When discarding storage apparatuses, such as hard disk drives (HDDs), as a method for preventing information recorded in the discarded storage apparatus from leaking out, there is a method for overwriting the data within the storage apparatus with a data pattern having no relation to the original data. But, this method has such a problem that it takes a long time to overwrite all the data recorded in the storage apparatus with a data pattern.
In contrast to this, there is a method for recoding data always in an encrypted state in a storage apparatus. For example, there is a storage apparatus including a self encrypting function to encrypt data to be recoded in an internal recording medium and a function to store an encryption key used for encryption. In this storage apparatus, it is possible to invalidate data recorded in the recording medium in a brief time by processing of deleting or changing the encryption key stored inside thereof in accordance with a command from outside. In the following explanation, to invalidate encrypted data by deleting or changing the encryption key is called “to completely erase”.
Further, in recent years, as a storage apparatus including the self encrypting function, there is a storage apparatus called a “self encrypting drive (SED)”. The SED also includes a function to generate a random encryption key and it is possible to completely erase recorded data in a brief time by instructing the SED to change the encryption key corresponding to the recorded data.
As technology to record, in a storage apparatus, data which is encrypted using an encryption key generated by a device that accesses the storage apparatus, for example, there is a computer system that writes data into a storage apparatus after encrypting the data using an encryption key different for each logical volume.
Further, as technology relating to data erasure in a storage apparatus, for example, there is a storage system that erases data in a first storage region as well as notifying an originator of an erasure request that access is allowed to a second storage region, which is different from the first storage region, upon receipt of the request to erase data in the first storage region.    Japanese Laid-Open Patent Publication No. 2008-269232    Japanese Laid-Open Patent Publication No. 2002-215462    Japanese Laid-Open Patent Publication No. 2008-198049
As described above, when data to be recorded in the storage apparatus is encrypted using an encryption key different for each logical volume, it is possible to completely erase data in a brief time for each logical volume by erasing or changing the encryption key corresponding to the logical volume. In a system in which a device that accesses the storage apparatus generates an encryption key, data encrypted in the access source device is simply written into the storage apparatus. Because of this, it is possible to completely erase data in a brief time for each logical volume when the access source device side manages information about the logical volume, such as a setting region and encryption key.
But, when the recording destination of data is an SED, it is not possible to achieve processing of completely erasing data in a brief time for each logical volume when the access source device side alone manages information about the logical volume. This is because in an SED, recorded data is encrypted using an encryption key generated by the SED itself, and therefore, it is necessary for the SED itself to manage information of the region and encryption key to be erased completely.