JP2001356964A - Ciphered data storage device - Google Patents

Abstract

PROBLEM TO BE SOLVED: To reduce the number of accesses to a flash memory for recording unit data including secondary information to be annexed to a data body required to be protected and the number of times of calculation of an ICV. SOLUTION: In addition to a data ciphering/deciphering unit 11, a hard disk 15 for recording ciphered data and a flash memory 20 for recording ciphered unit data including secondary information annexed to the data body stored in the hard disk 15 together with the ICV, a ciphered data storage device is provided with a cache device 16 including a cache memory 17 whose access speed is faster than the flash memory 20. The ciphered unit data to be recorded in the cache memory 17 can be grouped in accordance with the type or the like of the data and managed by a cache optimizing device 18 so as to preferentially leave unit data whose reference frequency is high or unit data which are recently updated.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an encrypted data storage device and, more particularly, to an encrypted data storage device which encrypts a data body of data containing information that needs to be kept confidential and unit data containing secondary information attached to the data body. The present invention relates to an encrypted data storage device for storing data from a storage device.

[0002]

2. Description of the Related Art Conventionally, in an encrypted data storage device, that is, a device for storing data containing information which must not be leaked to a third party, and then storing the data, for example, as a software technology used for data encryption, DES (Data Encry
encryption technology using a common key, such as the encryption standard (Ption Standard), and encryption technology using a public key known by the name of the developers named RSA (Rivest-Shamir-Adleman). As a software technology for confirming that the data has not been tampered, for example, a technology for calculating an integrity check value (hereinafter referred to as “ICV”) is used.

Further, as a hardware configuration, for example, a configuration in which data is stored in a storage device such as a hard disk or a flash memory is adopted. FIG. 6 is a block diagram showing a configuration of a conventional encrypted data storage device.

The conventional encrypted data storage device includes a data encryption / decryption unit 62, a hard disk 65, and a flash memory 66, and realizes data encryption / decryption and data recording / storing. I have.

The data encryption / decryption unit 62
Has a cryptographic calculator 63 and a flash memory 64. The cryptographic calculator 63 has a cryptographic calculation function for realizing the above-mentioned cryptosystems such as DES and RSA, and the flash memory 64 stores a secret key used for the cryptographic calculation,
It has a function of storing a key such as a public key. As a result, the data encryption / decryption unit 62 performs the encryption calculation by the encryption calculator 63 using various keys in the flash memory 64, thereby realizing the data encryption / decryption function.

Examples of information that must not be disclosed to third parties include copyrighted works such as music, video, programs, and texts. Examples of information that must not be tampered with illegally include the above-mentioned copyrighted works. Information associated with the above-mentioned copyrighted work, such as copyright, license information, user's usage history, and the like.

Of these pieces of information, the main body of the literary work such as music, video, program, text, etc., whose information size is relatively large and whose duplication must be prevented, is encrypted by the data encryption / decryption unit 62. It is recorded on a hard disk 65 which is a mass storage device.

Thus, it is possible to adopt a configuration in which a work is recorded on a hard disk, and to prevent a situation in which a work usable from the hard disk is illegally transferred to a third party.

[0009] The accompanying information such as the copyright, the license information, and the usage history of the user has a relatively small information size, and requires a higher-speed information read / write. It is recorded in the flash memory 66. At the same time, since it is necessary to prevent unauthorized alteration of such information by a third party, the above ICV is calculated for the recorded information and recorded.

As a result, the information recorded in the memory is illegally tampered with by a third party (for example, the use restrictions such as the validity period and the number of times the copyrighted material can be used are changed). Even if the recorded information is used, the ICV of the information is recalculated, and the calculated ICV value and the valid information are calculated and stored. By comparing the ICV value with the ICV value, illegal tampering can be detected.

[0011]

However, conventionally, the size of the accompanying information of a work to be recorded is limited to the ICV.
Is very small compared to the storage capacity of the memory for calculating. Further, the flash memory 66 has a restriction that writing can be performed in bit units, but erasing can be performed only in block units. For this reason, depending on the prior art, if the data recorded in the flash memory 66 is managed so as not to be tampered with, the number of ICV calculations and the number of data erasures / writes to the flash memory 66 increase. Had problems.

