JP2004343782A - Data management system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To secure the security of data on a network in a digital data management system which is effectively applied to the management of digital data, particularly, to the copyright management of literal data, electronic transactions, and an electronic currency. <P>SOLUTION: An original author A presents an original copyright label L<SB>o</SB>and requests the distribution of an original secret key K<SB>so</SB>to a data management center C<SB>d</SB>(1). The center C<SB>d</SB>encrypts the original secret key K<SB>so</SB>corresponding to the label L<SB>o</SB>with A's public key K<SB>ba</SB>and distributes an encrypted original secret key C<SB>ks</SB>O<SB>kba</SB>to the A. At this time, the center C<SB>d</SB>hashes the label L<SB>o</SB>in a unidirectional manner, creates a label fingerprint F<SB>o</SB>, and distributes it to the A (2). The A decrypts the encrypted original secret key C<SB>ks</SB>O<SB>kba</SB>with A's exclusive key, encrypts original work data M<SB>o</SB>with the decoded original secret key K<SB>so</SB>and transfers the encrypted original work data, the label L<SB>o</SB>, and the label fingerprint F<SB>o</SB>to a first user U<SB>1</SB>(3). The U<SB>1</SB>presents the label L<SB>o</SB>, the label fingerprint F<SB>o</SB>, and a first user label L<SB>u1</SB>to C<SB>d</SB>and requests the distribution of an original and a first secret key K<SB>s1</SB>(4). The C<SB>d</SB>confirms the correctness of L<SB>0</SB>from the label fingerprint F<SB>o</SB>, encrypts K<SB>so</SB>, K<SB>s1</SB>with a U<SB>1</SB>'s public key together with the registration of L<SB>1</SB>and distributes them to U<SB>1</SB>(5). The U<SB>1</SB>performs decryption with the U<SB>1</SB>'s exclusive key and decrypts the encrypted data with the K<SB>so</SB>(6). <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

  The present invention relates to a digital data management system which is effectively applied to digital data management, in particular, copyright management of copyrighted work data, electronic commerce, and electronic currency.

  2. Description of the Related Art In the information age, a database system that mutually uses various kinds of data, which have been stored independently by each computer, by connecting each computer through a communication line has been widely used. The information handled so far in this database system is coded information with a small amount of information that can be processed by a classical computer and, at most, monochrome binary data such as facsimile information, natural images and moving images. It was not possible to handle data with an extremely large amount of information.

  With the development of digital processing techniques for various electrical signals, digital processing techniques for image signals other than binary data, which were conventionally handled only as analog signals, are being developed. The digitization of this image signal makes it possible for the computer to handle image signals such as television signals. Therefore, a "multimedia system" that simultaneously handles various data handled by the computer and image data obtained by digitizing the image signals. Is attracting attention as a future technology.

Since image data has an overwhelming amount of information as compared with character data and voice data, it is difficult to store, transfer, or perform various processing in a computer as it is. Therefore, it is conceivable to compress / expand these image data, and some standards for image data compression / expansion have been created. Among them, the JPEG (Joint Photographic image coding Experts Group) standard for still images and the H.264 standard for television conferences have been used as common standards.
261 standard, MPEG1 (Moving Picture image coding Experts Group 1
2.) The MPEG2 standard corresponding to the high definition television broadcasting was created from the standard and the current television broadcasting. These technologies have enabled real-time processing of digital video data.

  Conventionally, analog data that has been widely used deteriorates in quality every time it is stored, copied, processed, or transferred. Therefore, copyright processing caused by these operations has not been a serious problem. However, the quality of digital data is not degraded by repeatedly storing, copying, processing, and transferring digital data. Therefore, the processing of the copyright caused by these operations is a serious problem. Until now, there has been no precise method for copyright processing of digital data, and it has been processed under copyright law or by contract, and the copyright law also institutes compensation for digital recording equipment. It's just

  The method of using a database is not only to refer to its contents, but also to make effective use of the obtained data by storing, copying and processing it, and to use the processed data online via a communication line or on an appropriate storage medium. It is possible to transfer data to others online or even to a database and register it as new data. In a conventional database system, only character data was targeted.In a multimedia system, in addition to character data, etc., which had previously been made into a database, voice data and image data, which are analog data, were digitally converted. And converted into a database.

In such a situation, how to deal with the copyright of the data in the database becomes a big problem. So far, the copyright management means for that purpose, especially the secondary use such as copying, processing, transferring, etc. No copyright management measures have been completed for.

On the other hand, in the past few years, computer data communication using the computer, which has been performed on a relatively small scale, has rapidly become widespread in the last few years, and is becoming more familiar to all people. Initially, the information communicated by this Internet system was only textual information, but with the development of technology, audio data and image data were handled, and furthermore, e-commerce data or electronic data where reliability and confidentiality are important Even currency data is about to be handled by the Internet system.
JP-A-8-185448 JP-A-7-14045 JP-A-60-102038 JP-A-5-316102

Under such circumstances, there is a demand for a technique for guaranteeing the security of the confidentiality and reliability of data to be handled, and for establishing a charging technique when charging is required.
Copyrights are often claimed for copyrighted work data, but some copyrighted data, such as personal emails and advertisements, do not actively claim copyrights. . For example, in the case of personal mail without a copyright claim, it is important to ensure privacy, prevent tampering with the contents, and prevent forgery. Even for data for advertisements and advertisements that do not normally claim copyright, damage may occur due to falsification of contents, distribution to non-target persons, or business confusion due to false data may occur. As described above, it is necessary to prevent falsification, privacy infringement, and forgery of personal mails, and to prevent tampering of contents, browsing restrictions, and forgery of advertising and publicity data.

  Prevention of privacy infringement of personal mail and restriction of browsing of advertisement data can be realized by data encryption. Prevention of forgery of personal mail and advertisement data and prevention of falsification of personal mail and advertisement / advertisement data must be confirmed by sender. (Authentication).

An Internet system with a grassroots concept has very weak security of the system itself. Systems for ensuring the security of the Internet system have been proposed, and typical systems include PEM (Privacy Enhanced Mail) having a hierarchical structure and PGP (Pretty Good Privacy) having a horizontal distribution structure. All of them perform data confidentiality, authentication of the sender, proof of falsification of the data, display of the first sender, and management of the public key, but none of the restrictions on reuse including data processing are possible. is there.

In a PEM adopting a hierarchical structure, a top-level organization called IPRA (Internet PCA Registration Authority) and a second-level organization called PCA (Policy Certification Authority) and an organization (Organizational), a region (Regidential), and an individual (Personal) It is composed of the lowest-ranked institutions, each of which is called by a higher-ranking certification authority (Certifucation Utilities) by issuing a public-key certificate that digitally signs data such as the name of the lower-level agency for the public key of the lower-level agency. Guarantee the legitimacy of

  In a PGP adopting a horizontally distributed structure, there is no organization equivalent to PEM certification authority, and a trusted person issues a public key certificate by digitally signing data such as the name of the public key, thereby verifying the validity of the public key. Guarantee. This PGP includes a method called an electronic fingerprint for confirming, by voice, a 16-byte hash value obtained by hashing a public key using a one-way hash function such as MD5 (Message Digest 5) as a simple method of confirming a public key.

  When PEM and PGP are compared, there is no problem about the certifier in the PEM adopting the hierarchical structure, but it is not necessarily a general system in the grassroots Internet system. On the other hand, PGP is a simple system that can be widely adopted in general, but cannot be used if a reliable signer cannot be found.

  By the way, with the development of computer network systems, individual computers, which were conventionally used as stand-alone computers, are connected via a network system, and database systems that share data have become widespread. Not only data but also application programs and operating systems A distributed object system has also been proposed in which basic software called a system is shared via a network.

  In the distributed object system, both data and software are supplied from a server as objects composed of programs and data. In a distributed object system, an operating system, application programs and data are provided by a server, and data processing and data storage are performed by a user terminal device which is an ordinary computer. There is a system called a server object server provided by a server and performing data processing by a user terminal device called a network computer, but storing data by the server. The server object server system is further advanced, and the server also performs data processing. The user terminal device has only an input / output function, and it is considered that the entire system functions as one computer.

  As another form of the network system, a provider that provides a network infrastructure such as a communication line provides a charging system, a security system, a copyright management system, an authentication system, and the like other than the communication line. A “rental network system” called a license network that uses a system service to perform a network business as if it were its own system is also envisioned.

In the present application, the inventor uses digital data management to realize digital data copyright protection, electronic commerce data security, and electronic currency data security in ordinary computer network systems, distributed object systems, and license network systems. Suggest system.

  The first digital data management system includes a data management center on a network, an original copyright holder or information provider using the network, and a plurality of users. The data management center authenticates the public key of the network user, distributes the data encryption private key in response to the presentation of the user label, and grasps the data use situation by requesting the private key. Data is encrypted and stored / transferred using a secret key, but the data to be stored / transferred is encrypted with a secret key different from the secret key of the transferred data. The original data label is added to the original data, and the processed data label is added to the processed data. The data management center does not store the data but only stores the original data label and the processed data. A user label is used to request the private key, but an electronic fingerprint of the user label could be used instead.

The second digital data management system includes a data management center on a network, an original copyright holder or an information provider, and a plurality of users who use the network. The data management center authenticates the public key of the network user, stores the original data and the processing scenario, and stores the user label original data label and the processed data label. Data is not transferred between users, but a data label encrypted with a public key is transferred. The data label is used for the transfer and the application for use, but an electronic fingerprint of the data label can be used instead.

  In an e-commerce system, all data is circulated through an intermediary on the network, and the data transferred from the producer to the consumer is encrypted with the encryption private key and transmitted from the consumer to the producer. The data is encrypted with the re-encryption private key.

  ADVANTAGE OF THE INVENTION According to this invention, the guarantee technique of the security regarding the confidentiality and reliability of the data handled, and the charging technique when charging is required can be provided.

The first to fifth embodiments will be described as embodiments of the present invention. First, basic items common to these embodiments will be described.
[Certification Authority] In the present invention, an authority for authenticating the copyright holder of the original work, the information provider (IP), the user of the original work, and the processor of the original work is required. . This institution may be unique, but there may be more than one institution. If there are a plurality of institutions, they can be linked to each other so that they can be regarded as virtually one institution.

  Also, in this system, a different private key is used for each user's public key-dedicated key set and each stage in which the work is used. Among these, the private key is managed by each user at his / her own responsibility, and the certification authority performs digital signature on the corresponding public key, thereby ensuring reliability. This public key is generally managed by a key management organization called a key library and distributed according to a user's request. An organization having an authentication function is linked to the key management organization, or the authentication function is provided. The organization having the key management organization may also have the function of the key management organization.

[Encryption Key] A key system and a digital signature system used will be briefly described. A secret key system is called a “common key system” because encryption and decryption can be performed with the same key, and is called a “secret key system” because the key must be kept secret. Typical encryption algorithms using a secret key include the DES (Data Encryption Standard) system of the National Bureau of Standards, the FEAL (Fast Encryption Algorithm) system of Nippon Telegraph and Telephone, and the MISTY system of Mitsubishi Electric. In the embodiment described below, the secret key is indicated as “Ks”.

