JP2003085046A - Secure electronic media management system, method, program and recording medium - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a secure electronic media management system for securing authenticity of electronic data preserved in various forms. SOLUTION: A data media registration request of a user is accepted by a request acceptance means 11, and data which are protection objects are acquired by a data acquiring means 14 from a data media M1 or a storage medium R1 through a network or from a data media mounted on this system or a storage medium inside the system. A security file for protecting the acquired data is created by a security file creating means 13, and recorded in an internal storage medium R2 in the system by a security file recording means 15. One or plural security files are collected to generate security information by a security information generation means 16. The security information is recorded in a security media M2 by a security information recording means 18. The processing result is noticed to a user by a response notification means 12.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a secure electronic media management system, method, program, and recording medium, and more particularly, to maintaining authenticity of electronic data and electronically managing the electronic data over a long period of time. The present invention relates to a secure electronic media management system and method for managing a security medium to be treated as a secure proof, a program for causing a computer to function as the system, and a computer-readable recording medium recording the program.

[0002]

2. Description of the Related Art With the advanced development of information systems, interest in security of electronic data is increasing. The word security is used in a broad sense, but in particular, technologies that ensure authenticity so that electronic data recorded on media can be treated as evidence and technologies that ensure preservation of data that can be stored for a long period of time It is also needed for realization. From the viewpoint of long-term storage of electronic data, it is well known that an optical disk is more suitable than a magnetic disk. Therefore, electronic data to be recorded in various information systems is finally recorded on the optical disk. Is increasing.

Techniques for recording electronic data as evidence include Japanese Patent Laid-Open No. 2000-285024, "Method and device for electronic storage for originality assurance", and Japanese Patent Laid-Open No. 2000-339223.
Japanese Patent Laid-Open No. 2001-0057, an originality assurance electronic storage method and a computer-readable recording medium in which a program for causing a computer to execute the method is recorded.
No. 28, "Originality assurance electronic storage device, originality assurance electronic storage method, and computer-readable recording medium in which a program for causing a computer to execute the method is recorded", Japanese Patent Laid-Open No. 2001-147898 "Originality assurance electronic storage" Method, apparatus and computer-readable recording medium ", Japanese Patent Laid-Open No. 10-283262," File system and program storage medium ", Oo et al .: Development of originality assurance electronic storage system-realization of basic functions-, Medic
al Imaging Technology, Vol.16, No.4, Proceedings o
f JAMIT Annual Meeting '98 (1998), Kanai et al .:
Originality Assurance Electronic Storage System Development-System Construction-, Medical Imaging Technology, Vol.16, No.4, Proce
edings of JAMIT Annual Meeting '98 (1998),
Kokubu and others: Development of electronic storage system for guaranteeing originality, (Special) Published by Information Processing Promotion Business Association Creative software training business and electronic commerce promotion business Final results presentation session Proceedings Creative software training business edition (199
8), Kanai: Originality assurance electronic storage system, Vo
L.34, No.8, Administration & ADP (1998).

The above-described technique receives electronic data to be left as evidence, performs a process such as calculating a falsification detection code on the electronic data, and the falsification detection code is recorded on an optical disc or the like together with the received electronic data. It is to record.

[0005]

In the case of these storage systems, in order to leave the electronic data already recorded on the optical disc as evidence, the electronic data is once read from the optical disc, and the electronic data is sent to the storage system. The storage system had to use a method of recording electronic data on a new optical disc together with the alteration detection code. In this case, although the electronic data was already recorded on the optical disk, it was necessary to perform a wasteful process of reading the electronic data and then recording the data again on the optical disk.

Further, assuming that electronic data is stored for a long period of time, the tampering detection code recorded on the optical disc by the storage system described above is relatively changed as the calculation ability of the surrounding system is improved. There was a problem that the strength was lowered. Of course, even in such a case, the tampering detection code may be replaced with a stronger one, but it is not realistic to recalculate the tampering detection code for each piece of electronic data on each optical disk. That is, there is a problem that it takes time to secure safety for a long time.

[0007] Further, as a technique that can be used to secure the authenticity of electronic data, a message authentication technique, an electronic signature technique (RSA digital signature PKCS # 1) and an electronic notarization technique (Surety Digital Notary service) are widely used. Are known. As a technique for ensuring the authenticity of electronic data to be stored by using these techniques, the above-mentioned Japanese Patent Laid-Open No.
-283262 and JP-A-2000-285024.
Japanese Patent Laid-Open No. 10-283264, "Data recording method on a plurality of recording media and correctness verification method of recorded contents", Japanese Patent Laid-Open No. 11-143361 "Electronic data storage device, storage system, and Storage method ", Japanese Patent Laid-Open No. 11-149413," Falsification prevention /
File management system with detection function "
Many are known, such as "Data Storage System" of 0-132459, "Electronic Data Storage Device with Key Management Function and Electronic Data Storage Method" of Japanese Patent Application Laid-Open No. 2000-181803.

However, all of these techniques can secure the authenticity of only electronic data stored in the system body which secures the authenticity.

The present invention has been made in view of the above-mentioned circumstances, so that the authenticity of electronic data can be maintained and the electronic data can be treated as electronic evidence while ensuring safety for a long period of time. It is an object of the present invention to provide a secure electronic media management system and method, a program for causing a computer to function as the system, and a computer-readable recording medium recording the program.

Further, the present invention verifies the authenticity of electronic data already recorded on an offline medium such as an optical disk by another system, electronic data received from the outside via a network, and further electronic data created inside the system. Secure electronic media management system, method, and program for causing a computer to function as the system, which maintain and handle electronic data as electronic evidence while ensuring safety over a long period of time An object of the present invention is to provide a computer-readable recording medium in which is recorded.

Furthermore, the present invention provides a secure electronic media management system, method, and further a secure electronic media management system, which is capable of appropriately maintaining the state of ensuring its authenticity when updating a security medium over a long period of time. Another object is to provide a program for causing a computer to function as, and a computer-readable recording medium recording the program.

Furthermore, the present invention is a secure electronic media management system, method, and further capable of confirming the relationship between a security medium and a data medium when creating a security medium based on an existing data medium. It is another object to provide a program for causing a computer to function as the system, and a computer-readable recording medium recording the program.

[0013]

According to a first aspect of the present invention, there is provided a secure electronic media management system for ensuring the authenticity of data, comprising a request receiving means for receiving a request from a user and target data. Data acquisition means for acquiring, security file creating means for creating a security file for protecting the data, security information creating means for creating security information by collecting one or more security files, and the security information It is characterized in that it comprises a security information recording means for recording on a security medium and a response notifying means for notifying a user of a processing result, and creates a security medium for ensuring the authenticity of data.

