公开(公告)号：US20080273697A1

公开(公告)日：2008-11-06

申请号：US11742837

申请日：2007-05-01

申请人： Paul M. Greco ,  Shai Halevi ,  Glen A. Jaquette

发明人： Paul M. Greco ,  Shai Halevi ,  Glen A. Jaquette

IPC分类号： H04L9/14 ,  H04L9/10

CPC分类号： G11B20/1201 ,  G11B20/00086 ,  G11B20/0021 ,  G11B2220/90 ,  H04L9/083 ,  H04L9/14

摘要： A method, system and program are provided for enabling selective access to multiple users' encrypted data in a single storage cartridge. A unique, derived key is generated for each user's data by performing cryptographic operations on a combination of a common base key and metadata related to the data to be encrypted (e.g. its total block count). The base data key is wrapped with one or more encryption keys to form one or more encryption encapsulated data keys (EEDKs). The base key and the derived key are wrapped to create a session encrypted data key (SEDK), which along with the EEDKs, are conveyed to the tape drive, where the SEDK is decrypted. The EEDKs are then stored in one or more places on the storage cartridge. The base key and the derived key are used to encrypt a predetermined user's data, with the derived key stored on the cartridge with the encrypted data. The encrypted data may be subsequently decrypted by retrieving the EEDK and decrypting it with a decryption key to extract the base data key. The extracted base data key can then be used with other information to calculate the derived key. Once calculated, the derived key is used to decrypt its associated encrypted data.

公开(公告)号：US20080273696A1

公开(公告)日：2008-11-06

申请号：US11742819

申请日：2007-05-01

申请人： Paul M. Greco ,  Shai Halevi ,  Glen A. Jaquette

发明人： Paul M. Greco ,  Shai Halevi ,  Glen A. Jaquette

IPC分类号： H04L9/00 ,  H04K1/00

CPC分类号： G11B20/00086 ,  G06F21/80 ,  G11B20/0021 ,  G11B20/00224 ,  G11B20/00333 ,  G11B2220/90

摘要： A method, system and program are provided for enabling selective access to multiple users' encrypted data in a single storage cartridge. A unique, derived key is generated for each user's data by performing cryptographic operations on a combination of a common base key and metadata related to the data to be encrypted (e.g. its total block count). The base data key is wrapped with one or more encryption keys to form one or more encryption encapsulated data keys (EEDKs). The base key and the derived key are wrapped to create a session encrypted data key (SEDK), which along with the EEDKs, are conveyed to the tape drive, where the SEDK is decrypted. The EEDKs are then stored in one or more places on the storage cartridge. The base key and the derived key are used to encrypt a predetermined user's data, with the derived key stored on the cartridge with the encrypted data. The encrypted data may be subsequently decrypted by retrieving the EEDK and decrypting it with a decryption key to extract the base data key. The extracted base data key can then be used with other information to calculate the derived key. Once calculated, the derived key is used to decrypt its associated encrypted data.

摘要翻译： 提供了一种方法，系统和程序，用于使得能够选择性地访问单个存储盒中的多个用户的加密数据。 通过对与要加密的数据相关的公共基本密钥和元数据的组合（例如，其总块计数）执行加密操作，为每个用户的数据生成唯一的派生密钥。 基本数据密钥用一个或多个加密密钥包裹以形成一个或多个加密封装数据密钥（EEDK）。 基础密钥和派生密钥被包装以创建会话加密数据密钥（SEDK），其与EEDK一起被传送到SEDK被解密的磁带驱动器。 然后将EEDK存储在存储盒上的一个或多个位置。 基本密钥和派生密钥用于加密预定用户的数据，其中导出的密钥存储在盒上，其中加密的数据。 可以随后通过检索EEDK并用解密密钥对加密数据进行解密，以提取基本数据密钥。 然后，提取的基本数据密钥可以与其他信息一起使用以计算导出密钥。 一旦计算，派生密钥用于解密其相关联的加密数据。

公开(公告)号：US20080063209A1

公开(公告)日：2008-03-13

申请号：US11470795

申请日：2006-09-07

申请人： Glen A. Jaquette ,  Paul M. Greco ,  Shai Halevi ,  Wayne E. Rhoten

发明人： Glen A. Jaquette ,  Paul M. Greco ,  Shai Halevi ,  Wayne E. Rhoten

IPC分类号： H04L9/00

CPC分类号： G06F21/80 ,  G06F2221/2121

摘要： A method, system and program are provided for enabling access to encrypted data in a storage cartridge by wrapping the data key used to encrypt the data with one or more encryption keys (e.g., a public key from a public/private key pair) to form one or more encryption encapsulated data keys (EEDKs) and then storing the EEDK(s) on the storage cartridge along with the encrypted data. The encrypted data may be decoded by retrieving the EEDK from the storage cartridge, decrypting the EEDK with a decryption key (e.g., the private key from the public/private key pair) to extract the underlying data key, and then using the extracted data key to decrypt the encrypted data.

