专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20080063206A1 Method for altering the access characteristics of encrypted data 审中-公开
标题翻译：改变加密数据访问特性的方法
公开(公告)号：US20080063206A1
公开(公告)日：2008-03-13
申请号：US11470807
申请日：2006-09-07
申请人： James M. Karp , Glen A. Jaquette , Paul M. Greco
发明人： James M. Karp , Glen A. Jaquette , Paul M. Greco
IPC分类号： H04L9/00
CPC分类号： H04L9/0822 , H04L9/0894
摘要： A method, system and program are provided for enabling access to encrypted data in a storage cartridge, where the encrypted data may be decoded by retrieving an encryption encapsulated data key (EEDK) from the cartridge, decrypting the EEDK with a decryption key to extract the underlying data key, and then using the extracted data key to decrypt the encrypted data. Access to the encrypted data may be controlled by transforming one or more of the EEDKs stored on the cartridge without also having to use a new data key to encrypt and store encrypted data to the cartridge. Existing EEDKs may be transformed by adding new EEDKs to a cartridge to either supplement or replace existing EEDKs, or by deleting the existing EEDKs from the cartridge to effectively shred the cartridge, or by storing an unencrypted data key on the cartridge to set the cartridge to an unencrypted state.
摘要翻译：提供了一种用于使得能够访问存储盒中的加密数据的方法，系统和程序，其中可以通过从盒中检索加密封装数据密钥（EEDK）来解密加密数据，用解密密钥解密EEDK，以提取底层数据密钥，然后使用提取的数据密钥对加密数据进行解密。可以通过转换存储在盒式磁带上的一个或多个EEDK来控制加密数据的访问，而不必使用新的数据密钥来加密并将加密数据存储到盒中。现有的EEDK可以通过向盒中添加新的EEDK来进行变换，以补充或更换现有的EEDK，或者通过从盒中删除现有的EEDK来有效地切割盒，或者通过将未加密的数据密钥存储在盒上以将盒设置为未加密的状态。

2. 发明授权

US09383938B2 Method, system, and apparatus for re-conveying input/output operations utilizing a sequential-access data storage device secondary communication port 有权
标题翻译：用于使用顺序存取数据存储装置辅助通信端口重新传送输入/输出操作的方法，系统和装置
公开(公告)号：US09383938B2
公开(公告)日：2016-07-05
申请号：US11405796
申请日：2006-04-18
申请人： Paul M. Greco , Glen A. Jaquette , James M. Karp
发明人： Paul M. Greco , Glen A. Jaquette , James M. Karp
IPC分类号： G06F3/06 , G06F11/14
CPC分类号： G06F3/0647 , G06F3/061 , G06F3/0634 , G06F3/065 , G06F3/067 , G06F11/1451
摘要： A method, system, and apparatus for re-conveying input/output (I/O) operations utilizing a sequential-access data storage device secondary communication port are disclosed. In accordance with one embodiment, a method is provided which comprises receiving an input/output (I/O) operation request via a first communication port of a primary data storage device, processing the I/O operation request utilizing the primary data storage device, and re-conveying the I/O operation request to a secondary data storage device substantially simultaneously with the processing via a second communication port of the primary data storage device. In the described embodiment, the primary data storage device comprises a sequential-access data storage device.
摘要翻译：公开了一种使用顺序访问数据存储设备辅助通信端口重新传送输入/输出（I / O）操作的方法，系统和装置。根据一个实施例，提供了一种方法，其包括经由主数据存储装置的第一通信端口接收输入/输出（I / O）操作请求，使用主数据存储装置处理I / O操作请求，并且经由主数据存储装置的第二通信端口与所述处理基本同时地将I / O操作请求重新传送到辅助数据存储装置。在所描述的实施例中，主数据存储装置包括顺序访问数据存储装置。

