US20130251153A1 - Data transfer device library and key distribution - Google Patents
Data transfer device library and key distribution Download PDFInfo
- Publication number
- US20130251153A1 US20130251153A1 US11/494,294 US49429406A US2013251153A1 US 20130251153 A1 US20130251153 A1 US 20130251153A1 US 49429406 A US49429406 A US 49429406A US 2013251153 A1 US2013251153 A1 US 2013251153A1
- Authority
- US
- United States
- Prior art keywords
- library
- data
- encryption key
- data transfer
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
- G06F21/80—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in storage media based on magnetic or optical technology, e.g. disks with sectors
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1408—Protection against unauthorised use of memory or access to memory by using cryptography
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/00086—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/00086—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
- G11B20/0021—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier
- G11B20/00217—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier the cryptographic key used for encryption and/or decryption of contents recorded on or reproduced from the record carrier being read from a specific source
- G11B20/00246—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier the cryptographic key used for encryption and/or decryption of contents recorded on or reproduced from the record carrier being read from a specific source wherein the key is obtained from a local device, e.g. device key initially stored by the player or by the recorder
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B2220/00—Record carriers by type
- G11B2220/90—Tape-like record carriers
Definitions
- This invention relates to a data transfer device library and a method of key distribution.
- Encryption technology exists that can make the data on tape cartridges unreadable to any person without a correct decryption key. There may be a separate encryption/decryption key. It is difficult to manage the availability of encryption, decryption and encryption/decryption keys, especially keys in an environment with multiple tape drives such as a tape library.
- the encryption at source solutions use software encryption running on the computer to which the backup devices are attached. This has the advantage of avoiding sending un-encrypted data over a network.
- software-based encryption is typically slow and can impact backup performance.
- the software must have some form of associated key management so one does not escape the problem of key management.
- Encryption on the wire involves breaking the direct connection between the writing computer and the backup device and inserting an encrypting appliance into the break. This is generally a very expensive solution since such encrypting appliances are expensive. There is also again the key management issue.
- the invention seeks to provide encryption in a multiple data transfer device environment without the user needing to become involved in the complexities of key management.
- a method of distributing a key to encrypt data for storing on a removable data storage item in a data transfer device library comprising a controller having a key associated therewith and being connected to a plurality of data transfer devices each being operable to transfer data to a removable data storage item and having a key store, the method comprising: providing the key for the library to the controller; the controller providing the key to the key store of each data transfer device connected to the controller.
- the controller upon initialisation of the library, provides the key to the key store of each data transfer device connected to the controller.
- all the data written to the removable data storage items by the data transfer devices in the library are encrypted with the key in the key store of each data transfer device, the keys being the same.
- data are encrypted using a block encryption technique in which each block of data is encrypted using the key and a respective counter value.
- a data transfer device library comprising a plurality of data transfer devices connected to a controller having a key associated therewith, each data transfer device having a key store and being operable to encrypt data using a key stored in the key store and to transfer encrypted data to a removable data storage item, wherein the controller is operable to provide the key associated therewith to the key store of each data transfer device.
- the controller is a library controller and has a library key store pre-programmed with the key.
- the controller is distinct from a library controller and has a library key store pre-programmed with the key.
- the controller has a non-volatile memory in which the key is writeable.
- the controller is operable to provide the key to the key store of each data transfer device in response to initialisation of the library.
- the controller is operable to receive a new key and to provide the new key to the key store of each data transfer device.
- the library is a tape drive library; the data transfer devices are tape drives; and the data storage items are tape cartridges.
- a data transfer device library comprising a plurality of data transfer devices, each data transfer device having means for storing a key; means for encrypting data using a key stored in the storing means; and means for transferring encrypted data to a removable data storage item, wherein the data transfer device library further comprises: means for storing an encryption key associated with the data transfer device library; and means for providing the encryption key to the storing means of each data transfer device.
- a method of key management comprising: generating an encryption key; providing the encryption key to a data transfer library, the data transfer library having a unique library identifier and employing the encryption key to encrypt all data transferred to the data transfer library; storing an association of the encryption key and the unique library identifier; and subsequently providing a copy of the encryption key in the event that a copy of the unique library identifier is provided.
- storing an association comprises maintaining a database of encryption keys and associated unique library identifiers.
- the method is performed by a manufacturer of the data transfer library.
- the method is performed by a trusted third party distinct from the manufacturer and/or user of the data transfer library.
- the encryption key is provided to a controller of the data transfer library, and the controller is operable to distribute the encryption key to all data transfer devices within the data transfer library, each data transfer device using the encryption key to encrypt data and store encrypted data to a removable data storage item.
- providing a copy of the encryption key comprises providing the encryption key to a new data transfer library.
- FIG. 1 is a schematic block diagram of a data transfer device library embodying the present invention
- FIG. 2 is a schematic block diagram of a controller and tape drives of the library of FIG. 1 ;
- FIG. 3 is a diagram illustrating a method embodying the present invention.
- a library 1 comprises a plurality of data transfer devices 2 which are stacked in a rack 3 or otherwise physically arranged with respect to an array 4 of storage bays 5 which contain removable data storage items 6 .
- a controlled robot picker 7 operable to select a data storage item, insert that item in a data transfer device to read from or written to and to replace the item in a bay.
- a library controller 10 is operable to coordinate operations within the library and may also be the mechanism which controls the picker, although the operations performed by the picker may also be performed manually.
- the library controller 10 has a key memory 11 to store an encryption/decryption key together with the serial number of the library 1 (or some other unique identifier of the library).
- the library key memory 11 is non-volatile.
- each tape drive 2 in the library 1 comprises a host interface 20 , a controller 21 , firmware memory 22 , a memory buffer 23 , a data encryptor 24 , a data formatter 25 , a read/write channel 26 , and magnetic read/write heads 27 .
- the components of the tape drive 2 are identical to those employed in conventional tape drives.