[0012] These pieces of information differ in the timing of creation, change, and deletion, and the number of uses. Even for the same type of license information, for example, the timing of creation, change, and deletion, and the number of times of use are different. For this reason, depending on the prior art, the flash memory 6 may be applied to such information by applying a technique for preventing unauthorized modification by a third party.
If you try to record on flash memory 6,
6 and the number of calculations of the ICV increase, and as a result, there arises a problem that data processing efficiency is reduced.

The present invention has been made in view of the above-described problems in the conventional encrypted data storage device, and stores secondary information attached to a data body requiring protection such as prevention of unauthorized tampering. It is an object of the present invention to provide an encrypted data storage device capable of reducing the number of accesses to a flash memory for recording included data and the number of ICV calculations of the data.

[0014]

According to the present invention, there is provided an encrypted data storage device for encrypting and recording data to be kept confidential in response to a request from a higher-order external system. Encryption / decryption means for encrypting or decrypting the data, data recording means for encrypting and recording the data body of the data by the encryption / decryption means, and secondary data attached to the data. A first attached data recording means for encrypting and recording unit data containing information by the encryption / decryption means, and a first attached data recording means provided between the encryption / decryption means and the first attached data recording means; And a second attached data recording means having a higher access speed than the first attached data recording means functioning as a cache memory of the first attached data recording means. Encrypted data storage device is provided to symptoms.

That is, according to the present invention, there is provided an encrypted data device for encrypting or decrypting data requiring confidential storage and storing the encrypted data, and a data encryption / decryption device for performing calculation processing such as data encryption and decryption. A hard disk for recording the encrypted data and an encrypted unit data including secondary information attached to the data.
In addition to a flash memory for recording together with the flash memory, a cache memory having an access speed higher than that of the flash memory is provided between the data encryption / decryption device and the flash memory. The encrypted unit data to be recorded can be grouped according to the type of data and the like, and can be managed so that data having a high reference frequency or data having a young update time are preferentially left. The number of accesses to a data storage device having a low access speed is reduced while preventing tampering or duplication of information, and the data processing speed is improved while maintaining data reliability.

[0016]

Embodiments of the present invention will be described below with reference to the drawings. FIG. 1 is a block diagram showing an overall configuration of an encrypted data storage device according to an embodiment of the present invention.

The encrypted data storage device according to the present embodiment is a data encryption / decryption unit 11 for encrypting data to be stored and decrypting data to be taken out.
And a backup power supply 14 that is activated in the event of a power outage, etc.
And the data that needs to be protected (eg, the main body of a work such as music, video, programs, or text that needs to be prevented from being copied)
A hard disk 15 for recording the data, a cache device 16, and a flash memory 20 for recording accompanying information of the data (for example, copyright, license information, use history of the user).

The data encryption / decryption unit 11 includes an encryption calculator 12 for performing an actual encryption calculation, and a flash memory 13 for storing a secret key used for the encryption calculation, a public key, and the like. Is provided.

Furthermore, the cache device 16 includes a cache memory 17, a cache optimization device 18, and a cache optimization database 19. Hereinafter, the function of the encrypted data storage device according to the present embodiment will be described with reference to FIG.

The data encryption / decryption unit 11 is, for example,
It has a function of performing high-speed calculations required for data encryption and decryption using various encryption methods such as the RSA encryption method, the elliptic curve encryption method, and the DES encryption method.

The above calculation may be a calculation of one complete encryption / decryption algorithm, for example, an RSA encryption or a DES encryption, or a power operation generally required for the encryption calculation, A predetermined routine function such as a remainder operation may be executed, and these calculation functions may be modularized. In the case of one complete encryption / decryption algorithm, there is an advantage that the calculation of one encryption method can be completed, but there is a disadvantage that there is no versatility.

Further, when a predetermined routine function is executed, there is an advantage that it can be applied to various cryptosystems and has versatility, but on the other hand, a calculation routine for encryption is completed using a calculator. There is a disadvantage that the work at the time of mounting increases.

In either case, it does not matter whether the function is realized by hardware or the function is realized by software. The hard disk 15 is a storage device having a function of writing data sequentially. As long as the device is a storage device having a function of sequentially writing data, a device other than a hard disk may be used. For example, a DVD-RAM, a CD-RW, or the like may be used. In this case, there is an advantage that data can be managed using a removable medium such as a DVD or a CD.

The cache memory 17 is a storage device having a function of temporarily storing data to be recorded in the flash memory 20. The cache optimizing device 18 and the cache optimizing database 19 store data having a high frequency of reference. It has a function to leave it in 17.

