CN100476847C - Method and apparatus for processing information, and computer program product - Google Patents

Method and apparatus for processing information, and computer program product Download PDF

Info

Publication number
CN100476847C
CN100476847C CN 200710002065 CN200710002065A CN100476847C CN 100476847 C CN100476847 C CN 100476847C CN 200710002065 CN200710002065 CN 200710002065 CN 200710002065 A CN200710002065 A CN 200710002065A CN 100476847 C CN100476847 C CN 100476847C
Authority
CN
China
Prior art keywords
information
device
unit
electronic data
processing apparatus
Prior art date
Application number
CN 200710002065
Other languages
Chinese (zh)
Other versions
CN101004772A (en
Inventor
南康一
小谷诚刚
Original Assignee
株式会社Pfu;富士通株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to JP2006010355 priority Critical
Priority to JP2006-010355 priority
Priority to JP2006-158719 priority
Application filed by 株式会社Pfu;富士通株式会社 filed Critical 株式会社Pfu;富士通株式会社
Publication of CN101004772A publication Critical patent/CN101004772A/en
Application granted granted Critical
Publication of CN100476847C publication Critical patent/CN100476847C/en

Links

Abstract

数据获取单元获取电子数据。 The data acquisition unit acquires electronic data. 抗窜改芯片包括存储设备特定的机密密钥的存储单元,以及收集设备信息的收集单元,所述设备信息是设备的内部信息。 Chip includes a tamper-resistant storage device specific secret key storage unit, and a collecting unit collecting device information, the device information is a device internal information. 附加单元将收集的设备信息附加到获取的电子数据中。 The collected device information attachment unit attached to the electronic data acquired. 加密单元使用存储在存储单元中的机密密钥对附加了设备信息的电子数据进行加密。 Using the secret key encryption unit in the storage unit in the additional information of electronic data is encrypted.

Description

用于处理信息的方法和设备以及计算机程序产品 A method and apparatus for processing information and a computer program product

技术领域 FIELD

本发明涉及信息处理设备,如图像处理设备(困像扫描仪、打印机、多功能设备、传真机等等),个人计算机,以及服务器,由信息处理设备执行的信息处理方法,以及计算机程序。 The present invention relates to an information processing apparatus, image processing apparatus (trapped like scanner, a printer, a multifunction device, a facsimile machine, etc.), a personal computer, and a server, the information processing method executed by an information processing apparatus, and a computer program.

背景技术 Background technique

传统上,在传真中,确保图像的可靠性是通过在图像上打印曰期或路由来实现的。 Traditionally, in the fax, ensure that the image of reliability is achieved by printing the image on the said period or routing.

就每一个企业分别地追求的安全性增强功能而论,具有提供PC 平台的技术的企业组合起来,形成了TCG(受信任的计算组),以作为一个工业团体创建具有更高的可靠性和安全性的新的硬件/软件。 Each company will separately pursue in terms of security enhancements, the PC platform has provided technical enterprise combined to form a TCG (Trusted Computing Group), to create a higher reliability as an industrial groups and safety of new hardware / software. 在TCG中,为计算平台规定了属于安全性芯片的TPM(受信任的平台模块)芯片的规范(参见日本专利申请公开出版物No. 2005-317026)。 In the TCG, as part of the computing platform provides security chip TPM (Trusted Platform Module) chip specification (see Japanese Patent Application Publication No. 2005-317026).

然而,对于常规技术,图像很可能被轻松地窜改,因此,不能确保图像的高级别的可靠性。 However, with conventional technology, the image is likely to be easily tampered with, therefore, can not ensure a high level of reliability of the image.

发明内容 SUMMARY

本发明的目的是至少部分地解决常规技术中所存在的问题. Object of the present invention to at least partially solve the conventional art problems.

根据本发明的一个方面的信息处理设备包括获取电子数据的数据获取单元;抗窜改芯片,该芯片包括存储设备特定的机密密钥的存储单元,以及收集设备信息的收集单元,所述设备信息是设备的内部信息;将收集的设备信息附加到获取的电子数据中的附加单元;以及使用机密密钥对附加了设备信息的电子数据进行加密的加密单元。 The information processing apparatus according to an aspect of the present invention includes obtaining data of the electronic data acquisition unit; tamper-resistant chip, the chip includes a storage device-specific secret key storage unit, and a collecting unit collecting device information, the device information is internal information device; the collected device information attachment unit attached to the electronic data acquired; and using a secret key for additional information of electronic encryption unit encrypting data.

根据本发明的另一个方面的信息处理设备包括获取电子数据的数据获取单元;抗窜改芯片,该芯片包括存储设备特定的机密密钥的 The information processing apparatus according to another aspect of the present invention includes obtaining data of the electronic data acquisition unit; tamper-resistant chip, the chip includes a storage device-specific secret key

5存储单元,以及收集设备信息的收集单元,所述设备信息是设备的内 A storage unit 5, and a collecting unit collecting device information, the device information is within the device

部信息;将收集的设备信息附加到获取的电子数据中的附加单元;生成附加了设备信息的电子数据的散列值的生成单元;以及使用机密密钥对生成的散列值进行加密的加密单元。 Information portion; the collected device information attachment unit attached to the electronic data acquired; generating appended hash value generation unit of information of electronic transactions; and the hash value with the secret key to encrypt the generated encryption unit.

根据本发明的再一个方面的信息处理方法包括获取电子数据;在存储了设备特定的机密密钥的抗窜改芯片中收集设备信息,所述设备信息是设备的内部信息;将收集的设备信息附加到获取的电子数据中;以及使用机密密钥对附加了设备信息的电子数据进行加密。 The information processing method according to a further aspect of the present invention comprises an electronic data acquisition; collecting information in the storage device of the tamper-resistant chip device specific secret key, the information of the device is an internal device information; device information collecting additional the electronic data acquired; and using a secret key for additional information of electronic data is encrypted.

根据本发明的再一个方面的信息处理方法包括获取电子数据;在存储了设备特定的机密密钥的抗窜改芯片中收集设备信息,所述设备信息是设备的内部信息;将收集的设备信息附加到获取的电子数据中;生成附加了设备信息的电子数据的散列值;以及使用机密密钥对生成的散列值进行加密。 The information processing method according to a further aspect of the present invention comprises an electronic data acquisition; collecting information in the storage device of the tamper-resistant chip device specific secret key, the information of the device is an internal device information; device information collecting additional the electronic data acquired; generating a hash value added information of electronic transactions; and using the secret key to encrypt the generated hash value.

根据本发明的再一个方面的计算机程序产品包括计算机可使用的介质,具有在介质中实现的计算机可读取的程序代码,当执行这些程序代码时,使计算机执行:获取电子数据;在存储了设备特定的机密密钥的抗窜改芯片中收集设备信息,所述设备信息是设备的内部信息;将收集的设备信息附加到获取的电子数据中;以及使用机密密钥对附加了设备信息的电子数据进行加密。 According to a further aspect of the present invention is a computer program product comprising a computer usable medium having a computer program code implemented in the medium can be read by the program code when executed causing a computer to execute: acquiring electronic data; stored in tamper-resistant chip device specific secret key of the collection device information, the device information is a device internal information; the collected device information attached to the electronic data acquired; and using the secret key of the electronic device additional information data is encrypted.

根据本发明的再一个方面的计算机程序产品包括计算机可使用的介质,具有在介质中实现的计算机可读取的程序代码,当执行这些程序代码时,使计算机执行:获取电子数据;在存储了设备特定的机密密钥的抗窜改芯片中收集设备信息,所述设备信息是设备的内部信息;将收集的设备信息附加到获取的电子数据中;生成附加了设备信息的电子数据的散列值;以及使用机密密钥对生成的散列值进行加密。 According to a further aspect of the present invention is a computer program product comprising a computer usable medium having a computer program code implemented in the medium can be read by the program code when executed causing a computer to execute: acquiring electronic data; stored in tamper-resistant chip device specific secret key of the collection device information, the device information is a device internal information; the collected device information attached to the electronic data acquired; generating a hash value added information of electronic data ; and using the secret key to encrypt the generated hash value.

通过阅读下面对本发明的目前优选的实施例的详细描述,并参考附图,将更好地理解本发明的上述及其他目的、特征、优点和技术和工业的意义。 Upon reading the following detailed description of presently preferred embodiments of the present invention, with reference to the accompanying drawings, it will be better understood meaning of the above and other objects, features, advantages and technical and industrial invention. 附图说明 BRIEF DESCRIPTION

图1和2是说明了本发明的基本原理的示意图; 1 and FIG. 2 is a diagram explaining the basic principles of the present invention;

图3是根据本发明的实施例的信息处理系统的示例的方框图; FIG 3 is a block diagram of the information processing system according to an exemplary embodiment of the present invention;

图4是根据本实施例的图像扫描仪的示例的方框图; FIG 4 is a block diagram according to an exemplary embodiment of the image scanner of the present embodiment;

图5是控制单元中包括的控制设备的示例的方框图; FIG 5 is a block diagram of an example of a control device included in the control unit;

图6是TPM芯片的示例的方框图; FIG 6 is a block diagram of an example of a TPM chip;

图7是根据本实施例的PC的示例的方框图; FIG 7 is a block diagram of an example of a PC according to the present embodiment;

图8是根据本实施例的服务器的示例的方框图; FIG 8 is a block diagram according to an example embodiment of the server of the present embodiment;

图9是根据本实施例的信息通信终端的示例的方框图; FIG 9 is a block diagram according to an example embodiment of the information communication terminal of the present embodiment;

图10和11是根据本实施例的图像扫描仪的主过程的处理过 10 and 11 are according to a processing procedure of a main image scanner of the present embodiment

程的流程图;以及 A flowchart of the process; and

图12是说明在构成了根据本实施例的信息处理系统的设备之 FIG 12 is a diagram illustrating the configuration of the device in an information processing system according to an embodiment of the present

间转移电子数据的过程的示例的示意图; Schematic illustration of a process between the electronic data transfer;

图13是说明在构成了根据本实施例的倌息处理系统的设备之间 FIG 13 is a diagram illustrating the configuration between the information processing apparatus groom system according to an embodiment of the present

转移电子数据的过程的示例的示意图; Schematic illustration of a process of the electronic data transfer;

图14是说明在构成了根据本实施例的信息处理系统的设备之间 FIG 14 is a diagram illustrating the configuration of an information processing system between devices according to an embodiment of the present

转移电子数据的过程的示例的示意图; Schematic illustration of a process of the electronic data transfer;

图15是说明在构成了根据本实施例的信息处理系统的设备之间 FIG 15 is a diagram illustrating the configuration of an information processing system between devices according to an embodiment of the present

转移电子数据的过程的示例的示意图。 A schematic example of a process of transferring electronic data. 具体实施方式 Detailed ways

下面将参考附图详细描述本发明的示范性实施例。 The exemplary embodiments described in detail below with reference to the accompanying drawings of the present invention. 本实施例不对本发明作出限制。 This embodiment of the present invention are not to be limiting. 具体来说,虽然本实施例以TPM芯片作为具有抗窜改性能的芯片的示例,但是,本发明的芯片不仅限于TPM芯片。 Specifically, although in the present embodiment as an example TPM chip having tamper-resistant properties of the chip, but the chip of the present invention is not limited TPM chip.