- the controller 21 of the tape drive 2 comprises a microprocessor and executes instructions stored in the firmware memory 22 to control the operation of the tape drive 2 .
- the controller 21 responds to control commands received from the library controller 10 .
- the drive 2 contains a data encryptor 24 comprising an encryption engine 28 and a drive key memory 29 which are incorporated into the chipset of the tape drive.
- the encryption engine 28 is operable to encrypt data incoming to the tape drive with the key stored in the drive key memory 29 before writing the then encrypted data to the tape cartridge via the read/write channel 26 and the read/write heads 27 .
- the encryption engine 28 is operable to decrypt data read from the tape cartridge with the key stored in the drive key memory 29 before passing decrypted data to a host computer by the host interface 20 .
- the encryption engine 28 in each tape drive 2 relies on being supplied with the encryption key. This key is supplied by the library controller 10 .
- the library controller 10 is the controller that is also used to control the movement of the tape cartridges 6 by the robotic picker 7 . There could, however, be an incorporated or distinct other controller in the library that is either dedicated to the task of supplying keys or provides other functionality such as management of the library. Any existing communication path between the tape drive and the library controller 10 may be used to pass the key to the tape drive 2 . The communication path should not, however, involve the host interface 20 of the tape drive 2 so as to provide no opportunity for snooping the key via that route.
- the method of key distribution is as follows and as illustrated in FIG. 3 .
- the manufacturer 100 or a trusted third party (hereinafter manufacturer) generates S 1 a unique encryption key suitable for use in an encryption engine of a tape drive to encrypt data for transfer to a tape.
- the generated key is pre-programmed S 2 into the library key memory 11 which lies in the library controller.
- Each of these keys is unique to that particular library 1 and is stored in the library controller key memory 11 along with the library serial number or other unique library identifier for that library 1 .
- Each library 1 comprising at least of a library controller 10 and plurality of tape drives 2 , is shipped S 3 by the manufacturer 100 with the key pre-programmed into the library key memory 11 to a user 200 , usually a corporate entity.
- the library manufacturer 100 or trusted third party maintains S 4 a library database 300 that matches the serial number of each library 1 to the pre-programmed key associated with that library 1 .
- user information will also be appended S 5 to the record for that library.
- User information may be maintained in the record by the manufacturer 100 who is usually aware of the identity of the end user. This provides a recovery solution in the case of a disaster with the library 1 . In that case, the manufacturer 100 is able to supply S 3 a replacement library 1 to the user 200 pre-programmed with the same key for recovering the user's data. This replacement key will thus be the same as the key used to encrypt the data on the user's tape cartridges.
- Registration of the library 1 by the user 200 is optional but there are benefits in that the manufacturer 100 can maintain the library database 300 and cross-check the record for that library with information derived from the user 200 —that being library serial number and user information—and flag any discrepancies.
- the manufacturer 100 may also provide acknowledgement and verification of first use of the library 1 so as to confirm that the single key is being used to encrypt data for that library's tape cartridges.
- the step of programming S 2 the key into the library 1 and maintaining the library database 300 could be moved to a trusted third party if it was desired to prevent the original manufacturer having access to the keys.
- the library controller 10 embodying the invention also writes the key stored in the library key memory 11 into the drive key memory 29 of each of the tape drives 2 in the library 1 . This ensures that all cartridges that are written in that library are encrypted with the same key and so may be read by any tape drive in that library. Since the drive key memory 29 can be repopulated with the key from the non-volatile library key memory 11 , it is not essential for the drive key memory 29 to be non-volatile.
- the key can be updated as needed.
- the updated key would be distributed by the library 1 to all the tape drives 2 in the library 1 .
- the library database 300 maintaining records of the library serial number and encryption key would also need to be updated if the key is changed.
- the main advantage of this arrangement is that lack of any key management tasks for the user.
- a user may use a library using this invention in the same way as they use a similar library with no encryption. As long as any restoring of data is done with this library, then there is no change to existing processes. Thus, this appeals to users who recognise the need for encryption but are not prepared to put any effort into managing the process.
- a further advantage of the present invention is that in the event that encrypted data need to be recovered from the tape cartridges of a single library, then only the one key for that entire library needs to be sent securely to the library to recover the data.
- the very simple key management also lessens the likelihood of creating problems matching the appropriate key to each cartridge.
Abstract
Description
- This invention relates to a data transfer device library and a method of key distribution.
- Many institutions and corporations back up their data and use removable data storage items such as tape cartridges for storage. Data are usually backed up in a secure location such as an off-site library from where data can be restored in the event of disaster recovery. There have been instances of company data potentially losing its confidentiality due to the loss of backup tape cartridges. In the event that the data on a lost tape cartridge has not been encrypted, that data would be relatively easy for a non-authorised user to read. That situation is undesirable.
- Where the backed up data are extremely sensitive, a need is perceived to encrypt the data and thereby improve security. Encryption technology exists that can make the data on tape cartridges unreadable to any person without a correct decryption key. There may be a separate encryption/decryption key. It is difficult to manage the availability of encryption, decryption and encryption/decryption keys, especially keys in an environment with multiple tape drives such as a tape library.
- Current encryption solutions concentrate on encrypting the data either at source or on the wire.
- The encryption at source solutions use software encryption running on the computer to which the backup devices are attached. This has the advantage of avoiding sending un-encrypted data over a network. However, such software-based encryption is typically slow and can impact backup performance. Also, the software must have some form of associated key management so one does not escape the problem of key management.
- Encryption on the wire involves breaking the direct connection between the writing computer and the backup device and inserting an encrypting appliance into the break. This is generally a very expensive solution since such encrypting appliances are expensive. There is also again the key management issue.
- The invention seeks to provide encryption in a multiple data transfer device environment without the user needing to become involved in the complexities of key management.