The backup power supply 14 is composed of, for example, a battery, a capacitor, and the like, is installed as an auxiliary power supply for the entire system, and is stored in a memory such as a RAM when the power is cut off due to a sudden power failure or user operation. It has a function to avoid losing existing data.

By combining the above functions, the encrypted data storage device according to the present embodiment reduces the number of accesses to the flash memory 20, thereby realizing high-speed data reading / writing.

FIG. 2 is a functional block diagram showing a series of processing functions until the encrypted data storage device according to the embodiment of the present invention stores data in the flash memory. Hereinafter, a series of processing functions until the encrypted data storage device according to the present embodiment stores data in the flash memory will be described with reference to FIG. 1 and a functional block diagram shown in FIG.

The microprocessor external I / F (interface) unit 31 can be composed of a general-purpose microcomputer such as an SH microcomputer, for example, and has a so-called CPU core function, an external I / F function, etc. It is connected via a serial I / F to an external processor 30 that manages the entire system of a storage device such as a hard disk, and receives and executes instructions from a host.

The microprocessor external I / F unit 3
1 may be a so-called state machine that has only an I / F with a higher order and is capable of processing only a limited instruction at a higher order. In this case, although the function is limited, there are advantages such as a reduction in cost.

The data selection section 32 has a function of acquiring information such as the type and size of data. The input data is, for example, UCS_I which is information required when a user uses a copyrighted work. (Usage Control Status), whether or not it is Usage Log, which is usage history information, and how many bytes the size is.

The cache optimizing device 18 functionally includes a cache optimizing unit 34, a group priority checking unit 35, and an individual data priority checking unit 36. The cache optimizing unit 34 includes the cache memory 17 shown in FIG.
When reading / writing data from / to an external system, a function to check the state of the cache memory 17 such as information on data in the cache memory 17 and the free space of the write area is provided. , Implement the above functions.

The group priority checking unit 35 is one of the functions used by the cache optimizing unit 34 and has a function of managing information in the cache memory 17 for each group. If there is no space for managing group priorities or writing new data in the cache memory 17,
A function is provided for determining whether or not to erase a group having a lower priority order in the cache memory 17.

The individual data priority checking unit 36 is one of the functions used by the cache optimizing unit 34, similarly to the group priority checking unit 35, and individually manages information in the cache memory 17. It has a function of managing the priority of individual data in the cache memory 17 and optimizing the combination of data forming a group.

The memory access unit 37 has a function of performing preparation processing for writing and reading data to and from the cache memory 17 and actually performing processing until writing and reading. Is written in the cache memory 17 and data in the cache memory 17 is read.

In FIG. 2, reference numeral P1 indicates a recording request from the external processor 30 to the microprocessor external I / F unit 31, and reference numeral P2 indicates a recording request from the microprocessor external I / F unit 31 to the data selection unit 32. P3 indicates a cache confirmation request from the data selection unit 32 to the cache optimizing device 18, and P4 indicates a priority confirmation from the cache optimizing unit 34 to the group priority confirmation unit 35. The request P5 indicates
Group priority order checking unit 35 to cache optimizing unit 3
4 indicates a priority confirmation result, reference numeral P6 indicates a cache optimization instruction from the cache optimization device 18 to the cache memory 17, and reference numeral P7 indicates a cache confirmation from the cache optimization device 18 to the data selection unit 32. The result indicates that reference numeral P8 indicates a recording request from the data selection unit 32 to the memory access unit 37, reference numeral P9 indicates a recording process from the memory access unit 37 to the cache memory 17, and reference numeral P10 indicates the cache memory 17 Indicates a signal to end recording to the memory access unit 37 from the symbol P11.
Indicates a signal indicating the end of recording from the memory access unit 37 to the data selecting unit 32, and reference numeral P12 indicates a signal indicating the end of recording from the data selecting unit 32 to the external I / F unit 31 of the microprocessor.

FIG. 3 is a flowchart showing the operation of the encrypted data storage device according to the embodiment of the present invention at the time of new writing processing. Hereinafter, referring to FIGS. 1 and 2, FIG.
The operation of the encrypted data storage device according to the present embodiment at the time of new write processing will be described using the flowchart shown in FIG.

First, in step S 1, the microprocessor external I / F section 31 receives a UCS_I recording request (command) from the external processor 30 and passes the recording request and UCS_I to the data selection section 32.

In step S2, the data selection unit 32, which has received the recording request, first checks the type and size of the data UCS_I received together with the command, and determines that the data is valid (recordable). Check if there is, and classify.

