Target of opportunity recognition during an encryption related process

US 9,495,561 B2
Filed: 01/08/2008
Issued: 11/15/2016
Est. Priority Date: 01/08/2008
Status: Active Grant

First Claim

Patent Images

1. A tape drive-implemented method comprising:

receiving, at a tape drive having a microprocessor and memory, a command to be performed on a tape cartridge;

mounting, by said tape drive, said tape cartridge;

determining if said command requires interaction with an encryption key manager;

in response to a determination that said command requires interaction with said encryption key manager, holding off on performing said command;

sending, by said tape drive, a request to said encryption key manager, thereby opening a session with the encryption key manager;

recognizing a target of opportunity exists during the session based on a determination that at least one special operation may be performed on said tape cartridge while said tape cartridge is mounted by evaluating parameters against predetermined criteria, wherein said parameters are stored within said tape cartridge;

retrieving said parameters from said tape cartridge,in response to said determining at least one special operation may be performed, performing said at least one special operation while the session is open, wherein said at least one special operation includes sending an unauthorized request alert in response to receiving an unauthorized request for the key, wherein said at least one special operation further includes an operation selected from a group consisting of a rekey operation, a key migration operation, a key retirement operation, and;

performing, by said tape drive, said command on the tape cartridge while said tape cartridge is mounted and the session is open; and

demounting, by said tape drive, said tape cartridge after performing said at least one special operation and said command.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, system, and computer program product are provided for utilizing target of opportunity to perform at least one special operation while a key session is opened with a key manager for another purpose. The method of recognizing a target of opportunity includes receiving a command to be performed on a removable storage medium and determining if the command requires interaction with the encryption key manager. If it is determined that the command requires interaction with the key manager the command is held off. A request is sent to the encryption key manager. A target of opportunity is recognized by determining if at least one special operation may be performed. If it is determined that at least one special operation may be performed then the at least one special operation and the request are performed.

Citations

22 Claims

1. A tape drive-implemented method comprising:
- receiving, at a tape drive having a microprocessor and memory, a command to be performed on a tape cartridge;
  
  mounting, by said tape drive, said tape cartridge;
  
  determining if said command requires interaction with an encryption key manager;
  
  in response to a determination that said command requires interaction with said encryption key manager, holding off on performing said command;
  
  sending, by said tape drive, a request to said encryption key manager, thereby opening a session with the encryption key manager;
  
  recognizing a target of opportunity exists during the session based on a determination that at least one special operation may be performed on said tape cartridge while said tape cartridge is mounted by evaluating parameters against predetermined criteria, wherein said parameters are stored within said tape cartridge;
  
  retrieving said parameters from said tape cartridge,in response to said determining at least one special operation may be performed, performing said at least one special operation while the session is open, wherein said at least one special operation includes sending an unauthorized request alert in response to receiving an unauthorized request for the key, wherein said at least one special operation further includes an operation selected from a group consisting of a rekey operation, a key migration operation, a key retirement operation, and;
  
  performing, by said tape drive, said command on the tape cartridge while said tape cartridge is mounted and the session is open; and
  
  demounting, by said tape drive, said tape cartridge after performing said at least one special operation and said command.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein said command is a command to perform a read of said tape cartridge or a write to said tape cartridge, and wherein said request is a request for a key to encrypt said tape cartridge or a request for a key to decrypt said tape cartridge.
  - 3. The method of claim 1, wherein said encryption manager determines that said at least one special operation may be performed by said evaluating parameters against said predetermined criteria.
  - 4. The method of claim 1, comprising sending a first notification that a tape drive in which the tape cartridge is mounted is in a not ready state after determining said at least one special operation may be performed, and after performing said special operation, sending a second notification that said tape drive is in a ready state or an error state in response to performing said at least one special operation.
  - 5. The method of claim 3, wherein said parameters comprises a number of mounts of the tape cartridge since a most recent identical special operation was performed, wherein said predetermined criteria comprises a predetermined maximum threshold number of tape cartridge mounts.
  - 6. The method of claim 1, wherein the special operation is performed by a tape drive having the tape cartridge mounted therein.
  - 7. The method of claim 3, wherein said parameters are selected from a group consisting of a number of mounts since a most recent rekey, a number of mounts since a most recent key retirement, a number of mounts since a most recent key migration, a time of a most recent rekey, a time of a most recent key retirement, and a time of a most recent key migration.

8. A computer-implemented method comprising:
- receiving, by a computer having a microprocessor and memory, a command to be performed on a removable storage-medium;
  
  determining if said command requires interaction with an encryption key manager;
  
  in response to a determination that said command requires interaction with said encryption key manager, holding off on performing said command;
  
  sending a request to said encryption key manager;
  
  recognizing a target of opportunity exists based on a determination that at least one special operation may be performed by evaluating parameters against predetermined criteria, wherein said parameters are stored within said tape cartridge, and comprising retrieving said parameters from said tape cartridge, wherein said parameters are selected from a group consisting of a number of mounts since a most recent rekey, a number of mounts since a most recent key retirement, a number of mounts since a most recent key migration,wherein said parameters are stored within said removable storage medium;
  
  retrieving the parameters from the removable storage medium; and
  
  in response to said determining at least one special operation may be performed, performing said at least one special operation on the removable storage medium and performing said command.

