Field
Aspects of the present invention generally relate to a method for managing keys for data encryption.
Description of the Related Art
In recent years, it has become common that information processing apparatuses accumulate large volumes of data in a secondary storage device, such as a hard disk.
With the increase in the amount of data being accumulated, the amount of user data stored in the secondary storage device has also increased. This user data must be strictly protected in order to be protected from unauthorized access, which can result in extensive damage to a user if such data is accessed without authorization.
A method for protecting user data is to encrypt the user data using an encryption processing unit. The encryption processing unit includes functions of encrypting data, to which a write instruction is issued, using an internally pre-stored encryption key, and writing the encrypted data in a secondary storage device. The encryption processing unit further includes functions of decrypting data using the encryption key read from the secondary storage device, and transmitting the decrypted data to a host computer.
Storing data encrypted by the encryption processing unit in the secondary storage device enables prevention of the data from being easily decrypted even if the secondary storage device is stolen. This results in providing security against unauthorized access of the data.
Key factors for encryption are the encryption algorithm and the encryption key. The encryption algorithm is widely disclosed to the public and checked by many people so that robustness and safety of the algorithm is ensured. On the other hand, the encryption key needs to be strictly managed.
As one method for managing an encryption key, Japanese Patent Application Laid-Open No. 2007-336446 discusses a technique for storing an encryption key inside an encryption chip so that the encryption key is prevented from being extracted.
However, the encryption processing unit may have to be replaced because of a failure of the encryption processing unit or a failure of a hardware substrate including the encryption processing unit. In such a case, the encryption key will also be lost at the same time. If the encryption key is lost, it becomes impossible to decrypt encrypted data stored in the secondary storage device, and data cannot be restored.
There may be considered a method for backing up the encryption key in the encryption processing unit. However, in a case where the encryption key in the encryption processing unit is backed up in a state where the encryption key can be used by anyone and if the encryption key is leaked, the data stored in the secondary storage device may be decrypted and security may not be maintained.