1. Field of the Invention
The present invention generally relates to the encryption of data to be stored in a storage system.
2. Description of the Related Art
A storage system having an encryption function is known. This type of storage system has been disclosed in Japanese Patent Application Laid-Open No. 2007-028502, and No. 2006-227839, for example. According to the technology disclosed in these documents, data which the storage system received from the host is encrypted by the encryption function of the storage system, and the encrypted data is stored in the storage device.
However, there is a case when data migrates from a first storage system to a second storage system. Data migration is executed when an old storage system is replaced with a new storage system, for example.
In this case, the migration target data may be data encrypted by a first encryption function of the first storage system. If so, migration must be performed by the following scheme in order to decrypt the encrypted data to be stored in the second storage system using a second encryption function of the second storage system. That is, the first storage system decrypts the encrypted data using the first encryption function, sends this decrypted data to the second storage system, then the second storage system encrypts the decrypted data again using the second encryption function, and stores this encrypted data. This means that data which is not encrypted (hereafter called unencrypted data) is released outside the storage system during the migration of the data. Also time required for the migration of the data increases since decryption and re-encryption are required for all the encrypted data to be the migration target. A method for solving these problems is the first storage system sending the encrypted data itself to the second storage system, but in this case, the encrypted data to be stored in the second storage system, which is not data encrypted by the second encryption function, cannot be decrypted by the second storage system.
Also a change of the encryption scheme used for the data to be stored may be desired. One method to meet this demand is to perform the above mentioned migration of data. By this, an encryption scheme used for the data to be stored can be changed from the first encryption scheme using the first encryption function of the first storage system, to the second encryption scheme using the second encryption function of the second storage system. With this method, however, unencrypted data is released outside the storage system when the encryption scheme is changed.