9. A system for recognizing a target of opportunity comprising:
- a tape drive having a microprocessor and memory;
  
  an encryption key manager coupled to said tape drive;
  
  said tape drive configured to receive a command to be performed on a tape cartridge;
  
  said tape drive configured to determine if said command requires interaction with said encryption key manager;
  
  said tape drive configured to hold off on performing said command in response to said command requiring interaction with said encryption key manager;
  
  said tape drive configured to send a request to said encryption key manager;
  
  said encryption key manager configured to recognize a target of opportunity exists by determining if at least one special operation may be performed by evaluating parameters against predetermined criteria, wherein said parameters are stored within said tape cartridge, and comprising retrieving said parameters from said tape cartridge, wherein said parameters are selected from a group consisting of a number of tape cartridge mounts since a most recent rekey, a number of tape cartridge mounts since a most recent key retirement, a number of tape cartridge mounts since a most recent key migration;
  
  wherein said at least one special operation includes sending an unauthorized request alert in response to receiving a request for the key from a person or entity unauthorized to request the key; and
  
  at least one of said tape drive and said encryption key manager configured to perform said at least one special operation affecting said tape cartridge in response to said determining at least one special operation may be performed.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The system of claim 9, wherein said command is a command to perform a read of said tape cartridge or a write to said tape cartridge, and wherein said request is a request for a key to encrypt said tape cartridge or a request for a key to decrypt said tape cartridge, wherein a first notification that said tape drive is in a not ready state is sent in response to determining said at least one special operation may be performed, wherein a second notification that said tape drive is in a ready state or an error state is sent in response to performance of said at least one special operation.
  - 11. The system of claim 9, wherein said at least one special operation selected from a group consisting of a key migration operation, a key retirement operation and an unauthorized request alert.
  - 12. The system of claim 9, wherein said parameters comprise a number of tape cartridge mounts since a most recent identical special operation was performed, and wherein said predetermined criteria comprises a predetermined maximum threshold number of tape cartridge mounts.
  - 13. The system of claim 9, wherein said parameters are stored within said tape cartridge, the system being configured to retrieve said parameters from said tape cartridge.
  - 14. The system of claim 9 wherein said at least one special operation includes performing a rekey in direct response to detecting the request for the key from the unauthorized person or entity.

15. A system for recognizing a target of opportunity comprising:
- a data storage drive having a microprocessor and memory;
  
  an encryption key manager coupled to said data storage drive;
  
  said data storage drive configured to receive a command to be performed on a removable storage medium;
  
  said data storage drive configured to determine if said command requires interaction with said encryption key manager;
  
  said data storage drive configured to hold off said command in response to said command requiring interaction with said encryption key manager;
  
  said data storage drive configured to send a request to said encryption key manager;
  
  said encryption key manager configured to recognize a target of opportunity exists by determining if at least one special operation may be performed by evaluating parameters against predetermined criteria, wherein said parameters are selected from a group consisting of a number of mounts since a most recent rekey, a number of mounts since a most recent key retirement, a number of mounts since a most recent key migration; and
  
  said encryption key manager configured to perform said at least one special operation and reply to said request in response to said determining at least one special operation may be performed,wherein said at least one special operation comprises outputting an unauthorized request alert in response to receiving an unauthorized request for a key.

16. A computer program product comprising a non-transitory computer useable medium comprising:
- a computer readable program, wherein said computer readable program has program instructions embodied therewith, the program instructions executable by a computer having a microprocessor and memory to cause the computer to;
  
  receive a request from a tape drive for encryption information, encryption information being usable by the tape drive in performing a command on a tape cartridge,wherein said command is a command to perform a read of said tape cartridge or a write to said tape cartridge, and wherein said request is a request for a key to encrypt said tape cartridge or a request for a key to decrypt said tape cartridge, and comprising program instructions to cause the computer to send an unauthorized request alert in response to receiving an unauthorized request for the encryption information;
  
  recognize a target of opportunity exists by determining if at least one special operation may be performed on a tape cartridge by evaluating parameters against predetermined criteria, wherein said parameters are stored within said tape cartridge, and comprising retrieving said parameters from said tape cartridge, wherein said parameters are selected from a group consisting of a number of mounts since a most recent rekey, a number of mounts since a most recent key retirement, a number of mounts since a most recent key migration;
  
  instruct said tape drive to perform said at least one special operation on the tape cartridge in response to said determining at least one special operation may be performed; and
  
  send a response to said request to said tape drive.
- View Dependent Claims (17, 18, 19, 20, 21, 22)
- - 17. The computer program product of claim 16, wherein said at least one special operation is selected from a group consisting of a rekey operation, a key migration operation, a key retirement operation and an unauthorized request alert.
  - 18. The computer program product of claim 16, wherein said computer readable program provides an encryption key manager.
  - 19. The computer program product of claim 16, wherein said determining if said at least one special operation may be performed comprises evaluating parameters against predetermined criteria.
  - 20. The computer program product of claim 19, wherein said parameters comprises a number of mounts or an amount of time transpired since a most recent identical special operation was performed and wherein said predetermined criteria comprises a predetermined maximum threshold number of mounts or a predetermined maximum threshold of time, respectively.
  - 21. The computer program product of claim 19, wherein said parameters are stored within said tape cartridge and comprising program instructions to cause the computer to instruct tape drive to retrieve the parameters from the tape cartridge.
  - 22. The computer program product of claim 19, wherein said parameters are selected from a group consisting of a number of mounts since a most recent rekey, a number of mounts since a most recent key retirement, a number of mounts since a most recent key migration, a time of a most recent rekey, a time of a most recent key retirement, and a time of a most recent key migration.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Greco, Paul Merrill, Jaquette, Glen Alan
Primary Examiner(s)
Vostal, O. C.

Application Number

US11/971,099
Publication Number

US 20090175451A1
Time in Patent Office

3,234 Days
Field of Search

380/277
US Class Current

1/1
CPC Class Codes

G06F 21/78 to assure secure storage of...

Target of opportunity recognition during an encryption related process

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Target of opportunity recognition during an encryption related process

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links