The invention of claim 2 is characterized in that, in the invention of claim 1, it further comprises data media creating means for creating data media by recording the data acquired by the data acquiring means in a data media. It is a thing.

According to a third aspect of the present invention, in the first or second aspect of the invention, a security information protection means for protecting the security information created by the security information creation means is further provided.

According to a fourth aspect of the present invention, in the invention according to any one of the first to third aspects, the target data protected by the security information created by the security information creating means and the security information recording means record the data. It is characterized by further comprising security media associating means for creating information for associating with the security media created by the above.

According to a fifth aspect of the present invention, in any one of the first to fourth aspects of the invention, the security file creating means protects the data by using notarized data obtained from the outside. It was done.

According to a sixth aspect of the present invention, in the invention according to any one of the first to fifth aspects, the security file creating means uses the plurality of electronic signatures generated by using the plurality of keys to use the data. It is characterized by protecting.

According to a seventh aspect of the present invention, there is provided a secure electronic media management system for ensuring the authenticity of data, wherein request reception means for receiving a request from a user and security information from a security medium to be updated are acquired. Security information acquisition means, security information updating means for updating the security information to new security information, security information recording means for recording the new security information on the security medium or new security medium, and notifying the user of the processing result. A response notification means is provided, and the security medium is updated.

According to the invention of claim 8, in the invention of claim 7, the security file is created by using a plurality of electronic signatures generated by using a plurality of keys for protecting data. The information updating means updates the security information by assuming that the verification of the security information is successful by successfully verifying at least one of the plurality of electronic signatures.

According to a ninth aspect of the present invention, there is provided a secure electronic media management system for ensuring the authenticity of data, comprising request receiving means for receiving a request from a user, and data acquiring means for obtaining target data. , A security file acquisition means for acquiring a security file from a security medium, a data authenticity verification means for verifying the authenticity of the data by the security file, and a response notification means for notifying a user of a processing result, It is characterized by verifying authenticity.

The invention of claim 10 is characterized in that, in the invention of claim 9, there is further provided a security file automatic discrimination means for automatically discriminating a security file corresponding to data to be verified from the security media. It is what

According to the invention of claim 11, in the invention of claim 9 or 10, when the security file is acquired by the security file acquisition means, the security information verification for verifying the authenticity of the security information recorded on the security medium is performed. It is characterized by further comprising means.

According to a twelfth aspect of the present invention, in the invention according to any one of the ninth to eleventh aspects, the target data protected by the security information created by the security information creating means and the security information recording means are created. A security medium search means for further providing a security media associating means for creating information for associating with a security medium, and for searching a security medium corresponding to the data from data to be verified based on the associating information created by the security media associating means It is characterized by further comprising means.

According to a thirteenth aspect of the present invention, in the invention according to any one of the ninth to twelfth aspects, the security is created by using a plurality of digital signatures generated by using a plurality of keys to protect data. With respect to the file, the data authenticity verification means is characterized in that the verification of the data is considered successful by succeeding in the verification of at least one digital signature of the plurality of digital signatures.

The invention of claim 14 is characterized in that the secure electronic media management system according to any one of claims 1 to 13 is provided with each means.

According to a fifteenth aspect of the present invention, there is provided a secure electronic media management method having a method for creating a security medium for ensuring the authenticity of data, which receives a security media creation request from a user and targets the data. To create a security file for protecting the acquired data, collect one or more created security files to create security information, and record the created security information on a security medium. It is characterized by notifying the processing result to.

According to a sixteenth aspect of the present invention, a secure electronic media management method including a method for updating a security medium for ensuring the authenticity of data, a security media update request from a user are accepted, and security is performed from the security medium to be updated. It is characterized in that information is acquired, the acquired security information is updated to new security information, the new security information is recorded in the security medium or the new security medium, and the processing result is notified to the user.

The invention of claim 17 is a secure electronic media management method including a method for verifying the authenticity of data, which receives a data verification request from a user, acquires target data, and secures a security file. It is characterized in that it is obtained from a medium, the authenticity of the obtained data is verified by the obtained security file, and the processing result is notified to the user.

The invention of claim 18 is a program for causing a computer to function as the secure electronic media management system according to any one of claims 1 to 14 or as each means of the system.

The invention according to claim 19 is a computer-readable recording medium in which the program according to claim 18 is recorded.

[0032]

1 and 2 are views for explaining a security media creation process in a secure electronic media management system according to an embodiment of the present invention. A secure electronic media management system (often abbreviated as this system) according to the present embodiment is a system for ensuring the authenticity of electronic data (hereinafter simply referred to as data). In this system, the process of creating a security medium for ensuring the authenticity of data includes a data media registration process and a security media creation process based on it.

In the data media registration processing, first, the request reception means 11 for receiving various processing requests from the user, such as a data media registration request and a security media creation request, receives a data media registration request from the user. (Step S1),
The data to be protected (data to be registered) is acquired by the data acquisition unit 14 (step S2). For example, it is acquired from the data medium M1 or the storage medium R1 via a network, or from the data medium M1 mounted in the present system or the storage medium R1 inside the present system. The security file creating means 13 creates a security file for protecting the acquired data (step S3). The created security file may actually be recorded in the internal storage medium R2 in this system by the security file recording means 15.

In the security media creation process, first, the security information creation means 16 creates one or more security files to create security information (step S4). In practice, the security file acquisition unit 17 acquires the corresponding one or more security files stored in the internal storage medium R2, and the security information creation unit 16 creates the security information. The security information recording means 18 transfers the security information to the security medium M.
2 is recorded (step S5). Further, the response notifying means 12 for notifying the user of various processing results notifies the user of the processing results (step S
6).

3 and 4 are diagrams for explaining the security media update process in the secure electronic media management system according to another embodiment of the present invention. The secure electronic media management system (hereinafter abbreviated as the present system) according to the present embodiment is a system for ensuring the authenticity of data. In this system, it is possible to execute security media update processing for ensuring the authenticity of data. For the sake of convenience, the request receiving means 11, the response notifying means 12, and the
Although the security information recording means 18 is incorporated in the description of the present embodiment, each corresponding means of this system may be provided as a means different from the system of FIG.

In the security media update processing in this system, when the request acceptance means 11 accepts a security media update request from the user (step S11), first, the security information acquisition means 20 updates the security information from the security medium M2 to be updated. Is acquired (step S12). The security information updating means 19 updates the security information with new security information (step S1).
3) The security information recording means 18 acquires the new security information from the security medium M from which the new security information is acquired.
2 or record on a new security medium (step S14). Further, the response notifying means 12 notifies the user of the processing result (step S15).