- In accordance with the invention there is provided a method of distributing a key to encrypt data for storing on a removable data storage item in a data transfer device library, the library comprising a controller having a key associated therewith and being connected to a plurality of data transfer devices each being operable to transfer data to a removable data storage item and having a key store, the method comprising: providing the key for the library to the controller; the controller providing the key to the key store of each data transfer device connected to the controller.
- Preferably, the controller, upon initialisation of the library, provides the key to the key store of each data transfer device connected to the controller.
- Advantageously, all the data written to the removable data storage items by the data transfer devices in the library are encrypted with the key in the key store of each data transfer device, the keys being the same.
- Conveniently, data are encrypted using a block encryption technique in which each block of data is encrypted using the key and a respective counter value.
- Preferably, comprising maintaining a library database containing records of respective libraries and the key associated with a respective library.
- In accordance with a further aspect of the invention, there is provided a data transfer device library comprising a plurality of data transfer devices connected to a controller having a key associated therewith, each data transfer device having a key store and being operable to encrypt data using a key stored in the key store and to transfer encrypted data to a removable data storage item, wherein the controller is operable to provide the key associated therewith to the key store of each data transfer device.
- Preferably, the controller is a library controller and has a library key store pre-programmed with the key.
- Alternatively, the controller is distinct from a library controller and has a library key store pre-programmed with the key.
- Advantageously, the controller has a non-volatile memory in which the key is writeable.
- Conveniently, the controller is operable to provide the key to the key store of each data transfer device in response to initialisation of the library.
- Preferably, the controller is operable to receive a new key and to provide the new key to the key store of each data transfer device.
- Advantageously, the library is a tape drive library; the data transfer devices are tape drives; and the data storage items are tape cartridges.
- In accordance with a still further aspect of the invention, there is provided a data transfer device library comprising a plurality of data transfer devices, each data transfer device having means for storing a key; means for encrypting data using a key stored in the storing means; and means for transferring encrypted data to a removable data storage item, wherein the data transfer device library further comprises: means for storing an encryption key associated with the data transfer device library; and means for providing the encryption key to the storing means of each data transfer device.
- In accordance with a yet further aspect of the invention, there is provided a method of key management comprising: generating an encryption key; providing the encryption key to a data transfer library, the data transfer library having a unique library identifier and employing the encryption key to encrypt all data transferred to the data transfer library; storing an association of the encryption key and the unique library identifier; and subsequently providing a copy of the encryption key in the event that a copy of the unique library identifier is provided.
- Preferably, storing an association comprises maintaining a database of encryption keys and associated unique library identifiers.
- Advantageously, the method is performed by a manufacturer of the data transfer library.
- Conveniently, the method is performed by a trusted third party distinct from the manufacturer and/or user of the data transfer library.
- Preferably, the encryption key is provided to a controller of the data transfer library, and the controller is operable to distribute the encryption key to all data transfer devices within the data transfer library, each data transfer device using the encryption key to encrypt data and store encrypted data to a removable data storage item.
- Advantageously, providing a copy of the encryption key comprises providing the encryption key to a new data transfer library.
- In order that the present invention may be more readily understood, embodiments thereof will now be described, by way of example, with reference to the accompanying drawings, in which:
-
FIG. 1 is a schematic block diagram of a data transfer device library embodying the present invention; -
FIG. 2 is a schematic block diagram of a controller and tape drives of the library ofFIG. 1 ; and -
FIG. 3 is a diagram illustrating a method embodying the present invention. - Referring to
FIG. 1 , alibrary 1 comprises a plurality ofdata transfer devices 2 which are stacked in arack 3 or otherwise physically arranged with respect to an array 4 ofstorage bays 5 which contain removabledata storage items 6. There is in this example a controlled robot picker 7 operable to select a data storage item, insert that item in a data transfer device to read from or written to and to replace the item in a bay. Alibrary controller 10 is operable to coordinate operations within the library and may also be the mechanism which controls the picker, although the operations performed by the picker may also be performed manually. Thelibrary controller 10 has akey memory 11 to store an encryption/decryption key together with the serial number of the library 1 (or some other unique identifier of the library). The librarykey memory 11 is non-volatile. - Referring now to
FIG. 2 , eachtape drive 2 in thelibrary 1 comprises ahost interface 20, acontroller 21,firmware memory 22, amemory buffer 23, adata encryptor 24, adata formatter 25, a read/writechannel 26, and magnetic read/writeheads 27. - With the exception of the
data encryptor 24 and the software stored in thefirmware memory 22, the components of thetape drive 2 are identical to those employed in conventional tape drives. - The
controller 21 of thetape drive 2 comprises a microprocessor and executes instructions stored in thefirmware memory 22 to control the operation of thetape drive 2. In particular, thecontroller 21 responds to control commands received from thelibrary controller 10. - As previously mentioned, the
