JP2003173394A - Information management system for uniquely managing electronic data and transaction mediation system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an information managing system uniquely managing effective electronic date, specifying only one of effective data even if the electronic data is illegally copied, and managing the electronic data without increasing the amount of retaining data even if the transfer of the electronic data is repeated. <P>SOLUTION: Uniquely managing target data is prepared by signing data in which substantial data, the latest used history information, and a data identifier are combined. The used history information is managed with a history managing server, and the used history information is updated every use of the electronic data. When the data is used, the used history information is verified. Even if a plurality of copies are present, since the usable electronic data is only one, uniqueness of the electronic data can be established. Since the history information given to the electronic data is only the latest used history information, electronic data with less data capacity can be realized. <P>COPYRIGHT: (C)2003,JPO

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a technique for managing various kinds of electronic data, and more particularly, to an information management system capable of uniquely specifying and managing effective electronic data, and effective electronic data uniquely. The present invention relates to a transaction intermediary system for trading transaction target data managed under the system managed by.

[0002]

2. Description of the Related Art In recent years, the demand for the Internet has increased,
Commerce and advertising on the Internet, content distribution,
The existence of the Internet in businesses such as virtual malls has become indispensable. With the expansion of business development on the Internet, the importance of electronic cash and electronic tickets is expected to increase. A monetary value is added not only to electronic cash but also to electronic data such as music data and image data. However, since digital data such as electronic data can be easily copied, if the electronic data is illegally copied,
The added value becomes meaningless. In fact
In the case of electronic cash or electronic ticket, if it can be easily copied, the electronic cash or electronic ticket can be easily counterfeited and its value can be lost.

In order to prohibit the above-mentioned illegal copying, for example, in the case of an electronic cash system, as a cash data management method, it is impossible to tamper with the balance by using hardware such as an IC card having tamper resistance. In order to check the balance management method that manages the balance by doing so and the ID of the issued electronic cash, and to check whether it is not used twice, the electronic cash has a face value and an identification number. A scheme is being considered.

Peer such as Gnutella or Napster
Electronic data exchange systems using -to-Peer technology have been attracting attention. It is considered that the Peer-to-Peer technology will accelerate in the future, and the market scale is expected to grow. On the other hand, in the Peer-to-Peer system, it is difficult for a third party to check the data exchange between the clients, so the business model is difficult to apply. A business model combined with DRM (copyright management) technology is being considered, but in this case, user authentication is required for each use, and the relationship between each data and its owner is stored in a database and centrally managed. There is a need to. In this case, the owner registration of the data needs to be changed every time the data is bought and sold, which is not suitable for the data buying and selling.

[0005]

However, there are some problems in the above method. First, in the method of storing electronic cash data in tamper-resistant hardware such as an IC card, electronic cash data can exist only on special hardware.
Transfer via network or computer 2
It cannot be saved on the next storage device. Further, in the conventional electronic banknote system, when the electronic cash data is transferred, the information of the issuing office and the individual of the transfer source remains, so that the data amount of the electronic cash data increases as the number of transfers increases. Therefore, there is a problem when the electronic cash data is stored in hardware such as an IC card having a small capacity.

Further, in the business model in which the Peer-to-Peer system is combined with the DRM technology, encrypted electronic data is distributed, and when a user wants to use the data, he / she accesses a server that manages a decryption key. Then, after the user is authenticated, the decryption key is downloaded and the electronic data is decrypted and used. In this case, when buying and selling electronic data, the data owner must be updated by the decryption key management server, and a process for certifying the change of the owner is required. Burdens customers. Further, when an illegal person duplicates a large amount of electronic data and sells it to a plurality of people at the same time, there are many registration changers, and it is difficult to determine who is the substantial owner. Further, for example, when password authentication is adopted for user authentication, a plurality of people may collude to share the electronic data and the password, which may lead to unauthorized use by a person other than the legitimate owner.

The present invention is valid for digital (electronic)
Data can be uniquely managed, and even if electronic data is illegally copied, only one valid data can be specified. Even if electronic data is repeatedly transferred, it is managed without increasing the amount of data to be held. The purpose is to provide an information management system that can. Another object of the present invention is to provide an information management system applicable not only to electronic cash but also to prevent illegal copying of electronic tickets and digital contents.

Furthermore, in the Peer-to-Peer system, a system that uniquely manages valid electronic data prevents illegal copying of the data, and the financial value of the unique electronic data is impaired. The purpose is to realize a service for trading without.

[0009]

To achieve the above object, the invention according to claim 1 is an information management system in which a user device using electronic data and a history management device are connected via a network. The uniqueness management target data that is uniquely managed by the system is the substantial data that is the target to be used, the data identifier that identifies the uniqueness management target data, and the latest usage history information of the substantial data. And a means for transmitting the data identifier of the uniqueness management target data to be used and the latest use history information to the history management device, and the user device is updated by the history management device. The latest usage history information is received, and uniqueness management target data including substantial data after use, a data identifier, and the updated latest usage history information is created. Wherein the history management device stores the data identifier of the uniqueness management target data in association with the latest usage history information, and the uniqueness management target data used from the user device. When the data identifier and the latest use history information are transmitted, the storage means is referred to verify that the latest use history information corresponding to the data identifier matches the value stored in the storage means. Means and means for updating the latest usage history information corresponding to the data identifier in the storage means,
Means for transmitting the updated latest usage history information to the user device.

The invention according to claim 2 is an information management system in which a user device that uses electronic data and a history management device are connected via a network, and is a uniqueness management target that is uniquely managed by this system. The target data is data including substantial data that is a target to be used, a data identifier that identifies the uniqueness management target data, and latest usage history information of the substantial data, and the user device has the history. A means for transmitting the data identifier of the uniqueness management target data to be used and the latest usage history information to the management device;
When the error information is received from the history management device, the use of the uniqueness management target data is stopped, and when the updated latest usage history information is received from the history management device, the uniqueness management target data is substantially deleted. Means for authorizing the use of the data, the actual data after use, the data identifier,
Means for creating uniqueness management target data including the updated latest usage history information, wherein the history management device stores the data identifier of the uniqueness management target data and its latest usage history information in association with each other. When the storage means to be stored, and the data identifier of the uniqueness management target data to be used and the latest use history information are transmitted from the user device,
With reference to the storage means, a means for verifying that the latest use history information corresponding to the data identifier matches a value stored in the storage means, and the verification confirms that the latest use history information matches. When the verification confirms that the latest usage history information corresponding to the data identifier in the storage means corresponds to the latest usage history information, the updated latest usage history information is used by the user. And a means for transmitting error information to the user device when a match of the latest use history information cannot be confirmed by the verification.

According to a third aspect of the present invention, there is provided an information management system in which a user device that uses electronic data and a history management device are connected via a network, and a uniqueness management target of unique management in this system. The target data is a secret held by the user device in a set data including substantial data to be used, a data identifier identifying the uniqueness management target data, and latest usage history information of the substantial data. Data signed with a key, the user device, when using the uniqueness management target data, means for verifying the signature of the uniqueness management target data, and the history management device to the uniqueness management target to be used. A means for transmitting the data identifier of the data and the latest use history information, and a means for receiving the updated latest use history information transmitted from the history management device, and using the actual data after use. And a means for creating uniqueness management target data by signing the set data including the data identifier and the updated latest use history information with the secret key of the user device, and the history management device, A storage means for storing the data identifier of the uniqueness management target data and its latest usage history information in association with each other; a data identifier of the uniqueness management target data to be used from the user device and the latest usage history information; Is transmitted, the means for verifying that the latest use history information corresponding to the data identifier matches the value stored in the storage means by referring to the storage means, and the means in the storage means. It is characterized by further comprising means for updating the latest use history information corresponding to the data identifier and means for transmitting the updated latest use history information to the user device.

According to a fourth aspect of the present invention, there is provided an information management system comprising a user device in which a program using electronic data operates, and a history management device communicable from the program, which is unique in this system. The uniqueness management target data to be managed is a set data including the substantial data to be used, a data identifier for identifying the uniqueness management target data, and the latest usage history information of the substantial data. The data is data signed with a private key unique to the program, and when the program uses the uniqueness management target data, the step of verifying the signature of the uniqueness management target data; A step of transmitting a data identifier of uniqueness management target data and latest usage history information, and updated latest usage transmitted from the history management device The history information is received, the paired data including the substantial data after use, the data identifier, and the updated latest usage history information is signed with the private key unique to the program, and the uniqueness management target data is obtained. The history management apparatus includes a storage unit that stores the data identifier of the uniqueness management target data and its latest usage history information in association with each other, and the uniqueness management target data to be used from the program. A means for verifying that the latest use history information corresponding to the data identifier matches the value stored in the storage means when the data identifier and the latest use history information are transmitted, by referring to the storage means. A means for updating the latest usage history information corresponding to the data identifier in the storage means, and a means for transmitting the updated latest usage history information to the program Characterized by comprising a.

According to a fifth aspect of the present invention, in the information management system according to any one of the first to fourth aspects, communication between the user device and the history management device, or the program and the history are performed. The communication with the management device is characterized by being encrypted.

The invention according to claim 6 is the invention according to claim 3 or 4.
In the information management system according to item 1, the history management device holds and manages a public key for verifying the signature of the uniqueness management target data, and requests the transfer of the public key from the user device or the program. It is characterized by comprising means for receiving and transferring the public key.

According to a seventh aspect of the invention, in the information management system according to any one of the first to fourth aspects, when the user device uses the uniqueness management target data,
In addition to the latest uniqueness management target data created by the use, the previous uniqueness management target data before the use and the difference data before and after the use are stored, and then the latest uniqueness management target data is stored. When using the data, when it is unusable, after inquiring to the history management device to confirm that the previous uniqueness management target data is valid, the previous uniqueness management target data and the difference data Means for restoring the latest uniqueness management target data using, the history management device, in addition to the latest usage history information corresponding to the data identifier of the uniqueness management target data, a predetermined number of past usage history Memory management is performed, and in response to an inquiry from the user device, means for verifying that the previous uniqueness management target data is valid by referring to the past usage history is provided. To.

According to an eighth aspect of the present invention, in the information management system according to any one of the first to fourth aspects, when the user device creates a copy of the uniqueness management target data, the user From the device, a copy request for the uniqueness management target data is transmitted to the history management device, and the history management device generates a data identifier of the copy data of the uniqueness management target data and latest usage history information, and The uniqueness management target data is stored in the storage means and transmits the data identifier and the latest use history information to the user device, and the user device uses the received data identifier and the latest use history information. It is characterized by making a copy of.