5 and 6 are views for explaining the data verification process in the secure electronic media management system according to another embodiment of the present invention. The secure electronic media management system (hereinafter abbreviated as the present system) according to the present embodiment is a system for ensuring the authenticity of data. In this system, it is possible to execute a data verification process for ensuring the authenticity of data. For the sake of convenience, the request accepting unit 11, the response notifying unit 12, the data acquiring unit 14 in FIG. 1 and the security information acquiring unit 20 in FIG. 3 are incorporated in the description of the present embodiment. It may be provided as a means different from the system of FIGS.

In the data verification processing of this system, when the request acceptance means 11 accepts a data verification request from the user (step S21), the target data and the security file are acquired (step S).
22, S23). The security file is acquired from the security medium M2 by the security file acquisition means (the security information acquisition means 20 actually acquires the security file in the security information). On the other hand, the target data is the data acquisition means 14
Get by. For example, it is acquired from the data medium M1 or the storage medium R1 via a network, or from the data medium M1 mounted in the present system or the storage medium R1 inside the present system. The data authenticity verification means 21 verifies the authenticity of the acquired data with the security file (step S24). Further, the response notifying means 12 notifies the user of the processing result (step S25).

FIG. 7 is a diagram showing a configuration example of a secure electronic media management system according to another embodiment of the present invention. The secure electronic media management system of the present embodiment is a system in which a plurality of systems of any of the above-described embodiments are combined. For example, when all are combined, at least the request acceptance unit 11, the response notification unit 12, the security file. Creating means 13,
Data acquisition means 14 and security file recording means 1
5, security information creation means 16, security file acquisition means 17, security information recording means 18, security information update means 19, security information acquisition means 20, data authenticity verification means 21.
It should be noted that detailed description of each means is omitted.

(Embodiment) FIG. 8 is a block diagram showing an embodiment of a secure electronic media management system according to the present invention.
In the figure, 30 is a secure electronic media management system (hereinafter abbreviated as the present system), 38 is an external device such as an end user terminal or a business server device connected to the present system 30 via a network (a general communication path is acceptable). System. The secure electronic media management system 30 includes a communication port 31 that is an interface unit for communicating with an external system 38 via a communication network, a cryptographic processing board 32 that verifies the electronic signature of a security file, and portable data. An optical disk drive 1 (34) as an example of a drive device for driving a storage medium,
Optical disk drive 2 (35), EEPROM, HD
An internal storage medium 36 such as D and a program storage medium 37 such as ROM and HDD are provided.

The communication port 31 is used to send and receive the above-mentioned data media registration processing, security media creation processing, security media update processing, data verification processing, and other instructions and notification of the processing results to and from the external system 38. It is a port.

The program storage medium 37 is a memory that stores various programs such as a main control program, an electronic media management program according to the present invention, and actually programs for causing the present system to function as the above-mentioned or later-described means. There is, for example, a rewritable EEPROM or a read-only ROM. The processor 33
The control device reads and executes various programs stored in the program storage medium 37. Internal storage medium 36
Is a memory such as an EEPROM that stores parameters necessary for executing various programs, and further stores a security file, a serial number, and the like.

Examples of the cryptographic processing board 32 include MISTYKEYPER manufactured by Mitsubishi Electric. Basically, a public key cryptography key pair can be generated inside the board, the key pair can be held inside the board, and a public key certificate issued externally to the key pair can be generated. It can be stored inside the board, the key can be used to execute cryptographic processing inside the board, and the generated private key cannot be read out to the outside, and the board itself has physical tamper resistance. Is supposed to have something like.

In the secure electronic media management system 30 in FIG. 8, a cryptographic processing board 32 for performing cryptographic processing is incorporated, and the cryptographic processing board 32 performs key generation, key storage, encryption, and decryption processing. A method in which the key generation program, the encryption program, the decryption program, and the like are stored in the storage medium 37 and the programs are executed by the processor 33 may be adopted. At this time, it is preferable that the private key of the public key pair generated by the key generation program or generated externally is safely stored inside the hardware using hardware such as the cryptographic processing board 32.

Before the system receives a request from the outside and performs various processes, the cryptographic processing board 32 has already internally generated a key pair of the public key cryptosystem, and the public key of the generated key pair is disclosed. It is assumed that the public key certificate issued externally for the key is held internally. Furthermore, it is assumed that, of the generated key pairs, the private key can be used to generate the digital signature, and the public key can be used to verify the digital signature.

FIGS. 9 and 10 are diagrams for explaining an embodiment of the security media creation processing in the secure electronic media management system of FIG. Below, FIG.
This embodiment will be described in detail with reference to FIGS. In the data medium registration process, the optical disc (data medium 41) is mounted in the optical disc drive 1 (34). When the request receiving unit 11 receives a request for data medium registration processing from a user who uses the external system 38 via the network, first, the data obtaining unit 14 records the data medium 41 on the data medium 41 mounted on the optical disc drive 1 (34). All electronic data (files) 42 to be protected which are protected are read. Next, the data file 42 acquired by the security file creating means 13
On the other hand, the security file 45 is created based on the following (1) to (5). That is, (1) the hash value 43 is calculated for each file 42 obtained by the data acquisition means 14. (2) A list (hash list) 44 in which one pair (hash entry) is a pair of the read file name of the file 42 and the calculated hash value 43 is created. (3) The data media serial number is read from the internal storage medium 36. (4) The data media serial number is incremented by 1 and recorded in the internal storage medium 36. (5) For the hash list 44, an electronic signature is calculated using the secret key held inside the system (here, the cryptographic processing board 32), and the electronic signature is added to the hash list 44, and the security file 45 and To do.

The security file 45 created by the security file creating means 13 is recorded in the internal storage medium 36 by the security file recording means 15 with a file name including the data media serial number. afterwards,
The response notifying means 12 notifies the external (request source) of the data media serial number as a data media registration result via the network. As will be described in an example below, the request source records the notified data media serial number as electronic data in the data media 41, prints it on the surface of the data media 41 as a label, or uses an external database. It is preferable that the data media 41 and the data media serial number are associated with each other depending on whether or not they are managed by the above.

In the process of recording the security file 45 recorded in the internal storage medium 36 on the security medium 46, a new optical disc (security medium) 46 is mounted on the optical disc drive 2 (35). First, the request receiving unit 11 receives a list of data media serial numbers together with a security media creation request from a user who uses the external system 38 via a network. The security file acquisition means 17 stores the security file 45 corresponding to the data media serial number included in the list accepted by the request acceptance means 11 in the internal storage medium 3.
Read from 6 and get. The security information creating means 16 creates security information based on the following (1) to (3). That is, (1) internal storage medium 36
Read the security media serial number from.
(2) The security media serial number is incremented by 1 and recorded in the internal storage medium 36. (3) The security file 45 and the security media serial number acquired by the security file acquisition unit 17 are collectively used as security information. The created security information is recorded on the security medium 46 mounted on the optical disk drive 2 (35) by the security information recording means 18. The response notifying means 12 notifies the user of the external system 38 of the security media serial number as a security media creation result via the network. The security file 45 may also be represented by adding a serial number.

