US20130251153A1 - Data transfer device library and key distribution - Google Patents

Data transfer device library and key distribution Download PDF

Info

Publication number
US20130251153A1
US20130251153A1 US11/494,294 US49429406A US2013251153A1 US 20130251153 A1 US20130251153 A1 US 20130251153A1 US 49429406 A US49429406 A US 49429406A US 2013251153 A1 US2013251153 A1 US 2013251153A1
Authority
US
United States
Prior art keywords
library
data
encryption key
data transfer
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
US11/494,294
Other versions
US8549297B1 (en
Inventor
Andrew Topham
John William Drew
Duncan Mark Wakelin
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hewlett Packard Enterprise Development LP
Original Assignee
Hewlett Packard Development Co LP
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hewlett Packard Development Co LP filed Critical Hewlett Packard Development Co LP
Assigned to HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P. reassignment HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P. ASSIGNMENT BY OPERATION OF LAW Assignors: DREW, JOHN WILLIAM, TOPHAM, ANDREW, WAKELIN, DUNCAN MARK
Publication of US20130251153A1 publication Critical patent/US20130251153A1/en
Application granted granted Critical
Publication of US8549297B1 publication Critical patent/US8549297B1/en
Assigned to HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP reassignment HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P.
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/80Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in storage media based on magnetic or optical technology, e.g. disks with sectors
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1408Protection against unauthorised use of memory or access to memory by using cryptography
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • G11B20/0021Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier
    • G11B20/00217Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier the cryptographic key used for encryption and/or decryption of contents recorded on or reproduced from the record carrier being read from a specific source
    • G11B20/00246Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier the cryptographic key used for encryption and/or decryption of contents recorded on or reproduced from the record carrier being read from a specific source wherein the key is obtained from a local device, e.g. device key initially stored by the player or by the recorder
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B2220/00Record carriers by type
    • G11B2220/90Tape-like record carriers