According to a ninth aspect of the invention, in the information management system according to the eighth aspect, each of the uniqueness management target data is permitted in the storage means as a copy source of the uniqueness management target data. Information defining a user or information defining a user permitted as a copy destination of the uniqueness management target data is stored, and the storage unit is stored before the copy of the uniqueness management target data is created. With reference to, it is further provided with means for checking whether or not the user of the user device making the copy is a user authorized as a copy source or a copy destination.

The invention according to claim 10 is based on claims 1 to 4.
In the information management system described in any one of
When the uniqueness management target data is transferred from the user device to the second user device, the uniqueness management target data is transmitted from the first user device to the second user device,
In the second user device, the history management device is requested to update the history of the uniqueness management target data, and the history management device returns the uniqueness management target data using the history information returned from the history management device in response to the request. It is characterized in that the created uniqueness management target data is deleted in the first user device which has created and transmitted the reception confirmation message to the first user device and which has received the reception confirmation message.

The invention of claim 11 relates to claims 1 to 4.
In the information management system as described in any one of 1 above, when dividing the uniqueness management target data, the user device transmits a data identifier, latest use history information, and a division request to the history management device, and the history is recorded. The management device updates the latest use history information corresponding to the received data identifier, newly generates the data identifier and the latest use history information corresponding to the data identifier, and updates the received data identifier and the updated latest use history information and new The two sets of the data identifier and the latest use history information, which are the data identifier and the latest use history information, which have been generated in the above are transmitted to the user device, and in the user device, the substantial data to be divided is the first substantial data. And the second substantive data, and the first substantive data, the second substantive data, and two sets of data received from the history management device. Using the identifier and the latest use history information, characterized in that to create two unique object data after the division.

The invention of claim 12 relates to claims 1 to 4.
In the information management system according to any one of items 1 to 5, when the first uniqueness management target data and the second uniqueness management target data are combined in the user device, the history management device is changed from the user device. To each of the first uniqueness management target data and the second uniqueness management target data, and the latest usage history information is transmitted, and the history management device receives the received first uniqueness management target data. Of the data identifier and latest usage history information of the second uniqueness management target data,
The data identifier corresponding to one of the uniqueness management target data and the latest usage history information is deleted from the storage means, and the latest usage history information corresponding to the data identifier of the other uniqueness management target data is updated and updated. The latest usage history information and the data identifier corresponding to the latest usage history information are transmitted to the user device, and the user device stores substantially the first uniqueness management target data and the second uniqueness management target data. It is characterized in that the data is combined with data to create substantial data, and the created substantial data is combined with the received data identifier and latest usage history information to create uniqueness management target data.

The invention of claim 13 relates to claims 1 to 1.
In the information management system described in any one of 2, the substantial data of the uniqueness management target data is electronic cash data.

According to a fourteenth aspect of the present invention, there is provided a uniqueness management method for managing uniqueness of electronic cash data using a computer system, which is electronic cash data to be used, a data identifier, and the electronic cash. The data signed with the private key held by the user is used as the uniqueness management target data in the group data including the latest usage history information of the data, and the data identifier of the uniqueness management target data and the latest usage history information are stored. When a history management device for managing is provided and the electronic cash data included in the uniqueness management target data is used, the data of the uniqueness management target data including the electronic cash data to be accessed by accessing the history management device It is characterized by confirming that the identifier and the latest usage history information match those stored in the history management device.

According to a fifteenth aspect of the present invention, in the uniqueness management method for managing the uniqueness of the electronic cash data according to the fourteenth aspect, when the electronic cash data included in the uniqueness management target data is used, The history management device confirms the data identifier of the uniqueness management target data including the electronic cash data to be used and the latest usage history information, and then updates the latest usage history information corresponding to the stored data identifier, The data identifier and the updated latest use history information are transmitted to the user side, and the user side uses the value after the use of the electronic cash data, the received data identifier, and the latest use history information to ensure uniqueness. It is characterized by creating and holding managed data.

According to a sixteenth aspect of the present invention, there is provided an electronic data using apparatus for using electronic data, wherein the uniqueness management target data includes substantial data to be used, a data identifier, and latest usage history information. Using uniqueness management target data storing means, history storing means for storing the data identifier of the uniqueness management target data and its latest use history information in association with each other, and the uniqueness management target data At that time, the latest usage history verification means for verifying that the data identifier and the latest usage history information match the value stored in the history storage means, and only when the matching of the latest usage history is confirmed, When it is confirmed that the latest usage history coincides with the means for permitting the use of substantially unique data of the uniqueness management target data, the data identifier in the history storage means is paired with Means for updating the latest usage history information, substantial data after use, a data identifier, and uniqueness management target data including the updated latest usage history information, and storing the uniqueness management target data. Means for storing in the means.

According to a seventeenth aspect of the present invention, there is provided an electronic data using apparatus in which a program that uses electronic data operates, and the substantial data which is the target of the program, the data identifier, and the latest use history information are provided. A uniqueness management target data storage unit that stores uniqueness management target data signed with a private key unique to the program in the group data including the above, a data identifier of the uniqueness management target data, and its latest use history information. When using the uniqueness management target data, the signature is verified and the data identifier and the latest usage history information are stored in the history storage means and the value stored in the history storage means. Only when the latest usage history verification means for verifying a match and the signature are valid, and the matching of the latest usage history is confirmed, When the signature is valid and the matching of the latest usage history is confirmed, it corresponds to the data identifier in the history storing means, and means for permitting the use of the substantial data of the uniqueness management target data. Uniqueness management target obtained by signing the set data including the means for updating the latest use history information, the substantial data after use, the data identifier, and the updated latest use history information with the private key unique to the program. Means for creating data and storing the data in the uniqueness management target data storage means.

The invention according to claim 18 is the electronic data using apparatus according to claim 16 or 17, wherein the history storage means is adapted to prevent unauthorized external reference or tampering. And

According to a nineteenth aspect of the present invention, in the electronic data using apparatus according to any one of the sixteenth to eighteenth aspects, when the uniqueness management target data is used, the latest uniqueness created by the use is generated. In addition to the property management target data, means for storing the previous uniqueness management target data before use and the difference data before and after use, and the latest usage history information corresponding to the data identifier of the uniqueness management target data History storage means for storing the previous usage history when storing the data in the main stage, and the previously stored uniqueness when the latest uniqueness management target data is unusable After confirming that the usage history of the management target data matches the previous usage history stored in the history storage unit, the latest uniqueness management target data and difference data are used to obtain the latest uniqueness. And further comprising a means for restoring the object data.

According to a twentieth aspect of the invention, in the electronic data using apparatus according to any one of the sixteenth to eighteenth aspects, when a copy of the uniqueness management target data is created, the uniqueness management target data A data identifier for the copy data and the latest use history information are generated and stored in the history storage means, and a copy of the uniqueness management target data is created using the data identifier and the latest use history information. Is characterized by.

According to a twenty-first aspect of the invention, in the electronic data using apparatus according to the twentieth aspect, the history storage means permits each uniqueness management target data as a copy source of the uniqueness management target data. The information defining the user to be stored, or the information defining the user permitted as a copy destination of the uniqueness management target data is stored, and before the copy of the uniqueness management target data is created, It is characterized by further comprising means for checking whether or not the user of the user device making the copy is a user authorized as a copy source or a copy destination by referring to the history storage means.

According to a twenty-second aspect of the present invention, in the electronic data using apparatus according to any one of the sixteenth to eighteenth aspects, since the uniqueness management target data is transferred to another electronic data using apparatus, the uniqueness of the uniqueness management target data is transferred. Sex management target data, a data identifier corresponding to the sex management data, and means for transmitting the latest use history information to the transfer destination, a means for deleting the transmitted data identifier and the latest use history information from the history storage means, and the uniqueness management target data , The data identifier and the latest usage history information in the received uniqueness management target data are
A means for verifying that the received data identifier matches the latest usage history information, and, as a result of the verification, if the data identifier and the received data identifier are confirmed to be usable as uniqueness management target data, The latest use history information is newly registered in the history storage means, and the received uniqueness management target data is further stored in the uniqueness management target data storage means.

According to a twenty-third aspect of the present invention, in the electronic data using apparatus according to the twenty-second aspect, the uniqueness management target data which is the transfer target is illegally stored in the electronic data using apparatus of the transfer source. A means for verifying that the data identifier and the latest use history information in the received uniqueness management target data are the data with a signature by the unreadable secret key and that the received data identifier and the latest use history information match. The signature of the uniqueness management target data is verified using a public key.

The invention according to claim 24 is from claims 1 to 1.
A transaction intermediary system using the information management system according to any one of 2, wherein a first user device, a second user device, a transaction management device, and a history management device are networked. And the electronic data of the transaction target is the uniqueness management target data, and the transaction management device converts the uniqueness management target data held by the first user device to the second user. When a transaction to be transferred to the device is established, the address information of the first user device that is the transfer source and the uniqueness management target data of the transaction target are transferred to the second user device that is the transfer destination. And a data identifier and latest history information from the second user device that is the transfer destination, a history information update request is sent to the history management device together with the received data identifier and latest history information. Send Means that, from the record management apparatus,
When the data identifier and the updated history information are received, the data identifier and the updated history information are transmitted to the transfer destination, that is, the second user device. The user device, when a request for uniqueness management target data of a transaction target is made from the second user device that is the transferee, means for transmitting the uniqueness management target data of the transaction target in response to the request. The second user device, which is the transfer destination, receives address information of the first user device, which is the transfer source, and information regarding uniqueness management target data of the transaction target from the transaction management device. When I did
A means for connecting to the first user device which is the transfer source by using the received information and requesting the transfer of the uniqueness management target data of the transaction object, and the uniqueness of the transaction object transmitted in response to the request. Sex management target data, a means for transmitting the data identifier and the latest history information included in the received uniqueness management target data of the transaction target to the transaction management device,
When the data identifier and the updated history information are received from the transaction management device, the latest history history information of the uniqueness management target data of the transaction target acquired from the first user device is updated with the updated history information. And a means for storing the updated uniqueness management target data. When the history management device receives a history information update request from the transaction management device, the history management device updates the data identifier and the latest data identifier included in the request. It is verified that the history information matches the value stored in the storage device in the own machine, and when verified, the latest history information corresponding to the data identifier is updated in response to the history information update request, and the data is updated. It is characterized by comprising means for transmitting the identifier and the updated history information to the transaction management apparatus.

The invention according to claim 25 is the transaction intermediary system according to claim 24, wherein the transaction management device is:
When a transaction of uniqueness management target data is established between the first user device and the second user device, a means for performing settlement processing relating to the transaction is further provided.