drive 2 contains adata encryptor 24 comprising anencryption engine 28 and a drivekey memory 29 which are incorporated into the chipset of the tape drive. Theencryption engine 28 is operable to encrypt data incoming to the tape drive with the key stored in the drivekey memory 29 before writing the then encrypted data to the tape cartridge via the read/writechannel 26 and the read/writeheads 27. Conversely, theencryption engine 28 is operable to decrypt data read from the tape cartridge with the key stored in the drivekey memory 29 before passing decrypted data to a host computer by thehost interface 20. Theencryption engine 28 in eachtape drive 2 relies on being supplied with the encryption key. This key is supplied by thelibrary controller 10. - The
library controller 10 is the controller that is also used to control the movement of thetape cartridges 6 by the robotic picker 7. There could, however, be an incorporated or distinct other controller in the library that is either dedicated to the task of supplying keys or provides other functionality such as management of the library. Any existing communication path between the tape drive and thelibrary controller 10 may be used to pass the key to thetape drive 2. The communication path should not, however, involve thehost interface 20 of thetape drive 2 so as to provide no opportunity for snooping the key via that route. - The method of key distribution is as follows and as illustrated in
FIG. 3 . Initially, themanufacturer 100 or a trusted third party (hereinafter manufacturer) generates S1 a unique encryption key suitable for use in an encryption engine of a tape drive to encrypt data for transfer to a tape. The generated key is pre-programmed S2 into the librarykey memory 11 which lies in the library controller. Each of these keys is unique to thatparticular library 1 and is stored in the library controllerkey memory 11 along with the library serial number or other unique library identifier for thatlibrary 1. - Each
library 1, comprising at least of alibrary controller 10 and plurality oftape drives 2, is shipped S3 by themanufacturer 100 with the key pre-programmed into the librarykey memory 11 to auser 200, usually a corporate entity. - The
library manufacturer 100 or trusted third party maintains S4 alibrary database 300 that matches the serial number of eachlibrary 1 to the pre-programmed key associated with thatlibrary 1. In the optional event that theuser 200 registers theirlibrary 1 with the library database, user information will also be appended S5 to the record for that library. User information may be maintained in the record by themanufacturer 100 who is usually aware of the identity of the end user. This provides a recovery solution in the case of a disaster with thelibrary 1. In that case, themanufacturer 100 is able to supply S3 areplacement library 1 to theuser 200 pre-programmed with the same key for recovering the user's data. This replacement key will thus be the same as the key used to encrypt the data on the user's tape cartridges. - Registration of the
library 1 by theuser 200 is optional but there are benefits in that themanufacturer 100 can maintain thelibrary database 300 and cross-check the record for that library with information derived from theuser 200—that being library serial number and user information—and flag any discrepancies. Upon registration of a library with thelibrary database 300, themanufacturer 100 may also provide acknowledgement and verification of first use of thelibrary 1 so as to confirm that the single key is being used to encrypt data for that library's tape cartridges. - The step of programming S2 the key into the
library 1 and maintaining thelibrary database 300 could be moved to a trusted third party if it was desired to prevent the original manufacturer having access to the keys. - As a part of the normal initialisation sequence of each library (which may take place when the
library 1 is in the care of themanufacturer 100 or the user 200), thelibrary controller 10 embodying the invention also writes the key stored in the librarykey memory 11 into the drivekey memory 29 of each of the tape drives 2 in thelibrary 1. This ensures that all cartridges that are written in that library are encrypted with the same key and so may be read by any tape drive in that library. Since the drivekey memory 29 can be repopulated with the key from the non-volatile librarykey memory 11, it is not essential for the drivekey memory 29 to be non-volatile. - Because such a large volume of data (all the tape cartridges in a library) are encrypted using the same encryption key, it is prudent to use a block encryption technique in which each block of data is encrypted using the same encryption key but different counter values, for example, using Gallois Counter Mode encryption. By ensuring that all tape cartridges still maintain unique key and counter combinations, the confidentiality of the data is not compromised even though so many cartridges are written using the same key.
- Further, by providing software access to the
key memory 11 in the tape library, the key can be updated as needed. The updated key would be distributed by thelibrary 1 to all the tape drives 2 in thelibrary 1. Clearly thelibrary database 300 maintaining records of the library serial number and encryption key would also need to be updated if the key is changed. - The main advantage of this arrangement is that lack of any key management tasks for the user. A user may use a library using this invention in the same way as they use a similar library with no encryption. As long as any restoring of data is done with this library, then there is no change to existing processes. Thus, this appeals to users who recognise the need for encryption but are not prepared to put any effort into managing the process.
- A further advantage of the present invention is that in the event that encrypted data need to be recovered from the tape cartridges of a single library, then only the one key for that entire library needs to be sent securely to the library to recover the data.
- The very simple key management also lessens the likelihood of creating problems matching the appropriate key to each cartridge.
- Although embodiments of the present invention have been described with reference to a
tape drive 3, it will be appreciated that the present invention is equally applicable to other types of data transfer devices, such as optical drives, in which data are stored to removable data storage items (e.g. CDs, DVDs). - When used in this specification and claims, the terms “comprises” and “comprising” and variations thereof mean that the specified features, steps or integers are included. The terms are not to be interpreted to exclude the presence of other features, steps or components.
- The features disclosed in the foregoing description, or the following claims, or the accompanying drawings, expressed in their specific forms or in terms of a means for performing the disclosed function, or a method or process for attaining the disclosed result, as appropriate, may, separately, or in any combination of such features, be utilised for realising the invention in diverse forms thereof.