Definitions

  • This invention relates to a data transfer device library and a method of key distribution.
  • Encryption technology exists that can make the data on tape cartridges unreadable to any person without a correct decryption key. There may be a separate encryption/decryption key. It is difficult to manage the availability of encryption, decryption and encryption/decryption keys, especially keys in an environment with multiple tape drives such as a tape library.
  • the encryption at source solutions use software encryption running on the computer to which the backup devices are attached. This has the advantage of avoiding sending un-encrypted data over a network.
  • software-based encryption is typically slow and can impact backup performance.
  • the software must have some form of associated key management so one does not escape the problem of key management.
  • Encryption on the wire involves breaking the direct connection between the writing computer and the backup device and inserting an encrypting appliance into the break. This is generally a very expensive solution since such encrypting appliances are expensive. There is also again the key management issue.
  • the invention seeks to provide encryption in a multiple data transfer device environment without the user needing to become involved in the complexities of key management.
  • a method of distributing a key to encrypt data for storing on a removable data storage item in a data transfer device library comprising a controller having a key associated therewith and being connected to a plurality of data transfer devices each being operable to transfer data to a removable data storage item and having a key store, the method comprising: providing the key for the library to the controller; the controller providing the key to the key store of each data transfer device connected to the controller.
  • the controller upon initialisation of the library, provides the key to the key store of each data transfer device connected to the controller.
  • all the data written to the removable data storage items by the data transfer devices in the library are encrypted with the key in the key store of each data transfer device, the keys being the same.
  • data are encrypted using a block encryption technique in which each block of data is encrypted using the key and a respective counter value.
  • a data transfer device library comprising a plurality of data transfer devices connected to a controller having a key associated therewith, each data transfer device having a key store and being operable to encrypt data using a key stored in the key store and to transfer encrypted data to a removable data storage item, wherein the controller is operable to provide the key associated therewith to the key store of each data transfer device.
  • the controller is a library controller and has a library key store pre-programmed with the key.
  • the controller is distinct from a library controller and has a library key store pre-programmed with the key.
  • the controller has a non-volatile memory in which the key is writeable.
  • the controller is operable to provide the key to the key store of each data transfer device in response to initialisation of the library.
  • the controller is operable to receive a new key and to provide the new key to the key store of each data transfer device.
  • the library is a tape drive library; the data transfer devices are tape drives; and the data storage items are tape cartridges.
  • a data transfer device library comprising a plurality of data transfer devices, each data transfer device having means for storing a key; means for encrypting data using a key stored in the storing means; and means for transferring encrypted data to a removable data storage item, wherein the data transfer device library further comprises: means for storing an encryption key associated with the data transfer device library; and means for providing the encryption key to the storing means of each data transfer device.
  • a method of key management comprising: generating an encryption key; providing the encryption key to a data transfer library, the data transfer library having a unique library identifier and employing the encryption key to encrypt all data transferred to the data transfer library; storing an association of the encryption key and the unique library identifier; and subsequently providing a copy of the encryption key in the event that a copy of the unique library identifier is provided.
  • storing an association comprises maintaining a database of encryption keys and associated unique library identifiers.
  • the method is performed by a manufacturer of the data transfer library.
  • the method is performed by a trusted third party distinct from the manufacturer and/or user of the data transfer library.
  • the encryption key is provided to a controller of the data transfer library, and the controller is operable to distribute the encryption key to all data transfer devices within the data transfer library, each data transfer device using the encryption key to encrypt data and store encrypted data to a removable data storage item.
  • providing a copy of the encryption key comprises providing the encryption key to a new data transfer library.
  • FIG. 1 is a schematic block diagram of a data transfer device library embodying the present invention
  • FIG. 2 is a schematic block diagram of a controller and tape drives of the library of FIG. 1 ;
  • FIG. 3 is a diagram illustrating a method embodying the present invention.
  • a library 1 comprises a plurality of data transfer devices 2 which are stacked in a rack 3 or otherwise physically arranged with respect to an array 4 of storage bays 5 which contain removable data storage items 6 .
  • a controlled robot picker 7 operable to select a data storage item, insert that item in a data transfer device to read from or written to and to replace the item in a bay.
  • a library controller 10 is operable to coordinate operations within the library and may also be the mechanism which controls the picker, although the operations performed by the picker may also be performed manually.
  • the library controller 10 has a key memory 11 to store an encryption/decryption key together with the serial number of the library 1 (or some other unique identifier of the library).
  • the library key memory 11 is non-volatile.
  • each tape drive 2 in the library 1 comprises a host interface 20 , a controller 21 , firmware memory 22 , a memory buffer 23 , a data encryptor 24 , a data formatter 25 , a read/write channel 26 , and magnetic read/write heads 27 .
  • the components of the tape drive 2 are identical to those employed in conventional tape drives.
  • the controller 21 of the tape drive 2 comprises a microprocessor and executes instructions stored in the firmware memory 22 to control the operation of the tape drive 2 .
  • the controller 21 responds to control commands received from the library controller 10 .
  • the drive 2 contains a data encryptor 24 comprising an encryption engine 28 and a drive key memory 29 which are incorporated into the chipset of the tape drive.
  • the encryption engine 28 is operable to encrypt data incoming to the tape drive with the key stored in the drive key memory 29 before writing the then encrypted data to the tape cartridge via the read/write channel 26 and the read/write heads 27 .
  • the encryption engine 28 is operable to decrypt data read from the tape cartridge with the key stored in the drive key memory 29 before passing decrypted data to a host computer by the host interface 20 .
  • the encryption engine 28 in each tape drive 2 relies on being supplied with the encryption key. This key is supplied by the library controller 10 .
  • the library controller 10 is the controller that is also used to control the movement of the tape cartridges 6 by the robotic picker 7 . There could, however, be an incorporated or distinct other controller in the library that is either dedicated to the task of supplying keys or provides other functionality such as management of the library. Any existing communication path between the tape drive and the library controller 10 may be used to pass the key to the tape drive 2 . The communication path should not, however, involve the host interface 20 of the tape drive 2 so as to provide no opportunity for snooping the key via that route.
  • the method of key distribution is as follows and as illustrated in FIG. 3 .
  • the manufacturer 100 or a trusted third party (hereinafter manufacturer) generates S 1 a unique encryption key suitable for use in an encryption engine of a tape drive to encrypt data for transfer to a tape.
  • the generated key is pre-programmed S 2 into the library key memory 11 which lies in the library controller.
  • Each of these keys is unique to that particular library 1 and is stored in the library controller key memory 11 along with the library serial number or other unique library identifier for that library 1 .
  • Each library 1 comprising at least of a library controller 10 and plurality of tape drives 2 , is shipped S 3 by the manufacturer 100 with the key pre-programmed into the library key memory 11 to a user 200 , usually a corporate entity.
  • the library manufacturer 100 or trusted third party maintains S 4 a library database 300 that matches the serial number of each library 1 to the pre-programmed key associated with that library 1 .
  • user information will also be appended S 5 to the record for that library.
  • User information may be maintained in the record by the manufacturer 100 who is usually aware of the identity of the end user. This provides a recovery solution in the case of a disaster with the library 1 . In that case, the manufacturer 100 is able to supply S 3 a replacement library 1 to the user 200 pre-programmed with the same key for recovering the user's data. This replacement key will thus be the same as the key used to encrypt the data on the user's tape cartridges.
  • Registration of the library 1 by the user 200 is optional but there are benefits in that the manufacturer 100 can maintain the library database 300 and cross-check the record for that library with information derived from the user 200 —that being library serial number and user information—and flag any discrepancies.
  • the manufacturer 100 may also provide acknowledgement and verification of first use of the library 1 so as to confirm that the single key is being used to encrypt data for that library's tape cartridges.
  • the step of programming S 2 the key into the library 1 and maintaining the library database 300 could be moved to a trusted third party if it was desired to prevent the original manufacturer having access to the keys.
  • the library controller 10 embodying the invention also writes the key stored in the library key memory 11 into the drive key memory 29 of each of the tape drives 2 in the library 1 . This ensures that all cartridges that are written in that library are encrypted with the same key and so may be read by any tape drive in that library. Since the drive key memory 29 can be repopulated with the key from the non-volatile library key memory 11 , it is not essential for the drive key memory 29 to be non-volatile.
  • the key can be updated as needed.
  • the updated key would be distributed by the library 1 to all the tape drives 2 in the library 1 .
  • the library database 300 maintaining records of the library serial number and encryption key would also need to be updated if the key is changed.
  • the main advantage of this arrangement is that lack of any key management tasks for the user.
  • a user may use a library using this invention in the same way as they use a similar library with no encryption. As long as any restoring of data is done with this library, then there is no change to existing processes. Thus, this appeals to users who recognise the need for encryption but are not prepared to put any effort into managing the process.
  • a further advantage of the present invention is that in the event that encrypted data need to be recovered from the tape cartridges of a single library, then only the one key for that entire library needs to be sent securely to the library to recover the data.
  • the very simple key management also lessens the likelihood of creating problems matching the appropriate key to each cartridge.

Abstract

A method of distributing a key to encrypt data for storing on a removable data storage item in a data transfer device library, the library comprising a controller having a key associated therewith and being connected to a plurality of data transfer devices each being operable to transfer data to a removable data storage item and having a key store, the method comprising: providing the key for the library to the controller; the controller providing the key to the key store of each data transfer device connected to the controller. A data transfer device library is also disclosed.

