Electronic data storage apparatus, system and method
First Claim
1. An electronic data storage apparatus for storing electronic data, comprising:
- a data storage unit storing electronic data;
an authentication information generation unit generating authentication information used in checking correctness of the electronic data stored in said data storage unit;
an authentication information data output unit outputting the electronic data stored in said data storage unit after adding to the electronic data the authentication information generated for the electronic data;
a master key storage unit storing a master key common to a plurality of electronic data storage apparatuses;
a mutual authentication unit performing mutual authentication between the plurality of electronic data storage apparatuses before the electronic data is transferred between the electronic data storage apparatuses;
an electronic data storage apparatus identification information storage unit storing electronic data storage apparatus identification information unique to said electronic data storage apparatus, wherein said mutual authentication unit generates first mutual authentication information by encrypting the electronic data storage apparatus identification information and random information using the master key, transmits the first mutual authentication information to another electronic data storage apparatus, decrypts the second mutual authentication information using the master key and determines if information included in the decrypted second mutual authentication information matches the random information used to generate the first mutual authentication information.
1 Assignment
0 Petitions
Accused Products
Abstract
An electronic data storage apparatus includes a data storage unit for storing electronic data; an authentication information generation unit for generating authentication information used in detecting an amendment made to the stored electronic data; and an authentication information data output unit for outputting the electronic data after adding to the electronic data the authentication information generated for the electronic data. When an authorization unit authorizes the electronic data storage apparatus after it is determined that the specification of the electronic data satisfies a predetermined condition, or when mutual authentication is performed between electronic data storage apparatuses, the electronic data storage apparatus stores the data. Thus, the electronic data can be protected from being illegally amended or deleted, and can be safely stored in a format in which sufficient legal evidence can be maintained on the electronic data.
-
Citations
54 Claims
-
1. An electronic data storage apparatus for storing electronic data, comprising:
-
a data storage unit storing electronic data;
an authentication information generation unit generating authentication information used in checking correctness of the electronic data stored in said data storage unit;
an authentication information data output unit outputting the electronic data stored in said data storage unit after adding to the electronic data the authentication information generated for the electronic data;
a master key storage unit storing a master key common to a plurality of electronic data storage apparatuses;
a mutual authentication unit performing mutual authentication between the plurality of electronic data storage apparatuses before the electronic data is transferred between the electronic data storage apparatuses;
an electronic data storage apparatus identification information storage unit storing electronic data storage apparatus identification information unique to said electronic data storage apparatus, wherein said mutual authentication unit generates first mutual authentication information by encrypting the electronic data storage apparatus identification information and random information using the master key, transmits the first mutual authentication information to another electronic data storage apparatus, decrypts the second mutual authentication information using the master key and determines if information included in the decrypted second mutual authentication information matches the random information used to generate the first mutual authentication information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
a certificate storage unit storing a data transfer request certificate when the data transfer request certificate is input and the electronic data corresponding to the certificate is stored in said data storage unit.
-
-
4. The apparatus according to claim 3, further comprising:
a certificate verification unit verifying the data transfer request certificate stored in said certificate storage unit preventing said electronic data storage apparatus from denying the data transfer request issued by said electronic data storage apparatus.
-
5. The apparatus according to claim 1, further comprising:
an authentication information verification unit verifying contents of the authentication information using the master key when the electronic data is externally input with the authentication information added to the electronic data.
-
6. The apparatus according to claim 5, wherein said authentication information verification unit returns a verification result of the authentication information to a source of the electronic data provided with the authentication information.
-
7. The apparatus according to claim 5, wherein said authentication information verification unit rejects storing externally input electronic data in said data storage unit when said authentication information verification unit detects incorrectness in the electronic data.
-
8. The apparatus according to claim 5, further comprising:
a storage certificate issue unit issuing to a requester who requests storage of electronic data a storage certificate which certifies the storage of the electronic data when said authentication information verification unit does not detects incorrectness in the electronic data provided with the authentication information and the input electronic data is stored in said data storage unit.
