FIG. 1 is a block diagram for explaining an example of a conventional storage apparatus. A storage apparatus 1 illustrated in FIG. 1 is formed by a library apparatus that uses magnetic tape cartridges 500, for example, and is connected to an enciphering key management server 3 via a control Local Area Network (LAN) 2. The storage apparatus 1 includes a drive control part 11 and a library control part 12. A plurality of office servers (or midrange servers) 4-1 and 4-2 (only 2 office servers illustrated) are connected to the enciphering key management server 3 via an office LAN 5, and are also connected to the storage apparatus 1 via a Fiber Channel Switch (FCS) 6. An application 41-1 that is executable in the office server 4-1 includes a front-end processing part 42 and a backup software 43. An application 41-2 that is executable in the office server 4-2 includes a front-end processing part (not illustrated) and a backup software (not illustrated), similarly to the application 41-1 of the office server 4-1.
The storage apparatus 1 has an enciphering (or encryption) function, and each of the office servers 4-1 and 4-2 can make data accesses using the enciphering function of the storage apparatus 1. In other words, each of the office servers 4-1 and 4-2 can make a data write access in which data to be written to the magnetic tape cartridge 500 within the storage apparatus 1 is enciphered based on an enciphering key before being written, and a data read access in which the data read from the magnetic tape cartridge 500 is deciphered (or decrypted) based on the enciphering key. The enciphering key management server 3 manages the enciphering key that is used for an enciphering process or a deciphering process within the storage apparatus 1.
A description will now be given of a case where the office server 4-1 makes the data access using the enciphering function of the storage apparatus 1. In a step ST1, the front-end processing part 42 of the application 41-1 makes an enciphering key delivery request to the enciphering key management server 3. In a step ST2, the enciphering key management server 3 authenticates the enciphering key delivery request from the application 41-1, and delivers the enciphering key to the drive control part 11 of the storage apparatus 1 if the authentication is successful. In a step ST3, the backup software 43 of the application 41-1 makes a load request with respect to the library control part 12 of the storage apparatus 1. In a step ST4, the backup software 43 makes a data path reserve request with respect to the drive control part 11 of the storage apparatus 1.
The library control part 12 of the storage apparatus 1 obtains the requested magnetic tape cartridge 500 from a rack (not illustrate) and loads the magnetic tape cartridge 500 into a drive part (not illustrated) in response to the load request. In addition, the drive control part 11 of the storage apparatus 1 registers the enciphering key to the drive part in response to the data path reserve request. Hence, the backup software 43 of the application 41-1 can thereafter encipher the data sent to the storage apparatus 1 using the registered enciphering key and write the enciphered data to the loaded magnetic tape cartridge 500. In addition, the backup software of the application 41-1 can read the enciphered data from the loaded magnetic tape cartridge 500 and decipher the read enciphered data using the registered enciphering key.
When the backup software 43 of the application 41-1 makes a data path release request (hereinafter simply referred to as a release request), the drive control part 11 of the storage apparatus 1 deletes the enciphered key registered in the drive control part 11. In addition, when the backup software of the application 41-1 makes an unload request, the library control part 12 of the storage apparatus 1 unloads the loaded magnetic tape cartridge 500 from the drive part and accommodates the unladed magnetic tape cartridge 500 within the rack.
In the conventional storage apparatus 1 described above, the setting of the enciphering key from the office server 4-1 in the step ST4, the data access from the office server 4-1, and the data access from the office server 4-2 are not synchronized to each other. For this reason, after the magnetic tape cartridge 500 is loaded into the drive part in the step ST3 based on the load request from the office server 4-1 and the enciphering key is registered in the drive part in the step ST4, even an apparatus other than the office server 4-1 that originally made the enciphering key delivery request, such as the office server 4-2, can make a data access with respect to the magnetic tape cartridge 500 that is loaded into the drive part using the enciphering key that is registered in the drive part, as indicated by a phantom arrow X1 in FIG. 1.
In other words, the data accesses from different apparatuses, such as the office servers, are not synchronized in the conventional storage apparatus having the enciphering function. As a result, if the storage apparatus is in a state where the enciphering key is registered within the storage apparatus in response to a request from an arbitrary apparatus, a data access using the registered enciphering key can be made in response to requests from other apparatuses, and it is difficult to secure security of the data.
The applicants are aware of a Japanese Laid-Open Patent Publication No. 2007-286935.