Electronic data storage apparatus, system and method

US 6,421,779 B1
Filed: 07/29/1998
Issued: 07/16/2002
Est. Priority Date: 11/14/1997
Status: Expired due to Fees

First Claim

Patent Images

1. An electronic data storage apparatus for storing electronic data, comprising:

a data storage unit storing electronic data;

an authentication information generation unit generating authentication information used in checking correctness of the electronic data stored in said data storage unit;

an authentication information data output unit outputting the electronic data stored in said data storage unit after adding to the electronic data the authentication information generated for the electronic data;

a master key storage unit storing a master key common to a plurality of electronic data storage apparatuses;

a mutual authentication unit performing mutual authentication between the plurality of electronic data storage apparatuses before the electronic data is transferred between the electronic data storage apparatuses;

an electronic data storage apparatus identification information storage unit storing electronic data storage apparatus identification information unique to said electronic data storage apparatus, wherein said mutual authentication unit generates first mutual authentication information by encrypting the electronic data storage apparatus identification information and random information using the master key, transmits the first mutual authentication information to another electronic data storage apparatus, decrypts the second mutual authentication information using the master key and determines if information included in the decrypted second mutual authentication information matches the random information used to generate the first mutual authentication information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An electronic data storage apparatus includes a data storage unit for storing electronic data; an authentication information generation unit for generating authentication information used in detecting an amendment made to the stored electronic data; and an authentication information data output unit for outputting the electronic data after adding to the electronic data the authentication information generated for the electronic data. When an authorization unit authorizes the electronic data storage apparatus after it is determined that the specification of the electronic data satisfies a predetermined condition, or when mutual authentication is performed between electronic data storage apparatuses, the electronic data storage apparatus stores the data. Thus, the electronic data can be protected from being illegally amended or deleted, and can be safely stored in a format in which sufficient legal evidence can be maintained on the electronic data.

Citations

54 Claims

1. An electronic data storage apparatus for storing electronic data, comprising:
- a data storage unit storing electronic data;
  
  an authentication information generation unit generating authentication information used in checking correctness of the electronic data stored in said data storage unit;
  
  an authentication information data output unit outputting the electronic data stored in said data storage unit after adding to the electronic data the authentication information generated for the electronic data;
  
  a master key storage unit storing a master key common to a plurality of electronic data storage apparatuses;
  
  a mutual authentication unit performing mutual authentication between the plurality of electronic data storage apparatuses before the electronic data is transferred between the electronic data storage apparatuses;
  
  an electronic data storage apparatus identification information storage unit storing electronic data storage apparatus identification information unique to said electronic data storage apparatus, wherein said mutual authentication unit generates first mutual authentication information by encrypting the electronic data storage apparatus identification information and random information using the master key, transmits the first mutual authentication information to another electronic data storage apparatus, decrypts the second mutual authentication information using the master key and determines if information included in the decrypted second mutual authentication information matches the random information used to generate the first mutual authentication information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The apparatus according to claim 1, further comprising:
    - a data transfer request unit generating and outputting a data transfer request certificate issued to request another electronic data storage apparatus to transfer data after the mutual authentication performed by said mutual authentication unit when the electronic data is output to the other electronic data storage apparatus.
  - 3. The apparatus according to claim 2, further comprising:
4. The apparatus according to claim 3, further comprising:
- a certificate verification unit verifying the data transfer request certificate stored in said certificate storage unit preventing said electronic data storage apparatus from denying the data transfer request issued by said electronic data storage apparatus.
5. The apparatus according to claim 1, further comprising:
- an authentication information verification unit verifying contents of the authentication information using the master key when the electronic data is externally input with the authentication information added to the electronic data.
6. The apparatus according to claim 5, wherein said authentication information verification unit returns a verification result of the authentication information to a source of the electronic data provided with the authentication information.
7. The apparatus according to claim 5, wherein said authentication information verification unit rejects storing externally input electronic data in said data storage unit when said authentication information verification unit detects incorrectness in the electronic data.
8. The apparatus according to claim 5, further comprising:
- a storage certificate issue unit issuing to a requester who requests storage of electronic data a storage certificate which certifies the storage of the electronic data when said authentication information verification unit does not detects incorrectness in the electronic data provided with the authentication information and the input electronic data is stored in said data storage unit.
9. The apparatus according to claim 8, whereinsaid storage certificate issue unit generates the storage certificate in association with electronic data storage apparatus identification information unique to said electronic data storage apparatus.
10. The apparatus according to claim 8, whereinsaid storage certificate issue unit generates the storage certificate by associating the storage certificate with electronic data storage apparatus identification information unique to said electronic data storage apparatus, and by encrypting the storage certificate using an individual key of said electronic data storage apparatus.
11. The apparatus according to claim 10, further comprising:
- a certificate storage unit storing the storage certificate encrypted and issued when the storage certificate is externally input.
12. The apparatus according to claim 11, further comprising:
- a certificate verification unit rejecting storage of a storage certificate in said certificate storage unit when the encrypted storage certificate is externally input, the storage certificate is verified, and incorrectness is detected in contents of the storage certificate.
13. The apparatus according to claim 11, further comprising:
- a certificate verification unit verifying a storage certificate stored in said certificate storage unit using an individual key of the electronic data storage apparatus which issued the storage certificate to suppress rejection of storage of the electronic data when the electronic data storage apparatus which issued the storage certificate denies the storage of the electronic data for the storage certificate.
14. The electronic data storage apparatus according to claim 8, whereinsaid storage certificate issue unit generates an encrypted storage certificate using a master key commonly used among a plurality of electronic data storage apparatuses.
15. The apparatus according to claim 1, whereinsaid authentication information generation unit generates the authentication information associated with electronic data storage apparatus identification information unique to said electronic data storage apparatus to manage location of electronic data.
16. The apparatus according to claim 1, whereinsaid authentication information data output unit outputs electronic data after adding, to the electronic data, electronic data storage apparatus identification information unique to said electronic data storage apparatus in addition to the authentication information to manage location of the electronic data.