-
9. The apparatus according to claim 8, wherein
said storage certificate issue unit generates the storage certificate in association with electronic data storage apparatus identification information unique to said electronic data storage apparatus. -
10. The apparatus according to claim 8, wherein
said storage certificate issue unit generates the storage certificate by associating the storage certificate with electronic data storage apparatus identification information unique to said electronic data storage apparatus, and by encrypting the storage certificate using an individual key of said electronic data storage apparatus. -
11. The apparatus according to claim 10, further comprising:
a certificate storage unit storing the storage certificate encrypted and issued when the storage certificate is externally input.
-
12. The apparatus according to claim 11, further comprising:
a certificate verification unit rejecting storage of a storage certificate in said certificate storage unit when the encrypted storage certificate is externally input, the storage certificate is verified, and incorrectness is detected in contents of the storage certificate.
-
13. The apparatus according to claim 11, further comprising:
a certificate verification unit verifying a storage certificate stored in said certificate storage unit using an individual key of the electronic data storage apparatus which issued the storage certificate to suppress rejection of storage of the electronic data when the electronic data storage apparatus which issued the storage certificate denies the storage of the electronic data for the storage certificate.
-
14. The electronic data storage apparatus according to claim 8, wherein
said storage certificate issue unit generates an encrypted storage certificate using a master key commonly used among a plurality of electronic data storage apparatuses. -
15. The apparatus according to claim 1, wherein
said authentication information generation unit generates the authentication information associated with electronic data storage apparatus identification information unique to said electronic data storage apparatus to manage location of electronic data. -
16. The apparatus according to claim 1, wherein
said authentication information data output unit outputs electronic data after adding, to the electronic data, electronic data storage apparatus identification information unique to said electronic data storage apparatus in addition to the authentication information to manage location of the electronic data.
-
17. An electronic data storage system for storing electronic data, comprising:
-
an electronic data storage apparatus comprising;
a data storage unit storing electronic data, an authentication information generation unit generating authentication information used in checking correctness of the electronic data stored in said data storage unit, and an authentication information data output unit outputting the electronic data stored in said data storage unit after adding to the electronic data the authentication information generated for the electronic data; and
an authorization device comprising;
a specification check unit checking a specification, which comprises a performance quality to store the electronic data, of said electronic data storage apparatus, and authorizing said electronic data storage apparatus when the specification meets predetermined conditions. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 40, 54)
one or more electronic data storage apparatuses; and
one or more authorization device.
-
-
19. The system according to claim 17, wherein said specification check unit checks the specification of the authorized electronic data storage apparatus.
-
20. The system according to claim 17, wherein said authorization device assigns a master key commonly used among a plurality of authorized electronic data storage apparatuses to each of the electronic data storage apparatuses and wherein each of said electronic data storage apparatuses further comprises a master key storage unit storing the master key.
-
21. The system according to claim 20, wherein
said authorization device further comprises a master key management unit generating and managing the master key. -
22. The system according to claim 21, wherein said master key management unit periodically changing a master key to be assigned to each of said electronic data storage apparatuses.
-
23. The system according to claim 22, wherein said master key storage unit stores a changed master key when the assigned master key is changed.
-
24. The system according to claim 21, wherein
said master key management unit assigns a master key to an electronic data storage apparatus in a format of a portable medium which stores the master key and is available when inserted into the electronic data storage apparatus. -
25. The system according to claim 17, wherein
said authorization device further comprises: an electronic data storage apparatus identification information management unit assigning electronic data storage apparatus identification information for uniquely identifying each electronic data storage apparatus to each of a plurality of authorized electronic data storage apparatuses.
-
26. The system according to claim 25, wherein said electronic data storage apparatus further comprises:
- an electronic data identification information generation unit generating electronic data identification information associated with the electronic data storage apparatus identification information for electronic data stored in said electronic data storage unit.
-
27. The system according to claim 26, wherein said authentication information generation unit adds the authentication information associated with the electronic data identification information, and externally outputs resultant information.
-
28. The system according to claim 27, wherein said authorization device further comprises:
- an authentication information data analysis unit specifying an electronic data storage apparatus which stores the authentication information electronic data according to electronic data storage apparatus identification information associated with the electronic data identification information.
-
29. The system according to claim 17, further comprising:
-
a user device for requesting said electronic data storage apparatus to store electronic data wherein said authentication information generation unit in said electronic data storage apparatus generates authentication information for detecting correctness or incorrectness of the electronic data when said user device stores the electronic data using a master key commonly provided for a plurality of electronic data storage apparatuses.
-
-
30. The system according to claim 29, wherein
said electronic data storage apparatus further comprises an authentication information verification unit verifying contents of the authentication information using a master key. -
31. The system according to claim 30, wherein
said authentication information verification unit verifies authentication information and checks whether or not electronic data has been illegally amended when data with authentication information is externally input. -
32. The system according to claim 29, wherein
said authentication information generation unit generates authentication information associated with time information about when the authentication information is generated. -
33. The system according to claim 29, wherein
said authentication information generation unit generates authentication information associated with electronic data identification information for uniquely identifying electronic data. -
34. The system according to claim 29, wherein
said authentication information generation unit generates authentication information associated with original information indicating that electronic data is original data. -
35. The system according to claim 34, wherein
said electronic data storage unit stores electronic data identification information for uniquely identifying electronic data, and electronic data storage apparatus identification information for uniquely identifying a destination electronic data storage apparatus to which the electronic data is to be output together with the electronic data when the electronic data is externally output from said electronic data storage apparatus with the electronic data defined as original data. -
36. The system according to claim 34, wherein
said authentication information generation unit generates authentication information associated with electronic data identification information for uniquely identifying the electronic data and electronic data storage apparatus identification information for uniquely identifying said electronic data storage apparatus when the electronic data is externally output from said electronic data storage apparatus with the electronic data defined as original data. -
40. The system according to claim 29, wherein
said authentication information generation unit generates the authentication information associated with the log information when the authentication information is generated. -
54. The system according to claim 25, wherein
said electronic data storage apparatus identification information management unit assigns the electronic data storage apparatus identification information in a format to a portable medium which stores the elctronic data storage apparatus identification information and is available when inserted into the electronic data storage apparatus.
-
37. The system according to lcaim 29, wherein
said authentication information generation unit generates authentication information associated with copy information indicating that electronic data is a copy.
-
41. A method for storing electronic data, comprising:
-
generating first mutual authentication information by encrypting electronic data storage apparatus identification information unique to an electronic data storage apparatus and random information using a master key common to the plurality of electronic data apparatuses;
transmitting the first mutual authentication information to another electronic data storage apparatus;
receiving second mutual authentication information from said other electronic data storage apparatus, decrypting the second mutual authentication information using the master key;
determining if information included in the decrypted second mutual authentication information matches the random information used to generate the first mutual authentication information;
when the information included in the decrypted second mutual authentication information matches the random information, generating authentication information used in checking correctness of stored electronic data; and
outputting the stored electronic data to said other electronic data storage apparatus after adding to the electronic data the authentication information generated for the electronic data. - View Dependent Claims (42)
verifying contents of authentication information when electronic data provided with the authentication information for detecting correctness of the electronic data is input; and
storing the electronic data only when the electronic data has not been illegally amended.
-
-
43. A method for storing electronic data, comprising:
-
instructing an authorization device for authorizing an electronic data storage apparatus which stores an electronic data whether or not a specification of the electronic data storage apparatus, which is a performance quality to store the electronic data satisfies predetermined conditions from the electronic data storage apparatus side, and storing the electronic data in the electronic data storage apparatus if the authorization device determines that the predetermined conditions are satisfied. - View Dependent Claims (44, 45, 46, 47)
generating authentication information for checking correctness of the electronic data stored in the electronic data storage apparatus when the electronic data is stored after the determination; and
adding to the electronic data and outputting the authentication information generated for the electronic data when the stored electronic data is output.
-
-
45. The method according to claim 44, wherein said authentication information is generated using a master key common to a plurality of electronic data storage apparatuses which distribute and store the electronic data when the authentication information is generated.
-
46. The method according to claim 44, wherein mutual authentication is performed using a master key common to a plurality of electronic data storage apparatuses which distribute and store the electronic data with a destination electronic data storage apparatus to which the electronic data is to be output before outputting the stored electronic data.
