Abstract: Disclosed is a method for eliminating access to data on removable storage media of a removable storage media cartridge. A key is stored on the removable storage media cartridge, such that data on the removable storage media is accessible with the key. Upon receiving a command to eliminate access to data on the removable storage media the key is shredded such that access to data on the removable storage media is eliminated.

Abstract: Provided is a data storage drive for encrypting data, comprising a microprocessor and circuitry coupled to the microprocessor and adapted to receive a session encrypted data key and to decrypt the session encrypted data key using a session key, wherein a result is a data key that is capable of being used to encrypt clear text and to decrypt cipher text written to a storage medium. Also provided is a system, comprising a microprocessor and circuitry coupled to the microprocessor and adapted to receive a session encrypted data key and to decrypt the session encrypted data key using a private key, wherein a result is a secret key that is capable of being used to encrypt clear text and to decrypt cipher text written to a storage medium.

Abstract: Exemplary method, system, and computer program product embodiments for cryptographic erasure of selected encrypted data are provided. In one embodiment, by way of example only, data files are configured with a derived key. The derived keys adapted to be individually shredded in a subsequent erasure operation. The derived key allows for cryptographic erasure of the selected encrypted data in the data files without necessitating at least one of removal and rewrite of retained data. Additional system and computer program product embodiments are disclosed and provide related advantages.

Abstract: Provided are a method, system, and article of manufacture for rekeying encryption keys for removable storage media. A rekey request is received for a coupled removable storage media, wherein encryption on the coupled removable storage media uses a first key and wherein the rekey request indicates a second key. The first key and the second key are accessed in response to the rekey request. The first key is used to perform decryption for the coupled removable storage media and the second key is used to perform encryption for the coupled removable storage media.

Abstract: A system and computer program product are provided for utilizing target of opportunity to perform at least one special operation while a removable storage medium is mounted within a data storage drive for another purpose. The system for recognizing a target of opportunity comprises a tape drive. The tape drive receives a command to mount a tape cartridge in the tape drive, and in response the tape drive mounts the tape cartridge in the tape drive. The tape drive determines if at least one special operation may be performed. If it is determined that at least one special operation may be performed, the tape drive recognizes that a target of opportunity exists. In response to determining that at least one special operation may be performed, the tape drive sends a first notification that the tape drive is to remain in a not ready state.

Abstract: Exemplary method, system, and computer program product embodiments for cryptographic erasure of selected encrypted data are provided. In one embodiment, by way of example only, data files are configured with a derived key. The derived keys adapted to be individually shredded in a subsequent erasure operation. The derived key allows for cryptographic erasure of the selected encrypted data in the data files without necessitating at least one of removal and rewrite of retained data. Additional system and computer program product embodiments are disclosed and provide related advantages.

Abstract: Provided are a computer program product, system and method for a redundant key server encryption environment. A key server receives from at least one remote key server public keys associated with the at least one remote key server. The key server receives a request for an encryption key from a requesting device and generates the encryption key for use by the requesting device to unlock a storage. The key server generates a first wrapped encryption key by encrypting the encryption key with a requesting device public key, a second wrapped encryption key by encrypting the encryption key with a public key associated with the key server, and at least one additional wrapped encryption key by encrypting the encryption key with the at least one public key provided by the at least one remote key server. The key server transmits the generated keys to the requesting device.

Abstract: An apparatus, system, and method are disclosed for read back verification of stored data. A file CRC module calculates a first file CRC for a data file. A segmentation module segments the data file into a plurality of data blocks that comprise a copy of the data file. A block CRC module calculates a data block CRC for each data block. An aggregated CRC module calculates a second file CRC from the data block CRCs. In addition, the aggregated CRC module verifies copy of the data file if the second file CRC is substantially equivalent to the first file CRC.

Abstract: A method for determining volume coherency is disclosed herein. Upon completing a first write job to a volume partition, the method makes a copy of a volume change reference (VCR) value associated with the volume. The VCR value is configured to change in a non-repeating manner each time content on the volume is modified. Prior to initiating a second write job to the volume partition, the method retrieves the copy and compares the copy to the VCR value. If the copy matches the VCR value, the method determines that a logical object on the partition was not modified between the first and second write jobs. If the copy does not match the VCR value, the method determines that the logical object on the partition was modified between the first and second write jobs. A corresponding system and computer program product are also disclosed herein.

Abstract: Provided are a computer program product, system and method for a redundant key server encryption environment. A key server transmits public keys associated with the key server and at least one device to at least one remote key server. The key server receives from the at least one remote key server public keys associated with the at least one remote key server. The key server receives a request for an encryption key from a requesting device comprising one of the at least one device and generates the encryption key for use by the requesting device to unlock a storage. The key server generates a first wrapped encryption key by encrypting the encryption key with a requesting device public key associated with the requesting device. The key server generates a second wrapped encryption key by encrypting the encryption key with a public key associated with the key server.