Claims (19)
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB0520602.4 | 2005-10-11 | ||
GB0520602A GB2431250A (en) | 2005-10-11 | 2005-10-11 | Data transfer system |
Publications (2)
Publication Number | Publication Date |
---|---|
US20130251153A1 true US20130251153A1 (en) | 2013-09-26 |
US8549297B1 US8549297B1 (en) | 2013-10-01 |
Family
ID=35430139
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/494,294 Active 2032-07-27 US8549297B1 (en) | 2005-10-11 | 2006-07-26 | Data transfer device library and key distribution |
Country Status (2)
Country | Link |
---|---|
US (1) | US8549297B1 (en) |
GB (1) | GB2431250A (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP4040717B1 (en) * | 2011-12-15 | 2024-01-31 | INTEL Corporation | Method and device for secure communications over a network using a hardware security engine |
US11363100B2 (en) * | 2017-04-14 | 2022-06-14 | Quantum Corporation | Network attached device for accessing removable storage media |
US11329816B2 (en) | 2020-06-01 | 2022-05-10 | Hewlett Packard Enterprise Development Lp | Encryption keys for removable storage media |
Citations (49)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4281216A (en) * | 1979-04-02 | 1981-07-28 | Motorola Inc. | Key management for encryption/decryption systems |
US5093860A (en) * | 1990-09-27 | 1992-03-03 | Motorola, Inc. | Key management system |
US5481610A (en) * | 1994-02-28 | 1996-01-02 | Ericsson Inc. | Digital radio transceiver with encrypted key storage |
US5748744A (en) * | 1996-06-03 | 1998-05-05 | Vlsi Technology, Inc. | Secure mass storage system for computers |
US5940507A (en) * | 1997-02-11 | 1999-08-17 | Connected Corporation | Secure file archive through encryption key management |
US6039260A (en) * | 1988-12-12 | 2000-03-21 | Smartdiskette Gmbh | Intelligent cassette emulator device |
US6061791A (en) * | 1997-05-09 | 2000-05-09 | Connotech Experts-Conseils Inc. | Initial secret key establishment including facilities for verification of identity |
US20010033656A1 (en) * | 2000-01-31 | 2001-10-25 | Vdg, Inc. | Block encryption method and schemes for data confidentiality and integrity protection |
US20030051146A1 (en) * | 2001-09-11 | 2003-03-13 | Akihiro Ebina | Security realizing system in network |
US20030074319A1 (en) * | 2001-10-11 | 2003-04-17 | International Business Machines Corporation | Method, system, and program for securely providing keys to encode and decode data in a storage cartridge |
US20030177094A1 (en) * | 2002-03-15 | 2003-09-18 | Needham Bradford H. | Authenticatable positioning data |
US20030233573A1 (en) * | 2002-06-18 | 2003-12-18 | Phinney Thomas L. | System and method for securing network communications |
US20040078584A1 (en) * | 2002-08-23 | 2004-04-22 | General Instrument Corp. | Interchip transport bus copy protection |
US20040101138A1 (en) * | 2001-05-22 | 2004-05-27 | Dan Revital | Secure digital content delivery system and method over a broadcast network |
US20040101141A1 (en) * | 2002-11-27 | 2004-05-27 | Jukka Alve | System and method for securely installing a cryptographic system on a secure device |
US20040103292A1 (en) * | 2002-08-27 | 2004-05-27 | Fuji Photo Film U.S.A., Inc. | Recording method, recording system, and reproducing system of encryption data |
US20040101140A1 (en) * | 2002-11-25 | 2004-05-27 | Fuji Photo Film Co., Ltd. | Recording medium cartridge and a recording-and-reproducing apparatus thereof |
US20040107340A1 (en) * | 2000-11-03 | 2004-06-03 | Shuning Wann | Real time data encryption/decryption system and method for IDE/ATA data transfer |
US20040186991A1 (en) * | 2000-02-25 | 2004-09-23 | Genesis Microchip Corporation | Display unit storing and using a cryptography key |
US20040190860A1 (en) * | 2003-03-31 | 2004-09-30 | Fusao Ishiguchi | Equipment for digital video disc processing information on digital video disc using prescribed information serving as key, and method and apparatus for recording prescribed information |
US20040196759A1 (en) * | 2001-09-28 | 2004-10-07 | Kenzo Ishibashi | Optical disc |
US20050052661A1 (en) * | 1999-06-30 | 2005-03-10 | Paul Lapstun | Cartridge with identifiers |
US20050071591A1 (en) * | 2003-09-29 | 2005-03-31 | International Business Machines (Ibm) Corporation | Security in an automated data storage library |
US20050152670A1 (en) * | 2004-01-14 | 2005-07-14 | Quantum Corporation | Auxiliary memory in a tape cartridge |
US20050195979A1 (en) * | 2002-12-12 | 2005-09-08 | Universal Electronics Inc. | System and method for limiting access to data |
US20050219600A1 (en) * | 1999-06-30 | 2005-10-06 | Paul Lapstun | Cartridge with identifiers |
US20050226420A1 (en) * | 2002-05-17 | 2005-10-13 | Jakke Makela | Method and system in a digital wireless data communication network for arranging data encryption and corresponding server |
US20050257062A1 (en) * | 1998-03-11 | 2005-11-17 | Paul Ignatius | System and method for providing encryption in pipelined storage operations in a storage network |
US20050262361A1 (en) * | 2004-05-24 | 2005-11-24 | Seagate Technology Llc | System and method for magnetic storage disposal |
US20060015946A1 (en) * | 2004-07-16 | 2006-01-19 | Hitachi, Ltd. | Method and apparatus for secure data mirroring a storage system |
US7099477B2 (en) * | 2004-10-21 | 2006-08-29 | International Business Machines Corporation | Method and system for backup and restore of a context encryption key for a trusted device within a secured processing system |
US20060215305A1 (en) * | 2005-03-25 | 2006-09-28 | Fujitsu Limited | Apparatus and method for drive control, and computer product |
US20060224902A1 (en) * | 2005-03-30 | 2006-10-05 | Bolt Thomas B | Data management system for removable storage media |
US20060242431A1 (en) * | 2004-06-18 | 2006-10-26 | Emc Corporation | Storage data encryption |