摘要翻译： 提供了一种方法，系统和程序，用于通过用一个或多个加密密钥（例如，公共/私人密钥对的公共密钥）包裹用于加密数据的数据密钥来使得能够访问存储盒中的加密数据，以形成 一个或多个加密封装数据密钥（EEDK），然后将EEDK与加密数据一起存储在存储盒上。 可以通过从存储盒检索EEDK来解密加密数据，使用解密密钥（例如，公/私钥对中的私钥）解密EEDK以提取底层数据密钥，然后使用提取的数据密钥 解密加密数据。

公开(公告)号：US08656186B2

公开(公告)日：2014-02-18

申请号：US11742837

申请日：2007-05-01

申请人： Paul M. Greco ,  Shai Halevi ,  Glen A. Jaquette

发明人： Paul M. Greco ,  Shai Halevi ,  Glen A. Jaquette

IPC分类号： H04L29/06

CPC分类号： G11B20/1201 ,  G11B20/00086 ,  G11B20/0021 ,  G11B2220/90 ,  H04L9/083 ,  H04L9/14

摘要： A method, system and program are provided for enabling selective access to multiple users' encrypted data in a single storage cartridge. A unique, derived key is generated for each user's data by performing cryptographic operations on a combination of a common base key and metadata related to the data to be encrypted (e.g. its total block count). The base data key is wrapped with one or more encryption keys to form one or more encryption encapsulated data keys (EEDKs). The base key and the derived key are wrapped to create a session encrypted data key (SEDK), which along with the EEDKs, are conveyed to the tape drive, where the SEDK is decrypted. The EEDKs are then stored in one or more places on the storage cartridge. The base key and the derived key are used to encrypt a predetermined user's data, with the derived key stored on the cartridge with the encrypted data. The encrypted data may be subsequently decrypted by retrieving the EEDK and decrypting it with a decryption key to extract the base data key. The extracted base data key can then be used with other information to calculate the derived key. Once calculated, the derived key is used to decrypt its associated encrypted data.

摘要翻译： 提供了一种方法，系统和程序，用于使得能够选择性地访问单个存储盒中的多个用户的加密数据。 通过对与要加密的数据相关的公共基本密钥和元数据的组合（例如，其总块计数）执行加密操作，为每个用户的数据生成唯一的派生密钥。 基本数据密钥用一个或多个加密密钥包裹以形成一个或多个加密封装数据密钥（EEDK）。 基础密钥和派生密钥被包装以创建会话加密数据密钥（SEDK），其与EEDK一起被传送到SEDK被解密的磁带驱动器。 然后将EEDK存储在存储盒上的一个或多个位置。 基本密钥和派生密钥用于加密预定用户的数据，其中导出的密钥存储在盒上，其中加密的数据。 可以随后通过检索EEDK并用解密密钥对加密数据进行解密，以提取基本数据密钥。 然后，提取的基本数据密钥可以与其他信息一起使用以计算导出密钥。 一旦计算，派生密钥用于解密其相关联的加密数据。

公开(公告)号：US08494166B2

公开(公告)日：2013-07-23

申请号：US11742819

申请日：2007-05-01

申请人： Paul M. Greco ,  Shai Halevi ,  Glen A. Jaquette

发明人： Paul M. Greco ,  Shai Halevi ,  Glen A. Jaquette

IPC分类号： G06F21/00

CPC分类号： G11B20/00086 ,  G06F21/80 ,  G11B20/0021 ,  G11B20/00224 ,  G11B20/00333 ,  G11B2220/90

摘要： A method, system and program are provided for enabling selective access to multiple users' encrypted data in a single storage cartridge. A unique, derived key is generated for each user's data by performing cryptographic operations on a combination of a common base key and metadata related to the data to be encrypted (e.g. its total block count). The base data key is wrapped with one or more encryption keys to form one or more encryption encapsulated data keys (EEDKs). The base key and the derived key are wrapped to create a session encrypted data key (SEDK), which along with the EEDKs, are conveyed to the tape drive, where the SEDK is decrypted. The EEDKs are then stored in one or more places on the storage cartridge. The base key and the derived key are used to encrypt a predetermined user's data, with the derived key stored on the cartridge with the encrypted data. The encrypted data may be subsequently decrypted by retrieving the EEDK and decrypting it with a decryption key to extract the base data key. The extracted base data key can then be used with other information to calculate the derived key. Once calculated, the derived key is used to decrypt its associated encrypted data.