17. An electronic data storage system for storing electronic data, comprising:
- an electronic data storage apparatus comprising;
  
  a data storage unit storing electronic data, an authentication information generation unit generating authentication information used in checking correctness of the electronic data stored in said data storage unit, and an authentication information data output unit outputting the electronic data stored in said data storage unit after adding to the electronic data the authentication information generated for the electronic data; and
  
  an authorization device comprising;
  
  a specification check unit checking a specification, which comprises a performance quality to store the electronic data, of said electronic data storage apparatus, and authorizing said electronic data storage apparatus when the specification meets predetermined conditions.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 40, 54)
- - 18. The system according to claim 17, further comprising:
19. The system according to claim 17, wherein said specification check unit checks the specification of the authorized electronic data storage apparatus.
20. The system according to claim 17, wherein said authorization device assigns a master key commonly used among a plurality of authorized electronic data storage apparatuses to each of the electronic data storage apparatuses and wherein each of said electronic data storage apparatuses further comprises a master key storage unit storing the master key.
21. The system according to claim 20, whereinsaid authorization device further comprises a master key management unit generating and managing the master key.
22. The system according to claim 21, wherein said master key management unit periodically changing a master key to be assigned to each of said electronic data storage apparatuses.
23. The system according to claim 22, wherein said master key storage unit stores a changed master key when the assigned master key is changed.
24. The system according to claim 21, whereinsaid master key management unit assigns a master key to an electronic data storage apparatus in a format of a portable medium which stores the master key and is available when inserted into the electronic data storage apparatus.
25. The system according to claim 17, whereinsaid authorization device further comprises:
- an electronic data storage apparatus identification information management unit assigning electronic data storage apparatus identification information for uniquely identifying each electronic data storage apparatus to each of a plurality of authorized electronic data storage apparatuses.
26. The system according to claim 25, wherein said electronic data storage apparatus further comprises:
- an electronic data identification information generation unit generating electronic data identification information associated with the electronic data storage apparatus identification information for electronic data stored in said electronic data storage unit.
27. The system according to claim 26, wherein said authentication information generation unit adds the authentication information associated with the electronic data identification information, and externally outputs resultant information.
28. The system according to claim 27, wherein said authorization device further comprises:
- an authentication information data analysis unit specifying an electronic data storage apparatus which stores the authentication information electronic data according to electronic data storage apparatus identification information associated with the electronic data identification information.
29. The system according to claim 17, further comprising:
- a user device for requesting said electronic data storage apparatus to store electronic data wherein said authentication information generation unit in said electronic data storage apparatus generates authentication information for detecting correctness or incorrectness of the electronic data when said user device stores the electronic data using a master key commonly provided for a plurality of electronic data storage apparatuses.
30. The system according to claim 29, whereinsaid electronic data storage apparatus further comprises an authentication information verification unit verifying contents of the authentication information using a master key.
31. The system according to claim 30, whereinsaid authentication information verification unit verifies authentication information and checks whether or not electronic data has been illegally amended when data with authentication information is externally input.
32. The system according to claim 29, whereinsaid authentication information generation unit generates authentication information associated with time information about when the authentication information is generated.
33. The system according to claim 29, whereinsaid authentication information generation unit generates authentication information associated with electronic data identification information for uniquely identifying electronic data.
34. The system according to claim 29, whereinsaid authentication information generation unit generates authentication information associated with original information indicating that electronic data is original data.
35. The system according to claim 34, whereinsaid electronic data storage unit stores electronic data identification information for uniquely identifying electronic data, and electronic data storage apparatus identification information for uniquely identifying a destination electronic data storage apparatus to which the electronic data is to be output together with the electronic data when the electronic data is externally output from said electronic data storage apparatus with the electronic data defined as original data.
36. The system according to claim 34, whereinsaid authentication information generation unit generates authentication information associated with electronic data identification information for uniquely identifying the electronic data and electronic data storage apparatus identification information for uniquely identifying said electronic data storage apparatus when the electronic data is externally output from said electronic data storage apparatus with the electronic data defined as original data.
40. The system according to claim 29, whereinsaid authentication information generation unit generates the authentication information associated with the log information when the authentication information is generated.
54. The system according to claim 25, whereinsaid electronic data storage apparatus identification information management unit assigns the electronic data storage apparatus identification information in a format to a portable medium which stores the elctronic data storage apparatus identification information and is available when inserted into the electronic data storage apparatus.

