1. Field
The present disclosure relates to a method, system, and program for encrypting and decrypting data on a data storage device.
2. Description of the Related Art
Protecting and securing data is one of the primary concerns that must be addressed when designing an information management system, whether for a single user, small business or large scale data warehouse. Oftentimes, data may be continually archived on various storage media, such as tape cartridges, optical disks, disk drives, and the like. When archiving data on such storage media, one security concern is that a storage medium may be lost or stolen, and sensitive data on the storage medium may be discovered. Also, if the storage medium can be accessed through remote commands transmitted over a network, then there is a concern that someone may “hack” into the system to gain access the data.
To address some of these problems, many companies encrypt data written on the storage media. In such a case, if the storage media were to become lost or stolen, the data thereon would not be readily accessible because it would be encrypted. However, while encrypting data works well to secure the data, the process of encrypting and decrypting the data on the storage media introduces challenges, particularly when both encrypted and non-encrypted data are to be written on the storage media.
As an example, an application may desire to write both encrypted data and non-encrypted data on a storage medium. However, mixing of encrypted and non-encrypted data on the storage medium requires the management of, and processing of, both encrypted and non-encrypted data. Conventional systems have addressed this problem by writing the encrypted and non-encrypted data on the storage medium in encrypted and non-encrypted forms, respectively. However, reading and writing both encrypted and non-encrypted data requires interruptions in the data stream in order to process the different types of data, as the encrypted data must be processed through an encryption engine, and the non-encrypted data is not processed through the encryption engine. Reading/Writing a stream of data through the encryption engine must be stopped in order to process a stream of non-encrypted data, and then the encryption engine restarted again to read/write the encrypted data. Processing the data in this way is inefficient and impacts the overall time to read and write data from and to a storage medium.
In view of the foregoing, there is a need in the art for improved encryption schemes when processing application data which includes both encrypted and non-encrypted data to be written to and read from a storage medium.