摘要翻译： 提供了一种方法，系统和程序，用于使得能够选择性地访问单个存储盒中的多个用户的加密数据。 通过对与要加密的数据相关的公共基本密钥和元数据的组合（例如，其总块计数）执行加密操作，为每个用户的数据生成唯一的派生密钥。 基本数据密钥用一个或多个加密密钥包裹以形成一个或多个加密封装数据密钥（EEDK）。 基础密钥和派生密钥被包装以创建会话加密数据密钥（SEDK），其与EEDK一起被传送到SEDK被解密的磁带驱动器。 然后将EEDK存储在存储盒上的一个或多个位置。 基本密钥和派生密钥用于加密预定用户的数据，其中导出的密钥存储在盒上，其中加密的数据。 可以随后通过检索EEDK并用解密密钥对加密数据进行解密，以提取基本数据密钥。 然后，提取的基本数据密钥可以与其他信息一起使用以计算导出密钥。 一旦计算，派生密钥用于解密其相关联的加密数据。

公开(公告)号：US20080063197A1

公开(公告)日：2008-03-13

申请号：US11470785

申请日：2006-09-07

申请人： Glen A. Jaquette ,  Paul M. Greco

发明人： Glen A. Jaquette ,  Paul M. Greco

IPC分类号： H04N7/167

CPC分类号： H04L9/0825 ,  H04L9/0822 ,  H04L9/083 ,  H04L9/0897

摘要： A method, system and program are provided for enabling access to encrypted data in a storage cartridge by separately wrapping the data key used to encrypt the data with separate encryption keys (e.g., a public key from a public/private key pair) to form encryption encapsulated data keys (EEDKs) that are stored on the storage cartridge along with the encrypted data. With multiple EEDKs stored on the cartridge, a multi-user transport mechanism is provided where each user can access and decode the encrypted data by retrieving and decrypting an EEDK with a decryption key (e.g., the private key from the public/private key pair) to extract the underlying data key, and then using the extracted data key to decrypt the encrypted data.

摘要翻译： 提供了一种方法，系统和程序，用于通过用分开的加密密钥（例如，公共/私人密钥对的公共密钥）分开包装用于加密数据的数据密钥来访问存储盒中的加密数据，以形成加密 与加密数据一起存储在存储盒上的封装数据密钥（EEDK）。 通过存储在盒式磁带上的多个EEDK，提供多用户传输机制，其中每个用户可以通过用解密密钥检索和解密EEDK来访问和解码加密数据（例如，来自公/私钥对的私钥） 提取底层数据密钥，然后使用提取的数据密钥对加密数据进行解密。

公开(公告)号：US07664617B2

公开(公告)日：2010-02-16

申请号：US12250769

申请日：2008-10-14

申请人： Paul M. Greco ,  Glen A. Jaquette

发明人： Paul M. Greco ,  Glen A. Jaquette

IPC分类号： G06F11/30

CPC分类号： G06F11/3485 ,  G06F11/3409 ,  G06F11/3452 ,  G06F2201/86 ,  G06F2201/88

摘要： Apparatus and computer program products are provided to monitor and report performance data of a device such as a data storage drive. A plurality of quantitative values are obtained from feedback and measurement mechanisms in a data storage device of a first model during operation of the storage device. The plurality of quantitative values are normalized. Then, one or more qualitative values are generated from one or more normalized quantitative values and evaluated against corresponding baseline performance values established for the first model.

