Data storage cartridges are typically employed to store data which may be transported between data storage drives and may be stored separately from the data storage drives between uses. Much of the data must be secured with respect to outsiders, and much of the data must be secured in favor of some users with respect to other users. Only certain users should be allowed access to certain data, and certain users should be allowed to define who has access to that data. An example comprises payroll information, and another example comprises financial account information. Further, the authorized users tend to change over time.
Thus, it is advantageous to not only provide security for data stored in data storage cartridges, but also to manage the access to that data to particular users, and to different users for different data storage cartridges.
Security of data stored in portable data storage cartridges is typically managed by encrypting the data and providing a key for decrypting the data. Typically, a data processing system includes or obtains the decryption key, and users which are authorized access to the data are listed in the data processing system. The data processing system provides the key and decrypts the data of the data storage drive accessing the data storage cartridge. One example is described in U.S. Pat. No. 5,857,021 in which permission data is written into the data storage media of the cartridge which contains an encrypted key that is necessary for decrypting the data. The key can be decoded only with valid IDs of the equipment of the data processing system. The data processing system thus provides the decrypting key and the user is authorized access by a table in the data processing system.
A difficulty is that the access by a user to the data is not portable even though the data storage cartridge is portable. The access by a user is limited to a data processing system having the authorization table and having the decryption key.
Data processing systems are continually being updated and the authorization tables must be transferred to the new system, and correlated with the data storage media to which access is required. The management of the authorization table is typically handled by other organizations, such as IS, than those responsible for the security of the data. The changes to the table and correlation to the data and to the various data processing systems become a source of loss of security.