US20060239165A1 (en) * | 1998-10-07 | 2006-10-26 | Sony Corporation | Apparatus and method for manufacturing optical disks, apparatus and method for recording data on optical disks, apparatus and method for reproducing data from optical disks, and optical disks formed with pits strings and mark strings |
US7200546B1 (en) * | 2002-09-05 | 2007-04-03 | Ultera Systems, Inc. | Tape storage emulator |
US20070101442A1 (en) * | 2005-11-03 | 2007-05-03 | Prostor Systems, Inc. | Secure data cartridge |
US20070136606A1 (en) * | 2005-12-08 | 2007-06-14 | Makio Mizuno | Storage system with built-in encryption function |
US20070180239A1 (en) * | 2005-07-21 | 2007-08-02 | Akira Fujibayashi | Storage system for data encryption |
US20070198855A1 (en) * | 2004-06-07 | 2007-08-23 | Pioneer Corporation, Tokorozawa Works | Information Recording Media, Information Recording Device And Method, Information Distribution Device And Method, And Computer Program |
US20070226520A1 (en) * | 2004-07-07 | 2007-09-27 | Kazuo Kuroda | Information Recording Medium, Information Recording Device and Method, Information Distribution Device and Method, and Computer Program |
US20080219449A1 (en) * | 2007-03-09 | 2008-09-11 | Ball Matthew V | Cryptographic key management for stored data |
US7599496B2 (en) * | 2002-08-27 | 2009-10-06 | Pine Valley Investments, Inc. | Secure encryption key distribution |
US7818585B2 (en) * | 2004-12-22 | 2010-10-19 | Sap Aktiengesellschaft | Secure license management |
US7869603B2 (en) * | 2007-07-24 | 2011-01-11 | International Business Machines Corporation | Encryption key path diagnostic |
US7869604B2 (en) * | 2007-07-24 | 2011-01-11 | International Business Machines Corporation | System for an encryption key path diagnostic |
US7920706B2 (en) * | 2002-10-28 | 2011-04-05 | Nokia Corporation | Method and system for managing cryptographic keys |
US20120084263A1 (en) * | 2005-08-09 | 2012-04-05 | Nexsan Technologies Canada Inc. | Data archiving system |
US8160257B1 (en) * | 2006-11-30 | 2012-04-17 | Netapp, Inc. | Tape failover across a cluster |
Family Cites Families (31)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP3143108B2 (en) | 1990-03-13 | 2001-03-07 | 株式会社日立製作所 | File encryption method and file encryption system |
GB2264373B (en) | 1992-02-05 | 1995-12-20 | Eurologic Research Limited | Data encryption apparatus and method |
US5887145A (en) | 1993-09-01 | 1999-03-23 | Sandisk Corporation | Removable mother/daughter peripheral card |
US5598470A (en) | 1994-04-25 | 1997-01-28 | International Business Machines Corporation | Method and apparatus for enabling trial period use of software products: Method and apparatus for utilizing a decryption block |
US5535279A (en) | 1994-12-15 | 1996-07-09 | Pitney Bowes Inc. | Postage accounting system including means for transmitting a bit-mapped image of variable information for driving an external printer |
US5651064A (en) * | 1995-03-08 | 1997-07-22 | 544483 Alberta Ltd. | System for preventing piracy of recorded media |
DE69613156T2 (en) | 1995-10-09 | 2001-10-25 | Matsushita Electric Ind Co Ltd | Optical playback device for playing encrypted information |
JP3866376B2 (en) | 1996-05-02 | 2007-01-10 | テキサス インスツルメンツ インコーポレイテツド | How to make only copyrighted material available for playback and use in a digital media system |
GB2315575A (en) | 1996-07-19 | 1998-02-04 | Ibm | Encryption circuit in I/O subsystem |
FR2751767B1 (en) | 1996-07-26 | 1998-12-18 | Thomson Csf | SECURE DATA STORAGE SYSTEM ON CD-ROM |
US6134660A (en) * | 1997-06-30 | 2000-10-17 | Telcordia Technologies, Inc. | Method for revoking computer backup files using cryptographic techniques |
US5970147A (en) | 1997-09-30 | 1999-10-19 | Intel Corporation | System and method for configuring and registering a cryptographic device |
GB2330682A (en) | 1997-10-22 | 1999-04-28 | Calluna Tech Ltd | Password access to an encrypted drive |
EP0913823B1 (en) | 1997-10-31 | 2013-05-22 | Hewlett-Packard Development Company, L.P. | Data encoding method and apparatus |
EP0913762A1 (en) | 1997-10-31 | 1999-05-06 | Hewlett-Packard Company | Data encoding scheme |
IL123028A (en) | 1998-01-22 | 2007-09-20 | Nds Ltd | Protection of data on media recording disks |
US6473861B1 (en) * | 1998-12-03 | 2002-10-29 | Joseph Forte | Magnetic optical encryption/decryption disk drive arrangement |
JP2000207829A (en) | 1999-01-11 | 2000-07-28 | Yamaha Corp | System for ciphering and releasing it |
US6691226B1 (en) | 1999-03-16 | 2004-02-10 | Western Digital Ventures, Inc. | Computer system with disk drive having private key validation means for enabling features |
US7278016B1 (en) | 1999-10-26 | 2007-10-02 | International Business Machines Corporation | Encryption/decryption of stored data using non-accessible, unique encryption key |
JP4457474B2 (en) | 2000-04-04 | 2010-04-28 | ソニー株式会社 | Information recording apparatus, information reproducing apparatus, information recording method, information reproducing method, information recording medium, and program providing medium |
US6871278B1 (en) | 2000-07-06 | 2005-03-22 | Lasercard Corporation | Secure transactions with passive storage media |
US20020188856A1 (en) | 2001-06-11 | 2002-12-12 | Brian Worby | Storage device with cryptographic capabilities |
CN100380494C (en) | 2001-10-12 | 2008-04-09 | 皇家飞利浦电子股份有限公司 | Apparatus and method for reading or writing user data |
JP3735300B2 (en) | 2002-01-31 | 2006-01-18 | 富士通株式会社 | Information recording / reproducing system capable of restricting access and access restriction method thereof |
US7376235B2 (en) | 2002-04-30 | 2008-05-20 | Microsoft Corporation | Methods and systems for frustrating statistical attacks by injecting pseudo data into a data system |
JP2004007260A (en) | 2002-05-31 | 2004-01-08 | Fujitsu Ltd | Encryption device, electronic apparatus, and encryption method |
