Use of device driver to function as a proxy between an encryption capable tape drive and a key manager
First Claim
1. A storage system comprising:
- a host;
a storage device coupled to the host, the storage device interacting with storage media to store and retrieve information from the storage media, the storage device comprisingan encryption module, the encryption module enabling encryption and decryption of data stored on storage media; and
,a device driver executing on the host, the device driver checking for encryption related information from the storage device, the encryption related information being generated in response to a command issued by the host, when encryption related information is present, the device driver facilitating encryption independent of whether the host is encryption enable;
a key manager, the key manager serving keys to the storage device via the device driver; and
,a proxy, the proxy establishing a communication path between the storage device and the key manager to facilitate serving keys to the storage device, wherein the encryption related information comprises a status indication issued by the storage device indicating that an encryption operation is needed to be performed before the command can be executed by the storage device.
1 Assignment
0 Petitions
Accused Products
Abstract
A tape system is provided with an encryption capable tape drive and an encryption enabled tape drive device driver for the encryption capable tape drive. The encryption enabled tape drive device driver functions as a proxy which connects the encryption capable tape drive to a key manager which serves keys to the tape drive. When the encryption capable device driver causes a command to be sent to the drive, the tape drive is configured to respond with a message that is intended for a key manager such as an External Key Manager (EKM). The encryption capable device driver recognizes that this is a message intended for the EKM and forwards that message to the EKM (e.g., via an Internet Protocol (IP) connection). The EKM then responds to the key request by issuing a new key (for a new cartridge which is to be written from beginning of tape (BOT)) or an existing key (for a cartridge which needs to be read). The device driver connects all EKM responses to the encryption capable tape drive and the EKM from which the encryption capable tape drive obtains its keys.
17 Citations
18 Claims
-
1. A storage system comprising:
-
a host; a storage device coupled to the host, the storage device interacting with storage media to store and retrieve information from the storage media, the storage device comprising an encryption module, the encryption module enabling encryption and decryption of data stored on storage media; and
,a device driver executing on the host, the device driver checking for encryption related information from the storage device, the encryption related information being generated in response to a command issued by the host, when encryption related information is present, the device driver facilitating encryption independent of whether the host is encryption enable; a key manager, the key manager serving keys to the storage device via the device driver; and
,a proxy, the proxy establishing a communication path between the storage device and the key manager to facilitate serving keys to the storage device, wherein the encryption related information comprises a status indication issued by the storage device indicating that an encryption operation is needed to be performed before the command can be executed by the storage device. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A storage device for interacting with storage media to store and retrieve information from the storage media comprising:
-
an encryption module, the encryption module enabling encryption and decryption of data stored on storage media; and
,a controller coupled to the encryption module, the controller interacting with the encryption module to enable storage and retrieval of information to and from the storage media; and
whereinthe storage device receives information from and transmits information to a device driver, the device driver checking for encryption related information from the storage device, the encryption related information being generated by the storage device in response to a command issued by the host, when encryption related information is present, the device driver facilitating encryption independent of whether the host is encryption enabled; and
whereinthe device driver interacts with a key manager, the key manager serving keys to the storage device via the device driver; and
,the device driver interacts with a proxy, the proxy establishing a communication path between the storage device and the key manager to facilitate serving keys to the storage device, wherein the encryption related information comprises a status indication issued by the storage device indicating that an encryption operation is needed to be performed before the command can be executed by the storage device. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A method for facilitating encryption between an encryption enabled storage device and a host, the method comprising:
-
issuing a command to the storage device; intercepting encryption related information generated by the storage device in response to the command; determining whether the encryption related information indicates that an encryption operation is needed to be performed before the command can be executed by the encryption enabled storage device; performing an encryption operation independent of whether the host is encryption enabled when the encryption related information indicates that the encryption operation is needed; and
,executing the command after the encryption operation has completed execution; and
,establishing a communication path between the encryption enabled storage device and the key manager via a proxy to facilitate serving keys to the storage device; and
whereinthe intercepting is performed by an encryption enabled device driver; and
,the device driver communicates with a key manager, the key manager serving keys to the encryption enabled storage device via the device driver, wherein the encryption related information comprises a status indication issued by the storage device. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification