Archive system, management apparatus, and control method

US 8,738,933 B2
Filed: 04/28/2010
Issued: 05/27/2014
Est. Priority Date: 11/13/2007
Status: Active Grant

First Claim

Patent Images

1. An archive system, comprising:

a user terminal that includes a processor that refers to an encrypted content from a removable memory medium; and

a management apparatus that includes a memory that stores a decryption key for decrypting the encrypted content that is a management target, and a processor that acquires management information uniquely specifying the encrypted content from the user terminal and authenticating whether a process of decrypting the encrypted content specified by the management information by using the decryption key is permitted, whereinthe processor of the user terminalreads out the encrypted content that is an authentication target from the removable memory medium that stores the encrypted content in association with the management information, assigns data forming the read encrypted content to a same hash function as that of the management apparatus, and computes a first hash value, andthe processor of the management apparatusacquires the first hash value and the management information from the user terminal;

reads out, from the memory that stores a second hash value in association with the management information, the second hash value corresponding to the first hash value by using the acquired management information as a retrieval key, the second hash value being previously computed by assigning data forming the encrypted content retaining its authenticity to the hash function and authenticates whether the first hash value and the second hash value are identical to each other;

stores, when the authentication result performed is an authentication failure indicating that the first hash value and the second hash value are not identical to each other, an authentication failure result in the memory in association with the management information;

authenticates whether there is a corresponding authentication failure result by using the management information acquired from the memory as a retrieval key; and

permits the process of decrypting when an authentication result is an authentication success indicating that the first hash value and the second hash value are identical to each other and when the corresponding authentication failure does not exist in the memory.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A user terminal reads out an encrypted content from a removable memory medium, assigns data forming the read encrypted content to the same hash function, and computes a first hash value. The management apparatus acquires the computed first hash value and management information from the user terminal, reads out, from a management information memory that stores a second hash value previously computed by assigning data forming the encrypted content retaining its authenticity to the hash function in association with the management information, the corresponding second hash value by using the acquired management information as a retrieval key, authenticates whether the acquired first hash value and the second hash value are identical, and permits a decryption process when the authentication result is an authentication success.

9 Citations

16 Claims

1. An archive system, comprising:
- a user terminal that includes a processor that refers to an encrypted content from a removable memory medium; and
  
  a management apparatus that includes a memory that stores a decryption key for decrypting the encrypted content that is a management target, and a processor that acquires management information uniquely specifying the encrypted content from the user terminal and authenticating whether a process of decrypting the encrypted content specified by the management information by using the decryption key is permitted, whereinthe processor of the user terminalreads out the encrypted content that is an authentication target from the removable memory medium that stores the encrypted content in association with the management information, assigns data forming the read encrypted content to a same hash function as that of the management apparatus, and computes a first hash value, andthe processor of the management apparatusacquires the first hash value and the management information from the user terminal;
  
  reads out, from the memory that stores a second hash value in association with the management information, the second hash value corresponding to the first hash value by using the acquired management information as a retrieval key, the second hash value being previously computed by assigning data forming the encrypted content retaining its authenticity to the hash function and authenticates whether the first hash value and the second hash value are identical to each other;
  
  stores, when the authentication result performed is an authentication failure indicating that the first hash value and the second hash value are not identical to each other, an authentication failure result in the memory in association with the management information;
  
  authenticates whether there is a corresponding authentication failure result by using the management information acquired from the memory as a retrieval key; and
  
  permits the process of decrypting when an authentication result is an authentication success indicating that the first hash value and the second hash value are identical to each other and when the corresponding authentication failure does not exist in the memory.
- View Dependent Claims (2, 3, 4)
- - 2. The archive system according to claim 1, whereinthe processor of the management apparatus acquires, from the user terminal, when the processor of the management apparatus permits the process of decrypting and then the processor of the user terminal decrypts the encrypted content by using the decryption key, storage medium identification information of uniquely identifying a user terminal memory medium into which the decrypted content is written by the user terminal to store the storage medium identification information in the memory, andacquires, from the user terminal, when the processor of the user terminal discards the content, information of an effect that the content is discarded to store the information in the memory.
  - 3. The archive system according to claim 1, whereinthe removable memory medium stores a plurality of encrypted contents,the processor of the management apparatus causes the memory to store memory medium identification uniquely identifying the removable memory medium that stores the encrypted content specified by the management information in association with the management information, andacquires, when the first hash value and the second hash value are not identical, a corresponding one memory medium identification information from the memory by using the management information as a retrieval key, acquires a corresponding plurality of management information by using the acquired one memory medium identification information as a retrieval key, and stores memory medium anomaly information indicating that the removable memory medium has anomaly in the memory in association with the acquired management information,authenticates whether there is a corresponding authentication failure result or memory medium anomaly information in the memory by using the management information acquired from the user terminal as a retrieval key, andpermits the process of decrypting when the first hash value and the second hash value are identical and when the corresponding authentication failure and the memory medium anomaly information do not exist in the memory.
  - 4. The archive system according to claim 3, whereinthe management apparatus comprises:
    - a management apparatus memory that stores a same encrypted content as the encrypted content stored in the removable memory medium in association with the management information, andthe processor of the management apparatus acquires management information corresponding to the authentication failure result and/or the memory medium anomaly information from the memory, acquires a corresponding encrypted content by using the acquired management information as a retrieval key, and migrates the acquired encrypted content.

5. A non-transitory computer readable storage medium having stored therein an archive system control program for controlling an archive system that comprises a user terminal that refers to an encrypted content from a removable memory medium and a management apparatus that stores a decryption key for decrypting the encrypted content that is a management target, the management apparatus acquiring management information that is information of uniquely specifying the encrypted content from the user terminal and authenticating whether a process of decrypting the encrypted content specified by the management information by using the decryption key is permitted, the archive system control program causing a computer serving as the user terminal to execute a process comprising:
- reading out the encrypted content that is an authentication target from the removable memory medium that stores the encrypted content in association with the management information; and
  
  computing a first hash value by assigning data forming the read encrypted content to a same hash function as that of the management apparatus,the archive system control program causing a computer serving as the management apparatus to execute a process comprising;
  
  acquiring the first hash value computed at the computing and the management information from the user terminal;
  
  reading out, from the memory that stores a second hash value in association with the management information, the second hash value corresponding to the first hash value by using the acquired management information as a retrieval key, the second hash value being previously computed by assigning data forming the encrypted content retaining its authenticity to the hash function;
  
  authenticating whether the first hash value acquired at the acquiring and the second hash value are identical to each other;
  
  storing, when the authentication result performed is an authentication failure indicating that the first hash value and the second hash value are not identical to each other, an authentication failure result in the memory in association with the management information;
  
  authenticating whether there is a corresponding authentication failure result by using the management information acquired from the memory as a retrieval key; and
  
  permitting the process of decrypting when an authentication result performed at the authenticating is an authentication success indicating that the first hash value and the second hash value are identical to each other and when the corresponding authentication failure does not exist in the memory.
- View Dependent Claims (6, 7, 8)
- - 6. The non-transitory computer readable storage medium according to claim 5, wherein the process executed by the computer serving the management apparatus comprises:
    - acquiring, from the user terminal, when the decryption process is permitted at the permitting and then the user terminal decrypts the encrypted content by using the decryption key, storage medium identification information of uniquely identifying a user terminal memory medium into which the decrypted content is written by the user terminal to store the storage medium identification information;
      
      storing the storage medium identification information in the memory; and
      
      storing, in the memory, information of an effect that the content is discarded from the user terminal, when the user terminal discards the content.
  - 7. The non-transitory computer readable storage medium according to claim 5, whereinthe removable memory medium stores a plurality of encrypted contents,the computer serving the management apparatus causes the memory to store memory medium identification information of uniquely identifying the removable memory medium that stores the encrypted content specified by the management information in association with the management information,the storing includesacquiring, when the first hash value and the second hash value are not identical, the corresponding one memory medium identification information from the memory by using the management information acquired at the acquiring the first hash value and the management information as a retrieval key,acquiring a corresponding plurality of management information by using the acquired one memory medium identification information as a retrieval key, andstoring memory medium anomaly information indicating that the removable memory medium has anomaly in the memory in association with the acquired management information,the authenticating the authentication failure result includes authenticating whether there is a corresponding authentication failure result or memory medium anomaly information in the memory by using the management information acquired from the user terminal as a retrieval key, andthe permitting includes permitting the process of decrypting when the first hash value and the second hash value are identical and when the corresponding authentication failure and the memory medium anomaly information do not exist in the memory.
  - 8. The non-transitory computer readable storage medium according to claim 7, whereinthe computer serving the management apparatus causes a management apparatus memory to store a same encrypted content as the encrypted content stored in the removable memory medium in association with the management information, andthe process executed by the computer serving the management apparatus comprisesacquiring at least one of management information corresponding to the authentication failure result and the memory medium anomaly information from the memory stored at the storing;
    - acquiring a corresponding encrypted content by using the acquired management information as a retrieval key; and
      
      migrating the acquired encrypted content.

9. A management apparatus includes a memory that stores a decryption key for decrypting an encrypted content that is a management target, and a processor that acquires management information that is information of uniquely specifying the encrypted content from a user terminal that refers to a content that is encrypted from a removable memory medium, and authenticates whether a process of decrypting the encrypted content specified by the management information by using the decryption key is permitted, the management apparatus comprising:
- the processor that acquires a first hash value and the management information from the user terminal;
  
  reads out, from the memory that stores a second hash value in association with the management information, the second hash value corresponding to the first hash value by using the acquired management information as a retrieval key, the second hash value being previously computed by assigning data forming the encrypted content retaining its authenticity to a hash function, and authenticates whether the first hash value and the second hash value are identical to each other;
  
  stores, when the authentication result performed is an authentication failure indicating that the first hash value and the second hash value are not identical to each other, an authentication failure result in the memory in association with the management information;
  
  authenticates whether there is a corresponding authentication failure result by using the management information acquired from the memory as a retrieval key; and
  
  permits the process for decrypting when an authentication result is an authentication success indicating that the first hash value and the second hash value are identical to each other and when the corresponding authentication failure does not exist in the memory.
- View Dependent Claims (10, 11, 12)
- - 10. The management apparatus according to claim 9, wherein the processoracquires, from the user terminal, when the processor permits the process of decrypting and then the user terminal decrypts the encrypted content by using the decryption key, storage medium identification information of uniquely identifying a user terminal memory medium into which the decrypted content is written by the user terminal to store the storage medium identification information in the memory andacquires, from the user terminal, when the user terminal discards the content, information of an effect that the content is discarded to store the information in the memory.
  - 11. The management apparatus according to claim 9, whereinthe removable memory medium stores a plurality of encrypted contents, andthe processor causes the memory to store memory medium identification information of uniquely identifying the removable memory medium that stores the encrypted content specified by the management information in association with the management information,acquires, when the first hash value and the second hash value are not identical, the corresponding one memory medium identification information from the memory by using the management information as a retrieval key, acquires a corresponding plurality of management information by using the acquired one memory medium identification information as a retrieval key, and stores memory medium anomaly information indicating that the removable memory medium has anomaly in the memory in association with the acquired management information,authenticates whether there is a corresponding authentication failure result or memory medium anomaly information in the memory by using the management information acquired from the user terminal from the memory as a retrieval key, andpermits the process of decrypting when the first hash value and the second hash value are identical and when the corresponding authentication failure and the memory medium anomaly information do not exist in the memory.
  - 12. The management apparatus according to claim 11, comprising:
    - a management apparatus memory that stores a same encrypted content as the encrypted content stored in the removable memory medium in association with the management information; and
      
      the processor acquires management information corresponding to the authentication failure result and/or the memory medium anomaly information from the memory, acquires a corresponding encrypted content by using the acquired management information as a retrieval key, and migrates the acquired encrypted content.

13. A controlling method performed in an archive system that includes a user terminal that refers to an encrypted content from a removable memory medium, and a management apparatus that stores a decryption key for decrypting the encrypted content that is a management target, the management apparatus acquiring management information that is information of uniquely specifying the encrypted content from the user terminal and authenticating whether a process of decrypting the encrypted content specified by the management information by using the decryption key is permitted, the controlling method comprising:
- in the user terminal,reading out the encrypted content that is an authentication target from the removable memory medium that stores the encrypted content in association with the management information,computing a first hash value by assigning data forming the read encrypted content to a same hash function as that of the management apparatus, andin the management apparatus,acquiring the first hash value computed at the computing and the management information from the user terminal;
  
  reading out, from the memory that stores a second hash value in association with the management information, the second hash value corresponding to the first hash value by using the acquired management information as a retrieval key, the second hash value being previously computed by assigning data forming the encrypted content retaining its authenticity to the hash function;
  
  authenticating whether the first hash value acquired at the acquiring and the second hash value are identical to each other;
  
  storing, when the authentication result performed is an authentication failure indicating that the first hash value and the second hash value are not identical to each other, an authentication failure result in the memory in association with the management information;
  
  authenticating whether there is a corresponding authentication failure result by using the management information acquired at the acquiring from the memory as a retrieval key; and
  
  permitting the process of decrypting when an authentication result performed at the authenticating is an authentication success indicating that the first hash value and the second hash value are identical to each other and when the corresponding authentication failure does not exist in the memory.
- View Dependent Claims (14, 15, 16)
- - 14. The controlling method according to claim 13, comprising:
    - in the management apparatus,acquiring, from the user terminal, when the decryption process is permitted at the permitting and then the user terminal decrypts the encrypted content by using the decryption key;
      
      storing, in the memory, storage medium identification information of uniquely identifying a user terminal memory medium into which the decrypted content is written by the user terminal;
      
      acquiring, from the user terminal, when the user terminal discards the content, information of an effect that the content is discarded; and
      
      storing the information in the memory.
  - 15. The controlling method according to claim 13, wherein the removable memory medium stores a plurality of encrypted contents, the management apparatus causes the memory to store memory medium identification information of uniquely identifying the removable memory medium that stores the encrypted content specified by the management information in association with the management information, the storing includes acquiring, when the first hash value and the second hash value are not identical, the corresponding one memory medium identification information from the memory by using the management information acquired at the acquiring as a retrieval key;
    - acquiring a corresponding plurality of management information by using the acquired one memory medium identification information as a retrieval key; and
      
      storing memory medium anomaly information indicating that the removable memory medium has anomaly in the memory in association with the acquired management information, the authenticating the authentication failure result includes authenticating whether there is a corresponding authentication failure result or memory medium anomaly information in the memory by using the management information acquired from the user terminal as a retrieval key, and the permitting includes permitting the process of decrypting when the first hash value and the second hash value are identical and when the corresponding authentication failure and the memory medium anomaly information do not exist in the memory.
  - 16. The controlling method according to claim 15, wherein the management apparatus causes the memory to store a same encrypted content as the encrypted content stored in the removable memory medium in association with the management information, andthe method comprisingacquiring management information corresponding to at least one of the authentication failure result and the memory medium anomaly information from the memory stored at the storing;
    - acquiring a corresponding encrypted content by using the acquired management information as a retrieval key; and
      
      migrating the acquired encrypted content.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fujitsu Limited
Original Assignee
Fujitsu Limited
Inventors
Umezuki, Takeshi
Primary Examiner(s)
Smithers, Matthew

Application Number

US12/662,693
Publication Number

US 20100217983A1
Time in Patent Office

1,490 Days
Field of Search

713/168, 713/193
US Class Current

713/193
CPC Class Codes

G06F 21/64 Protecting data integrity, ...

Archive system, management apparatus, and control method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

9 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Archive system, management apparatus, and control method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

9 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links