JP4531449B2 - Data management system - Google Patents

Description

  The present invention relates to a digital data management system effectively applied to digital data management, particularly copyright management of copyrighted work data, electronic commerce, and electronic currency.

  Today, called the information age, database systems that mutually use various data that have been stored independently by each computer by connecting each computer via a communication line are becoming widespread. The information handled so far in this database system is coded information with a small amount of information that can be processed by a classic computer and monochrome binary data such as facsimile information at most. It was not possible to handle data with much more information.

  As digital processing technology for various electrical signals develops, development of digital processing technology for image signals other than binary data, which has conventionally been handled only as an analog signal, is also in progress. This digitalization of image signals makes it possible for computers to handle image signals such as television signals. A "multimedia system" that simultaneously handles various data handled by computers and image data obtained by digitizing image signals. Is attracting attention as a future technology.

Since image data has an overwhelmingly large amount of information compared to character data and audio data, it is difficult to store, transfer, or perform various processes in a computer as it is. Therefore, it is conceivable to compress / decompress these image data, and several standards for image data compression / decompression have been created. Among them, JPEG (Joint Photographic image coding Experts Group) standard for still images and H.
261 standard, MPEG1 for image storage (Moving Picture image coding Experts Group 1
) The MPEG2 standard corresponding to high-definition television broadcasting was created from the standard and current television broadcasting. With these technologies, digital video data can be processed in real time.

  Since analog data that has been widely used in the past deteriorates in quality every time it is stored, copied, processed, or transferred, copyright processing caused by these operations has not been a major problem. However, even if digital data is repeatedly stored, copied, processed and transferred, quality degradation does not occur, and copyright processing caused by these operations is a big problem. Up to now, there has been no accurate method for copyright processing of digital data, and it has been processed by copyright law or contract, and compensation law for digital recording / recording equipment has also been institutionalized under copyright law. Only.

  Database usage is not limited to simply referring to the contents of the database. Usually, the obtained data is effectively used by storing, copying, and processing, and the processed data is online via a communication line or an appropriate storage medium. It is possible to transfer it to others online using the, and even transfer it to the database and register it as new data. In conventional database systems, only character data is the object. In multimedia systems, in addition to data such as characters that have been databased so far, audio data and image data that are originally analog data are digital. It is made into a database.

Under such circumstances, how to handle the copyright of the data in the database is a big problem, but so far the copyright management means for that purpose, especially secondary use such as copying, processing, transfer, etc. There is no completed copyright management means.

On the other hand, a computer communication system called the Internet has been rapidly spread over the past few years in data communication using a computer that has been performed on a relatively small scale until now, and has become familiar to all people. Initially, the information communicated by this Internet system was only text information. However, as the technology advances, audio data and image data are handled, and electronic commerce data or electronic data where reliability and confidentiality are important. Even currency data is going to be handled by the Internet system.
JP-A-8-185448 JP-A-7-14045 Japanese Patent Laid-Open No. 60-102038 JP-A-5-316102

Under such circumstances, there is a demand for establishment of a security guarantee technique regarding the confidentiality and reliability of data to be handled and a charging technique when charging is required.
Although copyright claims are often made for copyrighted work data that is charged for use, some copyrighted data do not proactively claim copyright, such as personal e-mails, advertisements, and promotions. . For example, in the case of personal mail without copyright claims, ensuring privacy, preventing content tampering and preventing forgery are important. In addition, even for advertising / promotional data that normally does not claim copyright, damage may be caused by falsification of contents, distribution to non-target persons, or business confusion due to fake data may occur. As described above, it is necessary to prevent falsification of contents, privacy infringement and counterfeiting in the case of personal mail, and in the case of advertisement / promotion data, it is necessary to prevent falsification of contents, restrict viewing, and prevent counterfeiting.

  Personal email privacy infringement prevention and advertisement data browsing restrictions can be realized by data encryption. Personal mail and advertisement data forgery prevention, personal email and advertisement / advertisement data falsification prevention are confirmed by the sender Realized by (authentication).

An Internet system having a grassroots idea is very weak in security of the system itself. Systems for ensuring the security of the Internet system have been proposed, and typical systems include PEM (Privacy Enhanced Mail) adopting a hierarchical structure and PGP (Pretty Good Privacy) adopting a horizontal distribution structure. These all perform data confidentiality, authentication of the sender, proof of tampering with the data, display of the first sender, and management of the public key. However, it is impossible to restrict reuse including data processing. is there.

In the PEM that adopts the hierarchical structure, the top-level organization called IPRA (Internet PCA Registration Authority), the next organization and organization (Organizational) called PCA (Policy Certification Authority), the region (Regidential), and the individual (Personal) The public key is composed of the lowest-level institutions called each, and the higher-level certification authority (Certification Authorityies) issues a public key certificate digitally signed to the data such as the name of the lower-level authority for the public key of the lower-level authority. Guarantees the legitimacy of

  In PGP which adopts a horizontal distribution structure, there is no organization equivalent to PEM's Certificate Authority, and the validity of the public key can be verified by issuing a public key certificate digitally signed to the data such as the name of the public key by a trusted person. Guarantee. In this PGP, there is a method called a digital fingerprint in which a 16-byte hash value obtained by hashing a public key with a one-way hash (hash) function such as MD5 (Message Digest 5) is confirmed by voice as a simple public key confirmation method.

  When PEM and PGP are compared, there is no problem with the authenticator in the PEM that adopts the hierarchical structure, but it is not necessarily a general system in the grassroots Internet system. On the other hand, PGP is a simple and generally widely adoptable system, but cannot be used when no reliable signer is found.

  By the way, with the development of computer network systems, individual computers that were conventionally used in a stand-alone manner have been connected via a network system, and database systems that share data have become widespread. A distributed object system in which even basic software called a system is shared via a network has been proposed.

  In the distributed object system, both data and software are supplied from a server as an object composed of a program and data. In a distributed object system, an operating system, application programs and data are provided by a server, and data processing and data storage are performed by a user terminal device which is a normal computer, a system called an object container, and an operating system, application programs and data are There is a system called a server object server provided by a server and processed by a user terminal device called a network computer, but stored by the server. This server object server system is further pushed, data processing is also performed by the server, and the user terminal device has only an input / output function, and it is considered that the entire system functions as one computer.

  As another form of network system, a provider providing a network infrastructure such as a communication line provides a charging system other than a communication line, a security system, a copyright management system, an authentication system, etc., and a service provider A “rental network system” called a “licensing network” is also conceived, in which a network business is carried out using a system service as if it were its own system.

Inventor in this application, digital data management for realizing digital data copyright protection, security of electronic commerce data, security of electronic currency data in ordinary computer network system, distributed object system and license network system Propose a system.

  The first digital data management system includes a data management center on the network, an original copyright holder or information provider using the network, and a plurality of users. The data management center authenticates the network user's public key, distributes the data encryption private key for user label presentation, and grasps the data usage status by requesting the private key. Data is encrypted and stored and transferred using a secret key, but data to be stored and transferred is encrypted with a secret key different from the secret key of the transferred data. The original data label is added to the original data, and the processed data label is added to the processed data, and the data management center does not store the data but only stores the original data label and the processed data. The user label is used for requesting the secret key, but the electronic fingerprint of the user label can be used instead.

The second digital data management system is composed of a data management center on the network, an original copyright holder or an information provider, and a plurality of users who use the network. The data management center authenticates the network user's public key, stores the original data and the processing scenario, and stores the user label original data label and the processing data label. Data is not transferred between users, but a data label encrypted with a public key is transferred. Data labels are used for transfer and usage applications, but electronic fingerprints of data labels can be used instead.

  In the e-commerce system, all data is distributed through a network broker, and the data transferred from the producer to the consumer is encrypted with the encryption private key and transferred from the consumer to the producer. Data is encrypted with the re-encryption secret key.

  According to the present invention, it is possible to provide a security guarantee technique regarding the confidentiality and reliability of handled data and a charging technique when charging is necessary.

As examples of the present invention, first to fifth examples will be described. First, basic matters common to these examples will be described.
[Certification Body] The present invention requires an organization for authenticating the copyright owner of the original work, the provider of the original work (Information Provider: IP), the user of the original work, and the processor of the original work. . This institution may be unique, but a plurality of institutions may exist. If there are a plurality of institutions, they can be linked to each other so that they can be virtually regarded as one institution.

  Also, in this system, a different private key is used at each stage where each user's public key-dedicated key set and work are used. Among these, the dedicated key is managed by each user at his / her own responsibility, and the reliability is ensured by the digital authority signing the corresponding public key. This public key is generally managed by a key management organization called a key library and distributed according to the user's request. The public key is linked to the key management organization or the authentication function is provided. It is also possible for the institution to have the function of a key management institution.

[Encryption Key] The key system and digital signature system used will be briefly described. A secret key system is also called a “common key system” because encryption and decryption can be performed with the same key, and it is called a “secret key system” because it is necessary to keep the key secret. Typical encryption algorithms using a secret key include the National Bureau of Standards DES (Data Encryption Standard) system, Nippon Telegraph and Telephone's FEAL (Fast Encryption Algorithm) system, and Mitsubishi Electric's MISTY system. In the embodiment described below, the secret key is displayed as “Ks”.

In contrast, the public key system uses a public key (puBlic key) that is publicly available and a private key (priVate key) that is kept secret except for the owner of the key, and encrypts it with one key and the other. An encryption system that decrypts with a key, and a typical one is an RSA public key system. In the embodiments described below, the public key is displayed as “Kb” and the dedicated key is displayed as “Kv”. At this time, the operation of encrypting the data M (Material) into the encryption Ck (Cryptgram) using the encryption key K is Ck = E (M, K).
The operation of decrypting the cipher Ck into data M using the cipher key K is M = D (Ck, K)
It expresses.

The digital signature is a technique using a public key system, and the transfer source uses the data M as a hash value Hm by a one-way hash function such as MD5, and the hash value Hm is a dedicated key Kv.
Is encrypted into Chmkv and transferred to the transfer destination together with the data M. The transfer destination decrypts the transferred encrypted hash value Chmkv into the hash value Hm using the public key Kb and the transferred data M is the same. In this system, the hash value Hm ′ is set by a one-way hash function, and if Hm = Hm ′, the transferred data is determined to be reliable. The hash value Hm obtained in this process is uniquely determined from the data M, and it is impossible to uniquely reproduce the data M from the hash value Hm. Also, when the transfer source and transfer destination can confirm each other, even if the hash value Hm is transferred without encryption, the reliability of the transferred data is ensured, so it is called electronic fingerprinting. Used for simple authentication.

