INFORMATION PROCESSING DEVICE, METHOD, PROGRAM, AND INTEGRATED CIRCUIT

US 20110173460A1
Filed: 10/07/2009
Published: 07/14/2011
Est. Priority Date: 10/10/2008
Status: Abandoned Application

First Claim

Patent Images

1. An information processing apparatus that is provided with a plurality of cryptographic systems each encrypting and storing data, comprising:

a data acquisition unit configured to acquire target data that is to be encrypted in one of the cryptographic systems;

a determination unit configured to determine whether the target data has been encrypted and stored in another one of the cryptographic systems;

a key acquisition unit configured to acquire a key used in the encryption of the target data, when the determination unit judges that the target data has been encrypted and stored in the other one of the cryptographic systems;

a key storage unit configured to be used in the one of the cryptographic systems; and

a key writing unit configured to write the key acquired by the key acquisition unit into the key storage unit, in association with the target data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The aim is to provide high-speed data synchronization. To achieve the aim, in data synchronization using a plurality of key databases with respect to same data pieces, a key for one key database, which has been determined in advance, is used for updating the data piece managed under the other key database. This reduces the number of key decryption operations. A key management software 116, which manages a key database A120 and a key database B121 each having a tree structure, determines whether to perform data synchronization when requested by an upper-level application to perform data encryption, and performs synchronization of encrypted data by using a key of the other database which has been determined in advance. This reduces the number of times the encrypted key is loaded onto a cryptographic processing unit 114, and realizes high-speed cryptographic processing on data.

Citations

26 Claims

1. An information processing apparatus that is provided with a plurality of cryptographic systems each encrypting and storing data, comprising:
- a data acquisition unit configured to acquire target data that is to be encrypted in one of the cryptographic systems;
  
  a determination unit configured to determine whether the target data has been encrypted and stored in another one of the cryptographic systems;
  
  a key acquisition unit configured to acquire a key used in the encryption of the target data, when the determination unit judges that the target data has been encrypted and stored in the other one of the cryptographic systems;
  
  a key storage unit configured to be used in the one of the cryptographic systems; and
  
  a key writing unit configured to write the key acquired by the key acquisition unit into the key storage unit, in association with the target data.

2. An information processing apparatus that is provided with a first cryptographic system and a second cryptographic system each encrypting and storing data, comprising:
- a data acquisition unit configured to acquire target data that is to be encrypted in the first cryptographic system;
  
  a determination unit configured to determine whether encrypted data that has been generated by encryption of the target data is stored in the second cryptographic system;
  
  a key acquisition unit configured to acquire a second key that has been used in the encryption of the target data performed in the second cryptographic system, when the determination unit judges that the encrypted data is stored in the second cryptographic system;
  
  a first key storage unit configured to be used in the first cryptographic system;
  
  a cryptographic processing unit configured to encrypt the second key by using a first key that is to be used in encryption of the target data; and
  
  a key writing unit configured to write the encrypted second key into the first key storage unit, in association with the target data.
- View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 3. The information processing apparatus of claim 2 further comprising:
    - a second-data storage unit configured to store, as second data, the encrypted data that has been generated by the encryption of the target data performed in the second cryptographic system by using the second key, whereinthe determination unit determines whether the second data is stored in the second-data storage unit.
  - 4. The information processing apparatus of claim 3, whereinthe cryptographic processing unit is further configured to encrypt the target data within the first cryptographic system by using the first key, thereby generating first data, andthe information processing apparatus further comprises:
    - a first-data storage unit configured to be used in the first cryptographic system; and
      