Description

    FIELD OF THE INVENTION
  • This invention relates to a data transfer device library and a method of key distribution.
    • BACKGROUND OF THE INVENTION
  • Many institutions and corporations back up their data and use removable data storage items such as tape cartridges for storage. Data are usually backed up in a secure location such as an off-site library from where data can be restored in the event of disaster recovery. There have been instances of company data potentially losing its confidentiality due to the loss of backup tape cartridges. In the event that the data on a lost tape cartridge has not been encrypted, that data would be relatively easy for a non-authorised user to read. That situation is undesirable.
  • Where the backed up data are extremely sensitive, a need is perceived to encrypt the data and thereby improve security. Encryption technology exists that can make the data on tape cartridges unreadable to any person without a correct decryption key. There may be a separate encryption/decryption key. It is difficult to manage the availability of encryption, decryption and encryption/decryption keys, especially keys in an environment with multiple tape drives such as a tape library.
  • Current encryption solutions concentrate on encrypting the data either at source or on the wire.
  • The encryption at source solutions use software encryption running on the computer to which the backup devices are attached. This has the advantage of avoiding sending un-encrypted data over a network. However, such software-based encryption is typically slow and can impact backup performance. Also, the software must have some form of associated key management so one does not escape the problem of key management.
  • Encryption on the wire involves breaking the direct connection between the writing computer and the backup device and inserting an encrypting appliance into the break. This is generally a very expensive solution since such encrypting appliances are expensive. There is also again the key management issue.
    • SUMMARY OF THE INVENTION
  • The invention seeks to provide encryption in a multiple data transfer device environment without the user needing to become involved in the complexities of key management.
  • In accordance with the invention there is provided a method of distributing a key to encrypt data for storing on a removable data storage item in a data transfer device library, the library comprising a controller having a key associated therewith and being connected to a plurality of data transfer devices each being operable to transfer data to a removable data storage item and having a key store, the method comprising: providing the key for the library to the controller; the controller providing the key to the key store of each data transfer device connected to the controller.
  • Preferably, the controller, upon initialisation of the library, provides the key to the key store of each data transfer device connected to the controller.
  • Advantageously, all the data written to the removable data storage items by the data transfer devices in the library are encrypted with the key in the key store of each data transfer device, the keys being the same.
  • Conveniently, data are encrypted using a block encryption technique in which each block of data is encrypted using the key and a respective counter value.
  • Preferably, comprising maintaining a library database containing records of respective libraries and the key associated with a respective library.
  • In accordance with a further aspect of the invention, there is provided a data transfer device library comprising a plurality of data transfer devices connected to a controller having a key associated therewith, each data transfer device having a key store and being operable to encrypt data using a key stored in the key store and to transfer encrypted data to a removable data storage item, wherein the controller is operable to provide the key associated therewith to the key store of each data transfer device.
  • Preferably, the controller is a library controller and has a library key store pre-programmed with the key.
  • Alternatively, the controller is distinct from a library controller and has a library key store pre-programmed with the key.
  • Advantageously, the controller has a non-volatile memory in which the key is writeable.
  • Conveniently, the controller is operable to provide the key to the key store of each data transfer device in response to initialisation of the library.
  • Preferably, the controller is operable to receive a new key and to provide the new key to the key store of each data transfer device.
  • Advantageously, the library is a tape drive library; the data transfer devices are tape drives; and the data storage items are tape cartridges.
  • In accordance with a still further aspect of the invention, there is provided a data transfer device library comprising a plurality of data transfer devices, each data transfer device having means for storing a key; means for encrypting data using a key stored in the storing means; and means for transferring encrypted data to a removable data storage item, wherein the data transfer device library further comprises: means for storing an encryption key associated with the data transfer device library; and means for providing the encryption key to the storing means of each data transfer device.
  • In accordance with a yet further aspect of the invention, there is provided a method of key management comprising: generating an encryption key; providing the encryption key to a data transfer library, the data transfer library having a unique library identifier and employing the encryption key to encrypt all data transferred to the data transfer library; storing an association of the encryption key and the unique library identifier; and subsequently providing a copy of the encryption key in the event that a copy of the unique library identifier is provided.
  • Preferably, storing an association comprises maintaining a database of encryption keys and associated unique library identifiers.
  • Advantageously, the method is performed by a manufacturer of the data transfer library.
  • Conveniently, the method is performed by a trusted third party distinct from the manufacturer and/or user of the data transfer library.
  • Preferably, the encryption key is provided to a controller of the data transfer library, and the controller is operable to distribute the encryption key to all data transfer devices within the data transfer library, each data transfer device using the encryption key to encrypt data and store encrypted data to a removable data storage item.
  • Advantageously, providing a copy of the encryption key comprises providing the encryption key to a new data transfer library.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • In order that the present invention may be more readily understood, embodiments thereof will now be described, by way of example, with reference to the accompanying drawings, in which:
  • FIG. 1 is a schematic block diagram of a data transfer device library embodying the present invention;
  • FIG. 2 is a schematic block diagram of a controller and tape drives of the library of FIG. 1; and
  • FIG. 3 is a diagram illustrating a method embodying the present invention.
    •  DETAILED DESCRIPTION
  • Referring to FIG. 1, a library 1 comprises a plurality of data transfer devices 2 which are stacked in a rack 3 or otherwise physically arranged with respect to an array 4 of storage bays 5 which contain removable data storage items 6. There is in this example a controlled robot picker 7 operable to select a data storage item, insert that item in a data transfer device to read from or written to and to replace the item in a bay. A library controller 10 is operable to coordinate operations within the library and may also be the mechanism which controls the picker, although the operations performed by the picker may also be performed manually. The library controller 10 has a key memory 11 to store an encryption/decryption key together with the serial number of the library 1 (or some other unique identifier of the library). The library key memory 11 is non-volatile.