The invention according to claim 26 is a transaction intermediary system using the electronic data using device according to any one of claims 16 to 23, wherein the first electronic data using device and the second electronic data using device are used. The electronic data use device and the transaction management device are connected by a network, and the electronic data of the transaction target is
The transaction management device is the uniqueness management target data, and the transaction management device transfers the uniqueness management target data held by the first electronic data using device to the second electronic data using device. And means for transmitting the address information of the transfer source of the first electronic data using apparatus and the information about the uniqueness management target data of the transaction target to the transfer destination of the second electronic data using apparatus. , The first electronic data using apparatus which is the transfer source receives the uniqueness management target data of the transaction target from the second electronic data using apparatus which is the transferee, and the data identifier corresponding to the uniqueness management target data. And a request to transfer the latest usage history information, in response to the request, the uniqueness management target data of the transaction target and the data identifier corresponding to the uniqueness management target data. A means for transmitting new usage history information, a means for deleting the data identifier and the latest usage history information from the history storage means after transmitting the data identifier corresponding to the uniqueness management target data and the latest usage history information, The second electronic data using apparatus that is the transfer destination receives the address information of the first electronic data using apparatus that is the transfer source and the information regarding the uniqueness management target data of the transaction target from the transaction management apparatus. At this time, the received information is used to connect to the first electronic data using device which is the transfer source, and the uniqueness management target data of the transaction target and the uniqueness management target data stored in the history storage means are added. Means for requesting transfer of corresponding data identifier and latest usage history information, uniqueness management target data of transaction object transmitted in response to the request, and the uniqueness management The means for receiving the data identifier corresponding to the phantom data and the latest usage history information, and the data identifier and the latest usage history information in the received uniqueness management target data of the transaction object match the received data identifier and the latest usage history information. And a result of the verification that the data identifier and the latest use history information received are newly registered in the history storage means when it is confirmed that the data can be used as the uniqueness management target data. And storing the received uniqueness management target data in the uniqueness management target data storage means.

The invention according to claim 27 is the transaction intermediary system according to claim 26, wherein the transaction management device is:
When a transaction of uniqueness management target data is established between the first electronic data using apparatus and the second electronic data using apparatus, it is characterized by further comprising means for performing settlement processing relating to the transaction.

[0036]

BEST MODE FOR CARRYING OUT THE INVENTION Hereinafter, embodiments for carrying out the present invention will be described in detail with reference to the drawings. The present invention is not limited to this.

FIG. 1 is a system configuration diagram of a system for uniquely managing valid electronic data according to an embodiment of the present invention. This system includes a history management server 101, a history information database 102, and a plurality of clients 103.
Equipped with. The history management server 101 and a plurality of clients 103 are connected via a network 106. A dedicated application 104 is installed in the client 103, and target electronic data to be uniquely managed (hereinafter referred to as uniqueness management target data) is stored in the secondary storage device 105. The application 104 communicates with the history management server 101 via the network 106 when using the uniqueness management target data. Here, the application 104 has tamper resistance, and it is difficult to analyze the internal processing algorithm by disassembling the application.

FIG. 2 shows the possession status of the uniqueness management target data, the private key for signature, and the common key in each entity of this system. A common key K201 is stored in the history management server 101, and a common key K201, a public key Kpub202, and a secret key Kp are stored in the application 104.
The ri 203 is stored. In addition, the secondary storage device 105
The uniqueness management target data (D, desp, h) Kpri 204 used by the application 104 is stored in the. Due to the tamper resistance of the application 104, the common key K2
01, the public key Kpub202, and the secret key Kpri203 cannot be read from the outside.

Where D is the actual data used,
desp is a data identifier that uniquely defines this data (D, desp, h) Kpri, and h is the latest usage history information of the data D. It is assumed that the data obtained by signing the set of these three data with the signature private key Kpri is described as (D, desp, h) Kpri. The common key K201 is used between the application 104 and the history management server 101, or two applications 10
It is used for encrypted communication between the four. This encrypted communication may be another encrypted communication method such as SSL.

FIG. 3 shows a data use history management table of the uniqueness management target data 204 stored in the history information database 102. In the data use history management table, a list in which three types of data sets of a data identifier 301, a latest access history 302, and an access history list 303 are tuples is registered.

In the column of the data identifier 301, a data identifier for specifying the uniqueness management target data 204 is registered. In the column of the latest access history 302, the latest use history (latest use history) of each uniqueness management target data 204 is recorded. For example, when "2001/07/04; 11: 28: 42" is described, the latest date and time when the uniqueness management target data 204 was used is "July 4, 2001, 11: 2."
8 minutes and 42 seconds ". In the column of the access history list 303, the access history list 3 before the latest access history of each uniqueness management target data 204 is shown.
A pointer to 04 is stored. The length of the access history list 304 can be arbitrarily set in consideration of the storage capacity of the history information database 102 and the degree required for authentication of past data using the access history. Authentication of past data will be described later.

The processing of the entire system will be described below with reference to the sequence diagram and the flowchart.

FIG. 4 is a sequence diagram when the uniqueness management target data 204 is opened / saved by the application 104. First, the application 104
The uniqueness management target data 204 in the next storage device 105 is opened (step 401). Then, the signature is verified using the public key Kpub202 held by the application 104, and it is confirmed whether or not the uniqueness management target data 204 has been tampered with (step 402). if,
If it turns out that it has been tampered with, application 1
04 stops using the uniqueness management target data 204. If it is confirmed that the application 104 has not been tampered with, the application 104 sets the data identifier desp and the latest usage history information h included in the uniqueness management target data 204 to the common key K2.
It is encrypted with 01 (step 403). The encrypted data identifier desp and the latest usage history information h are transmitted to the history management server 101 via the network 106 (step 404).

The history management server 101 decrypts the encrypted received data (step 405) and uses the data identifier desp included in the decrypted data as a key to correspond to the data identifier desp in the history information database 102. A search for the latest access history 302 is requested (step 406). In the history information database 102, the latest access history 302 is searched using the data identifier desp as a key (step 407), and the search result (data identifier
The latest access history 302 corresponding to desp is returned to the history management server 101 (step 408).

The history management server 101 compares the latest usage history information h received from the application 104 with the latest access history 302, which is the result of searching the data usage history management table (FIG. 3) of the history information database 102, and It is authenticated that the latest usage history information h of the uniqueness management target data 204 to be used in 104 is valid (step 409). If the latest usage history information h is not valid, the history management server 10
1 returns an error to the application 104, and the application 104 receives the error and stops using the uniqueness management target data 204. If the latest usage history information h is valid, the latest usage history information h is changed to the current date and time (step 410), and the changed latest usage history information h is used as the data usage history management table of the history information database 102 (FIG. 3). Is requested to be registered as the latest access history 302 (step 411).

The history information database 102 changes the latest access history 302 of the data use history management table in response to the above request, and adds the previous latest access history 302 to the access history list 304 indicated by the access history list 303.
The data use history management table is updated by registering the value of (step 412). When the update of the data use history management table is completed, the history management server 101 to that effect
(Step 413). History management server 10
1 is the data identifier desp and changed latest usage history information h
Is encrypted with the common key K (step 414), and the encrypted data is transmitted to the application 104 (step 415).

The application 104 decrypts the received encrypted data (step 416), the latest usage history information h of the uniqueness management object data 204 transmitted previously is valid, and new history information is normally generated. After confirming the registration, the uniqueness management target data 204 is used (step 417). Uniqueness management target data 204
When the data is saved after using, the entire three sets of data D, the data identifier desp, and the updated latest usage history information h are signed with the signature key (secret key) Kpri (step 418). ) The signed uniqueness management target data 204 is stored in the secondary storage device 105 (step 419).

By the above process, the uniqueness of the data of the uniqueness management target data 204 is established. Because
Even if a plurality of uniqueness management target data 204 are copied, if one of them is used, the latest access history 302 is updated, and only that data can be used next. The other copy data is unusable because it is repelled by the collation of the history information (process of step 409).

FIG. 5 shows a flowchart of the data backup method. This process is performed on the uniqueness management target data 2
When 04 is saved, the previous data and its difference data are saved together so that the data can be restored later. Client 1 in advance
03 secondary storage device 105 stores data (D0, desp, h0) K
It is assumed that pri, (D1, desp, h1) Kpri, and the difference d0 between these two data are stored. Where (D0, desp, h0)
Kpri is the data used before (D1, desp, h1) Kpri.

First, the application 104 (D1, des
Open p, h1) Kpri (step 501). This corresponds to step 401 in FIG. And history management server 101
Process before using data (steps 405 to 41 in FIG. 4)
Whether or not the data of the uniqueness management target data 204 is usable is verified before or after the step 4) or after the processing (step 502). If available, use data (D1, desp, h1) Kpri (step 5
03), and then becomes the latest data (D2, desp, h2) Kpri
Are generated (step 508). The use of the data (D1, desp, h1) Kpri in step 503 is the step 402 in FIG.
~ 417, step 50
The generation of the latest data (D2, desp, h2) Kpri of 8 corresponds to the generation of data by performing the signature in step 418 of FIG. When the data is saved after step 508, three data of (D2, desp, h2) Kpri, (D1, desp, h1) Kpri, and these two differences d1 are saved (step 509). The data storage in step 509 corresponds to step 419 in FIG.

In step 502, if (D1, desp, h1) Kpri cannot be used for some reason such as the data being corrupted, the application 104 is the previous data (D
0, desp, h0) Kpri and difference d0 are opened (step 50
4). Then, by communicating with the history management server 101, the past access history list 303 of the data identifier desp is checked from the data usage history management table (FIG. 3), and h0 is the latest usage history information immediately before the data identifier desp. To verify. If the history is not correct, a message indicating that the history information included in the previous data may be corrupted is displayed, error processing is performed, and the repair processing is stopped (step 510). If the history is correct, (D0, desp, h0) Kpr
(D1, desp, h1) Kpri is restored from i and the difference d0 (step 506), and the history management server 101 performs history authentication,
(D1, desp, h1) Kpri is used (step 507). (D
After using 1, desp, h1) Kpri, (D2, desp, h2) Kpri is generated (step 508), and (D2, desp, h2) is stored when data is saved.
Kpri and (D1, desp, h1) Kpri and the difference d1 are generated and saved.

This backup method is basically established on the assumption that the uniqueness management target data used last time can be used. In order to make the backup more reliable, the uniqueness management target data used last time is not stored in the client 103, but is stored in the history management server 101.
Alternatively, a method of saving the used uniqueness management target data of several generations ago and the difference data thereof may be used. Regardless of which method is used, it is an important process to establish uniqueness of data that the uniqueness management target data 204 having the latest usage history is always restored.

Even if the history verification is taken into consideration, the latest access history is sufficient for the history information included in the uniqueness management target data. The data may include the access history of. However, the larger the number of times the access history is stored, the larger the amount of uniqueness management target data that is saved. It is necessary to decide whether to include up to as history information.