In contrast, a public key system uses a public key (puBlic key) and a private key (priVate key) that is kept secret except for the owner of the key, encrypts it with one key, and encrypts it with the other. This is an encryption system for decrypting with a key, and a typical one is an RSA public key system. In the embodiments described below, the public key is indicated as “Kb” and the dedicated key is indicated as “Kv”. At this time, the operation of encrypting (Encryption) the data M (Material) into the encryption Ck (Cryptgram) using the encryption key K is represented by Ck = E (M, K).
An operation of decrypting the encryption Ck into data M using the encryption key K is represented by M = D (Ck, K)
Is expressed as

The digital signature is a technology to which a public key system is applied, and a transfer source converts a data M into a hash value Hm using a one-way hash function such as MD5, and uses the hash value Hm as a dedicated key Kv.
And encrypts the transferred data M with the data M, and transfers the encrypted data to the transfer destination together with the data M. The transfer destination decrypts the transferred encrypted hash value Chhmkv into the hash value Hm using the public key Kb and converts the transferred data M to the same value. The system determines a hash value Hm 'by a one-way hash function, and determines that the transferred data is reliable if Hm = Hm'. Note that the hash value Hm obtained in this process is uniquely determined from the data M, and it is impossible to intentionally reproduce the data M from the hash value Hm. Also, when the transfer source and the transfer destination can confirm each other, the reliability of the transfer data is ensured even if the transfer is performed without encrypting the hash value Hm. Used for simple authentication.

  [Use of Key] In the first to fifth embodiments, data encryption / decryption / re-encryption processing, data storage prohibition processing, and encryption key storage are performed in devices other than the center-side device. It is desirable that these operations be performed by a dedicated application program that operates automatically, an application program that is embedded in data, or an operating system for higher security. Further, by performing these processes using an IC card, a PC card, or the like, higher security can be obtained.

  [Charging] As a method for reliably performing charging in accordance with the use of data, there are a method of performing charging in accordance with expected use before use, and a method of performing charging in accordance with actual use after use. In addition, a method of charging after use includes a metering post-payment method in which the use result is recorded and the use record is checked and charged later, and a card or the like in which the purchase amount is filled in is used according to the use result. There is a card prepayment method in which the amount of entry is reduced. Further, the metering post-payment method includes a telephone charge method in which the recording device is installed on the server side and an electricity charge method in which the recording device is installed on the user terminal device side. The card prepaid system includes a credit card system in which the prepaid card is stored on the server side and a prepaid card system in which the prepaid card is stored on the user side.

  In the first to fourth embodiments, the data management center creates a user label based on user information presented when the user registers to use the system and transmits the created user label to the user. The user's public key, the user's private key, and the public key of the data management center used in the system are stored in their own devices. IC cards or PC cards are optimal as these storage locations, but they can also be stored in a data storage device in the device. An encryption key storage method using an IC card or a PC card can ensure higher security than key management using an operating system.

  In the embodiment described below, a system for managing digital data copyrights will be described. However, in addition to copyrighted work data, communication contents such as electronic commerce data and electronic currency data, and confidentiality, certainty and reliability of transaction contents are required. The present invention is applicable to such digital data. In addition, in a network system that uses an encryption key, an institution that stores the encryption key and an institution that generates the encryption key are located outside the network system and used via the network system. For the sake of simplicity, the description will be made assuming that only one institution, that is, a data management center, serves as all these institutes.

[Label] In the present invention, a label is used for protecting the copyright of data and exercising the data copyright. The label will be described first with reference to FIGS. 1, 2 and 3. FIG. In this system, a user label of a system user is used, and information of the label owner is described in the user label as shown in FIG. Further, when the label owner has the original copyright, information on the original work is added as shown in FIG. 1 (b), and the work is a processed work obtained by processing the original work. In this case, information on the original copyright data, information on the processing tool, and processing data (processing scenario) are further added as shown in FIG. 1C, and as shown in FIG. Alternatively, a processing tool (processing program) can be added. Among these labels, the label in which only the information of the label owner shown in FIG. 1A is described is called a “user label”, and the information of the work shown in FIG. 1B is described. The label is called a “copyright label”, and the label on which the processing scenario shown in FIGS. 1C and 1D is described is called a “processing label”.

  The user label is generated by the data management center based on the information of the user when the user subscribes to the system, and the copyright label is generated by the author who has performed the work by presenting the content to the data management center. The processing label is created by the data management center by the user who has processed the data by presenting the user label and the processing scenario to the data management center, and these are transferred to each label owner, Stored in the data management center.

  [Encryption Target] FIGS. 2A, 2B and 2C show the relationship between the copyright label and the copyrighted work data. The copyright label and the copyrighted data corresponding to the label are separated from the header of the copyrighted data as shown in FIG. 2A, or the copyrighted data as shown in FIG. 2B. And the copyright label is combined with the header, as shown in FIG. 2C. When the copyright label is combined with the header, an extended label configuration in which a plurality of copyright labels are combined as shown in FIG. 2D can be performed. In the case of the integrated label shown in FIG. 2B, if the copyright label becomes large, the label may not be able to be stored in a single header having a limited capacity. Similarly, when an extended label configuration in which a plurality of the indicated labels are combined is adopted, if the number of labels is too large, the packet size limit on the Internet may be exceeded and distribution may be difficult.

  The copyright label may be used after being encrypted as shown in FIG. 3A, or may be used without being encrypted as shown in FIG. 3B. In these figures, a square frame portion is a portion to be encrypted. If the copyright label is not encrypted, the copyrighted work data is encrypted. Even if the copyright label is not encrypted, in the extended label configuration shown in FIG. 2D, a copyright label other than the copyright label added last is encrypted, and FIG. As shown in FIG. 3D, it is possible to adopt a multi-stage configuration in which the copyright label added later includes the encryption key of the copyright label added and encrypted before, and With this configuration, the content of the copyright label added earlier can be confirmed.

  Data encryption / decryption is performed for copyright protection, but encryption / decryption is a task that places a considerable burden on a computer. If the data to be encrypted / decrypted is text data mainly composed of characters, the work load for encryption / decryption is not so large, but the data to be encrypted is audio data, image data, and especially moving images. The work of encryption / decryption for data is enormous. Therefore, even when a high-speed encryption algorithm is used, data other than text data, such as moving image data, is generally used by a generally used personal computer unless a special computer such as a massively parallel supercomputer is used. , In real time is not practical at this stage.

  4 (a), 4 (b), 4 (c), 4 (d), 4 (e), 4 (f) and 4 (g) show data encryption / decryption configurations. Will be described. In these figures, the square frame portion is the portion to be encrypted. FIG. 4A shows the principle of the use of encryption, in which only the data body portion, which is overwhelmingly larger than the head portion, is encrypted, and the data header used for recognizing data is used. The parts are not darkened. In such a configuration, the work load of encryption / decryption becomes very large.

  On the other hand, as shown in FIG. 4B, there is a method of encrypting the data header portion without encrypting the data body portion. In this case, if all the headers are encrypted, the data cannot be recognized, so that a part of the header is not encrypted.

  As a method for reducing the work load of the configuration shown in FIG. 4A, the data body to be encrypted can be only the head part as shown in FIG. 4C. According to this configuration, since only a very small part of the data body needs to be encrypted / decrypted, the work load of the encryption / decryption is significantly reduced.

FIG. 4D shows a configuration in which the effect of the configuration of FIG. 4C is further enhanced, and a plurality of encryption units in the data body are provided in the data body.
FIG. 4E shows SKIP (Simple Key-management for Internet Protocols).
In this method, a data body is encrypted, a part of a header is encrypted, and an encryption key for data body decryption is placed in an encrypted part of the header. According to this configuration, decryption is extremely difficult because two ciphers must be decrypted.

  However, in the case of the configuration shown in FIG. 4E, the entire data body portion is encrypted, so that the work load of encryption / decryption is very high as in the case of the configuration shown in FIG. Big. As a countermeasure against this, the configuration shown in FIG. 4E is combined with the configuration shown in FIG. With this configuration, since only a very small part of the data body needs to be encrypted / decrypted, the work load of the encryption / decryption is significantly reduced.

  The configuration shown in FIG. 4E further combines the configuration shown in FIG. 4D with the configuration shown in FIG. The effect is further enhanced by adopting a configuration in which a plurality of the components are provided.

  5 (a), 5 (b) and 5 (c), a configuration for encrypting / decrypting data having a normal file format will be described. In these figures, the square frame portion is the portion to be encrypted. The data having a normal file format is composed of a data body part and a data header part, and in the present invention, it is composed of an attached or related copyright label. FIG. 5 (a) shows the principle of use of cryptography, in which the copyright label and the data header are not encrypted and only the data body is encrypted. As in the case of, the work load of encryption / decryption is very large.

  On the other hand, as shown in FIG. 5B, there is a method of encrypting the data header portion without encrypting the data body portion. In this case, if all the headers are encrypted, the data cannot be recognized, so that a part of the header is not encrypted. In this case, the copyright label is not encrypted.

  As shown in FIG. 5C, there is a method of encrypting a copyright label without encrypting a data body portion and a data header portion. In this case as well, if all the copyright labels are encrypted, the relationship between the copyright labels and the corresponding data becomes unclear, so that some of the copyright labels are not encrypted.

On the other hand, instead of a normal format file consisting of a data header and a data body, "object oriented programming" that performs various processes using "objects" in which data and programs that handle data are integrated. programing) ". An object has the basic conceptual structure shown in FIG. 6A, and stores data called an instance variable in a storage location called a slot in an envelope called an instance. Is stored, and the periphery of the slot is surrounded by one or more procedures called methods for refering, processing, binding, etc., and refers to instance variables. And can only be manipulated and manipulated through methods, this feature is called encapsulation. A command from the outside that causes a method to refer to or operate on an instance variable is called a message.

  From a different point of view, instance variables that cannot be referenced or manipulated without going through methods are protected by methods. By utilizing this fact, as shown in FIG. 6B, the method can be encrypted so that the instance variable cannot be referred to or operated unless the message can decrypt the encrypted method. In this case as well, as in the case of the data having the normal file format shown in FIG. 5C, if all of the methods are encrypted, the object cannot be used. do not do. Note that the square frame portion is the encrypted portion.

  [First Embodiment] A first embodiment will be described with reference to FIG. In order to explain the principle, a case where the user transfers the original work data without processing the original work data will be described. A case where the user processes the original work data will be described later. It is to be noted that a case where the original copyrighted data is not actually processed is combined with a case where the original copyrighted data described later in the third embodiment is processed. In the system of this embodiment, a secret key and a public key-dedicated key are used. Accordingly, a public key management authority and a private key generation authority may be linked or included in the data management center.

(1) The original author (data owner) A presents the original copyright label L0 and requests the data management center Cd to distribute the original secret key Ks0. The original author may transfer or manage the original work data to an information provider (IP) or a database so that the information provider (IP) or the database plays the role of the original author. Although the original author A can store the original secret key Ks0 and encrypt the original copyrighted work data M0 without depending on the data management center Cd, the original copyrighted work data M0 by the user (data user) can be used. In order to use this, the original secret key Ks0 needs to be stored in the data management center Cd.

(2) The data management center Cd requested to distribute the original secret key Ks0 encrypts the original copyright label L0 and the original secret key Ks0 corresponding to the original copyright label L0 using the public key Kba of the original author A. And Cds0kba = E (Ks0, Kba)
The encrypted original secret key Cks0kba is distributed to the original author A. Thereafter, the secret key is encrypted using the distribution destination public key and distributed so that it can be decrypted only at the distribution destination.

At this time, the data management center Cd performs a one-way hash on the original copyright label L0 using an algorithm such as MD5 (Message Digest 5), and obtains the original copyright label fingerprint F0, for example, having a data amount of 16 bytes. Create and distribute to original author A. Thereafter, the electronic fingerprint is transferred together with the copyrighted work data.

(3) The original author A, to whom the encrypted original secret key Cks0kba is distributed, decrypts the encrypted original secret key Cks0kba using the original author A's private key Kva, and Ks0 = D (Cks0kba, Kva).
The original copyrighted work data M0 is encrypted using the decrypted original secret key Ks0, and Cm0ks0 = E (M0, Ks0)
The encrypted original copyrighted work data Cm0ks0, the original copyright label L0 and the original copyright label fingerprint F0 are
Transfer to user (first data user) U1.

