medium within one of a plurality of storage cartridges and to communicate with a host, comprising:
- an interface device having a controller for performing operations, wherein the controller comprises at least one of hardware logic in a hardware device and a processor that executes logic or code to perform operations, the operations comprising;
  
  receiving an Input/Output (I/O) request to a target storage cartridge comprising one of the plurality of storage cartridges, wherein at least one coding key is associated with the plurality of storage cartridges, wherein encrypted coding keys are stored in the storage cartridges, wherein the coding key comprises a Most Recently Used (MRU) key generated by scrambling a list of entries in a random manner, wherein the MRU key initially comprises a list of every possible byte value scrambled in the random manner;
  
  mounting the target storage cartridge in response to the I/O request;
  
  reading the encrypted coding key from the mounted target storage cartridge;
  
  transmitting the read encrypted coding key to the host;
  
  receiving a host encrypted coding key encrypted with an encryption key of the interface device, wherein the host encrypted coding key comprises the encrypted coding key, transmitted by the interface device to the host, which is decrypted by the host and re-encrypted by the host with the encryption key of the interface device;
  
  decrypting the host encrypted coding key to produce the coding key to use for the I/O request;
  
  performing a read or write operation in response to the I/O request by decoding read or coding write data using the coding key; and
  
  performing read and write operations for multiple subsequent I/O requests by using the coding key to decode read data and code write data for multiple subsequent I/O requests to the target storage cartridge, wherein the coding key comprising the MRU key is used to encode data by replacing literals in the data with a pointer to a matching entry in the MRU key.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The system of claim 9, wherein an association of the at least one coding key to the plurality of storage cartridges associates one key with the plurality of storage cartridges, wherein the one key encodes data written to storage mediums and decodes data read from the storage mediums of the plurality of storage cartridges.
  - 11. The system of claim 9, wherein the association of the at least one coding key to the plurality of storage cartridges associates a different key with each storage cartridge, wherein the key associated with one storage cartridge is used to encode data written to the storage medium and decode data read from the storage medium of the storage cartridge.
  - 12. The system of claim 9, wherein encrypting the coding key further comprises:
    - encrypting, by the host, the coding key with a first key, wherein the interface devices use a second key to decrypt the coding key encrypted with the first key.
  - 13. The system of claim 9, wherein encrypting the coding key further comprises:
    - encrypting the coding key with a first key, wherein the host uses a second key to decrypt the coding key encrypted with the first key, wherein the host encrypts the coding key by encrypting the coding key with a third key, wherein the interface devices uses a fourth key to decrypt the coding key encrypted by the host with the third key.
  - 14. The system of claim 9, wherein the storage cartridges comprise tape media and the data on the storage cartridges coded and decoded using the at least one coding key comprises archival data.
  - 15. The system of claim 13, wherein the first key comprises a host public key, wherein the second key comprises a host private key, wherein the third key comprises an interface device public key and wherein the fourth key comprises an interface device private key.

16. An article of manufacture comprising at least one of a non-transitory computer readable storage media including code for an Input/Output (I/O Manager) and hardware device controller that when executes accesses data in a read/write storage medium within one of a plurality of storage cartridges mounted into a plurality of interface devices, to communicate with a host, and to perform operations, the operations comprising:
- providing, by the I/O manager, an association of at least one coding key to the plurality of storage cartridges, wherein the at least one coding key comprises a Most Recently Used (MRU) key generated by scrambling a list of entries in a random manner, wherein the MRU key initially comprises a list of every possible byte value scrambled in the random manner;
  
  encrypting, by the I/O manager, the coding keys and storing the encrypted coding keys in the storage cartridges;
  
  receiving, by the controller, an Input/Output (I/O) request to a target storage cartridge comprising one of the plurality of storage cartridges;
  
  mounting, by the controller, the target storage cartridge in response to the I/O request;
  
  reading, by the controller, the encrypted coding key from the mounted target storage cartridge;
  
  transmitting, by the controller, the read encrypted coding key to the host;
  
  receiving, by the controller, a host encrypted coding key encrypted with an encryption key of an interface device, wherein the host encrypted coding key comprises the encrypted coding key, transmitted by the interface device to the host, which is decrypted by the host and re-encrypted by the host with the encryption key of the interface device;
  
  decrypting, by the controller, the host encrypted coding key to produce the coding key to use for the I/O request;
  
  performing, by the controller, a read or write operation in response to the I/O request by decoding read or coding write data using the coding key; and
  
  performing, by the controller, read and write operations for multiple subsequent I/O requests by using, by the controller, the coding key to decode read data and code write data for multiple subsequent I/O requests to the target storage cartridge, wherein the coding key comprising the MRU key is used to encode data by replacing literals in the data with a pointer to a matching entry in the MRU key.
- View Dependent Claims (17, 18, 19, 20, 21, 22)
- - 17. The article of manufacture of claim 16, wherein the association of the at least one coding key to the plurality of storage cartridges associates one key with the plurality of storage cartridges, wherein the one key encodes data written to storage mediums and decode data read from the storage mediums of the plurality of storage cartridges.
  - 18. The article of manufacture of claim 16, wherein the association of the at least one coding key to the plurality of storage cartridges associates a different key with each storage cartridge, wherein the key associated with one storage cartridge is used to encode data written to the storage medium and decode data read from the storage medium of the storage cartridge.
  - 19. The article of manufacture of claim 16, wherein the coding key comprises a seed value that is used to generate an additional key that is used to directly decode and encode the data in the storage medium in the storage cartridge.
  - 20. The article of manufacture of claim 16, wherein encrypting the coding key further comprises:
    - encrypting, by the I/O manager, the coding key with a first key, wherein the controller uses a second key to decrypt the coding key encrypted with the first key.
  - 21. The article of manufacture of claim 16, wherein encrypting the coding key further comprises:
    - encrypting the coding key with a first key, wherein the host uses a second key to decrypt the coding key encrypted with the first key, wherein the host encrypts the coding key by encrypting the coding key with a third key, wherein the controller uses a fourth key to decrypt the coding key encrypted by the host with the third key.
  - 22. The article of manufacture of claim 16, wherein the storage cartridges comprise tape media and the data on the storage cartridges coded and decoded using the at least one coding key comprises archival data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Jaquette, Glen Alan
Primary Examiner(s)
Hayes, John
Assistant Examiner(s)
Winter, John M

Application Number

US12/912,740
Publication Number

US 20110040986A1
Time in Patent Office

2,002 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 21/80   in storage media based on m...

G06F 21/805   using a security table for ...

G06F 2221/2121   Chip on media, e.g. a disk ...

Method, system, and program for securely providing keys to encode and decode data in a storage cartridge

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

52 Citations

22 Claims

Specification

Use Cases

Quick Links

Others

Method, system, and program for securely providing keys to encode and decode data in a storage cartridge

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

52 Citations

22 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others