  • Referring now to FIG. 2, each tape drive 2 in the library 1 comprises a host interface 20, a controller 21, firmware memory 22, a memory buffer 23, a data encryptor 24, a data formatter 25, a read/write channel 26, and magnetic read/write heads 27.
  • With the exception of the data encryptor 24 and the software stored in the firmware memory 22, the components of the tape drive 2 are identical to those employed in conventional tape drives.
  • The controller 21 of the tape drive 2 comprises a microprocessor and executes instructions stored in the firmware memory 22 to control the operation of the tape drive 2. In particular, the controller 21 responds to control commands received from the library controller 10.
  • As previously mentioned, the drive 2 contains a data encryptor 24 comprising an encryption engine 28 and a drive key memory 29 which are incorporated into the chipset of the tape drive. The encryption engine 28 is operable to encrypt data incoming to the tape drive with the key stored in the drive key memory 29 before writing the then encrypted data to the tape cartridge via the read/write channel 26 and the read/write heads 27. Conversely, the encryption engine 28 is operable to decrypt data read from the tape cartridge with the key stored in the drive key memory 29 before passing decrypted data to a host computer by the host interface 20. The encryption engine 28 in each tape drive 2 relies on being supplied with the encryption key. This key is supplied by the library controller 10.
  • The library controller 10 is the controller that is also used to control the movement of the tape cartridges 6 by the robotic picker 7. There could, however, be an incorporated or distinct other controller in the library that is either dedicated to the task of supplying keys or provides other functionality such as management of the library. Any existing communication path between the tape drive and the library controller 10 may be used to pass the key to the tape drive 2. The communication path should not, however, involve the host interface 20 of the tape drive 2 so as to provide no opportunity for snooping the key via that route.
  • The method of key distribution is as follows and as illustrated in FIG. 3. Initially, the manufacturer 100 or a trusted third party (hereinafter manufacturer) generates S1 a unique encryption key suitable for use in an encryption engine of a tape drive to encrypt data for transfer to a tape. The generated key is pre-programmed S2 into the library key memory 11 which lies in the library controller. Each of these keys is unique to that particular library 1 and is stored in the library controller key memory 11 along with the library serial number or other unique library identifier for that library 1.
  • Each library 1, comprising at least of a library controller 10 and plurality of tape drives 2, is shipped S3 by the manufacturer 100 with the key pre-programmed into the library key memory 11 to a user 200, usually a corporate entity.
  • The library manufacturer 100 or trusted third party maintains S4 a library database 300 that matches the serial number of each library 1 to the pre-programmed key associated with that library 1. In the optional event that the user 200 registers their library 1 with the library database, user information will also be appended S5 to the record for that library. User information may be maintained in the record by the manufacturer 100 who is usually aware of the identity of the end user. This provides a recovery solution in the case of a disaster with the library 1. In that case, the manufacturer 100 is able to supply S3 a replacement library 1 to the user 200 pre-programmed with the same key for recovering the user's data. This replacement key will thus be the same as the key used to encrypt the data on the user's tape cartridges.
  • Registration of the library 1 by the user 200 is optional but there are benefits in that the manufacturer 100 can maintain the library database 300 and cross-check the record for that library with information derived from the user 200—that being library serial number and user information—and flag any discrepancies. Upon registration of a library with the library database 300, the manufacturer 100 may also provide acknowledgement and verification of first use of the library 1 so as to confirm that the single key is being used to encrypt data for that library's tape cartridges.
  • The step of programming S2 the key into the library 1 and maintaining the library database 300 could be moved to a trusted third party if it was desired to prevent the original manufacturer having access to the keys.
  • As a part of the normal initialisation sequence of each library (which may take place when the library 1 is in the care of the manufacturer 100 or the user 200), the library controller 10 embodying the invention also writes the key stored in the library key memory 11 into the drive key memory 29 of each of the tape drives 2 in the library 1. This ensures that all cartridges that are written in that library are encrypted with the same key and so may be read by any tape drive in that library. Since the drive key memory 29 can be repopulated with the key from the non-volatile library key memory 11, it is not essential for the drive key memory 29 to be non-volatile.
  • Because such a large volume of data (all the tape cartridges in a library) are encrypted using the same encryption key, it is prudent to use a block encryption technique in which each block of data is encrypted using the same encryption key but different counter values, for example, using Gallois Counter Mode encryption. By ensuring that all tape cartridges still maintain unique key and counter combinations, the confidentiality of the data is not compromised even though so many cartridges are written using the same key.
  • Further, by providing software access to the key memory 11 in the tape library, the key can be updated as needed. The updated key would be distributed by the library 1 to all the tape drives 2 in the library 1. Clearly the library database 300 maintaining records of the library serial number and encryption key would also need to be updated if the key is changed.
  • The main advantage of this arrangement is that lack of any key management tasks for the user. A user may use a library using this invention in the same way as they use a similar library with no encryption. As long as any restoring of data is done with this library, then there is no change to existing processes. Thus, this appeals to users who recognise the need for encryption but are not prepared to put any effort into managing the process.
  • A further advantage of the present invention is that in the event that encrypted data need to be recovered from the tape cartridges of a single library, then only the one key for that entire library needs to be sent securely to the library to recover the data.
  • The very simple key management also lessens the likelihood of creating problems matching the appropriate key to each cartridge.
  • Although embodiments of the present invention have been described with reference to a tape drive 3, it will be appreciated that the present invention is equally applicable to other types of data transfer devices, such as optical drives, in which data are stored to removable data storage items (e.g. CDs, DVDs).
  • When used in this specification and claims, the terms “comprises” and “comprising” and variations thereof mean that the specified features, steps or integers are included. The terms are not to be interpreted to exclude the presence of other features, steps or components.
  • The features disclosed in the foregoing description, or the following claims, or the accompanying drawings, expressed in their specific forms or in terms of a means for performing the disclosed function, or a method or process for attaining the disclosed result, as appropriate, may, separately, or in any combination of such features, be utilised for realising the invention in diverse forms thereof.