37. The system according to lcaim 29, whereinsaid authentication information generation unit generates authentication information associated with copy information indicating that electronic data is a copy.
- View Dependent Claims (38, 39)
- - 38. The system according to claim 37, whereinsaid electronic data storage unit stores, in addition to electronic data, electronic data identification information for uniquely identifying the electronic data and electronic data storage apparatus identification information for uniquely identifying a destination electronic data storage apparatus to which the electronic data is to be output when the electronic data is externally output from said electronic data storage apparatus with the electronic data defined as copied data.
  - 39. The system according to claim 37, whereinsaid authentication information generation unit generates authentication information associated with electronic data identification information for uniquely identifying the electronic data and electronic data storage apparatus identification information for uniquely identifying said electronic data storage apparatus when the electronic data is externally output from said electronic data storage apparatus with the elcetronic data defined as copied data.

41. A method for storing electronic data, comprising:
- generating first mutual authentication information by encrypting electronic data storage apparatus identification information unique to an electronic data storage apparatus and random information using a master key common to the plurality of electronic data apparatuses;
  
  transmitting the first mutual authentication information to another electronic data storage apparatus;
  
  receiving second mutual authentication information from said other electronic data storage apparatus, decrypting the second mutual authentication information using the master key;
  
  determining if information included in the decrypted second mutual authentication information matches the random information used to generate the first mutual authentication information;
  
  when the information included in the decrypted second mutual authentication information matches the random information, generating authentication information used in checking correctness of stored electronic data; and
  
  outputting the stored electronic data to said other electronic data storage apparatus after adding to the electronic data the authentication information generated for the electronic data.
- View Dependent Claims (42)
- - 42. The method according to claim 41, further comprising:

43. A method for storing electronic data, comprising:
- instructing an authorization device for authorizing an electronic data storage apparatus which stores an electronic data whether or not a specification of the electronic data storage apparatus, which is a performance quality to store the electronic data satisfies predetermined conditions from the electronic data storage apparatus side, and storing the electronic data in the electronic data storage apparatus if the authorization device determines that the predetermined conditions are satisfied.
- View Dependent Claims (44, 45, 46, 47)
- - 44. The method according to claim 43, further comprising:
45. The method according to claim 44, wherein said authentication information is generated using a master key common to a plurality of electronic data storage apparatuses which distribute and store the electronic data when the authentication information is generated.
46. The method according to claim 44, wherein mutual authentication is performed using a master key common to a plurality of electronic data storage apparatuses which distribute and store the electronic data with a destination electronic data storage apparatus to which the electronic data is to be output before outputting the stored electronic data.
47. The method according to claim 43, wherein contents of authentication information is verified when the electronic data provided with authentication information for checking illegal amendments made to the electronic data is input to the electronic data storage apparatus, and said electronic data is stored only when the authentication information refers to correctness of the data.