  [Use of Key] In the first to fifth embodiments, data encryption / decryption / re-encryption processing, data storage prohibition processing, and encryption key storage are performed in devices other than the center side device. These operations are preferably performed by a dedicated application program that operates automatically, an application program built in the data, or an operating system in order to increase safety. Further, by performing these processes using an IC card or a PC card, a higher level of safety can be obtained.

  [Billing] As a method of reliably charging according to the use of data, there are a method of charging according to the expected use before use and a method of charging according to the usage record after use. In addition, the method of charging after use is based on the metering post-payment method in which the usage record is recorded and the usage record is checked later for charging, and a card with a pre-filled purchase amount is used. There is a prepaid card method that reduces the amount of the entry. Further, the metering post-payment method includes a telephone fee method in which a recording device is installed on the server side and an electric fee method in which the recording device is installed on the user terminal device side. In addition, there are a credit card system in which prepaid cards are stored on the server side and a prepaid card system in which prepaid cards are stored on the user side.

  In the first to fourth embodiments, the data management center creates a user label based on user information presented when the user registers to use the system, and transmits the user label to the user. A user public key, a user dedicated key, and a data management center public key used in the system are stored in its own device. As these storage locations, an IC card or a PC card is optimal, but it can also be stored in a data storage device in the device. The encryption key storage method using an IC card or PC card can ensure higher security than key management using an operating system.

  In the embodiment described below, a system for managing copyright of digital data will be described. In addition to copyrighted data, communication contents such as electronic commerce data and electronic currency data, confidentiality such as transaction contents, certainty, and reliability are required. The present invention can be applied to such digital data. In addition, in the network system using the encryption key, the organization that stores the encryption key and the organization that generates the encryption key are placed outside the network system and used via the network system. In the embodiment described below, In order to simplify the explanation, it is assumed that only one organization, that is, the data management center, serves as all these organizations.

[Label] In the present invention, since the label is used to protect the copyright of the data and to exercise the data copyright, the label will be described first with reference to FIGS. In this system, the user label of the system user is used, and the label owner information is described in the user label as shown in FIG. Further, when the label owner has the original copyright, information about the original work is added as shown in FIG. 1B, and the work is a processed work obtained by processing the original work. In this case, as shown in FIG. 1C, information on the original copyright data, information on the processing tool, and processing data (processing scenario) are further added. A machining tool (machining program) can be added instead. Among these labels, the label on which only the label owner information shown in FIG. 1A is described is called “user label”, and the information on the copyrighted work shown in FIG. 1B is described. The label is called a “copyright label”, and the label in which the processing scenario shown in FIGS. 1C and 1D is described is called a “processing label”.

  The user label is generated by the data management center based on the user information when the user joins the system, and the copyright label is presented by the author who has made the work to the data management center. The processing label is generated by the data management center by the user who processed the data presenting the user label and the processing scenario to the data management center, and these are transferred to each label owner, Stored in the data management center.

  [Encryption Target] FIGS. 2A, 2B, and 2C show the relationship between the copyright label and the copyrighted work data. The copyrighted work data corresponding to the copyright label is separated from the copyrighted data header as shown in FIG. 2A, and the copyrighted work data as shown in FIG. The copyright label may be integrated with the header, or the copyright label may be combined with the header as shown in FIG. When the copyright label is combined with the header, as shown in FIG. 2D, an extended label configuration in which a plurality of copyright labels are combined can be performed. In the case of the integrated label shown in FIG. 2B, if the copyright label becomes large, the label may not be stored in a single header with limited capacity. Similarly, when an extended label configuration in which a plurality of labels shown is combined is employed, if the number of labels is too large, the size of a packet on the Internet may be exceeded and distribution may become difficult.

  The copyright label may be used after being encrypted as shown in FIG. 3A, or may be used without being encrypted as shown in FIG. 3B. In these figures, the quadrangular frame portion is the portion to be encrypted. If the copyright label is not encrypted, the copyrighted work data is encrypted. Even when the copyright label is not encrypted, in the extended label configuration shown in FIG. 2D, the copyright label other than the last added copyright label is encrypted, and FIG. 3C and FIG. As shown in FIG. 3D, it is possible to adopt a multistage configuration in which the copyright label added later and the encrypted encryption key of the copyright label added are included in the copyright label added later. With this configuration, it is possible to confirm the contents of the copyright label previously added.

  Encryption / decryption of data is performed for copyright protection, but encryption / decryption is a task that requires a considerable burden on the computer. When the data to be encrypted / decrypted is text data mainly composed of characters, the work load of encryption / decryption is not so much, but the target data is audio data, image data, especially video. The amount of work of encryption / decryption in the case of data is enormous. Therefore, even when a high-speed encryption algorithm is used, data other than text data, such as moving image data, is used by a commonly used personal computer, except when a special computer such as a massively parallel supercomputer is used. Is not practical at this stage.

  4 (a), 4 (b), 4 (c), 4 (d), 4 (e), 4 (f), and 4 (g), data encryption / decryption configuration Will be described. In these figures, the rectangular frame portion is the portion to be encrypted. FIG. 4 (a) shows the principle of encryption usage, in which only the data body part that is overwhelmingly larger than the head part is encrypted, and a data header used for recognizing data. The part is not darkened. In the case of such a configuration, the work burden of encryption / decryption becomes very large.

  On the other hand, as shown in FIG. 4B, there is a method of encrypting the data header portion without encrypting the data body portion. In this case, if all the headers are encrypted, the data cannot be recognized. Therefore, a part of the headers is not encrypted.

  As a method for reducing the work load of the configuration shown in FIG. 4A, the data body to be encrypted can be made only at the head portion as shown in FIG. 4C. According to this configuration, since only a very small part of the data body needs to be encrypted / decrypted, the work burden of encryption / decryption is significantly reduced.

FIG. 4 (d) shows the effect obtained by the configuration of FIG. 4 (c), which is provided with a plurality of encryption units in the data body.
FIG. 4 (e) shows SKIP (Simple Key-management for Internet Protocols).
The data body is encrypted, a part of the header is encrypted, and an encryption key for decrypting the data body is placed in the encrypted part of the header. According to this configuration, decryption is extremely difficult because two ciphers must be decrypted.

  However, in the case of the configuration shown in FIG. 4 (e), the entire data body part is encrypted, so that the work load of encryption / decryption is very similar to the case of the configuration shown in FIG. 4 (e). Big. As a response to this, the data body encrypted by combining the configuration shown in FIG. 4E with the configuration shown in FIG. With this configuration, since only a part of the data body needs to be encrypted / decrypted, the workload of encryption / decryption is significantly reduced.

  The configuration shown in FIG. 4 (e) is further combined with the configuration shown in FIG. 4 (d), and as shown in FIG. 4 (g), the encryption part in the data body is included in the data body. By providing a plurality of configurations, the effect becomes higher.

  An encryption / decryption configuration of data having a normal file format will be described with reference to FIGS. 5 (a), 5 (b), and 5 (c). In these figures, the rectangular frame portion is the portion to be encrypted. Data having a normal file format is composed of a data body portion and a data header portion, and in the present invention, it is further composed of an attached or related copyright label. FIG. 5 (a) shows the principle of encryption usage. The copyright label and the data header part are not encrypted and only the data body part is encrypted, and FIG. 4 (a). As in the case of, the work load of encryption / decryption is very large.

  On the other hand, as shown in FIG. 5B, there is a method of encrypting the data header portion without encrypting the data body portion. In this case, if all the headers are encrypted, the data cannot be recognized. Therefore, a part of the headers is not encrypted. In this case, the copyright label is not encrypted.

  Further, as shown in FIG. 5C, there is a method of encrypting the copyright label without encrypting the data body portion and the data header portion. In this case as well, if all the copyright labels are encrypted, the relationship between the copyright label and the corresponding data becomes unclear, so a part of the copyright label is not encrypted.

On the other hand, instead of a normal format file consisting of a data header and data body, object-oriented programming (object oriented programming (object oriented programming)) is used to perform various processes using an object that integrates data and a program that handles data. programing) ”. The object has the basic conceptual structure shown in FIG. 6 (a), and data called an instance variable is stored in a storage location called a slot in an envelope called an instance. The slot is surrounded by one or more procedures called methods for referencing, processing, binding, etc., and refers to instance variables. And manipulating it can only be done via methods, and this function is called encapsulation. Also, an external command that causes a method to refer to or manipulate an instance variable is called a message.

  In other words, instance variables that can only be referenced or manipulated via a method are protected by the method. By utilizing this fact, as shown in FIG. 6B, the method can be encrypted, and the instance variable can be referred to or manipulated only by a message that can decrypt the encrypted method. In this case as well, as in the case of the data having the normal file format shown in FIG. 5C, if all the methods are encrypted, the object cannot be used, so a part of the method is encrypted. do not do. The quadrangular frame portion is an encrypted portion.

  [First Embodiment] The first embodiment will be described with reference to FIG. In order to explain in principle, the case where the user transfers the original work data without transferring it to the next user will be described. The case where the user processes the original work data will be described later. Note that the case where the original work data is not actually processed and the case where the original work data described later in the third embodiment is processed are combined and executed. In the system of this embodiment, a secret key and a public key-dedicated key are used. Therefore, a public key management organization and a secret key generation organization may be linked or included in the data management center.

(1) The original author (data owner) A presents the original copyright label L0 and requests the data management center Cd to distribute the original secret key Ks0. The original author may transfer or manage the original work data to an information provider (IP) or a database, and the information provider (IP) or the database may play the role of the original author. Although the original author A can store the original secret key Ks0 and encrypt the original work data M0 without depending on the data management center Cd, the original work data M0 by the user (data user) can be used. Is required to store the original secret key Ks0 in the data management center Cd.

(2) The data management center Cd requested to distribute the original secret key Ks0 encrypts the original secret key Ks0 corresponding to the original copyright label L0 together with the original copyright label L0 using the public key Kba of the original author A. Cds0kba = E (Ks0, Kba)
The encrypted original secret key Cks0kba is distributed to the original author A. Thereafter, the private key is encrypted and distributed using the public key of the distribution destination so that it can be decrypted only by the distribution destination.

At this time, the data management center Cd performs a one-way hash on the original copyright label L0 using an algorithm such as MD5 (Message Digest 5), and the original copyright label fingerprint F0, for example, has a data amount of 16 bytes. Create and distribute to original author A. Thereafter, the electronic fingerprint is transferred together with the literary work data.

(3) The original author A to whom the encrypted original secret key Cks0kba has been distributed decrypts the encrypted original secret key Cks0kba using the original author A's dedicated key Kva, and Ks0 = D (Cks0kba, Kva)
The original copyrighted work data M0 is encrypted using the decrypted original secret key Ks0, and Cm0ks0 = E (M0, Ks0)
The encrypted original work data Cm0ks0, the original copyright label L0, and the original copyright label fingerprint F0 are
Transfer to user (first data user) U1.

