Abstract: Provided are techniques for key generation and retrieval. Unique identifiers of two or more key servers are stored, wherein each key server is capable of generating keys for encryption of data and of returning keys for decryption of data. A key request is received. A technique for selecting one of the key servers to which the key request is to be forwarded is identified. One of the key servers is selected using the identified technique. The key request is sent to the identified key server.

Abstract: Provided are techniques for determining whether to encrypt data. It is determined whether an element is to be encrypted based on an encryption policy, wherein the element comprises one of metadata and a data set. In response to determining that the element is to be encrypted, the element is encrypted and written to a data storage medium. In response to determining that the element is not to be encrypted, the element is written in the effective clear to the data storage medium.

Abstract: Provided are a method, system, and article of manufacture in which a non-reversible signature of a symmetric cryptographic key is computed, wherein the symmetric cryptographic key is used to symmetrically encrypt data at rest in a storage device. The non-reversible signature is stored in association with the symmetrically encrypted data at rest in the storage device. The non-reversible signature is used to determine validity of a cryptographic key provided by a host for accessing the symmetrically encrypted data at rest in the storage device.

Abstract: Provided is a method, system, and program for enabling access to data in a storage medium within one of a plurality of storage cartridges capable of being mounted into a interface device. An association is provided of at least one coding key to a plurality of storage cartridges. A determination is made of one coding key associated with one target storage cartridge, wherein the coding key is capable of being used to access data in the storage medium within the target storage cartridge. The determined coding key is encrypted. The coding key is subsequently decrypted to use to decode and code data stored in the storage medium.

Abstract: A computer program product for operating an automated data storage library with storage shelves, data storage drive(s), a bus bar; and a robot accessor with a drive system for moving the robot accessor, an accessor communication interface, a bus bar relay configured to engage and disengage the bus bar; and a robot control configured to operate the drive system to move the robot accessor, to operate a picker, and to operate the bus bar relay to engage the bus bar when the robot accessor is stationary, to provide communication capability with a library communication interface via the bus bar relay and the bus bar when the bus bar relay engages the bus bar. Additionally, a second communication system may be provided between the robot accessor and the automated data storage library, which is operable at least when the robot accessor is moving.

Abstract: A method and a computer program product are provided to perform a key path diagnostic that aids in isolating an error within the encryption storage system. A first communication test is performed on a path between the key proxy and the drive. The first communication test verifies that the path between the drive and the key proxy is operational. A second communication test is performed on a path between the key proxy and the key server. The second communication test verifies that the path between the key proxy and the key server is operational. In addition, the drive or the key proxy sends a command to the key manager to attempt communication with the key manager. The communication attempt verifies the installation and configuration parameters related to the key manager.

Abstract: A system is provided to perform a key path diagnostic that aids in isolating an error within the encryption storage system. The system includes at least one drive, a key proxy, a key server, a key manager, and a processor. The processor performs a first communication test on a path between the key proxy and the drive. The first communication test verifies that the path between the drive and the key proxy is operational. The processor performs a second communication test on a path between the key proxy and the key server. The second communication test verifies that the path between the key proxy and the key server is operational. In addition, processor sends a command to the key manager to attempt communication with the key manager. The communication attempt verifies the installation and configuration parameters related to the key manager.

Abstract: Provided is a method, system, and program for enabling access to data in a storage medium within one of a plurality of storage cartridges capable of being mounted into a interface device. An association is provided of at least one coding key to a plurality of storage cartridges. A determination is made of one coding key associated with one target storage cartridge, wherein the coding key is capable of being used to access data in the storage medium within the target storage cartridge. The determined coding key is encrypted. The coding key is subsequently decrypted to use to decode and code data stored in the storage medium.

Abstract: Provided are a method, system, and article of manufacture recovering remnant encrypted data on a removable storage media. An end of data (EOD) marker is detected on a removable storage media, wherein a first encryption key is associated with data preceding the EOD marker. Following the EOD marker, an identifier of a second encryption key associated with data following the EOD marker is read in response to detecting the EOD marker. The identifier is used to access the second encryption key and the second encryption key is used to decrypt the data following the EOD marker.

Abstract: Control of the encryption of data for storage with respect to removable data storage cartridges having a recording media and having cartridge memory with at least a portion lockable to read-only, employs the steps of inspecting the read-only portion of the cartridge memory of the removable data storage cartridge for an “Encrypt-Only” flag. If the “Encrypt-Only” flag is present, writes to the recording media of the removable data storage cartridge are limited to data in an encrypted format, if any; and, else, writes to the recording media of the removable data storage cartridge are allowed for data in any of encrypted and unencrypted formats.