Claims (19)

1. A method of distributing an encryption key to encrypt data for storing on removable data storage items in a data transfer device library that is connected to a plurality of data transfer devices each being operable to transfer data to one of the removable data storage items and having a key store, the method comprising:
storing the encryption key in the library during manufacturing of the library;
providing the encryption key to a controller in the library; and
writing the encryption key from the controller to each of the plurality of data transfer devices so each of the plurality of data transfer devices encrypt data to the removable data storage items using the encryption key.
2. The method according to claim 1 further comprising:
storing, at a manufacturer of the library, the encryption key and an identification number of the library;
supplying a replacement library as a recovery solution to a customer, the replacement library being pre-programmed with the encryption key to enable the customer to recover data stored on the removable data storage items.
3. The method according to claim 1 further comprising:
shipping the library from a manufacturer to a customer with the encryption key stored in the library.
4. The method according to claim 1, wherein the data are encrypted in each of the plurality of data transfer devices using a block encryption technique in which each block of data is encrypted using the encryption key and a different counter value.
5. The method according to claim 1 further comprising:
encrypting data on the removable data storage items with the encryption key at each of the plurality of data transfer devices so the data on the removable data storage items can be read by any of the plurality of data transfer devices.
6. A data transfer device library comprising:
a controller having an encryption key that is programmed into the controller by a manufacturer of the library; and
a plurality of data transfer devices connected to the controller and each having a key store that stores the encryption key, wherein the controller provides the encryption key to each of the plurality of data transfer devices during initialization of the library so each of the plurality of data transfer devices encrypts data to removable data storage items using the encryption key.
7. The library according to claim 6, wherein the controller is programmed with the encryption key during manufacturing of the library.
8. The library according to claim 6, wherein the library is shipped to a customer with the encryption key programmed into the controller.
9. The library according to claim 6, wherein the manufacturer of the library maintains the encryption key so the manufacturer can provide a customer with a replacement library that is programmed with the encryption key to enable the customer to recover data stored on the removable data storage items.
10. The library according to claim 6, wherein the controller is operable to provide the encryption key to the key store of each data transfer device in response to initialization of the library.
11. The library according to claim 6, wherein the controller is operable to receive a new key and to provide the new key to the key store of each data transfer device.
12. The library according to claim 6, wherein:
the library is a tape drive library;
the data transfer devices are tape drives; and
the data storage items are tape cartridges.
13. The library according to claim 6, wherein each of the plurality of data transfer devices encrypt data to the removable data storage items using a same encryption key so the data on the removable data storage items can be read by any of the plurality of data transfer devices.
14. A method of key management comprising:
generating an encryption key;
storing the encryption key in a data transfer library so the data transfer library can be shipped to a customer with the encryption key, the data transfer library having a unique library identifier and employing the encryption key to encrypt all data transferred to the data transfer library;
storing, with a third party separate from the customer, the encryption key and the unique library identifier; and
subsequently providing a copy of the encryption key from the third party to the customer in the event that a copy of the unique library identifier is provided to the third party by the customer.
15. The method according to claim 14, wherein the encryption key is generated by a manufacturer of a data transfer library.
16. The method according to claim 14 further comprising:
writing the encryption key to each of a plurality of tape drives when the data transfer library is initialized so each of the plurality of tape drives can encrypt data to tape cartridges with the encryption key.
17. The method according to claim 14, wherein the third party is distinct from the customer and a manufacturer of the data transfer library.
18. The method according to claim 14, wherein the encryption key is provided to a controller of the data transfer library, and the controller is operable to distribute the encryption key to all data transfer devices within the data transfer library, each data transfer device using the encryption key to encrypt data and store encrypted data to a removable data storage item.
19. The method according to claim 14 further comprising:
supplying a replacement library as a recovery solution to the customer, the replacement library being pre-programmed with the encryption key to enable the customer to recover data stored on a removable data storage items.
US11/494,294 2005-10-11 2006-07-26 Data transfer device library and key distribution Active 2032-07-27 US8549297B1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB0520602.4 2005-10-11
GB0520602A GB2431250A (en) 2005-10-11 2005-10-11 Data transfer system

Publications (2)

Publication Number Publication Date
US20130251153A1 true US20130251153A1 (en) 2013-09-26
US8549297B1 US8549297B1 (en) 2013-10-01

Family

ID=35430139

Family Applications (1)

Application Number Title Priority Date Filing Date
US11/494,294 Active 2032-07-27 US8549297B1 (en) 2005-10-11 2006-07-26 Data transfer device library and key distribution

Country Status (2)

Country Link
US (1) US8549297B1 (en)
GB (1) GB2431250A (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP4040717B1 (en) * 2011-12-15 2024-01-31 INTEL Corporation Method and device for secure communications over a network using a hardware security engine
US11363100B2 (en) * 2017-04-14 2022-06-14 Quantum Corporation Network attached device for accessing removable storage media
US11329816B2 (en) 2020-06-01 2022-05-10 Hewlett Packard Enterprise Development Lp Encryption keys for removable storage media

