1. Field
One embodiment of the invention relates to the technique for managing an encryption key in a case where hard disk encryption software is distributed and installed to prevent important data from being leaked from a computer which, for example, an employee uses in doing work.
2. Description of the Related Art
In recent years, many of the office operations have been performed using personal computers, including desktop and notebook computers. Since the notebook computer can be powered by the battery, the user can carry it with him or her whenever going out and work in the car on the road or at an outside location. Thus, the notebook computers are very convenient.
Meanwhile, data leakage due to theft has been regarded as a problem. In this connection, the use of hard disk encryption software for encrypting the data in the hard disk has begun to spread. Hard disk encryption software is a data encryption program which encrypts data using an encryption key in writing data into the hard disk and decrypts the encrypted data in reading the data from the hard disk. When the hard disk encryption software is distributed to the employees to cause them to install it into the individual computers, this is achieved by either the on-line installation method or the off-line installation method.
In the on-line installation method, the client side sets an encryption key arbitrarily and informs the operation management server on the management side of the encryption key. In the off-line installation method, the management side sets an encryption key respectively in creating an installation package for installing hard disk encryption software and distributes the encryption key to the client in a top-down method.
That is, in the on-line installation method, the administrator manages the encryption key reported by the client. In the off-line installation method, the administrator manages the self-set encryption key in creating an installation package to be distributed to the clients. The encryption key managed by the administrator is used for a so-called recovery process to extract encrypted data in the hard disk and decrypt the extracted data when the computer of a client cannot be activated, for example. Various methods of managing encryption keys have been proposed (e.g., refer to Jpn. Pat. Appln. KOKAI Publication No. 2006-319861).
In the on-line installation method, although each client may set an encryption key arbitrarily, enhancing security, a network environment and an operation management server are needed, making the size of the system larger. This leads to a disadvantage in that a certain amount of cost rise cannot be avoided.
In the off-line installation method, while the computer with which the administrator creates the installation package and the computer in which each client installs hard disk encryption software using the installation package are each allowed to operate on a stand-alone environment, achieving low operating cost, this approach has the following disadvantage: since the encryption keys of the clients who have installed hard disk encryption software using the same installation package are all the same, the strength of security is decreased.