Abstract: Provided are a computer program product, system and method for a redundant key server encryption environment. A key server receives from at least one remote key server public keys associated with the at least one remote key server. The key server receives a request for an encryption key from a requesting device and generates the encryption key for use by the requesting device to unlock a storage. The key server generates a first wrapped encryption key by encrypting the encryption key with a requesting device public key, a second wrapped encryption key by encrypting the encryption key with a public key associated with the key server, and at least one additional wrapped encryption key by encrypting the encryption key with the at least one public key provided by the at least one remote key server. The key server transmits the generated keys to the requesting device.

Abstract: A label corresponding to a cryptographic key is stored at a first computational device. A user provided label is received at a second computational device. The user provided label is sent from the second computational device to the first computational device. The user provided label is compared to the label stored at the first computational device. The cryptographic key is used to perform cryptographic operations on data, in response to determining that the user provided label matches the label stored at the first computational device.

Abstract: Control of the encryption of data for storage with respect to removable data storage cartridges having a recording media and having cartridge memory with at least a portion lockable to read-only, employs the steps of inspecting the read-only portion of the cartridge memory of the removable data storage cartridge for an “Encrypt-Only” flag. If the “Encrypt-Only” flag is present, writes to the recording media of the removable data storage cartridge are limited to data in an encrypted format, if any; and, else, writes to the recording media of the removable data storage cartridge are allowed for data in any of encrypted and unencrypted formats.

Abstract: Provided are a method, system, and article of manufacture for managing metadata for data blocks used in a deduplication system. File metadata is maintained for files having data blocks in a computer readable device. Data block metadata is maintained for each data block in the computer readable device. The data block metadata for one data block includes a data block reference and content identifier identifying content of the data block. The file metadata for each file includes the data block reference to each data block in the file. A determination is made of an unreferenced data block in the computer readable device that has become unreferenced. Indication is made that the data block metadata for the determined unreferenced data block as unreferenced metadata. The data block reference of the unreferenced metadata is maintained in the computer readable device in response to determining that a includes the data block indicated in the unreferenced metadata.

Abstract: Provided are a method, system, and article of manufacture for rekeying encryption keys for removable storage media. A rekey request is received for a coupled removable storage media, wherein encryption on the coupled removable storage media uses a first key and wherein the rekey request indicates a second key. The first key and the second key are accessed in response to the rekey request. The first key is used to perform decryption for the coupled removable storage media and the second key is used to perform encryption for the coupled removable storage media.

Abstract: Provided are a method, system, and article of manufacture for rekeying encryption keys for removable storage media. A rekey request is received for a coupled removable storage media, wherein encryption on the coupled removable storage media uses a first key and wherein the rekey request indicates a second key. The first key and the second key are accessed in response to the rekey request. The first key is used to perform decryption for the coupled removable storage media and the second key is used to perform encryption for the coupled removable storage media.

Abstract: A non-volatile redundant verifiable indication of data storage status is provided with respect to data storage operations conducted with respect to removable data storage media, and store the indication with an auxiliary non-volatile memory of the data storage media, such that the indication stays with the media. At least one state value indicating the status of the data storage operation is written to one page of the auxiliary non-volatile memory, and a redundancy check is provided with respect to at least the written state value of the one page of the auxiliary non-volatile memory; and the same state value is written to a second page of the auxiliary non-volatile memory, and a redundancy check is provided with respect to at least the written state value of the second page of the auxiliary non-volatile memory. The redundancy checks indicate the validity of the state values.

Abstract: A method is provided for utilizing target of opportunity to perform at least one special operation while a removable storage medium is mounted within a data storage drive for another purpose. A target of opportunity is recognized by determining if at least one special operation may be performed by the data storage drive. If it is determined that at least one special operation may be performed then a first notification that the data storage drive is to remain in a not ready state is sent in response. At least one special operation is performed, and in response to the at least one special operation being performed, a second notification is sent that the removable storage medium is in a ready state or an error state.

Abstract: Provided are a computer program product, system and method for a redundant key server encryption environment. A key server transmits public keys associated with the key server and at least one device to at least one remote key server. The key server receives from the at least one remote key server public keys associated with the at least one remote key server. The key server receives a request for an encryption key from a requesting device comprising one of the at least one device and generates the encryption key for use by the requesting device to unlock a storage. The key server generates a first wrapped encryption key by encrypting the encryption key with a requesting device public key associated with the requesting device. The key server generates a second wrapped encryption key by encrypting the encryption key with a public key associated with the key server.

Abstract: A method, system and program are disclosed for efficiently processing host data which comprises encrypted and non-encrypted data and is to be written to a storage medium. The encrypted data is written to the storage medium in encrypted form. The non-encrypted data is encrypted by a storage device using a well known encryption key and written to the storage medium. In this way, the data that is processed by the storage device to and from the storage medium can always be processed through a single encryption engine.