An embodiment of the security media update process in the secure electronic media management system of FIG. 8 will be described in detail with reference to the respective means of FIG. Security media may be updated to ensure authenticity over the long term. To perform the security media update process of this embodiment, first, the optical disk drive 1 (34)
The security medium to be updated in step 1 is loaded into the optical disc drive 2 (35) with a new optical disc. In this state, the request accepting unit 11 accepts a security media update request from the user who uses the external system 38 via the network, and the security information acquiring unit 20 causes the optical disk drive 1 to operate.
All security information is read from the security medium to be updated mounted in (34). By the security information updating means 19, the following (1)-
Update the security information obtained based on (5),
Create a new security bulletin. That is, (1)
The electronic signature of each security file included in the read security information is verified using the cryptographic processing board 32. (2) Only the security files that have been successfully verified are recalculated by the cryptographic processing board 32 and added to the security files. (3) The security media serial number is read from the internal storage medium 36. (4) The security media serial number is incremented by 1 and recorded in the internal storage medium 36. (5) The security file to which the digital signature has been re-assigned and the security media serial number are collected as security information. The new security information is recorded on the new security medium mounted on the optical disc drive 2 (35) by the security information recording means 18. The response notifying means 12 notifies the user of the external system 38 of the new security media serial number as the security media update result via the network.

Since this updating process is mainly performed by changing to a new encryption algorithm having a high strength, a new encryption processing board is required to deal with the new encryption algorithm before performing this process. It is supposed to be installed in the system. In the new cryptographic processing board, the public key certificate corresponding to the private key used in the old cryptographic processing board will be recorded.

In the case of this method, the hash value contained in the security file is not updated, but it has the same hash value as compared to decrypting the private key used to calculate the digital signature. It's much harder to create "meaningful" electronic data.

An embodiment of the data verification process in the secure electronic media management system of FIG. 8 will be described in detail with reference to the respective means of FIG. The created security media can be used in this system, but can also be used externally. By disclosing the specifications of the security file recorded on the security medium, it is possible to verify the authenticity of the data in the data medium by using the public key cryptosystem basically. Here, the processing for authenticating the authenticity of the data medium in this system will be described. Basically, processing is the same outside.

In order to perform the data verification process in this embodiment, first, a data medium to be verified is mounted on the optical disk drive 1 (34) and a security medium corresponding to the data medium is mounted on the optical disk drive 2 (35). deep. In this state, the request receiving means 11
As a result, the file name and the data media serial number are accepted via the network together with the data verification request from the user who uses the external system 38. Next, the security information acquisition means 20 causes the optical disk drive 2 (3
Of the security information recorded on the security medium mounted in 5), the security file corresponding to the specified data media serial number is read. The data acquisition unit 14 reads the file (protected target data) having the specified file name from the data medium mounted on the optical disc drive 1 (34). By the data authenticity verification means 21,
The authenticity of the target data (file) is verified based on the following (1) to (5). That is, (1) the cryptographic processing board 32 verifies the electronic signature given to the read security file. (2) If the verification is successful,
The hash value corresponding to the file name specified from the outside, which is recorded in the security file, is taken out, and when the verification fails, the error is notified to the outside (request source). (3) The hash value of the read file is calculated. (4) Compare the calculated hash value with the previously fetched hash value. (5) If they compare and match, the verification of authenticity is successful, and if the hash values are different, it is judged as an error.
The response notification means 12 allows the external system 3
The user of No. 8 is notified of the data verification result via the network.

A digital signature calculation method, an assignment method, and a verification method are described in PKCS # 7 (PublicKey Crypto).
It may be carried out according to a standard such as a graphic standard). In addition, it is assumed that all higher-level certificates are recorded in the electronic signature data.

As can be seen from the above description, in the system configuration example of FIG. 8, the optical disk drive 1 (34) is used only for reading data media and security media. Therefore, the data should be retrieved not from the data media drive directly connected to the secure electronic media management system of the present invention but from the data media mounted in another system (for example, media jukebox) via the network, for example. It doesn't matter. Further, if the medium is replaced, the system configuration may be such that the optical disc drive 1 (34) also plays the role of the optical disc drive 2 (35).

(Other Embodiments Related to User Interaction) In each embodiment described with reference to FIG. 8, the request receiving means 11 receives a processing request from the outside (user) via the network, and the response notifying means 12 receives the processing result via the network. I am returning with. That is, the interaction between the user and this system is only via the network. When the secure electronic media management system according to the present invention is realized so as to operate independently without being connected to the network, the interaction between the system and the user may be as follows.

FIG. 11 is a schematic view showing an example of the configuration of a secure electronic media management system according to another embodiment of the present invention, which is a view for explaining an image of another embodiment regarding user interaction. Reference numeral 50 is a secure electronic media management system of this embodiment. The request receiving means 11 in the data media registration processing described with reference to FIG. 8 receives a data media registration request from the outside, but in the secure electronic media management system (often abbreviated as this system) 50 of the present embodiment, A configuration corresponding to at least the cryptographic processing board 32, the processor 33, the internal storage medium 36, the program storage medium 37, the optical disk drive 1 (34) for data media, and the optical disk drive 2 (35) for security media in the system 30 of FIG. Elements are provided, and a data media registration button 51 is further provided as the request receiving means 11. When the user presses the data media registration button 51 connected to the system 50, the data media registration request is accepted and the user's system operation can be easily performed.

Similarly, the request acceptance means 11 in the security media creation process also accepts a security media creation request from the outside. However, in the request acceptance means 11 in the secure electronic media management system 50 of the present embodiment, the user does not By pressing the security media creation button connected to the system 50, it is possible to accept the security media creation request. In FIG. 11, the security media creation button is shown as a button that also serves as the data media registration button 51 described above. The list of data media serial numbers to be passed with the request is a list of data media serial numbers corresponding to all the security files internally held by the system 50.

Further, although the request acceptance means 11 in the security media update processing also accepts a security media update request from the outside, in the request acceptance means 11 in the secure electronic media management system 50 of the present embodiment, the user is the main person. Security media update button 5 connected to the system
By pressing 2, it is possible to accept the security media update request.