图1是用于说明本发明的基本原理的示意图。 FIG 1 is a schematic diagram illustrating the general principles of the present invention is used.

简单来说,本发明包括下列基本特征。 Briefly, the present invention includes the following basic features. 信息处理设备100首先获取电子数据.具体来说,当图像处理设备是诸如图像扫描仪、打印机、多功能设备或传真机之类的图像读取设备时,信息处理设备100 利用预置的困像处理单元读取电子数据(例如,图像信息)(步骤Sl),当信息处理设备是个人计算机(PC)或服务器时,信息处理设备100从进行了通信连接的另一个信息处理设备(未显示)接收电子数据(步骤S-2)。 The information processing apparatus 100 first acquires electronic data. In particular, when the image processing apparatus is an image reading apparatus such as an image scanner, a printer, a multifunction device, or a facsimile machine, the information processing apparatus 100 using a preset image sleepy the processing unit reads the electronic data (e.g., image information) (step Sl is), when the information processing apparatus is a personal computer (PC) or server, the information processing apparatus 100 from another information processing apparatus carried out a communication connection (not shown) receiving electronic data (step S-2).

具有TPM芯片IO的信息处理设备100收集设备信息,所述芯片10是具有抗窜改性能的芯片,由信息处理设备提供,所述信息是信息处理设备中的信息,信息处理设备100存储收集到的设备信息存储在设备信息文件,并将设备信息附加到电子数据(步骤S-3)。 The information processing apparatus having a TPM chip IO device 100 collects the information, the chip 10 is a chip having tamper-resistant properties, provided by the information processing apparatus, the information in the information processing apparatus, the information processing apparatus 100 stores the collected the device information stored in the device information file, and the device information attached to the electronic data (step S-3). 这会生成包括电子数据和设备信息的电子文件(例如,当电子数据是图像信息时,是图像文件)。 This generates an electronic document including electronic data and device information (e.g., when the electronic data is image information, an image file). 设备信息包括,例如,设备(信息处理设备100)所特定的设备,设备操作状态信息(关于获取(读取或接收)电子数据的设备(信息处理设备100)的操作状态的信息),网络信息(关于网络的倌息),外围设备信息(关于连接到设备(信息处理设备100)的外围设备的信息)。 Device information includes, for example, the device (the information processing apparatus 100) of the particular device, the device operating status information (information of the operation state of the acquisition (or reading apparatus receiving electronic data) (the information processing apparatus 100)), network information (groom the information about the network), the peripheral device information (about the connection to the device (the information processing apparatus 100) of the peripheral device information). 设备特定信息是诸如制造商的名称、型号、序列号以及在工厂出货时存储的制造日期。 Device-specific information such as the manufacturer's name, date of manufacture model number, serial number, and when the shipment from the factory store. 当信息处理设备100是诸如困像扫描仪、打印机、多功能设备或传真机之类的图像读取设备时,设备操作状态信息包括,例如,读取模式信息,当信息处理设备100 PC或服务器时,设备操作状态信息包括操作曰志,其中包括操作过程中的设置信息和操作结果。 When the information processing apparatus 100 is an image reading apparatus such as a trapped image scanner, a printer, a multifunction device, or a facsimile machine, the device operating status information includes, for example, the information read mode, when the PC 100 or the server information processing apparatus , the device operation status information includes operating said Chi, including setting information and the operation result during operation. 当图像处理单元读取电子数据(例如,图像信息)时,读取模式信息是关于读取模式的信息,而读取模式信息是分辨率、彩色/单色以及二进制/多值之类的信息。 When the image processing unit reads the electronic data (e.g., image information), the read mode information is the information about the read mode, the read mode information is resolution information of color / monochrome and binary / multi-value or the like .

回到图1的描述,信息处理设备100利用存储在由TPM芯片10提供的机密密钥文件中的设备(信息处理设备)特定的机密密钥对在步骤S-3中生成的电子文件i近行加密(步骤S-4)。 Back to the description of FIG. 1, the device information processing apparatus 100 using the secret key stored in the file provided by the TPM chip 10 (information processing device) of a particular secret key generated in step S-3 near the electronic document i encrypt (step S-4).

然后,信息处理设备100将在步骤S-4中加密的电子文件传输到进行了通信连接的另一个信息处理设备(未显示)(步骤S-5)。 Then, at step 100 the encrypted electronic file S-4 in the information processing apparatus has been transmitted to another information processing apparatus connected to a communication (not shown) (step S-5).

通过接收加密的电子文件,信息处理设备可以通过对电子文件进行解密来指定传输了电子文件的信息处理设备,因此,本发明进一步改善了电子数据的可靠性。 By receiving the encrypted electronic file, the information processing apparatus can specify a file by decrypting the electronic information processing device transmitted electronic file, therefore, the present invention further improves the reliability of electronic data. 换句话说,本发明确保了电子数据的高级别的可靠性。 In other words, the present invention ensures a high level of reliability of the electronic data. 信息处理设备100可以对信息处理设备进行操作的人(操作员) The information processing apparatus 100 can operate the information processing apparatus (operator)

执行单个身份验证,并可以进一步将执行单个身份验证时记录的操作 Performing individual authentication, and may further be performed when the recording operation of a single authentication

员的身份验证信息附加到电子数据中(步骤S-6)。 Identity authentication information to the member of the electronic data (step S-6). 通过除了接收设备信息之外还接收包括身份验证信息的加密的电子文件,信息处理设备不仅可以通过对电子文件进行解密来指定传输了电子文件的信息处理设备,而且还可以指定传输了电子文件的信息处理设备的操作员。 By addition to the information receiving apparatus further comprises receiving authentication information encrypted electronic file, the information processing apparatus can not only decrypt the electronic file to specify the information processing apparatus transmitting the electronic file, but also specifies the electronic file transfer the operator of the information processing apparatus. 因此,本发明进一步改善了电子数据的可靠性。 Accordingly, the present invention further improves the reliability of electronic data.

信息处理设备100可以生成电子数据的散列值(步骤S-7)并可以进一步将散列值附加到电子数据中(步骤S-8)。 The information processing apparatus 100 may generate a hash value of the electronic data (step S-7) and may further append the hash value to the electronic data (step S-8). 通过除了接收设备信息之外还接收进一步包括散列值的加密的电子文件,信息处理设备不仅可以通过对电子文件进行解密来指定传输了电子文件的信息处理设备,而且还可以检查电子数据的窜改情况。 By further addition to the information receiving apparatus further comprises receiving a hash value of the encrypted electronic document, the information processing apparatus can specify not only the electronic file is decrypted by the information processing apparatus transmitted electronic file, but can also check the electronic data falsification Happening. 因此,本发明进一步改善了电子数据的可靠性。 Accordingly, the present invention further improves the reliability of electronic data.

信息处理设备100可以从执行时间验证的进行了通信连接的信息通信终端200获取时间信息(时间证书),并可以进一步将时间信息附加到电子数据中。 The information processing apparatus 100 may verify the information communication terminal is a communication connection 200 acquires time information (time certificate), and may further be time information is attached to the electronic data from the execution time. 具体来说,信息处理设备100提取电子数据的散列值(步骤S-7),并将提取的散列值传输到信息通信终端200。 Specifically, the information processing apparatus 100 extracts the hash value of the electronic data (step S-7), and the extracted hash values ​​are transmitted to the information communication terminal 200. 如此,信息处理设备100向信息通信终端200请求颁发时间戳,包括信息处理设备100在获取.(读取或接收)电子数据时的时间信息和散列值。 Thus, the information communication terminal 100 to request the information processing apparatus 200 issued by the time stamp, the information processing apparatus 100 includes the acquisition. Time information and the hash value of the electronic data (read or received). 然后,信息处理设备100从信息通信终端200接收对应于发往信息通信终端200的颁发请求的时间戳,并进一步将时间戳中包括的时间信息附加到电子数据中(步骤S-9)。 Then, the information processing apparatus 100 received from the information communication terminal 200 corresponding to the request sent to the time stamp issued by the information communication terminal 200, and further time stamp information included in the additional electronic data (step S-9). 通过除了接收设备信息之外还接收包括时间信息的加密的电子文件,信息处理设备不仅可以通过对电子文件进行解密来指定传输了电子文件的信息处理设备,而且还可以证实电子数据的采集时间(读取时间或接收时间)。 By addition to the information receiving apparatus further comprises an encrypted electronic document received time information, the information processing apparatus can specify not only the electronic file is decrypted by the information processing apparatus transmitted electronic file, but also confirmed that electronic data acquisition time ( reading time or receiving time). 因此,本发明进一步改善了电子数据的可靠性。 Accordingly, the present invention further improves the reliability of electronic data.

信息处理设备100还可以利用机密密钥对设备信息、身份验证信息、散列值、时间信息等等中的至少一个进行加密,并可以将加密的设备信息、身份验证信息、散列值、时间信息等等中的至少一个附加到电子数据中。 The information processing apparatus 100 may also use the device secret key information, authentication information, a hash value, at least one of time information, etc. Encryption and device information may be encrypted, the authentication information, the hash value, the time information, etc. At least one additional electronic data.

TPM芯片10可以提供存储设备特定的机密密钥的存储单元, 收集设备信息的收集单元,所述设备信息是设备中的信息,以及,将诸如设备信息、散列值、时间信息以及身份验证信息之类的信息附加到电子数据中的附加单元以及利用机密密钥对附加了设备信息的电子数据等等进行加密。 TPM chip 10 may provide a storage unit for storing a device-specific secret key, device information collecting unit collects the device information in the device information, and the information of the device authentication information, a hash value, and time information such as the identity information or the like attached to the electronic data using the secret key and the additional unit is added to the device information encrypting electronic data and the like.

图2是用于说明本发明的基本原理的示意图。 FIG 2 is a schematic diagram illustrating the general principles of the present invention is used.

简单来说,本发明包括下列基本特征。 Briefly, the present invention includes the following basic features. 信息处理设备100首先获取电子数据。 The information processing apparatus 100 first acquires electronic data. 具体来说,当图像处理设备是诸如图像扫描仪、打印机、多功能设备或传真机之类的图像读取设备时,信息处理设备100 利用预置的图像处理单元读取电子数据(例如,图像信息)(步骤Tl),当信息处理设备是PC或服务器时,信息处理设备100从进行了通信连接的另一个信息处理设备(未显示)接收电子数据(步骤T-2)。 Specifically, when the image processing apparatus is an image reading apparatus such as an image scanner, a printer, a multifunction device, or a facsimile machine, the information processing apparatus 100 using a preset image processing unit reads the electronic data (e.g., image information) (step Tl), when the information processing apparatus is a PC or server, the information processing apparatus 100 from another information processing apparatus carried out a communication connection (not shown) receiving electronic data (step T-2).