      a data writing unit configured to write the first data into the first-data storage unit.
  - 5. The information processing apparatus of claim 4 further comprising:
    - a table storage unit configured to store a management table that contains location information that is associated with the target data and indicates a location within the second cryptographic system where the second data is stored, whereinthe determination unit determines whether the management table stored in the table storage unit contains the location information associated with the target data, thereby determining whether the second data is stored in the second-data storage unit.
  - 6. The information processing apparatus of claim 5, whereinthe data acquisition unit is further configured to acquire an instruction to update the target data,the determination unit determines, in response to the instruction, whether the second data, which has been generated by encrypting the target data that relates to the instruction, is stored in the second-data storage unit,the key acquisition unit is further configured to acquire the encrypted second key from the first key storage unit when the determination unit determines that the second data is stored in the second-data storage unit,the cryptographic processing unit is further configured to decrypt the encrypted second key acquired by the acquisition unit, and encrypts, by using the second key, the target data that has been updated, thereby generating updated second data, andthe data writing unit is further configured to overwrite the second data stored in the second-data storage unit with the updated second data.
  - 7. The information processing apparatus of claim 6, whereinthe cryptographic processing unit decrypts the encrypted second key by using a decryption key that corresponds to the first key.
  - 8. The information processing apparatus of claim 7, whereinthe management table further contains key location information that is associated with the target data and indicates a location where the decryption key is stored, andthe cryptographic processing unit uses the decryption key acquired from the location indicated by the key location information.
  - 9. The information processing apparatus of claim 6, whereinthe cryptographic processing unit is further configured to encrypt, by using the first key, the target data that has been updated, thereby generating updated first data, andthe data writing unit overwrites the first data stored in the first-data storage unit with the updated first data.
  - 10. The information processing apparatus of claim 9, whereinthe data writing unit overwrites the second data stored in the second-data storage unit with the updated second data, when receiving a synchronization instruction after overwriting the first data stored in the first-data storage unit with the updated first data.
  - 11. The information processing apparatus of claim 9, whereinthe location information contained in the management table indicates a location within the second-data storage unit where the second data is stored, andthe data writing unit writes the updated second data into the location indicated by the location information.
  - 12. The information processing apparatus of claim 6, whereinthe cryptographic processing unit is further configured to decrypt the first data stored in the first-data storage unit, thereby generating the target data, and to encrypt updated data generated based on the target data.
  - 13. The information processing apparatus of claim 5, whereinthe management table contains the location information and a digest value of the target data in association with each other, andthe determination unit calculates a digest value based on the target data, and determines whether the management table contains the location information that corresponds to the calculated digest value.
  - 14. The information processing apparatus of claim 5, whereinthe management table contains the location information and a digest value of the first data in association with each other, andthe determination unit calculates a digest value based on the first data stored in the first-data storage unit, and determines whether the management table contains the location information that corresponds to the calculated digest value.
  - 15. The information processing apparatus of claim 2 further comprising:
    - a second key storage unit configured to be used in the second cryptographic system, whereinthe data acquisition unit is further configured to acquire the target data that is to be encrypted within the second cryptographic system,the determination unit is further configured to determine whether encrypted data that has been generated by encryption of the target data is stored in the first cryptographic system,the key acquisition unit is further configured to acquire the first key that has been used in the encryption of the target data performed in the first cryptographic system, when the determination unit judges that the encrypted data that has been generated by the encryption of the target data is stored in the first cryptographic system,the cryptographic processing unit is further configured to encrypt the first key by using the second key that is to be used in encryption of the target data, the encryption to be performed in the second cryptographic system, andthe key writing unit is further configured to write, within the second cryptographic system, the encrypted first key into the second key storage unit, in association with the target data.
  - 16. The information processing apparatus of claim 15, whereinthe cryptographic processing unit is further configured to encrypt the target data within the second cryptographic system by using the second key, thereby generating second data, andthe information processing apparatus further comprises:
    - a second-data storage unit configured to be used in the second cryptographic system, anda data writing unit configured to write the second data into the second storage unit.
  - 17. The information processing apparatus of claim 16, whereinthe data acquisition unit is further configured to acquire an instruction to update the target data,the determination unit determines, in response to the instruction, whether the first data, which has been generated by encrypting the target data that relates to the instruction, is stored in the first-data storage unit,the key acquisition unit is further configured to acquire the encrypted first key from the second key storage unit when the determination unit determines that the first data is stored in the first-data storage unit,the cryptographic processing unit is further configured to decrypt the encrypted first key acquired by the acquisition unit, and to encrypt updated target data that has been generated by updating the target data, by using the first key, thereby generating updated first data, andthe data writing unit is further configured to overwrite the first data stored in the first-data storage unit with the updated first data.
  - 18. The information processing apparatus of claim 2, whereinthe first key storage unit manages keys in the first cryptographic system in a hierarchy structure, in which a level immediately below each key is assigned an encrypted key that is decryptable with the corresponding key, andthe key writing unit writes the encrypted second key into a level immediately below the second key.
  - 19. The information processing apparatus of claim 2 further comprising:
    - a processor configured to operate according to an application program that uses the encrypted data in the first cryptographic system, whereinthe application program includes an instruction to output the target data to the data acquisition unit, andthe processor outputs the target data to the data acquisition unit.
  - 20. The information processing apparatus of claim 2 further comprising:
    - a key storage unit configured to store therein a key decrypted within the first cryptographic system, in association with first type information indicating that the key is for use within the first cryptographic system, and to store a key decrypted within the second cryptographic system, in association with second type information indicating that the key is for use within the second cryptographic system, whereinwithin the first cryptographic system, the cryptographic processing unit performs decryption by using the key associated with the first type information,within the second cryptographic system, the cryptographic processing unit performs decryption by using the key associated with the second type information, andthe information processing apparatus further comprises;
      
