As media for storing data, various schemes have been known: such as optical disks, magneto-optical disks, magnetic disks, and semiconductor memories. In a data storage device for storing data using such a medium, in order to protect user data stored in the medium from an unauthorized access, a technique for encrypting user data has been known. For example, Japanese Patent Publication No. 2004-201038 (“Patent Document I”) discloses an example of such a technique to encrypt data stored in a magnetic disk in a hard disk drive (HDD) which uses the magnetic disk as a medium.
Specifically, the HDD comprises a cryptographic processor for encrypting and decrypting data. The cryptographic processor encrypts data recorded on a magnetic disk and decrypts data reproduced from the magnetic disk at a data transfer rate, respectively. This HDD generates a data cryptographic key for encrypting and decrypting user data by encrypting personal identification information (for example, a password).
Moreover, the HDD encrypts the password with a data cryptographic key and stores the encrypted password as authentication data within the HDD. In authenticating a user, the HDD compares the stored authentication data and an encrypted result by the data cryptographic key generated from the input password and verifies the conformance between them. If the user authentication succeeds, the HDD generates a data cryptographic key and uses it to encrypt and decrypt the user data on the magnetic disk.
The Patent Document 1 discloses another method. This method generates data cryptographic keys for encrypting and decrypting data individually. The HDD further encrypts the data cryptographic key with an authentication cryptographic key made by encrypting a password and keeps it within the HDD. In using the HDD, the HDD conducts an authentication of the user and if he or she is a normal user, it decrypts the data cryptographic key retained in the HDD and encrypted with the authentication cryptographic key generated by the inputted password to use the data cryptographic key for encrypting and decrypting the data in the magnetic disk.
If the HDD does not properly manage the data cryptographic key for encrypting and decrypting data, however, it cannot take advantage of the function of encrypting data sufficiently. Although Patent Document 1 discloses a management method, it is hard to say that the method is sufficient in security. The management method of Patent Document 1 generates a key cryptographic key from personal identification information (such as a password) and encrypts a data cryptographic key using the key cryptographic key.
Therefore, in the key management of data cryptographic key, the key cryptographic key and the password are always in a one-by-one relationship. Changing the management state of the data cryptographic key (encrypted data cryptographic key) for higher security in the data cryptographic key requires a change of the password. Consequently, a technique to manage the data cryptographic key with higher security will be required in a data storage device.