An information processing device including: a data processing unit that generates an encryption key of content; and a communication unit that transmits an encryption key generated by the data processing unit, wherein the data processing unit generates, as the encryption key, individual keys that are different for each new content recording processing on a recording medium in a content recording device, and transmits the individual keys through the communication unit.

A self encryption drive (SED) receives a media encryption key (MEK) from a key management server. The MEK is stored only in volatile memory of the SED. Data is encrypted for storage in a non-volatile storage media of the SED based on the MEK. Further, the MEK is erased in the volatile memory to crypto-erase the SED by deleting all instances of the MEK stored by the SED.

A self-encryption drive (SED) opens a communication session between the SED and a key management server. An identifier of the SED is sent to the key management server, where the identifier uniquely identifies a data structure in a database associated with the key management server and the data structure comprises a timestamp and a media encryption key (MEK). The data structure is received from the key management server, the data structure being wrapped with a shared session key associated with the communication session. The data structure is unwrapped with the shared session key and the MEK is stored only in the volatile memory of the SED based on the timestamp. Data is encrypted for storage in the non-volatile storage media of the SED based on the MEK stored only in the volatile memory of the self-encryption drive (SED). The MEK stored only in the volatile memory of the SED is erased to crypto-erase the SED.

A method for securing user data that is stored to a tape cartridge having a medium auxiliary memory (MAM) is described. When user data is sent to a tape library from a client, the tape library sends a request to a cloud based key management service for a data key to encrypt the user data and an encrypted data key that corresponds to the data key. The data key is used to encrypt the user data which is then stored to the tape cartridge and the encrypted data key is stored to the MAM. Upon decrypting the encrypted user data, the encrypted data key is extracted from the MAM and sent to the cloud based key management service where it is used to produce the data key from the cloud based key management service which is then sent to the tape library. When the tape library is in possession of the data key, the encrypted data in the tape cartridge can then be decrypted and sent to a requester of the user data.

The inventions relate to the delivery, transfer of content, and return of uniquely customized physical digital media. Digital content is specifically encrypted for use on a target player associated with a specific customer account. After use, the media is returned to a receiving location where use information is read from the media. Attention is given to cost of delivery, security of content, user experience in selecting, choosing, paying for, viewing or utilizing the content, and usage information created as a result of the content being utilized, rented, purchased, loaded or deleted.

A self-encryption drive (SED) opens a communication session between the SED and a key management server. An identifier of the SED is sent to the key management server, where the identifier uniquely identifies a data structure in a database associated with the key management server and the data structure comprises a timestamp and a media encryption key (MEK). The data structure is received from the key management server, the data structure being wrapped with a shared session key associated with the communication session. The data structure is unwrapped with the shared session key and the MEK is stored only in the volatile memory of the SED based on the timestamp. Data is encrypted for storage in the non-volatile storage media of the SED based on the MEK stored only in the volatile memory of the self-encryption drive (SED). The MEK stored only in the volatile memory of the SED is erased to crypto-erase the SED.

A self encryption drive (SED) receives a media encryption key (MEK) from a key management server. The MEK is stored only in volatile memory of the SED. Data is encrypted for storage in a non-volatile storage media of the SED based on the MEK. Further, the MEK is erased in the volatile memory to crypto-erase the SED by deleting all instances of the MEK stored by the SED.

A method for securing user data that is stored to a tape cartridge having a medium auxiliary memory (MAM) is described. When user data is sent to a tape library from a client, the tape library sends a request to a cloud based key management service for a data key to encrypt the user data and an encrypted data key that corresponds to the data key. The data key is used to encrypt the user data which is then stored to the tape cartridge and the encrypted data key is stored to the MAM. Upon decrypting the encrypted user data, the encrypted data key is extracted from the MAM and sent to the cloud based key management service where it is used to produce the data key from the cloud based key management service which is then sent to the tape library. When the tape library is in possession of the data key, the encrypted data in the tape cartridge can then be decrypted and sent to a requester of the user data.

A user selection of one or more of a plurality of content is received. The selected content is encrypted by a first encryption key that is remote and unknown to the distribution server. Payment information associated with the user selection is also received and verified. The selected content from is retrieved from a remote database. The first encryption key corresponding to the selected content to decrypt the encrypted content corresponding to the user selection is obtained. Decryption is performed by a hardware-based engine of the distribution server that is isolated from a host processor of the distribution server. The content corresponding to the user selection is encrypted according to a second encryption key that is known to the distribution server.

A system may include a key management server configured to store encryption keys. The system may also include a storage device that includes a processor, a memory coupled to the processor, and an optical medium coupled to the processor. The processor may be configured to encrypt and write data to the optical medium based upon the encryption keys, the data having metadata associated therewith, store the metadata in the memory, and read selected encrypted data from the optical medium. The processor may also be configured to retrieve the metadata associated with the selected encrypted data, retrieve a respective encryption key based upon the retrieved metadata, and decrypt the selected encrypted data based upon the respective encryption key. The processor may further be configured to delete selected metadata from the memory in response to a delete instruction so that the respective data is unreadable.