Data management system
First Claim
1. A system for managing digital data to be transferred from an owner of data to a user of data via a communication network, whereby:
- secret-key, public-key, private-key, owner label, user label and data label are used in the data management system;
a data management center is linked to a public-key storage and a secret-key generator and is arranged on said communication network;
said data management center certifies public-keys of said owner and said user, and stores said owner label, said user label and said data label;
said owner presents said owner label and data label, and requests a secret-key for data encryption to said data management center;
said data management center prepares a data label fingerprint from said data label, and distributes secret-key for encryption which is encrypted by using said public-key of owner together with said data label fingerprint, to said owner;
said owner encrypts the data using said secret-key which is decrypted by using private-key of said owner, and transfers said encrypted data, said data label and said data label fingerprint to a first user;
said first user presents user label of said first user, said data label and said data label fingerprint, and requests a secret-key for decrypting said encrypted data and a secret-key for re-encrypting said data which is decrypted, to said data management center;
said data management center confirms validity of said data label by said data label fingerprint, registers said user label of first user, and distributes said secret-key for decrypting encrypted data and said secret-key for re-encrypting decrypted data, both of which are encrypted by using the public-key of said first user to said first user; and
said first user decrypts said secret-key for decryption and said secret-key for re-encryption by using the private-key of said first user, decrypts and uses the encrypted data using said secret-key for decryption, encrypts the decrypted data using said secret-key for re-encryption to be stored and copied, and transfers the encrypted data together with said data label, data label fingerprint and said user label of first user to the next user.
4 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides a system to ensure security of data in a computer network system. A center certifies a public-key of user of the system and distributes a secret-key. A first system comprises the center in a network, an information provider and a plurality of users. The center identifies utilization status by requests of the secret-key. The data is encrypted by the secret-key and is stored and transferred, while the data to be stored and transferred is encrypted by a secret-key different from the secret-key of the transferred data. An original data label is added to the original data, and an edit label is added to the edited data, and the center does not store the data and stores only the original data label and the edit label. A second system comprises a center and an information provider in a network, and a plurality of users utilizing the network. The center stores the original data and editing scenario, and also the original data label, user label and edit label. The data is not transferred between the users, but data label encrypted by the public-key is transferred. In electronic commerce system, every data is distributed through a mediator in the network, data which is transferred from a maker to a user is encrypted by a secret-key for encryption, and data which is transferred from the user to the maker is encrypted by a secret-key for re-encryption.
-
Citations
26 Claims
-
1. A system for managing digital data to be transferred from an owner of data to a user of data via a communication network, whereby:
-
secret-key, public-key, private-key, owner label, user label and data label are used in the data management system; a data management center is linked to a public-key storage and a secret-key generator and is arranged on said communication network; said data management center certifies public-keys of said owner and said user, and stores said owner label, said user label and said data label; said owner presents said owner label and data label, and requests a secret-key for data encryption to said data management center; said data management center prepares a data label fingerprint from said data label, and distributes secret-key for encryption which is encrypted by using said public-key of owner together with said data label fingerprint, to said owner; said owner encrypts the data using said secret-key which is decrypted by using private-key of said owner, and transfers said encrypted data, said data label and said data label fingerprint to a first user; said first user presents user label of said first user, said data label and said data label fingerprint, and requests a secret-key for decrypting said encrypted data and a secret-key for re-encrypting said data which is decrypted, to said data management center; said data management center confirms validity of said data label by said data label fingerprint, registers said user label of first user, and distributes said secret-key for decrypting encrypted data and said secret-key for re-encrypting decrypted data, both of which are encrypted by using the public-key of said first user to said first user; and said first user decrypts said secret-key for decryption and said secret-key for re-encryption by using the private-key of said first user, decrypts and uses the encrypted data using said secret-key for decryption, encrypts the decrypted data using said secret-key for re-encryption to be stored and copied, and transfers the encrypted data together with said data label, data label fingerprint and said user label of first user to the next user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
Specification