1. Field
Embodiments of the invention relate to an encryption policy that is based on data context recognition.
2. Description of the Related Art
Automated data storage libraries (e.g. tape libraries including tape drives) are known for providing cost effective storage and retrieval of large quantities of data. The data in automated data storage libraries is stored on date storage media (e.g. tape cartridges) that are, in turn, stored in storage slots (or storage shelves or the like) inside the library in a fashion that renders the data storage media, and its resident data, accessible for physical retrieval. An accessor may be used to move data storage media (e.g., tape cartridges) between the storage slots and data storage drives (e.g., tape drives). Such data storage media are commonly termed “removable media.” Data storage media may comprise any type of media on which data may be stored and which may serve as removable media, including but not limited to magnetic media (such as magnetic tape or disks), optical media (such as optical tape or disks), electronic media (such as PROM, EEPROM, flash PROM, Compactflash™, Smartmedia™, Memory Stick™, etc.), or other suitable media. Typically, the data stored in automated data storage libraries is resident on data storage media that is contained within a cartridge and referred to as a data storage media cartridge. An example of a data storage media cartridge that is widely employed in automated data storage libraries for data storage is a tape cartridge.
Sometimes data that is written to the data storage media is encrypted and data that is read from the data storage media is to be decrypted. Encryption may be described as the transformation of data into a form, called a ciphertext, using an encryption key that cannot be easily transformed back to the original data without the decryption key. Decryption may be described as the process of transforming the encrypted data back into its original form using a decryption key.
Encryption protects data written to a tape cartridge from unauthorized exposure and unauthorized modification, but can also create problems. In particular, if all data written to the tape cartridge, including labels (i.e. the first one or more records written to tape), headers (i.e. containing information about the data on the tape, such as information describing the following set of data (data set), the source of that data or information that associates the tape with a data storage medium management system), and trailers (i.e. indicating an end of the data), is indiscriminately encrypted and keys for decrypting the data are not available or known, then tape drives, which rely on reading such data may he unable to process (e.g. transfer data from) the tape cartridge.
Without being able to recognize data to be encrypted versus that is not to be encrypted, the tape may:                1. Encrypt all data with a same encryption data key (i.e. indiscriminate single-key encryption)        2. Encrypt each record or set of records (e.g. every 10 records could be a set) with a different key (i.e. indiscriminate encryption of all data, but using multiple keys)        3. Not encrypt with a secret key or may not make any use of encryption        
However, encryption of all data leads to problems when the tape drive needs to read certain data and keys for decrypting the data are not available or known, and not encrypting data provides no protection of the data.
Thus, there is a need in the art for an encryption policy that is based on data context recognition.