JP2010130459A - Backup system and method of changing encryption key of the same - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To prevent the decryption of unauthorized data, and facilitate changing of an encryption key. <P>SOLUTION: By causing a tape group information storage section 115 to store a first encryption key and at the same time, causing a tape cartridge memory 51 to store a second encryption key, and generating a third encryption key at encrypted recording into a magnetic tape based on the first and second encryption keys, even when one of the first and second keys is leaked out, decryption of data is prevented. Further, even when the other encryption key is leaked out (for example, when the tape cartridge is stolen), by generating the third encryption key using the first and second encryption keys, newly generating a first new encryption key, generating a second new encryption key based on the third encryption key and first new encryption key thus generated, and storing them individually, both encryption keys are changed in a short time to prevent the decryption of data. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to a backup system that performs backup by encrypting data and a method for changing the encryption key of the backup system, and in particular, a backup system that can easily change the encryption key of data that has been backed up, and the backup system The present invention relates to an encryption key change method.

  In recent computer systems, data handled by a host computer is backed up to a remote backup system via a communication network. In this backup system, an exchangeable magnetic tape cartridge is used as a recording medium, and data is backed up by encrypting data with an encryption key in order to cope with theft caused by the portability of the magnetic tape cartridge.

Incidentally, as a document describing a backup technique for encrypting data and backing up to a magnetic tape, the following Patent Document 1 is cited, and this Patent Document 1 includes a common data center in which a plurality of users are connected to a network. When backing up data to magnetic tape in a computer system that stores data in a certain storage, the data center obtains an encryption key for encryption from each user via the network for each backup, and the obtained encryption A technique is described in which user data is encrypted with a key and recorded on a magnetic tape.
JP 2003-208355 A

When it becomes necessary to change the encryption key of the backed up data, the backup system according to the prior art decrypts the encrypted data recorded on the magnetic tape using the encryption key, and the decrypted data is newly encrypted. There is a problem that re-encryption using a key and re-encrypted data must be re-recorded on a magnetic tape, and changing the encryption key requires a lot of processing time. More specifically, the time required for correcting the encryption key has a problem that it requires a processing time obtained by multiplying the number of magnetic tapes, the data recording / reproducing time, and the replacement time of the tape drive of the magnetic tape cartridge. In addition, since the conventional technology requires the long-time processing described above, for example, when an operation business that performs data backup at a time outside business hours (for example, from 21:00 to 7:00 the next day) is employed, encryption is performed within this time. There was also a problem that it was difficult to change the key, which could interfere with data backup operations.
In addition, when multiple encryption keys are used as the encryption key and one of the encryption keys leaks, both encryption keys need to be changed. However, as described above, it takes a lot of time to change the encryption key. There was a problem that data could be decrypted when a third party steals the magnetic tape before changing the key.

  Further, the backup system according to the prior art has a problem that when the encryption key is stored in the memory of the tape cartridge that stores the magnetic tape, the data may be decrypted by the encryption key read from the memory.

  An object of the present invention is to provide a backup system capable of preventing data restoration by a tape cartridge alone and changing an encryption key of encrypted data stored in a magnetic tape in a short time, and an encryption key changing method of the backup system. Is to provide.

In order to achieve the above object, the present invention is a backup system for encrypting data stored in a magnetic disk device in units of volumes and storing the data on a magnetic tape.
Encryption key generating means for randomly generating a first encryption key composed of binary data represented in binary number and a second encryption key having a value different from the first encryption key;
A tape group information storage unit for storing tape group information including the first encryption key;
Storing tape management information including the second encryption key; and a cartridge memory mounted on a tape cartridge for storing the magnetic tape;
A tape drive for recording and reproducing encrypted data on the magnetic tape of the tape cartridge; and
A controller for controlling the data encryption / decryption and data recording / reproduction on the magnetic tape,
The control unit
A first step of generating a third encryption key by performing an exclusive OR operation on the first encryption key and the second encryption key;
The first feature is to execute a second step of encrypting data using the third encryption key generated in the first step and writing the encrypted data onto a magnetic tape by a tape drive.