In step S3, the data selection unit 32
If the data corresponds to data prohibited from being written to the flash memory 20, or if the command corresponds to an invalid command, the execution of the command is rejected.
It moves to step S14 mentioned below. If it is a valid command or data, the data selecting unit 32 notifies the cache optimizing unit 34 of the number of bytes of the UCS_I checked above and the fact that the UCS write command is received, An instruction is made to make the data writable in the cache memory 17 (that is, to create a free area).

In step S4, the cache optimizing unit 3
4 examines the current internal state of the cache memory 17;
If the UCS_I is in a writable state, the fact is notified to the data selection unit 32, and the process proceeds to step S5.
Move on to If the cache memory 17 cannot be written (that is, there is no free area), the process proceeds to step S7.

In steps S7 and S8, the cache optimizing unit 34 receives information necessary for optimizing the cache memory 17 from the group priority order checking unit 35, and optimizes the cache memory 17 via the memory access unit 37. Instruction (that is, determination of priority in the buffer (cache memory 17) and erasure processing of a block with a low priority)
Execute As a result, the cache memory 17
Is performed, the cache optimizing unit 34 optimizes the cache memory 17 in the data selecting unit 32,
Notifies that writing is possible.

In step S5, the data selection section 32
Writing to a free area of the cache memory 17;
That is, the write instruction of UCS_I is sent to the memory access unit 37. The memory access unit 37 that has received the write command writes the above UCS_I to an area in the cache memory 17 where the write is possible.

In step S6, the cache optimizing unit 3
Step 4 verifies whether the written block has been written over the previous area. In other words, after writing the above UCS_I, if there is no free area in the area of the group to which the UCS_I has been written, the process proceeds to step S9, and if there is still a free area in the area of the group, the process proceeds to step S13 described later.

In step S9, the memory access unit 37
Verifies whether or not writing is possible on the external memory (that is, the flash memory 20). If writing is not possible, the process proceeds to step S14 described later, and if writing is possible, the process proceeds to step S10.

In step S10, the memory access unit 3
7 writes to the flash memory 20 of the above group. In step S11, the memory access unit 3
7 calculates the ICV of the written data.

In step S12, the memory access unit 3
Step 7 records the ICV in a safe place and ends the processing. In step S13, a termination process is performed.
That is, the execution result is stored in the microprocessor external I / F unit 31.
To end the writing process.

In step S14, exception processing is performed. Table 1 below summarizes an example of items related to cache memory optimization processing performed by the cache optimization device 18 of the encrypted data storage device according to the embodiment of the present invention when reading and writing data. It is a table.

[0048]

[Table 1]

Hereinafter, the contents of the cache memory optimizing process performed by the cache optimizing device 18 of the encrypted data storage device according to the present embodiment will be described with reference to Table 1 above.

Here, in the cache memory 17,
It is assumed that data is recorded in group units and four groups from group 1 to group 4 are recorded. Each of the groups is recorded in Table 1 above with the items of group name, data type, data name, data priority, and group priority.

The data type item includes UCS (Usage
Control Status Key) is recorded. The name of the data records the name for identifying the data. The data priority item contains the date and time of update, the number of uses, the type of data determined by the data type, etc. A value representing superiority is recorded, and a value representing superiority of the entire group obtained from superiority of individual data in the group is recorded in the item of group priority.

The items and their contents relating to the cache memory optimizing process by the cache optimizing device 18 of the encrypted data storage device according to the embodiment of the present invention are limited to the example shown in Table 1 above. Not something, for example,
Depending on the method of use, it is possible to add information such as data size and update history.

Here, an example of how to assign priorities will be described.
For example, UC is expected to be updated every time a work is used
Since S is frequently used, the UCS group is given a higher priority, and conversely, a Us group that is generated when a copyrighted work is purchased and has no opportunity to be updated until it is transmitted to a billing processing center.
The age Log group lowers its priority. Also,
It is possible to increase the priority as the date and time of update of the data in the group is newer, and to lower the priority as the data is older.

As an example of optimization of the cache memory,
In a state where the data as shown in Table 1 is recorded in the cache memory 17, a case where the group 5 which is not recorded in the cache memory 17 but is recorded in the flash memory 20 is updated will be considered.

