US2016012257A1PendingUtilityA1

System, Method and Computer Program Product for Tamper Protection in a Data Storage System

50
Assignee: KIP CR P1 LPPriority: May 25, 2012Filed: Sep 22, 2015Published: Jan 14, 2016
Est. expiryMay 25, 2032(~5.9 yrs left)· nominal 20-yr term from priority
G06F 21/64G06F 21/80G06F 3/0673H04L 67/1097G06F 3/0655G06F 3/0622G06F 3/0686
50
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

Systems, methods and computer software utilized in the implementation of tamper protection, where unique information associated with data storage tapes and with particular revisions of these tapes is stored on the storage medium itself and on a memory of the tape cartridge, so that the data can be compared to determine whether unauthorized modifications have been made to the tapes. One embodiment is a system which includes an archive node appliance coupled between a set of hosts and a tape media library. The archive node appliance presents files stored on a tape of a media library as a directory. The archive node appliance maintains tamper protection data on the tape and on an auxiliary memory on the cartridge of the tape, and determines from this data whether the tape has been altered by an authorized system.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . A system for providing tamper protection, comprising:
 an archive node appliance coupled to a media library and a set of hosts, the archive node appliance comprising a processor, a non-transitory computer readable memory, and computer instructions executable by the processor to cause the archive node appliance to:
 load a tape cartridge containing a tape in the media library, the tape cartridge having a memory; 
 read a first set of tamper protection data from the tape; 
 read a second set of tamper protection data from the memory of the tape cartridge, each of the first set of tamper protection data from the tape and the second set of tamper protection data from the memory of the tape cartridge comprising:
 an index generation value associated with modification of the tape; 
 a universally unique identifier (UUID) associated with the tape; 
 verification data generated using the index generation value, the UUID, or both; 
 a checksum associated with a metadata file on the tape; or 
 a combination thereof; and 
 
 determine whether the tape has been altered by comparing the first set of tamper protection data from the tape and the second set of tamper protection data from the memory of the tape cartridge. 
   
     
     
         2 . The system of  claim 1 , wherein the computer instructions are further executable by the processor to cause the archive node appliance to:
 write tamper protection data to the tape and to the memory of the tape cartridge when a file stored on the tape is updated.   
     
     
         3 . The system of  claim 1 , wherein the first set of tamper protection data and the second set of tamper protection data are written to the tape and to the memory of the tape cartridge by the archive node appliance or another archive node appliance. 
     
     
         4 . The system of  claim 1 , wherein the verification data comprises a hash or a checksum generated using the index generation value, the UUID, or both. 
     
     
         5 . The system of  claim 1 , wherein the computer instructions are further executable by the processor to cause the archive node appliance to:
 determine whether the metadata file on the tape has been altered by comparing the checksum in the first set of tamper protection data from the tape and the checksum in the second set of tamper protection data from the memory of the tape cartridge.   
     
     
         6 . The system of  claim 1 , wherein the computer instructions are further executable by the processor to cause the archive node appliance to:
 when the metadata file on the tape is updated, update the checksum in the first set of tamper protection data on the tape and the checksum in the second set of tamper protection data in the memory of the tape cartridge.   
     
     
         7 . The system of  claim 1 , wherein the computer instructions are further executable by the processor to cause the archive node appliance to:
 mark the tape as read only when metadata maintained by the archive node appliance is associated with a first metadata version number that is older than a second metadata version number associated with the metadata file on the tape.   
     
     
         8 . A computer program product comprising at least one non-transitory computer readable medium storing instructions executable by at least one processor to:
 load a tape cartridge containing a tape in a media library, the tape cartridge having a memory;   read a first set of tamper protection data from the tape;   read a second set of tamper protection data from the memory of the tape cartridge, each of the first set of tamper protection data from the tape and the second set of tamper protection data from the memory of the tape cartridge comprising:
 an index generation value associated with modification of the tape; 
 a universally unique identifier (UUID) associated with the tape; 
 verification data generated using the index generation value, the UUID, or both; 
 a checksum associated with a metadata file on the tape; or 
 a combination thereof; and 
   determine whether the tape has been altered by comparing the first set of tamper protection data from the tape and the second set of tamper protection data from the memory of the tape cartridge.   
     
     
         9 . The computer program product of  claim 8 , wherein the instructions are further executable by the at least one processor to:
 write tamper protection data to the tape and to the memory of the tape cartridge when a file stored on the tape is updated.   
     
     
         10 . The computer program product of  claim 8 , wherein the first set of tamper protection data and the second set of tamper protection data are written to the tape and to the memory of the tape cartridge by an archive node appliance. 
     
     
         11 . The computer program product of  claim 8 , wherein the verification data comprises a hash or a checksum generated using the index generation value, the UUID, or both. 
     
     
         12 . The computer program product of  claim 8 , wherein the instructions are further executable by the at least one processor to:
 determine whether the metadata file on the tape has been altered by comparing the checksum in the first set of tamper protection data from the tape and the checksum in the second set of tamper protection data from the memory of the tape cartridge.   
     
     
         13 . The computer program product of  claim 8 , wherein the instructions are further executable by the at least one processor to:
 when the metadata file on the tape is updated, update the checksum in the first set of tamper protection data on the tape and the checksum in the second set of tamper protection data in the memory of the tape cartridge.   
     
     
         14 . A method for providing tamper protection, comprising:
 loading, by an archive node appliance having a processor and a non-transitory computer readable memory, a tape cartridge containing a tape in a media library coupled to the archive node appliance, the tape cartridge having a memory;   the archive node appliance reading a first set of tamper protection data from the tape;   the archive node appliance reading a second set of tamper protection data from the memory of the tape cartridge, each of the first set of tamper protection data from the tape and the second set of tamper protection data from the memory of the tape cartridge comprising:
 an index generation value associated with modification of the tape; 
 a universally unique identifier (UUID) associated with the tape; 
 verification data generated using the index generation value, the UUID, or both; 
 a checksum associated with a metadata file on the tape; or 
 a combination thereof; and 
   the archive node appliance determining whether the tape has been altered by comparing the first set of tamper protection data from the tape and the second set of tamper protection data from the memory of the tape cartridge.   
     
     
         15 . The method according to  claim 14 , further comprising:
 the archive node appliance writing tamper protection data to the tape and to the memory of the tape cartridge when a file stored on the tape is updated.   
     
     
         16 . The method according to  claim 14 , wherein the first set of tamper protection data and the second set of tamper protection data are written to the tape and to the memory of the tape cartridge by the archive node appliance or another archive node appliance. 
     
     
         17 . The method according to  claim 14 , wherein the verification data comprises a hash or a checksum generated using the index generation value, the UUID, or both. 
     
     
         18 . The method according to  claim 14 , further comprising:
 the archive node appliance determining whether the metadata file on the tape has been altered by comparing the checksum in the first set of tamper protection data from the tape and the checksum in the second set of tamper protection data from the memory of the tape cartridge.   
     
     
         19 . The method according to  claim 14 , further comprising:
 when the metadata file on the tape is updated, the archive node appliance updating the checksum in the first set of tamper protection data on the tape and the checksum in the second set of tamper protection data in the memory of the tape cartridge.   
     
     
         20 . The method according to  claim 14 , further comprising:
 the archive node appliance marking the tape as read only when metadata maintained by the archive node appliance is associated with a first metadata version number that is older than a second metadata version number associated with the metadata file on the tape.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.