According to the present invention, in the backup system according to the first feature, the control unit includes:
A third step of reading tape group information including the first encryption key stored in the tape group information storage unit;
A fourth step of reading tape management information including the second encryption key stored in the cartridge memory;
A fifth step of generating a third encryption key by performing an exclusive OR operation between the first encryption key read in the third step and the second encryption key read in the fourth step;
The first feature is that the sixth step of reading and decrypting the encrypted data by the tape drive using the third encryption key generated in the fifth step is executed.

According to the present invention, in the backup system according to the first feature, the control unit includes:
A third step of reading tape group information including the first encryption key stored in the tape group information storage unit;
A fourth step of reading tape management information including the second encryption key stored in the cartridge memory;
A fifth step of generating a third encryption key by performing an exclusive OR operation between the first encryption key read in the third step and the second encryption key read in the fourth step;
A sixth step of generating a new first new encryption key by the encryption key generating means;
A seventh new encryption key is generated by performing an exclusive OR operation on the third encryption key generated in the fifth step and the first new encryption key generated in the sixth step. Process,
An eighth step of storing tape group information including the first new encryption key generated in the sixth step in the tape group information storage unit;
A third feature is that the ninth step of executing tape management information including the second new encryption key generated in the seventh step is stored in the cartridge memory.

According to the present invention, in the backup system according to the first feature, the control unit includes:
A third step of reading tape group information including the first encryption key stored in the tape group information storage unit;
A fourth step of reading tape management information including the second encryption key stored in the cartridge memory;
A fifth step of generating a third encryption key by performing an exclusive OR operation between the first encryption key read in the third step and the second encryption key read in the fourth step;
A tenth step of generating a new second new encryption key by the encryption key generating means;
An eleventh for generating a new first new encryption key by performing an exclusive OR operation on the third encryption key generated in the fifth step and the second new encryption key generated in the tenth step. Process,
A twelfth step of storing tape management information including the second new encryption key generated in the tenth step in the cartridge memory;
A fourth feature is that the 13th process of storing the tape group information including the first new encryption key generated in the 11th process in the tape group information storage unit is executed.

  According to the present invention, in the backup system according to any one of the first to fourth features, a management computer is provided that performs backup storage by reading tape group information including the first encryption key from a tape group information storage unit. This is the fifth feature.

Furthermore, the present invention provides an encryption key generating means for randomly generating a first encryption key composed of binary data represented in binary number and a second encryption key having a value different from the first encryption key, A tape group information storage unit that stores tape group information including a first encryption key; a cartridge memory that stores tape management information including the second encryption key and is mounted on a tape cartridge that stores the magnetic tape; A magnetic disk device comprising: a tape drive for recording / reproducing encrypted data on a magnetic tape of a tape cartridge; and a control unit for controlling data encryption / decryption and data recording / reproduction on the magnetic tape. An encryption key changing method for a backup system that encrypts stored data in units of volumes and stores the data on a magnetic tape,
The control unit
A first step of generating a third encryption key by performing an exclusive OR operation on the first encryption key and the second encryption key;
A second step of encrypting data using the third encryption key generated in the first step, and writing the encrypted data onto a magnetic tape by a tape drive;
A third step of reading tape group information including the first encryption key stored in the tape group information storage unit;
A fourth step of reading tape management information including the second encryption key stored in the cartridge memory;
A fifth step of generating a third encryption key by performing an exclusive OR operation between the first encryption key read in the third step and the second encryption key read in the fourth step;
A sixth step of generating a new first new encryption key by the encryption key generating means;
A seventh new encryption key is generated by performing an exclusive OR operation on the third encryption key generated in the fifth step and the first new encryption key generated in the sixth step. Process,
An eighth step of storing tape group information including the first new encryption key generated in the sixth step in the tape group information storage unit;
The sixth feature is that the ninth step of storing tape management information including the second new encryption key generated in the seventh step in the cartridge memory is executed.