(4) The first user U1 to whom the encrypted original work data Cm0ks0, the original copyright label L0, and the original copyright label fingerprint F0 have been transferred is the original copyright label L0, the original copyright label fingerprint F0, and the first user label Lu1. And requests the data management center Cd to distribute the original secret key Ks0 and the first secret key Ks1.

(5) The data management center Cd requested to distribute the original secret key Ks0 and the first secret key Ks1 confirms the validity of the presented original copyright label L0 by the original copyright label fingerprint F0, and first The user label Lu1 is registered, and the original secret key Ks0 corresponding to the original copyright label L0 and the first secret key Ks1 corresponding to the first user label Lu1 are encrypted using the public key Kb1 of the first user U1. , Cks0kb1 = E (Ks0, Kb1)
Cks1kb1 = E (Ks1, Kb1)
The encrypted original secret key Cks0kb1 and the encrypted first secret key Cks1kb1 are distributed to the first user U1.

(6) The first user U1 to whom the encrypted original secret key Cks0kb1 and the encrypted first secret key Cks1kb1 are distributed has the encrypted original secret key Ck0kb1 and the encrypted first secret key Cks1kb1 as the dedicated key Kv1 for the first user U1. And Ks0 = D (Cks0kb1, Kv1)
Ks1 = D (Cks1kb1, Kv1)
The encrypted original copyrighted work data Cm0ks0 is decrypted using the decrypted original secret key Ks0, and M0 = D (M0
, Ks0)
The decrypted original work data M0 is used.

When the original work data M0 is stored and copied, it is encrypted using the decrypted first secret key Ks1, and Cm0ks1 = E (M0, Ks1)
When the original work data M0 is stored and copied as encrypted original work data Cm0ks1 and transferred to the second user (next data user) U2, it is encrypted using the decrypted first secret key Ks1. The original copyrighted data Cm0ks1 is transferred together with the original copyright label L0, the original copyright label fingerprint F0, and the first user label Lu1.

Each user attaches a digital signature obtained by encrypting the one-way hash value of the label using the user's dedicated key to the label of the user presented to the data management center Cd, and the data management center discloses the public of the user. Verify the authenticity of each user label by decrypting the encrypted one-way hash value using the key, calculating the one-way hash value of the label, and comparing both one-way hash values. Can do.

(7) Encrypted original work data Cm0ks1, original copyright label L0, original copyright label fingerprint F0, and second user U2 to whom first user label Lu1 has been transferred are original copyright label L0 and original copyright label fingerprint F0. The first user label Lu1 and the second user label Lu2 are presented, and the data management center Cd is requested to distribute the first secret key Ks1 and the second secret key Ks2.

(8) The data management center Cd requested to distribute the first secret key Ks1 and the second secret key Ks2
The validity of the original copyright label L0 and the first user label Lu1 is confirmed by the original copyright label fingerprint F0. When it is confirmed that the first user label Lu1 is valid, the data management center Cd registers the second user label Lu2, and the first secret key Ks1 and the second user corresponding to the first user label Lu1. The second secret key Ks2 corresponding to the label Lu2 is encrypted using the public key Kb2 of the second user, and Cks1kb2 = E (Ks1, Kb2)
Cks2kb2 = E (Ks2, Kb2)
The encrypted first secret key Cks1kb2 and the encrypted second secret key Cks2kb2 are distributed to the second user U2.

(9) The second user U2 to whom the encrypted first secret key Cks1kb2 and the encrypted second secret key Cks2kb2 have been distributed is dedicated to the second user U2 with the encrypted first secret key Cks1kb2 and the encrypted second secret key Cks2kb2 Decrypt using key Kv2, Ks1 = D (Cks1kb2, Kv2)
Ks2 = D (Cks2kb2, Kv2)
The encrypted original copyrighted work data Cm0ks1 is decrypted using the decrypted first secret key Ks1, and M0 = D (Cm0ks1, Ks1).
The decrypted original work data M0 is used.

When the original work data M0 is stored and copied, it is encrypted using the decrypted second secret key Ks2, the encrypted original work data Cm0ks2 is stored and copied, and the original work data M0 is transferred to the third user U3. In this case, encryption is performed using the decrypted second secret key Ks2, and the encrypted original work data Cm0ks2 is converted into the original copyright label L0, the original copyright label fingerprint F0, and the first user label Lu1.
And the second user label Lu2 and the third user U3.

(10) The third user U3 who has transferred the encrypted original work data Cm0ks2 together with the original copyright label L0, the original copyright label fingerprint F0, the first user label Lu1 and the second user label Lu2 is the original copyright label L0, Present the original copyright label fingerprint F0, the first user label Lu1, the second user label Lu2, and the third user label Lu3 and request the data management center Cd to distribute the second secret key Ks2 and the third secret key Ks3. .

(11) The data management center Cd requested to distribute the second secret key Ks2 and the third secret key Ks3 receives the original copyright label L0, the first user label Lu1, and the second user label based on the original copyright label fingerprint F0. Check if Lu2 is valid. When it is confirmed that the second user label Lu2 is valid, the data management center Cd registers the third user label Lu3, the second secret key Ks2 corresponding to the second user label Lu2, and the third user. The third secret key Ks3 corresponding to the label Lu3 is encrypted using the public key Kb3 of the third user U3, and Cks2kb3 = E
(Ks2, Kb3)
Cks3kb3 = E (Ks3, Kb3)
The encrypted second secret key Cks2kb3 and the encrypted third secret key Cks3kb3 are distributed to the third user U3.

(12) The third user U3 to whom the encrypted second secret key Cks2kb3 and the encrypted third secret key Cks3kb3 have been distributed has the encrypted second secret key Cks2kb3 and the encrypted third secret key Cks3kb3 dedicated to the third user U3. Decrypt using key Kv3, Ks2 = D (Cks2kb3, Kv3)
Ks3 = D (Cks3kb3, Kv3)
The encrypted original work data Cm0ks2 is decrypted by using the decrypted second secret key Ks2, and M0 = D (Cm0ks2, Ks2).
The decrypted original work data M0 is used.

When the original work data M0 is stored and copied, it is encrypted using the decrypted third secret key Ks3, the encrypted original work data Cm0ks3 is stored and copied, and the original work data M0 is transferred to the fourth user U4. In this case, the decrypted third secret key Ks3 is used to encrypt the encrypted original work data Cm0ks3 together with the original copyright label L0, the first user label Lu1, the second user label Lu2, and the third user label Lu3. To the fourth user U4. Thereafter, the same operation is repeated.

  [Second Embodiment] A second embodiment in which the key used for encrypting the copyrighted work data is sent separately from the key used for decrypting the copyrighted work data will be described with reference to FIG. Note that the key handling, the relationship between the original author, the information provider, and the user, and the label handling in the second embodiment are the same as those in the first embodiment, and a description thereof will not be repeated.

(1) The original author A presents the original copyright label L0 and requests the data management center Cd to distribute the original secret key Ks0.
(2) The data management center Cd requested to distribute the original secret key Ks0 creates the original copyright label fingerprint F0 from the original copyright label L0 and makes it correspond to the original copyright label L0 together with the original copyright label L0. The original secret key Ks0 is encrypted with the original author A's public key Kba, and Cks0kba = E (Ks0, Kba)
The encrypted original secret key Cks0kba is distributed to the original author A.

(3) The original author A to whom the encrypted original secret key Cks0kba has been distributed decrypts the encrypted original secret key Cks0kba using the original author A's dedicated key Kva, and Ks0 = D (Cks0kba, Kva)
The original copyrighted work data M0 is encrypted using the decrypted original secret key Ks0, and Cm0ks0 = E (M0, Ks0)
The encrypted original work data Cm0ks0, the original copyright label L0, and the original copyright label fingerprint F0 are
Transfer to user U1.

(4) The first user U1 to whom the encrypted original work data Cm0ks0, the original copyright label L0, and the original copyright label fingerprint F0 have been transferred is the original copyright label L0, the original copyright label fingerprint F0, and the first user label Lu1. And requests the data management center Cd to distribute the original secret key Ks0.

(5) The data management center Cd requested to distribute the original secret key Ks0 confirms the validity of the presented original copyright label L0 by the original copyright label fingerprint F0 and registers the first user label Lu1. At the same time, the original secret key Ks0 corresponding to the original copyright label L0 is encrypted using the public key Kb1 of the first user U1, and Cks0kb1 = E (Ks0, Kb1)
The encrypted original secret key Cks0kb1 is distributed to the first user U1.

(6) The first user U1 to whom the encrypted original secret key Cks0kb1 has been distributed decrypts the encrypted original secret key Ck0kb1 using the dedicated key Kv1 of the first user U1, and Ks0 = D (Cks0kb1, Kv1)
The encrypted original copyrighted work data Cm0ks0 is decrypted using the decrypted original secret key Ks0, and M0 = D (M0
, Ks0)
The decrypted original work data M0 is used.

(7) When the original copyrighted work data M0 is stored and copied, the original copyright label L0, the original copyright label fingerprint F0, and the first user label Lu1 are again presented, and the first secret key Ks1 is distributed. Request to the management center Cd.

(8) The data management center Cd requested to distribute the first secret key Ks1 confirms the validity of the presented first user label Lu1 with the original copyright label fingerprint F0 and registers the registered first user label. The first secret key Ks1 corresponding to Lu1 is encrypted using the public key Kb1 of the first user U1, and Cks1kb1 = E (Ks1, Kb1)
The encrypted first secret key Cks1kb1 is distributed to the first user U1.

(9) The first user U1 to whom the encrypted first secret key Cks1kb1 has been distributed decrypts the encrypted first secret key Cks1kb1 using the dedicated key Kv1 of the first user U1, and Ks1 = D (Cks1kb1, Kv1)
The original work data M0 is encrypted using the decrypted first secret key Ks1, and Cm0ks1 = E (M0,
Ks1)
The encrypted original work data Cm0ks1 is stored and copied, and the original work data M0 is stored as the second user U2.
Is encrypted using the decrypted first secret key Ks1, and the original copyright label L0, the original copyright label fingerprint F0 and the first user label Lu1 are encrypted as encrypted original work data Cm0ks1.
And forward.

(10) Encrypted original work data Cm0ks1, original copyright label L0, original copyright label fingerprint F0, and second user U2 to whom the first user label Lu1 has been transferred are the original copyright label L0 and original copyright label fingerprint F0. The first user label Lu1 and the second user label Lu2 are presented, and the data management center Cd is requested to distribute the first secret key Ks1.