具有TPM芯片10的信息处理设备100收集设备信息,所述芯片10是具有抗窜改性能的芯片,由信息处理设备提供,所述信息是信息处理设备中的信息,信息处理设备100将收集到的设备信息存储在设备信息文件,并将设备信息附加到电子数据(步驟T-3)。 TPM chip having the information processing apparatus 100 collects device information 10, the chip 10 is a chip having tamper-resistant properties, provided by the information processing apparatus, the information in the information processing apparatus, the information processing apparatus 100 will be collected the device information stored in the device information file, and the device information attached to the electronic data (step T-3). 这会生成包括电子数据和设备信息的电子文件(例如,当电子数据是图像信息时,是图像文件)。 This generates an electronic document including electronic data and device information (e.g., when the electronic data is image information, an image file).

然后,信息处理设备100生成在步骤T-3生成的电子文件的散列值(步骤T-4)。 Then, the information processing apparatus 100 generates a hash value at Step T-3 is generated electronic document (Step T-4).

然后,信息处理设备100利用存储在由TPM芯片10提供的机密密钥文件中的设备(信息处理设备)特定的机密密钥对在步骤T-4中生成的散列值进行加密(步猓T-5)。 Then, the device information processing apparatus 100 using the secret key stored in the file provided by the TPM chip 10 (information processing apparatus) specific secret key step T-4 is generated in the hash value is encrypted (step Guo T -5).

然后,信息处理设备100将在步骤T-5中加密的散列值和在步骤T-3中生成的电子文件传输到进行了通信连接的另一个信息处理设备(未显示)(步骤T-6 )。 Then, the information processing apparatus 100 transmits in step T-5 and the encrypted hash value generated in Step T-3 in the electronic file to the another information processing apparatus carried out a communication connection (not shown) (Step T-6 ).

接收了加密的散列值和电子文件的信息处理设备可以通过对散列值进行解密,生成接收到的电子文件的散列值,以及对比解密的散列值和生成的散列值,来指定传输了电子文件的信息处理设备。 Received encrypted hash value and the information processing apparatus may be an electronic document hash value by decrypting the hash value, to generate the received electronic file, and the comparative hash value and the decrypted hash value generated to specify transmission of the information processing apparatus of electronic documents. 因此, 本发明进一步改善了电子数据的可靠性。 Accordingly, the present invention further improves the reliability of electronic data. 换句话说,本发明可以确保电子数据的高级别的可靠性。 In other words, the present invention can ensure a high level of reliability of the electronic data. 本发明进一步改善了电子数据的可靠性,因为本发明可以检查电子数据的窜改情况。 The present invention further improves the reliability of electronic data, as tampering check the case of the present invention can be electronic data.

信息处理设备100可以对信息处理设备进行操作的人(操作员) The information processing apparatus 100 can operate the information processing apparatus (operator)

执行单个身份验证,并可以进一步将执行单个身份验证时记录的操作 Performing individual authentication, and may further be performed when the recording operation of a single authentication

员的身份验证信息附加到电子数据中(步骤T-7)。 Members authentication information to the electronic data (Step T-7). 通过除了接收设备倌息之外还接收包括身份验证信息的加密的电子文件,信息处理设备不仅可以指定传输了电子文件的信息处理设备,而且还可以指定传输了电子文件的信息处理设备的操作员。 Not only can specify the information processing apparatus transmitted through the electronic file in addition to groom the information receiving apparatus further comprises receiving authentication information encrypted electronic file, the information processing apparatus, but also the operator can specify the transmission information processing apparatus of an electronic document . 因此,本发明进一步改善了电子数据的可靠性。 Accordingly, the present invention further improves the reliability of electronic data.

信息处理设备100可以从执行时间验证的进行了通信连接的信息通信终端200获取时间信息(时间证书),并可以进一步将时间信息附加到电子数据中。 The information processing apparatus 100 may verify the information communication terminal is a communication connection 200 acquires time information (time certificate), and may further be time information is attached to the electronic data from the execution time. 具体来说,信息处理设备100首先提取电子数据的散列值(步骤T-8),并将提取的散列值传输到信息通信终端200。 Specifically, the information processing apparatus 100 first extracts the hash value of the electronic data (Step T-8), and transmitting the extracted hash value to the information communication terminal 200. 如此,信息处理设备100向信息通倌终端200请求颁发时间戳,包括信息处理设备100在获取(读取或接收)电子数据时的时间信息和散列值。 Thus, the information processing apparatus 200 requests 100 issued to the time stamp information communication terminal groom, the time information 100 including the information processing apparatus and a hash value acquired at the time (reading or receiving) electronic data. 然后,信息处理设备100从信息通信终端200 接收对应于发往信息通信终端的颁发请求的时间戳,并进一步将时间戳中包括的时间信息附加到电子数据中(步骤T-9)。 Then, the information processing apparatus 100 received from the information communication terminal 200 corresponding to the time stamp information sent to the issuance request of the communication terminal, and further time stamp information included in the additional electronic data (Step T-9). 通过除了设备信息之外还接收包括时间信息的加密的电子文件,信息处理设备不仅可以通过对电子文件进行解密来指定传输了电子文件的信息处理设备,而且还可以证实电子数据的采集时间(读取时间或接收时间)。 By addition to the information apparatus further comprises an encrypted electronic document received time information, the information processing apparatus can specify not only the electronic file is decrypted by the information processing apparatus transmitted electronic file, but also confirmed that the electronic data acquisition time (read access time or receiving time). 因此,本发明进一步改善了电子数据的可靠性。 Accordingly, the present invention further improves the reliability of electronic data.

下面将参考图3到9描述根据本实施例的信息处理系统的配置。 3-9 will be described configuration of the information processing system according to the present embodiment with reference to FIG.

图3是根据本发明的实施例的信息处理系统的示例的方框图。 FIG 3 is a block diagram example of an information processing system according to an embodiment of the present invention. 如困3所示,信息处理系统是通过将图像扫描仪IOOA、多个 As shown, the information processing system 3 is trapped by an image scanner IOOA, a plurality of

iiPC 100B (围3中为4个),以及安装在分公司的服务器IOOC, 安装在总公司的服务器IOOD,以及安装在数据中心的服务器100E 进行通信连接而构成的。 iiPC 100B (around 3 to 4), and IOOC branch installed in the server, the server installed in the head office IOOD, 100E and the server installed in the data center is configured by connecting communication.

图4是根据本实施例的图像扫描仪100A的示例的方框图,只在概念上显示了涉及本发明的配置的一部分。 FIG 4 is a block diagram of an example of the image scanner 100A of the embodiment according to the present embodiment, only a portion of the configuration of the present invention relates to conceptually.

图像扫描仪100A是作为信息处理设备100的一部分提供的, 具体来说,是图像扫描仪。 The image scanner 100A as part of the information processing apparatus 100 is provided, in particular, is an image scanner. 如图4所示,图像扫描仪100A被配置为大致至少提供机械单元110、控制单元120,以及光学单元130。 4, the image scanner 100A is configured to provide at least a substantially mechanical unit 110, controls 120, and an optical unit 130 unit.

机械单元110是通过将自动走纸(APF)单元/平板单元(包括电机、传感器等等)以及用于将机械单元连接到另一个单元的单元接口互连在一起构成的。 Mechanism unit 110 is formed by the ADF (APF) cells / plate unit (including motors, sensors, etc.) and means for mechanically connecting the unit to the interface unit of another interconnection unit configured together.

控制单元120是通过将控制设备121以及将控制单元连接到另一个单元的单元接口互连在一起构成的。 The control unit 120 by the control device 121, and an interface unit connected to the interconnect control unit to another unit configured together. 图5是控制单元120中包括的控制设备121的示例的方框图。 FIG 5 is a block diagram of an example of a control device 121 included in the control unit 120.

如图6所示,控制设备121是这样构成的:利用如图所示的总线,将接口20 (将图像扫描仪连接到另一个信息处理设备(具体来说,PC100B)的接口) , MPU (微处理单元)11、控制程序12 (对单元进行控制的程序)、RAM (随机存取存储器)13 (存储了日志信息(对应于设备操作状态信息),包括单元操作过程中的设置信息和操作结果),读取电子数据(例如,图像信息)的图像处理单元14, 存储设备信息的设备信息文件15,提取电子数据的散列值的散列引擎16,读取单个信息和操作员的指紋信息的ID卡读取单元17,识别搮作员的指紋的指紋识别单元18,对各种信息进行加密的加密引擎39, TPM芯片10,以及诸如键盘、鼠标,以及监视器之类的输出单元21互连在一起。 6, the control device 121 is constructed such that: as shown with a bus, the interfaces (image scanner interface is connected to another information processing apparatus (specifically, PC100B) of) 20, MPU ( micro processing unit) 11, a control program 12 (program control unit), RAM (random access memory) 13 (stored in the log information (information corresponding to the operation state of the device), including setting information and operation of the process unit operation result), the read electronic data (e.g., image information) of the image processing unit 14, a device information file 15 stores device information, the electronic data extracted hash value of the hash engine 16, a single read fingerprint information and the operator ID card information reading unit 17, the fingerprint identification as members of Li fingerprint-identification unit 18, various kinds of information encrypted encryption engine 39, TPM chip 10, such as a keyboard and a mouse, and an output unit monitor, 21 interconnected together.

图6是TPM芯片10的示例的方框图。 FIG 6 is a block diagram of an example of a TPM chip 10. TPM芯片10是具有抗窜改性能的芯片,并收集和存储关于每一个单元的信息。 TPM chip 10 is a chip having tamper-resistant properties, and to collect and store information about each cell. 除了存放了机密密钥之外,TPM芯片10还收集设备的信息,并将信息存储在设备(单元)信息文件中。 In addition to the secret key stored outside, the TPM chip 10 also collects information about the device, and the information is stored in the device (means) in the information file. 由TPM芯片10收集的信息包括控制程序、OS (操作系统)以及BIOS (基本输入/输出系统)和连接的设备的内容(例如,版本号和散列值)。 Information collected by the TPM chip 10 includes a content control program, the OS (Operating System) and a BIOS (Basic Input / Output System) and a connected device (e.g., version number and the hash value). 由于由TPM芯片10收集的信息高度独立于设备,不会面临来自外部的入侵,因此,可以使用收集到的数据确认设备的完整性。 Since the information collected by the TPM chip 10 is highly independent apparatus, not face the invasion from the outside, and therefore, can be used to confirm the integrity of the data collection device. 如图5所示,TPM芯片10通过利用如图所示的总线,将包括签名和加密所需的机密密钥的机密密钥文件101、控制程序102、设备信息文件103、指紋信息文件104、 MPU105以及RAM 106互连起来而构成。 As shown, the TPM chip 510 as shown by the use of the bus, including the secret key encryption and signature files required secret key 101, the control program 102, a device information file 103, the fingerprint information file 104, MPU105 and RAM 106 are interconnected to form. TPM芯片10安装在单元的外壳中,以便芯片不会轻松地从外部取出,当去除TPM芯片时, 单元不能工作。 TPM chip 10 is mounted in the housing unit, so that the chip will not be removed easily from the outside, when removing the TPM chip unit can not work.