KR20050122174A (en) | 2003-04-11 | 2005-12-28 | 소니 가부시끼 가이샤 | Information recording medium drive device |
US7774593B2 (en) | 2003-04-24 | 2010-08-10 | Panasonic Corporation | Encrypted packet, processing device, method, program, and program recording medium |
JP4698982B2 (en) | 2004-04-06 | 2011-06-08 | 株式会社日立製作所 | Storage system that performs cryptographic processing |
US7536355B2 (en) | 2004-06-10 | 2009-05-19 | Lsi Corporation | Content security system for screening applications |
-
2005
- 2005-10-11 GB GB0520602A patent/GB2431250A/en not_active Withdrawn
-
2006
- 2006-07-26 US US11/494,294 patent/US8549297B1/en active Active
Patent Citations (56)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4281216A (en) * | 1979-04-02 | 1981-07-28 | Motorola Inc. | Key management for encryption/decryption systems |
US6039260A (en) * | 1988-12-12 | 2000-03-21 | Smartdiskette Gmbh | Intelligent cassette emulator device |
US5093860A (en) * | 1990-09-27 | 1992-03-03 | Motorola, Inc. | Key management system |
US5481610A (en) * | 1994-02-28 | 1996-01-02 | Ericsson Inc. | Digital radio transceiver with encrypted key storage |
US5748744A (en) * | 1996-06-03 | 1998-05-05 | Vlsi Technology, Inc. | Secure mass storage system for computers |
US5940507A (en) * | 1997-02-11 | 1999-08-17 | Connected Corporation | Secure file archive through encryption key management |
US6754827B1 (en) * | 1997-02-11 | 2004-06-22 | Connected Corporation | Secure File Archive through encryption key management |
US6061791A (en) * | 1997-05-09 | 2000-05-09 | Connotech Experts-Conseils Inc. | Initial secret key establishment including facilities for verification of identity |
US7277941B2 (en) * | 1998-03-11 | 2007-10-02 | Commvault Systems, Inc. | System and method for providing encryption in a storage network by storing a secured encryption key with encrypted archive data in an archive storage device |
US20050257062A1 (en) * | 1998-03-11 | 2005-11-17 | Paul Ignatius | System and method for providing encryption in pipelined storage operations in a storage network |
US20060239165A1 (en) * | 1998-10-07 | 2006-10-26 | Sony Corporation | Apparatus and method for manufacturing optical disks, apparatus and method for recording data on optical disks, apparatus and method for reproducing data from optical disks, and optical disks formed with pits strings and mark strings |
US20060245329A1 (en) * | 1998-10-07 | 2006-11-02 | Sony Corporation | Apparatus and method for manufacturing optical disks, apparatus and method for recording data on optical disks, apparatus and method for reproducing data from optical disks, and optical disks formed with pits strings and mark strings |
US20050219600A1 (en) * | 1999-06-30 | 2005-10-06 | Paul Lapstun | Cartridge with identifiers |
US20050052661A1 (en) * | 1999-06-30 | 2005-03-10 | Paul Lapstun | Cartridge with identifiers |
US20010033656A1 (en) * | 2000-01-31 | 2001-10-25 | Vdg, Inc. | Block encryption method and schemes for data confidentiality and integrity protection |
US6845450B1 (en) * | 2000-02-25 | 2005-01-18 | Genesis Microchip Inc. | Display unit storing and using a cryptography key |
US20040186991A1 (en) * | 2000-02-25 | 2004-09-23 | Genesis Microchip Corporation | Display unit storing and using a cryptography key |
US20040107340A1 (en) * | 2000-11-03 | 2004-06-03 | Shuning Wann | Real time data encryption/decryption system and method for IDE/ATA data transfer |
US7995603B2 (en) * | 2001-05-22 | 2011-08-09 | Nds Limited | Secure digital content delivery system and method over a broadcast network |
US20040101138A1 (en) * | 2001-05-22 | 2004-05-27 | Dan Revital | Secure digital content delivery system and method over a broadcast network |
US20030051146A1 (en) * | 2001-09-11 | 2003-03-13 | Akihiro Ebina | Security realizing system in network |
US20040196759A1 (en) * | 2001-09-28 | 2004-10-07 | Kenzo Ishibashi | Optical disc |
US7865440B2 (en) * | 2001-10-11 | 2011-01-04 | International Business Machines Corporation | Method, system, and program for securely providing keys to encode and decode data in a storage cartridge |
US20030074319A1 (en) * | 2001-10-11 | 2003-04-17 | International Business Machines Corporation | Method, system, and program for securely providing keys to encode and decode data in a storage cartridge |
US20030177094A1 (en) * | 2002-03-15 | 2003-09-18 | Needham Bradford H. | Authenticatable positioning data |
US20050226420A1 (en) * | 2002-05-17 | 2005-10-13 | Jakke Makela | Method and system in a digital wireless data communication network for arranging data encryption and corresponding server |
US20030233573A1 (en) * | 2002-06-18 | 2003-12-18 | Phinney Thomas L. | System and method for securing network communications |
US20040078584A1 (en) * | 2002-08-23 | 2004-04-22 | General Instrument Corp. | Interchip transport bus copy protection |
US20040103292A1 (en) * | 2002-08-27 | 2004-05-27 | Fuji Photo Film U.S.A., Inc. | Recording method, recording system, and reproducing system of encryption data |
US7599496B2 (en) * | 2002-08-27 | 2009-10-06 | Pine Valley Investments, Inc. | Secure encryption key distribution |
US7200546B1 (en) * | 2002-09-05 | 2007-04-03 | Ultera Systems, Inc. | Tape storage emulator |
US7920706B2 (en) * | 2002-10-28 | 2011-04-05 | Nokia Corporation | Method and system for managing cryptographic keys |
US20040101140A1 (en) * | 2002-11-25 | 2004-05-27 | Fuji Photo Film Co., Ltd. | Recording medium cartridge and a recording-and-reproducing apparatus thereof |
US20040101141A1 (en) * | 2002-11-27 | 2004-05-27 | Jukka Alve | System and method for securely installing a cryptographic system on a secure device |
US20050195979A1 (en) * | 2002-12-12 | 2005-09-08 | Universal Electronics Inc. | System and method for limiting access to data |
