| 摘要 |
<p>A method, system and program are provided for enabling access to encrypted data in a storage cartridge by wrapping the data key used to encrypt the data with one or more encryption keys (e.g., a public key from a public/private key pair) to form one or more encryption encapsulated data keys (EEDKs) and then storing the EEDK(s) on the storage cartridge along with the encrypted data in one or more location that are distinct from the encrypted data. The encrypted data may be decoded by retrieving the EEDK from the storage cartridge, decrypting the EEDK with a decryption key (e.g., the private key from the public/private key pair) to extract the underlying data key, and then using the extracted data key to decrypt the encrypted data. By storing the EEDKs separately from the encrypted data, the EEDKs may be updated independently of the corresponding encrypted data.</p> |
| 申请人 |
INTERNATIONAL BUSINESS MACHINES CORPORATION;IBM UNITED KINGDOM LIMITED;JAQUETTE, GLEN, ALAN;GRECO, PAUL, MERRILL |
发明人 |
JAQUETTE, GLEN, ALAN;GRECO, PAUL, MERRILL |
