It is known to backup data stored on primary storage, such as a hard disk of a computer system, in order to protect against a disaster that might otherwise irrecoverably destroy all or part of the data. Disasters, for example, may be fire, flood, computer virus or simply accidental deletion of data. One of the main reasons for using magnetic tape as a backup storage media is that it provides a stable, reliable and relatively cheap option for storing large volumes of backed-up data.
Backup application software which executes on a computer system typically provides the functions for enabling such computer system data to be both backed-up to, and restored from tape cartridge, which is written to and read from by a tape drive. Well-known backup application software includes ‘Replica’ from Stac, ‘ArcServe’ from Computer Associates, ‘BackupExec’ from Veritas and ‘Data Protectortm’ from HP. Well-known tape drives include DDS and LTO compliant tape drives, both available from HP.
An example of a technology that can be used for backup is the linear tape-open (LTO) technology. LTO technology is an “open format” technology, which means that users can have multiple sources of cartridges and compatible tape drives. The ULTRIUM format is the “high capacity” implementation of LTO technology.
Tape drives and tape cartridges which are compliant with ULTRIUM LTO are commercially available from Hewlett Packard and others. A LTO compliant cartridge has a non-volatile cartridge memory (LTO-CM) which is an intelligent memory chip embedded in the cartridge. It uses a radio frequency interface that eliminates the need for a physical power or signal connection between cartridge and tape drive. The LTO-CM is used for storing information which in other tape formats may be stored in the header at the beginning of the tape.
Backup data may be sensitive and thus must be protected from unauthorised access. U.S. Pat. No. 5,659,614, incorporated herein by reference, shows a system for creating and storing a backup copy of file data that relies on encryption. The files that are to be transmitted to the backup site are encoded and double encrypted. All instances of pre-determined client-specific data elements within each file are identified and replaced by a corresponding code prior to encryption. The file data is then encrypted using multiple, indirect encryption keys, variable block length and variable algorithms based on a client-selected string of characters. The files are thereafter encrypted again at the client's site prior to transmission to the backup site.
U.S. Pat. No. 6,574,733, incorporated herein by reference, shows a similar centralised backup system that also relies on encryption. The centralised data backup system pools information to be backed up from one or more data sources. A processor centrally initiates extraction of data to be backed up from a plurality of processing nodes. The processor employs a backup data encryptor that encrypts the centrally extracted data using a public key based cryptographic system. The symmetric key is wrapped using the public encryption key of the data source.
U.S. Pat. No. 6,625,732 B1, incorporated herein by reference, shows a method for tracking the devices used to load, read and write removable storage media. The drive identifier of the drive that is used to perform a read or write access to the removable storage media is written to an access audit table. This enables a computer operator to determine for a particular medium, a list of the different drives in which the medium has been accessed and the sequential order of drives into which the medium has been accessed. This information may be useful to determine whether the data on the medium may have been modified or read by unauthorized persons.