(11) The data management center Cd requested to distribute the first secret key Ks1 confirms the validity of the original copyright label L0 and the first user label Lu1 by the original copyright label fingerprint F0. When it is confirmed that the first user label Lu1 is valid, the data management center Cd registers the second user label Lu2, and sets the first secret key Ks1 corresponding to the first user label Lu1 to the second. Encrypt using the user's public key Kb2, Cks1kb2 = E (Ks1, Kb2)
The encrypted first secret key Cks1kb2 is distributed to the second user U2.

(12) The second user U2 to whom the encrypted first secret key Cks1kb2 has been distributed decrypts the encrypted first secret key Cks1kb2 using the dedicated key Kv2 of the second user U2, and Ks1 = D (Cks1kb2, Kv2)
The encrypted original copyrighted work data Cm0ks1 is decrypted using the decrypted first secret key Ks1, and M0 = D (Cm0ks1, Ks1).
The decrypted original work data M0 is used.

(13) When the original copyrighted work data M0 is stored and copied, the original copyright label L0, the original copyright label fingerprint F0, the first user label Lu1 and the second user label Lu2 are again presented, and the second secret key Request the data management center Cd to distribute Ks2.

(14) The data management center Cd requested to distribute the second secret key Ks2 confirms the validity of the presented second user label Lu2 with the original copyright label fingerprint F0 and registers the registered second user label. The second secret key Ks2 corresponding to Lu2 is encrypted using the public key Kb2 of the second user U2, and Cks2kb2 = E (Ks2, Kb2)
The encrypted second secret key Cks2kb2 is distributed to the second user U2.

(15) The second user U2 to whom the encrypted second secret key Cks2kb2 has been distributed decrypts the encrypted second secret key Cks2kb2 using the dedicated key Kv2 of the second user U2, and Ks2 = D (Cks2kb2, Kv2)
The original work data M0 is encrypted using the decrypted second secret key Ks2, and Cm0ks2 = E (M0,
Ks2)
The encrypted original copyrighted work data Cm0ks2 is stored and copied, and the original copyrighted work data M0 is transferred to the third user U3.
Is encrypted using the decrypted second secret key Ks2, and the original copyright label L0, the original copyright label fingerprint F0, the first user label Lu1, and the second user are encrypted as the encrypted original work data Cm0ks2. The data is transferred to the third user U3 together with the label Lu2.

(16) The third user U3 transferred the encrypted original work data Cm0ks2 together with the original copyright label L0, the original copyright label fingerprint F0, the first user label Lu1 and the second user label Lu2 is the original copyright label L0, The original copyright label fingerprint F0, the first user label Lu1, the second user label Lu2, and the third user label Lu3 are presented to distribute the second secret key Ks2, and to the data management center Cd
To request.

(17) The data management center Cd requested to distribute the second secret key Ks2 uses the original copyright label fingerprint F0 and the original copyright label L0, the first user label Lu1, and the second user label Lu2 are valid. Check if it exists. When it is confirmed that the second user label Lu2 is valid, the data management center Cd registers the third user label Lu3 and assigns the second secret key Ks2 corresponding to the second user label Lu2 to the third user. Cks2kb3 = E (Ks2, Kb3) encrypted using U3 public key Kb3
The encrypted second secret key Cks2kb3 is distributed to the third user U3.

(18) The third user U3 to whom the encrypted second secret key Cks2kb3 has been distributed is the encrypted second secret key Cks.
2kb3 is decrypted using the dedicated key Kv3 of the third user U3, and Ks2 = D (Cks2kb3, Kv3)
The encrypted original work data Cm0ks2 is decrypted by using the decrypted second secret key Ks2, and M0 = D (Cm0ks2, Ks2).
The decrypted original work data M0 is used.

(19) When the original work data M0 is stored and copied, the original copyright label L0, the original copyright label fingerprint F0, the first user label Lu1, the second user label Lu2 and the third user label Lu3 are presented again. And requests the data management center Cd to distribute the third secret key Ks3.

(20) The data management center Cd requested to distribute the third secret key Ks3 confirms the validity of the presented third user label Lu3 with the original copyright label fingerprint F0, and registers the registered third user label. The third secret key Ks3 corresponding to Lu3 is encrypted using the public key Kb3 of the third user U3, and Cks3kb3 = E (Ks3, Kb3)
The encrypted third secret key Cks3kb3 is distributed to the third user U3.

(21) The third user U3 to whom the encrypted third secret key Cks3kb3 has been distributed decrypts the encrypted third secret key Cks3kb3 using the dedicated key Kv3 of the third user U3, and Ks3 = D (Cks3kb3, Kv3)
The original work data M0 is encrypted using the decrypted third secret key Ks3, and Cm0ks3 = E (M0,
Ks3)
The encrypted original copyrighted work data Cm0ks3 is stored and copied, and the original copyrighted work data M0 is stored in the fourth user U4.
Are encrypted using the decrypted third secret key Ks3, and the original copyright label L0, the original copyright label fingerprint F0, the first user label Lu1, the encrypted original work data Cm0ks3 are encrypted.
The data is transferred to the fourth user U4 together with the second user label Lu2 and the third user label Lu3.
Thereafter, the same operation is repeated.

  In the case of this embodiment, only the decryption key necessary for using the copyrighted work data is initially distributed, so that the operation is simplified for users who do not store, copy or transfer the copyrighted work data. The The re-encryption key is distributed simultaneously with the decryption key as in the first embodiment, and the re-encryption key is distributed separately from the decryption key as in the second embodiment. It is also possible to configure the system to coexist in one system and to select and use as appropriate.

  [Third Embodiment] A third embodiment in which a user processes one original work data and transfers it to the next user will be described with reference to FIGS. The data work is processed by editing the original work data using a processing tool that is an application program. The processed work data obtained by the processing is the original work data used and information on the processing tool used. And can be expressed by processing content data. That is, when the processing tool is owned, the processed work data can be reproduced by obtaining the original work data and the processing content data.

  The digital data processing will be described. Since digital data is processed by modifying the original data using a processing program (processing tool), the processing data is identified by specifying the original data, processing tool, and processing content data (processing scenario). It is reproduced. In other words, machining data cannot be reproduced unless the original data, machining tool and machining scenario are specified.

When creating new data from a single original data, when modifying the original data A to obtain the processed data “A ′”, the user adds the data X to the original data A so that the processed data “A + X”. If the original data A is divided into the original data elements A1, A2, A3... And the array is changed to A3, A2, A1, etc. to obtain the processed data “A” ”, the original data A is the original data A. In some cases, the data is divided into data elements A1, A2, A3... And the primary user data X is divided into X1, X2, X3... And arranged to obtain processed data “A1 + X1 + A2 + X2 + A3 + X3. . In these cases, modification of the original data, change of the arrangement of the original data, combination of the original data and user data, division of the original data and combination of the user data are subject to secondary copyrights, respectively. Need to protect. Needless to say, the user's original copyright exists in the data X added by the user.

When new data is created by combining a plurality of original data, when original data A, B, C... Is simply combined to obtain processed data “A + B + C. When the user obtains the processed data “A + X” by adding the data X to C..., The original data A, B, C... Are converted to the original data elements A1, A2, A3.
, B3..., C1, C2, C3...
+ B1 + C1 + ... + A2 + B2 + C2 + ... + A3 + B3 + C3 + ... ", the original data A, B, C ... are converted into the original data elements A1, A2, A3 ..., B1, B2, B3 ..., C1. , C2, C3... And the user data X1, X2, X3... Are combined and the arrangement is changed to change the processed data “A1 + B1 + C1 + X1 +... + A2 + B2 + C2 + X2 ++.
B3 + C3 + X3 +... In these cases, a combination of a plurality of original data, a combination of a plurality of original data and user data, a division and arrangement change of a plurality of original data, and a combination of a plurality of divided original data and user data are secondary. It is subject to copyright and it is necessary to protect these secondary copyrights. Needless to say, the user's original copyright exists in the data X1, X2, X3.

  FIG. 9 shows an example of a technique for creating new data D using a plurality of original data A, B, and C. This method extracts (cuts) elements a, b, and c from original data A, B, and C, and pastes the extracted elements a, b, and c (paste) to synthesize one data D. Data is processed by a technique.

In addition, there is a data link technique for linking a plurality of data objects. In this data link technique, an object link unit is provided in a slot of a pad, which is a data object, and objects are linked by a slot connection technique for linking with another pad in this slot. The mutual relationship between a plurality of objects linked in this way can be expressed as a tree structure, and further, the object can be deleted or added using the expressed tree structure.

  By the way, although it is clear that the original data and the user data are data, the modification of the original data, the change of the original data, the combination of the original data and the user data, the combination of the original data and the user data, and the user data are processed. Data, a combination of a plurality of original data, a combination of a plurality of original data and user data, a division and arrangement change of a plurality of original data, and a combination of a plurality of divided original data and user data are also data itself.

  Focusing on the fact that the processing scenario of data, such as the arrangement relation and processing procedure of the original data, is also data, the secondary copyright related to the processed data is changed to the original copyright of the original author related to the original data and the user copyright related to the user data. In addition to this, it is possible to protect the user by managing the user's copyright regarding the process data.

  That is, the processed data is composed of original data, user data, and a processing scenario, and by managing these original data, user data, and processing scenario, the copyright of the processed data can be managed together with the original data. . In this case, the processing program used in the data processing is also managed by the data management system if necessary.

This data can be processed by using the processing program corresponding to the original data, but if the original data is handled as object-oriented software that has been attracting attention recently, it will be easier to process. Better data copyright management can be performed. Further, if agent-oriented software is further adopted, the user can synthesize data without effort.

  Agent-oriented software is a program that combines autonomy, adaptability, and cooperation, and based on only general instructions from users, even if it does not specify all work procedures specifically as in conventional software. Due to the characteristics of autonomy, adaptability and cooperation, it is possible to meet the demands of users. This agent program is incorporated into the basic system of the data copyright management system, the user's database usage form is monitored, and the usage data details, billing information, etc. are utilized using the metering function provided in the user terminal device. By configuring the information to be collected on the database side or the copyright management center side, the database side or the copyright management center side can know the database usage trend of the user, and perform more detailed copyright management. Can do. Therefore, the agent program and data are also subject to copyright protection and are encrypted in the same manner as the original data.

  In the third embodiment shown in FIG. 10, the processing label added to the copyright label in the first embodiment and the second embodiment shown above is called a “processing label”. Treat as a copyright label. The key handling, the relationship between the original author, the information provider, and the user and the label handling in the third embodiment are the same as those in the first embodiment, so that the description thereof will be omitted.

(1) The original author A presents the original copyright label L0 and requests the data management center Cd to distribute the original secret key Ks0.
(2) The data management center Cd requested to distribute the original secret key Ks0 encrypts the original secret key Ks0 corresponding to the original copyright label L0 together with the original copyright label L0 using the public key Kba of the original author A. Cds0kba = E (Ks0, Kba)
The encrypted original secret key Cks0kba is distributed to the original author A.