回到图3,在光学单元130中,包括CCD、光源等等的光学系统设备,以及TPM芯片10通过单元接口互连在一起。 Returning to Figure 3, in the optical unit 130 includes the CCD, a light source optical system device and the like, and the TPM chip 10 are interconnected via an interface unit.

图7是根据本实施例的PC100B的示例的方框图,只在概念上显示了关于本发明的配置的一部分。 FIG 7 is a block diagram of an example embodiment of the present embodiment PC100B according disposed on only a portion of the present invention conceptually.

PC 100B是作为信息处理设备100的一部分提供的。 PC 100B as part of the information processing apparatus 100 is provided. 如图7 所示,PC100B是通过利用如图所示的总线将CPU(中央处理单元) 140、相当于RAM 13和RAM 106的RAM 141,相当于接口20的通信控制I/F142,相当于输入/输出单元21的输入/输出单元143, 诸如监视器之类的显示单元144、相当于TPM芯片10的TPM芯片145,诸如硬盘之类的存储单元146,相当于ID卡读取单元17 的ID卡读取单元147,以及相当于指紋识别单元18的指紋识别单元148而构成的。 7, PC100B through the use of the bus as shown CPU (Central Processing Unit) 140, corresponds to RAM RAM 141 13 and the RAM 106, the communication controller 20 corresponds to the interface I / F142, corresponding to the input input / output unit 21 / the output unit 143, a display unit such as a monitor 144, TPM chip 145 corresponds to TPM chip 10, such as a hard disk storage unit 146, corresponding to ID ID card reading unit 17 card reading unit 147, and corresponds to the fingerprint-identification unit 18, the fingerprint identification unit 148 configured. 存储单元146存储了BIOS、客户端OS、软件、 控制程序和设备信息文件。 The storage unit 146 stores the BIOS, the client OS, software, control programs and device information file. 虽然PC 100B没有如图像扫描仪100A 那样提供加密引擎或散列引擎,但是,个人计算机100B却利用软件进行加密,并生成散列值。 Although PC 100B engine does not provide encryption or hash engine As image scanner 100A, however, the personal computer 100B but using software encryption, and generate a hash value. PC100B可以类似于图像扫描仪100A那样提供专用于加密和生成散列值的硬件。 PC100B may be similar to the image scanner 100A as dedicated hardware to generate an encrypted hash value and.

稍后将参考图8描述根据本实施例的服务器100C、 100D和100E的配置。 8 will be described later with reference to FIG server embodiment of the present embodiment 100C, 100D and 100E arranged. 将不描述与图像扫描仪100A或PC 100B共同拥有的配置。 We will not describe the configuration of the image scanner 100A or PC 100B jointly owned. 由于服务器100C、服务器100D,以及服务器100E的配置相类似,因此,将作为模型描述服务器100C的配置。 Since the server 100C, the server 100D, 100E, and the server configuration is similar, therefore, be described as a model configuration of the server 100C. 图8是根据本实施例的服务器100C的示例的方框图,只在概念上显示了关于 FIG 8 is a block diagram of an example server 100C according to the present embodiment, only about conceptually

本发明的配置的一部分。 Part of the configuration of the present invention.

服务器100C是作为信息处理设备100提供的。 Server 100C is provided as the information processing apparatus 100. 如图8所示, 类似于PC100B,服务器100C是通过利用如图所示的总线将CPU 150、 RAM 151、通信控制I/F 152、输入/输出单元143、显示单元154、 TPM芯片155、存储单元156、 ID卡读取单元157,以及指紋识别单元158连接起来而构成的。 8, similar PC100B, through the use of a bus server 100C as shown to CPU 150, RAM 151, the communication control I / F 152, an input / output unit 143, a display unit 154, TPM chip 155, storage unit 156, ID card reading unit 157, and a fingerprint identification unit 158 ​​configured by connecting. 类似于PC100B,存储单元156 存储了BIOS、客户端服务器OS、软件、控制程序和设备信息文件。 Similar PC100B, storage unit 156 stores the BIOS, client server OS, software, control programs and device information file. 虽然服务器100C没有如图像扫描仪100A那样提供加密引擎或散列引擎,但是,服务器100c却利用软件进行加密,或生成散列值。 Although the server 100C does not provide an encryption engine or a hash engine, such as an image scanner IOOA, however, the server 100c but using software encryption, or to generate a hash value. 服务器100C可以类似于图像扫描仪100A那样提供专用于加密或生成散列值的硬件。 Server 100C may be similar to the image scanner 100A as dedicated hardware to generate encryption or hash value.

图9是根据本实施例的信息通信终端200的示例的方框图,只在概念上显示了关于本发明的配置的一部分。 9 is a block diagram of an embodiment of the present information communication terminal 200 according to the embodiment, only a portion about the configuration of the invention conceptually.

信息通信终端200是与图像扫描仪100A、 PC 100B、服务器100C、服务器100D以及服务器100E进行了通信连接的信息通信终端,具体来说,是安装在时间戳颁发机构(TSA)中的信息通信终端。 Information communication terminal 200 is an image scanner 100A, PC 100B, server 100C, the server and the server 100D 100E were connected to the information communication terminal, specifically, the information communication terminal installed in the stamp authority (TSA) of . 信息通信终端200具有接收从图像扫描仪100A、 PC100B、服务器100C、服务器100D,以及服务器100E传输的时间戳的颁发请求(包括电子数据的散列值)的功能,并具有相对于接收到的由信息通信终端200进行管理的颁发请求获取精确的时间信息的功能。 The information communication terminal 200 has received from the image scanner IOOA, timestamp PC100B, server 100C, the server 100D, 100E and the server transmission issuance request (electronic data including a hash value) of the function with respect to and received by the information communication terminal 200 manages the issuance request of the function to obtain accurate time information. 然后,信息通信终端200向图像扫描仪IOOA、 PC IOOB、服务器IOOC、服务器IOOD,以及服务器100E颁发(传输)时间戳,其中包括所获取的时间信息中包括的散列值和接收到的颁发请求。 Then, the information communication terminal 200 IOOA to an image scanner, PC IOOB, IOOC server, server IOOD, issued 100E and a server (transmission) time stamp issuance request including the time information included in the acquired hash value and the received . 信息通信终端200的硬件配置可以利用信息处理设备构成,或利用诸如市场上销售的工作站和个人计算机之类的其附属的设备构成,信息通信终端200 Hardware configuration of the information communication terminal 200 can be configured using the information processing apparatus, or device with its attached configuration, the information communication terminal on the market workstations and personal computers such as 200

的功能是通过诸如CPU构成的硬件之类的控制设备、诸如硬盘驱动器、存储设备(RAM、 ROM (只读存储器)等等)之类的存储设备、 输入设备、输出设备、输入/输出接口、通信控制接口、控制设备的程 Function is controlled by hardware such as a device composed of a CPU, such as a hard drive, a storage device (RAM, ROM (Read Only Memory), etc.) of a storage device, input devices, output devices, input / output interface, communication control interface, the process control device