48. A computer-readable storage medium controlling a computer and comprising a process of:
- generating first mutual authentication information by encrypting electronic data storage apparatus identification information unique to an electronic data storage apparatus and random information using a master key common to the plurality of electronic data storage apparatuses;
  
  transmitting the first mutual authentication information to another electronic data storage apparatus;
  
  receiving second mutual authentication information from said other electronic data storage apparatus;
  
  decrypting the second mutual authentication information using the master key;
  
  determining if information included in the decrypted second mutual authentication matches the random information used to generate the first mutual authentication information;
  
  when the information included in the decrypted second mutual authentication information matches the random information, generating authentication information used in checking, correctness of stored electronic data; and
  
  outputting the stored electronic data to said other electronic data storage apparatus after adding to the electronic data the authentication information generated for the electronic data.
- View Dependent Claims (49)
- - 49. The computer-readable storage medium according to claim 48, further comprising:

50. An electronic data storage apparatus for storing electronic data, comprising:
- data storage means for storing electronic data;
  
  authentication information generation means for generating authentication information used in checking correctness of the electronic data stored in said data storage means;
  
  authentication information data output means for outputting the electronic data stored in said data storage means after adding to the electronic data the authentication information generated for the electronic data;
  
  master key storage means for storing a master key common to a plurality of electronic data storage apparatuses;
  
  mutual authentication means for performing mutual authentication between the electronic data storage apparatuses before the electronic data is transferred between the electronic data storage apparatuses; and
  
  electronic data storage apparatus identification information storage means for storing electronic data storage apparatus identification information unique to said electronic data storage apparatus, wherein said mutual authentication means generates first mutual authentication information by encrypting the electronic data storage apparatus identification information and random information using the master key, transmits the first mutual authentication information to another electronic data storage apparatus, receives second mutual authentication information from said other electronic data storage apparatus, decrypts the second mutual authentication information using the master key and determines if information included in the decrypted second mutual authentication information matches the random information used to generate the first mutual authentication information.

51. An electronic data storage system for storing electronic data, comprising:
- an electronic data storage apparatus, comprising;
  
  data storage means for storing electronic data, authentication information generation means for generating authentication information used in checking correctness of the electronic data stored in said data storage means, authentication information data output means for outputting the electronic data stored in said data storage means after adding to the electronic data the authentication information generated for the electronic data; and
  
  an authorization device comprising;
  
  specification check means for checking a specification of said electronic data storage apparatus, which is a performance quality to store the electronic data, and authorizing said electronic data storage apparatus when the specification meats predetermined conditions.

52. A computer data signal embodied in a carrier wave and representing a program that makes the computer perform a process for storing an electronic data, and the process, comprising:
- generating first mutual authentication information by encrypting the electronic data storage apparatus;
  
  identification information unique to an electronic data storage apparatus and random information using a master key common to the plurality of electronic data storage apparatuses;
  
  transmitting the first mutual authentication information to another electronic data storage apparatus;
  
  receiving second mutual authentication information from said another electronic data storage apparatus;
  
  decrypting the second mutual authentication information using the master key;
  
  determining if information included in the decrypted second mutual authentication information matches the random information used to generate the first mutual authentication information;
  
  when the information included in the decrypted second mutual authentication information matches the random information, generating authentication information used in checking correctness of stored electronic data; and
  
  outputting the stored electronic data to said another electronic data storage apparatus after adding to the electronic data the authentication information generated for the electronic data.

53. A computer data signal embodied in a carrier wave and representing a program that makes the computer perform a process for storing an electronic data, and the process, comprising:
- instructing an authorization device for authorizing an electronic data storage apparatus which stores the electronic data whether or not a specification of the electronic data storage apparatus, which is a performance quality to store the electronic data satisfies predetermined conditions; and
  
  storing the electronic data in the electronic data storage apparatus if the authorization device determines that the predetermined conditions are satisfied.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fujitsu Limited
Original Assignee
Fujitsu Limited
Inventors
Kamada, Jun, Ono, Etsuo, Kuroda, Yasutsugu
Primary Examiner(s)
Peeso, Thomas R.

Application Number

US09/123,559
Time in Patent Office

1,448 Days
Field of Search

705/57, 713/180, 713/181, 713/182, 713/165, 713/193, 713/194
US Class Current

713/169
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/60   Digital content management,...

H04L 9/3263   involving certificates, e.g...

H04L 9/3273   for mutual authentication n...

Electronic data storage apparatus, system and method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

54 Claims

Specification

Solutions

Use Cases

Quick Links

Electronic data storage apparatus, system and method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

54 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links