At this time, the data management center Cd performs the one-way hash, for example, the data amount of 16 bytes, using the algorithm such as MD5 to create the original copyright label fingerprint F0 by using the algorithm such as MD5. To distribute. This electronic fingerprint is created for each processed work and transferred together with the original work each time an original work or processing is performed and a processed work is obtained.

(3) The original author A to whom the encrypted original secret key Cks0kba has been distributed decrypts the encrypted original secret key Cks0kba using the original author A's dedicated key Kva, and Ks0 = D (Cks0kba, Kva)
The original copyrighted work data M0 is encrypted using the decrypted original secret key Ks0, and Cm0ks0 = E (M0, Ks0)
The encrypted original work data Cm0ks0, the original copyright label L0, and the original copyright label fingerprint F0 are
Transfer to user U1.

(4) The first user U1 to whom the encrypted original work data Cm0ks0, the original copyright label L0, and the original copyright label fingerprint F0 have been transferred is the original copyright label L0, the original copyright label fingerprint F0, and the first user label Lu1. And requests the data management center Cd to distribute the original secret key Ks0.

(5) The data management center Cd requested to distribute the original secret key Ks0 confirms the validity of the presented original copyright label L0 by the original copyright label fingerprint F0 and registers the first user label Lu1. At the same time, the original secret key Ks0 corresponding to the original copyright label L0 is encrypted using the public key Kb1 of the first user U1, and Cks0kb1 = E (Ks0, Kb1)
The encrypted original secret key Cks0kb1 is distributed to the first user U1.

(6) The first user U1 to whom the encrypted original secret key Cks0kb1 has been distributed decrypts the encrypted original secret key Ck0kb1 using the dedicated key Kv1 of the first user U1, and Ks0 = D (Cks0kb1, Kv1)
The encrypted original copyrighted work data Cm0ks0 is decrypted using the decrypted original secret key Ks0, and M0 = D (M0
, Ks0)
The decrypted original work data M0 is processed using a processing tool to obtain processed work data Me1.

  The processed work data Me1 obtained in this way includes the copyright of the original user who created the original work as well as the copyright of the first user who processed the data. The copyright of the original author concerning the original work data M0 is the registered original copyright label L0, the original copyright label fingerprint F0, the original secret key Ks0 corresponding to the original copyright label L0, the first user label Lu1, and the first user. Although it can be protected by the first secret key Ks1 corresponding to the label Lu1, since the key for encrypting the processed work data Me1 is not prepared, the secondary copyright of the first user relating to the processed work data Me1 Is not yet protected.

(7) In order to protect the secondary copyright of the first user relating to the processed work data Me1, in the third embodiment, the first user label that is the author of the processed work and its electronic fingerprint are used. As described above, the processed work can be expressed by the original work data used, the information of the processing tool used, and the processing content data. Therefore, in other words, the first processing label Le1 includes these. Information and data are entered. Further, in order to protect the secondary copyright in the subsequent distribution process, the user U1 presents the first processed label Le1 to the data management center Cd, whereby the secondary copyright of the user U1 is registered.

(8) The data management center Cd presented with the first processed label Le1 confirms the validity of the presented original copyright label L0 with the original copyright label fingerprint F0, and registers the first processed label Le1. Then, the electronic fingerprint F1 of the first processed label Le1 is created, the first processed secret key Kse1 corresponding to the first processed label Le1 is encrypted with the public key Kb1 of the first user U1 of the data management center, and Ckse1kb1 = E ( Kse1, Kb1)
The encrypted first processed secret key Ckse1kb1 is sent to the first user U1 together with the electronic fingerprint Fe1 of the first processed label Le1.

(9) The first user U1 to whom the encrypted first modified secret key Ckse1kb1 and the electronic fingerprint Fe1 of the first modified copyright label Le1 have been distributed uses the encrypted first modified secret key Ckse1kb1 as the dedicated key Kv1 for the first user U1. And Kse1 = D (Ckse1kb1, Kv1)
The first modified work data Me1 is encrypted using the decrypted first modified key Kse1, and Cme1 = E (Me1, Kse1)
The encrypted first processed work data Cme1 is transferred to the second user U1 together with the first processed copyright label Le1 and the electronic fingerprint Fe1 of the first processed copyright label Le1. Thereafter, the same operation is repeated.

In the third embodiment, only the first processed copyright label Le1 and the electronic fingerprint Fe1 of the first processed copyright label Le1 are transferred together with the encrypted first processed work data Cme1 when the processed data is transferred. Other labels and electronic fingerprints can also be configured to be transferred simultaneously. The processing performed using a plurality of copyrighted work data as shown in FIG. 7 is complicated due to the large number of copyrighted work data, but is performed in the same manner as the processing using single data. However, it is omitted so that the explanation is not redundant.

In the systems of the first embodiment, the second embodiment, and the third embodiment described above, the copyrighted work data is encrypted using the secret key, and the decryption secret key and the data used for storage / copying / transfer are re-used. The encryption private key is distributed by the data management center based on the user label presented by the user.

  Both the decryption private key and the re-encryption private key are encrypted by the user public key that has been authenticated by the data management center in advance, so that the data management center is indirectly authenticated. become. In addition, since these secret keys are used to encrypt the transferred work data, the data management center is finally authenticated for the transferred work data. Since authentication by this data management center is absolute, it is a hierarchical authentication system represented by PEM.

  On the other hand, since the copyrighted work data itself is transferred between users without being transferred to the data management center, the authentication performed in the process can be said to be a horizontally distributed authentication system represented by PGP. As described above, the system of this embodiment realizes an authentication system that has the feature that the reliability of the hierarchical authentication system is high and the feature that the horizontal distributed authentication system is easy to handle.

  Further, the user's actions using the copyrighted work data and the contents of the actions are all grasped by the data management center by the user label presented by the user. And since all uses including the processing of copyrighted works are performed via the data management center, the identity of each user is securely confirmed, and the contents and contents of the copyrighted work data are checked by confirming the contents and progress of the act. And proof of history is performed. When this content proof is applied to electronic commerce or the like, it is possible to certify the transaction content by the data management center, that is, “electronic notarization”. Further, when a digital signature is applied to the user label or the processed label, when a computer virus enters the user label or the processed label, the label data changes, and as a result, the hash value changes. Therefore, the invasion of a computer virus can be detected by verifying the digital signature. If hash value conversion is performed without performing a digital signature, an intrusion of a computer virus can be detected because the user label or the processed label is invalid depending on the changed hash value.

  [Fourth Embodiment] In the case of a distributed object system typified by a license network system, it is not a conventional computer having a large-capacity data storage device. The use of network computers that only do is considered. Furthermore, it is also considered to use a network computer like a terminal device of a large computer that has only a data input / output function without having a data processing device. Since such a network computer does not have a data storage device, the copyrighted work data cannot be stored or copied.

  Next, an embodiment applicable to a network computer that does not have a data storage device used in such a distributed object system will be described. However, this embodiment is applied to a computer having a normal data storage device. Of course, it is applicable to this case.

  In order to protect the data copyright, it is necessary to use some kind of encryption technology in order to limit unauthorized use of the work. In the first embodiment, the second embodiment, and the third embodiment described so far, in order to protect the copyright in a system for a computer having a normal data storage device, encrypted work data and An unencrypted label is used as a clue for using copyrighted material data. On the other hand, in a system for a network computer having only a terminal device function, the copyrighted work data is not stored, copied or transferred, and therefore it is not necessary to encrypt the copyrighted work data. .

  As described in the third embodiment, the data work is processed by modifying the original work data using a processing tool, and the processed work data obtained by the processing includes the original work data used, It can be expressed by the information of the used processing tool and the processing scenario. The same applies to the distributed object system. Even if the processed work data is created using the work data of the database existing on the distributed object system, the database used, the original work data used, the use The processed work data can be reproduced by specifying the processing tool information and processing scenario, which is the case when using multiple work data obtained from a single database or multiple databases. Is the same.

  A fourth embodiment will be described with reference to FIG. In this embodiment, the original copyright holder and the information provider (IP) who own the copyrighted work data are distinguished from the users who do not have the copyrighted work data and are arranged on the network side together with the data management center and the like. In the system of this embodiment, a public key and a dedicated key are used. When the original work data is transferred to the user, the original work data is encrypted using a secret key or a transfer destination public key for safety.

The first user U1 uses a network, broadcast, or recording medium to search for literary work data and collect necessary literary data. The collected literary data is temporarily stored in the memory of the user U1. Even when the data storage device such as a hard disk drive (HDD) is included in the user U1 device, the copyrighted material data is not stored in the data storage device. In order to prevent the copyrighted work data from being saved, when saving is attempted, the copyrighted work data in the memory is destroyed, the data header in the memory is changed, and the data is one-way hashed. When the file name is changed to an unstorable file name, the copyrighted work data is prohibited from being saved. Although the storage prohibition can be performed by a data storage prohibition program incorporated in the program portion of the copyrighted work data having an object structure, it is highly reliable by being performed by the entire system or an operating system (OS) related to the user device. Sex is obtained.

In the fourth embodiment, a case where a plurality of copyrighted work data is used will be described. (1), (2) The first user U1 presents the first user label Lu1 to the data management center, and the original work data M0i (i = 1, 2, 3) from the data library of the information provider IP in the system. ...) and the processing tool Pe is obtained. At this time, the original work data M0i and the processing tool Pe are encrypted using the public key Kb1 of the first user U1, and Cm0ikb1 = E (M0i, Kb1). )
Cpekb1 = E (Pe, Kb1)
The encrypted original work data Cm0ikb1 and the encryption processing tool Cpekb1 are distributed to the first user U1. At this time, by referring to the first user label Lu1, the usage status of the original work data M0i and the processing tool Pe is also recorded in the data management center and used for billing.

(3) The first user U1 to whom the encrypted original work data Cm0ikb1 and the encryption processing tool Cpekb1 have been distributed receives the distributed original work data Cm0ikb1 and the encryption processing tool Cpekb1 as the private key Kv1 of the first user U1. And decrypted using M0i = D (Cm0ikb1, Kv1)
Pe = D (Cpekb1, Kv1)
Then, the decrypted original work data M0i is processed using the decrypted processing tool Pe, and the first
Processed work data M1i (i = 1, 2, 3 ...) is obtained.

(4) The first user U1 who has obtained the first processed work data M1i encrypts the first scenario S1i, which is the processed data for the first processed work data M1i, with the public key Kbc of the data management center, and Cs1ikbc = E (S1i, Kbc)
The encrypted first scenario Cs1ikbc is presented together with the first user label Lu1 to the data management center Cd, whereby the secondary copyright of the user U1 is registered.

