As an external storage device that backs up data of a large computer system, a library unit including a large number of magnetic tape cartridges has been widely known to the art. In the library unit, a magnetic tape cartridge held in a magazine is gripped out of the magazine by a robot arm and transferred to a drive, where data is recorded and reproduced into the cartridge. However, since, in the library unit, the magnetic tape cartridge can be easily taken out of the magazine, data leaking due to stealing and such of the magnetic tape cartridge is concerned, strict security management on data stored in the magnetic cartridge has been in demand.
In general, encryption of data to be recorded is known as one of techniques for data security management. In this scheme, data is encrypted by a predetermined algorithm using a key data and the encrypted data is recorded in a recording medium; in reproducing the encrypted data recorded, the encrypted data is decrypted using the key data. With this configuration, recording encrypted data in a magnetic tape cartridge in a library unit can prevent the data from leaking unless the key data leaks even when the magnetic tape cartridge is stolen.
Conversely, the scheme of encrypting data to be recorded allows anyone who knows the key data to decrypt the data, so that the data confidentiality is unfortunately not ensured. Therefore, the key data is appropriately managed so as to be used only by those who have access right to the recording medium.
With the foregoing in view, there is proposed a technique in which key data of encrypted data is divided into a number of key data segments and the segments are stored indifferent recording media (see for example Patent Literature 1). According to this scheme, confidentiality of the encrypted data can be enhanced because the key data is not reproduced unless all the segments are read from respective recording media.    [Patent Literature 1] Japanese Patent Application Laid-Open (KOKAI) No. 2004-088453 (see pages 8 through 13, FIGS. 5 through 9)
However, even the above technique of dividing key data of encrypted data into a number of segments permits reproduction of the key data when a third party steals all the recording media storing all the segments. Success in reproducing the key data from the segments even allows the third party to decrypt the encrypted data, leading to a failure to ensure sufficient security of data is not sufficiently ensured.
For example, in the event of transferring a recording medium storing encrypted data among a number of data centers remote from one another, the key data needs to be transferred in conjunction with the recording medium. There is a possibility of the key data leaking during the transfer.