14序等等来实现的。 14 order, etc. to achieve. 图10是根据本实施例的图像扫描仪100A的主过程的处理过程的流程图。 FIG 10 is a flowchart of a processing procedure of a main process of an image scanner according to the present embodiment 100A of the embodiment. 图像扫描仪100A首先对操作员执行单个的身份验证(验证单元:步骤SA-1)。 The image scanner 100A first performs individual authentication (verifying unit: Step SA-1) to the operator. 当确认身份验证时,图像扫描仪100A读取图像信息(数据获取单元:步骤SA-2)。 When the authentication is confirmed, the image scanner 100A reads image information (data acquisition unit: Step SA-2). 在图像扫描仪100A中,TPM芯片10收集设备信息(设备特定信息,包括读取模式信息的设备搮作状态信息、网络信息、外围设备信息等等)(收集单元:步骤SA-3)。 In the image scanner 100A, 10 TPM chip collecting device information (device specific information, including device Li as status information, network information, the peripheral device information reading mode information, etc.) (collecting unit: Step SA-3). 然后,图像扫描仪100A提取在步骤SA-2中读取的图像信息的散列值(生成单元:步骤SA-4)。 Then, the image scanner 100A at step SA 2-extracted hash value of the read image information (generator: Step SA-4). 通过将在步骤SA-4中提取的散列值传输到信息通信终端200,图像扫描仪100A请求向信息通信终端200颁发时间戳,包括在读取图像信息时的时间信息和散列值,并通过接收对应于来自信息通信终端200的颁发请求的时间戳,图像扫描仪100A获取可靠的时间信息(时间获取单元:步骤SA-5)。 To the information communication terminal by transmitting the hash value extracted in step SA-4 in 200, the image scanner 100A to the request issued by the time stamp information communication terminal 200, comprising time information and the hash value at the time of reading the image information, and corresponding to a request issued by receiving the timestamp from the image scanner 100A of the information communication terminal 200 to obtain reliable time information (time acquisition unit: step SA-5). 然后,图像扫描仪100A将在步骤SA-1中执行单个身份验证时记录的操作员的身份验证信息、在步骤SA-3中收集的设备信息、 在步骤SA-4中提取的散列值,以及在步骤SA-5中获取的时间信息附加到在步骤SA-2中读取的图像信息,并生成包括身份验证信息、 设备信息、散列值、时间信息,以及图像信息的图像文件(附加单元, 步骤SA-6) 。 Then, the image scanner 100A performs identity authentication recorded when a single operator in step SA-1 authentication information, device information collected in step SA-3 and SA-4 in step extracted the hash value, and acquired at step SA-5 in the time information added to the image information is read in step SA-2, and generates the authentication information including device information, a hash value, the time information, image information and the image file (the additional means step SA-6). TPM芯片10可以将身份验证信息、设备信息,散列值,以及时间信息附加到图像信息中,以生成图像文件。 TPM chip 10 may be authentication information, device information, a hash value, and time information added to the image information, to generate an image file. 然后,图像扫描仪100A利用机密密钥对在步骤SA-4中生成的图^(象文件进行加密(加密单元:步骤SA-7) 。 TPM芯片10可以利用机密密钥对图像文件进行加密。然后,图像扫描仪100A将在步骤SA-7中加密的图像文件传输到另一个信息处理设备(例如,PC IOOB、服务器IOOC、服务器100D,以及服务器100E)(传输单元:步骤SA-8)。图11是根据本实施例的图像扫描仪100A的主过程的处理过程的流程图。图像扫描仪100A首先对操作员执行单个的身份验证(验证单元:步骤SF-1)。当在步骤SF-1中确认身份验证时,图像扫描仪100A读取图像信息(数据获取单元:步骤SF-2)。在图像扫描仪100A中,TPM芯片10收集设备信息(设备特定信息,设备操作状态信息,包括读取模式信息、网络信息、外围设备信息等等)(收集单元:步骤SF-3)。然后,围像扫描仪100A从信息通信终端200获取可靠的时间信息( Then, the image scanner 100A using the secret key generated in step SA-4 in FIG ^ (image file encryption (encryption unit: step SA-7) TPM chip 10 can be image files encrypted with the secret key. then, the image scanner 100A to be transmitted to another information processing apparatus (e.g., PC IOOB, IOOC server, the server 100D, 100E and the server) in step SA-7 encrypted image file (transmitting unit: step SA-8). FIG 11 is an image scanner 100A first performs a single operator authentication (verifying unit: step SF-1) according to the main flowchart of a process procedure of the image scanner 100A of the present embodiment. when in step SF- when a confirmed authentication, the image scanner 100A reads image information (data acquisition unit: step SF-2) in the image scanner 100A, the TPM chip 10 collects device information (device-specific information, device operation status information, including. reading mode information, network information, peripheral information, etc.) (collecting unit: step SF-3) then, as the scanner 100A around obtain reliable time information from the information communication terminal 200 ( 时间获取单元:步骤SF-4)。具体来说,通过提取在步骤SF-2 中读取的图像信息的散列值,并将提取的散列值传输到信息通信终端200,图像扫描仪100A请求向信息通信终端200颁发时间戳,包括在读取图像倌息时的时间信息和散列值,图像扫描仪100A接收对应于来自信息通信终端200的颁发请求的时间戳。然后,图像扫描仪100A将在步骤SF-1中执行单个身份验证时记录的操作员的身份验证信息、在步骤SF-3中收集的设备信息、 在步骤SF-4中获取的时间信息附加到在步骤SF-2中读取的图像信息,并生成包括身份验证信息、设备信息、时间信息以及图像信息的图像文件(附加单元:步骤SF-5) 。 TPM芯片10可以将身份验证信息、设备信息以及时间信息附加到图像信息中,并生成图像文件。然后,图像扫描仪100A生成在步骤SF-5中生成的图像文件的散列值(生成单元:步骤SF-6)。 Time acquisition unit: step SF-4) Specifically, the hash value of the image information read in step SF-2 by extraction, and the extracted hash value is transmitted to the information communication terminal 200, the image scanner 100A timestamp issuing request to the information communication terminal 200, comprising time information and the hash value at the time of reading the image information of the groom, the image scanner 100A receives information from a communication terminal corresponding to a request issued by the time stamp 200. then, image scanner 100A will perform identity record when the individual authentication of the operator at step SF-1 authentication information, device information step SF-3 collected, obtained in step SF-4 time information is attached to the step SF-2 read image information, and generating a authentication information, device information, time information and the image information of the image file. (attachment unit: step SF-5) TPM chip 10 may be authentication information, device information, and time information added the image information, and then generates an image file, an image scanner 100A generates a hash value generating step SF-5 is in the image file. (generating unit: step SF-6). 图像扫描仪100A利用机密密钥对在步骤SF-6中生成的散列值进行加密(加密单元:步骤SF-7) 。 TPM芯片10可以利用机密密钥对散列值进行加密。然后,图像扫描仪100A将在步骤SF-8中加密的散列值和在步骤SF-5中生成的图像文件传输到另一个倌息处理设备(例如,PC IOOB、服务器IOOC、服务器IOOD,以及服务器100E)(传输单元: 步骤SF-8)。如上文所描述的,信息处理设备100 (图像扫描仪IOOA、 PC IOOB、服务器IOOC、服务器IOOD,以及服务器IOOE)将设备信息、 散列值、时间信息、身份验证信息等等中的至少一个附加到获取的电子数据(例如,图像信息)中,信息处理设备100利用机密密钥对附加了信息的电子数据进行加密,并传输加密的电子数据。 The image scanner 100A to the step SF 6-generated hash value is encrypted with the secret key. (Encryption unit: step SF-7) TPM chip 10 may be encrypted hash value using the secret key and then the image. the scanner 100A encrypted at step SF-8 and the hash value is transmitted to another information processing apparatus groom at step SF-5 generated image file (e.g., PC IOOB, IOOC server, server IOOD, and a server 100E) (transmitting unit: step SF-8) as hereinbefore described, 100 (image scanner IOOA, PC IOOB, IOOC server, server IOOD, and a server IOOE) the device information, the hash value of the information processing apparatus, the time information. the authentication information and the like at least one additional electronic data (e.g., image information) acquired, the information processing apparatus 100 using secret key information for the additional electronic data is encrypted, and encrypted electronic data transmission. 如此,可以确保电子数据的高级别的可靠性。 Thus, it is possible to ensure a high level of reliability of electronic data. 具体来说,通过接收加密的电子数据,信息处理设备可以通过对电子数据进行解密来指定传输了电子数据的信息处理设备,因此,电子数据的可靠性得到改善。 Specifically, by receiving the encrypted electronic data, the information processing apparatus may be specified by electronic data processing apparatus decrypts the information transmitted electronic data, and therefore, the reliability of the electronic data is improved. 通过接收加密的电子数据,信息处理设备不仅可以通过对电子数据进行解密来指定传输了电子数据的信息处理设备,而且还可以指定传输了电子数据的操作员,以及检查电子数据的窜改情况,并证实电子数据的获取时间(读取时间或接收时间)。 By receiving the encrypted electronic data, the information processing apparatus not only can be specified by the electronic data decrypting transmitted information processing apparatus electronic data, but can also specify the transmitted operator electronic data, and checking tampering case of electronic data, and confirmed electronic data acquisition time (reading time or receiving time). 结果,电子数据的可靠性进一步得到改善。 As a result, the reliability of the electronic data further improved. 信息处理设备IOO(图像扫描仪IOOA、 PC IOOB、服务器IOOC、 服务器IOOD,以及服务器IOOE)将设备信息、时间信息、身份验证信息等等中的至少一个附加到获取的电子数据(例如,图像信息), 并生成附加了信息的电子数据的散列值,然后,信息处理设备100利用机密密钥对散列值进行加密,并传输附加了加密的散列值和信息的电子数据。 The IOO information processing apparatus (image scanner IOOA, PC IOOB, IOOC server, server IOOD, and a server IOOE) the device information, time information, authentication information, etc. acquired at least one electronic data attached to (e.g., image information ), and generates a hash value appended to the electronic data, and then, the information processing apparatus 100 using the secret key to encrypt the hash value, and the transmission of additional encrypted electronic information data and a hash value. 如此,可以确保电子数据的高级别的可靠性。 Thus, it is possible to ensure a high level of reliability of electronic data. 具体来说, 通过接收加密的散列值和电子数据,信息处理设备可以通过对散列值进行解密,以生成接收到的电子数据的散列值,以及对比解密的散列值和生成的散列值,来指定传输了电子数据的信息处理设备。 Specifically, the encrypted hash value and the received electronic data, the information processing apparatus can decrypt the hash value of the hash, the hash value to generate the received electronic data, and generates a comparative hash value and the decrypted column values ​​to specify the information processing apparatus transmitted electronic data. 因此, 电子数据的可靠性进一步得到改善。 Thus, the reliability of the electronic data further improved. 通过接收加密的散列值和电子数据,信息处理设备不仅可以指定传输了电子数据的信息处理设备,而且还可以指定传输了电子数据的信息处理设备的操作员以及检查电子数据的寧改情况,并证实电子数据的采集时间(读取时间或接收时17间)。 By receiving the hash value and the encrypted electronic data, the information processing apparatus can specify not only the information processing apparatus transmitted electronic data, and can also specify a transmission operator information processing apparatus and checking electronic data rather change the electronic data, and confirmed electronic data acquisition time (read time is received or 17). 因此,电子数据的可靠性进一步得到改善。 Thus, the reliability of the electronic data further improved. 除了上文所描述的本实施例,在所附的权利要求的技术范围内, 可以以各种其他实施例来实现本发明。 In addition to the above-described embodiments according to the present embodiment, within the technical scope of the appended claims, embodiments may be implemented in various other embodiments of the present invention. 例如,在本实施例中所描述的过程中,被描述为自动地执行的所有或部分过程也可以手动执行,被描述为手动执行的所有或部分过程也可以利用已知方法自动地执行。 For example, the process described in the present embodiment, the described process for all or part of the automatic execution may also be performed manually, is described as manually performed may be all or part of the processes performed automatically using known methods. 除非另作说明,可以任意地更改在上面的文档和附图中所描述的处理过程、控制过程的参数,特定名称、各种注册数据、搜索条件等等,图像示例以及数据库配置。 Unless otherwise specified, the processing can be arbitrarily changed in the above documents and depicted in the figures, the parameter control procedure, specific name, various registered data, the search conditions and the like, and example of an image configuration database. 附图的組件是功能性和概念性的,不一定必须在物理上如所显示的那样配置。 Assembly drawings are functional and conceptual, and need not necessarily be arranged as shown as physically. 例如,由控制设备的单元或由多个设备提供的处理功能的全部或任意某些部分可以由CPU (中央处理单元)或由CPU解释和执行的程序来实现,或者处理功能也可以作为具有布线逻辑的硬件来实现。 For example, the CPU may be implemented by a program interpreted and executed by any or all of the control device or unit processing capabilities provided by certain portions of the plurality of devices by a CPU (Central Processing Unit) or, or processing functions may also be used as a wiring logic hardware. 程序存储在下面将描述的记录介质中,而控制i殳备则根据需要以机械方式读取程序。 A program stored in the recording medium will be described below, the apparatus is controlled Shu i mechanically reads the program as needed. 在诸如ROM或HD之类的存储设备中,记录了计算机程序, 该程序与OS (操作系统)协作,并向CPU发出命令以执行各种进程。 In the storage device such as a ROM or the like in HD, recorded a computer program, the program with the OS (operating system) collaboration, issue commands to the CPU to perform various processes. 计算机程序是通过加载到RAM等等中来执行的,计算机程序与CPU协作,并构成了控制设备。 A computer program is executed by loading into RAM and the like, the computer program in collaboration with the CPU, and constitute a control device. 计算机程序也可以记录在通过任意网络连接的应用程序服务器中,可以根据需要下载全部或一部分计算机程序。 The computer program may be recorded in an application server connected via any network can download all or part of a computer program as needed. 本发明的程序可以存储在计算机可读取的记录介质中。 Program of the present invention may be stored in a computer-readable recording medium in. "记录介质"包括任意"可移动的物理介质",如软盘、磁光盘、ROM、 EPROM、 EEPROM、 CD-ROM、 MO、 DVD,任意"固定物理介质",如安装在各种计算机系统上的ROM、 RAM、 HD,短期内保存了程序的"通信介质",如当通过由LAN、 WAN以及因特网代表的网络传输程序时的通信线路和载波。 "Recording medium" includes any "movable physical medium" such as flexible disk, magneto-optical disk, ROM, EPROM, EEPROM, CD-ROM, MO, DVD, any "fixed physical medium", as installed on a variety of computer systems ROM, RAM, HD, short-term preservation of the "communication medium" program, such as when the communication line by the network transmission time and program carrier LAN, WAN and the Internet represents. "程序,,是以任意语言或描述方法描述的数据处理方法,程序可以是任何格式,如以源代码或以二进制代码形式存在。"程序"不一定仅限于单一配置,而可以包括与多个模块或库混合的配置的程序,以及通过与以OS为代表的其他程序协作实现各个功能的程序。已知的配置和过程可以用于,如读取根据本实施例的每一个单元中的记录介质的特定配置,读取过程,以及读取之后的安装过程。多个设备的分布和集成的特定配置不仅限于附困中的配置,可以通过根据各种负栽等等以任意单元在功能上或物理上分布和集成来构成全部或某些配置。例如,每一个数据库都可以作为独立的数据库设备独立地构成, 一部分进程也可以通过CGI(公共网关接口)来实现。下面将参考图12描述构成了上文所描述的根据本实施例的图2的信息处理系统的设备之间转移电子数据( "Programs, is a data processing method described in any language or methods described herein, the program may be in any format, such as source code or in the form of binary code." Program "is not necessarily limited to a single configuration, but may comprise a plurality of program modules or libraries mixing configurations, as well as. known configurations and procedures may be used by other programs to cooperate with the OS as represented by programs that implement various functions, each recording unit of the present embodiment in accordance with the read specific configuration of the medium, the reading process, and the installation process after reading. specific configuration of distribution and integration of a plurality of attachment devices are not limited to difficulties in configuration may be adopted in arbitrary units according to various features like negative plant or physically distributed and integrated to form all or some configurations. for example, each database may be independently configured as a standalone database device, part of the process may be realized by a CGI (common gateway Interface). FIG. 12 will now be described with reference to constitute the above-described electronic data transfers between devices according to the information processing system according to the present embodiment of FIG. 2 ( 图像信息)的过程的一个示例。图12是说明了在构成了根据本实施例的信息处理系统的设备之间转移电子数据的过程的示例的示意图。如图12所示,图像扫描仪100A首先使用存储在TPM芯片10中的机密密钥,对读取的图像信息进行加密,创建加密数据Dl (步骤SB-1),并将加密数据Dl传输到PC100B (步骤SB-2)。从图像扫描仪100A接收到了加密数据Dl的PC 100B使用存储在TPM芯片145中的机密密钥对加密数据Dl进行加密,并创建加密数据D2 (步骤SB-3),并将加密数据D2传输到服务器100C (步骤SB-4)。从PC 100B接收到加密数据D2的服务器100C使用存储在TPM芯片15中的机密密钥对接收到的加密数据D2进行加密,并创建加密数据D3 (步骤SB-5),并将加密数据D3传输到服务器100D (参见图2)(步骤SB-6)。