Further, although the request acceptance means 11 in the data verification process also accepts a data verification request from the outside, in the request acceptance means 11 in the secure electronic media management system 50 of the present embodiment, the user uses the system 50. By pressing the data verification button 53 connected to, it is possible to accept the data verification request. The data media serial number to be passed along with the request is automatically acquired by the following security file automatic discriminating means. Also, the verification target (file name) that should be passed with the request
Is all files in the data medium.

In the discriminating process in the security file automatic discriminating means, it is assumed that a data medium is mounted on the optical disc drive 34 and a security medium corresponding to the data medium is mounted on the optical disc drive 35, and the following (1) The security file is automatically determined based on (7) to (7). (1) All data (files) recorded on the data medium mounted on the optical disc drive 34
Make a list of. (2) Search the security media mounted on the optical disk drive 35 for a security file whose contents match the file list. Of course, in order to speed up the search, it is preferable to create a hash table and search for a match. (3) When a plurality of media having the same file list are caught in the search, some files are read out from the data media in order or randomly. (4) Calculate the hash value of the file. (5) Check if the hash value and file name pair in the security file that was caught in the search match. (6) The completely matching security file is specified by repeating the above-mentioned steps (3) to (5) several times. (7) The data media serial number is given as the file name to the matched security file.

Although FIG. 11 shows an example in which various buttons 51, 52, 53 are physically provided, in order to perform processing corresponding to the various buttons on the screen of the display device connected to the system 50. May be designed to provide a graphical user interface for the. Of course, a communication port for receiving a registration request from the outside may be additionally provided.

By combining the embodiments described with reference to FIG. 11, all input operations from the user can be performed with one touch. Therefore, it is relatively easy to make a request by voice instruction for what is described as “press a button” in the above description, because there are basically only four types of instruction content that must be recognized. is there. The feature of the above-described embodiment is that the instruction can be made with one touch instead of pushing the button. Another feature is that an automatic security file discriminating means is provided. According to each of the embodiments described with reference to FIG. 11, the authenticity of an externally created medium (data stored in an external system) or a medium created in the system (data stored in the system) It has just been made possible to secure the authenticity, and moreover, it becomes possible to appropriately maintain the state of ensuring the authenticity.

Another embodiment of the response notifying means 12 will be described next. In the response notification means 12 in the data media registration process and the security media creation process described in FIG. 8, the data media registration result and the security media creation result are notified to the outside, respectively, but the secure electronic media management system of the present embodiment In the response notifying means 12 in (hereinafter abbreviated as this system), the data media serial number,
By displaying the security media serial number on the status monitor (display device) connected to this system (for example, the system 50 described above), it is possible to notify the user of the data media registration result and the security media creation result, respectively. There is.

Similarly, the response notifying means 12 in the security media updating process also notifies the outside of the security media updating result. However, the response notifying means 12 in the secure electronic media management system of this embodiment uses the new security media serial number. By displaying the number on the status monitor (display device) connected to this system, the user can be notified of the security media update result.

Further, although the response notifying means 12 in the data verifying process also notifies the data verification result to the outside, the response notifying means 12 in the secure electronic media management system of this embodiment is connected to this system. By displaying the result on the status monitor (display device), the user can be notified of the data verification result.

According to each embodiment of the response notifying means 12 described above, the user can be notified of the processing result without any special operation. Further, not only the notification to the user may be displayed on the status monitor, but the result notification may be performed by voice.

(Other Embodiments Regarding Data Input) In each embodiment with reference to FIG. 8, a data medium storing electronic data to be protected is mounted on a secure electronic media management system, and a hash value is taken out from the data medium. The security media creation processing has been described in which a hash list is created by using the security list, and the hash list is protected by encryption technology and stored in the security media. Therefore, it has been assumed that electronic data to be protected has already been written on an optical disk or the like in the form of a data medium. Of course, with such a mechanism, it is possible to connect to an existing system via an optical disk, and therefore it is very compatible and convenient. However, on the other hand, even though the secure electronic media management system is also provided with an optical disk writing device, it is necessary to separately have an optical disk writing device externally in order to create a data medium. Therefore, the data medium does not have to be an optical disk, and even if it is a storage medium (storage device) such as a hard disk in a computer network-connected to the system of FIG. That is, it is preferable that the system can secure the authenticity of electronic data that is not recorded on the optical disc. Furthermore, a system that can write on an optical disc while ensuring authenticity is preferable.

Therefore, another embodiment will be described in which a data media creating means is further provided (or a data acquiring means having a data media creating means) as an alternative means of the data acquiring means 14 in the data media registration processing described in FIG. . Since the present embodiment includes a procedure for creating a data medium, the security file automatic discriminating means can be greatly simplified as follows. That is, assuming that a data medium is mounted on the optical disc drive 1 (34) and a security medium corresponding to the data medium is mounted on the optical disc drive 2 (35), (1) the optical disc drive 1
The data media serial number is obtained from the data medium mounted in (34), and (2) when the data media serial number cannot be obtained, it is obtained by the security file automatic discrimination means described above.

The data acquisition means 14 in this embodiment acquires data based on the following (1) to (3). That is, (1) the data (file) received via the network is stored in the internal storage medium of the secure electronic media management system (hereinafter abbreviated as this system) of this embodiment. (2) When the request receiving means 11 requests registration of the data medium, all the files stored in the internal storage medium are read out. (3) Based on the data media serial number obtained by the security file creating means 13 and the file read previously, the following (1),
The data medium creating means based on (2) writes in the data medium. That is, (1) the received file is written in a new data medium mounted on the optical disc drive 1 (34), and (2) the data medium serial number is recorded as a volume name in the data medium.

The simplest method of receiving a file via the network in this embodiment is the internal H of this system.
The DD is shared as a shared folder on the network, and usually the shared folder can be freely accessed via the network. If a mechanism such as quota of UNIX (registered trademark) is used to limit the data capacity that can be stored in the shared folder to the capacity that can be written on one optical disc, when the user requests writing to the optical disc. Since all the electronic data stored in the shared folder can be written on the optical disc, it is simple and unnecessary.

Further, the data acquisition means 14 in the data verification process described with reference to FIG. 8 may acquire data based on the following (1) to (5). That is,
(1) Receive fax data through the fax line. (2) Convert the received fax data into image data. (3) The image data is stored as a file in the internal storage medium of this system. (4) FIG.
When the request acceptance unit 11 in the data media registration processing described in step 1 requests the registration of the data media,
Reads all files stored in the internal storage medium. (5) Based on the data media serial number obtained by the security file creation means 13 in the data media registration processing and the file read previously, the data media creation means described above writes the data media.

According to this embodiment, the fax data is received and recorded as it is as the data medium,
By setting a lock on the security file, it becomes possible for the system to leave evidence that fax data has been received.