Furthermore, the present invention provides an encryption key generating means for randomly generating a first encryption key composed of binary data represented in binary number and a second encryption key having a value different from the first encryption key, A tape group information storage unit that stores tape group information including a first encryption key; a cartridge memory that stores tape management information including the second encryption key and is mounted on a tape cartridge that stores the magnetic tape; A magnetic disk device comprising: a tape drive for recording / reproducing encrypted data on a magnetic tape of a tape cartridge; and a control unit for controlling data encryption / decryption and data recording / reproduction on the magnetic tape. An encryption key changing method for a backup system that encrypts stored data in units of volumes and stores the data on a magnetic tape,
The control unit
A first step of generating a third encryption key by performing an exclusive OR operation on the first encryption key and the second encryption key;
A second step of encrypting data using the third encryption key generated in the first step, and writing the encrypted data onto a magnetic tape by a tape drive;
A third step of reading tape group information including the first encryption key stored in the tape group information storage unit;
A fourth step of reading tape management information including the second encryption key stored in the cartridge memory;
A fifth step of generating a third encryption key by performing an exclusive OR operation between the first encryption key read in the third step and the second encryption key read in the fourth step;
A tenth step of generating a new second new encryption key by the encryption key generating means;
An eleventh for generating a new first new encryption key by performing an exclusive OR operation on the third encryption key generated in the fifth step and the second new encryption key generated in the tenth step. Process,
A twelfth step of storing tape management information including the second new encryption key generated in the tenth step in the cartridge memory;
A seventh feature is that the 13th process of storing the tape group information including the first new encryption key generated in the 11th process in the tape group information storage unit is executed.

  According to the present invention, in the encryption key changing method according to the sixth aspect, the backup system includes a management computer that reads the tape group information including the first encryption key from the tape group information storage unit and performs backup storage. And the control unit executes a fourteenth step of reading tape group information including the first encryption key from the management computer instead of the third step.

  Further, the present invention provides the encryption method according to the seventh feature, wherein the backup system comprises a management computer that reads tape management information including the second encryption key from a cartridge memory and performs backup storage. A ninth feature is that the unit executes the fifteenth step of reading tape group information including the first encryption key from the management computer in place of the third step.

  In the backup system and the encryption key changing method of the backup system according to the present invention, the first encryption key is stored in the tape group information storage unit, and the second encryption key is stored in the cartridge memory of the tape cartridge. By generating a third encryption key for encryption recording on the magnetic tape based on the second encryption key, data restoration by the tape cartridge alone is prevented even if the tape cartridge is stolen. Can do.

  The backup system and the encryption key changing method of the backup system according to the present invention generate a third encryption key based on the first and second encryption keys when one of the first or second encryption keys is leaked. And generating a new first new encryption key, generating a second new encryption key based on the third encryption key and the first new encryption key, and individually storing the second new encryption key. The encryption key can be changed in a short time without rewriting.

  Hereinafter, an embodiment of a backup system and an encryption key changing method of the backup system according to the present invention will be described in detail with reference to the drawings. FIG. 1 is a diagram showing a computer system including a backup system according to this embodiment, FIG. 2 is a diagram for explaining tape group information according to this embodiment, and FIG. 3 is a diagram for explaining tape management information according to this embodiment. FIG. 4 is an operation flow diagram at the time of backup according to this embodiment, FIG. 5 is an operation flow diagram at the time of restoration according to this embodiment, and FIG. 6 is a diagram showing an operation flow at the time of changing the encryption key according to this embodiment. .

[Constitution]
As shown in FIG. 1, a computer system including a backup system 100 according to the present embodiment includes a host terminal 10 that performs various data processing, a backup system 100 that encrypts and backs up data of the host terminal 10 with an encryption key, The management terminal 20 controls data backup.

  The backup system 100 includes a disk array device 110 that temporarily stores data of the host terminal 10 using the magnetic disk device 113 as a storage medium, an FC switch 130 that is connected to the disk array device 11 via a fiber cable, The tape library device 120 is connected to the FC switch 130 and encrypts data temporarily stored in the disk array device 110 and backs it up on a magnetic tape. The reason for temporarily storing data in the disk array device 110 is that the time zone for backing up the data of the host terminal 10 is limited to midnight outside the business hours of the host terminal 10 and the disk array 10 This is because data migration to the device 110 and encrypted backup from the disk array device 110 to the tape library device 120 are performed asynchronously.

  The disk array device 110 generates a plurality of magnetic disk devices 113 for temporarily storing data of the host terminal 10, and a first encryption key (Key1) and a second encryption key (Key2) to be described later. The random number generation unit 112 corresponding to an encryption key generation unit that generates random numbers, a tape group information storage unit 115 that stores tape group (TG) information, which will be described later, and a control unit 111 that controls these, are provided. The magnetic disk device 113 is roughly divided into a primary disk group that first stores data of the host terminal 10 and a secondary disk group that copies the data of the primary disk group, and the data of the secondary disk group is stored in a tape library device. 120 is backed up. The first encryption key (Key 1) stored in the tape group information storage unit 115 of the disk array device 110 is configured to be backed up to the management terminal 20. The encryption keys described in this embodiment are, for example, 128 to It consists of binary data of about 256 bits.