从服务器100C接收到加密数据D3的服务器100D使用存储在TPM芯片155中的机密密钥对接收到的加密数据D3进 One example of image information) of the process. FIG. 12 is a schematic diagram of an example of transferring electronic data between the device information processing system according to the present embodiment is constituted in the process. As shown, the image scanner 12 first IOOA using the secret key stored in the chip 10 TPM, the read image information is encrypted, the encrypted data created Dl (step SB-1), and to transfer the encrypted data Dl PC100B (step SB-2). from the image scanning apparatus 100A receives the encrypted data to the PC 100B Dl secret key stored in the TPM chip 145 encrypts the encrypted data Dl, D2 and create the encrypted data (step SB-3), and the encrypted data D2 to the server 100C ( step SB-4). PC 100B received from the encrypted data D2 to the server 100C using the storage key to encrypt data D2 received in the TPM chip 15 in encrypted confidential, and create the encrypted data D3 (step SB-5), and transmitting the encrypted data D3 to the server 100D (step SB-6) (see FIG. 2). 100C received from the server the encrypted secret key to encrypt data D3 data server 100D D3 stored in the TPM chip 155 is received enter 加密,并创建加密数据D4,然后,服务器100D将加密数据D4传输到服务器100E (参见图2)。从服务器100D接收到加密数据D4的服务器100E连续地对加密数据D4进行解密。如此,可以确认通过哪一个路由传输图像信息,也可以指定首先传输数据的设备(输入了图像信息的图像扫描仪100A)。下面将参考图13描述构成了上文所描述的根据本实施例的图2的信息处理系统的设备之间转移电子数据(图像信息)的过程的一个示例,图13是在构成了根据本实施例的信息处理系统的设备之间转移电子数据的过程的一个示例的图。 Encryption, and create the encrypted data D4, and then, the server 100D encrypted data D4 to the server 100E (see FIG. 2) received from the server 100D to the encrypted data D4 server 100E continuously encrypted data D4 is decrypted. Thus, it was confirmed that a transmission route through which the image information can be specified first data transmission device (image scanner input image information 100A). described with reference to FIG configuration information according to the embodiment of FIG. 2 according to the present embodiment described above below 13 an example of the process of transferring electronic data (image information) between the device processing system, FIG. 13 is a configuration showing one example of a process of transferring electronic data between the device information processing system according to the present embodiment. 如图13所示,图像扫描仪100A首先提取读取的困像信息的散列值,并将提取的散列值附加到图像信息中,以创建图像文件Fl (步骤SC-1),图像扫描仪100A使用存储在TPM芯片10中的机密密钥对创建的图像文件Fl进行加密,以创建加密数据Dl (步骤SC-2),并将加密数据Dl传输到PC 100B (步骤SC-3)。 As shown, the image scanner 13 100A trapped first extracted image information read hash value and the hash value to the extracted image information, to create an image file Fl (step SC-1), image scanning 100A instrument using the secret key stored in the TPM chip 10 to create the image file Fl is encrypted to create an encrypted data Dl (step SC-2), and to transfer the encrypted data Dl PC 100B (step SC-3). 换句话说,图像扫描仪100A通过组合加密和电子签名来传输数据。 In other words, the transmission data image scanner 100A signature by a combination of encryption and electronic. 从图像扫描仪100A接收到了加密数据Dl的PC 100B使用存储在TPM芯片145中的机密密钥对接收到的加密数据Dl进行加密,并创建加密数据D2 (步骤SC-4),并将加密数据D2传输到服务器100C (步骤SC-5)。 Dl encrypted data received from the image scanner 100A to the encrypted data to PC 100B Dl secret key stored in the TPM chip 145 abutting received is encrypted, the encrypted data and creates D2 (step SC-4), and the encrypted data D2 to the server 100C (step SC-5). 从PC 100B接收到加密数据D2的服务器100C使用存储在TPM芯片155中的机密密钥对接收到的加密数据D2进行加密, 并创建加密数据D3 (步骤SC-6),并将加密数据D3传输到服务器100D (参见图2)(步骤SC-7)。 PC 100B received from the encrypted data D2 to the encrypted secret key data server 100C D2 stored in the TPM chip 155 is received encrypted, and create the encrypted data D3 (step SC-6), and the encrypted transmission data D3 100D to the server (see FIG. 2) (step SC-7). 从服务器100C接收到加密数据D3的服务器100D使用存储在TPM芯片155中的机密密钥对接收到的加密数据D3进行加密,并创建加密数据D4,然后,服务器IOOD将加密数据D4传输到服务器100E (参见图2)。 Secret key encrypted data server 100D docking D3 stored in the TPM chip 155 is received D3, the encryption server receives the encrypted data from 100C, and creates the encrypted data D4, and then, the encrypted data D4 IOOD server to the server 100E (see FIG. 2). 从服务器100D接收到加密数据D4的服务器100E连续地对加密数据D4进行解密。 Received from the server to the encrypted data D4 100D 100E server successively decrypts the encrypted data D4. 如此,可以确认通过哪一个路由传输图像信息,也可以指定首先传输数据的设备(输入了图像信息的图像扫描仪100A)。 Thus, it was confirmed that a transmission route through which the image information can be specified first data transmission device (image scanner 100A input image information). 通过提取解密的图像信息的散列值并比较提取的散列值和解密的散列值,可以确认是否窜改了图像信息。 A hash value by decrypting image information extracted and compares the extracted hash value and the decrypted hash value, it is possible to confirm whether falsification of image information. 下面将参考图14描述构成了根据本实施例的图2的信息处理系统的设备之间转移电子数据(图像信息)的过程的一个示例。 Will now be described with reference to FIG. 14 constitute an example of a process of electronic data (image information) is transferred between devices in an information processing system of the present embodiment in FIG. 2 of the embodiment. 图12 是在构成了根据本实施例的信息处理系统的设备之间转移电子数据的过程的一个示例的图。 FIG 12 is a configuration diagram of one example of a process of transferring electronic data between the device information processing system according to the present embodiment. 如图14所示,图像扫描仪100A首先提取读取的图像信息(步骤SD-1)的散列值。 As shown, the image scanner 14 100A read image information is first extracted (Step SD-1) hash value. 然后,图像扫描仪100A使用存储在TPM芯片10中的机密密钥,对提取的散列值进行加密,创建加密数据Dl (步骤SD-2),并将加密数据Dl和图像信息传输到PC100B(步骤SD-3)。 Then, the image scanner 100A with the secret key stored in the TPM chip 10, the extracted hash value is encrypted, the encrypted data created Dl (Step SD-2), and the encrypted data Dl and the image information to PC100B ( step SD-3). 换句话说,图像扫描仪100A通过电子签名来传输数据。 In other words, the image scanner 100A transmits data using an electronic signature. 从图像扫描仪100A接收到了加密数据Dl和图像信息的PC 100B使用存储在TPM芯片145中的机密密钥对加密数据Dl进行加密,并创建加密数据D2 (步骤SD-4),并将加密数据D2和图像信息传输到服务器100C (步骤SD-5)。 Secret key received from the image scanner 100A to the encrypted data Dl and the image information stored in PC 100B TPM chip 145 encrypts the encrypted data Dl, and create the encrypted data D2 (step SD-4), and the encrypted data and image information D2 to the server 100C (step SD-5). 接收到加密数据D2和图像信息的服务器100C使用存储在TPM芯片155中的机密密钥对接收到的加密数据D2进行加密, 并创建加密数据D3 (步骤SD-6),并将加密数据D3和图像信息传输到服务器100D (参见图2)(步骤SD-7)。 Receiving the encrypted data D2 docking encrypted secret key data D2 and server 100C using the stored image information is received in the TPM chip 155 is encrypted and the encrypted data D3 creates (step SD-6), and the encrypted data D3 the image information is transmitted to the server 100D (see FIG. 2) (step SD-7). 从服务器100C接收到加密数据D3和图像信息的服务器100D对存储在TPM芯片155中的机密密钥进行加密,并创建加密数据D4,然后,服务器100D将加密数据D4和图像信息传输到服务器100E (参见图2)。 100C for server receives the server 100D and the encrypted data D3 from the image information on the secret key stored in the TPM chip 155 is encrypted and the encrypted data D4 created, then the server 100D and the image data D4 to the encrypted information to the server 100E ( Referring to FIG. 2). 从服务器100D接收到加密数据D4和图像信息的服务器100E连续地对加密数据D4进行解密。 Received from the server to the encrypted data D4 100D and 100E image information server continuously decrypting the encrypted data D4. 如此,可以确认通过哪一个路由传输图像信息,也可以指定首先传输数据的设备(输入了困像信息的图像扫描仪100A)。 Thus, it was confirmed that a transmission route through which the image information can be specified first data transmission device (image scanner 100A input image information trapped). 通过提取图像信息的散列值并比较提取的散列值和解密的散列值,可以确认是否窜改了图像信息。 And comparing the hash value extracted by the image information extracted hash value and the decrypted hash value, it is possible to confirm whether falsification of image information. 与示例2相比,示例3可以缩短加密所需的处理时间。 Compared with Example 2, Example 3 can shorten the processing time required for encryption. 下面将参考图15描述构成了根据本实施例的图2的信息处理21系统的设备之间转移电子数据(图像信息)的过程的一个示例。 Will now be described with reference to FIG. 15 constitute an example of a process of transferring electronic data (image information) between the device 21 according to the present embodiment of the system of FIG. 2 embodiment of information processing. 图15 是在构成了根据本实施例的信息处理系统的设备之间转移电子数据的过程的一个示例的图。 FIG 15 is a configuration diagram of one example of a process of transferring electronic data between the device information processing system according to the present embodiment. 如图15所示,图像扫描仪100A将获取的时间信息,在执行单个身份验证时记录的身份验证信息,以及由TPM芯片10收集的设备信息中的至少一个附加到读取的图像信息中,并创建图像文件Fl,然后,图像扫描仪100A提取创建的图像文件Fl的散列值, 并进一步将提取的散列值附加到图像文件Fl中(步骤SE-1)。 As shown, the time information of the image scanner 100A acquired, recorded at a single authentication performing authentication information 15, and the device information collected by the TPM chip 10 is attached to at least one of the read image information, and create an image file Fl, and then, the image scanner 100A extracts a hash value created image file Fl and further the extracted hash value to the image file Fl (step SE-1). 然后,图像扫描仪100A使用存储在TPM芯片10中的机密密钥, 对进一步附加了散列值的图像文件Fl进行加密,创建加密数据Dl(步骤SE-2),并将加密数据Dl传输到PC100B (步骤SE-3)。 Then, the image scanner 100A with the secret key stored in the TPM chip 10, is further attached to the image file Fl is encrypted hash value, to create the encrypted data Dl (step SE-2), and to transfer the encrypted data Dl PC100B (step SE-3). 换句话说,图像扫描仪100A通过组合加密和电子签名来传输数据。 In other words, the transmission data image scanner 100A signature by a combination of encryption and electronic. 从图像扫描仪100A接收到加密数据Dl的PC 100B将获取的时间信息,在执行单个身份验证时记录的身份验证信息,以及由TPM芯片145收集的设备信息中的至少一个附加到接收到的加密数据Dl中,以创建图像文件F2,然后,PC100B提取创建的图像文件F2的散列值,并进一步将提取的散列值附加到图像文件F2中(步骤SE-4)。 Image scanner 100A receiving the time information is the encrypted data of Dl PC 100B acquired from the recorded when performing a single authentication the authentication information and device information collected by the TPM chip 145 is at least one additional to the received encrypted Dl data in order to create an image file F2, then, PC100B extracts the image file F2 is created hash value, and further the extracted hash value to the image file F2 (step SE-4). 然后,PC 100B使用存储在TPM芯片145中的机密密钥对进一步附加了散列值的图像文件F2进行加密,并创建加密数据D2 (步骤SE- 5),并将加密数据D2传输到服务器100C(步骤SE-6)。 Then, the secret key stored in the PC 100B TPM chip 145 is further attached to the image file F2 is encrypted hash value, and creates the encrypted data D2 (step SE- 5), and the encrypted data D2 to the server 100C (step SE-6). 换句话说,PC100B通过组合加密和电子签名来传输数据。 In other words, PC100B to transmit data by a combination of encryption and electronic signatures. 从PC 100B接收到加密数据D2的服务器100C将获取的时间信息,在执行单个身份验证时记录的身份验证信息,以及由TPM 芯片155收集的设备信息中的至少一个附加到接收到的加密数据D2中,以创建图像文件F3,然后,服务器100C提取创建的图像文件F3的散列值,并进一步将提取的散列值附加到图像文件F3中(步骤SE-7)。 Encrypted data received from the PC 100B to the time information of the encrypted data server 100C D2 is acquired, the authentication information recorded when performing a single authentication and device information collected by the TPM chip 155 is at least one additional to received D2 in order to create an image file F3, and then, extracts the hash value server 100C created image file F3, and further the extracted hash value to the image file F3 (step SE-7). 然后,服务器100C使用存储在TPM芯片155中的机密密钥对进一步附加了散列值的图像文件F3进行加密,并创建加密数据D3 (步骤SE-8),并将加密数据D3传输到服务器100D (参见图2)(步骤SE-9)。 Then, the server 100C using the secret key stored in the TPM chip 155 is further attached to the image file F3 is encrypted hash value, and create the encrypted data D3 (step SE-8), and the encrypted data D3 to the server 100D (see FIG. 2) (step SE-9). 换句话说,服务器100C通过组合加密和电子签名来传输数据。 In other words, the server 100C by a combination of encryption and electronic signature to the transmission data. 从服务器100C接收了加密数据D3的服务器100D将获取的时间信息,在执行单个身份验证时记录的身份验证信息,以及由TPM芯片155收集的设备信息中的至少一个附加到接收到的加密数据3,以创建图像文件F4。 100C receives the time information of encrypted data server 100D D3 is acquired from the server, recorded in the implementation of a single authentication the authentication information and device information collected by the TPM chip 155 is at least one additional to the received encrypted data 3 to create an image file F4. 然后,服务器100D提取创建的图像文件F4的散列值,并进一步将提取的散列值附加到图像文件F4, 服务器100D使用存储在TPM芯片155中的机密密钥对进一步附加了散列值的图像文件F4进行加密,以创建加密数据D4,并将加密数据D4传输到服务器100E (参见图2)。 Then, the server 100D extract image files created hash value for the F4 and further extracted hash value is appended to the image file F4, the server 100D using the secret key stored in the TPM chip 155 for further additional hash values encrypting the image file F4, D4 to create the encrypted data, the encrypted data D4 to the server 100E (see FIG. 2). 换句话说,服务器100D通过组合加密和电子签名来传输数据。 In other words, the transmission data server 100D by a combination of encryption and signature electronics. 从服务器100D接收到加密数据D4的服务器100E连续地对加密数据D4进行解密。 Received from the server to the encrypted data D4 100D 100E server successively decrypts the encrypted data D4. 如此,可以确认通过哪一个路由传输图像信息,也可以指定首先传输数据的设备(输入了图像信息的图像扫描仪100A)。 Thus, it was confirmed that a transmission route through which the image information can be specified first data transmission device (image scanner 100A input image information). 可以识别设备的信息和穿过设备的信息的时间,也可以指定设备的操作员。 Time information may be information identifying the device and through the apparatus, the operator can specify the device. 通过提取解密的数据的散列值并比较提取的散列值和附加的散列值,也可以确认在传输过程中是否窜改了数据。 Hash value by decrypting the extracted data and the extracted hash values ​​and the comparative hash value additionally, can be confirmed whether or not tampered during transmission of data. 如上文所描述的,根据本发明的实施例,获取电子数据,芯片收集设备信息,设备信息被附加到电子数据(例如,图像信息),利用机密密钥对附加了设备信息的电子数据进行加密,因此,本发明实现了成功的结果,如,确保电子数据(例如,图4象信息)的高级别的可靠性。 As described above, according to the embodiment of the present invention, access to electronic data, the chip collecting device information, device information is added to the electronic data (e.g., image information), using a secret key of the additional information of electronic data encrypting Therefore, the present invention achieves a successful outcome, e.g., to ensure that the electronic data (e.g., image information in FIG. 4) of the high levels of reliability. 此外,根据本发明的实施例,获取电子数据,芯片收集设备信息, 设备信息被附加到电子数据(例如,图像信息),生成附加了设备信息的电子数据的散列值,利用机密密钥对散列值进行加密,因此,本发明实现了成功的结果,如,确保电子数据(例如,图像信息)的高级别的可靠性。 Further, according to embodiments of the present invention, access to electronic data, the chip collecting device information, device information is added to the electronic data (e.g., image information), to generate additional data hash value of the electronic information apparatus, using secret key encrypting the hash value, therefore, the present invention achieves a successful outcome, e.g., to ensure that the electronic data (e.g., image information) of the high levels of reliability. 虽然是参考特定实施例描述本发明的,以保证提供完整而清晰的说明,但是,不对所附的权利要求作如此的限制,而应理解为实现了所有修改和备选的结构,如那些本领域技术人员所知道的,也在这里所阐述的基本原理的范围内。 Although described with reference to particular embodiments of the present invention, in order to ensure a complete and clear description, but not as claimed in the appended claims so limited, but should be construed as embodying all modifications and alternative structures, such as those of those skilled in the know, here are the basic principles set forth within the range.