(4) The first user U1 to which the encrypted original copyrighted work data Cm0ks0, the original copyright label L0, and the original copyright label fingerprint F0 have been transferred becomes the original user label L0, the original copyright label fingerprint F0, and the first user label Lu1. And requests the data management center Cd to distribute the original secret key Ks0 and the first secret key Ks1.

(5) The data management center Cd requested to distribute the original secret key Ks0 and the first secret key Ks1 confirms the validity of the presented original copyright label L0 by the original copyright label fingerprint F0, and The user label Lu1 is registered, and the original secret key Ks0 corresponding to the original copyright label L0 and the first secret key Ks1 corresponding to the first user label Lu1 are encrypted using the public key Kb1 of the first user U1. , Cks0kb1 = E (Ks0, Kb1)
Cks1kb1 = E (Ks1, Kb1)
The encrypted original secret key Cks0kb1 and the encrypted first secret key Cks1kb1 are distributed to the first user U1.

(6) The first user U1 to whom the encrypted original secret key Cks0kb1 and the encrypted first secret key Cks1kb1 are distributed, converts the encrypted original secret key Ck0kb1 and the encrypted first secret key Cks1kb1 to the private key Kv1 of the first user U1. And Ks0 = D (Cks0kb1, Kv1)
Ks1 = D (Cks1kb1, Kv1)
Using the decrypted original secret key Ks0, the encrypted original copyrighted work data Cm0ks0 is decrypted, and M0 = D (M0
, Ks0)
The decrypted original copyrighted work data M0 is used.

When the original copyrighted work data M0 is stored and copied, it is encrypted using the decrypted first secret key Ks1, and Cm0ks1 = E (M0, Ks1)
When the original work data M0 is stored and copied as the encrypted original work data Cm0ks1, and the original work data M0 is transferred to the second user (next data user) U2, the original work data M0 is encrypted using the decrypted first secret key Ks1 and encrypted. The original copyrighted data Cm0ks1 is transferred together with the original copyright label L0, the original copyright label fingerprint F0, and the first user label Lu1.

Each user attaches a digital signature obtained by encrypting the one-way hash value of the label to the data management center Cd using the user's private key, and the data management center discloses the user's public information. Verifying the validity of each user label by decrypting the encrypted one-way hash value using the key, calculating the one-way hash value of the label, and comparing both one-way hash values Can be.

(7) The second user U2 to whom the encrypted original copyrighted work data Cm0ks1, the original copyright label L0, the original copyright label fingerprint F0, and the first user label Lu1 are transferred becomes the original copyright label L0, the original copyright label fingerprint F0. And presents the first user label Lu1 and the second user label Lu2, and requests the data management center Cd to distribute the first secret key Ks1 and the second secret key Ks2.

(8) The data management center Cd requested to distribute the first secret key Ks1 and the second secret key Ks2
The validity of the original copyright label L0 and the first user label Lu1 is confirmed by the original copyright label fingerprint F0. When the first user label Lu1 is confirmed to be legitimate, the data management center Cd registers the second user label Lu2, and stores the first secret key Ks1 and the second user key corresponding to the first user label Lu1. Each second secret key Ks2 corresponding to the label Lu2 is encrypted using the second user's public key Kb2, and Cks1kb2 = E (Ks1, Kb2).
Cks2kb2 = E (Ks2, Kb2)
The encrypted first secret key Cks1kb2 and the encrypted second secret key Cks2kb2 are distributed to the second user U2.

(9) The second user U2 to which the first encrypted secret key Cks1kb2 and the second encrypted secret key Cks2kb2 are distributed, uses the first encrypted secret key Cks1kb2 and the second encrypted secret key Cks2kb2 exclusively for the second user U2. Decrypt using the key Kv2, Ks1 = D (Cks1kb2, Kv2)
Ks2 = D (Cks2kb2, Kv2)
The encrypted original copyrighted work data Cm0ks1 is decrypted using the decrypted first secret key Ks1, and M0 = D (Cm0ks1, Ks1)
The decrypted original copyrighted work data M0 is used.

When the original work data M0 is stored and copied, the original work data M0 is encrypted using the decrypted second secret key Ks2, the encrypted original work data Cm0ks2 is stored and copied, and the original work data M0 is transferred to the third user U3. In this case, the encrypted original copyrighted work data Cm0ks2 is encrypted using the decrypted second secret key Ks2 and the original copyright label L0, the original copyright label fingerprint F0, and the first user label Lu1.
And the second user label Lu2 together with the third user U3.

(10) The third user U3 who has transferred the encrypted original copyrighted work data Cm0ks2 together with the original copyright label L0, the original copyright label fingerprint F0, the first user label Lu1, and the second user label Lu2 becomes the original copyright label L0, The original copyright label fingerprint F0, the first user label Lu1, the second user label Lu2, and the third user label Lu3 are presented to request the data management center Cd to distribute the second secret key Ks2 and the third secret key Ks3. .

(11) The data management center Cd requested to distribute the second secret key Ks2 and the third secret key Ks3 uses the original copyright label fingerprint F0 to generate the original copyright label L0, the first user label Lu1, and the second user label. Check whether Lu2 is legitimate. When it is confirmed that the second user label Lu2 is valid, the data management center Cd registers the third user label Lu3, and stores the second secret key Ks2 and the third user label corresponding to the second user label Lu2. The third secret key Ks3 corresponding to the label Lu3 is encrypted using the public key Kb3 of the third user U3, and Cks2kb3 = E
(Ks2, Kb3)
Cks3kb3 = E (Ks3, Kb3)
The encrypted second secret key Cks2kb3 and the encrypted third secret key Cks3kb3 are distributed to the third user U3.

(12) The third user U3 to whom the encrypted second secret key Cks2kb3 and the encrypted third secret key Cks3kb3 are distributed, uses the encrypted second secret key Cks2kb3 and the encrypted third secret key Cks3kb3 exclusively for the third user U3. Decrypt using the key Kv3, Ks2 = D (Cks2kb3, Kv3)
Ks3 = D (Cks3kb3, Kv3)
The encrypted original copyrighted work data Cm0ks2 is decrypted using the decrypted second secret key Ks2, and M0 = D (Cm0ks2, Ks2)
The decrypted original copyrighted work data M0 is used.

When the original copyrighted work data M0 is stored and copied, the original copyrighted work data M0 is encrypted using the decrypted third secret key Ks3, the encrypted original copyrighted work data Cm0ks3 is stored and copied, and the original copyrighted work data M0 is transferred to the fourth user U4. In such a case, the encrypted original copyrighted work data Cm0ks3 is encrypted using the decrypted third secret key Ks3, together with the original copyright label L0, the first user label Lu1, the second user label Lu2, and the third user label Lu3. , To the fourth user U4. Thereafter, the same operation is repeated.

  [Second Embodiment] A second embodiment in which a key used for encrypting copyrighted work data is transmitted separately from a key used for decrypting copyrighted work data will be described with reference to FIG. The handling of keys, the relationship between the original author, the information provider, and the user, and the handling of labels in the second embodiment are the same as those in the first embodiment, and will not be described again.

(1) The original author A presents the original copyright label L0 and requests the data management center Cd to distribute the original secret key Ks0.
(2) The data management center Cd requested to distribute the original secret key Ks0 creates an original copyright label fingerprint F0 from the original copyright label L0 and associates the original copyright label L0 with the original copyright label L0. The original secret key Ks0 is encrypted using the original author A's public key Kba, and Cks0kba = E (Ks0, Kba)
The encrypted original secret key Cks0kba is distributed to the original author A.

(3) The original author A, to whom the encrypted original secret key Cks0kba is distributed, decrypts the encrypted original secret key Cks0kba using the original author A's private key Kva, and Ks0 = D (Cks0kba, Kva).
The original copyrighted work data M0 is encrypted using the decrypted original secret key Ks0, and Cm0ks0 = E (M0, Ks0)
The encrypted original copyrighted work data Cm0ks0, the original copyright label L0 and the original copyright label fingerprint F0 are
Transfer to user U1.

(4) The first user U1 to which the encrypted original copyrighted work data Cm0ks0, the original copyright label L0, and the original copyright label fingerprint F0 have been transferred becomes the original user label L0, the original copyright label fingerprint F0, and the first user label Lu1. And requests the data management center Cd to distribute the original secret key Ks0.

(5) The data management center Cd requested to distribute the original secret key Ks0 confirms the validity of the presented original copyright label L0 by the original copyright label fingerprint F0, and registers the first user label Lu1. At the same time, the original secret key Ks0 corresponding to the original copyright label L0 is encrypted using the public key Kb1 of the first user U1, and Cks0kb1 = E (Ks0, Kb1)
The encrypted original secret key Cks0kb1 is distributed to the first user U1.

(6) The first user U1 to whom the encrypted original secret key Cks0kb1 has been distributed decrypts the encrypted original secret key Ck0kb1 using the first user U1's dedicated key Kv1, and Ks0 = D (Cks0kb1, Kv1).
Using the decrypted original secret key Ks0, the encrypted original copyrighted work data Cm0ks0 is decrypted, and M0 = D (M0
, Ks0)
The decrypted original copyrighted work data M0 is used.

(7) When the original copyrighted work data M0 is stored and copied, the original copyright label L0, the original copyright label fingerprint F0, and the first user label Lu1 are presented again to distribute the first secret key Ks1. Request to the management center Cd.

(8) The data management center Cd requested to distribute the first secret key Ks1 confirms the validity of the presented first user label Lu1 with the original copyright label fingerprint F0, and registers the registered first user label Lu1. The first secret key Ks1 corresponding to Lu1 is encrypted using the public key Kb1 of the first user U1, and Cks1kb1 = E (Ks1, Kb1)
The encrypted first secret key Cks1kb1 is distributed to the first user U1.

(9) The first user U1 to whom the encrypted first secret key Cks1kb1 has been distributed decrypts the encrypted first secret key Cks1kb1 using the private key Kv1 of the first user U1, and Ks1 = D (Cks1kb1, Kv1).
The original copyrighted work data M0 is encrypted using the decrypted first secret key Ks1, and Cm0ks1 = E (M0,
Ks1)
The encrypted original copyrighted work data Cm0ks1 is stored and copied, and the original copyrighted work data M0 is stored in the second user U2.
Is transferred using the decrypted first secret key Ks1, the original copyright label L0, the original copyright label fingerprint F0, and the first user label Lu1 are encrypted as encrypted original copyrighted work data Cm0ks1.
Transfer with.

(10) The second user U2 to whom the encrypted original copyrighted work data Cm0ks1, the original copyright label L0, the original copyright label fingerprint F0, and the first user label Lu1 are transferred becomes the original copyright label L0, the original copyright label fingerprint F0. And presents the first user label Lu1 and the second user label Lu2, and requests the data management center Cd to distribute the first secret key Ks1.

(11) The data management center Cd requested to distribute the first secret key Ks1 confirms the validity of the original copyright label L0 and the first user label Lu1 with the original copyright label fingerprint F0. When the first user label Lu1 is confirmed to be valid, the data management center Cd registers the second user label Lu2, and stores the first secret key Ks1 corresponding to the first user label Lu1 in the second user label Lu2. Encrypted using the user's public key Kb2, Cks1kb2 = E (Ks1, Kb2)
The encrypted first secret key Cks1kb2 is distributed to the second user U2.

