1. Field of the Invention
The present invention relates to a method, system, and program for securely providing keys to encode and decode data in a storage cartridge.
2. Description of the Related Art
Protecting and securing data is one of the primary concerns that must be addressed when designing an information management system, whether for a single user, small business or large scale data warehouse. Oftentimes data may be continually archived on various storage medium, such as tape cassettes or optical disks. When archiving data on tape or other removable storage medium, one security concern is that someone will steal the tape and then access the data. Also, if the tape can be mounted into a tape drive through remote commands transmitted over a network, then there is a concern that someone may “hack” into the system, mount the tape or other storage medium in a drive and then access the data.
One technique to secure data is to encrypt the data on the tape. However, data on an archival medium, such as tape or optical disk tape is often compressed. Performing encryption and compression as well as decompression and decryption on very large data sets, such as an entire tape cartridge which can comprise 100 gigabytes (GB), can be computationally expensive and take a considerable amount of time.
Moreover, the compression and encryption operations are usually performed sequentially in separate steps. The data is first compressed and then encrypted because encrypted data cannot typically be compressed. Performing compression and encryption sequentially requires scanning the data twice, which requires still further computational resources and time. Still further, compression may be performed by dedicated integrated circuits, whereas most popular encryption algorithms, such as the public/private key encryption and cipher schemes, are typically implemented using software, which is slower than using a dedicated integrated circuit.
Another security technique for removable storage media is to program the drive controller that controls the read/write head that physically accesses the storage medium to only allow access to a password protected removable cartridge if the user enters the password. For instance, with the JAZ** and ZIP** storage cartridges produced by Iomega Corporation**, the user may password protect the storage cartridge. In such case, the controller in the Iomega drive interface is programmed to only allow access to the data on the storage cartridge if the user enters the password assigned to that storage cartridge. This process is further described in U.S. Pat. No. 6,104,561. The security feature of such storage cartridges is very fast because the data itself does not have to be decrypted. Instead, the drive provides immediate access to the data upon receiving the recognizable password. Although such a system may prevent hackers from access a mounted drive remotely over a network, someone who physically misappropriates the password protected cartridge can still read the data on the storage medium because the data is not encrypted on the storage medium. All one would have to instruct the interface controller to ignore the password feature and access the data.
Thus, there is a need in the art for improved protection schemes in a data storage system using removable storage media.