Automated data storage libraries provide a means for storing large quantities of data on data storage media that are not permanently mounted in data storage drives, but are stored in a readily available form on storage shelves. One or more robot accessors retrieve selected data storage media from storage shelves and provide them to data storage drives. Typically, data stored on data storage media of an automated data storage library, once requested, is needed quickly. Thus, it is desirable that an automated data storage library be maintained in an operational condition as much as possible, such as the well known “24×7” availability.
The data storage media often contains company sensitive information such as salaries, trade secrets, financial information, etc. Some customers desire more data storage media protection or security than just locking it away in an automated data storage library. For example, a customer may want protection from removing a data storage cartridge from one library and placing it into another library or drive for reading and/or overwriting the data on the storage media. The issue may be greater with partitioned libraries where there is a chance that the data storage media may be accidentally, or intentionally, moved from one logical library into another logical library.
U.S. patent application Ser. No. 09/977,159 (U.S. application publication No. 2003/0074319), filed Oct. 11, 2001, (incorporated herein by reference) addresses some of these problems by encrypting all or most of the data on the storage media but this requires special drive hardware. In addition, since the data is encrypted on the data storage media, it becomes very difficult to move the data storage media to a drive or system that does not support the encryption scheme. To do this would require that the entire contents of the data storage media be read, decrypted, and then written again. Still further, Ser. No. 09/977,159 does not address encryption key management between multiple drives and/or multiple data storage cartridges. U.S. Pat. No. 6,104,561 to Braithwaite, et al. describes a method that writes a code in the data of a data storage medium to prevent unauthorized reading and/or writing of the data storage media but this requires writing of the data storage medium in order to change the security features. Moreover, the code written to the media serves merely as a flag which is indicative of the level of protection to be given to the recorded data.
Therefore, a need remains for improved data storage media security in an automated data storage library without the limitations of previous efforts.