Citations (49)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4281216A (en) * 1979-04-02 1981-07-28 Motorola Inc. Key management for encryption/decryption systems
US5093860A (en) * 1990-09-27 1992-03-03 Motorola, Inc. Key management system
US5481610A (en) * 1994-02-28 1996-01-02 Ericsson Inc. Digital radio transceiver with encrypted key storage
US5748744A (en) * 1996-06-03 1998-05-05 Vlsi Technology, Inc. Secure mass storage system for computers
US5940507A (en) * 1997-02-11 1999-08-17 Connected Corporation Secure file archive through encryption key management
US6039260A (en) * 1988-12-12 2000-03-21 Smartdiskette Gmbh Intelligent cassette emulator device
US6061791A (en) * 1997-05-09 2000-05-09 Connotech Experts-Conseils Inc. Initial secret key establishment including facilities for verification of identity
US20010033656A1 (en) * 2000-01-31 2001-10-25 Vdg, Inc. Block encryption method and schemes for data confidentiality and integrity protection
US20030051146A1 (en) * 2001-09-11 2003-03-13 Akihiro Ebina Security realizing system in network
US20030074319A1 (en) * 2001-10-11 2003-04-17 International Business Machines Corporation Method, system, and program for securely providing keys to encode and decode data in a storage cartridge
US20030177094A1 (en) * 2002-03-15 2003-09-18 Needham Bradford H. Authenticatable positioning data
US20030233573A1 (en) * 2002-06-18 2003-12-18 Phinney Thomas L. System and method for securing network communications
US20040078584A1 (en) * 2002-08-23 2004-04-22 General Instrument Corp. Interchip transport bus copy protection
US20040101138A1 (en) * 2001-05-22 2004-05-27 Dan Revital Secure digital content delivery system and method over a broadcast network
US20040101141A1 (en) * 2002-11-27 2004-05-27 Jukka Alve System and method for securely installing a cryptographic system on a secure device
US20040103292A1 (en) * 2002-08-27 2004-05-27 Fuji Photo Film U.S.A., Inc. Recording method, recording system, and reproducing system of encryption data
US20040101140A1 (en) * 2002-11-25 2004-05-27 Fuji Photo Film Co., Ltd. Recording medium cartridge and a recording-and-reproducing apparatus thereof
US20040107340A1 (en) * 2000-11-03 2004-06-03 Shuning Wann Real time data encryption/decryption system and method for IDE/ATA data transfer
US20040186991A1 (en) * 2000-02-25 2004-09-23 Genesis Microchip Corporation Display unit storing and using a cryptography key
US20040190860A1 (en) * 2003-03-31 2004-09-30 Fusao Ishiguchi Equipment for digital video disc processing information on digital video disc using prescribed information serving as key, and method and apparatus for recording prescribed information
US20040196759A1 (en) * 2001-09-28 2004-10-07 Kenzo Ishibashi Optical disc
US20050052661A1 (en) * 1999-06-30 2005-03-10 Paul Lapstun Cartridge with identifiers
US20050071591A1 (en) * 2003-09-29 2005-03-31 International Business Machines (Ibm) Corporation Security in an automated data storage library
US20050152670A1 (en) * 2004-01-14 2005-07-14 Quantum Corporation Auxiliary memory in a tape cartridge
US20050195979A1 (en) * 2002-12-12 2005-09-08 Universal Electronics Inc. System and method for limiting access to data
US20050219600A1 (en) * 1999-06-30 2005-10-06 Paul Lapstun Cartridge with identifiers
US20050226420A1 (en) * 2002-05-17 2005-10-13 Jakke Makela Method and system in a digital wireless data communication network for arranging data encryption and corresponding server
US20050257062A1 (en) * 1998-03-11 2005-11-17 Paul Ignatius System and method for providing encryption in pipelined storage operations in a storage network
US20050262361A1 (en) * 2004-05-24 2005-11-24 Seagate Technology Llc System and method for magnetic storage disposal
US20060015946A1 (en) * 2004-07-16 2006-01-19 Hitachi, Ltd. Method and apparatus for secure data mirroring a storage system
US7099477B2 (en) * 2004-10-21 2006-08-29 International Business Machines Corporation Method and system for backup and restore of a context encryption key for a trusted device within a secured processing system
US20060215305A1 (en) * 2005-03-25 2006-09-28 Fujitsu Limited Apparatus and method for drive control, and computer product
US20060224902A1 (en) * 2005-03-30 2006-10-05 Bolt Thomas B Data management system for removable storage media
US20060242431A1 (en) * 2004-06-18 2006-10-26 Emc Corporation Storage data encryption
US20060239165A1 (en) * 1998-10-07 2006-10-26 Sony Corporation Apparatus and method for manufacturing optical disks, apparatus and method for recording data on optical disks, apparatus and method for reproducing data from optical disks, and optical disks formed with pits strings and mark strings
US7200546B1 (en) * 2002-09-05 2007-04-03 Ultera Systems, Inc. Tape storage emulator
US20070101442A1 (en) * 2005-11-03 2007-05-03 Prostor Systems, Inc. Secure data cartridge
US20070136606A1 (en) * 2005-12-08 2007-06-14 Makio Mizuno Storage system with built-in encryption function
US20070180239A1 (en) * 2005-07-21 2007-08-02 Akira Fujibayashi Storage system for data encryption
US20070198855A1 (en) * 2004-06-07 2007-08-23 Pioneer Corporation, Tokorozawa Works Information Recording Media, Information Recording Device And Method, Information Distribution Device And Method, And Computer Program
US20070226520A1 (en) * 2004-07-07 2007-09-27 Kazuo Kuroda Information Recording Medium, Information Recording Device and Method, Information Distribution Device and Method, and Computer Program
US20080219449A1 (en) * 2007-03-09 2008-09-11 Ball Matthew V Cryptographic key management for stored data
US7599496B2 (en) * 2002-08-27 2009-10-06 Pine Valley Investments, Inc. Secure encryption key distribution
US7818585B2 (en) * 2004-12-22 2010-10-19 Sap Aktiengesellschaft Secure license management
US7869603B2 (en) * 2007-07-24 2011-01-11 International Business Machines Corporation Encryption key path diagnostic
US7869604B2 (en) * 2007-07-24 2011-01-11 International Business Machines Corporation System for an encryption key path diagnostic
US7920706B2 (en) * 2002-10-28 2011-04-05 Nokia Corporation Method and system for managing cryptographic keys
US20120084263A1 (en) * 2005-08-09 2012-04-05 Nexsan Technologies Canada Inc. Data archiving system
US8160257B1 (en) * 2006-11-30 2012-04-17 Netapp, Inc. Tape failover across a cluster

Family Cites Families (31)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP3143108B2 (en) 1990-03-13 2001-03-07 株式会社日立製作所 File encryption method and file encryption system
GB2264373B (en) 1992-02-05 1995-12-20 Eurologic Research Limited Data encryption apparatus and method
US5887145A (en) 1993-09-01 1999-03-23 Sandisk Corporation Removable mother/daughter peripheral card
US5598470A (en) 1994-04-25 1997-01-28 International Business Machines Corporation Method and apparatus for enabling trial period use of software products: Method and apparatus for utilizing a decryption block
US5535279A (en) 1994-12-15 1996-07-09 Pitney Bowes Inc. Postage accounting system including means for transmitting a bit-mapped image of variable information for driving an external printer
US5651064A (en) * 1995-03-08 1997-07-22 544483 Alberta Ltd. System for preventing piracy of recorded media
DE69613156T2 (en) 1995-10-09 2001-10-25 Matsushita Electric Ind Co Ltd Optical playback device for playing encrypted information
JP3866376B2 (en) 1996-05-02 2007-01-10 テキサス インスツルメンツ インコーポレイテツド How to make only copyrighted material available for playback and use in a digital media system
GB2315575A (en) 1996-07-19 1998-02-04 Ibm Encryption circuit in I/O subsystem
FR2751767B1 (en) 1996-07-26 1998-12-18 Thomson Csf SECURE DATA STORAGE SYSTEM ON CD-ROM
US6134660A (en) * 1997-06-30 2000-10-17 Telcordia Technologies, Inc. Method for revoking computer backup files using cryptographic techniques
US5970147A (en) 1997-09-30 1999-10-19 Intel Corporation System and method for configuring and registering a cryptographic device
GB2330682A (en) 1997-10-22 1999-04-28 Calluna Tech Ltd Password access to an encrypted drive
EP0913823B1 (en) 1997-10-31 2013-05-22 Hewlett-Packard Development Company, L.P. Data encoding method and apparatus
EP0913762A1 (en) 1997-10-31 1999-05-06 Hewlett-Packard Company Data encoding scheme
IL123028A (en) 1998-01-22 2007-09-20 Nds Ltd Protection of data on media recording disks
US6473861B1 (en) * 1998-12-03 2002-10-29 Joseph Forte Magnetic optical encryption/decryption disk drive arrangement
JP2000207829A (en) 1999-01-11 2000-07-28 Yamaha Corp System for ciphering and releasing it
US6691226B1 (en) 1999-03-16 2004-02-10 Western Digital Ventures, Inc. Computer system with disk drive having private key validation means for enabling features
US7278016B1 (en) 1999-10-26 2007-10-02 International Business Machines Corporation Encryption/decryption of stored data using non-accessible, unique encryption key
JP4457474B2 (en) 2000-04-04 2010-04-28 ソニー株式会社 Information recording apparatus, information reproducing apparatus, information recording method, information reproducing method, information recording medium, and program providing medium
US6871278B1 (en) 2000-07-06 2005-03-22 Lasercard Corporation Secure transactions with passive storage media
US20020188856A1 (en) 2001-06-11 2002-12-12 Brian Worby Storage device with cryptographic capabilities
CN100380494C (en) 2001-10-12 2008-04-09 皇家飞利浦电子股份有限公司 Apparatus and method for reading or writing user data
JP3735300B2 (en) 2002-01-31 2006-01-18 富士通株式会社 Information recording / reproducing system capable of restricting access and access restriction method thereof
US7376235B2 (en) 2002-04-30 2008-05-20 Microsoft Corporation Methods and systems for frustrating statistical attacks by injecting pseudo data into a data system
JP2004007260A (en) 2002-05-31 2004-01-08 Fujitsu Ltd Encryption device, electronic apparatus, and encryption method
KR20050122174A (en) 2003-04-11 2005-12-28 소니 가부시끼 가이샤 Information recording medium drive device
US7774593B2 (en) 2003-04-24 2010-08-10 Panasonic Corporation Encrypted packet, processing device, method, program, and program recording medium
JP4698982B2 (en) 2004-04-06 2011-06-08 株式会社日立製作所 Storage system that performs cryptographic processing
US7536355B2 (en) 2004-06-10 2009-05-19 Lsi Corporation Content security system for screening applications