(12) The second user U2 to whom the encrypted first secret key Cks1kb2 has been distributed decrypts the encrypted first secret key Cks1kb2 using the dedicated key Kv2 of the second user U2, and Ks1 = D (Cks1kb2, Kv2).
The encrypted original copyrighted work data Cm0ks1 is decrypted using the decrypted first secret key Ks1, and M0 = D (Cm0ks1, Ks1)
The decrypted original copyrighted work data M0 is used.

(13) When the original copyrighted work data M0 is stored and copied, the original copyright label L0, the original copyright label fingerprint F0, the first user label Lu1 and the second user label Lu2 are presented again, and the second secret key is displayed. The distribution of Ks2 is requested to the data management center Cd.

(14) The data management center Cd requested to distribute the second secret key Ks2 confirms the validity of the presented second user label Lu2 with the original copyright label fingerprint F0, and registers the registered second user label Lu2. The second secret key Ks2 corresponding to Lu2 is encrypted using the public key Kb2 of the second user U2, and Cks2kb2 = E (Ks2, Kb2)
The encrypted second secret key Cks2kb2 is distributed to the second user U2.

(15) The second user U2 to whom the encrypted second secret key Cks2kb2 has been distributed decrypts the encrypted second secret key Cks2kb2 using the dedicated key Kv2 of the second user U2, and Ks2 = D (Cks2kb2, Kv2).
The original copyrighted work data M0 is encrypted using the decrypted second secret key Ks2, and Cm0ks2 = E (M0,
Ks2)
The encrypted original copyrighted work data Cm0ks2 is stored and copied, and the original copyrighted work data M0 is copied to a third user U3
Is transferred using the decrypted second secret key Ks2, the original copyright label L0, the original copyright label fingerprint F0, the first user label Lu1, and the second user label are encrypted as the encrypted original copyrighted work data Cm0ks2. It is transferred to the third user U3 together with the label Lu2.

(16) The third user U3 who transferred the encrypted original copyrighted work data Cm0ks2 together with the original copyright label L0, the original copyright label fingerprint F0, the first user label Lu1, and the second user label Lu2 becomes the original copyright label L0, The original copyright label fingerprint F0, the first user label Lu1, the second user label Lu2, and the third user label Lu3 are presented to distribute the second secret key Ks2 to the data management center Cd.
Request to.

(17) The data management center Cd requested to distribute the second secret key Ks2 uses the original copyright label fingerprint F0 to determine that the original copyright label L0, the first user label Lu1, and the second user label Lu2 are valid. Check if there is. When the second user label Lu2 is confirmed to be valid, the data management center Cd registers the third user label Lu3, and stores the second secret key Ks2 corresponding to the second user label Lu2 in the third user label. Encrypted using the public key Kb3 of U3, Cks2kb3 = E (Ks2, Kb3)
The encrypted second secret key Cks2kb3 is distributed to the third user U3.

(18) The third user U3, to whom the encrypted second secret key Cks2kb3 has been distributed, receives the encrypted second secret key Cks.
2 kb3 is decrypted using the dedicated key Kv3 of the third user U3, and Ks2 = D (Cks2kb3, Kv3)
The encrypted original copyrighted work data Cm0ks2 is decrypted using the decrypted second secret key Ks2, and M0 = D (Cm0ks2, Ks2)
The decrypted original copyrighted work data M0 is used.

(19) When storing and copying the original copyrighted work data M0, the original copyright label L0, the original copyright label fingerprint F0, the first user label Lu1, the second user label Lu2, and the third user label Lu3 are presented again. Requesting the data management center Cd to distribute the third secret key Ks3.

(20) The data management center Cd requested to distribute the third secret key Ks3 confirms the validity of the presented third user label Lu3 with the original copyright label fingerprint F0, and registers the registered third user label Lu3. The third secret key Ks3 corresponding to Lu3 is encrypted using the public key Kb3 of the third user U3, and Cks3kb3 = E (Ks3, Kb3)
The encrypted third secret key Cks3kb3 is distributed to the third user U3.

(21) The third user U3 to whom the encrypted third secret key Cks3kb3 has been distributed decrypts the encrypted third secret key Cks3kb3 using the third user U3's dedicated key Kv3, and Ks3 = D (Cks3kb3, Kv3).
The original copyrighted work data M0 is encrypted using the decrypted third secret key Ks3, and Cm0ks3 = E (M0,
Ks3)
The encrypted original copyrighted work data Cm0ks3 is stored and copied, and the original copyrighted work data M0 is copied to the fourth user U4
Is transferred using the decrypted third secret key Ks3, the original copyright label L0, the original copyright label fingerprint F0, the first user label Lu1, the encrypted original copyrighted work data Cm0ks3.
The data is transferred to the fourth user U4 together with the second user label Lu2 and the third user label Lu3.
Thereafter, the same operation is repeated.

  In this embodiment, since only the decryption key necessary for using the copyrighted work data is initially distributed, the operation is simplified for a user who does not store, copy or transfer the copyrighted work data. You. A system in which a re-encryption key is distributed simultaneously with a decryption key as in the first embodiment, and a re-encryption key is separately distributed from the decryption key as in the second embodiment. It is also possible to configure so that the system and the system coexist in one system, and are appropriately selected and used.

  [Third Embodiment] A third embodiment in which a user processes one original work data and transfers it to the next user will be described with reference to FIGS. The processing of a data work is performed by editing the original work data using a processing tool that is an application program. The processed work data obtained by the processing is information on the used original work data and the used processing tool. And the processing content data. That is, if the user owns the processing tool, it is possible to reproduce the processed copyrighted work data by obtaining the original copyrighted work data and the processing content data.

  Processing of digital data will be described. Digital data processing is performed by modifying the original data using a processing program (processing tool), and the processing data is identified by specifying the original data, processing tool, and processing content data (processing scenario). Will be reproduced. In other words, it is impossible to reproduce the processed data unless the original data, the processing tool and the processing scenario are specified.

When creating new data from a single piece of original data, when modifying the original data A to obtain the processed data “A ′”, the user adds the data X to the original data A to create the processed data “A + X”. Is obtained, the original data A is divided into the original data elements A1, A2, A3,... And the array is changed to A3, A2, A1 to obtain the processed data "A"". May be divided into data elements A1, A2, A3,..., The primary user data X may be divided into X1, X2, X3,... And arranged to obtain processed data "A1 + X1 + A2 + X2 + A3 + X3. . In these cases, the modification of the original data, the change in the arrangement of the original data, the combination of the original data and the user data, the division of the original data, and the combination with the user data are each subject to the secondary copyright. Need to be protected. It goes without saying that the data X added by the user has the original copyright of the user.

When new data is created by combining a plurality of original data, the original data A, B, C,... Are obtained by simply combining the original data A, B, C. When the user obtains the processed data "A + X" by adding data X to C ..., the original data A, B, C ... are converted to the original data elements A1, A2, A3 ..., B1, B2.
, B3,..., C1, C2, C3,.
+ B1 + C1 + ... + A2 + B2 + C2 + ... + A3 + B3 + C3 + ... ", the original data A, B, C ... are converted to the original data elements A1, A2, A3 ... B1, B2, B3 ... C1. , C2, C3... And user data X1, X2, X3... Are combined to change the arrangement and the processed data "A1 + B1 + C1 + X1 + ... + A2 + B2 + C2 + X2 + ... + A3 +
B3 + C3 + X3 +... In these cases as well, a combination of a plurality of original data, a combination of a plurality of original data and user data, a division and arrangement change of a plurality of original data, a combination of a plurality of divided original data and user data are each secondary. It is subject to copyright and it is necessary to protect these secondary copyrights. It goes without saying that the data X1, X2, X3,... Added by the user have the original copyright of the user.

  FIG. 9 shows an example of a method of creating new data D using a plurality of original data A, B, and C. In this method, elements a, b, and c are extracted (cut) from the original data A, B, and C, and the extracted elements a, b, and c are pasted (pasted) to synthesize one data D. Data processing is performed by a method.

In addition, there is a data link technique for linking a plurality of data objects. In this data link technique, an object link section is provided in a slot of a pad which is a data object, and the objects are linked with each other by a slot connection technique in which the slot is linked to another pad. The mutual relationship between a plurality of objects linked in this way can be expressed as a tree structure, and it is possible to delete or add objects using the expressed tree structure.

  By the way, it is obvious that the original data and the user data are data, but the modification of the original data, the arrangement change of the original data, the combination of the original data and the user data, the division of the original data, and the user data in the process of processing the data. , A combination of a plurality of original data, a combination of a plurality of original data and user data, a division and arrangement change of a plurality of original data, and a combination of a plurality of divided original data and user data are also the data itself.

  Paying attention to the fact that the data processing scenario such as the arrangement relationship of the original data and the processing procedure is also data, the secondary copyright on the processed data is changed to the original copyright of the original creator on the original data and the user copyright on the user data. In addition to this, it is possible to protect by managing the user's copyright regarding the processing process data.

  That is, the processed data is composed of the original data, the user data, and the processing scenario, and by managing the original data, the user data, and the processing scenario, it is possible to manage the copyright of the processed data together with the original data. . In this case, the processing program used in data processing is also managed by the data management system if necessary.

This data can be processed by using the processing program corresponding to the original data. However, if the original data is handled as object-oriented software, which has recently been attracting attention, easier processing can be achieved. Better data copyright management can be performed. Further, if agent-oriented software is adopted further, the user can synthesize data without any effort.

  Agent-oriented software is a program that combines autonomy, adaptability, and coordination. It does not require specific instructions for all work procedures like conventional software, but only based on general user instructions. Due to its characteristics of autonomy, adaptability, and coordination, it is possible to meet user demands. This agent program is incorporated in the basic system of the data copyright management system to monitor the user's usage of the database, and use the metering function provided in the user terminal device to collect usage data details and billing information. By configuring the database or the copyright management center to collect the included information, the database or the copyright management center can know the user's database usage tendency and perform more detailed copyright management. Can be. Therefore, the agent program and data are also subject to copyright protection and are encrypted in the same manner as the original data.

  In the third embodiment shown in FIG. 10, the one obtained by adding the processing scenario to the copyright label in the first embodiment and the second embodiment described above is called a “processing label”. Treat it like a copyright label. The handling of keys, the relationship between the original author, the information provider, and the user, and the handling of labels in the third embodiment are the same as those in the first embodiment, and will not be described again.

(1) The original author A presents the original copyright label L0 and requests the data management center Cd to distribute the original secret key Ks0.
(2) The data management center Cd requested to distribute the original secret key Ks0 encrypts the original copyright label L0 and the original secret key Ks0 corresponding to the original copyright label L0 using the public key Kba of the original author A. And Cds0kba = E (Ks0, Kba)
The encrypted original secret key Cks0kba is distributed to the original author A.

At this time, the data management center Cd converts the original copyright label L0 into a one-way hash, for example, a data amount of 16 bytes, using an algorithm such as MD5 to create an original copyright label fingerprint F0. To distribute. The electronic fingerprint is created for each processed work each time the original work or the processed work is obtained and the processed work is obtained, and is transferred together with the work.

(3) The original author A, to whom the encrypted original secret key Cks0kba is distributed, decrypts the encrypted original secret key Cks0kba using the original author A's private key Kva, and Ks0 = D (Cks0kba, Kva).
The original copyrighted work data M0 is encrypted using the decrypted original secret key Ks0, and Cm0ks0 = E (M0, Ks0)
The encrypted original copyrighted work data Cm0ks0, the original copyright label L0 and the original copyright label fingerprint F0 are
Transfer to user U1.

(4) The first user U1 to which the encrypted original copyrighted work data Cm0ks0, the original copyright label L0, and the original copyright label fingerprint F0 have been transferred becomes the original user label L0, the original copyright label fingerprint F0, and the first user label Lu1. And requests the data management center Cd to distribute the original secret key Ks0.