  The tape library device 120 includes a plurality of tape cartridges 50 including a magnetic tape for encrypting and storing data received from the disk array device 110, a tape drive 56 for recording and reproducing data on the magnetic tape of the tape cartridge 50, and A robot unit 55 that transports the tape cartridge 50 stored in a storage (not shown) to and from the tape drive 56, and a control unit 121 that controls these units.

  The tape cartridge 50 incorporates a cartridge memory (CM) 51 which is a semiconductor memory for storing management information related to the tape cartridge, and is divided into a plurality of groups in units of volume of data stored in the magnetic disk device 113. The number of the tape group 70 is assigned to this group unit. As shown in FIG. 3, the tape management information includes the number of stored LUs indicating the number of logical units stored by the tape group number, the last LU number indicating the last logical unit number, and the position of the last logical unit. TG last position flag indicating that the data has been recorded to the end, a TG last end flag indicating ON / OFF, and the number of tapes in TG indicating the number of tapes (cartridges) used in the tape group Each item information of the compression rate indicating the compression rate of the tape, the backup end time indicating the date and time when the backup is completed, and Key2 that is the second encryption key that is a feature of the present embodiment. Is done.

  As shown in FIG. 2, the tape group information stored in the tape group information storage unit 115 includes the above tape group number, blocking state information indicating whether the tape group number can be used, a primary tape, TG copy status information that is a mirror between secondary tapes and sets whether to take a mirror by ON / OFF, and mirror status information that sets whether to take a mirror between primary disk and secondary disk by ON / OFF Used tape number (primary), used tape number (secondary), storage LU list indicating the number of the logical unit that stores the data, date and time of inclusion, and when the administrator searches for the tape group number Each item information of a keyword to be used, an encryption state indicating ON / OFF of an encryption state, and Key1 indicating a first encryption key that is a feature of the present embodiment For example, for the tape group number “0”, the TG block status is “normal”, the TG copy status is “COPY_END”, the mirror status is “ON”, the tape number used (correct) is “0.1”, and used The tape number (secondary) is “2.3”, the storage LU list is “2.4”, the write date / time is “2007/07/200 01:23:45”, the keyword is “DB1,200007020”, and the encryption state is “On” and “Key1” are stored as “01010101...”.

  In the “TG blocked status” column, “secondary blocked” indicates that the secondary tape of the tape group number being mirror-backed cannot be used physically / logically, and “TG copy status” Indicates the copy status from the array device to the tape or from the tape to the disk array. The mirroring of the primary and secondary tapes described above writes simultaneously from the disk array device to the primary and secondary tapes when copying to the specified tape group magnetic tape. Shall be performed.

[Operation]
The backup system 100 configured as described above backs up data recorded in a magnetic disk device or the like of the host terminal 10 in accordance with an instruction from the management terminal 20, and the data from the host terminal 10 is backed up. It is stored in the magnetic disk device 113 of the disk array device 110 in units of volumes, and the data stored in the magnetic disk device 113 is encrypted and backed up to a plurality of tape cartridges 50 of the tape library device 120. The operation of encrypted backup from the disk array device 110 to the tape library device 120 will be described with reference to FIG.

  First, in the backup system 100, the control unit 111 receives a backup request from the management terminal 20, step S40, and generates a first encryption key Key1 based on the random number generated by the random number generation unit 112. Similarly, Step S42 for generating the second encryption key Key2, and Step S43 for generating the third encryption key (EncKey) by calculating the exclusive OR (XOR) of the generated Key1 and Key2. Step S44 for storing the first encryption key (Key1) in the tape group information storage unit 115, Step S46 for selecting a plurality of tape cartridges to be backed up according to the amount of data to be backed up, and the second encryption key. Cartridge memory of the tape cartridge 50 with (Key2) selected Step S47 for writing to 1, step S48 for encrypting the data stored in the magnetic disk device 113 using the third encryption key and writing it on the magnetic tape, and step for executing until the backup of the encrypted data is completed By executing S45 and S49, the data encrypted using the third encryption key is operated to be backed up to a plurality of tape cartridges 50 in units of volumes.