(5) The data management center Cd presented with the encrypted first scenario Cs1ikbc decrypts the encrypted first scenario Cs1ikbc using the dedicated key Kvc of the data management center Cd, and S1i = D (Cs1ikbc, Kvc)
A first processing label Le1 is created based on the presented user label of the first user U1 and the decrypted first processing scenario S1i, stored in the data management center Cd, and the first processing label Le1 is stored in the first user U1. Encrypt using public key Kb1, Cle1kb1 = E (Lei, Kb1)
The encrypted first processed label Cle1kb1 is transferred to the first user U1.

(6) The first user U1 transferred with the encrypted first processed label Cle1kb1 decrypts the encrypted first processed label Cle1kb1 using the first user U1's dedicated key Kv1, and Le1 = D (Cle1kb1, Kv1
)
The decrypted first processed label Le1 is encrypted using the public key Kb2 of the second user U2, and Cle1kb2 = E (Le1, Kb2)
The encrypted first processed label Cle1kb2 is transferred to the second user U2, but the first processed work data M1i or the encrypted first processed work data is not transferred to the second user U2.

When the computer of the first user U1 has a data storage device, the collected copyrighted work data or the processed data may be stored in the data storage device. Storage is prohibited. In this case, instead of the encrypted first processed label Cle1kb2, an electronic fingerprint F1 obtained by converting the first processed label into a one-way hash value can be used. By doing so, simplified processing by telephone voice can be performed. The label can be transferred.

(7) The second user U2 transferred with the encrypted first processed label Cle1kb2 decrypts the transferred encrypted first processed label Cle1kb2 using the dedicated key Kv2 of the second user U2, and Le1 = D (Cle1kb2 , Kv2)
The first processed label Le1 is encrypted using the dedicated key Kv2 of the second user U2, and Cle1kv2 = E (Le1, Kv2)
The encrypted first processed label Cle1kv2 together with the second user label Lu2 and the data management center Cd
To present.

(8) The data management center Cd presented with the encrypted first processed label Cle1kv2 and the second user label Lu2 decrypts the presented encrypted first processed label Cle1kv2 using the public key Kb2 of the second user U2. , Le1 = D (Cle1kv2, Kb2)
The original work data M0i described in the decrypted first processed label Le1 is collected, and the original work data M0i is processed using the processing tool Pe based on the first scenario S1i described in the first processed label Le1. The first processed work data M1i is reproduced.

The data management center Cd reproducing the first processed work data M1i encrypts the first processed work data M1i and the processing tool Pe using the public key Kb2 of the second user U2, and Cm1ikb2 = E (M1i, Kb2).
Cpekb2 = E (Pe, Kb2)
The encrypted first processed work data Cm1ikb2 and the encryption processing tool Cpekb2 are transferred to the second user U2.

(9) The second user U2 to whom the encrypted first processed work data Cm1ikb2 and the encryption processing tool Cpekb2 are distributed has the distributed first copyrighted work data Cm1ikb2 and the encrypted processing tool Cpekb2 to the second user U2. Using the dedicated key Kv2 and M1i = D (Cm1ikb2, Kv2)
Pe = D (Cpekb2, Kv2)
Then, the decrypted first processed work data M1i is processed using the decrypted processing tool Pe to obtain second processed work data M2i (i = 1, 2, 3,...).

(10) The second user U2 who has obtained the second processed work data M2i encrypts the second scenario S2i, which is the processed data for the second processed work data M2i, with the public key Kbc of the data management center, and Cs2ikbc = E (S2i, Kbc)
The encrypted second scenario Cs2ikbc is presented to the data management center Cd together with the second user label Lu2.

(11) The data management center Cd presented with the encrypted second scenario Cs2ikbc decrypts the encrypted second scenario Cs2ikbc using the dedicated key Kvc of the data management center Cd, and S2i = D (Cs2ikbc, Kvc)
A second processed label Le2 is created based on the presented user label of the second user U2 and the decrypted second processing scenario S2i, stored in the data management center Cd, and the second processed label Le2 is stored in the first user U2 Encrypt using the public key Kb2, Cle2kb2 = E (Lei, Kb2)
The encrypted second processed label Cle2kb2 is transferred to the second user U2.

(12) The second user U2 transferred with the encrypted second processed label Cle2kb2 decrypts the encrypted second processed label Cle2kb2 using the dedicated key Kv2 of the second user U2, and Le2 = D (Cle2kb2, Kv2
)
The decrypted second processed label Le2 is encrypted using the public key Kb3 of the third user U3, and Cle2kb3 = E (Le2, Kb3)
The encrypted second processed label Cle2kb3 is transferred to the third user U3. Thereafter, the same operation is repeated.

  In the fourth embodiment using this distributed object system, the copyrighted material data is not stored by the user but is stored only in the database, while the user is informed about the processing in the user information, ie, the original copyrighted material data used, the usage Only the processing label in which the information of the processed tool and the processing scenario and the processed user information are described is managed and stored, and only this processed label is encrypted and transferred between users. Therefore, the copyrighted work data is not stored, copied or transferred.

  Further, in the system of this embodiment, only the public key and the dedicated key are used, and the validity of the public key is authenticated in advance by the data management center, and the authentication by the data management center is absolute. , A hierarchical authentication system represented by PEM. And since the processed label to be transferred is encrypted and transferred by the user public key whose validity has been authenticated in advance by the data management center, the content has certainty of being indirectly authenticated by the data management center. It will be. Since the processed label itself is transferred between users without being transferred to the data management center, the authentication performed in the process can be said to be a horizontally distributed authentication system represented by PGP. As described above, the system of this embodiment realizes an authentication system that has the feature that the reliability of the hierarchical authentication system is high and the feature that the horizontal distributed authentication system is easy to handle.

  Further, the user's actions using the copyrighted work data and the contents of the actions are all grasped by the data management center by the user label presented by the user. And since all uses including the processing of copyrighted works are performed via the data management center, the identity of each user is securely confirmed, and the contents and contents of the copyrighted work data are checked by confirming the contents and progress of the act. And proof of history is performed. When this content proof is applied to electronic commerce or the like, it is possible to certify the transaction content by the data management center, that is, “electronic notarization”.

  Further, when a digital signature is applied to the user label or the processed label, when a computer virus enters the user label or the processed label, the label data changes, and as a result, the hash value changes. Therefore, the invasion of a computer virus can be detected by verifying the digital signature. If hash value conversion is performed without performing a digital signature, the intrusion of a computer virus can be detected because the user label or the processed label is invalid depending on the changed hash chip.

  Also in this embodiment, since the data management center grasps all the actions of the user who uses the copyrighted work data and the contents of the actions by the user label presented by the user, any of the above charging methods can function effectively. To do.

[Fifth Embodiment] An embodiment in which the system of the present invention is applied to electronic commerce will be described. First, a basic case where all processing is performed through an intermediary will be described with reference to FIG.
(1) The user (customer) U browses the product catalog of the broker S via the network, and receives the transaction data Qm such as an estimate, a purchase order form, and settlement information regarding the order of the product desired to be purchased. S is requested.

(2) The broker S receiving the request for the transaction data Qm encrypts the request R for the transaction data Qm made by the user U and the first secret key Ks1 using the public key Kbm of the manufacturer (producer) M, Crkbm = E (R, Kbm)
Cks1kbm = E (Ks1, Kbm)
The encryption request Crkbm and the encryption first secret key Cks1kbm are sent to the manufacturer M.

(3) The maker M, to which the encryption request Crkbm and the encrypted first secret key Cks1kbm are sent, decrypts the sent encryption request Crkbm and the encrypted first secret key Cks1kbm using the maker M dedicated key Kvm. , R = D (Crkbm, Kbm)
Ks1 = D (Cks1kbm, Kbm)
The transaction data Qm corresponding to the request R is encrypted using the decrypted first secret key Ks1, and Cqmks1 = E (Qm, Ks1)
The encrypted transaction data Cqmks1 is sent to the broker S.

(4) The broker S, to which the encrypted transaction data Cqmks1 is sent, decrypts the sent encrypted transaction data Cqmks1 using the first secret key Ks1, and Q = D (Cqks1, Ks1)
The decrypted transaction data Qm is encrypted again using the second secret key Ks2, and Cqmks2 = E (Qm,
Ks2)
The second secret key KS2 is encrypted using the user's public key Kbu, and Cks2kbu = E (Ks2, Kbu)
The encrypted transaction data Cqmks2 and the encrypted second secret key Cks2kbu are sent to the user U.

(5) The user U to whom the encrypted transaction data Cqmks2 and the encrypted second secret key Cks2kbu are sent decrypts the encrypted second secret key Cks2kbu using the user U's dedicated key Kvu, and Ks2 = D (Cks2kbu, Kvu)
The encrypted transaction data Cqmks2 is decrypted using the decrypted second secret key Ks2, and Qm = D (Cqmks2, Ks2)
The order contents are entered into the decrypted transaction data Qm to process the data to create a purchase order Qu. The created purchase order Qu is encrypted using the second secret key Ks2, and Cquks2 = E (
Qu, Ks2)
The encrypted purchase order Cquks2 is sent to the broker S.

(6) The broker S to which the encrypted purchase order Cquks2 is sent decrypts the encrypted purchase order Cquks2 using the second secret key Ks2, and Qu = D (Cquks2, Ks2)
The decrypted purchase order Qu is encrypted using the public key Kbm of the manufacturer M, and Cqukbm = E (Qu, Kbm)
The encrypted purchase order Cqukbm is transferred to the manufacturer M.

The manufacturer M to which the encrypted purchase order Cqukbm has been transferred decrypts the encrypted purchase order Cqukbm using the dedicated key Kvm of the manufacturer M, and Qu = D (Cqukbm, Kvm)
Order processing is performed according to the contents of the decrypted purchase order Qu.

  Next, an exceptional process when the user places an order directly with the manufacturer will be described with reference to FIG. In this exceptional case, until the stage where the encrypted transaction data Cqmks2 and the encrypted second secret key Cks2kbu of (4) are sent to the user U, the basic case shown in FIG. Therefore, the description thereof is omitted, and only the steps different from the basic case will be described.

(7) The user U to whom the encrypted transaction data Cqmks2 and the encrypted second secret key Cks2kbu are sent decrypts the encrypted second secret key Cks2kbu using the user U's dedicated key Kvu, and Ks2 = D (Cks2kbu, Kvu)
The encrypted transaction data Cqmks2 is decrypted using the decrypted second secret key Ks2, and Qm = D (Cqmks2, Ks2)
The order contents are entered into the decrypted transaction data Qm to process the data to create a purchase order Qu. The created purchase order Qu is encrypted using the second secret key Ks2, and Cquks2 = E (
Qu, Ks2)
The encrypted purchase order Cquks2 is sent to the manufacturer M.

