System, Method and Computer Program Product for Tamper Protection in a Data Storage System
Abstract
Systems, methods and computer software utilized in the implementation of tamper protection, where unique information associated with data storage tapes and with particular revisions of these tapes is stored on the storage medium itself and on a memory of the tape cartridge, so that the data can be compared to determine whether unauthorized modifications have been made to the tapes. One embodiment is a system which includes an archive node appliance coupled between a set of hosts and a tape media library. The archive node appliance presents files stored on a tape of a media library as a directory. The archive node appliance maintains tamper protection data on the tape and on an auxiliary memory on the cartridge of the tape, and determines from this data whether the tape has been altered by an authorized system.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 . A system for providing tamper protection, comprising:
an archive node appliance coupled to a media library and a set of hosts, the archive node appliance comprising a processor, a non-transitory computer readable memory, and computer instructions executable by the processor to cause the archive node appliance to:
load a tape cartridge containing a tape in the media library, the tape cartridge having a memory;
read a first set of tamper protection data from the tape;
read a second set of tamper protection data from the memory of the tape cartridge, each of the first set of tamper protection data from the tape and the second set of tamper protection data from the memory of the tape cartridge comprising:
an index generation value associated with modification of the tape;
a universally unique identifier (UUID) associated with the tape;
verification data generated using the index generation value, the UUID, or both;
a checksum associated with a metadata file on the tape; or
a combination thereof; and
determine whether the tape has been altered by comparing the first set of tamper protection data from the tape and the second set of tamper protection data from the memory of the tape cartridge.
2 . The system of claim 1 , wherein the computer instructions are further executable by the processor to cause the archive node appliance to:
write tamper protection data to the tape and to the memory of the tape cartridge when a file stored on the tape is updated.
3 . The system of claim 1 , wherein the first set of tamper protection data and the second set of tamper protection data are written to the tape and to the memory of the tape cartridge by the archive node appliance or another archive node appliance.
4 . The system of claim 1 , wherein the verification data comprises a hash or a checksum generated using the index generation value, the UUID, or both.
5 . The system of claim 1 , wherein the computer instructions are further executable by the processor to cause the archive node appliance to:
determine whether the metadata file on the tape has been altered by comparing the checksum in the first set of tamper protection data from the tape and the checksum in the second set of tamper protection data from the memory of the tape cartridge.
6 . The system of claim 1 , wherein the computer instructions are further executable by the processor to cause the archive node appliance to:
when the metadata file on the tape is updated, update the checksum in the first set of tamper protection data on the tape and the checksum in the second set of tamper protection data in the memory of the tape cartridge.
7 . The system of claim 1 , wherein the computer instructions are further executable by the processor to cause the archive node appliance to:
mark the tape as read only when metadata maintained by the archive node appliance is associated with a first metadata version number that is older than a second metadata version number associated with the metadata file on the tape.
8 . A computer program product comprising at least one non-transitory computer readable medium storing instructions executable by at least one processor to:
load a tape cartridge containing a tape in a media library, the tape cartridge having a memory; read a first set of tamper protection data from the tape; read a second set of tamper protection data from the memory of the tape cartridge, each of the first set of tamper protection data from the tape and the second set of tamper protection data from the memory of the tape cartridge comprising:
an index generation value associated with modification of the tape;
a universally unique identifier (UUID) associated with the tape;
verification data generated using the index generation value, the UUID, or both;
a checksum associated with a metadata file on the tape; or
a combination thereof; and
determine whether the tape has been altered by comparing the first set of tamper protection data from the tape and the second set of tamper protection data from the memory of the tape cartridge.
9 . The computer program product of claim 8 , wherein the instructions are further executable by the at least one processor to:
write tamper protection data to the tape and to the memory of the tape cartridge when a file stored on the tape is updated.
10 . The computer program product of claim 8 , wherein the first set of tamper protection data and the second set of tamper protection data are written to the tape and to the memory of the tape cartridge by an archive node appliance.
11 . The computer program product of claim 8 , wherein the verification data comprises a hash or a checksum generated using the index generation value, the UUID, or both.
12 . The computer program product of claim 8 , wherein the instructions are further executable by the at least one processor to:
determine whether the metadata file on the tape has been altered by comparing the checksum in the first set of tamper protection data from the tape and the checksum in the second set of tamper protection data from the memory of the tape cartridge.
13 . The computer program product of claim 8 , wherein the instructions are further executable by the at least one processor to:
when the metadata file on the tape is updated, update the checksum in the first set of tamper protection data on the tape and the checksum in the second set of tamper protection data in the memory of the tape cartridge.
14 . A method for providing tamper protection, comprising:
loading, by an archive node appliance having a processor and a non-transitory computer readable memory, a tape cartridge containing a tape in a media library coupled to the archive node appliance, the tape cartridge having a memory; the archive node appliance reading a first set of tamper protection data from the tape; the archive node appliance reading a second set of tamper protection data from the memory of the tape cartridge, each of the first set of tamper protection data from the tape and the second set of tamper protection data from the memory of the tape cartridge comprising:
an index generation value associated with modification of the tape;
a universally unique identifier (UUID) associated with the tape;
verification data generated using the index generation value, the UUID, or both;
a checksum associated with a metadata file on the tape; or
a combination thereof; and
the archive node appliance determining whether the tape has been altered by comparing the first set of tamper protection data from the tape and the second set of tamper protection data from the memory of the tape cartridge.
15 . The method according to claim 14 , further comprising:
the archive node appliance writing tamper protection data to the tape and to the memory of the tape cartridge when a file stored on the tape is updated.
16 . The method according to claim 14 , wherein the first set of tamper protection data and the second set of tamper protection data are written to the tape and to the memory of the tape cartridge by the archive node appliance or another archive node appliance.
17 . The method according to claim 14 , wherein the verification data comprises a hash or a checksum generated using the index generation value, the UUID, or both.
18 . The method according to claim 14 , further comprising:
the archive node appliance determining whether the metadata file on the tape has been altered by comparing the checksum in the first set of tamper protection data from the tape and the checksum in the second set of tamper protection data from the memory of the tape cartridge.
19 . The method according to claim 14 , further comprising:
when the metadata file on the tape is updated, the archive node appliance updating the checksum in the first set of tamper protection data on the tape and the checksum in the second set of tamper protection data in the memory of the tape cartridge.
20 . The method according to claim 14 , further comprising:
the archive node appliance marking the tape as read only when metadata maintained by the archive node appliance is associated with a first metadata version number that is older than a second metadata version number associated with the metadata file on the tape.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.