  Next, when the data backed up to the tape library device 120 is restored to the disk array device 110, the backup system 100 according to this embodiment is a step in which the control unit 121 receives a tape restore request from the management terminal 20 as shown in FIG. S60, step S61 for obtaining the requested number of tapes of the tape group number to be restored with reference to the tape management information shown in FIG. 3, and step S62 for selecting a tape cartridge from the information obtained in step S61. Step S63 for reading the first encryption key (Key1) from the tape group information storage unit 115, Step S64 for reading the second encryption key (Key2) from the cartridge memory 51 of the tape cartridge 50, Step S63 and Step By calculating the exclusive OR of the first encryption key read by 64 (Key1) and the second encryption key (Key2) executes a step S65 to generate a third cryptographic key (enckey).

  Next, the backup system 100 decrypts the encrypted data stored on the magnetic tape using the third encryption key generated in step S65, and restores the decrypted data to the restore destination magnetic disk device 113. The encrypted data can be decrypted and restored by executing the step S67 for writing to the data and the step 68 of repeating the decryption and restoration of the data from the step S61 until the end of the tape.

  When the backup system 100 according to the present embodiment changes the encryption key of the encrypted data encrypted on the magnetic tape, the control unit 121 receives a request for changing the encryption key as shown in FIG. Step S72 for obtaining the number of tapes of the target tape group number for which the key change is requested with reference to the tape management information shown in FIG. 3, and Step S73 for selecting a tape cartridge from the information obtained in Step S73. Step S74 for reading the first encryption key (Key1) from the tape group information storage unit 115; Step S75 for reading the second encryption key (Key2) from the cartridge memory 51 of the tape cartridge 50; The first encryption key (Key 1) read in S75 and the second It executes a step S76 to generate a third cryptographic key (enckey) by exclusive ORing No. key (Key2).

  Furthermore, the backup system 100 according to the present embodiment determines whether or not the random number generation unit 112 generates a new Key1 ′ and whether the Key1 ′ generated in Step S77 is the same as the previous Key1. In this case, when it is determined in step S78 that the process returns to step S77 and they are not the same in step S78, the first encryption key Key1 ′ generated in step S77 and the third encryption key (EncKey) generated in step S76. Step S79 for generating a new second new encryption key (Key2 ') by calculating an exclusive OR with the tape group information and the first new encryption key (Key1') generated in Step S77. Step S80 stored in the storage unit 115 and the second generated by Step S79 Executing the step S81 to write the encryption key (Key2 ') to the tape management information of the cartridge memory 51, and a step S82 to repeat the processing from the step S72 to the tape ends.

  As described above, when the backup system 100 according to the present embodiment receives an instruction to change the encryption key of the backed up data, the backup system 100 stores the first tape group information (FIG. 2) stored in the tape group information storage unit 115. A first step of reading the encryption key (Key1), a second step of reading the second encryption key (Key2) stored in the cartridge memory 51, and these first encryption key (Key1) and second encryption key (Key2) ) In the third step of acquiring the third encryption key used in the tape recording by exclusive OR operation, the fourth step of generating a new first new encryption key (Key1 ′), A new second new encryption key (Key2 ′) is generated by exclusive OR operation of the third encryption key acquired in the third step and the first new encryption key (Key1 ′) generated in the fourth step. A fifth step, a sixth step for storing the first new encryption key (Key1 ′) generated in the fourth step in the tape group information storage unit 115, and a second new encryption key generated in the fifth step. The operation is performed to store (Key2 ′) in the cartridge memory 51.

  Through these series of operations, the backup system 100 according to the present embodiment stores the first encryption key included in the tape group information stored in the tape group information storage unit 115 of the disk array device 110 and the cartridge memory 51 of the tape cartridge 50. Even if the tape cartridge is stolen by generating the third encryption key when encrypting the magnetic tape using the second encryption key included in the tape management information, the second encryption key is stored. Since only the encryption key can be read, it is possible to prevent the encrypted data recorded on the magnetic tape from being decrypted.