(8) The maker M to which the encrypted purchase order Cquks2 is sent forwards the encrypted purchase order Cquks2 to the seller S.
(9) The broker S who has received the encrypted purchase order Cquks2 decrypts the encrypted purchase order Cquks2 using the second secret key Ks2, and Qu = D (Cquks2, Ks2)
The decrypted purchase order Qu is encrypted using the public key Kbm of the manufacturer M, and Cqukbm = E (Qu, Kbm)
Transfer to manufacturer M.
(10) The manufacturer M to which the encrypted purchase order Cqukbm has been transferred decrypts the encrypted purchase order Cqukbm using the dedicated key Kvm of the manufacturer M, and Qu = D (Cqukbm, Kvm)
Order processing is performed according to the contents of the purchase order Qu.

In addition to goods, this commercial product can be dealt with by computer software executed via a network. The software P to be traded in that case is encrypted by the manufacturer M using the manufacturer's dedicated key Kvm, and Cpkvm = E (P, Kvm)
The encrypted software Cpkvm is transferred to the intermediary S, and the intermediary S decrypts the transferred encrypted software Cpkvm using the public key Kbm of the manufacturer M, and P = D (Cpkvm, Kbm)
The software P decrypted by the broker S is encrypted using the public key Kbu of the user U, and Cpkbu = E (P, Kbu)
The encrypted software Cpkbu is transferred to the user U, and the transferred encrypted software Cpkbu is decrypted by the user U using the dedicated key Kvu.
P = D (Cpkbu, Kvu)
Furthermore, an encryption key of encryption software stored in a storage medium such as a CD-ROM is distributed for a fee. This encryption key is also subject to commercial transactions in the same manner as the computer software described here. It can be.

  In the basic case described with reference to FIG. 12 (a), since all of the transactions are performed through the broker, various troubles due to the removal of the broker from the transaction process can be prevented. Also, even in the exceptional case described with reference to FIG. 12B, in order for the manufacturer to know the contents of the purchase order and perform order processing, the encrypted purchase order is transferred to the broker and decrypted by the broker. It is necessary to have you. Accordingly, in this case as well, an intermediary is always involved in the transaction process, so that various troubles due to the exclusion of the intermediary from the transaction process are similarly prevented in advance. The secret key to be sent can be sent in addition to being sent alone in the transaction data.

<Others>
The present embodiment further discloses the following technique (hereinafter referred to as an appendix).
(Appendix 1) A data management system for managing digital data transferred from a data owner to a data user via a communication network: the data management system includes a secret key, a public key, a dedicated key, and a data owner Label, data user label and data label are used; a data management center is located on the communication network linked to a public key storage authority and a secret key generation authority; the data management center is the data owner and the data Authenticates the user's public key and stores the data owner label, the data user label and the data label; the data owner presents the data owner label and the data label and manages the data Request a secret key for data encryption from the center; the data management center Create a data label fingerprint and distribute to the data owner an encryption private key encrypted using the data label fingerprint and the data owner's public key; the data owner is dedicated to the data owner Encrypting data using the private key decrypted with a key and transferring the encrypted data, the data label and the data label fingerprint to a first user; the first data user sends the first data The user's user label, the data label, and the data label fingerprint are presented, and a secret key for decrypting the encrypted data and a secret key for re-encrypting the decrypted data are provided to the data management center. The data management center verifies the validity of the data label by the data label fingerprint and registers the user label of the first data user. And the first data user by encrypting a secret key for decrypting the encrypted data and a secret key for re-encrypting the decrypted data using the public key of the first data user. The first data user decrypts the decryption private key and the re-encryption private key using the first data user's private key, and uses the decryption private key. The encrypted data is decrypted and used, the decrypted data is encrypted and stored using the re-encryption secret key, and the encrypted data is stored in a data label, a data label fingerprint, and the first data. It is transferred to the next data user together with the user label of the user.
(Supplementary note 2) The data management system according to supplementary note 1, wherein copyright registration is performed when the data owner presents the data owner label and the data label to a data management center.
(Supplementary note 3) The data management system according to supplementary note 1, wherein the data is processed by a data user, and the processing content of the data is added to the data label.
(Supplementary note 4) The data management system according to supplementary note 3, wherein secondary data registration is performed when the data user presents a data label describing the user label of the data and the processing content to the data management center. .
(Supplementary note 5) The digital data management system according to supplementary note 3 or supplementary note 4, wherein the data is plural.
(Supplementary note 6) The data management system according to supplementary note 1, supplementary note 2, supplementary note 3, supplementary note 4 or supplementary note 5, wherein a digital signature is performed on the data label.
(Supplementary note 7) Charges are made based on the data user presenting the user label and the data label to the data management center. Supplementary note 1, Supplementary note 2, Supplementary note 3, Supplementary note 4, Supplementary note 5
Or the data management system according to appendix 6.
(Supplementary note 8) The data management system according to supplementary note 7, wherein the accounting is performed by a usage result metering postpay method.
(Supplementary note 9) The data management system according to supplementary note 8, wherein the usage metering data is stored in a data management center.
(Supplementary note 10) The data management system according to supplementary note 8, wherein the usage record metering data is stored in a user's device.
(Supplementary note 11) The data management system according to supplementary note 7, wherein the billing is performed by a prepayment method.
(Supplementary note 12) The data management system according to supplementary note 11, wherein the prepaid data is stored in a data management center.
(Supplementary note 13) The data management system according to supplementary note 11, wherein the prepaid data is stored in a user device.
(Appendix 14) The digital data has a normal file structure, and only the data body is encrypted. Appendix 1, Appendix 2, Appendix 3, Appendix 4, Appendix 5, Appendix 7, Appendix 8 , Appendix 9, appendix 10, appendix 11, appendix 12 or appendix 13.
(Supplementary note 15) The data management system according to supplementary note 14, wherein a part of the data body is encrypted.
(Supplementary note 16) The data management system according to supplementary note 15, wherein a part of the data body is continuously encrypted.
(Supplementary note 17) The data management system according to supplementary note 15, wherein a part of the data body is discontinuously encrypted.
(Supplementary note 18) The digital data has a normal file structure, and the data header and data body are encrypted. Supplementary note 1, supplementary note 2, supplementary note 3, supplementary note 4, supplementary note 5, supplementary note 6, supplementary note 7, A data management system according to appendix 8, appendix 9, appendix 10, appendix 11, appendix 12 or appendix 13.
(Supplementary note 19) The data management system according to claim 18, wherein a part of the data header and the whole of the data body are encrypted.
(Supplementary note 20) The data management system according to claim 18, wherein a part of the data header and a part of the data body are encrypted.
(Additional remark 21) The digital data has a normal file structure, and only the data header is encrypted. Claims 1, 2, 2, 3, 4, 5 and 6 Data management system according to claim 7, claim 8, claim 9, claim 10, claim 11, claim 12 or claim 13.
(Supplementary note 22) The data management system according to supplementary note 21, wherein the entire data header is encrypted.
(Supplementary note 23) The data management system according to supplementary note 21, wherein only a part of the data header is encrypted.
(Supplementary note 24) The digital data has a normal file structure, and only the copyright label is encrypted. Supplementary note 1, supplementary note 2, supplementary note 3, supplementary note 4, supplementary note 5, supplementary note 7, supplementary note 8. The data management system according to appendix 9, appendix 10, appendix 11, appendix 12 or appendix 13.
(Supplementary note 25) The data management system according to supplementary note 24, wherein only a part of the copyright label is encrypted.
(Supplementary note 26) The digital data has a file structure in an object format, and the method is encrypted. Supplementary note 1, supplementary note 2, supplementary note 3, supplementary note 4, supplementary note 5, supplementary note 7, supplementary note 8, The data management system according to Supplementary Note 9, Supplementary Note 10, Supplementary Note 11, Supplementary Note 12, or Supplementary Note 13.
(Supplementary note 27) A system for managing digital data transferred from a data owner to a data user via a broadcast, a communication network or a data storage medium, wherein the data management system uses a public key, a dedicated key, and data use The data management center and the data owner are linked to a public key storage institution on the communication network; the data management center is the public key of the data owner and the data user And the data user label and the data label are stored; the first data user presents the data user label and obtains and uses the data and the data label from within the network. After completion, the data is not stored in the data user's device.
(Supplementary note 28) The data management system according to supplementary note 27, wherein the data is not stored in the device of the data user when the data is deleted.
(Supplementary note 29) The data management system according to supplementary note 27, wherein the data is not stored in the device of the data user by being converted into a one-way hash value.
(Supplementary note 30) The data management according to supplementary note 27, wherein the data management center is further linked to a secret key generating organization, and the data is encrypted using a secret key and stored in the device of the data user. system.
(Supplementary note 31) The data management system according to supplementary note 28, supplementary note 29, or supplementary note 30, wherein a processing label is obtained by processing data and adding the processing content of the data to the data label.
(Supplementary note 32) The data management system according to supplementary note 31, wherein only the processed label is transferred to the next data user.
(Supplementary note 33) The processed label is encrypted using the public key of the next user and transferred to the next data user; the next data user uses the encrypted processed label for the next data use Decrypting using the private key of the user and presenting the decrypted processed label to the data management center; transferring the data to the next data user based on the processed label; The data management system according to attachment 32, wherein the user processes and uses the data with the processing data of the processing label.
(Supplementary note 34) The first user transfers the processed data to the next user; the next data user presents the processed data to the data management center; The data management system according to attachment 32, wherein the management center transfers data to the next data user based on the processing label; and the next user processes and uses the data with the processing data of the processing label.
(Supplementary note 35) The data management system according to claim 34, wherein the first user performs a digital signature on the processed label using a dedicated key of the first user.
(Supplementary Note 36) Claim 28, Claim 29, Claim 30, and Claim 31 in which the data is plural.
36. A digital data management system according to claim 32, claim 33, claim 34, or claim 35.
(Supplementary Note 37) Claim 27, Claim 28, Claim 29, Claim 30, Charge based on the data user presenting the user label and the data label to a data management center 31. A data management system according to claim 31, claim 32, claim 33, claim 34, claim 35 or claim 36.
(Supplementary note 38) The data management system according to supplementary note 37, wherein the accounting is performed by a usage result metering postpay method.
(Supplementary note 39) Supplementary note 3 in which the usage metering data is stored in the data management center
8. The data management system according to 8.
(Supplementary note 40) The data management system according to supplementary note 38, wherein the usage record metering data is stored in a user's device.
(Supplementary note 41) The data management system according to supplementary note 37, wherein the accounting is performed by a prepayment method.
(Supplementary note 42) The data management system according to supplementary note 41, wherein the prepaid data is stored in a data management center.
(Supplementary note 43) The data management system according to supplementary note 41, wherein the prepaid data is stored in a user device.
(Supplementary note 44) Supplementary note 28, Supplementary note 29, Supplementary note 30, Supplementary note 31, Supplementary note 32, Supplementary note 33, Supplementary note 34, Supplementary note 35, wherein the digital data has a normal file structure, and only the data body is encrypted. , Appendix 36, Appendix 37, Appendix 38, Appendix 39, Appendix 40, Appendix 41, Appendix 42 or Appendix 43.
(Supplementary note 45) The data management system according to supplementary note 44, wherein a part of the data body is encrypted.
(Supplementary note 46) The data management system according to supplementary note 45, wherein a part of the data body is continuously encrypted.
(Supplementary note 47) The data management system according to supplementary note 45, wherein a part of the data body is encrypted discontinuously.
(Supplementary note 48) The digital data has a normal file structure, and the data header and data body are encrypted. Supplementary note 28, supplementary note 30, supplementary note 31, supplementary note 32, supplementary note 33, supplementary note 34, supplementary note 35, the supplementary note 36, the supplementary note 37, the supplementary note 38, the supplementary note 39, the supplementary note 40, the supplementary note 41, the supplementary note 42, or the supplementary note 43.
(Supplementary note 49) The data management system according to supplementary note 48, wherein a part of the data header and the whole of the data body are encrypted.
(Supplementary Note 50) Supplementary Note 4 in which a part of the data header and a part of the data body are encrypted.
8. The data management system according to 8.
(Supplementary note 51) The digital data has a normal file structure, and only the data header is encrypted. Supplementary note 28, supplementary note 30, supplementary note 31, supplementary note 32, supplementary note 33, supplementary note 34, supplementary note 35, A data management system according to Supplementary Note 36, Supplementary Note 37, Supplementary Note 38, Supplementary Note 39, Supplementary Note 40, Supplementary Note 41, Supplementary Note 42, or Supplementary Note 43.
(Supplementary note 52) The data management system according to supplementary note 51, wherein the entire data header is encrypted.
(Supplementary note 53) The data management system according to supplementary note 51, wherein only a part of the data header is encrypted.
(Supplementary Note 54) The digital data has a normal file structure, and only the copyright label is encrypted. Supplementary Note 27, Supplementary Note 28 Supplementary Note 29, Supplementary Note 30, Supplementary Note 32, Supplementary Note 33, Supplementary Note 34 , Appendix 35, Appendix 36, Appendix 37, Appendix 38, Appendix 39, Appendix 40, Appendix 41, Appendix 42, or Appendix 43.
(Supplementary note 55) The data management system according to supplementary note 54, wherein only a part of the copyright label is encrypted.
(Supplementary note 56) The digital data has an object format file structure, and the method is encrypted. Supplementary note 27, Supplementary note 28, Supplementary note 29, Supplementary note 30, Supplementary note 32, Supplementary note 33, Supplementary note 34, Supplementary note 35, the supplementary note 36, the supplementary note 37, the supplementary note 38, the supplementary note 39, the supplementary note 40, the supplementary note 41, the supplementary note 42, or the supplementary note 43.
(Supplementary note 57) A commercial transaction system performed between a consumer and a producer via an intermediary: a secret key, public key-dedicated key is used in the commercial transaction system; Located on a communication network linked to an institution and a private key generation institution; the consumer requests commercial data from the intermediary; the intermediary encrypts using the producer's public key Forwards the consumer's commercial transaction data request with the private key to the producer; the producer decrypts the encryption private key using the producer's private key; and the decrypted encryption secret Encrypting the commercial transaction data using a key and sending it to the broker; the broker decrypts the encrypted commercial transaction data using the encryption secret key and re-encrypts the decrypted commercial transaction data Private key And re-encrypted using the consumer's public key and transferred to the consumer together with the re-encryption private key encrypted using the consumer's public key; Decrypting the private key for encryption, decrypting the encrypted commercial transaction data using the decrypted private key for re-encryption, creating an order form by filling in the order items in the decrypted commercial transaction data, The purchase order is encrypted using the re-encryption private key, and the re-encryption purchase order is sent to the broker. The broker trades the re-encryption order using the re-encryption private key. Decrypt the purchase order, encrypt the decrypted purchase order with the producer's public key, and forward the encrypted purchase order to the producer; the producer uses the producer's private key The encrypted purchase order is decrypted and order processing is performed.
(Supplementary note 58) The data management system according to supplementary note 57, wherein the digital data has a normal file structure and only a data body is encrypted.
(Supplementary note 59) The data management system according to supplementary note 58, wherein a part of the data body is encrypted.
(Supplementary note 60) The data management system according to supplementary note 59, wherein a part of the data body is continuously encrypted.
(Supplementary note 61) The data management system according to supplementary note 59, wherein a part of the data body is encrypted discontinuously.
(Supplementary note 62) The data management system according to supplementary note 57, wherein the digital data has a normal file structure, and a data header and a data body are encrypted.
(Supplementary note 63) The data management system according to supplementary note 62, wherein a part of the data header and the whole of the data body are encrypted.
(Supplementary Note 64) Supplementary Note 6 in which a part of the data header and a part of the data body are encrypted.
2. The data management system according to 2.
(Supplementary note 65) The data management system according to supplementary note 57, wherein the digital data has a normal file structure, and only a data header is encrypted.
(Supplementary note 66) The data management system according to supplementary note 65, wherein the entire data header is encrypted.
(Supplementary note 67) The data management system according to supplementary note 65, wherein only a part of the data header is encrypted.
(Supplementary note 68) The data management system according to supplementary note 57, wherein the digital data has a normal file structure, and only a copyright label is encrypted.
(Supplementary note 69) The data management system according to supplementary note 68, wherein only a part of the copyright label is encrypted.
(Supplementary note 70) The data management system according to supplementary note 57, wherein the digital data has an object format file structure and a method is encrypted.