The feature of the another embodiment described above is that a data media creating means is provided rather than the data input via a network or fax is shown as an embodiment. By providing data media creation means,
The user does not need to have a separate optical disk writing device, and since the serial number is written on the data medium, the search for the security file is significantly speeded up and convenience is improved.

(Other Embodiments Regarding Security Protect) In each of the embodiments with reference to FIG. 8, the security file creating means 13 calculates the electronic signature by the cryptographic processing board as a method of protecting the security file. By using a cryptographic processing board, the private key used for digital signatures is protected so as not to leak as much as possible, but the private key is decrypted due to the improvement in the computing capacity of the surrounding information system, or the private key is accidentally exposed. By doing so, the reliability of the security medium may be reduced. Therefore, it is preferable to take measures (security enhancement) when the secret key is broken when updating the security medium over a long period of time.

Therefore, the security file creating means 1
As 3, the security file may be created based on the following (1) to (5) (second security file creating means). That is, (1) the hash value is calculated for each file obtained by the data acquisition means 14. (2) A list (hash list) having a pair of the file name of the read file and the calculated hash value as one entry is created. (3) Read the data media serial number from the internal storage medium. (4)
The data media serial number is incremented by 1 and recorded in the internal storage medium. (5) With respect to the hash list, the tampering detection code is acquired by the following tampering detection code acquisition means, and the tampering detection code is added to the hash list to form a security file.

The tampering detection code acquisition means acquires the tampering detection code based on the following (1) to (3).
That is, (1) a hash value is calculated for the hash list to obtain a hash list hash. (2) Hash list An external electronic notary service (Sure
ty company, etc.) via a network to obtain electronic notarized data (secure time stamp, etc.). (3)
The acquired electronic notarized data is used as a falsification detection code.

The security strength can be increased by using the second security file creating means. That is, if this security file creating means is used, for example, Digit provided by Surity, Inc.
The al Notary service provides a secure time stamp that can be used as a tampering detection code without using a private key, so there is no need to worry about the key being exposed. Therefore, the process itself such as the security media update process is unnecessary. Moreover, since the creation date and time of the security file is fixed, it can be useful for proving the date and time when the data medium existed. Of course, DigiStamp, for example, also provides a time stamp service, so it is possible to use it. In the case of DigiStamp, the electronic signature technology is applied as a time stamp, so the time stamp itself must be updated before the expiration date.

In the second security file creating means, the tampering detection code is acquired by the tampering detection code acquiring means based on the following (1) to (3),
It may be used to create a security file (third security file creating means). That is, (1) The electronic signature 1 is calculated by the signature algorithm 1 using the signature key 1 (the public key certificate by the certificate authority 1) stored in the cryptographic processing board for the hash list. (2) The digital signature 2 is calculated by the signature algorithm 2 using the signature key 2 (with the public key certificate by the certificate authority 2) stored in the cryptographic processing board for the hash list. (3) The electronic signature 1 and the electronic signature 2 are combined into a tampering detection code.

By using the security file creating means (third) here, the possibility that two signature keys are exposed at the same time is extremely low, so that the security strength, that is, the safety can be enhanced.

During normal operation of this system, processing such as security media update processing must be carried out just before the expiration date of the electronic signature of the security file recorded on the security medium. become. However, for some reason (for example, the root certificate authority key was exposed) before the expiration date expired, the public key certificate of the signature key used for the electronic signature that protected the security file was CRL (Ce
(rificate RevocationList)
May be listed in. When such a situation occurs, the security file creating means 13 described with reference to FIG.
In the case of method (1), since the electronic signature that protected the security file is no longer reliable, the security medium cannot be updated.

However, if the method in the above-mentioned third security file creating means is used, it is extremely unlikely that the public key certificates of the two signature keys that have protected the security file are both posted in the CRL at the same time. Therefore, in the unlikely event that the public key certificate of one of the signature keys is posted in the CRL, the security media update process can be executed at that timing. At that time, since the electronic signature by the other signature key is valid, it is possible to prevent the security media update process from being hindered.

As another embodiment relating to security protection, an alternative embodiment of the data authenticity verifying means 21 will be shown corresponding to the above-mentioned third security file creating means. As the data authenticity verification means 21 in the data verification processing described with reference to FIG. 5, the data authenticity verification means (second) based on the following (1) to (6) may be used to verify the data authenticity. . That is, (1) the tampering detection code (digital signature 1 and digital signature 2) attached to the read security file is verified by the cryptographic processing board. (2) When at least one of the verifications (the verification also includes the confirmation of the CRL) is successful, the hash value recorded in the security file and corresponding to the externally designated file name is taken out. (3) The hash value of the read file is calculated. (4) Compare the calculated hash value with the previously fetched hash value.
(5) If they are compared and match, the verification is successful. (6) However, when the verification of both the electronic signature 1 and the electronic signature 2 is not successful, the response notifying means notifies a warning prompting the updating of the security medium.

As another embodiment relating to the security protection, an alternative embodiment of the security information updating means 19 described in FIG. 3 will be shown corresponding to the third security file creating means. Security information updating means 1 in the security media updating process described in FIG.
As 9, the security information may be updated by the security information updating means (second) based on the following (1) to (5). That is, (1) the tampering detection code (digital signature 1 and digital signature 2) of each security file included in the read security information is verified using the cryptographic processing board. (2) For at least one of the security files that has been successfully verified, the encryption processing board recalculates the tampering detection code with the new signature key, and adds it to the security file. (3) Read the security media serial number from the internal storage medium. (4)
The security media serial number is incremented by 1 and recorded in the internal storage medium. (5) The security file and the security media serial number to which the tampering detection code has been added are collectively used as security information.

Further, another embodiment relating to security protection will be described. In the security media creation process for creating a security media, the security information creation means 16 described in FIG. 1 simply combines the security media number and the security file into the security information, but this security information itself is not protected. Therefore, the security information recorded on the security medium may be tampered with by someone. Therefore, the security information creating means (third) will be shown below as an alternative to the security information creating means 16.

In this embodiment, as the security information creating means 16 in the security media creating process described with reference to FIG. 1, the security information creating means (third) based on the following (1) to (4) creates security information. I do. That is, (1) the security media serial number is read from the internal storage medium. (2) The security media serial number is incremented by 1 and recorded in the internal storage medium. (3) The security file obtained by the security file obtaining means 17 and the security media serial number are collectively used as security information.
(4) The security information is the security information protected by the following security information protection means.