-
47. The method according to claim 43, wherein contents of authentication information is verified when the electronic data provided with authentication information for checking illegal amendments made to the electronic data is input to the electronic data storage apparatus, and said electronic data is stored only when the authentication information refers to correctness of the data.
-
48. A computer-readable storage medium controlling a computer and comprising a process of:
-
generating first mutual authentication information by encrypting electronic data storage apparatus identification information unique to an electronic data storage apparatus and random information using a master key common to the plurality of electronic data storage apparatuses;
transmitting the first mutual authentication information to another electronic data storage apparatus;
receiving second mutual authentication information from said other electronic data storage apparatus;
decrypting the second mutual authentication information using the master key;
determining if information included in the decrypted second mutual authentication matches the random information used to generate the first mutual authentication information;
when the information included in the decrypted second mutual authentication information matches the random information, generating authentication information used in checking, correctness of stored electronic data; and
outputting the stored electronic data to said other electronic data storage apparatus after adding to the electronic data the authentication information generated for the electronic data. - View Dependent Claims (49)
verifying contents of authentication information when electronic data provided with the authentication information for detecting an illegal amendment made to the electronic data is input; and
storing the electronic data only when the electronic data has not been illegally amended.
-
-
50. An electronic data storage apparatus for storing electronic data, comprising:
-
data storage means for storing electronic data;
authentication information generation means for generating authentication information used in checking correctness of the electronic data stored in said data storage means;
authentication information data output means for outputting the electronic data stored in said data storage means after adding to the electronic data the authentication information generated for the electronic data;
master key storage means for storing a master key common to a plurality of electronic data storage apparatuses;
mutual authentication means for performing mutual authentication between the electronic data storage apparatuses before the electronic data is transferred between the electronic data storage apparatuses; and
electronic data storage apparatus identification information storage means for storing electronic data storage apparatus identification information unique to said electronic data storage apparatus, wherein said mutual authentication means generates first mutual authentication information by encrypting the electronic data storage apparatus identification information and random information using the master key, transmits the first mutual authentication information to another electronic data storage apparatus, receives second mutual authentication information from said other electronic data storage apparatus, decrypts the second mutual authentication information using the master key and determines if information included in the decrypted second mutual authentication information matches the random information used to generate the first mutual authentication information.
-
-
51. An electronic data storage system for storing electronic data, comprising:
-
an electronic data storage apparatus, comprising;
data storage means for storing electronic data, authentication information generation means for generating authentication information used in checking correctness of the electronic data stored in said data storage means, authentication information data output means for outputting the electronic data stored in said data storage means after adding to the electronic data the authentication information generated for the electronic data; and
an authorization device comprising;
specification check means for checking a specification of said electronic data storage apparatus, which is a performance quality to store the electronic data, and authorizing said electronic data storage apparatus when the specification meats predetermined conditions.
-
-
52. A computer data signal embodied in a carrier wave and representing a program that makes the computer perform a process for storing an electronic data, and the process, comprising:
-
generating first mutual authentication information by encrypting the electronic data storage apparatus;
identification information unique to an electronic data storage apparatus and random information using a master key common to the plurality of electronic data storage apparatuses;
transmitting the first mutual authentication information to another electronic data storage apparatus;
receiving second mutual authentication information from said another electronic data storage apparatus;
decrypting the second mutual authentication information using the master key;
determining if information included in the decrypted second mutual authentication information matches the random information used to generate the first mutual authentication information;
when the information included in the decrypted second mutual authentication information matches the random information, generating authentication information used in checking correctness of stored electronic data; and
outputting the stored electronic data to said another electronic data storage apparatus after adding to the electronic data the authentication information generated for the electronic data.
-
-
53. A computer data signal embodied in a carrier wave and representing a program that makes the computer perform a process for storing an electronic data, and the process, comprising:
-
instructing an authorization device for authorizing an electronic data storage apparatus which stores the electronic data whether or not a specification of the electronic data storage apparatus, which is a performance quality to store the electronic data satisfies predetermined conditions; and
storing the electronic data in the electronic data storage apparatus if the authorization device determines that the predetermined conditions are satisfied.
-
Specification