Patent Citations (56)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4281216A (en) * 1979-04-02 1981-07-28 Motorola Inc. Key management for encryption/decryption systems
US6039260A (en) * 1988-12-12 2000-03-21 Smartdiskette Gmbh Intelligent cassette emulator device
US5093860A (en) * 1990-09-27 1992-03-03 Motorola, Inc. Key management system
US5481610A (en) * 1994-02-28 1996-01-02 Ericsson Inc. Digital radio transceiver with encrypted key storage
US5748744A (en) * 1996-06-03 1998-05-05 Vlsi Technology, Inc. Secure mass storage system for computers
US5940507A (en) * 1997-02-11 1999-08-17 Connected Corporation Secure file archive through encryption key management
US6754827B1 (en) * 1997-02-11 2004-06-22 Connected Corporation Secure File Archive through encryption key management
US6061791A (en) * 1997-05-09 2000-05-09 Connotech Experts-Conseils Inc. Initial secret key establishment including facilities for verification of identity
US7277941B2 (en) * 1998-03-11 2007-10-02 Commvault Systems, Inc. System and method for providing encryption in a storage network by storing a secured encryption key with encrypted archive data in an archive storage device
US20050257062A1 (en) * 1998-03-11 2005-11-17 Paul Ignatius System and method for providing encryption in pipelined storage operations in a storage network
US20060239165A1 (en) * 1998-10-07 2006-10-26 Sony Corporation Apparatus and method for manufacturing optical disks, apparatus and method for recording data on optical disks, apparatus and method for reproducing data from optical disks, and optical disks formed with pits strings and mark strings
US20060245329A1 (en) * 1998-10-07 2006-11-02 Sony Corporation Apparatus and method for manufacturing optical disks, apparatus and method for recording data on optical disks, apparatus and method for reproducing data from optical disks, and optical disks formed with pits strings and mark strings
US20050219600A1 (en) * 1999-06-30 2005-10-06 Paul Lapstun Cartridge with identifiers
US20050052661A1 (en) * 1999-06-30 2005-03-10 Paul Lapstun Cartridge with identifiers
US20010033656A1 (en) * 2000-01-31 2001-10-25 Vdg, Inc. Block encryption method and schemes for data confidentiality and integrity protection
US6845450B1 (en) * 2000-02-25 2005-01-18 Genesis Microchip Inc. Display unit storing and using a cryptography key
US20040186991A1 (en) * 2000-02-25 2004-09-23 Genesis Microchip Corporation Display unit storing and using a cryptography key
US20040107340A1 (en) * 2000-11-03 2004-06-03 Shuning Wann Real time data encryption/decryption system and method for IDE/ATA data transfer
US7995603B2 (en) * 2001-05-22 2011-08-09 Nds Limited Secure digital content delivery system and method over a broadcast network
US20040101138A1 (en) * 2001-05-22 2004-05-27 Dan Revital Secure digital content delivery system and method over a broadcast network
US20030051146A1 (en) * 2001-09-11 2003-03-13 Akihiro Ebina Security realizing system in network
US20040196759A1 (en) * 2001-09-28 2004-10-07 Kenzo Ishibashi Optical disc
US7865440B2 (en) * 2001-10-11 2011-01-04 International Business Machines Corporation Method, system, and program for securely providing keys to encode and decode data in a storage cartridge
US20030074319A1 (en) * 2001-10-11 2003-04-17 International Business Machines Corporation Method, system, and program for securely providing keys to encode and decode data in a storage cartridge
US20030177094A1 (en) * 2002-03-15 2003-09-18 Needham Bradford H. Authenticatable positioning data
US20050226420A1 (en) * 2002-05-17 2005-10-13 Jakke Makela Method and system in a digital wireless data communication network for arranging data encryption and corresponding server
US20030233573A1 (en) * 2002-06-18 2003-12-18 Phinney Thomas L. System and method for securing network communications
US20040078584A1 (en) * 2002-08-23 2004-04-22 General Instrument Corp. Interchip transport bus copy protection
US20040103292A1 (en) * 2002-08-27 2004-05-27 Fuji Photo Film U.S.A., Inc. Recording method, recording system, and reproducing system of encryption data
US7599496B2 (en) * 2002-08-27 2009-10-06 Pine Valley Investments, Inc. Secure encryption key distribution
US7200546B1 (en) * 2002-09-05 2007-04-03 Ultera Systems, Inc. Tape storage emulator
US7920706B2 (en) * 2002-10-28 2011-04-05 Nokia Corporation Method and system for managing cryptographic keys
US20040101140A1 (en) * 2002-11-25 2004-05-27 Fuji Photo Film Co., Ltd. Recording medium cartridge and a recording-and-reproducing apparatus thereof
US20040101141A1 (en) * 2002-11-27 2004-05-27 Jukka Alve System and method for securely installing a cryptographic system on a secure device
US20050195979A1 (en) * 2002-12-12 2005-09-08 Universal Electronics Inc. System and method for limiting access to data
US20040190860A1 (en) * 2003-03-31 2004-09-30 Fusao Ishiguchi Equipment for digital video disc processing information on digital video disc using prescribed information serving as key, and method and apparatus for recording prescribed information
US20050071591A1 (en) * 2003-09-29 2005-03-31 International Business Machines (Ibm) Corporation Security in an automated data storage library
US20050152670A1 (en) * 2004-01-14 2005-07-14 Quantum Corporation Auxiliary memory in a tape cartridge
US20050262361A1 (en) * 2004-05-24 2005-11-24 Seagate Technology Llc System and method for magnetic storage disposal
US20070198855A1 (en) * 2004-06-07 2007-08-23 Pioneer Corporation, Tokorozawa Works Information Recording Media, Information Recording Device And Method, Information Distribution Device And Method, And Computer Program
US20060242431A1 (en) * 2004-06-18 2006-10-26 Emc Corporation Storage data encryption
US20070226520A1 (en) * 2004-07-07 2007-09-27 Kazuo Kuroda Information Recording Medium, Information Recording Device and Method, Information Distribution Device and Method, and Computer Program
US20060015946A1 (en) * 2004-07-16 2006-01-19 Hitachi, Ltd. Method and apparatus for secure data mirroring a storage system
US7099477B2 (en) * 2004-10-21 2006-08-29 International Business Machines Corporation Method and system for backup and restore of a context encryption key for a trusted device within a secured processing system
US7818585B2 (en) * 2004-12-22 2010-10-19 Sap Aktiengesellschaft Secure license management
US20060215305A1 (en) * 2005-03-25 2006-09-28 Fujitsu Limited Apparatus and method for drive control, and computer product
US20060224902A1 (en) * 2005-03-30 2006-10-05 Bolt Thomas B Data management system for removable storage media
US20070180239A1 (en) * 2005-07-21 2007-08-02 Akira Fujibayashi Storage system for data encryption
US7627756B2 (en) * 2005-07-21 2009-12-01 Hitachi, Ltd. Storage system for data encryption
US20120084263A1 (en) * 2005-08-09 2012-04-05 Nexsan Technologies Canada Inc. Data archiving system
US20070101442A1 (en) * 2005-11-03 2007-05-03 Prostor Systems, Inc. Secure data cartridge
US20070136606A1 (en) * 2005-12-08 2007-06-14 Makio Mizuno Storage system with built-in encryption function
US8160257B1 (en) * 2006-11-30 2012-04-17 Netapp, Inc. Tape failover across a cluster
US20080219449A1 (en) * 2007-03-09 2008-09-11 Ball Matthew V Cryptographic key management for stored data
US7869603B2 (en) * 2007-07-24 2011-01-11 International Business Machines Corporation Encryption key path diagnostic
US7869604B2 (en) * 2007-07-24 2011-01-11 International Business Machines Corporation System for an encryption key path diagnostic