FIG. 12 is a view for explaining in detail the security information protection processing in the secure electronic media management system according to another embodiment of the present invention, and is a view showing the concept of protection of security media. The security information protection means protects the security information based on the following (1) to (5). That is, (1) a file name of each security file 45 included in the security information and a security file list 47 having an electronic signature included in the file as one entry are created. (2) The serial number of the security medium 46 included in the security information is added to the security file list 47. (3) The security media list for which the security media serial number is assigned is calculated by the cryptographic processing board.
(4) The calculated electronic signature is added to the security file list 47. (5) Security file list (security file list 48 after digital signature is added)
The original security information is combined with the new security information. As a result, the information itself recorded on the security medium can be protected from unauthorized tampering.

Another embodiment of security protection will be described. When the security medium has been tampered with, the security information acquisition means 20 in the data verification process for verifying the data can detect it.
As an alternative means of (1) to (4), security information acquisition means (second) based on the following may be applied. That is, (1) of the security information recorded on the security medium mounted on the optical disc drive 2 (35), the security file corresponding to the designated data media serial number is read. (2) The security information is verified by the security information verification means described later. (3) If the verification is successful, the previously read security file is used as it is.
(4) If the verification fails, the response notifying means 12 warns the user.

The security information verification means verifies the security information based on the following (1) to (6). That is, (1) a security file list is acquired from the security information in the security medium. (2) The digital signature given to the security file list is verified by the cryptographic processing board. (3) If the verification is successful, the security file list entry corresponding to the specified data media serial number is taken out. (4) It is verified whether the electronic signature of the security file included in the retrieved entry is the same as the one given to the corresponding security file. (5) If they are the same, the verification is successful. (6) If the processing up to this point fails, the verification fails. A characteristic of this embodiment is that a security information verification means is newly provided. As a result, when the security medium has been tampered with, it can be detected.

(Another Example Regarding Automatic Search of Security Media) If the correct combination of data media and security media is mounted on this system by the above-described security file automatic discrimination means, an appropriate security file is automatically created. It is possible to find out. However, in reality, the user is not interested in the security medium in which only the data that does not make sense to the user even if the user reads the contents is recorded, as compared with the data medium that can be understood by reading the contents. Will eventually be treated separately. Therefore, even if one wants to verify the authenticity of a data medium, it is predicted that the security medium corresponding to the data medium will not be known because it has been managed separately. In other words, since the security medium is created based on the existing data medium, there is a problem that it is difficult to record the relationship between the security medium and the data medium. In other words, since the data medium has already been completed, the link information of the security medium cannot be recorded, and there is a problem that it is not possible to know which security medium should be used when confirming the authenticity.

Therefore, an embodiment in which the data medium and the security medium can be associated with each other will be described below so that the relationship between the security medium and the data medium is not unclear. If it is possible to assume that the data medium is written by the system and the data medium serial number is recorded on the data medium itself, like the data medium creating means 13 described in FIG. In the security media creation process, a table that associates the data media serial number with the security media serial number may be created and stored in the internal storage medium of this system, so there is no difficulty. However, considering the case of using a data medium that is recorded externally and has no data media serial number recorded, the data media serial number and the security media serial number are associated in the following manner.

In the security media creation process,
As an alternative to the security information creating unit 16, the security information creating unit based on the following (1) to (4) may create the security information. That is, (1) the security media serial number is read from the internal storage medium. (2) The security media serial number is incremented by 1 and recorded in the internal storage medium.
(3) The security file obtained by the security file obtaining means 17 and the security media serial number are collectively used as security information. (4) An association list is created by the security media associating means described later.

The security media associating means creates an associative list based on the following (1) to (4). That is, (1) Only the file list portion is extracted from the security file. (2) The hash value of the extracted file list part is calculated and used as the file list hash. (3) Create a security media association list having a corresponding data media serial number, file list hash, and security media serial number as one entry. (4) The security media association list is recorded in the internal storage medium.

An example of automatic search of another security medium will be described. In the data verification process, as a further alternative to the request accepting means 11, the request may be accepted by the request accepting means based on the following (1) to (4). That is, (1) the user presses the data verification button connected to the system to accept the data verification request. (2) For the data medium mounted on the optical disk drive 1 (34), the security media serial number is automatically obtained by the security media search means described later. By (3), the user is notified of the security media serial number and prompted to mount the corresponding security media on the optical disc drive 2 (35). As a result, the security medium is mounted on the optical disc drive 2 (35). (4) The data file serial number is automatically acquired by the security file automatic discrimination means. The verification target (file name) is all files in the data medium.

The security media search means automatically acquires the security media number based on the following (1) to (5). That is, (1) the security media association list is acquired from the internal storage medium. (2) If the data media serial number is recorded on the data medium, the corresponding security media serial number is obtained from the security media association list based on the data media serial number. (3) If the data medium serial number is not recorded on the data medium, the file list is obtained from the data medium. (4) The hash value of the acquired file list is calculated and used as the file list hash. (5) Obtain the security media serial number with which the file list hashes match (there are multiple possibilities).

By adding the security media associating means to the security information creating means and the security media searching means to the request receiving means, even if the data media does not have the data media serial number recorded, the security can be automatically handled. This makes it possible to find the media, which has the effect of greatly increasing the convenience for the user.

From the user's point of view, it is not known which data medium has already been registered in this system. In some cases, the same medium may be registered twice, or media intended to be registered but not registered. However, if you mount a suspicious data medium on this system and press the data verification button, you can immediately see if the data medium is registered. (The security media will not be searched and data verification will not be possible if it is not registered).

As described above, creation, update, and security media of the secure electronic media management system of the present invention are described.
Although the respective embodiments have been described centering on the verification process and the verification process, the present invention can also be realized by a secure electronic media management method having a procedure of each process executed in these systems as a constituent element. Further, the present invention may be embodied as a program for causing a computer to function as a secure electronic media management system (or each means of the system), and a computer-readable recording medium recording the program.

An embodiment of a recording medium storing a program and data for realizing each process of secure electronic media management according to the present invention will be described. Specific examples of the recording medium include a CD-ROM, a magneto-optical disk, and a DVD-R.
OM, FD, flash memory, and other various ROMs
Or a RAM or the like can be assumed, and by causing a computer to execute the processes according to the above-described embodiments of the present invention on these recording media, and recording and distributing a program for realizing the function of the secure electronic media management, To facilitate the realization of the function. Then, the recording medium as described above is attached to an information processing device such as a computer and the program is read by the information processing device, or the program is stored in a storage medium included in the information processing device, and as necessary. By reading, the secure electronic media management function according to the present invention can be executed.

[0100]

According to the present invention, the authenticity of the electronic data already recorded on the optical disk by another system, the electronic data received from the outside via the network, and the electronic data created inside the system can be maintained. , It becomes possible to handle electronic data as electronic evidence while ensuring safety for a long period of time. Furthermore, according to the present invention, it is possible to secure safety for a long period of time without trouble.