3. 发明授权

US08656186B2 Use of indirect data keys for encrypted tape cartridges 有权
标题翻译：对加密磁带使用间接数据密钥
公开(公告)号：US08656186B2
公开(公告)日：2014-02-18
申请号：US11742837
申请日：2007-05-01
申请人： Paul M. Greco , Shai Halevi , Glen A. Jaquette
发明人： Paul M. Greco , Shai Halevi , Glen A. Jaquette
IPC分类号： H04L29/06
CPC分类号： G11B20/1201 , G11B20/00086 , G11B20/0021 , G11B2220/90 , H04L9/083 , H04L9/14
摘要： A method, system and program are provided for enabling selective access to multiple users' encrypted data in a single storage cartridge. A unique, derived key is generated for each user's data by performing cryptographic operations on a combination of a common base key and metadata related to the data to be encrypted (e.g. its total block count). The base data key is wrapped with one or more encryption keys to form one or more encryption encapsulated data keys (EEDKs). The base key and the derived key are wrapped to create a session encrypted data key (SEDK), which along with the EEDKs, are conveyed to the tape drive, where the SEDK is decrypted. The EEDKs are then stored in one or more places on the storage cartridge. The base key and the derived key are used to encrypt a predetermined user's data, with the derived key stored on the cartridge with the encrypted data. The encrypted data may be subsequently decrypted by retrieving the EEDK and decrypting it with a decryption key to extract the base data key. The extracted base data key can then be used with other information to calculate the derived key. Once calculated, the derived key is used to decrypt its associated encrypted data.
摘要翻译：提供了一种方法，系统和程序，用于使得能够选择性地访问单个存储盒中的多个用户的加密数据。通过对与要加密的数据相关的公共基本密钥和元数据的组合（例如，其总块计数）执行加密操作，为每个用户的数据生成唯一的派生密钥。基本数据密钥用一个或多个加密密钥包裹以形成一个或多个加密封装数据密钥（EEDK）。基础密钥和派生密钥被包装以创建会话加密数据密钥（SEDK），其与EEDK一起被传送到SEDK被解密的磁带驱动器。然后将EEDK存储在存储盒上的一个或多个位置。基本密钥和派生密钥用于加密预定用户的数据，其中导出的密钥存储在盒上，其中加密的数据。可以随后通过检索EEDK并用解密密钥对加密数据进行解密，以提取基本数据密钥。然后，提取的基本数据密钥可以与其他信息一起使用以计算导出密钥。一旦计算，派生密钥用于解密其相关联的加密数据。

4. 发明授权

US08494166B2 Use of indirect data keys for encrypted tape cartridges 有权
标题翻译：对加密磁带使用间接数据密钥
公开(公告)号：US08494166B2
公开(公告)日：2013-07-23
申请号：US11742819
申请日：2007-05-01
申请人： Paul M. Greco , Shai Halevi , Glen A. Jaquette
发明人： Paul M. Greco , Shai Halevi , Glen A. Jaquette
IPC分类号： G06F21/00
CPC分类号： G11B20/00086 , G06F21/80 , G11B20/0021 , G11B20/00224 , G11B20/00333 , G11B2220/90
摘要： A method, system and program are provided for enabling selective access to multiple users' encrypted data in a single storage cartridge. A unique, derived key is generated for each user's data by performing cryptographic operations on a combination of a common base key and metadata related to the data to be encrypted (e.g. its total block count). The base data key is wrapped with one or more encryption keys to form one or more encryption encapsulated data keys (EEDKs). The base key and the derived key are wrapped to create a session encrypted data key (SEDK), which along with the EEDKs, are conveyed to the tape drive, where the SEDK is decrypted. The EEDKs are then stored in one or more places on the storage cartridge. The base key and the derived key are used to encrypt a predetermined user's data, with the derived key stored on the cartridge with the encrypted data. The encrypted data may be subsequently decrypted by retrieving the EEDK and decrypting it with a decryption key to extract the base data key. The extracted base data key can then be used with other information to calculate the derived key. Once calculated, the derived key is used to decrypt its associated encrypted data.
摘要翻译：提供了一种方法，系统和程序，用于使得能够选择性地访问单个存储盒中的多个用户的加密数据。通过对与要加密的数据相关的公共基本密钥和元数据的组合（例如，其总块计数）执行加密操作，为每个用户的数据生成唯一的派生密钥。基本数据密钥用一个或多个加密密钥包裹以形成一个或多个加密封装数据密钥（EEDK）。基础密钥和派生密钥被包装以创建会话加密数据密钥（SEDK），其与EEDK一起被传送到SEDK被解密的磁带驱动器。然后将EEDK存储在存储盒上的一个或多个位置。基本密钥和派生密钥用于加密预定用户的数据，其中导出的密钥存储在盒上，其中加密的数据。可以随后通过检索EEDK并用解密密钥对加密数据进行解密，以提取基本数据密钥。然后，提取的基本数据密钥可以与其他信息一起使用以计算导出密钥。一旦计算，派生密钥用于解密其相关联的加密数据。

