Archive system, management apparatus, and control method

US 20100217983A1
Filed: 04/28/2010
Published: 08/26/2010
Est. Priority Date: 11/13/2007
Status: Active Grant

First Claim

Patent Images

1. An archive system, comprising:

a user terminal that refers to an encrypted content from an encrypted content memory medium; and

a management apparatus that stores a decryption key for decrypting the encrypted content that is a management target, the management apparatus acquiring management information that is information of uniquely specifying the encrypted content from the user terminal and authenticating whether a process for decrypting the encrypted content specified by the management information by using the decryption key is permitted, whereinthe user terminal comprisesa computing unit that reads out the encrypted content that is an authentication target from the encrypted content memory medium that stores the encrypted content in association with the management information, assigns data forming the read encrypted content to a same hash function as that of the management apparatus, and computes a first hash value, andthe management apparatus comprisesan acquiring unit that acquires the first hash value computed by the computing unit and the management information from the user terminal;

a hash value authentication unit that reads out, from a management information memory unit that stores a second hash value that is a hash value that is previously computed by assigning data forming the encrypted content retaining its authenticity to the hash function in association with the management information, the corresponding second hash value by using the management information acquired by the acquiring unit as a retrieval key and authenticates whether the first hash value acquired by the acquiring unit and the second hash value are identical to each other; and

a decryption control unit that permits the decryption process when an authentication result performed by the hash value authentication unit is an authentication success indicating that the first hash value and the second hash value are identical to each other.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A user terminal reads out an encrypted content that is an authentication target from an encrypted content memory medium that stores the encrypted content in association with management information, assigns data forming the read encrypted content to the same hash function as that of a management apparatus, and computes a first hash value. The management apparatus acquires the computed first hash value and management information from the user terminal, reads out, from a management information memory unit that stores a second hash value that is a hash value previously computed by assigning data forming the encrypted content retaining its authenticity to the hash function in association with the management information, the corresponding second hash value by using the acquired management information as a retrieval key, authenticates whether the acquired first hash value and the second hash value are identical to each other, and permits a decryption process when the authentication result is an authentication success indicating that the first hash value and the second hash value are identical to each other.

10 Citations

View as Search Results

20 Claims

1. An archive system, comprising:
- a user terminal that refers to an encrypted content from an encrypted content memory medium; and
  
  a management apparatus that stores a decryption key for decrypting the encrypted content that is a management target, the management apparatus acquiring management information that is information of uniquely specifying the encrypted content from the user terminal and authenticating whether a process for decrypting the encrypted content specified by the management information by using the decryption key is permitted, whereinthe user terminal comprisesa computing unit that reads out the encrypted content that is an authentication target from the encrypted content memory medium that stores the encrypted content in association with the management information, assigns data forming the read encrypted content to a same hash function as that of the management apparatus, and computes a first hash value, andthe management apparatus comprisesan acquiring unit that acquires the first hash value computed by the computing unit and the management information from the user terminal;
  
  a hash value authentication unit that reads out, from a management information memory unit that stores a second hash value that is a hash value that is previously computed by assigning data forming the encrypted content retaining its authenticity to the hash function in association with the management information, the corresponding second hash value by using the management information acquired by the acquiring unit as a retrieval key and authenticates whether the first hash value acquired by the acquiring unit and the second hash value are identical to each other; and
  
  a decryption control unit that permits the decryption process when an authentication result performed by the hash value authentication unit is an authentication success indicating that the first hash value and the second hash value are identical to each other.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The archive system according to claim 1, wherein the management apparatus further comprises a management book memory unit acquires, when the decryption control unit permits the decryption process and then the user terminal decrypts the encrypted content by using the decryption key, storage medium identification information of uniquely identifying a user terminal memory medium into which the decrypted content is written by the user terminal from the user terminal to store the storage medium identification information in a content management book memory unit and acquires, when the user terminal discards the content, information of an effect that the content is discarded from the user terminal to store the information in the content management book memory unit.
  - 3. The archive system according to claim 1, whereinthe management apparatus further comprises:
    - an authentication result memory unit that stores, when the authentication result performed by the hash value authentication unit is an authentication failure indicating that the first hash value and the second hash value are not identical to each other, the authentication failure result in an authentication result memory in association with the management information; and
      