Also Published As

Publication number Publication date
US8549297B1 (en) 2013-10-01
GB0520602D0 (en) 2005-11-16
GB2431250A (en) 2007-04-18

Similar Documents

Publication Publication Date Title
US8635461B2 (en) Retrieval and display of encryption labels from an encryption key manager certificate ID attached to key certificate
US11157420B2 (en) Data storage drive with target of opportunity recognition
US20080063209A1 (en) Distributed key store
US9472235B2 (en) Bulk data erase utilizing an encryption technique
US20080063197A1 (en) Storing encrypted data keys to a tape to allow a transport mechanism
US7971062B1 (en) Token-based encryption key secure conveyance
US8750516B2 (en) Rekeying encryption keys for removable storage media
US20080063206A1 (en) Method for altering the access characteristics of encrypted data
US8656186B2 (en) Use of indirect data keys for encrypted tape cartridges
US7882354B2 (en) Use of device driver to function as a proxy between an encryption capable tape drive and a key manager
US20080165973A1 (en) Retrieval and Display of Encryption Labels From an Encryption Key Manager
US20090196417A1 (en) Secure disposal of storage data
US20150052369A1 (en) Local Keying for Self-Encrypting Drives (SED)
JP2010503301A (en) Method for configuring a storage drive to communicate with an encryption manager and a key manager
US20080063198A1 (en) Storing EEDKS to tape outside of user data area
US20090052665A1 (en) Bulk Data Erase Utilizing An Encryption Technique
US20070083758A1 (en) Data transfer device
US20160012256A1 (en) Data storage arrangement and key distribution
US8549297B1 (en) Data transfer device library and key distribution
US7965844B2 (en) System and method for processing user data in an encryption pipeline
US20090199016A1 (en) Storage system, and encryption key management method and encryption key management program thereof
WO2023179378A1 (en) Encryption method and apparatus and electronic device
US9251382B2 (en) Mapping encrypted and decrypted data via key management system
US10073743B2 (en) Data storage arrangement and key distribution
JPH0744464A (en) Medium security management device

Legal Events

Date Code Title Description
AS Assignment

Owner name: HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P., TEXAS

Free format text: ASSIGNMENT BY OPERATION OF LAW;ASSIGNORS:TOPHAM, ANDREW;DREW, JOHN WILLIAM;WAKELIN, DUNCAN MARK;REEL/FRAME:018349/0101

Effective date: 20060913

STCF Information on status: patent grant

Free format text: PATENTED CASE

AS Assignment

Owner name: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP, TEXAS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P.;REEL/FRAME:037079/0001

Effective date: 20151027

FPAY Fee payment

Year of fee payment: 4

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 8