US20040190860A1 (en) * | 2003-03-31 | 2004-09-30 | Fusao Ishiguchi | Equipment for digital video disc processing information on digital video disc using prescribed information serving as key, and method and apparatus for recording prescribed information |
US20050071591A1 (en) * | 2003-09-29 | 2005-03-31 | International Business Machines (Ibm) Corporation | Security in an automated data storage library |
US20050152670A1 (en) * | 2004-01-14 | 2005-07-14 | Quantum Corporation | Auxiliary memory in a tape cartridge |
US20050262361A1 (en) * | 2004-05-24 | 2005-11-24 | Seagate Technology Llc | System and method for magnetic storage disposal |
US20070198855A1 (en) * | 2004-06-07 | 2007-08-23 | Pioneer Corporation, Tokorozawa Works | Information Recording Media, Information Recording Device And Method, Information Distribution Device And Method, And Computer Program |
US20060242431A1 (en) * | 2004-06-18 | 2006-10-26 | Emc Corporation | Storage data encryption |
US20070226520A1 (en) * | 2004-07-07 | 2007-09-27 | Kazuo Kuroda | Information Recording Medium, Information Recording Device and Method, Information Distribution Device and Method, and Computer Program |
US20060015946A1 (en) * | 2004-07-16 | 2006-01-19 | Hitachi, Ltd. | Method and apparatus for secure data mirroring a storage system |
US7099477B2 (en) * | 2004-10-21 | 2006-08-29 | International Business Machines Corporation | Method and system for backup and restore of a context encryption key for a trusted device within a secured processing system |
US7818585B2 (en) * | 2004-12-22 | 2010-10-19 | Sap Aktiengesellschaft | Secure license management |
US20060215305A1 (en) * | 2005-03-25 | 2006-09-28 | Fujitsu Limited | Apparatus and method for drive control, and computer product |
US20060224902A1 (en) * | 2005-03-30 | 2006-10-05 | Bolt Thomas B | Data management system for removable storage media |
US20070180239A1 (en) * | 2005-07-21 | 2007-08-02 | Akira Fujibayashi | Storage system for data encryption |
US7627756B2 (en) * | 2005-07-21 | 2009-12-01 | Hitachi, Ltd. | Storage system for data encryption |
US20120084263A1 (en) * | 2005-08-09 | 2012-04-05 | Nexsan Technologies Canada Inc. | Data archiving system |
US20070101442A1 (en) * | 2005-11-03 | 2007-05-03 | Prostor Systems, Inc. | Secure data cartridge |
US20070136606A1 (en) * | 2005-12-08 | 2007-06-14 | Makio Mizuno | Storage system with built-in encryption function |
US8160257B1 (en) * | 2006-11-30 | 2012-04-17 | Netapp, Inc. | Tape failover across a cluster |
US20080219449A1 (en) * | 2007-03-09 | 2008-09-11 | Ball Matthew V | Cryptographic key management for stored data |
US7869603B2 (en) * | 2007-07-24 | 2011-01-11 | International Business Machines Corporation | Encryption key path diagnostic |
US7869604B2 (en) * | 2007-07-24 | 2011-01-11 | International Business Machines Corporation | System for an encryption key path diagnostic |
Also Published As
Publication number | Publication date |
---|---|
US8549297B1 (en) | 2013-10-01 |
GB0520602D0 (en) | 2005-11-16 |
GB2431250A (en) | 2007-04-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8635461B2 (en) | Retrieval and display of encryption labels from an encryption key manager certificate ID attached to key certificate | |
US11157420B2 (en) | Data storage drive with target of opportunity recognition | |
US20080063209A1 (en) | Distributed key store | |
US9472235B2 (en) | Bulk data erase utilizing an encryption technique | |
US20080063197A1 (en) | Storing encrypted data keys to a tape to allow a transport mechanism | |
US7971062B1 (en) | Token-based encryption key secure conveyance | |
US8750516B2 (en) | Rekeying encryption keys for removable storage media | |
US20080063206A1 (en) | Method for altering the access characteristics of encrypted data | |
US8656186B2 (en) | Use of indirect data keys for encrypted tape cartridges | |
US7882354B2 (en) | Use of device driver to function as a proxy between an encryption capable tape drive and a key manager | |
US20080165973A1 (en) | Retrieval and Display of Encryption Labels From an Encryption Key Manager | |
US20090196417A1 (en) | Secure disposal of storage data | |
US20150052369A1 (en) | Local Keying for Self-Encrypting Drives (SED) | |
JP2010503301A (en) | Method for configuring a storage drive to communicate with an encryption manager and a key manager | |
US20080063198A1 (en) | Storing EEDKS to tape outside of user data area | |
US20090052665A1 (en) | Bulk Data Erase Utilizing An Encryption Technique | |
US20070083758A1 (en) | Data transfer device | |
US20160012256A1 (en) | Data storage arrangement and key distribution | |
US8549297B1 (en) | Data transfer device library and key distribution | |
US7965844B2 (en) | System and method for processing user data in an encryption pipeline | |
US20090199016A1 (en) | Storage system, and encryption key management method and encryption key management program thereof | |
WO2023179378A1 (en) | Encryption method and apparatus and electronic device | |
US9251382B2 (en) | Mapping encrypted and decrypted data via key management system | |
US10073743B2 (en) | Data storage arrangement and key distribution | |
JPH0744464A (en) | Medium security management device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P., TEXAS Free format text: ASSIGNMENT BY OPERATION OF LAW;ASSIGNORS:TOPHAM, ANDREW;DREW, JOHN WILLIAM;WAKELIN, DUNCAN MARK;REEL/FRAME:018349/0101 Effective date: 20060913 |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
AS | Assignment |
Owner name: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP, TEXAS Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P.;REEL/FRAME:037079/0001 Effective date: 20151027 |
|
FPAY | Fee payment |
Year of fee payment: 4 |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY Year of fee payment: 8 |