      a failure result authentication unit that authenticates whether there is the corresponding authentication failure result by using the management information acquired by the acquiring unit from the authentication result memory that stores the authentication failure result by the authentication result memory unit as a retrieval key, andthe decryption control unit permits, when the authentication result performed by the hash value authentication unit is the authentication success result and an authentication result performed by the failure result authentication unit is a result indicating that there is not the authentication failure result, the decryption process.
  - 4. The archive system according to claim 3, whereinthe encrypted content memory medium stores a plurality of encrypted contents,the management apparatus causes the management information memory unit to further store memory medium identification information of uniquely identifying the encrypted content memory medium that stores the encrypted content specified by the management information n association with the management information,the authentication result memory unit acquires, when the authentication result performed by the hash value authentication unit is the authentication failure, the corresponding one memory medium identification information from the management information memory unit by using the management information acquired by the acquiring unit as a retrieval key, acquires the corresponding plurality of management information by using the acquired one memory medium identification information as a retrieval key, and further stores memory medium anomaly information indicating that the encrypted content memory medium has anomaly in the authentication result memory in association with the acquired management information,the failure result authentication unit authenticates whether there is the corresponding authentication failure result or the memory medium anomaly information by using the management information acquired by the acquiring unit from the authentication result memory stored by the authentication result memory unit as a retrieval key, andthe decryption control unit permits the decryption process when the authentication result performed by the hash value authentication unit is the authentication success and the authentication result performed by the failure result authentication unit is a result indicating that there are not the authentication failure result and the memory medium anomaly information.
  - 5. The archive system according to claim 4, whereinthe management apparatus further comprisesa management apparatus memory unit that stores a same encrypted content as the encrypted content stored in the encrypted content memory medium in association with the management information;
    - anda migrating unit that acquires management information corresponding to the authentication failure result and/or the memory medium anomaly information from the authentication result memory stored by the authentication result memory unit, acquires a corresponding encrypted content by using the acquired management information as a retrieval key, and migrates the acquired encrypted content.

6. A computer readable storage medium having stored therein an archive system control program for controlling an archive system that comprises a user terminal that refers to an encrypted content from an encrypted content memory medium and a management apparatus that stores a decryption key for decrypting the encrypted content that is a management target, the management apparatus acquiring management information that is information of uniquely specifying the encrypted content from the user terminal and authenticating whether a process for decrypting the encrypted content specified by the management information by using the decryption key is permitted, the archive system control program causing a computer serving as the user terminal to execute a process comprising:
- reading out the encrypted content that is an authentication target from the encrypted content memory medium that stores the encrypted content in association with the management information; and
  
  computing a first hash value by assigning data forming the read encrypted content to a same hash function as that of the management apparatus,the archive system control program causing a computer serving as the management apparatus to execute a process comprising;
  
  acquiring the first hash value computed at the computing and the management information from the user terminal;
  
  reading out, from a management information memory unit that stores a second hash value that is a hash value that is previously computed by assigning data forming the encrypted content retaining its authenticity to the hash function in association with the management information, the corresponding second hash value by using the management information acquired at the acquiring as a retrieval key;
  
  authenticating whether the first hash value acquired at the acquiring and the second hash value are identical to each other; and
  
  permitting the decryption process when an authentication result performed at the authenticating is an authentication success indicating that the first hash value and the second hash value are identical to each other.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The computer readable storage medium according to claim 6, wherein the process executed by the computer serving the management apparatus further comprisesacquiring, when the decryption process is permitted at the permitting and then the user terminal decrypts the encrypted content by using the decryption key, storage medium identification information of uniquely identifying a user terminal memory medium into which the decrypted content is written by the user terminal from the user terminal to store the storage medium identification information;
    - storing the storage medium identification information in a content management book memory unit; and
      