(5) The data management center Cd requested to distribute the original secret key Ks0 confirms the validity of the presented original copyright label L0 by the original copyright label fingerprint F0, and registers the first user label Lu1. At the same time, the original secret key Ks0 corresponding to the original copyright label L0 is encrypted using the public key Kb1 of the first user U1, and Cks0kb1 = E (Ks0, Kb1)
The encrypted original secret key Cks0kb1 is distributed to the first user U1.

(6) The first user U1 to whom the encrypted original secret key Cks0kb1 has been distributed decrypts the encrypted original secret key Ck0kb1 using the first user U1's dedicated key Kv1, and Ks0 = D (Cks0kb1, Kv1).
Using the decrypted original secret key Ks0, the encrypted original copyrighted work data Cm0ks0 is decrypted, and M0 = D (M0
, Ks0)
The decrypted original copyrighted work data M0 is processed using a processing tool to obtain processed copyrighted work data Me1.

  In the processed work data Me1 thus obtained, the copyright of the original creator who created the original work exists in addition to the copyright of the first user who has processed the data. The copyright of the original author regarding the original copyrighted work data M0 is the registered original copyright label L0, the original copyright label fingerprint F0, the original secret key Ks0 corresponding to the original copyright label L0, the first user label Lu1, and the first user. Although the data can be protected by the first secret key Ks1 corresponding to the label Lu1, a key for encrypting the processed copyrighted work data Me1 is not prepared. Is not yet protected.

(7) In order to protect the secondary copyright of the first user with respect to the processed work data Me1, in the third embodiment, the first user label which is the author of the processed work and its electronic fingerprint are used. As described above, the processed work can be represented by the used original work data, the information of the used processing tool, and the processing content data. Therefore, the first user label, in other words, the first processed label Le1 includes these. Information and data are entered. Further, to protect the secondary copyright in the subsequent distribution process, the user U1 presents the first processed label Le1 to the data management center Cd, whereby the secondary copyright of the user U1 is registered.

(8) The data management center Cd presented with the first processed label Le1 confirms the validity of the presented original copyright label L0 with the original copyright label fingerprint F0, registers the first processed label Le1, and registers the first processed label Le1. Creates the electronic fingerprint F1 of the first processed label Le1, encrypts the first processed secret key Kse1 corresponding to the first processed label Le1 with the public key Kb1 of the first user U1 of the data management center, and Ckse1kb1 = E ( Kse1, Kb1)
The encrypted first processed secret key Ckse1kb1 is sent to the first user U1 together with the electronic fingerprint Fe1 of the first processed label Le1.

(9) The first user U1 to whom the encrypted first processed secret key Ckse1kb1 and the electronic fingerprint Fe1 of the first processed copyright label Le1 are distributed, converts the encrypted first processed secret key Ckse1kb1 into the dedicated key Kv1 of the first user U1. And Kse1 = D (Ckse1kb1, Kv1)
The first processed copyrighted work data Me1 is encrypted using the decrypted first processed key Kse1, and Cme1 = E (Me1, Kse1)
The encrypted first processed copyrighted work data Cme1 is transferred to the second user U1 together with the first processed copyright label Le1 and the electronic fingerprint Fe1 of the first processed copyright label Le1. Thereafter, the same operation is repeated.

In the third embodiment, only the first processed copyright label Le1 and the electronic fingerprint Fe1 of the first processed copyright label Le1 are transferred together with the encrypted first processed copyrighted data Cme1 when the processed data is transferred. Other labels and electronic fingerprints can also be configured to be transferred at the same time. The processing performed using a plurality of copyrighted data as shown in FIG. 7 is complicated because of the large number of copyrighted data, but is performed in the same manner as the processing using single data. However, the description is omitted so as not to make the description redundant.

In the systems of the first, second, and third embodiments described above, the copyrighted work data is encrypted using the secret key, and the secret key for decryption is used as well as the re-use key used for storage / copy / transfer. The encryption secret key is distributed by the data management center based on the user label presented by the user.

  Both the decryption private key and the re-encryption private key are encrypted in advance by the user public key whose validity has been authenticated by the data management center, and therefore have been indirectly authenticated by the data management center. become. In addition, since these secret keys are used for encrypting the copyrighted work data to be transferred, the data management center is finally authenticated for the copyrighted work data to be transferred. Since the authentication by the data management center is absolute, it is a hierarchical authentication system represented by PEM.

  On the other hand, since the copyrighted work data itself is transferred between users without being transferred to the data management center, the authentication performed in the process can be said to be a horizontal distributed authentication system represented by PGP. In this way, the system of this embodiment realizes an authentication system having both the feature that the hierarchical authentication system has high reliability and the feature that the horizontal distributed authentication system is easy to handle.

  In addition, all actions of the user using the copyrighted work data and the details of the actions are grasped by the data management center based on the user label presented by the user. Since all uses, including processing of copyrighted works, are performed via the data management center, the identity of each user is securely confirmed, and by confirming the content and progress of the act, the content of copyrighted work data is confirmed. And proof of history is performed. When this content certification is applied to electronic commerce and the like, it is possible to certify the transaction content by the data management center, that is, to perform “electronic notarization”. When a digital signature is attached to a user label or a processed label, if a computer virus enters the user label or the processed label, the label data changes, and as a result, the hash value changes. Therefore, the intrusion of the computer virus can be detected by verifying the digital signature. If hashing is performed without performing a digital signature, the intrusion of a computer virus can be detected because the user label or the processed label is invalid depending on the changed hash value.

  [Fourth Embodiment] In the case of a distributed object system represented by a license network system, it is not a conventional computer having a large-capacity data storage device, but has no data storage device and inputs and outputs data and processes data. Only the use of network computers to do is considered. Furthermore, it is considered to use a network computer which has only a data input / output function without a data processing device and has a terminal device of a large computer. Since such a network computer does not have a data storage device, it cannot store or copy copyrighted work data.

  Next, an embodiment that can be applied to a network computer having no data storage device used in such a distributed object system will be described. However, this embodiment is applied to a computer having a normal data storage device. Of course, it is also applicable.

  Protecting data copyright requires the use of some form of encryption to limit unauthorized use of the work. In the first, second, and third embodiments described above, in order to protect copyright in a system for a computer having a normal data storage device, encrypted copyrighted work data is protected. In addition, unencrypted labels are used as clues for utilizing copyrighted work data. On the other hand, in a system for a network computer having only a terminal-like function, the copyrighted data need not be encrypted because the copyrighted data is not stored, copied or transferred. .

  As described in the third embodiment, the processing of a data work is performed by modifying the original work data using a processing tool, and the processed work data obtained by the processing is used as the original work data, It can be represented by the information of the processing tool used and the processing scenario. The same applies to the distributed object system. Even when the processed copyrighted data is created by using the copyrighted data of the database existing on the distributed object system, the used database, the used original copyrighted data, By specifying the information of the processing tool and the processing scenario, it is possible to reproduce the processed copyrighted data, which is the case when using multiple copyrighted data obtained from a single database or multiple databases. The same is true for

  A fourth embodiment will be described with reference to FIG. In this embodiment, the original copyright holder and the information provider (IP) holding the copyrighted work data are distinguished from the users who do not have the copyrighted work data, and are arranged on the network side together with the data management center and the like. In the system of this embodiment, a public key and a private key are used. When the original work data is transferred to the user, the original work data is encrypted using a secret key or a public key of the transfer destination for security.

The first user U1 searches for copyrighted work data and collects necessary copyrighted data by using a network, a broadcast or a recording medium, and the collected copyrighted work data is temporarily stored in the memory of the user U1. Only when the data is stored, the copyrighted work data is not stored in the data storage device even when a data storage device such as a hard disk drive (HDD) is included in the device of the user U1. In order to prevent the copyrighted work data from being saved, when the saving is attempted, the copyrighted work data on the memory is destroyed, the data header on the memory is changed, and the data is one-way hashed When the file name is changed to an unsaveable file name, the storage of the copyrighted work data is prohibited. The storage prohibition can be performed by a data storage prohibition program built in the program part of the copyrighted work data having the object structure. Property is obtained.

In the fourth embodiment, a case where a plurality of copyrighted data is used will be described. (1), (2) The first user U1 presents the first user label Lu1 to the data management center and retrieves the original copyrighted work data M0i (i = 1, 2, 3) from the data library of the information provider IP in the system. ..) To obtain a processing tool Pe. At this time, the original copyrighted work data M0i and the processing tool Pe are encrypted using the public key Kb1 of the first user U1, and Cm0ikb1 = E (M0i, Kb1). )
Cpekb1 = E (Pe, Kb1)
The encrypted original copyrighted work data Cm0ikb1 and the encryption processing tool Cpekb1 are distributed to the first user U1. At this time, by referring to the first user label Lu1, the use status of the original copyrighted work data M0i and the processing tool Pe is also recorded in the data management center, and is used for billing.

(3) The first user U1 to whom the encrypted original copyrighted work data Cm0ikb1 and the encryption processing tool Cpekb1 have been distributed receives the distributed encrypted original copyrighted work data Cm0ikb1 and the encryption processing tool Cpekb1 using the private key Kv1 of the first user U1. M0i = D (Cm0ikb1, Kv1)
Pe = D (Cpekb1, Kv1)
Then, the decrypted original work data M0i is processed using the decrypted processing tool Pe, and the first
The processed copyrighted work data M1i (i = 1, 2, 3,...) Is obtained.

(4) The first user U1 who obtained the first processed copyrighted work data M1i encrypts the first scenario S1i, which is the processed data of the first processed copyrighted work data M1i, with the public key Kbc of the data management center, and Cs1ikbc = E (S1i, Kbc)
The first encryption scenario Cs1ikbc is presented together with the first user label Lu1 to the data management center Cd, whereby the secondary copyright of the user U1 is registered.

(5) The data management center Cd presented with the first encryption scenario Cs1ikbc decrypts the first encryption scenario Cs1ikbc using the dedicated key Kvc of the data management center Cd, and S1i = D (Cs1ikbc, Kvc)
A first processing label Le1 is created based on the presented user label of the first user U1 and the decrypted first processing scenario S1i, stored in the data management center Cd, and the first processing label Le1 is stored in the first user U1. Encrypted using the public key Kb1, Cle1kb1 = E (Lei, Kb1)
The first encrypted processing label Cle1kb1 is transferred to the first user U1.

(6) The first user U1 to which the encrypted first processed label Cle1kb1 has been transferred decrypts the encrypted first processed label Cle1kb1 using the dedicated key Kv1 of the first user U1, and Le1 = D (Cle1kb1, Kv1).
)
The decrypted first processed label Le1 is encrypted using the public key Kb2 of the second user U2, and Cle1kb2 = E (Le1, Kb2)
Although the encrypted first processed label Cle1kb2 is transferred to the second user U2, the first processed copyrighted work data M1i or the encrypted first processed copyrighted data is not transferred to the second user U2.

When the computer of the first user U1 has a data storage device, the collected copyrighted work data or processed data may be stored in the data storage device. Saving is prohibited. In this case, instead of the encrypted first processed label Cle1kb2, an electronic fingerprint F1 obtained by unidirectionally hashing the first processed label can be used, and by doing so, simplified processing by telephone voice can be performed. Label transfer becomes possible.

(7) The second user U2 to which the encrypted first processed label Cle1kb2 has been transferred decrypts the transferred encrypted first processed label Cle1kb2 using the dedicated key Kv2 of the second user U2, and Le1 = D (Cle1kb2 , Kv2)
The first processed label Le1 is encrypted using the dedicated key Kv2 of the second user U2, and Cle1kv2 = E (Le1, Kv2)
The encrypted first processing label Cle1kv2 and the second user label Lu2 together with the data management center Cd
To present.