Claims (14)

1.一种信息处理设备,包括: 获取电子数据的数据获取单元; 抗窜改芯片,包括存储设备特定的机密密钥的存储单元;以及收集设备信息的收集单元,所述设备信息是设备的内部信息; 将收集的设备信息附加到获取的电子数据中的附加单元;以及使用机密密钥对附加了设备信息的电子数据进行加密的加密单元。 And a collection device internal information collection unit, the device information is device; acquiring data of the electronic data acquisition unit; tamper-resistant chip, comprising a storage unit for storing a device-specific secret key: 1. An information processing apparatus, comprising information; the collected device information attachment unit attached to the electronic data acquired; and using a secret key for additional information of electronic encryption unit encrypting data.
2. 根据权利要求1所述的信息处理设备,进一步包括: 下列各项中的至少一个生成散列值的生成单元;从执行时间验证的信息通信终端获取时间信息的时间获取单元;以及对用户执行单个身份验证的身份验证单元,其中附加单元进一步附加生成的散列值、获取的时间信息以及在执行单个身份验证时记录的用户的身份验证信息中的至少一个,以及加密单元使用机密密钥,利用散列值、时间信息以及进一步附加的身份验证信息中的至少一个,对电子数据进行加密。 The information processing apparatus according to claim 1, further comprising: at least one generating unit generating a hash value of the following; acquiring time information from the execution time of authentication information communication terminal time acquisition unit; and user at least one of authentication and encryption unit performs individual authentication unit, wherein the additional unit is further additionally generated hash value, and the identity of the user acquired time information recorded in the authentication when performing individual authentication information with the secret key , using a hash value, the time information and further additional authentication information in at least one of the electronic data is encrypted.
3. 根据权利要求1所述的信息处理设备,进一步包括: 传输信息的传输单元。 The information processing apparatus according to claim 1, further comprising: a transmission unit transmitting information.
4. 根据权利要求1所述的信息处理设备,进一步包括: 对加密的信息进行解密的解密单元。 The information processing apparatus according to claim 1, further comprising: decrypting the encrypted information decryption unit.
5. 根据权利要求1所述的信息处理设备,其中: 设备信息包括下列各项中的至少一个: 设备特定信息,这是设备所特有的信息;操作状态信息,这是关于在获取电子数据时设备的操作状态的信息;网络信息,这是关于网络的信息;以及外围设备信息,这是关于连接的外围设备的信息, The information processing apparatus according to claim 1, wherein: the device information includes at least one of the following: the device specific information, which is information unique to the device; operation state information, which is acquired when the electronic data about the state information of the operation device; network information, which is information about the network; and a peripheral device information, which is information on a peripheral device connected,
6. 根据权利要求1所述的信息处理设备,其中: 电子数据是图像数据。 The information processing apparatus according to claim 1, wherein: the electronic data is image data.
7. —种信息处理i殳备,包括: 获取电子数据的数据获取单元; 抗窜改芯片,包括存储设备特定的机密密钥的存储单元;以及收集设备信息的收集单元,所述设备信息是设备的内部信息;将收集的设备信息附加到获取的电子数据中的附加单元; 生成附加了设备信息的电子数据的散列值的生成单元;以及使用机密密钥对生成的散列值进行加密的加密单元。 7. - i Shu information processing apparatus, comprising: acquiring data of the electronic data acquisition unit; tamper-resistant chip, comprising a storage device-specific secret key storage unit; and a collecting unit collecting device information, the device information is a device internal information; the collected device information attachment unit attached to the electronic data acquired; generating appended hash value generation unit of information of electronic transactions; and the hash value with the secret key generated by encrypting encrypting unit.
8. 根据权利要求7所述的信息处理设备,进一步包括: 下列各项中的至少一个从执行时间验证的信息通信终端获取时间信息的时间获取单元;以及对用户执行单个身份验证的身份验证单元,其中附加单元进一步附加获取的时间倌息和在执行单个身份验证时记录的用户的身份验证信息中的至少一个,以及生成单元利用时间信息和进一步附加的身份验证信息中的至少一个生成电子数据的散列值。 8. The information processing apparatus according to claim 7, further comprising: at least one acquisition unit acquiring time information from the execution time of the verification of the following information communication terminal; and a single authentication unit performs authentication of the user , wherein the attachment unit is further additional acquisition time groom information and the identity of the user recorded at the time of performing a single authentication verification information in at least one, and generating means using the time information and the further additional authentication least one generation information electronic data the hash value.
9. 根据权利要求7所述的信息处理设备,进一步包括: 传输信息的传输单元。 9. The information processing apparatus according to claim 7, further comprising: a transmission unit transmitting information.
10. 根据权利要求7所述的信息处理设备,进一步包括: 对加密的信息进行解密的解密单元。 10. The information processing apparatus according to claim 7, further comprising: decrypting the encrypted information decryption unit.
11. 根据权利要求7所述的信息处理设备,其中: 设备信息包括下列各项中的至少一个设备特定信息,这是设备所特有的信息;搮作状态信息,这是关于在获取电子数据时设备的操作状态的信息;网络信息,这是关于网络的信息;以及外围设备信息,这是关于连接的外围设备的信息。 11. The information processing apparatus according to claim 7, wherein: the device information includes device specific information at least one of the following, which is information unique to the device; Li as status information, which is acquired when the electronic data about the state information of the operation device; network information, which is information about the network; and a peripheral device information, which is information on a peripheral device connected.
12. 根据权利要求7所述的信息处理设备,其中: 电子数据是图像数据。 12. The information processing apparatus according to claim 7, wherein: the electronic data is image data.
13. —种信息处理方法,包括: 获取电子数据;在存储了设备特定的机密密钥的抗寧改芯片中收集设备信息,所述设备信息是设备的内部信息;将收集的设备信息附加到获取的电子数据中;以及使用机密密钥对附加了设备信息的电子数据进行加密。 13. - information processing method, comprising: acquiring electronic data; collecting information in the storage device rather change the anti-chip device specific secret key, the information of the device is an internal device information; device attached to the collected information electronic data acquired; and the additional information of electronic data encrypted with the secret key.
14. 一种信息处理方法,包括:获取电子数据;在存储了设备特定的机密密钥的抗窣改芯片中收集设备信息,所述设备信息是设备的内部信息;将收集的设备信息附加到获取的电子数据中; 生成附加了设备信息的电子数据的散列值;以及使用机密密钥对生成的散列值进行加密。 14. An information processing method comprising: acquiring electronic data; internal information stored in the information collecting device chip modified anti dart device specific secret key, the device is a device information; device attached to the collected information electronic data acquired; generating a hash value added information of electronic transactions; and using the secret key to encrypt the generated hash value.
CN 200710002065 2006-01-18 2007-01-18 Method and apparatus for processing information, and computer program product CN100476847C (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
JP2006010355 2006-01-18
JP2006-010355 2006-01-18
JP2006-158719 2006-06-07