In this case, the processing procedure is as follows. First, one group in the cache memory 17 is erased (moved to the flash memory 20), and the group 5 is written in a free area generated by the deletion. Update the data. In this process, the group to be erased from the cache memory 17 needs to be selected and erased from the group which is less frequently used, from the viewpoint of the speed of data access and the use efficiency of the memory. Therefore, the cache optimizing device 18 checks the group priorities in the cache memory 17 and performs processing so that the group with the lowest priority is deleted. In the example of Table 1, group 3 is deleted.

Also, as in group 1, UCS_A to UCS_C
Is high in priority, and only UCS_D is extremely low in priority, and the imbalance of priorities in the group lowers the use efficiency of the cache memory. Therefore, the cache optimizing device 18 searches for the same data type and higher priority data in another group. When matching data is found, the cache optimizing device 18 replaces the data and optimizes the group.

FIG. 4 is a flowchart showing the operation of the encrypted data storage device according to the embodiment of the present invention at the time of data correction / deletion processing. Hereinafter, with reference to FIGS.
The operation at the time of data correction / deletion processing of the encrypted data storage device according to the present embodiment will be described using the flowchart shown in FIG.

First, in step A 1, when the microprocessor external I / F unit 31 receives a request to modify (delete) the contents of the UCS_I information from the external processor 30, it requests the data selection unit 32 to modify (or delete) the contents. (Instruction) and hand over the correction (or deletion) information.

In step A2, the data selection unit 32 that has received the request analyzes the type and content of the instruction, and stores the data (UCS_UCS) in the memory access unit 37 according to the content.
Instruct (I) to modify (or delete) the contents.

In step A3, the memory access unit 37
When the cache memory 17 is accessed and there is data to be modified (or deleted) in the cache memory 17, the process proceeds to step A 10, which will be described later, and when there is no data in the cache memory 17. In step A, the fact that the data is not in the cache memory 17 is returned to the data selection unit 32 as a result.
Move to 4.

In step A4, the cache optimizing unit 3
4 verifies whether or not there is a free block in the current cache memory 17. More specifically, the current internal state of the cache memory 17 is checked, and if the data is in a writable state, the fact is checked by the data selection unit 32.
And the process proceeds to Step A7 described later. If the cache memory 17 cannot be written (that is, there is no free area), the process proceeds to step A5.

In steps A5 and A6, the cache optimizing unit 34 receives information necessary for optimizing the cache memory 17 from the group priority checking unit 35, and optimizes the cache memory 17 via the memory access unit 37. Instruction (that is, determination of priority in the buffer (cache memory 17) and erasure processing of a block with a low priority)
Execute As a result, the cache memory 17
Is performed, the cache optimizing unit 34 optimizes the cache memory 17 in the data selecting unit 32,
Notifies that writing is possible.

In step A7, the data selection section 32
The target block is written into a free area of the cache memory 17, that is, a command to write a block including the data is sent to the memory access unit 37. The memory access unit 37 that has received the write instruction writes the above-described block in an area in the writable cache memory 17.

In step A8, the memory access unit 37
Calculates the ICV of the written target block. In step A9, the memory access unit 37 verifies whether or not the calculation result of the ICV is correct. If not, the memory access unit 37 performs exception processing in step A13.

In step A10, the memory access unit 3
Step 7 verifies whether the instruction is a correction processing or a deletion processing, and if the instruction is a correction processing, Step A11
Then, the data to be corrected is corrected and the ICV is recalculated. If the process is a deletion process, in step A14, after deleting all the data to be deleted, the processing result is returned to the data selection unit 32.

The data selection unit 32 includes a memory access unit 3
7, when the result of the correction (deletion) of the UCS_I is completed, the microprocessor external I / F unit 3
The result is returned to 1 and the process is terminated.

FIG. 5 is a flow chart showing a process for correcting and deleting a part of data in the flash memory of the encrypted data storage device according to the embodiment of the present invention, in which data is transferred between the cache memory and the flash memory. FIG.

Here, it is assumed that the cache memory 17 can store a plurality of data groups. The flash memory 20 is divided into a block I and a block II according to hardware specifications. Writing can be performed in bit units, but erasing is performed in block units.

Block I has an area for storing three groups of data, and stores a group A storing UCS_A to UCS_F and a group B storing UCS_G to UCS_L. .

Hereinafter, as a processing example, the UCS_ shown in FIG.
A description will be given by taking as an example a procedure of a correction process for changing B to UCS_B 'and a deletion process for deleting UCS_B. Each group has a table for managing whether the group is valid or invalid. When the flag in the table is “Enable”, it indicates that the group is an available group.
Indicates that the group is unavailable.