FIG. 6 shows a flow chart when the application 104 effectively copies data. Here, to copy effectively means that the uniqueness management target data 20
This means that the substantive data D included in 4 is copied, and the copied substantive data D can be used as uniqueness management target data.

First, the application 104 opens the uniqueness management target data (D, desp, h) Kpri 204 to be copied (step 601). And opened (D, desp, h) Kpr
A copy registration request for i is transmitted to the history management server 101 (step 602). In response to the copy registration request, the history management server 101 generates the data identifier desp1 of the copy data and the latest usage history information h1 and registers it in the history information database 102 (step 603). The history management server 101 encrypts the registered data identifier desp1 and the latest usage history information h1 using the common key K and sends it to the application 104 (step 604). The application 104 decrypts the received encrypted data to obtain the data identifier desp1 and the latest usage history information h1, and copies the uniqueness management target data 204 (D, desp1, h1) Kpri.
Is created (step 605).

When the uniqueness management target data 204 is newly created by the application 104, the process is the same as the copying process. That is, when newly creating, the actual data D is newly created, a registration request for the actual data D is transmitted to the history management server 101, and the newly created data for the actual data D is created. The identifier desp and the latest usage history information h may be paired and signed by the signature key (secret key Kpri) and stored.

FIG. 7 shows a flowchart for transferring the uniqueness management target data between the clients 103. Transferring uniqueness management target data means transferring data in a form that does not impair the uniqueness of the data. The two clients 103 of the entity A and the entity B each have an application 104, and the uniqueness management target data (D, des
Let p, h) Kpri be transferred to entity B.

First, the entity A opens the uniqueness management target data (D, desp, h) Kpri in the application 104 (step 701). Next, the (D, desp, h) Kpri is encrypted and transmitted to the entity B (step 70).
2). The encryption is performed here in order to prevent the uniqueness management target data from being stolen by intercepting the communication path on the way. The entity B decrypts the encrypted received data by the application 104 (step 703).

Then, the received data is stored in the history management server 101.
A request is made to update the latest usage history information h of (D, desp, h) Kpri (step 704). When the latest usage history information h can be updated, the entity B sends a receipt confirmation message to the entity A after the update processing is completed (step 7).
05). Upon receipt of the receipt confirmation message, Entity A
Application 104 of the original (D, desp, h)
Kpri is deleted (step 706). If the latest usage history information h could not be updated, the data received by the entity B may not include the latest access history 302 or the data itself may be corrupted. Therefore, the application 104 of entity B is
To the unacceptable message (step 707),
Entity B application 104 received
(D, desp, h) Kpri is deleted (step 708).

After the entity B receives the uniqueness management target data, the latest usage history information h is updated, and the data temporarily existing in the entity A is invalid because the latest usage history information h is not the latest. Become.
Therefore, the uniqueness of the data is secured by the transfer.
Further, by encrypting the communication, it is possible to prevent the data from being stolen. Even if stolen, the latest usage history information of the data received by the entity B is updated first, so that the uniqueness is maintained and an attack for stealing the uniqueness management target data itself can be prevented.

An embodiment in which the above data uniqueness management system is applied to an electronic cash system will be described below.

FIG. 8 shows a system configuration diagram when the present invention is applied to an electronic cash system. 801 is an electronic cash certification authority, 802 is a bank, 803 is a store, and 804 is a private home. In FIG. 8, the same numbering used in the description of the system of the embodiment of FIGS. 1 to 7 indicates the same number.

The electronic cash certification authority 801 is a trusted third party that guarantees the uniqueness of electronic cash data. The electronic cash certification authority 801 is provided with a history management server 101, a history information database 102, and a signature management server 809. The signature management server 809 issues the signature private key Kpri of the application recorded in the electronic commerce server 807 installed in each client 103 or the store 803, and manages the public key Kpub.

The bank 802 has an electronic cash server 80.
5 are installed. The electronic cash server 805 is a bank 8
When there is an electronic cash withdrawal request or a deposit request from the customer No. 02, processing such as transmission of electronic cash data to the customer and reflection of the received electronic cash in the customer's account are performed.

The store 803 is a store that can pay by electronic cash. The store 803 includes an electronic cash receiving terminal 806 that reads electronic cash recorded in a portable medium 808 for payment at the store and performs payment processing, and an electronic commerce server 807 that receives orders and payments via the Web. is set up. Here, the portable medium 808 is an IC
It means portable and portable hardware such as a card, a mobile phone, and a PDA.

The client 103 is installed in the private home 804. The client 103 uses the deposit / withdrawal application to connect to the electronic cash server 805 of the bank 802 and performs electronic cash deposit / withdrawal processing. The electronic cash data withdrawn is the client 1
03 can be stored in the secondary storage device 105, and can also be recorded in the portable medium 808. The issued electronic cash data is uniquely managed by the electronic cash certification authority 801 as data having a certain amount of value (for example, 12300 yen). Note that this method can also be applied to electronic tickets such as gift certificates and movie tickets instead of electronic cash.

FIG. 9 shows electronic cash data of each entity in the electronic cash system of FIG. 8 and a signature private key K.
The state of possession of pri and public key Kpub is shown. First, the signature private key Kpri and public key Kpub used by each entity are
It is generated by the electronic cash certification authority 801. Private key KApri
903 and KBpri 905 are keys used for signatures by the applications 104 of the corresponding entities A and B, respectively. The public keys KApub907 and KBpub908 are
It is stored in the signature management server 809. Signature management server 8
Public keys KApub907 and KBpub908 managed by 09
Is downloaded and used by the application 104 of each entity at the time of signature verification. In addition, electronic cash data (DA, despA, H
A) KApri 904, (DB, despB, HB) KBpri 906 are uniqueness management target data in which money amount data is recorded.

FIG. 10 is a flowchart showing the flow of the service registration, application distribution, and signature key distribution services in this electronic cash system. First, a person who wants to use the electronic cash system applies to the bank 802 for registration of using electronic cash (step 1001). Bank 802
Receives an application from the user, and receives the electronic cash certification authority 801
Is requested to issue a signature private key and public key (step 1002). The electronic cash certification authority 801 issues a signature private key and public key (step 1003), creates an application in which the issued signature private key is incorporated (step 1004), and distributes the application to users who wish to use it. (Step 1005).

FIG. 11 shows a flowchart of the electronic cash withdrawal processing in the present electronic cash system. First, the user requests the electronic cash server 805 of the bank 802 to withdraw money via the network 106 (step 1101). The electronic cash server 805 performs personal authentication for the withdrawal request (step 1102). here,
As a personal authentication method, an existing conventional technique may be used. For example, there are authentication with an account number, user ID / password, and authentication with signature data. If the personal authentication is not established, the user is notified that the authentication is not established (step 1103), and the withdrawal process is stopped (step 1104). When the personal authentication is established, the user's account balance is compared with the withdrawal request amount (step 1105). If the user's account balance is less than the withdrawal request amount, the user is notified that the current account balance cannot be withdrawn (step 1110), and the withdrawal process is stopped (step 1111).

If the account balance is equal to or more than the withdrawal request amount, the electronic cash server 805 generates amount data of the requested amount and registers it in the system of the electronic cash certification authority 801 (step 1106). The data identifier and the history information are merged with the amount data and signed to create the electronic cash data as the uniqueness management target data (step 1107). Then, the created electronic cash data is encrypted and transmitted to the user (step 11).
08). The application 104 of the user confirms that the signature is correct, by the signature management server 8 of the electronic cash certification authority 801.
The public key Kpub corresponding to the signature private key Kpri of the bank 802 in 09 is used for confirmation, and a receipt confirmation message is transmitted to the bank 802. Upon receipt of the receipt confirmation message from the user's application 104, the electronic cash server 805 deducts from the user's account balance and reduces the requested amount of money (step 1119).

If the user fails to receive the electronic cash data, the same issued electronic cash data is retransmitted to the user. By retransmitting the electronic cash data in which the latest usage history information is exactly the same, it is possible to counter an attack that falsely verifies that the user does not receive the electronic cash data even though the electronic cash data is actually received.

FIG. 12 shows a flow chart of a division process of electronic cash data in the electronic cash system. By this process, electronic cash data can be divided when payment or transfer by electronic cash is performed.

First, the electronic cash data (D, d
The esp, h) Kpri is opened by the application 104 (step 1201). The application 104 downloads the public key Kpub from the signature management server 809 and verifies the signature of the electronic cash data (D, desp, h) Kpri (step 1202). After confirming that the data has not been tampered with, the application 104 encrypts the data identifier desp and the history information h, and the electronic cash data (D, desp, h) Kpri
Together with the request for division, the encrypted data is transmitted to the history management server 101 (step 1203). History management server 101
Decrypts the encrypted received data and updates the history information h corresponding to the data identifier desp to h '(step 1204). Further, a new data identifier desp1 and history information h1 are newly generated and registered in the history information database 102 (step 1205). Next, the pair data (desp, h ')
And (desp1, h1) are encrypted and transmitted to the application 104 (step 1206). Application 104
Divides the divided data (D ', desp, h') Kpri and (D1, desp1, h) based on the paired data of the received two data identifiers and history information.
1) Create Kpri (step 1207).

This processing is executed by an application having tamper resistance, including the electronic cash data combination processing described later with reference to FIG.
It is difficult to forge an application that divides yen data into two data of 5000 yen and 8000 yen.

FIG. 13 shows a flowchart of a process of combining electronic cash data in the electronic cash system. By this combining process, two or more pieces of electronic cash data can be merged.

First, two electronic cash data (D, desp, h) Kpri and (D ', desp', h ') Kpri' to be combined are opened by the application 104 (step 1301). Next, the application 104 downloads the public keys Kpub and Kpub 'from the signature management server 809, and verifies the signature of each electronic cash data (step 1302). After verifying that the electronic cash data has not been tampered with, the pair data (desp, h) and (desp ', h') are encrypted and transmitted to the history management server 101 together with the data combination request (step 1303). The history management server 101 decrypts the encrypted received data, deletes the entry of the data identifier desp 'in the history information database 102, and updates the latest usage history information h corresponding to the data identifier desp to h1 ( Step 1304). After that, the history management server 101
Encrypts the pair data (desp, h1) and sends it to the application 104 (step 1305). When the application 104 receives the encrypted (desp, h1) from the history management server 101, the application 104 decrypts the data, combines the data D and D ′, and generates and stores (D1, desp, h1) Kpri. (Step 1306).

FIG. 14 is a flow chart showing the processing when paying with electronic cash in the electronic cash system. This flow chart shows the electronic commerce server 8 via the Web.
The flow of payment processing when accessing 07 and using the electronic cash data for shopping is shown.