(8) The data management center Cd presented with the encrypted first processed label Cle1kv2 and the second user label Lu2 decrypts the presented encrypted first processed label Cle1kv2 using the public key Kb2 of the second user U2. , Le1 = D (Cle1kv2, Kb2)
The original copyrighted work data M0i described in the decrypted first processed label Le1 is collected, and the original copyrighted work data M0i is processed using the processing tool Pe based on the first scenario S1i also described in the first processed label Le1. To reproduce the first processed copyrighted work data M1i.

The data management center Cd that has reproduced the first processed copyrighted work data M1i encrypts the first processed copyrighted work data M1i and the processing tool Pe using the public key Kb2 of the second user U2, and Cm1ikb2 = E (M1i, Kb2).
Cpekb2 = E (Pe, Kb2)
The encrypted first copyrighted work data Cm1ikb2 and the encryption processing tool Cpekb2 are transferred to the second user U2.

(9) The second user U2 to whom the encrypted first processed copyrighted work data Cm1ikb2 and the encryption processing tool Cpekb2 are distributed receives the encrypted first processed copyrighted work data Cm1ikb2 and the encrypted processing tool Cpekb2 for the second user U2. M1i = D (Cm1ikb2, Kv2)
Pe = D (Cpekb2, Kv2)
Then, the decrypted first processed copyrighted work data M1i is processed using the decrypted processing tool Pe to obtain second processed copyrighted work data M2i (i = 1, 2, 3,...).

(10) The second user U2 who obtained the second processed copyrighted work data M2i encrypts the second scenario S2i, which is the processed data of the second processed copyrighted work data M2i, with the public key Kbc of the data management center, and Cs2ikbc = E (S2i, Kbc)
The second encrypted scenario Cs2ikbc is presented to the data management center Cd together with the second user label Lu2.

(11) The data management center Cd presented with the second encryption scenario Cs2ikbc decrypts the second encryption scenario Cs2ikbc using the dedicated key Kvc of the data management center Cd, and S2i = D (Cs2ikbc, Kvc)
Based on the presented user label of the second user U2 and the decrypted second processing scenario S2i, a second processing label Le2 is created and stored in the data management center Cd, and the second processing label Le2 is stored in the first user U2. Encrypted using the public key Kb2, Cle2kb2 = E (Lei, Kb2)
The encrypted second processed label Cle2kb2 is transferred to the second user U2.

(12) The second user U2 to which the second encrypted processing label Cle2kb2 has been transferred decrypts the second encrypted processing label Cle2kb2 using the dedicated key Kv2 of the second user U2, and Le2 = D (Cle2kb2, Kv2
)
The decrypted second processed label Le2 is encrypted using the public key Kb3 of the third user U3, and Cle2kb3 = E (Le2, Kb3)
The encrypted second processed label Cle2kb3 is transferred to the third user U3. Thereafter, the same operation is repeated.

  In the fourth embodiment using this distributed object system, the copyrighted work data is not stored by the user, but is stored only in the database. Only the processed label on which the information of the processed tool, the processed scenario, and the processed user information are described is managed and saved, and only the processed label is encrypted and transferred between the users. Therefore, the copyrighted work data is not stored, copied, or transferred.

  Further, in the system of this embodiment, only the public key and the dedicated key are used, and the validity of the public key has been authenticated in advance by the data management center, and the authentication by the data management center is absolute. , PEM. Then, since the processed label to be transferred is encrypted by the user public key whose validity has been authenticated in advance by the data management center and transferred, the content is sure that the content is indirectly authenticated by the data management center. It will be. Since the processed label itself is transferred between users without being transferred to the data management center, the authentication performed in the process can be said to be a horizontal distributed authentication system represented by PGP. In this way, the system of this embodiment realizes an authentication system having both the feature that the hierarchical authentication system has high reliability and the feature that the horizontal distributed authentication system is easy to handle.

  In addition, all actions of the user using the copyrighted work data and the details of the actions are grasped by the data management center based on the user label presented by the user. Since all uses, including processing of copyrighted works, are performed via the data management center, the identity of each user is securely confirmed, and by confirming the content and progress of the act, the content of copyrighted work data is confirmed. And proof of history is performed. When this content certification is applied to electronic commerce and the like, it is possible to certify the transaction content by the data management center, that is, to perform “electronic notarization”.

  Further, when a digital signature is attached to the user label or the processed label, if a computer virus enters the user label or the processed label, the label data changes, and as a result, the hash value changes. Therefore, the intrusion of the computer virus can be detected by verifying the digital signature. If hash value conversion is performed without performing a digital signature, the intrusion of a computer virus can be detected because the user label or the processed label is invalid depending on the changed hash.

  Also in this embodiment, since all the actions of the user who uses the copyrighted work data and the contents of the actions are grasped by the data management center by the user label presented by the user, any of the above-mentioned billing methods effectively functions. I do.

Fifth Embodiment An embodiment in which the system of the present invention is applied to electronic commerce will be described. First, a basic case in which all processing is performed through an intermediary will be described with reference to FIG.
(1) The user (consumer) U browses the merchandise catalog of the intermediary S via the network, and sends the transaction data Qm such as an estimate, an order form, and settlement information on the order of the product desired to be purchased to the intermediary S. Request to S.

(2) Upon receiving the request for the transaction data Qm, the intermediary S encrypts the request R for the transaction data Qm and the first secret key Ks1 made by the user U using the public key Kbm of the maker (producer) M, Crkbm = E (R, Kbm)
Cks1kbm = E (Ks1, Kbm)
An encryption request Crkbm and an encrypted first secret key Cks1kbm are sent to the maker M.

(3) The maker M to which the encryption request Crkbm and the first encrypted secret key Cks1kbm have been sent decrypts the sent encryption request Crkbm and the first encrypted secret key Cks1kbm using the maker M's dedicated key Kvm. , R = D (Crkbm, Kbm)
Ks1 = D (Cks1kbm, Kbm)
The transaction data Qm corresponding to the request R is encrypted using the decrypted first secret key Ks1, and Cqmks1 = E (Qm, Ks1)
The encrypted transaction data Cqmks1 is sent to the broker S.

(4) The broker S who has received the encrypted transaction data Cqmks1 decrypts the transmitted encrypted transaction data Cqmks1 using the first secret key Ks1, and Q = D (Cqks1, Ks1).
The decrypted transaction data Qm is re-encrypted using the second secret key Ks2, and Cqmks2 = E (Qm,
Ks2)
The second secret key KS2 is encrypted using the user's public key Kbu, and Cks2kbu = E (Ks2, Kbu)
The encrypted transaction data Cqmks2 and the encrypted second secret key Cks2kbu are sent to the user U.

(5) The user U that has received the encrypted transaction data Cqmks2 and the encrypted second secret key Cks2kbu decrypts the encrypted second secret key Cks2kbu using the user U's dedicated key Kvu, and Ks2 = D (Cks2kbu, Kvu)
The encrypted transaction data Cqmks2 is decrypted using the decrypted second secret key Ks2, and Qm = D (Cqmks2, Ks2)
The order is written into the decrypted transaction data Qm by processing the data to create an order form Qu, the created order form Qu is encrypted using the second secret key Ks2, and Cquks2 = E (
Qu, Ks2)
Send the encrypted order form Cquks2 to the broker S.

(6) The intermediary S that has received the encrypted order form Cquks2 decrypts the encrypted order form Cquks2 using the second secret key Ks2, and Qu = D (Cquks2, Ks2).
The decrypted purchase order Qu is encrypted using the maker M's public key Kbm, and Cqukbm = E (Qu, Kbm)
The encrypted order Cqukbm is transferred to the maker M.

The maker M to which the encrypted order form Cqukbm has been transferred decrypts the encrypted order form Cqukbm using the maker M's dedicated key Kvm, and Qu = D (Cqukbm, Kvm)
The order processing is performed according to the contents of the decrypted purchase order Qu.

  Next, an exceptional process when a user places an order directly with a manufacturer will be described with reference to FIG. In this exceptional case, until the stage where the encrypted transaction data Cqmks2 and the encrypted second secret key Cks2kbu of (4) are sent to the user U, the basic case shown in FIG. Therefore, the repetitive description will be omitted, and only the steps different from the basic case will be described.

(7) The user U who has received the encrypted transaction data Cqmks2 and the encrypted second secret key Cks2kbu decrypts the encrypted second secret key Cks2kbu using the user U's dedicated key Kvu, and Ks2 = D (Cks2kbu, Kvu)
The encrypted transaction data Cqmks2 is decrypted using the decrypted second secret key Ks2, and Qm = D (Cqmks2, Ks2)
The order is written into the decrypted transaction data Qm by processing the data to create an order form Qu, the created order form Qu is encrypted using the second secret key Ks2, and Cquks2 = E (
Qu, Ks2)
Send the encrypted order form Cquks2 to the maker M.

(8) The maker M that has received the encrypted order Cquks2 transfers the encrypted order Cquks2 to the seller S.
(9) The broker S to which the encrypted order Cquks2 has been transferred decrypts the encrypted order Cquks2 using the second secret key Ks2, and Qu = D (Cquks2, Ks2).
The decrypted purchase order Qu is encrypted using the maker M's public key Kbm, and Cqukbm = E (Qu, Kbm)
Transfer to maker M.
(10) The maker M to which the encrypted order form Cqukbm has been transferred decrypts the encrypted order form Cqukbm using the maker M's dedicated key Kvm, and Qu = D (Cqukbm, Kvm)
The order processing is performed according to the contents of the purchase order Qu.

The merchandise to be subjected to the commerce can be handled not only by goods but also by computer software performed through a network. The software P traded in that case is encrypted by the maker M using the maker's dedicated key Kvm, and Cpkvm = E (P, Kvm)
The encryption software Cpkvm is transferred to the broker S, and the transferred encryption software Cpkvm is decrypted by the broker S using the public key Kbm of the maker M, and P = D (Cpkvm, Kbm)
The intermediary S encrypts the decrypted software P using the public key Kbu of the user U, and Cpkbu = E (P, Kbu)
The encrypted software Cpkbu is transferred to the user U, and the transferred encrypted software Cpkbu is decrypted by the user U using the dedicated key Kvu.
P = D (Cpkbu, Kvu)
Furthermore, encryption keys of encryption software stored in a storage medium such as a CD-ROM are distributed for a fee, and this encryption key is also used for commercial transactions in the same manner as the computer software described here. It can be.

  In the basic case described with reference to FIG. 12A, all of the transactions are performed through an intermediary, so that various failures caused by excluding the intermediary from the transaction process are prevented beforehand. Even in the exceptional case described with reference to FIG. 12B, in order for the manufacturer to know the contents of the purchase order and perform order processing, the encrypted purchase order is transferred to the broker and decrypted by the broker. I need to get it. Therefore, also in this case, since the intermediary is always involved in the transaction process, the occurrence of various obstacles due to the exclusion of the intermediary from the transaction process is similarly prevented. In addition, the secret key to be sent can be sent alone by being incorporated in the transaction data in addition to being sent alone.