5. 发明申请

US20080063197A1 Storing encrypted data keys to a tape to allow a transport mechanism 审中-公开
标题翻译：将加密的数据密钥存储到磁带以允许传输机制
公开(公告)号：US20080063197A1
公开(公告)日：2008-03-13
申请号：US11470785
申请日：2006-09-07
申请人： Glen A. Jaquette , Paul M. Greco
发明人： Glen A. Jaquette , Paul M. Greco
IPC分类号： H04N7/167
CPC分类号： H04L9/0825 , H04L9/0822 , H04L9/083 , H04L9/0897
摘要： A method, system and program are provided for enabling access to encrypted data in a storage cartridge by separately wrapping the data key used to encrypt the data with separate encryption keys (e.g., a public key from a public/private key pair) to form encryption encapsulated data keys (EEDKs) that are stored on the storage cartridge along with the encrypted data. With multiple EEDKs stored on the cartridge, a multi-user transport mechanism is provided where each user can access and decode the encrypted data by retrieving and decrypting an EEDK with a decryption key (e.g., the private key from the public/private key pair) to extract the underlying data key, and then using the extracted data key to decrypt the encrypted data.
摘要翻译：提供了一种方法，系统和程序，用于通过用分开的加密密钥（例如，公共/私人密钥对的公共密钥）分开包装用于加密数据的数据密钥来访问存储盒中的加密数据，以形成加密与加密数据一起存储在存储盒上的封装数据密钥（EEDK）。通过存储在盒式磁带上的多个EEDK，提供多用户传输机制，其中每个用户可以通过用解密密钥检索和解密EEDK来访问和解码加密数据（例如，来自公/私钥对的私钥）提取底层数据密钥，然后使用提取的数据密钥对加密数据进行解密。

6. 发明授权

US07664617B2 Monitoring and reporting normalized device system performance 失效
标题翻译：监控和报告标准化的设备系统性能
公开(公告)号：US07664617B2
公开(公告)日：2010-02-16
申请号：US12250769
申请日：2008-10-14
申请人： Paul M. Greco , Glen A. Jaquette
发明人： Paul M. Greco , Glen A. Jaquette
IPC分类号： G06F11/30
CPC分类号： G06F11/3485 , G06F11/3409 , G06F11/3452 , G06F2201/86 , G06F2201/88
摘要： Apparatus and computer program products are provided to monitor and report performance data of a device such as a data storage drive. A plurality of quantitative values are obtained from feedback and measurement mechanisms in a data storage device of a first model during operation of the storage device. The plurality of quantitative values are normalized. Then, one or more qualitative values are generated from one or more normalized quantitative values and evaluated against corresponding baseline performance values established for the first model.
摘要翻译：提供装置和计算机程序产品来监视和报告诸如数据存储驱动器的设备的性能数据。在存储装置的操作期间，从第一模型的数据存储装置中的反馈和测量机构获得多个定量值。多个定量值被归一化。然后，从一个或多个归一化的定量值产生一个或多个定性值，并针对为第一模型建立的相应基线性能值进行评估。

7. 发明申请

US20090030652A1 Monitoring and Reporting Normalized Device System Performance 失效
标题翻译：监控和报告标准化设备系统性能
公开(公告)号：US20090030652A1
公开(公告)日：2009-01-29
申请号：US12250769
申请日：2008-10-14
申请人： Paul M. Greco , Glen A. Jaquette
发明人： Paul M. Greco , Glen A. Jaquette
IPC分类号： G06F11/30
CPC分类号： G06F11/3485 , G06F11/3409 , G06F11/3452 , G06F2201/86 , G06F2201/88
摘要： Apparatus and computer program products are provided to monitor and report performance data of a device such as a data storage drive. A plurality of quantitative values are obtained from feedback and measurement mechanisms in a data storage device of a first model during operation of the storage device. The plurality of quantitative values are normalized. Then, one or more qualitative values are generated from one or more normalized quantitative values and evaluated against corresponding baseline performance values established for the first model.
摘要翻译：提供装置和计算机程序产品来监视和报告诸如数据存储驱动器之类的装置的性能数据。在存储装置的操作期间，从第一模型的数据存储装置中的反馈和测量机构获得多个定量值。多个定量值被归一化。然后，从一个或多个归一化的定量值产生一个或多个定性值，并针对为第一模型建立的相应基线性能值进行评估。

8. 发明申请

US20080273697A1 Use of Indirect Data Keys for Encrypted Tape Cartridges 有权
公开(公告)号：US20080273697A1
公开(公告)日：2008-11-06
申请号：US11742837
申请日：2007-05-01
申请人： Paul M. Greco , Shai Halevi , Glen A. Jaquette
发明人： Paul M. Greco , Shai Halevi , Glen A. Jaquette
IPC分类号： H04L9/14 , H04L9/10
CPC分类号： G11B20/1201 , G11B20/00086 , G11B20/0021 , G11B2220/90 , H04L9/083 , H04L9/14
摘要： A method, system and program are provided for enabling selective access to multiple users' encrypted data in a single storage cartridge. A unique, derived key is generated for each user's data by performing cryptographic operations on a combination of a common base key and metadata related to the data to be encrypted (e.g. its total block count). The base data key is wrapped with one or more encryption keys to form one or more encryption encapsulated data keys (EEDKs). The base key and the derived key are wrapped to create a session encrypted data key (SEDK), which along with the EEDKs, are conveyed to the tape drive, where the SEDK is decrypted. The EEDKs are then stored in one or more places on the storage cartridge. The base key and the derived key are used to encrypt a predetermined user's data, with the derived key stored on the cartridge with the encrypted data. The encrypted data may be subsequently decrypted by retrieving the EEDK and decrypting it with a decryption key to extract the base data key. The extracted base data key can then be used with other information to calculate the derived key. Once calculated, the derived key is used to decrypt its associated encrypted data.