First, the user uses the application 104 in the client 103 to access the electronic commerce server 807 of the store 803 (step 140).
1). The application 104 encrypts electronic cash data for the amount paid for shopping and transfers it to the electronic commerce server 807 (step 1402). If necessary, a process of dividing electronic cash data for the payment amount from the electronic cash data on hand is performed. The electronic commerce server 807 downloads the public key Kpub corresponding to the signature of the electronic cash data in the signature management server 809 of the electronic cash certification authority 801, and verifies the signature of the electronic cash data (step 1403). If the signature verification fails, an electronic cash receipt error is displayed on the client 103.
(Step 1406).

When the signature verification is successful, the data identifier of the electronic cash data and the latest usage history information are transmitted to the history management server 101, and the history information of the electronic cash data is updated (step 1404). By this update processing, even if a copy of the electronic cash data remains in the client 103, the latest usage history information of the copied electronic cash data is not the latest and cannot be used. If the update process fails, an electronic cash data reception error is transmitted to the client 103 and the process ends (step 1).
406). If the update process is successful, the client 10
3 the signature key of the electronic commerce server 807 (secret key Kpri)
Issue receipt data signed by (Step 1
405). Application 1 in client 103
04 receives the receipt data and deletes the transmitted electronic cash data.

This processing is a method in which the electronic cash data for the payment amount is divided in advance and the payment processing is performed after creation, but as another method, the electronic cash data in excess of the payment amount is transmitted and the change amount is changed. The method of receiving the electronic cash data of may be adopted. In this case, the client 103 side also accesses the history management server 101 and the signature management server 809 in order to verify that the received electronic cash data for the change is valid and to make the data unique. Need to be processed. That is,
After the receipt issuance processing in step 1405, the client 103 side also executes step 1 as in the electronic commerce server.
It suffices to execute the processing of 403 and 1404.

When the electronic cash data is copied to a portable medium such as an IC card and paid at the electronic cash receiving terminal at the store, the application 104 cannot be recorded in the portable medium due to the storage capacity of the portable medium. There are cases. In the case of an electronic cash payment terminal intended for such a portable medium, the processing that the application 104 of the client 103 should originally perform is delegated to the electronic cash payment terminal itself, or the amount of change processed by the electronic cash payment terminal. Either the electronic cash data generation process or the electronic cash data division process may be trusted as a correct one.

Next, an embodiment of the system when the information in the history information database 102 of the data uniqueness management system is distributed to each client will be described.

FIG. 15 is a system configuration diagram showing an embodiment in which history information databases in a system for uniquely managing valid electronic data are distributed. This system has a configuration in which a plurality of clients 1501 including an application 1502, a history information database 1503, and a secondary storage device 1504 are connected to a network 1505. The history information database 1503 is encrypted, and only the application 1502 can access the history information database 1503 to decrypt and use the search result. Therefore, the user who uses the client 1501 cannot refer to or falsify the data stored in the history information database 1503. Note that the application 1502 has tamper resistance and has a common key, a public key, and a secret key, as in the above-described embodiment. That is, the common key,
The public key and private key can be accessed only by the application 1502, and cannot be accessed by others.

The advantage of distributing the history information database 1503 to each client is that, unlike the method of centrally managing the history information management server as shown in FIG. It is not necessary to connect and access the history information management server.

FIG. 16 shows the history information database 1503.
The format of the data use history management table stored in FIG. In the data use history management table 1601,
Data identifier 1602, latest access history 1603, duplicatable user 1604, and access history list 160
A list having tuples of four types of data sets of 5 is registered. Data identifier 1602, latest access history 1
The access history list 603 and the access history list 1605 are the same as the method of centrally managing the history information database in the history management server 101 (that is, the same as the contents of the table described in FIG. 3). Copyable user 1604
In the column of, the account data of the user who can duplicate the uniqueness management target data by the data creator when the uniqueness management target data is created is registered. Here, in the duplication of the uniqueness management target data, in the process shown in the flowchart of FIG. 6, a step of first determining whether the user who attempts to duplicate the uniqueness management target data is included in the duplicatable users 1604 is added. In addition, instead of the application requesting the history information management server for copying, the application itself accesses the history information database 1503 in its own client 1501 to newly create and register a data identifier and usage history information. It is realized by doing. By adding a function to limit the users that can be duplicated, for example, the issuer of the uniqueness management target data can be duplicated, but the user of the data can not be duplicated. Distribution of uniqueness management target data that enables copyright protection can be realized.

Even in the case of the system configuration having the history management server shown in FIG. 1, a column of duplicatable users is added to the table of FIG. 3 to check whether the user is a duplicatable user at the beginning of the flowchart of FIG. Of course, it is possible to add a function of limiting the users who can be duplicated by determining whether or not. Further, here, an example will be described in which a user permitted to become a duplication source (copy source) is stored in the duplicatable user 1604, and it is checked whether the user attempting duplication is a user permitted as the duplication source. However,
A user who is permitted to be a copy destination (copy destination) may be stored in the duplicatable user 1604, and whether or not the copy destination is permitted may be checked. Furthermore, instead of storing individual IDs that identify the users who can be duplicated, it is possible to check whether or not duplication is possible by using the attribute value of the user (for example, only those who have a department manager or higher can duplicate). Good.

FIG. 17 is a sequence diagram when the application 1502 opens and saves uniqueness management target data. First, the application 1502 opens the uniqueness management target data stored in the secondary storage device 1504 (step 1701). In order to check that the opened uniqueness management target data has not been tampered with, the signature of the uniqueness management target data is verified (step 1702). If it is confirmed that the uniqueness management target data has not been tampered with, the application 1502
Retrieves corresponding history information from the history information database 1503 using the data identifier of the uniqueness management target data as a key (step 1703). The history information database 1503 performs a search process for the search request (step 1704). Search results are history information database 15
When it returns from 03 (step 1705), the application 1502 collates the search result with the history information of the opened uniqueness management target data, and confirms that the data holds the latest usage history ( Step 1
706). If the verification is successful, the application 150
2 newly generates history information and sends a request for updating the history information to the history management database 1503 (step 1707). The history management database 1503 updates the history information (step 1708) and sends an update completion notification to the application (step 1709). Upon receiving the notification, the application 1502 updates the history information of the uniqueness management target data (step 1710),
The data is used (step 1711). At the time of data storage, the set data of data, data identifier, and history information is signed (step 1712), and the secondary storage device 15
04 (step 1713).

FIG. 18 is a system conceptual diagram relating to the transfer of uniqueness management target data between the clients of FIG. The flow of data at the time of transferring the uniqueness management target data 1806 from the client A 1801 to the client B 1807 is shown.

Application 180 of Client A
2 encrypts the uniqueness management target data 1806, the corresponding entry in the data use history management table 1804, and the application-specific signature verification public key 1803 of the client A, and transfers the encrypted data to the application 1809 of the client B. At that time, Client A
The entry corresponding to the uniqueness management target data 1806 to be transferred is deleted from the data usage history management table 1804 in the table. Client B application 1809
After receiving the encrypted data and decrypting it, verifying the signature and usability of the received data, Client B
An entry is added to the data use history management table 1810 therein to store the uniqueness management target data 1806 in the secondary storage device 1811.

FIG. 19 is a flow chart showing the detailed flow of the uniqueness management target data transfer between the clients of FIG. First, the application 1802 in the transfer source client opens the uniqueness management target data 1806 to be transferred (step 1901). The application 1802 checks that the opened data can be used by checking the signature and collating the latest usage history retrieved from the data usage history management table 1804 of the history information database (step 1902).

If the opened data is not usable, the application 1802 of the transfer source client
Displays an error message to the user (step 1903) and notifies the application 1809 of the transfer destination client of the interruption of the transfer process (step 190).
4). Upon receiving this notification, the application 1809 of the transfer destination client performs the interrupt processing of the transfer processing (step 1905).

On the other hand, the opened uniqueness management target data 180
If No. 6 is available, the entry corresponding to the opened data is acquired from the data use history management table 1804 in the history information database, and the entry is deleted from the history management table 1804 (step 190).
6). Then, the public key of the transfer source client, the uniqueness management target data, and the acquired entry are encrypted and transmitted to the application 1809 of the transfer destination client (step 1907). The application 1809 of the transfer destination client decrypts the sent data (step 1908), checks the signature of the received uniqueness management target data with the public key of the transfer source client, and sends the uniqueness management target. By checking the latest usage history in the data against the latest usage history of the sent entry, it is checked whether or not the uniqueness management target data can be used (step 1909).

When the uniqueness management target data cannot be used, the application 1809 of the transfer destination client is used.
Sends a data resend request to the application 1802 of the transfer source client (step 191).
2). In response to the resend request, the application 1802 of the transfer source client re-encrypts the uniqueness target data and the entry and sends the encrypted data to the transfer destination client (step 1907).

On the other hand, if the received uniqueness management target data is usable (step 1909), the received entry is added to the data use history management table 1810 (step 1910), and the uniqueness management target data is set to 2
The data is stored in the next storage device 1811 (step 1911).

Although the flow of the processing for transferring the uniqueness management target data has been described with reference to FIG. 19 above, the processing for copying the uniqueness management data is performed in the centralized management method by the history information management server described with reference to FIG. Instead of accessing the history information management server when updating the history information, the application itself may access the history information database and newly register the duplicated data.

When transferring or duplicating the uniqueness management target data, the transfer or duplication is performed without giving the duplication right to the transfer destination or the duplication destination, or the duplication right is given to the transfer destination or the duplication destination. Can be duplicated. To this end, the application uses the data use history management table 1601 of FIG.
It suffices to manage the users described in the column of the duplicatable user 1604.

FIG. 20 is a system configuration diagram showing an embodiment in which a system for uniquely managing valid electronic data is applied to an electronic data transaction service. The system related to this service includes an electronic data transaction server 2001, a history management server 2002, and a history information database 200.
3, client A2004, and client B200
5 is provided.

The electronic data transaction server 2001 is a server operated by an electronic transaction service provider, in which users who enjoy the electronic data transaction service are registered. The registered user can put the transaction target data on the electronic data transaction server 2001 and sell the transaction target data to other users who have acquired the purchase right in the auction format. Client A 2004 is a terminal of a user who submits transaction target data to electronic data transaction server 2001, and client B 2005 is a terminal of a user who purchases transaction target data. Client A2004 and Client B2
Applications 2006 and 2008 are installed in 005. Application 2006,2
008 is capable of not only using the uniqueness management target data but also exchanging electronic data with each other by Peer-to-Peer. Each application holds an address unique to that application. This is unique data for identifying and communicating with other applications in the Peer-to-Peer network.Currently, UUID (Universal) is uniquely generated from network address, hardware configuration and time information.
ly Unique Identifier) and IP address are used. In the future, with the introduction of IPv6, it is conceivable that unique IP addresses will be distributed to each client and application. In that case, IPv6 compatible IP addresses can be used.