First, in the case of the correction processing for changing UCS_B to UCS_B ′, first, the group A including UCS_B is read, and the contents of the group A are copied to the cache memory 17. Next, the cache memory 17
Changes the contents of UCS_B to UCS_B '.

At this point, since the group A in the flash memory 20 is old information and needs to be prohibited from being used, the flag of the group A is set to Disab.
le. Next, UCS_B sets the flag to Enab to allow the use of group C changed to UCS_B '.
le, and a series of correction processing ends.

Next, as an example of data deletion, UCS_B
Is deleted, the UCS_
UCS_B is erased in the same area where the write processing of B 'was performed, and the flag is set to Disable.
To end the process.

As described above, the data in the flash memory 20 is updated, and when all the blocks I have become Disable group data, the data erasing process in the block I is performed.

In general, by updating data in the cache memory according to such a procedure, it is possible to store data in the flash memory while protecting data that must be protected from unauthorized tampering such as UCS. Further, there is an effect that the number of times of erasing processing of the flash memory can be reduced.

[0076]

As described above, according to the present invention, in an encrypted data device for encrypting or decrypting data requiring confidential storage and storing the encrypted data, between the data encrypting / decrypting device and the flash memory, Install a cache memory with faster access speed than the above flash memory,
Further, the unit data recorded in the cache memory can be grouped according to a data type or the like,
In addition, since data with a high frequency of reference and data with a young update time are managed preferentially, the number of accesses to the data storage device with a low access speed is reduced while preventing tampering and duplication of information. Data processing speed can be improved while maintaining data reliability.

[Brief description of the drawings]

FIG. 1 is a block diagram showing an overall configuration of an encrypted data storage device according to an embodiment of the present invention.

FIG. 2 is a functional block diagram showing a series of processing functions until the encrypted data storage device according to the embodiment of the present invention stores data in a flash memory.

FIG. 3 is a flowchart showing an operation at the time of a new write process of the encrypted data storage device according to the embodiment of the present invention.

FIG. 4 is a flowchart showing an operation at the time of data correction / deletion processing of the encrypted data storage device according to the embodiment of the present invention.

FIG. 5 shows a process of transferring data between a cache memory and a flash memory in a process of correcting and deleting a part of data in a flash memory of an encrypted data storage device according to an embodiment of the present invention. FIG.

FIG. 6 is a block diagram showing a configuration of a conventional encrypted data storage device.

[Explanation of symbols]

11 data encryption / decryption device, 12 encryption calculator, 13 flash memory, 14 backup power supply, 15 hard disk, 16 cache device, 17 cache memory, 18 Cache optimization device, 19: Cache optimization database, 2
0 ... Flash memory

Claims (7)

[Claims] An encrypted data storage device for encrypting and recording data to be kept confidential, and encrypting / decrypting the data in response to a request from a higher-order external system; A data recording unit for encrypting and recording the data body of the data by the encryption / decryption unit; and encrypting unit data including secondary information accompanying the data by the encryption / decryption unit. First to record
Attached data recording means, and the first attached data functioning as a cache memory of the first attached data recording means, installed between the encryption / decryption means and the first attached data recording means. An encrypted data storage device, comprising: second attached data recording means having an access speed higher than that of the data recording means. 2. The encrypted data storage device according to claim 1, further comprising the second attached data recording means for grouping and storing the unit data. 3. The method according to claim 2, wherein a priority is given to each of the group and the unit data in the group, and a stay period of the unit and the unit data in the group is controlled according to the priority. 2. The encrypted data storage device according to claim 1, further comprising an attached data recording unit. 4. The encrypted data storage device according to claim 3, wherein the priority is assigned based on a presumed reference frequency for the unit data or the group. 5. The encrypted data storage device according to claim 4, wherein the priority is assigned based on a type of the unit data or the unit data in the group. 6. The encrypted data storage device according to claim 3, wherein the magnitude of the priority is determined in the order of the update date and time of the unit data or the group. 7. When the data recording means records the data body, or when the first attached data recording means records the unit data, an integrity check value of the unit data is calculated and recorded. Means for storing, and when reading the data body recorded by the data recording means, or when reading the unit data recorded by the first attached data recording means, each of the recorded data Means for recalculating the integrity check value of, and means for detecting falsification of the recorded data by comparing the recorded integrity check value corresponding to the recalculated integrity check value. 2. The encrypted data storage device according to claim 1, wherein: