1. Field of the Invention
The present invention relates to a file cryptographic technique and particularly relates to a technique suitable for maintaining secrecy of, for example, data files in an external storage device of a computer system, or the like.
2. Description of the Related Art
Recently, as computer systems have been made large in scale and arranged in a network, opportunities for a number of persons to access one system increase. Accordingly, a cry for increases security in the management of data files has risen to cause an important technical problem in this field.
In such a background, also with respect to an external storage device of a computer system which conducts recording and reproducing of a large quantity of data, there have been proposed secrecy keeping techniques which involve encrypting of the data files.
For example, Japanese Patent Laid-Open JP-A-54-87032 discloses a technique in which encryption and decryption of data are performed by a cryptographic device connected to an upper rank system (host) by way of a channel.
Specifically, in the disclosed technique, ordinary data transmitted to the cryptographic device of the upper rank system is encrypted into completely meaningless data based on a predetermined algorithm using a key and the encrypted data is transmitted to an external storage device so as to be written in a recording medium. In a data reading-out operation, a procedure reverse to that described above is taken so that the decryption of the data is performed at the upper rank system side.
An algorithm for controlling data encryption and decryption by using a key, for example, is disclosed in Japanese Patent Laid-Open JP-A-52-130505.
By delivery and reception of the key, it is possible that a medium carrying encrypted data formed in one system and recorded therein is transported into another system so that the encrypted data is read out and decrypted in the other system.
In the prior system described above, however, when data is written into the external storage device, a procedure is followed in which the data is first transmitted to the cryptographic device connected to the channel so as to be encrypted therein, and after encryption, the encrypted data is read out again from the cryptographic device, and then the encrypted data is written into the external storage device. Accordingly, there arises a problem that the channel and the cryptographic device connected to the channel become a bottleneck for data input/output processing so that the throughput, that is, data transmission capability per unit time, between the channel and various external storage devices connected to the channel is lowered.
Further, in the case where data is encrypted in accordance with an algorithm controlled by using a key as disclosed in the latter conventional technique, any person or any system who or which can learn the contents of the key can read the data by decrypting the data. That is to say, the secrecy of data encrypted in accordance with an algorithm using a key solely depends on the management of the key. Accordingly, in order to ensure a high-degree of secrecy of a data encryption file system using a key, it is an indispensable condition to strictly manage the key, for example, by converting the key into a more complicated cryptograph.