Target of opportunity recognition during an encryption related process
First Claim
1. A tape drive-implemented method comprising:
- receiving, at a tape drive having a microprocessor and memory, a command to be performed on a tape cartridge;
mounting, by said tape drive, said tape cartridge;
determining if said command requires interaction with an encryption key manager;
in response to a determination that said command requires interaction with said encryption key manager, holding off on performing said command;
sending, by said tape drive, a request to said encryption key manager, thereby opening a session with the encryption key manager;
recognizing a target of opportunity exists during the session based on a determination that at least one special operation may be performed on said tape cartridge while said tape cartridge is mounted by evaluating parameters against predetermined criteria, wherein said parameters are stored within said tape cartridge;
retrieving said parameters from said tape cartridge,in response to said determining at least one special operation may be performed, performing said at least one special operation while the session is open, wherein said at least one special operation includes sending an unauthorized request alert in response to receiving an unauthorized request for the key, wherein said at least one special operation further includes an operation selected from a group consisting of a rekey operation, a key migration operation, a key retirement operation, and;
performing, by said tape drive, said command on the tape cartridge while said tape cartridge is mounted and the session is open; and
demounting, by said tape drive, said tape cartridge after performing said at least one special operation and said command.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, system, and computer program product are provided for utilizing target of opportunity to perform at least one special operation while a key session is opened with a key manager for another purpose. The method of recognizing a target of opportunity includes receiving a command to be performed on a removable storage medium and determining if the command requires interaction with the encryption key manager. If it is determined that the command requires interaction with the key manager the command is held off. A request is sent to the encryption key manager. A target of opportunity is recognized by determining if at least one special operation may be performed. If it is determined that at least one special operation may be performed then the at least one special operation and the request are performed.
-
Citations
22 Claims
-
1. A tape drive-implemented method comprising:
-
receiving, at a tape drive having a microprocessor and memory, a command to be performed on a tape cartridge; mounting, by said tape drive, said tape cartridge; determining if said command requires interaction with an encryption key manager; in response to a determination that said command requires interaction with said encryption key manager, holding off on performing said command; sending, by said tape drive, a request to said encryption key manager, thereby opening a session with the encryption key manager; recognizing a target of opportunity exists during the session based on a determination that at least one special operation may be performed on said tape cartridge while said tape cartridge is mounted by evaluating parameters against predetermined criteria, wherein said parameters are stored within said tape cartridge; retrieving said parameters from said tape cartridge, in response to said determining at least one special operation may be performed, performing said at least one special operation while the session is open, wherein said at least one special operation includes sending an unauthorized request alert in response to receiving an unauthorized request for the key, wherein said at least one special operation further includes an operation selected from a group consisting of a rekey operation, a key migration operation, a key retirement operation, and; performing, by said tape drive, said command on the tape cartridge while said tape cartridge is mounted and the session is open; and demounting, by said tape drive, said tape cartridge after performing said at least one special operation and said command. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer-implemented method comprising:
-
receiving, by a computer having a microprocessor and memory, a command to be performed on a removable storage-medium; determining if said command requires interaction with an encryption key manager; in response to a determination that said command requires interaction with said encryption key manager, holding off on performing said command; sending a request to said encryption key manager; recognizing a target of opportunity exists based on a determination that at least one special operation may be performed by evaluating parameters against predetermined criteria, wherein said parameters are stored within said tape cartridge, and comprising retrieving said parameters from said tape cartridge, wherein said parameters are selected from a group consisting of a number of mounts since a most recent rekey, a number of mounts since a most recent key retirement, a number of mounts since a most recent key migration, wherein said parameters are stored within said removable storage medium; retrieving the parameters from the removable storage medium; and in response to said determining at least one special operation may be performed, performing said at least one special operation on the removable storage medium and performing said command.
-
-
9. A system for recognizing a target of opportunity comprising:
-
a tape drive having a microprocessor and memory; an encryption key manager coupled to said tape drive; said tape drive configured to receive a command to be performed on a tape cartridge; said tape drive configured to determine if said command requires interaction with said encryption key manager; said tape drive configured to hold off on performing said command in response to said command requiring interaction with said encryption key manager; said tape drive configured to send a request to said encryption key manager; said encryption key manager configured to recognize a target of opportunity exists by determining if at least one special operation may be performed by evaluating parameters against predetermined criteria, wherein said parameters are stored within said tape cartridge, and comprising retrieving said parameters from said tape cartridge, wherein said parameters are selected from a group consisting of a number of tape cartridge mounts since a most recent rekey, a number of tape cartridge mounts since a most recent key retirement, a number of tape cartridge mounts since a most recent key migration; wherein said at least one special operation includes sending an unauthorized request alert in response to receiving a request for the key from a person or entity unauthorized to request the key; and at least one of said tape drive and said encryption key manager configured to perform said at least one special operation affecting said tape cartridge in response to said determining at least one special operation may be performed. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A system for recognizing a target of opportunity comprising:
-
a data storage drive having a microprocessor and memory; an encryption key manager coupled to said data storage drive; said data storage drive configured to receive a command to be performed on a removable storage medium; said data storage drive configured to determine if said command requires interaction with said encryption key manager; said data storage drive configured to hold off said command in response to said command requiring interaction with said encryption key manager; said data storage drive configured to send a request to said encryption key manager; said encryption key manager configured to recognize a target of opportunity exists by determining if at least one special operation may be performed by evaluating parameters against predetermined criteria, wherein said parameters are selected from a group consisting of a number of mounts since a most recent rekey, a number of mounts since a most recent key retirement, a number of mounts since a most recent key migration; and said encryption key manager configured to perform said at least one special operation and reply to said request in response to said determining at least one special operation may be performed, wherein said at least one special operation comprises outputting an unauthorized request alert in response to receiving an unauthorized request for a key.
-
-
16. A computer program product comprising a non-transitory computer useable medium comprising:
a computer readable program, wherein said computer readable program has program instructions embodied therewith, the program instructions executable by a computer having a microprocessor and memory to cause the computer to; receive a request from a tape drive for encryption information, encryption information being usable by the tape drive in performing a command on a tape cartridge, wherein said command is a command to perform a read of said tape cartridge or a write to said tape cartridge, and wherein said request is a request for a key to encrypt said tape cartridge or a request for a key to decrypt said tape cartridge, and comprising program instructions to cause the computer to send an unauthorized request alert in response to receiving an unauthorized request for the encryption information; recognize a target of opportunity exists by determining if at least one special operation may be performed on a tape cartridge by evaluating parameters against predetermined criteria, wherein said parameters are stored within said tape cartridge, and comprising retrieving said parameters from said tape cartridge, wherein said parameters are selected from a group consisting of a number of mounts since a most recent rekey, a number of mounts since a most recent key retirement, a number of mounts since a most recent key migration; instruct said tape drive to perform said at least one special operation on the tape cartridge in response to said determining at least one special operation may be performed; and
send a response to said request to said tape drive.- View Dependent Claims (17, 18, 19, 20, 21, 22)
Specification