| 发明名称 | Selective encryption of data stored on removeable media in an automated data storage library | ||
| 摘要 | In an automated data storage library, selective encryption for data stored or to be stored on removable media is provided. One or more encryption policies are established, each policy including a level of encryption, one or more encryption keys and the identity of one or more data cartridges. The encryption policies are stored in a policy table and the encryption keys are stored in a secure key server. A host requests access to a specified data cartridge and the cartridge is transported from a storage shelf in the library to a storage drive. Based on the identity of the specified cartridge, the corresponding encryption policy is selected from the table and the appropriate encryption key is obtained from the key server. The storage drive encrypts data in accordance with the key and stores the data on the media on an encryption table within the specified data cartridge. | ||
| 申请公布号 | US9471805(B2) | 申请公布日期 | 2016.10.18 |
| 申请号 | US201514843675 | 申请日期 | 2015.09.02 |
| 申请人 | INTERNATIONAL BUSINESS MACHINES CORPORATION | 发明人 | Fisher James A.;Goodman Brian G.;Jesionowski Leonard G. |
| 分类号 | G06F21/62;G06F21/80 | 主分类号 | G06F21/62 |
| 代理机构 | Griffiths & Seaton PLLC | 代理人 | Griffiths & Seaton PLLC |
| 主权项 | 1. A system for selective encryption of data in a data storage drive within a data storage library, comprising: at least one processor device; a user interface through which to receive a user input of one or more encryption policies, the one or more encryption policies being stored in a hardware memory of a library-drive interface, each encryption policy including a level of encryption, one or more cartridge identifiers, each cartridge identifier providing an encryption key representing a data cartridge stored in the library, and each cartridge identifier providing an identification of the encryption key to be used to encrypt data written to media in a data cartridge; at least one hardware processor device configured to: obtain a cartridge identifier of a data cartridge loaded into the storage drive; match the cartridge identifier with an associated encryption policy stored in the storage drive, the matching of the cartridge identifier with the associated encryption policy being performed at the storage drive; and the library-drive interface configured to: transmit a request to a key server for an encryption key in response to matching the cartridge identifier with a corresponding encryption policy; and receive the requested encryption key from the key server; an encryption controller to encrypt data to be written to the loaded data cartridge using the received requested encryption key, where data stored in the data storage library is selectively encrypted; and a memory for storing the one or more encryption policies in an encryption policy table, wherein selecting an encryption policy for the specified data cartridge is performed by the storage drive. | ||
| 地址 | Armonk NY US | ||