Publications (2)

Publication Number Publication Date
CN101004772A CN101004772A (en) 2007-07-25
CN100476847C true CN100476847C (en) 2009-04-08

Family

ID=38703904

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 200710002065 CN100476847C (en) 2006-01-18 2007-01-18 Method and apparatus for processing information, and computer program product

Country Status (2)

Country Link
JP (1) JP2012003775A (en)
CN (1) CN100476847C (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101369889B (en) 2007-08-13 2010-12-22 兆日科技(深圳)有限公司 Method for electronic endorsement of document
JP5644194B2 (en) * 2010-06-10 2014-12-24 株式会社リコー Information protection device and information protection program
CA2868231A1 (en) * 2012-03-23 2013-09-26 Ambient Corporation Offline authentication with embedded authorization attributes
CN104796574A (en) * 2015-03-10 2015-07-22 深圳市万澜德文化科技有限公司 An examination paper scanner and a scanning method thereof

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1252567A (en) 1998-10-23 2000-05-10 国际商业机器公司 Embedded information detecting method and system
CN1416067A (en) 2002-10-15 2003-05-07 杭州海康威视数字技术有限公司 Circuit of integrated configuration information with encrypting function
CN1547344A (en) 2003-12-17 2004-11-17 上海市高级人民法院 Method of applying timestamp in remote signature system
CN1561025A (en) 2004-03-03 2005-01-05 北京北大方正电子有限公司 Method of binding digital contents and hardware with hardward adaptive
CN1717893A (en) 2002-10-28 2006-01-04 诺基亚有限公司 Device keys

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP3153222B2 (en) * 1990-05-11 2001-04-03 株式会社リコー Facsimile machine
JP4764536B2 (en) * 1998-11-17 2011-09-07 株式会社リコー Image measurement equipment
JP2002009762A (en) * 2000-06-26 2002-01-11 Sony Corp Information processing system, information processing method, and information processing apparatus, and program providing medium
JP2002271772A (en) * 2001-03-09 2002-09-20 Sony Corp Information processing system and method, recording medium, and program
JP2002352028A (en) * 2001-05-28 2002-12-06 Nippon Telegr & Teleph Corp <Ntt> Method, system, and device for distributing contents
JP2004046606A (en) * 2002-07-12 2004-02-12 Nec Corp Software authentication server, its proxy system, proxy method for authenticating software, and its program
US7200758B2 (en) * 2002-10-09 2007-04-03 Intel Corporation Encapsulation of a TCPA trusted platform module functionality within a server management coprocessor subsystem
JP2005236517A (en) * 2004-02-18 2005-09-02 Sony Corp Imaging apparatus, data processor and processing method
JP2005286884A (en) * 2004-03-30 2005-10-13 Canon Inc Image reading device and image reading system
JP2005295274A (en) * 2004-03-31 2005-10-20 Toshiba Solutions Corp Method and system for handling digital information data, and portable terminal with digital camera used for digital information data handling system
JP4847221B2 (en) * 2006-01-18 2011-12-28 富士通株式会社 The information processing apparatus, information processing method and program

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1252567A (en) 1998-10-23 2000-05-10 国际商业机器公司 Embedded information detecting method and system
CN1416067A (en) 2002-10-15 2003-05-07 杭州海康威视数字技术有限公司 Circuit of integrated configuration information with encrypting function
CN1717893A (en) 2002-10-28 2006-01-04 诺基亚有限公司 Device keys
CN1547344A (en) 2003-12-17 2004-11-17 上海市高级人民法院 Method of applying timestamp in remote signature system
CN1561025A (en) 2004-03-03 2005-01-05 北京北大方正电子有限公司 Method of binding digital contents and hardware with hardward adaptive

Also Published As

Publication number Publication date
CN101004772A (en) 2007-07-25
JP2012003775A (en) 2012-01-05

Similar Documents

Publication Publication Date Title
JP3218017B2 (en) File printing method, a network system, computer system, file server and print server
RU2147790C1 (en) Method for transferring software license to hardware unit
US8656166B2 (en) Storage and authentication of data transactions
EP0875814B1 (en) Information processing apparatus and method and recording medium for executing programs having been encrypted using public keys
CN1697367B (en) A method and system for recovering password protected private data via a communication network without exposing the private data
KR101362380B1 (en) Method and device for Digital Rights Management
US7382487B2 (en) Printing system and method restricting functions of printers, usable by each user
KR101009126B1 (en) Revocation of a certificate and exclusion of other principals in a digital rights managementdrm system based on a revocation list from a delegated revocation authority
US7155616B1 (en) Computer network comprising network authentication facilities implemented in a disk drive
CN101395624B (en) Verification of electronic signatures
JP4806235B2 (en) System and method for implementing a location privacy using the right management
US6282650B1 (en) Secure public digital watermark
US6895502B1 (en) Method and system for securely displaying and confirming request to perform operation on host computer
Kohl et al. The evolution of the Kerberos authentication service
US7861079B2 (en) Method for securely creating an endorsement certificate in an insecure environment
CN1668002B (en) Encryption and data-protection for content on portable medium
US7376976B2 (en) Transcryption of digital content between content protection systems
US20010043702A1 (en) USB hub keypad
US7269844B2 (en) Secure IR communication between a keypad and a token
CN101019369B (en) Method of delivering direct proof private keys to devices using an on-line service
US20050166051A1 (en) System and method for certification of a secure platform
US6484259B1 (en) Methods and arrangements for mapping widely disparate portable tokens to a static machine concentric cryptographic environment
US20030005291A1 (en) Hardware token self enrollment process
EP1197828A1 (en) Remote printing of secure and/or authenticated documents
US8589676B2 (en) Communication system and method in public key infrastructure

Legal Events

Date Code Title Description
C06 Publication
C10 Entry into substantive examination
C14 Grant of patent or utility model
EXPY Termination of patent right or utility model