9. 发明申请

US20070276991A1 Method and system for controlling access to data of a tape data storage medium 有权
标题翻译：用于控制对磁带数据存储介质的数据的访问的方法和系统
公开(公告)号：US20070276991A1
公开(公告)日：2007-11-29
申请号：US11438830
申请日：2006-05-23
申请人： Glen A. Jaquette , James M. Karp
发明人： Glen A. Jaquette , James M. Karp
IPC分类号： G06F13/00
CPC分类号： G06F21/6218 , G06F21/80
摘要： A method, system, and machine-readable medium for controlling access to data of a tape data storage medium are disclosed. In accordance with one embodiment, a method is provided which comprises conveying data access control metadata from a tape cartridge comprising a tape data storage medium to a host, receiving decrypted metadata from the host, comparing a checksum value determined utilizing the decrypted metadata with checksum data stored within the tape cartridge; and processing a request to access the tape data storage medium received from the host based upon a comparison of the checksum value and checksum data. In the described method embodiment, the data access control metadata comprises encrypted metadata corresponding to a data storage parameter, where data is stored within the tape data storage medium utilizing the data storage parameter and the decrypted metadata is generated by the host utilizing the encrypted metadata.
摘要翻译：公开了一种用于控制对磁带数据存储介质的数据的访问的方法，系统和机器可读介质。根据一个实施例，提供了一种方法，其包括将数据访问控制元数据从包括磁带数据存储介质的磁带盒传送到主机，从主机接收解密的元数据，将使用解密的元数据确定的校验和值与校验和数据进行比较存储在磁带盒内; 以及基于校验和值和校验和数据的比较来处理从主机接收的磁带数据存储介质的请求。在所描述的方法实施例中，数据访问控制元数据包括对应于数据存储参数的加密元数据，其中使用数据存储参数将数据存储在磁带数据存储介质中，并且由主机利用加密元数据生成解密的元数据。

10. 发明授权

US07882354B2 Use of device driver to function as a proxy between an encryption capable tape drive and a key manager 有权
标题翻译：使用设备驱动程序作为加密功能的磁带驱动器和密钥管理器之间的代理
公开(公告)号：US07882354B2
公开(公告)日：2011-02-01
申请号：US11470731
申请日：2006-09-07
申请人： Paul M. Greco , Glen A. Jaquette
发明人： Paul M. Greco , Glen A. Jaquette
IPC分类号： H04L29/06 , H04L9/08
CPC分类号： G06F3/0646 , G06F3/0623 , G06F3/0682 , G06F21/6281 , G06F21/80
摘要： A tape system is provided with an encryption capable tape drive and an encryption enabled tape drive device driver for the encryption capable tape drive. The encryption enabled tape drive device driver functions as a proxy which connects the encryption capable tape drive to a key manager which serves keys to the tape drive. When the encryption capable device driver causes a command to be sent to the drive, the tape drive is configured to respond with a message that is intended for a key manager such as an External Key Manager (EKM). The encryption capable device driver recognizes that this is a message intended for the EKM and forwards that message to the EKM (e.g., via an Internet Protocol (IP) connection). The EKM then responds to the key request by issuing a new key (for a new cartridge which is to be written from beginning of tape (BOT)) or an existing key (for a cartridge which needs to be read). The device driver connects all EKM responses to the encryption capable tape drive and the EKM from which the encryption capable tape drive obtains its keys.
摘要翻译：磁带系统提供有加密功能的磁带驱动器和用于加密功能的磁带驱动器的加密启用磁带驱动器设备驱动程序。启用加密的磁带驱动器设备驱动程序用作将加密功能的磁带驱动器连接到向磁带驱动器提供密钥的密钥管理器的代理。当具有加密能力的设备驱动程序导致将命令发送到驱动器时，磁带驱动器被配置为使用旨在用于诸如外部密钥管理器（EKM）的密钥管理器的消息。加密功能的设备驱动程序识别出这是用于EKM的消息，并将该消息转发到EKM（例如，经由因特网协议（IP）连接）。然后，EKM通过发出新的密钥（对于要从磁带开始写入的新墨盒（BOT））或现有密钥（对于需要读取的墨盒）来响应密钥请求。设备驱动程序将所有EKM响应连接到加密功能的磁带驱动器和可加密的磁带驱动器从其获得其密钥的EKM。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式