Abstract: Methods, apparatus and computer programs are provided for multiplication-free identification of the impulse response of an oversampled data channel. An input comprising a pseudo-random binary sequence of L symbols is supplied to the channel at a symbol rate of 1/T. A channel output is produced by sampling a channel output signal corresponding to the input with a sampling interval TS=(q/p)T, where q and p are relative prime integers with q<p, and q and L are relative prime integers. p polyphase sequences are produced from the channel output by selecting, for each polyphase sequence, every pth sample of the channel output, with a phase shift of one sample between successive polyphase sequences). A decimated binary sequence is produced by selecting every qth symbol of the channel input. Each polyphase sequence is correlated with the decimated binary sequence, the two possible binary values being of equal magnitude and opposite sign for the correlation.

Abstract: Provided are techniques for filling a drive table. A key request including at least one of a drive serial number and a world wide node name is received from a data storage drive. It is determined whether the drive serial number or a world wide node name are in an entry in a drive table. In response to determining that the drive serial number or a world wide node name are not in an entry in a drive table, a new entry is automatically added in the drive table that includes the at least one of a drive serial number and a world wide node name.

Abstract: An apparatus, system and method to limit frame spacing error during timing-based servo pattern fabrication. An apparatus in accordance with the invention may include a first servo write head to simultaneously write servo stripes onto a first servo frame of a magnetic tape, and a second servo write head to simultaneously write servo stripes onto a successive servo frame of the magnetic tape. The first and second servo write heads may write the stripes substantially concurrently to minimize spacing error between the frames.

Abstract: A method, system, and a device have a data storage drive for an automated data storage library in which a data storage drive may have in one embodiment, both a host-drive interface port and a host-library interface port. In one aspect, drive commands from a host system are conducted primarily through the host-drive interface port and a host-drive interface path to a drive controller of the data storage drive. In addition, library commands from the host system to a library controller may be conducted primarily through the host-library interface port and a host-library interface path to a library communication port of the data storage drive. In one embodiment, the drive commands from a host system are conducted primarily through the host-drive interface port and the host-drive interface path to a drive controller of the data storage drive.

Abstract: A magnetic tape cartridge, a recording system, and a magnetic tape drive are configured to, for example, guard against tampering with a write once overwrite protection pointer which allows a rewritable magnetic tape to be treated as write once. In one embodiment, the magnetic tape cartridge comprises a magnetic tape and a cartridge memory. The magnetic tape is configured to provide at least one overwrite protection pointer, the overwrite protection pointer identifying data to be protected from being overwritten; and the cartridge memory is configured to provide the at least one overwrite protection pointer, the overwrite protection pointer identifying magnetic tape data to be protected from being overwritten.

Abstract: Provided is a data storage drive for encrypting data, comprising a microprocessor and circuitry coupled to the microprocessor and adapted to receive a session encrypted data key and to decrypt the session encrypted data key using a session key, wherein a result is a data key that is capable of being used to encrypt clear text and to decrypt cipher text written to a storage medium. Also provided is a system, comprising a microprocessor and circuitry coupled to the microprocessor and adapted to receive a session encrypted data key and to decrypt the session encrypted data key using a private key, wherein a result is a secret key that is capable of being used to encrypt clear text and to decrypt cipher text written to a storage medium.

Abstract: Provided are a method, system, and article of manufacture for managing metadata for data blocks used in a deduplication system. File metadata is maintained for files having data blocks in a computer readable device. Data block metadata is maintained for each data block in the computer readable device. The data block metadata for one data block includes a data block reference and content identifier identifying content of the data block. The file metadata for each file includes the data block reference to each data block in the file. A determination is made of an unreferenced data block in the computer readable device that has become unreferenced. Indication is made that the data block metadata for the determined unreferenced data block as unreferenced metadata. The data block reference of the unreferenced metadata is maintained in the computer readable device in response to determining that a includes the data block indicated in the unreferenced metadata.

Abstract: Disclosed is a technique for updating a read-detect channel. A signal is processed in a read-detect channel that has one or more programmable registers. While signals continue to be processed by the read-detect channel, it is determined with a channel auxiliary processor whether to dynamically replace values of the one or more programmable registers. When it is determined that values of the one or more programmable registers are to be replaced, a channel auxiliary processor determines values for the one or more programmable registers and replaces existing values for the one or more programmable registers with the determined values.

Abstract: An apparatus, system and method to limit frame spacing error during timing-based servo pattern fabrication. An apparatus in accordance with the invention may include a first servo write head to simultaneously write servo stripes onto a first servo frame of a magnetic tape, and a second servo write head to simultaneously write servo stripes onto a successive servo frame of the magnetic tape. The first and second servo write heads may write the stripes substantially concurrently to minimize spacing error between the frames.

Abstract: A label corresponding to a cryptographic key is stored at a first computational device. A user provided label is received at a second computational device. The user provided label is sent from the second computational device to the first computational device. The user provided label is compared to the label stored at the first computational device. The cryptographic key is used to perform cryptographic operations on data, in response to determining that the user provided label matches the label stored at the first computational device.