<Others>
The present embodiment further discloses the following technology (hereinafter, referred to as supplementary notes).
(Supplementary Note 1) A data management system for managing digital data transferred from a data owner to a data user via a communication network, wherein the data management system includes a secret key, a public key, a dedicated key, and a data owner. A label, a data user label, and a data label are used; a data management center is located on the communication network in link with a public key storage authority and a private key generation authority; Authenticating the user's public key and storing the data owner label, the data user label and the data label; the data owner presenting the data owner label and the data label to manage the data Requesting a secret key for data encryption from the data center; A data label fingerprint, and distributes the data label fingerprint and an encryption secret key encrypted using the data owner's public key to the data owner; Encrypting data using the secret key decrypted using a key, and transmitting the encrypted data, the data label and the data label fingerprint to a first user; The user label of the user, the data label and the data label fingerprint are presented, and a secret key for decrypting the encrypted data and a secret key for re-encrypting the decrypted data are provided to the data management center. Request; the data management center confirms the validity of the data label with the data label fingerprint, and registers the user label of the first data user. And encrypting the secret key for decrypting the encrypted data and the decrypted secret key for re-encrypting the data using the public key of the first data user, and encrypting the first data user. The first data user decrypts the decryption private key and the re-encryption private key using the private key of the first data user, and uses the decryption private key. The encrypted data is decrypted and used, and the decrypted data is encrypted using the re-encryption private key, stored and copied, and the encrypted data is stored in a data label, a data label fingerprint and the first data. The data is transferred to the next data user together with the user label of the user.
(Supplementary Note 2) The data management system according to Supplementary Note 1, wherein the copyright registration is performed by the data owner presenting the data owner label and the data label to a data management center.
(Supplementary note 3) The data management system according to supplementary note 1, wherein the data is processed by a user of the data, and the processed contents of the data are added to the data label.
(Supplementary Note 4) The data management system according to Supplementary Note 3, wherein a secondary copyright registration is performed by the data user presenting a data label describing the user label of the data and the processing content to the data management center. .
(Supplementary Note 5) The digital data management system according to Supplementary Note 3 or 4, wherein the data is plural.
(Supplementary note 6) The data management system according to Supplementary note 1, Supplementary note 2, Supplementary note 3, Supplementary note 4, or Supplementary note 5, wherein the data label is digitally signed.
(Supplementary note 7) Supplementary note 1, Supplementary note 2, Supplementary note 3, Supplementary note 4, Supplementary note 5, wherein charging is performed based on the data user presenting the user label and the data label to a data management center.
Or the data management system according to supplementary note 6.
(Supplementary note 8) The data management system according to supplementary note 7, wherein the charging is performed by a usage result metering postpayment method.
(Supplementary note 9) The data management system according to supplementary note 8, wherein the usage record metering data is stored in a data management center.
(Supplementary note 10) The data management system according to supplementary note 8, wherein the usage record metering data is stored in a user device.
(Supplementary note 11) The data management system according to supplementary note 7, wherein the charging is performed by a prepaid method.
(Supplementary note 12) The data management system according to supplementary note 11, wherein the prepaid data is stored in a data management center.
(Supplementary note 13) The data management system according to supplementary note 11, wherein the prepaid data is stored in a user device.
(Supplementary note 14) Supplementary note 1, Supplementary note 2, Supplementary note 4, Supplementary note 5, Supplementary note 6, Supplementary note 7, Supplementary note 8 in which the digital data has a normal file structure and only the data body is encrypted. , Supplementary Note 9, Supplementary Note 10, Supplementary Note 11, Supplementary Note 12, or Data Note 13.
(Supplementary note 15) The data management system according to supplementary note 14, wherein a part of the data body is encrypted.
(Supplementary note 16) The data management system according to supplementary note 15, wherein a part of the data body is continuously encrypted.
(Supplementary note 17) The data management system according to supplementary note 15, wherein a part of the data body is discontinuously encrypted.
(Supplementary note 18) Supplementary note 1, Supplementary note 2, Supplementary note 4, Supplementary note 5, Supplementary note 6, Supplementary note 7, wherein the digital data has a normal file structure and the data header and the data body are encrypted. The data management system according to Supplementary Note 8, 9, 9, 10, 11, 12, or 13.
(Supplementary note 19) The data management system according to claim 18, wherein a part of the data header and the whole of the data body are encrypted.
(Supplementary note 20) The data management system according to claim 18, wherein a part of the data header and a part of the data body are encrypted.
(Supplementary note 21) The digital data has a normal file structure, and only the data header is encrypted. 14. The data management system according to claim 7, claim 8, claim 9, claim 9, claim 10, claim 11, claim 12, or claim 13.
(Supplementary note 22) The data management system according to supplementary note 21, wherein the entire data header is encrypted.
(Supplementary note 23) The data management system according to supplementary note 21, wherein only a part of the data header is encrypted.
(Supplementary note 24) Supplementary note 1, Supplementary note 2, Supplementary note 4, Supplementary note 5, Supplementary note 6, Supplementary note 7, Supplementary note 7, wherein the digital data has a normal file structure and only the copyright label is encrypted. 8. The data management system according to supplementary note 9, supplementary note 10, supplementary note 11, supplementary note 12, or supplementary note 13.
(Supplementary note 25) The data management system according to supplementary note 24, wherein only a part of the copyright label is encrypted.
(Supplementary Note 26) The digital data has an object format file structure, and the method is encrypted. Appendix 1, Appendix 2, Appendix 3, Appendix 4, Appendix 5, Appendix 6, Appendix 7, Appendix 8, The data management system according to Supplementary Note 9, 9, 10, 11, 12, or 13.
(Supplementary Note 27) A system for managing digital data transferred from a data owner to a data user via a broadcast, communication network, or a data storage medium: the data management system includes a public key, a dedicated key, and data use. A data management center and a data owner are located on the communication network in link with a public key repository; and the data management center is a public key of the data owner and the data user. The data user label and the data label are stored; the first data user presents the data user label to obtain and use the data and data label from within the network; After termination, the data is not stored in the data user's device.
(Supplementary note 28) The data management system according to supplementary note 27, wherein the data is deleted and is not stored in the device of the data user.
(Supplementary note 29) The data management system according to supplementary note 27, wherein the data is not stored in the data user's device because the data is one-way hashed.
(Supplementary note 30) The data management according to Supplementary note 27, wherein the data management center is further linked to a secret key generation organization, and the data is encrypted using a secret key and stored in the data user's device. system.
(Supplementary Note 31) The data management system according to Supplementary Note 28, Supplementary Note 29, or Supplementary Note 30, wherein data is processed, and a processed label is obtained by adding data processing contents to the data label.
(Supplementary note 32) The data management system according to supplementary note 31, wherein only the processed label is transferred to a next data user.
(Supplementary Note 33) The processed label is encrypted using the public key of the next user and transferred to the next data user; the next data user uses the encrypted processed label for the next data Decrypted using the user's private key, presenting the decrypted processed label to the data management center; the data management center transferring data to the next data user based on the processed label; 33. The data management system according to supplementary note 32, wherein a user processes and uses the data based on the processed data of the processed label.
(Supplementary Note 34) The first user transfers the processed data to the next user; the next data user presents the processed data to the data management center by the next data user; The data management system according to attachment 32, wherein the management center transfers the data to the next data user based on the processing label; and the next user processes and uses the data based on the processing data of the processing label.
(Supplementary note 35) The data management system according to claim 34, wherein the first user digitally signs the processed label using a dedicated key of the first user.
(Supplementary note 36) Claim 28, Claim 29, Claim 30, and Claim 31 wherein the data is plural.
36. A digital data management system according to claim 32, claim 33, claim 34, or claim 35.
(Supplementary note 37) Billing is performed based on the data user presenting the user label and the data label to a data management center. 37. A data management system according to claim 31, claim 32, claim 33, claim 34, claim 35 or claim 36.
(Supplementary note 38) The data management system according to supplementary note 37, wherein the charging is performed by a usage result metering postpayment method.
(Supplementary note 39) Supplementary note 3 in which the usage record metering data is stored in a data management center
8. The data management system according to item 8.
(Supplementary note 40) The data management system according to supplementary note 38, wherein the usage record metering data is stored in a user device.
(Supplementary note 41) The data management system according to supplementary note 37, wherein the charging is performed by a prepaid method.
(Supplementary note 42) The data management system according to supplementary note 41, wherein the prepaid data is stored in a data management center.
(Supplementary note 43) The data management system according to supplementary note 41, wherein the prepaid data is stored in a user device.
(Supplementary note 44) Supplementary note 28, supplementary note 29, supplementary note 30, supplementary note 31, supplementary note 32, supplementary note 33, supplementary note 34, supplementary note 35, wherein the digital data has a normal file structure, and only the data body is encrypted. , Supplementary note 36, Supplementary note 37, Supplementary note 38, Supplementary note 39, Supplementary note 40, Supplementary note 41, Supplementary note 42, or Supplementary note 43.
(Supplementary note 45) The data management system according to supplementary note 44, wherein a part of the data body is encrypted.
(Supplementary note 46) The data management system according to supplementary note 45, wherein a part of the data body is continuously encrypted.
(Supplementary note 47) The data management system according to supplementary note 45, wherein a part of the data body is discontinuously encrypted.
(Supplementary Note 48) Supplementary Note 28, Supplementary Note 30, Supplementary Note 31, Supplementary Note 32, Supplementary Note 33, Supplementary Note 34, Supplementary Note 34, wherein the digital data has a normal file structure, and a data header and a data body are encrypted. 35, a supplementary note 36, a supplementary note 37, a supplementary note 38, a supplementary note 39, a supplementary note 40, a supplementary note 41, a supplementary note 42 or a supplementary note 43.
(Supplementary note 49) The data management system according to supplementary note 48, wherein a part of the data header and the entire data body are encrypted.
(Supplementary Note 50) Supplementary note 4 in which a part of the data header and a part of the data body are encrypted.
8. The data management system according to item 8.
(Supplementary Note 51) The digital data has a normal file structure, and only the data header is encrypted. Supplementary note 28, Supplementary note 30, Supplementary note 31, Supplementary note 32, Supplementary note 33, Supplementary note 34, Supplementary note 35, The data management system according to supplementary note 36, supplementary note 37, supplementary note 38, supplementary note 39, supplementary note 40, supplementary note 41, supplementary note 42 or supplementary note 43.
(Supplementary note 52) The data management system according to supplementary note 51, wherein the entire data header is encrypted.
(Supplementary note 53) The data management system according to supplementary note 51, wherein only a part of the data header is encrypted.
(Supplementary note 54) Supplementary note 27, Supplementary note 29, Supplementary note 30, Supplementary note 31, Supplementary note 32, Supplementary note 34, Supplementary note 34 in which the digital data has a normal file structure and only the copyright label is encrypted. , Appendix 35, Appendix 36, Appendix 37, Appendix 38, Appendix 39, Appendix 40, Appendix 41, Appendix 42, or Appendix 43.
(Supplementary note 55) The data management system according to supplementary note 54, wherein only a part of the copyright label is encrypted.
(Supplementary Note 56) The digital data has a file structure in an object format, and the method is encrypted. 35, Supplementary note 36, Supplementary note 37, Supplementary note 38, Supplementary note 39, Supplementary note 40, Supplementary note 41 or the data management system according to Supplementary note 42 or Supplementary note 43.
(Supplementary Note 57) A commercial transaction system performed between a consumer and a producer through an intermediary: a private key, a public key-a dedicated key are used; Located on a communication network in link with an authority and a secret key generator; the consumer requests transaction data from the intermediary; the intermediary is encrypted using the producer's public key. Forwarding the consumer's transaction data request to the producer along with a secret key for decryption; the producer decrypts the secret key for encryption using the producer's private key; Encrypting the transaction data with a key and sending it to the intermediary; the intermediary decrypts the encrypted transaction data using the encryption private key and re-encrypts the decrypted transaction data; Secret key And re-encrypted with the private key for re-encryption using the public key of the consumer and transferred to the consumer with the re-encryption key; Decrypting the encryption private key, decrypting the encrypted commercial transaction data using the decrypted re-encryption private key, filling in the order entry in the decrypted commercial transaction data, creating an order form, Encrypting the order using the re-encryption secret key and sending the re-encryption order to the intermediary; the intermediary using the re-encryption secret key to reorder the order; Decrypting the purchase order, encrypting the decrypted purchase order using the producer's public key, and transmitting the encrypted purchase order to the producer; the producer uses the producer's private key The encrypted order form is decrypted and an order processing is performed.
(Supplementary note 58) The data management system according to supplementary note 57, wherein the digital data has a normal file structure, and only the data body is encrypted.
(Supplementary note 59) The data management system according to supplementary note 58, wherein a part of the data body is encrypted.
(Supplementary note 60) The data management system according to supplementary note 59, wherein a part of the data body is continuously encrypted.
(Supplementary note 61) The data management system according to supplementary note 59, wherein a part of the data body is discontinuously encrypted.
(Supplementary note 62) The data management system according to supplementary note 57, wherein the digital data has a normal file structure, and a data header and a data body are encrypted.
(Supplementary note 63) The data management system according to supplementary note 62, wherein a part of the data header and the entire data body are encrypted.
(Supplementary Note 64) A supplementary note 6 in which a part of the data header and a part of the data body are encrypted.
2. The data management system according to 2.
(Supplementary note 65) The data management system according to supplementary note 57, wherein the digital data has a normal file structure, and only a data header is encrypted.
(Supplementary note 66) The data management system according to supplementary note 65, wherein the entire data header is encrypted.
(Supplementary note 67) The data management system according to supplementary note 65, wherein only a part of the data header is encrypted.
(Supplementary note 68) The data management system according to supplementary note 57, wherein the digital data has a normal file structure, and only a copyright label is encrypted.
(Supplementary note 69) The data management system according to supplementary note 68, wherein only a part of the copyright label is encrypted.
(Supplementary note 70) The data management system according to supplementary note 57, wherein the digital data has a file structure in an object format, and the method is encrypted.