      storing, in the content management book memory unit, information of an effect that the content is discarded from the user terminal, when the user terminal discards the content.
  - 8. The computer readable storage medium according to claim 6, wherein the process executed by the computer serving the management apparatus further comprisesstoring, when the authentication result performed by the hash value authentication unit is an authentication failure indicating that the first hash value and the second hash value are not identical to each other, the authentication failure result in an authentication result memory in association with the management information;
    - andauthenticating whether there is the corresponding authentication failure result by using the management information acquired at the acquiring from the authentication result memory that stores the authentication failure result by the authentication result memory unit as a retrieval key, andthe permitting includes permitting, when the authentication result performed at the authenticating the hash value is the authentication success result and an authentication result performed at the authenticating the authentication failure result is a result indicating that there is not the authentication failure result, the decryption process.
  - 9. The computer readable storage medium according to claim 8, whereinthe encrypted content memory medium stores a plurality of encrypted contents,the computer serving the management apparatus further causes the management information memory unit to further store memory medium identification information of uniquely identifying the encrypted content memory medium that stores the encrypted content specified by the management information n association with the management information,the storing includesacquiring, when the authentication result performed at the authenticating the hash value is the authentication failure, the corresponding one memory medium identification information from the management information memory unit by using the management information acquired at the acquiring the first hash value and the management information as a retrieval key,acquiring the corresponding plurality of management information by using the acquired one memory medium identification information as a retrieval key, andfurther storing memory medium anomaly information indicating that the encrypted content memory medium has anomaly in the authentication result memory in association with the acquired management information,the authenticating the authentication failure result includes authenticating whether there is the corresponding authentication failure result or the memory medium anomaly information by using the management information acquired at the acquiring the first hash value and the management information from the authentication result memory stored at the storing as a retrieval key, andthe permitting includes permitting the decryption process when the authentication result performed at the authenticating the hash value is the authentication success and the authentication result performed at the authenticating the authentication failure result is a result indicating that there are not the authentication failure result and the memory medium anomaly information.
  - 10. The computer readable storage medium according to claim 9, whereinthe computer serving the management apparatus further causes a management apparatus memory unit to store a same encrypted content as the encrypted content stored in the encrypted content memory medium in association with the management information, andthe process executed by the computer serving the management apparatus further comprisesacquiring at least one of management information corresponding to the authentication failure result and the memory medium anomaly information from the authentication result memory stored at the storing;
    - acquiring a corresponding encrypted content by using the acquired management information as a retrieval key; and
      
      migrating the acquired encrypted content.

11. A management apparatus that stores a decryption key for decrypting an encrypted content that is a management target, acquires management information that is information of uniquely specifying the encrypted content from a user terminal that refers to a content that is encrypted from an encrypted content memory medium, and authenticates whether a process for decrypting the encrypted content specified by the management information by using the decryption key is permitted, the management apparatus comprising:
- an acquiring unit that acquires a first hash value computed by a computing unit and the management information from the user terminal;
  
  a hash value authentication unit that reads out, from a management information memory unit that stores a second hash value that is a hash value that is previously computed by assigning data forming the encrypted content retaining its authenticity to a hash function in association with the management information, the corresponding second hash value by using the management information acquired by the acquiring unit as a retrieval key and authenticates whether the first hash value acquired by the acquiring unit and the second hash value are identical to each other; and
  
  a decryption control unit that permits the decryption process when an authentication result performed by the hash value authentication unit is an authentication success indicating that the first hash value and the second hash value are identical to each other.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The management apparatus according to claim 11, wherein the management apparatus further comprises a management book memory unit acquires, when the decryption control unit permits the decryption process and then the user terminal decrypts the encrypted content by using the decryption key, storage medium identification information of uniquely identifying a user terminal memory medium into which the decrypted content is written by the user terminal from the user terminal to store the storage medium identification information in a content management book memory unit and acquires, when the user terminal discards the content, information of an effect that the content is discarded from the user terminal to store the information in the content management book memory unit.
  - 13. The management apparatus according to claim 11, whereinthe management apparatus further comprises:
    - an authentication result memory unit that stores, when the authentication result performed by the hash value authentication unit is an authentication failure indicating that the first hash value and the second hash value are not identical to each other, the authentication failure result in an authentication result memory in association with the management information; and
      
      a failure result authentication unit that authenticates whether there is the corresponding authentication failure result by using the management information acquired by the acquiring unit from the authentication result memory that stores the authentication failure result by the authentication result memory unit as a retrieval key, andthe decryption control unit permits, when the authentication result performed by the hash value authentication unit is the authentication success result and an authentication result performed by the failure result authentication unit is a result indicating that there is not the authentication failure result, the decryption process.
  - 14. The management apparatus according to claim 13, whereinthe encrypted content memory medium stores a plurality of encrypted contents,the management apparatus causes the management information memory unit to further store memory medium identification information of uniquely identifying the encrypted content memory medium that stores the encrypted content specified by the management information n association with the management information,the authentication result memory unit acquires, when the authentication result performed by the hash value authentication unit is the authentication failure, the corresponding one memory medium identification information from the management information memory unit by using the management information acquired by the acquiring unit as a retrieval key, acquires the corresponding plurality of management information by using the acquired one memory medium identification information as a retrieval key, and further stores memory medium anomaly information indicating that the encrypted content memory medium has anomaly in the authentication result memory in association with the acquired management information,the failure result authentication unit authenticates whether there is the corresponding authentication failure result or the memory medium anomaly information by using the management information acquired by the acquiring unit from the authentication result memory stored by the authentication result memory unit as a retrieval key, andthe decryption control unit permits the decryption process when the authentication result performed by the hash value authentication unit is the authentication success and the authentication result performed by the failure result authentication unit is a result indicating that there are not the authentication failure result and the memory medium anomaly information.
  - 15. The management apparatus according to claim 14, further comprising a management apparatus memory unit that stores a same encrypted content as the encrypted content stored in the encrypted content memory medium in association with the management information;
    - anda migrating unit that acquires management information corresponding to the authentication failure result and/or the memory medium anomaly information from the authentication result memory stored by the authentication result memory unit, acquires a corresponding encrypted content by using the acquired management information as a retrieval key, and migrates the acquired encrypted content.