Explanatory drawing of a label. Explanatory drawing of a label, a data header, and a data body. Explanatory drawing of encryption of a label and data. Explanatory drawing of encryption of a data header and a data body. Explanatory drawing of encryption of a label, a data header, and a data body. Explanatory drawing of object file encryption. 1 is a schematic configuration diagram of a digital data management system according to a first embodiment of the present invention. The schematic block diagram of the digital data management system of 2nd Example of this invention. Explanatory drawing of the technique which produces | generates one data from multiple data. The schematic block diagram of the digital data management system of 3rd Example of this invention. The schematic block diagram of the digital data management system of 4th Example of this invention. The schematic block diagram of the digital data management system of 3rd Example of this invention.

Claims (25)

A data management system for managing digital data transferred from a data owner terminal device to a data user terminal device via a communication network:
In the data management system, a secret key, a public key, a dedicated key, an original copyright label, and a data user label are used;
The data management center is connected to the public key storage organization and the secret key generation organization via the communication network, and includes a computer and a recording device;
The computer of the data management center
Authenticate the public key of the data owner and the data user and store the original copyright label and the data user label in the recording device,
Accepting a request for a secret key for data encryption presenting an original copyright label from the terminal device of the data owner,
Said to create the original copyright label fingerprint from the original copyright label,
Distributing the private key for encryption encrypted using the original copyright label fingerprint and the public key of the data owner to the terminal device of the data owner;
The terminal device of the data owner is
Data is encrypted using the private key decrypted using the private key of the data owner, and the encrypted data, the original copyright label, and the original copyright label fingerprint are used as the terminal device of the first data user Forward to
The terminal device of the first data user is
A secret key for presenting the data user label, the original copyright label, and the original copyright label fingerprint of the terminal device of the first data user, and decrypting the encrypted data to the computer of the data management center And a secret key for re-encrypting the decrypted data,
The computer of the data management center
Confirm the validity of the original copyright label by the original copyright label fingerprint,
Registering a data user label of the terminal device of the first data user, and a secret key for decrypting the encrypted data and a secret key for re-encrypting the decrypted data Encrypted using the public key of the user terminal device and distributed to the first data user terminal device;
The terminal device of the first data user is
Decrypting the decryption secret key and the re-encryption secret key using a dedicated key of the terminal device of the first data user, and decrypting and using the encrypted data using the decryption secret key The decrypted data is encrypted using the re-encryption secret key, stored and copied, and the encrypted data is stored in the original copyright label, the original copyright label fingerprint, and the terminal device of the first data user. A data management system that transfers data to the terminal device of the next data user together with the data user label. The data management system according to claim 1 , wherein the data is processed by a terminal device of a data user, and the processing content of the data is added to the original copyright label. The computer accepts presentation of the original copyright label to which the processing content is added from the terminal device of the data user,
The data management system according to claim 2, wherein when the presentation is received, registration processing of information related to a secondary copyright of the data is performed. The data management system according to claim 2 , wherein the data is plural. The data management system according to any one of claims 2 to 4 , wherein a digital signature is performed on the original copyright label to which the processed content is added . The data management system according to any one of claims 1 to 5, wherein the computer charges based on the terminal device of the data user presenting the data user label to a computer of a data management center. The data management system according to claim 6, wherein the billing is performed by a usage result metering postpay method. The data management system according to claim 7, wherein the recording device stores the usage record metering data. The data management system according to claim 7, wherein the usage record metering data is stored in a user device. The data management system according to claim 6, wherein the billing is performed by a prepaid method. The data management system according to claim 10, wherein the recording device stores the prepaid data. The data management system according to claim 10, wherein the prepaid data is stored in a user terminal device. The data management system according to any one of claims 1 to 12, wherein the digital data has a file structure including a data body portion and a data header portion, and only the data body is encrypted. The data management system according to claim 13, wherein a part of the data body is encrypted. The data management system according to claim 14, wherein a part of the data body is continuously encrypted. The data management system according to claim 14, wherein a part of the data body is encrypted discontinuously. The data management system according to any one of claims 1 to 12, wherein the digital data has a file structure including a data body portion and a data header portion , and the data header and the data body are encrypted. . The data management system according to claim 17, wherein a part of the data header and the entire data body are encrypted. The data management system according to claim 17, wherein a part of the data header and a part of the data body are encrypted. The data management system according to any one of claims 1 to 12, wherein the digital data has a file structure including a data body portion and a data header portion, and only the data header is encrypted. The data management system according to claim 20, wherein the entire data header is encrypted. Data management system of claim 20 in which only a portion of the data header is encrypted. The data management system according to any one of claims 1 to 12, wherein the digital data has a file structure including a data body portion and a data header portion, and only a copyright label is encrypted. The data management system according to claim 23, wherein only a part of the copyright label is encrypted. The data management system according to any one of claims 1 to 12, wherein the digital data has a file structure in an object format, and a method is encrypted.

Images