Explanatory drawing of a label. Explanatory drawing of a label, a data header, and a data body. FIG. 4 is an explanatory diagram of label and data encryption. FIG. 4 is an explanatory diagram of encryption of a data header and a data body. FIG. 4 is an explanatory diagram of encryption of a label, a data header, and a data body. FIG. 4 is an explanatory diagram of object file encryption. FIG. 1 is a schematic configuration diagram of a digital data management system according to a first embodiment of the present invention. FIG. 7 is a schematic configuration diagram of a digital data management system according to a second embodiment of the present invention. FIG. 4 is an explanatory diagram of a technique for generating one data from a plurality of data. FIG. 9 is a schematic configuration diagram of a digital data management system according to a third embodiment of the present invention. FIG. 9 is a schematic configuration diagram of a digital data management system according to a fourth embodiment of the present invention. FIG. 9 is a schematic configuration diagram of a digital data management system according to a third embodiment of the present invention.

Claims (55)

A data management system for managing digital data transferred from a data owner's terminal to a data consumer's terminal via a communication network, comprising:
In the data management system, a secret key, a public key, a private key, a data owner label, a data user label and a data label are used;
A data management center located on the communication network in link with a public key storage authority and a private key generation authority, comprising a computer and a recording device;
The computer of the data management center is:
Authenticating the public key of the data owner and the data user and storing the data owner label, the data user label and the data label in the recording device,
Accepting a request for a data encryption private key that presents a data owner label and a data label from the data owner,
Creating a data label fingerprint from said data label,
Distributing the data label fingerprint and the encryption private key encrypted using the data owner's public key to the data owner's terminal device,
The data owner's terminal device encrypts data using the secret key decrypted using the data owner's private key, and sends the encrypted data, the data label, and the data label fingerprint to the first user. Transfer, the first data user presents the first data user's user label, the data label and the data label fingerprint, and a secret key for decrypting the encrypted data to the data management center. When requesting a secret key for re-encrypting the decrypted data, accepting the request,
Confirming the validity of the data label by the data label fingerprint,
Registering the user label of the first data user, a secret key for decrypting the encrypted data and a secret key for re-encrypting the decrypted data, the public key of the first data user. And distributed to the terminal device of the first data user using encryption.
The terminal device of the first data user decrypts the decryption secret key and the re-encryption secret key using the first data user's dedicated key, and uses the decryption secret key. Decrypts and uses the encrypted data, encrypts the decrypted data using the re-encryption secret key, saves and copies the encrypted data, and uses the encrypted data as a data label, a data label fingerprint and the first data A data management system that forwards data to the next data user terminal device together with the user label of the user. The computer receives presentation of the data owner label and the data label from the data owner terminal device,
2. The data management system according to claim 1, wherein a copyright of the data is registered when the presentation is accepted. The data management system according to claim 1, wherein the data is processed by a user of the data, and details of the data processing are added to the data label. The computer receives a presentation of a data label from which the data user describes the user label and the processing content of the data,
4. The data management system according to claim 3, wherein a secondary copyright of the data is registered when the presentation is accepted. The data management system according to claim 3, wherein the data is plural. 6. The data management system according to claim 1, wherein the data label is digitally signed. 2. The computer according to claim 1, wherein the computer charges the data user based on the terminal device presenting the user label and the data label to a data management center. The data management system according to claim 5 or 6. 8. The data management system according to claim 7, wherein the charging is performed by a usage result metering postpayment method. The data management system according to claim 8, wherein the recording device stores the usage record metering data. 9. The data management system according to claim 8, wherein the usage result metering data is stored in a user device. 8. The data management system according to claim 7, wherein the charging is performed by a prepaid system. The data management system according to claim 11, wherein the recording device stores the prepaid data. The data management system according to claim 11, wherein the prepaid data is stored in a user terminal device. The digital data has a normal file structure, and only the data body is encrypted. 14. A data management system according to claim 8, claim 9, claim 10, claim 11, claim 12, or claim 13. The data management system according to claim 14, wherein a part of the data body is encrypted. The data management system according to claim 15, wherein a part of the data body is continuously encrypted. The data management system according to claim 15, wherein a part of the data body is discontinuously encrypted. The digital data has a normal file structure, and a data header and a data body are encrypted. 14. The data management system according to claim 7, claim 8, claim 9, claim 10, claim 11, claim 12, or claim 13. 19. The data management system according to claim 18, wherein a part of the data header and the entire data body are encrypted. 19. The data management system according to claim 18, wherein a part of the data header and a part of the data body are encrypted. The digital data has a normal file structure, and only the data header is encrypted. 14. A data management system according to claim 8, claim 9, claim 10, claim 11, claim 12, or claim 13. 22. The data management system according to claim 21, wherein the entire data header is encrypted. 22. The data management system according to claim 21, wherein only a part of the data header is encrypted. The digital data has a normal file structure, and only the copyright label is encrypted. The data management system according to claim 7, claim 8, claim 9, claim 10, claim 11, claim 12, or claim 13. The data management system according to claim 24, wherein only a part of the copyright label is encrypted. The digital data has a file structure in an object format, and the method is encrypted. 14. The data management system according to claim 8, claim 9, claim 10, claim 11, claim 12, or claim 13. A system for managing digital data transferred from a data owner's terminal device to a data user's terminal device via a broadcast or communication network or a data storage medium, comprising a data management system and one or more data owner's terminals Including the device and one or more data consumer terminal devices:
In the data management system, a public key, a private key, a data user label and a data label are used, and a computer is provided;
A data management center and a data owner are located on the communication network in link with a public key repository;
A computer of the data management center authenticates the public key of the data owner and the data user and stores the data user label and the data label;
The data user terminal device obtains the data and the data label from within the network by presenting the data user label,
Prohibiting storage of the data in the device after use of the data is completed,
Processing the data,
A system for obtaining a processed label by adding processing details of the data to the data label. 28. The system of claim 27, wherein erasing said data prohibits storage of said data in the device. 28. The system according to claim 27, wherein storing the data in the device is prohibited by performing a one-way hash value conversion on the data. 28. The system of claim 27, wherein the data management center is further linked to a secret key generator and the data is encrypted using a secret key and stored in the data consumer's device. 28. The system according to claim 27, wherein the data user terminal transfers only the processed label to the next data user terminal. The processing label is encrypted using the next user's public key and transferred to the next data user's terminal device;
The terminal device of the next data user decrypts the encrypted processed label using the dedicated key of the next data user, and presents the decrypted processed label to the data management center;
The data management center transfers unprocessed data to the next data user's terminal device based on the processed label;
32. The system according to claim 31, wherein the terminal device of the next data user processes and uses data based on processing data indicating processing details included in the processing label. The first data user terminal transfers the processed label to the next data user terminal;
The next data user terminal device presents the processed label to the data management center;
The data management center transfers unprocessed data to the next data user's terminal device based on the processed label;
32. The system according to claim 31, wherein the terminal device of the next user processes and uses data based on processing data indicating processing contents included in the processing label. 34. The system of claim 33, wherein the first data user terminal device digitally signs the processed label using the first data user private key. 35. The system according to claim 27, claim 28, claim 29, claim 30, claim 31, claim 33, claim 33 or claim 34, wherein the data is plural. 31. The data management system according to claim 27, claim 28, claim 29, and claim 30, wherein charging is performed based on the data user terminal device presenting the user label and the data label to a data management center. 36. The system according to claim 31, claim 31, claim 32, claim 33, claim 34, or claim 35. 37. The system according to claim 36, wherein said charging is performed by a usage performance metering postpaid system. The system according to claim 37, wherein the usage record metering data is stored in a data management center. The system according to claim 37, wherein the usage record metering data is stored in a user terminal device. 37. The system of claim 36, wherein said billing is performed on a prepaid basis. 41. The system of claim 40, wherein said prepaid data is stored in a data management center. 41. The system of claim 40, wherein the prepaid data is stored on a user terminal. 27, 28, 29, 30, 30, 31, 32, 33, 33, 33, 32, and 33, wherein the digital data has a normal file structure, and only the data body is encrypted. The system according to claim 34, claim 34, claim 35, claim 36, claim 37, claim 38, claim 39, claim 40, claim 41 or claim 42. 44. The system of claim 43, wherein a portion of the data body is encrypted. The system of claim 44, wherein a portion of the data body is continuously encrypted. The system of claim 44, wherein a portion of the data body is discontinuously encrypted. The digital data has a normal file structure, and a data header and a data body are encrypted. 27, 28, 29, 30, 30, 31, 32, The system according to claim 33, claim 34, claim 35, claim 36, claim 37, claim 38, claim 39, claim 40, claim 41, or claim 42. The system of claim 47, wherein a portion of the data header and the entire data body are encrypted. The system of claim 47, wherein a portion of the data header and a portion of the data body are encrypted. 27, 28, 29, 30, 30, 31, 32, 33, wherein said digital data has a normal file structure, and only the data header is encrypted. The system according to claim 34, claim 34, claim 35, claim 36, claim 37, claim 38, claim 39, claim 40, claim 41 or claim 42. The system of claim 50, wherein all of the data headers are encrypted. The system of claim 50, wherein only a portion of the data header is encrypted. 27, 28, 29, 30, 30, 31, 32, and 33, wherein the digital data has a normal file structure, and only the copyright label is encrypted. The system according to claim 34, claim 34, claim 35, claim 36, claim 37, claim 38, claim 39, claim 40, claim 41 or claim 42. The system of claim 53, wherein only a portion of the copyright label is encrypted. 27, 28, 29, 30, 30, 31, 32, 33, and 33, wherein the digital data has a file structure in an object format, and the method is encrypted. The system according to claim 34, claim 35, claim 36, claim 37, claim 38, claim 39, claim 40, claim 41 or claim 42.

Images