  In addition, when the tape group information backed up to some tape cartridges or a management computer is leaked or stolen and the encryption key needs to be changed, the backup system 100 acquires a new first new encryption key. Generate a second new encryption key based on the third encryption key and the first new encryption key, and distribute and store the newly generated first and second new encryption keys. As a result, when one (first or second encryption key) leaks, the first and second encryption keys are updated, and a decryption key is generated when the other after the change is further leaked. Can be prevented.

  When the tape cartridge is restored to a separate backup system, a third encryption key for decryption is generated using the first encryption key stored in the management terminal and the second encryption key stored in the tape cartridge. Thus, the data can be decrypted.

  In the above embodiment, the example in which the second encryption key is stored in the cartridge memory 51 has been described. However, the present invention is not limited to this, and for example, the second new encryption key is provided at the end of the magnetic tape. You may comprise so that it may record.

  In the above-described embodiment, when the encryption key is changed, a new first encryption key is generated, and a new second encryption key is generated based on the third encryption key. The present invention is not limited to this. For example, a new second new encryption key is generated, and a new first new encryption key is obtained based on the second new encryption key and the third encryption key. You may comprise so that it may produce | generate.

The figure which shows the computer system containing the backup system by one Embodiment of this invention. The figure for demonstrating the tape group information by this embodiment. The figure for demonstrating the tape management information by this embodiment. The operation | movement flowchart at the time of the backup by this embodiment. The operation | movement flowchart at the time of the restoration by this embodiment. The figure which shows the operation | movement flow at the time of the encryption key change by this embodiment.

Explanation of symbols

  10: Host terminal, 20: Management terminal, 50: Tape cartridge, 51: Cartridge memory, 55: Robot unit, 70: Tape group, 100: Backup system, 110: Disk array device, 111: Control unit, 112: Random number generation 113: Magnetic disk device 115: Tape group information storage unit 56: Tape drive 120: Tape library device 121: Control unit

Claims (9)