[Brief description of drawings]

FIG. 1 is a diagram for explaining a security media creation process in a secure electronic media management system according to an embodiment of the present invention.

FIG. 2 is a diagram illustrating a security media creation process in the secure electronic media management system according to the embodiment of the present invention.

FIG. 3 is a diagram for explaining a security media update process in the secure electronic media management system according to another embodiment of the present invention.

FIG. 4 is a diagram for explaining security media update processing in the secure electronic media management system according to another embodiment of the present invention.

FIG. 5 is a diagram for explaining a data verification process in the secure electronic media management system according to another embodiment of the present invention.

FIG. 6 is a diagram for explaining a data verification process in the secure electronic media management system according to another embodiment of the present invention.

FIG. 7 is a diagram showing a configuration example of a secure electronic media management system according to another embodiment of the present invention.

FIG. 8 is a configuration diagram showing an embodiment of a secure electronic media management system according to the present invention.

9 is a diagram for explaining an embodiment of a security media creation process in the secure electronic media management system of FIG.

FIG. 10 is a diagram for explaining an embodiment of a security media creation process in the secure electronic media management system of FIG.

FIG. 11 is a schematic view showing a configuration example of a secure electronic media management system according to another embodiment of the present invention.

FIG. 12 is a diagram for explaining in detail security information protection processing in the secure electronic media management system according to another embodiment of the present invention.

[Explanation of symbols]

11 ... Request accepting means, 12 ... Response notifying means, 13 ... Security file creating means, 14 ... Data acquisition means, 15 ... Security file recording means, 1
6 ... Security information creating means, 17 ... Security file acquiring means, 18 ... Security information recording means, 1
9 ... Security information update means, 20 ... Security information acquisition means, 21 ... Data authenticity verification means, 30, 50
... Secure electronic media management system, 31 ... Communication port, 32 ... Cryptographic processing board, 33 ... Processor, 34 ...
Optical disk drive 1, 35 ... Optical disk drive 2,
36 ... Internal storage medium, 37 ... Program storage medium, 38
... external system, 41 ... data medium, 42 ... data file, 43 ... hash value, 44 ... hash list,
45 ... Security file, 46 ... Security medium, 47 ... Security file list, 48 ... Security file list after electronic signature addition, 51, 5
2, 53 ... Each processing button, M1 ... Data media, M2
... security medium, R1 ... storage medium, R2 ... internal storage medium.

Claims (19)

[Claims] 1. A secure electronic media management system for ensuring the authenticity of data, comprising a request receiving means for receiving a request from a user, a data acquiring means for acquiring target data, and protecting the data. A security file creating means for creating a security file, a security information creating means for creating security information by collecting one or more security files, and a security information recording means for recording the security information on a security medium. A secure electronic media management system comprising: a response notifying means for notifying a user of a processing result, and creating a security medium for ensuring the authenticity of data. 2. The secure electronic media management system according to claim 1, further comprising a data medium creating unit that creates a data medium by recording the data acquired by the data acquiring unit on a data medium. 3. The secure electronic media management system according to claim 1, further comprising security information protection means for protecting the security information created by the security information creation means. 4. A security media association for creating information for associating target data protected by security information created by the security information creating means with a security media created by recording by the security information recording means. 4. The secure electronic media management system according to claim 1, further comprising means. 5. The security file creating means comprises:
5. The notarized data obtained from the outside is used to protect the data, according to any one of claims 1 to 4.
The described secure electronic media management system. 6. The security file creating means comprises:
6. The secure electronic media management system according to claim 1, wherein the data is protected by using a plurality of digital signatures generated by using a plurality of keys. 7. A secure electronic media management system for ensuring the authenticity of data, comprising request reception means for receiving a request from a user and security information acquisition means for acquiring security information from a security medium to be updated. Security information updating means for updating the security information to new security information, security information recording means for recording the new security information on the security medium or new security medium, and response notifying means for notifying a user of a processing result. A secure electronic media management system, which is equipped with and updates security media. 8. A security file created by using a plurality of digital signatures generated by using a plurality of keys to protect data, wherein the security information updating means sets 8. The secure electronic media management system according to claim 7, wherein the security information is updated by assuming that the verification of the security information has succeeded when the verification of at least one electronic signature succeeds. 9. A secure electronic media management system for ensuring the authenticity of data, comprising a request receiving means for receiving a request from a user, a data acquiring means for acquiring target data, and a security file for security. A security file acquisition means for acquiring from the medium, a data authenticity verification means for verifying the authenticity of the data by the security file, and a response notification means for notifying a user of a processing result,
A secure electronic media management system characterized by verifying the authenticity of data. 10. The secure electronic media management system according to claim 9, further comprising a security file automatic discrimination means for automatically discriminating a security file corresponding to data to be verified from among the security media. . 11. The security information verifying means for verifying the authenticity of the security information recorded on the security medium when the security file is acquired by the security file acquiring means is further provided. 10. The secure electronic media management system described in 10. 12. A security media associating unit for creating information for associating the target data protected by the security information created by the security information creating unit with the security medium created by the security information recording unit, The security media searching means for searching the security medium corresponding to the data from the data to be verified based on the association information created by the security media associating means is further provided.
1. The secure electronic media management system according to any one of 1. 13. A security file created by using a plurality of digital signatures generated by using a plurality of keys to protect data, the data authenticity verifying means, 13. The secure electronic media management system according to claim 9, wherein the verification of the data is regarded as successful when at least one of the electronic signatures is successfully verified. 14. A secure electronic media management system comprising each unit in the secure electronic media management system according to any one of claims 1 to 13. 15. A secure electronic media management method having a method of creating a security medium for ensuring the authenticity of data, which receives a security media creation request from a user, acquires target data, and Create a security file to protect the acquired data and copy the created security file to 1
Create one or more security information, record the created security information on a security medium,
A secure electronic media management method characterized by notifying a user of a processing result. 16. A secure electronic media management method including a method for updating a security medium for ensuring the authenticity of data, receiving a security media update request from a user, and obtaining security information from the security medium to be updated, A secure electronic media management method, characterized in that the acquired security information is updated to new security information, the new security information is recorded on the security medium or a new security medium, and a processing result is notified to a user. 17. A secure electronic media management method including a method of verifying the authenticity of data, which receives a data verification request from a user, acquires target data, and acquires a security file from a security medium. A secure electronic media management method, characterized in that the authenticity of the acquired data is verified by the acquired security file and the processing result is notified to the user. 18. A program for causing a computer to function as the secure electronic media management system according to claim 1 or as each means of the system. 19. A computer-readable recording medium in which the program according to claim 18 is recorded.