      a control unit configured to cause the cryptographic processing unit to encrypt, within the second cryptographic system, updated target data that has been generated by updating the target data, by replacing the first type information which has been associated with the key stored in the key storage unit with the second type information, after the decryption has been performed within the first cryptographic system.
  - 21. The information processing apparatus of claim 20, whereinthe key storage unit includes a plurality of storage blocks each having a predetermined capacity, and stores therein block information that indicates, for each key stored therein, the corresponding one of the storage blocks in which the key is stored.
  - 22. The information processing apparatus of claim 2, whereinthe cryptographic processing unit includes:
    - a control unit;
      
      a key storage unit configured to store therein the first key for use in the first cryptographic system; and
      
      a cryptographic engine unit configured to perform encryption by using the first key stored in the cryptographic processing unit, whereinwhen the key storage unit lacks enough empty space for storing the first key, the control unit causes the cryptographic engine unit to encrypt and externally save a key that has been stored in the storage unit to create an empty area, writes the first key into the empty area, and after encryption with use of the first key has been completed within the first cryptographic system, causes the cryptographic processing unit to decrypt the saved key that has been encrypted and to overwrite the first key with the saved key.

23. A method used in an information processing apparatus that is provided with a first cryptographic system and a second cryptographic system each encrypting and storing data, the method comprising:
- a data acquisition step of acquiring target data that is to be encrypted in the first cryptographic system;
  
  a determination step of determining whether encrypted data that has been generated by encryption of the target data is stored in the second cryptographic system;
  
  a key acquisition step of acquiring a second key that has been used in the encryption of the target data performed in the second cryptographic system, when judged in the determination step that the encrypted data is stored in the second cryptographic system;
  
  a cryptographic processing step of encrypting the second key by using a first key that is to be used in encryption of the target data; and
  
  a key writing step of writing the encrypted second key into a first key storage unit, in association with the target data.

24. A computer program used in an information processing apparatus that is provided with a first cryptographic system and a second cryptographic system each encrypting and storing data, the method causing the information processing apparatus as a computer to perform:
- a data acquisition step of acquiring target data that is to be encrypted in the first cryptographic system;
  
  a determination step of determining whether encrypted data that has been generated by encryption of the target data is stored in the second cryptographic system;
  
  a key acquisition step of acquiring a second key that has been used in the encryption of the target data performed in the second cryptographic system, when judged in the determination step that the encrypted data is stored in the second cryptographic system;
  
  a cryptographic processing step of encrypting the second key by using a first key that is to be used in encryption of the target data; and
  
  a key writing step of writing the encrypted second key into a first key storage unit, in association with the target data.
- View Dependent Claims (25)
- - 25. The computer program of claim 24 that is recorded on a non-transitory computer-readable recording medium.

26. An integrated circuit that is provided with a first cryptographic system and a second cryptographic system each encrypting and storing data, comprising:
- a data acquisition unit configured to acquire target data that is to be encrypted in the first cryptographic system;
  
  a determination unit configured to determine whether encrypted data that has been generated by encryption of the target data is stored in the second cryptographic system;
  
  a key acquisition unit configured to acquire a second key that has been used in the encryption of the target data performed in the second cryptographic system, when the determination unit judges that the encrypted data is stored in the second cryptographic system;
  
  a first key storage unit configured to be used in the first cryptographic system;
  
  a cryptographic processing unit configured to encrypt the second key by using a first key that is to be used in encryption of the target data; and
  
  a key writing unit configured to write the encrypted second key into the first key storage unit, in association with the target data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Panasonic Corporation (Panasonic Holdings Corporation)
Original Assignee
Panasonic Corporation (Panasonic Holdings Corporation)
Inventors
Matsushima, Hideki, Ito, Takayuki, Haga, Tomoyuki, Takayama, Hisashi

Application Number

US13/119,524
Publication Number

US 20110173460A1
Time in Patent Office

Days
Field of Search
US Class Current

713/193
CPC Class Codes

H04L 2209/60   Digital content management,...

H04L 9/0836   using tree structure or hie...

H04L 9/0894   Escrow, recovery or storing...

INFORMATION PROCESSING DEVICE, METHOD, PROGRAM, AND INTEGRATED CIRCUIT

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

INFORMATION PROCESSING DEVICE, METHOD, PROGRAM, AND INTEGRATED CIRCUIT

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links