摘要翻译： 提供装置和计算机程序产品来监视和报告诸如数据存储驱动器的设备的性能数据。 在存储装置的操作期间，从第一模型的数据存储装置中的反馈和测量机构获得多个定量值。 多个定量值被归一化。 然后，从一个或多个归一化的定量值产生一个或多个定性值，并针对为第一模型建立的相应基线性能值进行评估。

公开(公告)号：US20090030652A1

公开(公告)日：2009-01-29

申请号：US12250769

申请日：2008-10-14

申请人： Paul M. Greco ,  Glen A. Jaquette

发明人： Paul M. Greco ,  Glen A. Jaquette

IPC分类号： G06F11/30

CPC分类号： G06F11/3485 ,  G06F11/3409 ,  G06F11/3452 ,  G06F2201/86 ,  G06F2201/88

摘要： Apparatus and computer program products are provided to monitor and report performance data of a device such as a data storage drive. A plurality of quantitative values are obtained from feedback and measurement mechanisms in a data storage device of a first model during operation of the storage device. The plurality of quantitative values are normalized. Then, one or more qualitative values are generated from one or more normalized quantitative values and evaluated against corresponding baseline performance values established for the first model.

摘要翻译： 提供装置和计算机程序产品来监视和报告诸如数据存储驱动器之类的装置的性能数据。 在存储装置的操作期间，从第一模型的数据存储装置中的反馈和测量机构获得多个定量值。 多个定量值被归一化。 然后，从一个或多个归一化的定量值产生一个或多个定性值，并针对为第一模型建立的相应基线性能值进行评估。

公开(公告)号：US09383938B2

公开(公告)日：2016-07-05

申请号：US11405796

申请日：2006-04-18

申请人： Paul M. Greco ,  Glen A. Jaquette ,  James M. Karp

发明人： Paul M. Greco ,  Glen A. Jaquette ,  James M. Karp

IPC分类号： G06F3/06 ,  G06F11/14

CPC分类号： G06F3/0647 ,  G06F3/061 ,  G06F3/0634 ,  G06F3/065 ,  G06F3/067 ,  G06F11/1451

摘要： A method, system, and apparatus for re-conveying input/output (I/O) operations utilizing a sequential-access data storage device secondary communication port are disclosed. In accordance with one embodiment, a method is provided which comprises receiving an input/output (I/O) operation request via a first communication port of a primary data storage device, processing the I/O operation request utilizing the primary data storage device, and re-conveying the I/O operation request to a secondary data storage device substantially simultaneously with the processing via a second communication port of the primary data storage device. In the described embodiment, the primary data storage device comprises a sequential-access data storage device.

摘要翻译： 公开了一种使用顺序访问数据存储设备辅助通信端口重新传送输入/输出（I / O）操作的方法，系统和装置。 根据一个实施例，提供了一种方法，其包括经由主数据存储装置的第一通信端口接收输入/输出（I / O）操作请求，使用主数据存储装置处理I / O操作请求， 并且经由主数据存储装置的第二通信端口与所述处理基本同时地将I / O操作请求重新传送到辅助数据存储装置。 在所描述的实施例中，主数据存储装置包括顺序访问数据存储装置。

公开(公告)号：US20110219199A1

公开(公告)日：2011-09-08

申请号：US12719441

申请日：2010-03-08

申请人： Kevin D. Butt ,  Paul M. Greco ,  Glen A. Jaquette ,  Paul J. Seger

发明人： Kevin D. Butt ,  Paul M. Greco ,  Glen A. Jaquette ,  Paul J. Seger

IPC分类号： G06F12/00

CPC分类号： G06F3/0644 ,  G06F3/0611 ,  G06F3/0619 ,  G06F3/068 ,  G06F3/0682

摘要： A method for determining volume coherency is disclosed herein. Upon completing a first write job to a volume partition, the method makes a copy of a volume change reference (VCR) value associated with the volume. The VCR value is configured to change in a non-repeating manner each time content on the volume is modified. Prior to initiating a second write job to the volume partition, the method retrieves the copy and compares the copy to the VCR value. If the copy matches the VCR value, the method determines that a logical object on the partition was not modified between the first and second write jobs. If the copy does not match the VCR value, the method determines that the logical object on the partition was modified between the first and second write jobs. A corresponding system and computer program product are also disclosed herein.

摘要翻译： 本文公开了一种用于确定卷一致性的方法。 完成对卷分区的第一次写入作业后，该方法将创建与卷相关联的卷更改引用（VCR）值的副本。 每次修改卷上的内容时，将VCR值配置为以不重复的方式进行更改。 在向卷分区启动第二次写入作业之前，该方法将检索副本并将该副本与VCR值进行比较。 如果复制与VCR值匹配，则该方法确定在第一和第二写入作业之间没有修改分区上的逻辑对象。 如果副本与VCR值不匹配，则该方法确定分区上的逻辑对象在第一个和第二个写入作业之间已被修改。 本文还公开了相应的系统和计算机程序产品。