The transaction of uniqueness management data is realized, for example, by the user inputting on the following Web page.

FIG. 21 is a diagram showing a registration page accessed when registering for the electronic data transaction service. A user who wishes to use the electronic data transaction service must register in advance with the electronic data transaction server 2001. FIG. 21 shows a web page 2101 for user registration with the electronic data transaction server 2001. The user registration screen displays input fields for inputting six pieces of data of a user name, password, confirmation of password, mail address, card number, and application address. The user name is an ID for identifying the user in the service, which can be arbitrarily designated when the user newly registers. The password is a character string known only to the user, and the password confirmation field is used to check that the input is correct. The card number is credit card number information owned by the user, and the application address is information necessary to communicate with the application by Peer-to-Peer.

FIG. 22 shows an electronic data transaction server 2001.
It is a figure showing the Web page for electronic data transactions published by. This web page 2201 displays electronic book auction information. The electronic book data handled in the auction is data whose uniqueness is guaranteed by the system for uniquely managing valid electronic data according to the present invention. The user ID of the seller of the electronic book is displayed in the seller column. The title of the exhibited electronic book is displayed in the book name column. The price column displays the current auction price, and the deadline column displays the remaining time until the bid deadline. If there is a desired electronic book, the user can bid for the desired electronic book auction by following the hyperlink associated with Enter in the bid column and registering the bid on the web page for bidding.

FIG. 23 shows an electronic data transaction server 2001.
FIG. 6 is a diagram showing a Web page for registering electronic data for auction. From this web page 2301, the user registers the exhibition of electronic data in the electronic data transaction server 2001. The web page 2301 has a user name, password,
It is composed of six input fields of an exhibition name, a minimum price, a bid deadline, and a file path. The user name and password input fields are fields for inputting the user name and password of the auction seller. The exhibit name is the title of the electronic data to be submitted, the lowest price is the lowest auction price desired by the seller, and the bid deadline is the final time until the bid acceptance deadline. The file path is a form in which the seller inputs a path to a storage location of transaction target data (exhibited electronic data) stored in the client. This file path and the application address held by the selling user are notified to the winning bidder at the time of a successful bid. To download.

FIG. 24 shows an electronic data transaction server 2001.
It is a figure showing the web page for auction bidding published by. This page 2401 is for electronic data trading
It is displayed by clicking the hyperlink in the bid column on the Web page 2201 (FIG. 22). Web page for bidding 24
In the 01 bid screen, in addition to the information on the items to be auctioned,
Input fields for entering the user ID, password, and bid price are displayed. The user can enter a new bid amount for the item to be auctioned.
You can participate in the auction.

FIG. 25 is a flow chart showing the flow of the entire electronic data transaction service. First,
The customer user who desires the electronic data transaction service is his or her own client (here, client B2005 in FIG.
Access the electronic data transaction server 2001, and register the user on the user registration screen 2101 (step 2501). The customer user bids on the transaction target data desired to be purchased from the electronic transaction Web page 2201 and obtains the purchase right of the transaction target data by making a successful bid at the auction (step 2502). here,
It is assumed that the transaction target data 2010 put up by the user of the client A 2004 in FIG. 20 is awarded by the user of the client B 2005.

Next, the customer user who has acquired the purchase right receives the notified application address (client A2
Based on the application 2006 address of 004) and the file path name (path name of transaction object data 2010), the transaction object data is exchanged between customers using the application 2008 (step 2503).
When the exchange of the transaction target data is completed, the electronic data transaction server 2001 performs payment processing and receipt processing of the purchase amount between the customer users (step 2504). When the settlement process is completed, the electronic data transaction server 2001 notifies the customer user of the settlement result, and the customer user confirms the settlement result (step 2505).

FIG. 26 is a sequence diagram when trading target data between clients in electronic data trading. This process is a process after the purchaser has decided by the auction.

From the client B2005 of the purchaser who has acquired the transaction target data purchase right, the electronic data transaction server 2
At 001, the transmission of the application address of the application 2006 in the seller client A 2004 and the file path in which the transaction data 2010 is stored is requested (step 2601). In response to this transmission request, the electronic data transaction server 2001 transmits the already registered application address of the seller and the file path of the transaction data to the client B 2005 of the purchaser (step 2602). At the time of this transmission, it is necessary to encrypt the communication with SSL or the like so that the application address and file path are not intercepted.

Next, the application 2008 in the purchaser client B 2005 connects to the application 2006 in the seller client A 2004 using the received application address and file path,
Request transfer of transaction data 2010 (step 2)
603). Upon receiving the transfer request for the transaction target data 2010, the application 2006 in the seller client A 2004 encrypts the transaction target data 2010,
Send to Buyer Client B 2005 (Step 2
604). The application 2008 of the purchaser client B 2005 confirms the signature of the received transaction object data 2010 and checks whether it has been tampered with (step 2605).

After that, the purchaser client B 2005 encrypts the data identifier and latest history information of the received transaction object data 2010 and transmits it to the electronic data transaction server 2001 (step 2606). The electronic data transaction server 2001 issues a history information update request for the electronic data together with the data identifier and the latest history information transmitted from the purchaser client B 2005.
No. 02 (step 2607). The history management server 2002 updates the history information of the transaction target data (step 2608), and transmits the data identifier and the updated history information to the electronic data transaction server 2001 (step 2609).

The electronic data transaction server 2001 draws the winning bid amount from the purchaser's credit card account, deducts the service fee amount from the amount, and performs the transfer process to the seller's credit card account (step 2610). . When the charge settlement process is completed, the data identifier and the updated history information are added to the purchaser client B200.
5 (step 2611).

The application 2008 in the purchaser client B 2005 updates the history information of the transferred transaction data with the received data identifier and updated history information and stores it in the secondary storage device 2009 (step 2).
612). Finally, the purchaser client B2005 sends a notification of completion of transaction target data reception to the seller client A2004 (step 2613), and the application 2 of the seller client A2004 that has received the notification.
006 deletes the transaction target data 2010 stored in the file path (step 2614).

Next, an embodiment of the electronic data transaction service when the history information database is distributed to each client will be described.

FIG. 27 is a system configuration diagram showing an embodiment of an electronic data transaction service in the data uniqueness management system in the case where the history information database is distributed to each client. This system includes an electronic data transaction server 2701 and a client A270 used by the seller.
2 and the client B2703 used by the purchaser
The configuration is connected to the network 2711. Applications 2704 and 2707 and a history information database 2705 are provided for each of the clients A2702 and B2703.
2708 and secondary storage devices 2706 and 2709 are arranged. Transaction target data 2710 is stored in the client A 2702 used by the seller. FIG. 27
The configuration of FIG. 20 eliminates the history management server 2002 of FIG.
The history information database 2003 is distributed to each client.

FIG. 28 is a sequence diagram for trading transaction target data between clients in a transaction of electronic data when the history information database is distributed to each client as shown in FIG. The processing shown in this sequence diagram is performed by the seller client, the purchaser client,
And processing executed among the three parties of the electronic data transaction server. Here, the transaction target data 2710 put up by the client A 2704 in FIG.
Suppose 03 purchased.

First, the purchaser's client B 2703 sends a request for an application address and file path to the electronic data transaction server 2701 (step 2801). In response to the request, the electronic data transaction server 2701 sends the application address (the address of the application 2704) and the file path (the file path of the transaction data 2710) to the purchaser client B.
2703 (step 2802). The application 2707 of the buyer client B2703 connects to the application 2704 of the seller client A2702 based on the received application address,
Transaction target data 27 placed in the received file path
10 and the history information database 2705 corresponding thereto
Request transmission of the entry (step 2803).

In response to the transmission request, the application 2704 of the exhibitor client A 2702 receives the public key unique to the application 2704 and the transaction target data 27.
10 and the corresponding entry are encrypted and transmitted to the purchaser client B 2703, and the entry of the transaction target data 2710 is recorded in the history information database 2705.
From (step 2804). In addition, the transaction target data 2710 is deleted in the client A 2702 (however, the transaction target data 2710 does not have to be deleted, because that entry is deleted from the history information database 2705, and therefore cannot be used). The purchaser client B2703 decrypts the received public key, transaction data, and entry, then verifies the signature given to the data by the received public key, and verifies the latest usage history recorded in the transmitted entry. The latest history information in the transaction data is collated to verify that the data is usable (step 2805). When it is confirmed that the data is usable, the purchaser client B2703 transmits a reception completion notification of the transaction target data to the electronic data transaction server 2701 (step 280).
6).

The electronic data transaction server 2701 receives the reception completion notice received from the purchaser client B 2703 and performs the settlement process (step 2807). When the payment is completed, the electronic data transaction server 2701 sends a payment completion notification to the purchaser client B 2703 (step 2808). The application 2707 of the purchaser client B2703 additionally registers the received entry in the history information database 2708 (step 280).
9). Then, the transaction target data is stored in the secondary storage device 2709 (step 2810).

Regarding the flow of the electronic data transaction service, the configuration of the Web page for the service published on the electronic data transaction server, and the contents of the usage history management table in the history information database, the history management server uses the target data. This is similar to the case where the history is centrally managed.

[0119]

As described above, according to the present invention,
Since the electronic data is managed together with the history information and only the latest electronic data of the history information can be used, even if a plurality of electronic data are copied, only one electronic data can be used. It is possible to establish the uniqueness of. Further, since the history information given to the electronic data is only the latest usage history information, the amount of data to be held does not increase each time the electronic data is used, and electronic data with a small data capacity can be realized. . Furthermore, by applying the electronic data uniqueness management system to the electronic cash system, anonymity was maintained,
It is possible to realize electronic cash data that can be divided and combined and does not increase due to transfer.

Further, in the present invention, by distributing the use history management database, it is not necessary to carry out network communication every time of use. In the electronic data transaction service, it is possible to realize a transaction service when exchanging electronic data using Peer-to-Peer technology, and manage the personal information of the data holder that occurred during the transaction service using DRM technology. A service with privacy protection can be realized without the need for.

[Brief description of drawings]

FIG. 1 is a system configuration diagram showing an embodiment of a system for uniquely managing valid electronic data according to the present invention.

FIG. 2 is a diagram showing the possession status of uniqueness management target data and a signature private key / common key in each entity

FIG. 3 is a diagram showing a data usage history management table of uniqueness management target data stored in a history information database.

FIG. 4 is a diagram showing a sequence for opening / saving uniqueness management target data by an application.

FIG. 5 is a flowchart of a backup method of uniqueness management target data.

FIG. 6 is a flow chart diagram for effectively copying uniqueness management target data by an application.

FIG. 7 is a flowchart for transferring uniqueness management target data between clients.

FIG. 8 is a system configuration diagram when the present invention is applied to an electronic cash system.