A backup system that encrypts data stored in a magnetic disk device in units of volumes and stores it on a magnetic tape,
Encryption key generating means for randomly generating a first encryption key composed of binary data represented in binary number and a second encryption key having a value different from the first encryption key;
A tape group information storage unit for storing tape group information including the first encryption key;
Storing tape management information including the second encryption key; and a cartridge memory mounted on a tape cartridge for storing the magnetic tape;
A tape drive for recording and reproducing encrypted data on the magnetic tape of the tape cartridge; and
A controller for controlling the data encryption / decryption and data recording / reproduction on the magnetic tape,
The control unit
A first step of generating a third encryption key by performing an exclusive OR operation on the first encryption key and the second encryption key;
A backup system that executes a second step of encrypting data using the third encryption key generated in the first step and writing the encrypted data onto a magnetic tape by a tape drive. The control unit is
A third step of reading tape group information including the first encryption key stored in the tape group information storage unit;
A fourth step of reading tape management information including the second encryption key stored in the cartridge memory;
A fifth step of generating a third encryption key by performing an exclusive OR operation between the first encryption key read in the third step and the second encryption key read in the fourth step;
The backup system according to claim 1, wherein a sixth step of reading and decrypting the encrypted data by a tape drive using the third encryption key generated in the fifth step is executed. The control unit is
A third step of reading tape group information including the first encryption key stored in the tape group information storage unit;
A fourth step of reading tape management information including the second encryption key stored in the cartridge memory;
A fifth step of generating a third encryption key by performing an exclusive OR operation between the first encryption key read in the third step and the second encryption key read in the fourth step;
A sixth step of generating a new first new encryption key by the encryption key generating means;
A seventh new encryption key is generated by performing an exclusive OR operation on the third encryption key generated in the fifth step and the first new encryption key generated in the sixth step. Process,
An eighth step of storing tape group information including the first new encryption key generated in the sixth step in the tape group information storage unit;
The backup system according to claim 1, wherein a tape management information including the second new encryption key generated in the seventh step is stored in the cartridge memory. The control unit is
A third step of reading tape group information including the first encryption key stored in the tape group information storage unit;
A fourth step of reading tape management information including the second encryption key stored in the cartridge memory;
A fifth step of generating a third encryption key by performing an exclusive OR operation between the first encryption key read in the third step and the second encryption key read in the fourth step;
A tenth step of generating a new second new encryption key by the encryption key generating means;
An eleventh for generating a new first new encryption key by performing an exclusive OR operation on the third encryption key generated in the fifth step and the second new encryption key generated in the tenth step. Process,
A twelfth step of storing tape management information including the second new encryption key generated in the tenth step in the cartridge memory;
The backup system according to claim 1, wherein the 13th step of storing tape group information including the first new encryption key generated in the eleventh step in a tape group information storage unit is executed.   5. The backup system according to claim 1, further comprising a management computer that reads the tape group information including the first encryption key from the tape group information storage unit and performs backup storage. An encryption key generating means for randomly generating a first encryption key composed of binary data represented in binary number and a second encryption key having a value different from the first encryption key; and the first encryption key. A tape group information storage unit that stores tape group information including the tape group information, a cartridge memory that stores tape management information including the second encryption key, and that is mounted on the tape cartridge that stores the magnetic tape, and a magnetic field of the tape cartridge A tape drive for recording / reproducing the data encrypted on the tape and a control unit for controlling the data encryption / decryption and data recording / reproduction on the magnetic tape, and storing the data stored in the magnetic disk device in a volume A method for changing an encryption key of a backup system that encrypts a unit and stores it on a magnetic tape,
The control unit
A first step of generating a third encryption key by performing an exclusive OR operation on the first encryption key and the second encryption key;
A second step of encrypting data using the third encryption key generated in the first step, and writing the encrypted data onto a magnetic tape by a tape drive;
A third step of reading tape group information including the first encryption key stored in the tape group information storage unit;
A fourth step of reading tape management information including the second encryption key stored in the cartridge memory;
A fifth step of generating a third encryption key by performing an exclusive OR operation between the first encryption key read in the third step and the second encryption key read in the fourth step;
A sixth step of generating a new first new encryption key by the encryption key generating means;
A seventh new encryption key is generated by performing an exclusive OR operation on the third encryption key generated in the fifth step and the first new encryption key generated in the sixth step. Process,
An eighth step of storing tape group information including the first new encryption key generated in the sixth step in the tape group information storage unit;
And a ninth step of storing tape management information including the second new encryption key generated in the seventh step in the cartridge memory. An encryption key generating means for randomly generating a first encryption key composed of binary data represented in binary number and a second encryption key having a value different from the first encryption key; and the first encryption key. A tape group information storage unit that stores tape group information including the tape group information, a cartridge memory that stores tape management information including the second encryption key, and that is mounted on the tape cartridge that stores the magnetic tape, and a magnetic field of the tape cartridge A tape drive for recording / reproducing the data encrypted on the tape and a control unit for controlling the data encryption / decryption and data recording / reproduction on the magnetic tape, and storing the data stored in the magnetic disk device in a volume A method for changing an encryption key of a backup system that encrypts a unit and stores it on a magnetic tape,
The control unit
A first step of generating a third encryption key by performing an exclusive OR operation on the first encryption key and the second encryption key;
A second step of encrypting data using the third encryption key generated in the first step, and writing the encrypted data onto a magnetic tape by a tape drive;
A third step of reading tape group information including the first encryption key stored in the tape group information storage unit;
A fourth step of reading tape management information including the second encryption key stored in the cartridge memory;
A fifth step of generating a third encryption key by performing an exclusive OR operation between the first encryption key read in the third step and the second encryption key read in the fourth step;
A tenth step of generating a new second new encryption key by the encryption key generating means;
An eleventh for generating a new first new encryption key by performing an exclusive OR operation on the third encryption key generated in the fifth step and the second new encryption key generated in the tenth step. Process,
A twelfth step of storing tape management information including the second new encryption key generated in the tenth step in the cartridge memory;
And a thirteenth step of storing the tape group information including the first new encryption key generated in the eleventh step in the tape group information storage unit. The backup system includes a management computer that reads tape group information including the first encryption key from a tape group information storage unit and performs backup storage;
The control unit is
The encryption method according to claim 6, wherein, instead of the third step, a fourteenth step of reading tape group information including a first encryption key from a management computer is executed. The backup system includes a management computer that reads tape management information including the second encryption key from a cartridge memory and performs backup storage;
The control unit is
8. The encryption method according to claim 7, wherein, in place of the third step, a fifteenth step of reading tape group information including a first encryption key from a management computer is executed.

Images