Encrypted tape access control via challenge-response protocol

摘要

Access to encrypted data on a removable computer media such as a computer tape is controlled via a uniquely-structured header on the medium having a symmetrical key wrapped by asymmetrical encryption plus a public key associated with the asymmetrical encryption. The data on the medium is encrypted using the symmetrical key. Prior to automated reading of the data by a reader, a challenge is issued to a host system including the public key and preferably a nonce value. The host responds by signing the nonce using a private key associated with the public key in order to prove it has rights to decrypt the data. The symmetrical key is unwrapped using the private key, and finally the unwrapped symmetrical key is used to decrypt the data on the medium, thereby allowing automated reading of the tape data without the need or risk of two administrators sharing a symmetrical key value.

主权项

1. A system for protecting duplicated data from unauthorized access through compromise of a user password comprising:
a hardware processor for performing a logical process; a first, a second and a third computer readable storage memory hardware device suitable for encoding computer executable programs and data structures, wherein the second and third computer readable storage memory hardware devices are removable; a data structure in the second computer-readable tangible storage memory hardware device consisting of:
header area comprising a symmetrical key wrapped by asymmetrical encryption, and a public key associated with the asymmetrical encryption, andan encrypted data area in which protected data is encrypted according to the symmetrical key; and instructions encoded by the first computer readable storage memory hardware device for causing a storage device reader processor to:
receive the second computer-readable tangible storage device;responsive to the receiving, issue a challenge containing the public key to an automated host computer external to the storage device reader, responsive to the issuing, receiving a response from the external automated host computer signed by a private key associated with the public key, and verifying the received signed response; andresponsive to the verifying failing, allowing duplication of the data structure from the second computer-readable tangible storage memory hardware device onto the third computer-readable tangible storage memory hardware device while preventing unwrapping of the symmetrical key using the private key, and while preventing decrypting of the encrypted data area using the unwrapped symmetrical key thereby enabling secure copying and but not decryption of the protected data while maintaining unchanged both the symmetrical key and the associated public asymmetric encryption key in the header of the data structure stored by the second and the third computer-readable tangible storage devices.