FIG. 9 is a diagram showing the possession status of electronic cash data, a private key for signature, and a public key in the electronic cash system.

FIG. 10 is a flowchart showing a flow of service registration, application distribution, and signature key distribution service in the electronic cash system.

FIG. 11 is a flowchart of electronic cash withdrawal processing in the electronic cash system.

FIG. 12 is a flowchart of a process of dividing electronic cash data in the electronic cash system.

FIG. 13 is a flow chart diagram of a combination process of electronic cash data in the electronic cash system.

FIG. 14 is a flowchart showing a process when paying with electronic cash in the electronic cash system.

FIG. 15 is a system configuration diagram showing an embodiment in which history information databases are distributed in a system for uniquely managing valid electronic data according to the present invention.

FIG. 16 is a data usage history management table diagram stored in a history information database.

FIG. 17 is a sequence diagram when data is opened / saved by an application.

FIG. 18 is a system conceptual diagram regarding transfer of uniqueness management target data between clients.

FIG. 19 is a flowchart showing a detailed flow of uniqueness management target data transfer between clients.

FIG. 20 is a system configuration diagram showing an embodiment when a system for uniquely managing valid electronic data according to the present invention is applied to an electronic data transaction service.

FIG. 21 is a diagram showing a registration page accessed when registering for an electronic data transaction service.

FIG. 22 is a diagram showing a web page for electronic data trading published on the electronic data trading server.

FIG. 23 is a diagram showing a Web page for registering electronic data for exhibition on the electronic data transaction server.

FIG. 24 is a diagram showing a web page for auction bidding published on the electronic data transaction server.

FIG. 25 is a flowchart showing the flow of the entire electronic data trading service.

FIG. 26 is a sequence diagram when trading target data between clients in electronic data trading.

FIG. 27 is a system configuration diagram showing an embodiment of an electronic data transaction service in a data uniqueness management system when a history information database is distributed to each client.

FIG. 28 is a sequence diagram when trading target data between clients in electronic data trading when the history information database is distributed to each client.

[Explanation of symbols]

101 ... History management server, 102 ... History information database, 103 ... Client, 104 ... Application, 201 ... Common key, 202 ... Public key, 203 ...
Secret key, 204 ... Uniqueness management target data, 301 ... Data identifier, 302 ... Latest access history, 303 ... Access history list, 801 ... Electronic cash certification authority, 802.
..Banks, 803 ... Stores, 804 ... Personal homes, 805 ...
Electronic cash server, 806 ... Electronic cash receiving terminal, 807
... Electronic commerce server, 808 ... Portable medium, 809 ...
・ Signature management server, 906 ... Electronic cash data, 1604
... Reproducible user, 2001 ... Electronic data transaction server, 2101, ... Electronic data transaction service registration Web page, 2201 ... Electronic data transaction Web page, 2301
・ ・ ・ Web page for electronic data exhibition registration 2401 ・ ・ ・ Web page for auction bidding.

─────────────────────────────────────────────────── ─── Continuation of front page (51) Int.Cl. ⁷ Identification code FI theme code (reference) H04L 9/32 H04L 9/00 675B F term (reference) 5B017 AA06 BA07 BB10 CA16 5B085 AE29 BA06 BG02 5J104 AA09 AA13 EA19 MA01 NA02 PA07 PA10 PA12

Claims (27)