16. A controlling method performed in an archive system that includes a user terminal that refers to an encrypted content from an encrypted content memory medium, and a management apparatus that stores a decryption key for decrypting the encrypted content that is a management target, the management apparatus acquiring management information that is information of uniquely specifying the encrypted content from the user terminal and authenticating whether a process for decrypting the encrypted content specified by the management information by using the decryption key is permitted, the controlling method comprising:
- in the user terminal,reading out the encrypted content that is an authentication target from the encrypted content memory medium that stores the encrypted content in association with the management information,computing a first hash value by assigning data forming the read encrypted content to a same hash function as that of the management apparatus, andin the management apparatus,acquiring the first hash value computed at the computing and the management information from the user terminal;
  
  reading out, from a management information memory unit that stores a second hash value that is a hash value that is previously computed by assigning data forming the encrypted content retaining its authenticity to the hash function in association with the management information, the corresponding second hash value by using the management information acquired at the acquiring as a retrieval key;
  
  authenticating whether the first hash value acquired at the acquiring and the second hash value are identical to each other; and
  
  permitting the decryption process when an authentication result performed at the authenticating is an authentication success indicating that the first hash value and the second hash value are identical to each other.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The controlling method according to claim 16, further comprising:
    - in the management apparatus,acquiring, when the decryption process is permitted at the permitting and then the user terminal decrypts the encrypted content by using the decryption key;
      
      storing, in a content management book memory unit, storage medium identification information of uniquely identifying a user terminal memory medium into which the decrypted content is written by the user terminal from the user terminal;
      
      acquiring, when the user terminal discards the content, information of an effect that the content is discarded from the user terminal; and
      
      storing the information in the content management book memory unit.
  - 18. The controlling method according to claim 16, further comprising:
    - in the management apparatus,storing, when the authentication result performed by the hash value authentication unit is an authentication failure indicating that the first hash value and the second hash value are not identical to each other, the authentication failure result in an authentication result memory in association with the management information; and
      
      authenticating whether there is the corresponding authentication failure result by using the management information acquired at the acquiring from the authentication result memory that stores the authentication failure result by the authentication result memory unit as a retrieval key, andthe permitting includes permitting, when the authentication result performed at the authenticating the hash value is the authentication success result and an authentication result performed at the authenticating the authentication failure result is a result indicating that there is not the authentication failure result, the decryption process.
  - 19. The archive system according to claim 18, whereinthe encrypted content memory medium stores a plurality of encrypted contents,the management apparatus causes the management information memory unit to further store memory medium identification information of uniquely identifying the encrypted content memory medium that stores the encrypted content specified by the management information n association with the management information,the storing includesacquiring, when the authentication result performed at the authenticating the hash value is the authentication failure, the corresponding one memory medium identification information from the management information memory unit by using the management information acquired at the acquiring as a retrieval key;
    - acquiring the corresponding plurality of management information by using the acquired one memory medium identification information as a retrieval key; and
      
      further storing memory medium anomaly information indicating that the encrypted content memory medium has anomaly in the authentication result memory in association with the acquired management information,the authenticating the authentication failure result includes authenticating whether there is the corresponding authentication failure result or the memory medium anomaly information by using the management information acquired at the acquiring from the authentication result memory stored at the storing as a retrieval key, andthe permitting includes permitting the decryption process when the authentication result performed at the authenticating the hash value is the authentication success and the authentication result performed at the authenticating the authentication failure result is a result indicating that there are not the authentication failure result and the memory medium anomaly information.
  - 20. The controlling method according to claim 19, wherein the management apparatus causes the management information memory unit to store a same encrypted content as the encrypted content stored in the encrypted content memory medium in association with the management information, andthe method further comprisingacquiring management information corresponding to at least one of the authentication failure result and the memory medium anomaly information from the authentication result memory stored at the storing;
    - acquiring a corresponding encrypted content by using the acquired management information as a retrieval key; and
      
      migrating the acquired encrypted content.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fujitsu Limited
Original Assignee
Fujitsu Limited
Inventors
Umezuki, Takeshi

Granted Patent

US 8,738,933 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

G06F 21/64 Protecting data integrity, ...

Archive system, management apparatus, and control method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

10 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Archive system, management apparatus, and control method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

10 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others