[Claims] 1. An information management system in which a user device that uses electronic data and a history management device are connected via a network, and uniqueness management target data that is a unique management target in this system is used. Data that includes substantial data that is a target, a data identifier that identifies the uniqueness management target data, and latest usage history information of the substantial data, and the user device is used by the history management device. A means for transmitting the data identifier of the uniqueness management target data and the latest usage history information, receiving the updated latest usage history information transmitted from the history management device, and the substantial data after use, and the data identifier. And a means for creating uniqueness management target data including the updated latest usage history information, wherein the history management device is Storage means for storing the identifier and its latest use history information in association with each other, when the data identifier of the uniqueness management target data to be used and the latest use history information are transmitted from the user device, A means for verifying that the latest use history information corresponding to the data identifier matches a value stored in the storage means by referring to the storage means, and a latest use corresponding to the data identifier in the storage means An information management system comprising: means for updating history information; and means for transmitting the updated latest usage history information to the user device. 2. An information management system in which a user device that uses electronic data and a history management device are connected via a network, and uniqueness management target data that is a unique management target in this system is used. The target substantial data, a data identifier that identifies the uniqueness management target data, and data including the latest usage history information of the substantial data, the user device, the history management device, want to use A means for transmitting the data identifier of the uniqueness management target data and the latest usage history information; and, when error information is received from the history management device, stop the use of the uniqueness management target data and update it from the history management device. Means for permitting the use of the substantive data of the uniqueness management target data when the latest used history information is received, and the substantive data after use, Data identifier, and means for creating uniqueness management target data including the updated latest usage history information, the history management device, the data identifier of the uniqueness management target data and its latest usage history information When the data identifier of the uniqueness management target data to be used and the latest use history information are transmitted from the user device, the storage device stores the data by referring to the storage device. Means for verifying that the latest usage history information corresponding to the identifier matches the value stored in the storage means, and when the verification confirms that the latest usage history information matches,
Means for updating the latest usage history information corresponding to the data identifier in the storage means, and transmitting the updated latest usage history information to the user device when the verification confirms that the latest usage history information matches The information management system further comprises means for transmitting error information to the user device when the verification does not confirm that the latest usage history information matches. 3. An information management system in which a user device that uses electronic data and a history management device are connected via a network, and uniqueness management target data that is a target that is uniquely managed by this system is used. It is assumed that the paired data including the target substantial data, the data identifier identifying the uniqueness management target data, and the latest usage history information of the substantial data is signed by the private key held by the user device. The user device, when using the uniqueness management target data, means for verifying the signature of the uniqueness management target data, and the history management device, the data identifier of the uniqueness management target data to be used and the latest Means for transmitting usage history information, receiving updated latest usage history information transmitted from the history management device, and substantially data after use, and a data identifier And a means for creating uniqueness management target data by signing the set data including the updated latest usage history information with the private key of the user device, wherein the history management device is a uniqueness management target. Storage means for storing the data identifier of the data and its latest use history information in association with each other, and when the data identifier of the uniqueness management target data to be used and the latest use history information are transmitted from the user device. , Means for verifying that the latest use history information corresponding to the data identifier matches the value stored in the storage means by referring to the storage means, and corresponding to the data identifier in the storage means An information management system comprising means for updating the latest use history information and means for transmitting the updated latest use history information to the user device. 4. An information management system comprising a user device in which a program using electronic data operates and a history management device capable of communicating from the program, which is a unique management target in this system. The sex management target data is a secret peculiar to the program in the set data including the substantial data to be used, the data identifier identifying the uniqueness management target data, and the latest use history information of the substantial data. When the uniqueness management target data is used, the program verifies the signature of the uniqueness management target data, and the history management device stores the uniqueness management target data to be used. A step of transmitting the data identifier and the latest use history information, receiving the updated latest use history information transmitted from the history management device, And a step of creating uniqueness management target data by signing the set data including the substantive data after use, the data identifier, and the updated latest use history information with a secret key unique to the program. The history management device includes a storage unit that stores the data identifier of the uniqueness management target data and its latest usage history information in association with each other, and the data identifier and the latest usage history of the uniqueness management target data used from the program. And a means for verifying that the latest use history information corresponding to the data identifier matches the value stored in the storage means when the information is transmitted, A means for updating the latest usage history information corresponding to the data identifier, and a means for transmitting the updated latest usage history information to the program. Information management system to butterflies. 5. The information management system according to claim 1, wherein communication between the user device and the history management device or communication between the program and the history management device is performed. Communication
An information management system characterized by performing encrypted communication. 6. The information management system according to claim 3, wherein the history management device holds and manages a public key for verifying a signature of the uniqueness management target data, and the user device or An information management system comprising means for receiving a public key transfer request from the program and transferring the public key. 7. The information management system according to any one of claims 1 to 4, wherein when the user device uses the uniqueness management target data, the latest uniqueness created by the use. In addition to the management target data, the previous uniqueness management target data before use and the difference data before and after the use are stored, and when the latest uniqueness management target data is used next, it is not used. When possible, the history management device is queried to confirm that the previous uniqueness management target data is valid, and then the latest uniqueness management target data is calculated using the previous uniqueness management target data and the difference data. The history management device stores and manages a predetermined number of past usage histories in addition to the latest usage history information corresponding to the data identifier of the uniqueness management target data, To the inquiry from, by referring to the past usage history information management system characterized by comprising means for verifying that the previous unique object data is valid. 8. The information management system according to claim 1, wherein when a copy of the uniqueness management target data is created in the user device, the uniqueness is read from the user device. A copy request for the management target data is transmitted to the history management device, and the history management device generates a data identifier of the copy data of the uniqueness management target data and latest usage history information and stores the data in the storage means. Transmitting the data identifier and the latest use history information to the user device, and the user device creates a copy of the uniqueness management target data by using the received data identifier and the latest use history information. Information management system characterized by. 9. The information management system according to claim 8, wherein the storage unit stores each of the uniqueness management target data,
The information which defines the user who is permitted as the copy source of the uniqueness management target data or the information which defines the user who is permitted as the copy destination of the uniqueness management target data is stored. Before making a copy of the target data, a means for checking whether or not the user of the user device making the copy is a user authorized as the copy source or the copy destination is referred to by referring to the storage means. An information management system characterized by further comprising. 10. The information management system according to claim 1, wherein the uniqueness management target data is transferred from a first user device to a second user device, The uniqueness management target data is transmitted from one user device to a second user device, and the second user device requests the history management device to update the history of the uniqueness management target data, The uniqueness management target data is created using the history information returned from the history management device in response to the request, the receipt confirmation message is transmitted to the first user device, and the first receipt device receives the receipt confirmation message. In the user device, the information management system characterized in that the transferred uniqueness management target data is deleted. 11. The information management system according to claim 1, wherein when the uniqueness management target data is divided, a data identifier and a latest usage history are sent from the user device to the history management device. Sending information and a division request, the history management device, while updating the latest usage history information corresponding to the received data identifier, newly generates a data identifier and the latest usage history information corresponding to it, the received data The identifier, the updated latest use history information, and the two sets of the data identifier of the newly generated data identifier and the latest use history information and the latest use history information are transmitted to the user device, and The substantive data is divided into first substantive data and second substantive data, and the first substantive data, the second substantive data, and the history. An information management system characterized in that two uniqueness management target data after division are created using two sets of data identifiers and latest usage history information received from a management device. 12. The information management system according to claim 1, wherein the user device combines the first uniqueness management target data and the second uniqueness management target data. The user device transmits to the history management device the respective data identifiers of the first uniqueness management target data and the second uniqueness management target data and the latest usage history information, and in the history management device, Corresponds to any one of the uniqueness management target data among the data identifier and latest usage history information of the received first uniqueness management target data and the data identifier and latest usage history information of the second uniqueness management target data The data identifier and the latest usage history information are deleted from the storage means, the latest usage history information corresponding to the data identifier of the other uniqueness management target data is updated, and the updated latest The usage history information and the corresponding data identifier to the user device, and the user device stores the substantial data of the first uniqueness management target data and the substantial data of the second uniqueness management target data. An information management system, characterized in that, by combining and, substantial data is created, the created substantial data is combined with the received data identifier and latest usage history information to create uniqueness management target data. 13. The information management system according to claim 1, wherein the substantial data of the uniqueness management target data is electronic cash data. 14. A uniqueness management method for managing uniqueness of electronic cash data using a computer system, comprising electronic cash data to be used, a data identifier, and latest usage history information of the electronic cash data. A history management device that stores and manages the data identifier of the uniqueness management target data and the latest usage history information as the uniqueness management target data with the data signed with the private key held by the user in the group data including Provided, when using the electronic cash data included in the uniqueness management target data, access the history management device,
Uniqueness of electronic cash data characterized by confirming that the data identifier of the uniqueness management target data including the electronic cash data to be used and the latest use history information match those stored in the history management device. Uniqueness management method to manage sex. 15. The uniqueness management method for managing uniqueness of electronic cash data according to claim 14, wherein when the electronic cash data included in the uniqueness management target data is used, the history management device After confirming the data identifier of the uniqueness management target data including the electronic cash data to be used and the latest use history information, the latest use history information corresponding to the stored data identifier is updated and updated with the data identifier. The latest usage history information is transmitted to the user side, and the user side creates uniqueness management target data by using the value after the use of the electronic cash data, the received data identifier and the latest usage history information. A uniqueness management method for managing uniqueness of electronic cash data, which is characterized in that 16. An electronic data using apparatus for using electronic data, comprising substantial data to be used, a data identifier, and
Uniqueness management target data storage means for storing uniqueness management target data including latest usage history information, and history storage for storing the data identifier of the uniqueness management target data and its latest usage history information in association with each other. Means for using the uniqueness management target data, the latest usage history verification means for verifying that the data identifier and the latest usage history information match the value stored in the history storage means; Means for permitting the use of the substantial data of the uniqueness management target data only when a match of the usage history is confirmed, and the data identifier in the history storage means when a match of the latest usage history is confirmed A means for updating the latest usage history information, a substantial data after use, a data identifier, and a uniqueness management pair including the updated latest usage history information. Create data, electronic data using apparatus characterized by comprising a means for storing the said unique management object data storage means. 17. An electronic data using apparatus in which a program using electronic data operates, and substantial data which is a target to be used by the program,
A uniqueness management target data storage unit that stores uniqueness management target data in which a paired data including a data identifier and latest usage history information is signed with a secret key unique to the program, and a data identifier of the uniqueness management target data And a history storage unit that stores the latest usage history information in association with each other, when the uniqueness management target data is used, the signature is verified, and the data identifier and the latest usage history information are the history. Latest usage history verification means for verifying that the value matches the value stored in the storage means, and the uniqueness management target data only when the signature is valid and the matching of the latest usage history is confirmed. Means for permitting the use of the substantive data, and when the signature is valid and the latest usage history is confirmed to match, the history storage means stores A means for updating the latest use history information corresponding to the data identifier, the substantive data after use, the data identifier, and the set data including the updated latest use history information are signed with a secret key unique to the program. An electronic data using apparatus comprising: means for generating uniqueness management target data and storing the uniqueness management target data in the uniqueness management target data storage means. 18. The electronic data using apparatus according to claim 16 or 17, wherein the history storage means is adapted to prevent unauthorized reference or tampering from the outside. . 19. The electronic data using apparatus according to claim 16, wherein when the uniqueness management target data is used, other than the latest uniqueness management target data created by the use. A means for storing the previous uniqueness management target data before the use and the difference data before and after the use, and storing the latest usage history information corresponding to the data identifier of the uniqueness management target data in the history storage main stage. And a means for storing the previous usage history, and a usage history of the previously stored uniqueness management object data when the latest uniqueness management object data is unavailable when the latest uniqueness management object data is used. Is confirmed to match the previous usage history stored in the history storage means, and the latest uniqueness management target data is restored using the previous uniqueness management target data and the difference data. Electronic data using apparatus characterized by further comprising: means for. 20. The electronic data use apparatus according to claim 16, wherein when a copy of the uniqueness management target data is created, data for the copy data of the uniqueness management target data Electronic data characterized in that an identifier and latest use history information are generated and stored in the history storage means, and a copy of the uniqueness management target data is created using the data identifier and the latest use history information. Equipment used. 21. The electronic data use apparatus according to claim 20, wherein the history storage means defines a user who is permitted as a copy source of the uniqueness management target data for each of the uniqueness management target data. Information, or information defining the user permitted as a copy destination of the uniqueness management target data is stored, and refers to the history storage unit before making a copy of the uniqueness management target data. The electronic data using device further comprises means for checking whether or not the user of the user device performing the copying is a user authorized as a copy source or a copy destination. 22. The electronic data using apparatus according to claim 16, wherein the uniqueness management target data and the uniqueness management target data are transferred to another electronic data using apparatus for transferring the uniqueness management target data. Means for transmitting the corresponding data identifier and latest usage history information to the transfer destination, and means for deleting the transmitted data identifier and latest usage history information from the history storage means, for receiving the transfer of the uniqueness management target data, A means for verifying that the data identifier and the latest usage history information in the received uniqueness management target data match the received data identifier and the latest usage history information, and the result of the verification,
When it is confirmed that the data can be used as the uniqueness management target data, the received data identifier and the latest usage history information are newly registered in the history storage means, and the received uniqueness management target data is uniquely managed. An electronic data using device, further comprising: a means for storing in a target data storing means. 23. The electronic data using apparatus according to claim 22, wherein the uniqueness management target data to be transferred is based on a secret key held by a transfer source electronic data using apparatus and cannot be read out illegally. A means for verifying that the data identifier and the latest usage history information in the received uniqueness management target data match the received data identifier and the latest usage history information are data with a signature. An electronic data using device characterized by verifying a signature of data using a public key. 24. A transaction intermediary system using the information management system according to claim 1, comprising a first user device, a second user device, and a transaction management device. And a history management device are connected via a network, the electronic data of the transaction target is the uniqueness management target data, and the transaction management device is a uniqueness management device held by the first user device. When a transaction for transferring the target data to the second user device is established, the second user device, which is the transfer destination, makes a transaction with the address information of the first user device, which is the transfer source. A means for transmitting information regarding the uniqueness management target data of the object, and a history of the received data identifier and the latest history information when the data identifier and the latest history information are received from the second user device as the transfer destination. information Means for transmitting a new request to the history management device; and, when a data identifier and updated history information are received from the history management device, the data identifier and the updated history information are the transfer destinations. And a means for transmitting to the user device, the first user device as a transfer source requests the uniqueness management target data of the transaction target from the second user device as a transfer destination. And a means for transmitting uniqueness management target data of a transaction object in response to the request, wherein the second user device that is the transfer destination is the first use that is the transfer source from the transaction management device. When the address information of the user device and the information regarding the uniqueness management target data of the transaction object are received, the received user information is used to connect to the first user device which is the transfer source to manage the uniqueness of the transaction object. Transfer of target data Requesting the transaction, the means for receiving the uniqueness management object data of the transaction object transmitted in response to the request, the data identifier and the latest history information included in the received uniqueness management object data of the transaction object, and the transaction. Means for transmitting to the management device, and the latest history history information of the uniqueness management target data of the transaction target acquired from the first user device when the data identifier and the updated history information are received from the transaction management device. With the updated history information, and means for storing the updated uniqueness management target data, the history management device, when receiving a history information update request from the transaction management device, It is verified that the data identifier and the latest history information included in the request match the value stored in the storage device in the own machine, and when verified, the history information update request is accepted. A transaction intermediary system comprising means for updating the latest history information corresponding to the data identifier and transmitting the data identifier and the updated history information to the transaction management device. 25. The transaction intermediary system according to claim 24, wherein the transaction management device establishes a transaction of uniqueness management target data between the first user device and the second user device. At this time, the transaction intermediary system further comprising means for performing settlement processing relating to the transaction. 26. A transaction intermediary system using the electronic data using device according to any one of claims 16 to 23, comprising a first electronic data using device and a second electronic data using device. A transaction management device is connected to a network, electronic data of a transaction target is the uniqueness management target data, and the transaction management device is a uniqueness management target held by the first electronic data using device. When the transaction for transferring the data to the second electronic data using apparatus is established, the transfer destination is the second electronic data using apparatus, and the address information of the transfer source of the first electronic data using apparatus. And a means for transmitting information regarding uniqueness management target data of the transaction target, wherein the first electronic data using apparatus that is the transfer source is from the second electronic data using apparatus that is the transfer destination, When there is a request to transfer the uniqueness management target data of the reference target, the data identifier corresponding to the uniqueness management target data, and the latest usage history information, in response to the request, the uniqueness management target data of the transaction target, and A means for transmitting a data identifier corresponding to the uniqueness management target data and the latest usage history information; and a data identifier corresponding to the uniqueness management target data and the latest usage history information, after being transmitted from the history storage means. Means for deleting the latest usage history information, wherein the second electronic data using apparatus which is the transfer destination receives from the transaction management apparatus the address information of the first electronic data using apparatus which is the transfer source and the transaction target. When the information about the uniqueness management target data is received, the received information is used to connect to the first electronic data using apparatus which is the transfer source. Uniqueness management target data of the transaction target, a data identifier corresponding to the uniqueness management target data stored in the history storage means, and means for requesting transfer of the latest usage history information, and transmitted in response to the request. Uniqueness management target data of the transaction target, a data identifier corresponding to the uniqueness management target data, and a means of receiving the latest usage history information, and a data identifier and latest usage history in the received uniqueness management target data of the trading target. A means for verifying that the information matches the received data identifier and the latest usage history information, and the received data identifier when it is confirmed as a result of the verification that the information can be used as the uniqueness management target data. And the latest usage history information are newly registered in the history storage means, and the received uniqueness management target data is stored in the uniqueness management target data storage means. A transaction intermediary system comprising means. 27. The transaction intermediary system according to claim 26, wherein the transaction management device performs transaction of uniqueness management target data between the first electronic data using device and the second electronic data using device. A transaction intermediary system, further comprising means for performing settlement processing relating to the transaction when established.