JP2007026080A - Storage device with time stamp function - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a mechanism and a user interface allowing a user to easily perform time authentication for data stored in a file server and to deal with the problem of the expiration date of time authentication without errors by extending the expiration date of time authentication according to user settings before the expiration date comes. <P>SOLUTION: A filer server has the function of extending the expiration date according to user settings, either automatically or after making confirmation. When the expiration date is extended, a new time stamp is stored in association with data and previous time stamps. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to a storage device that is connected to another digital data processing device via a predetermined communication medium and provides a time authentication function for stored digital data.

  Conventionally, some digital data processing devices such as computers, printers, fax machines, and multi-function peripherals have a clock, and the data creation time and job processing time are attached with reference to the time stamped by this clock. ing. The time engraved by this clock can be freely set by the administrator or user of these electronic devices, and it cannot be prevented that a time different from the actual time is given. In other words, it cannot be said that the system has enough time to trust that the time given by the system software of the electronic device is correct as viewed from a third party.

As a conventional example, for example, Patent Document 1 can be cited.
JP 2000-276430 A

  In order to solve this problem, it is only necessary to have a fair third party prove the time when the created data exists. A fair third party that performs this proof is a so-called time certificate authority, which provides a service on the Internet to authenticate it with time data (time stamp) based on the time stamped with a precise clock. Yes. Since this time certificate authority has a function that satisfies the standard, the time stamped by others is recognized as correct. In other words, both those requesting the time stamp and those confirming the time stamp can trust the time stamp by believing in the time certificate authority.

  However, requesting the time certificate authority to attach a time stamp and confirming the time stamp attached to the time certificate authority are generally performed on a PC (personal computer). The specific procedure is to create some digital data on the PC. After that, calculate the hash value of the digital data on the PC, select the time certificate authority to receive authentication, send the hash value to it, and receive the time stamp created by the time certificate authority The digital data of the paper document and the received time stamp are managed as a set. Furthermore, when the time stamp is confirmed by the time certificate authority, the time stamp is sent to the time certificate authority, the result confirmed by the time certificate authority is received, and the result is displayed on the screen of the PC. The time authentication and confirmation thereof are performed by the above procedure. In this case, the time-authenticated digital data and the time stamp that proves the time exist as separate files, and there is a problem that management becomes complicated. . Therefore, if it becomes possible to generate and confirm time authentication in a storage server that stores digital data, it is possible to save much time and effort. However, although it is possible to restrict access to the storage server, once it is downloaded from the storage server to the local digital data processing device, it cannot be prevented from changing it. The time-stamped time stamp and its digital data should not be changed after authentication. This means that if digital data is changed after authentication, it is determined to be invalid based on the time-stamped time stamp. Furthermore, the time stamp has an expiration date like other digital certificates. If the expiration date has passed, there is a problem that even if the time stamp is pressed, the contents cannot be modified or the time of existence cannot be verified.

  The present invention has been made to solve the above-described problems, and it is possible to store digital data in an unchangeable format so that time authentication can be verified while storing the digital data so that it can be edited. Furthermore, a storage server capable of solving the problem of the expiration date of the time stamp is provided.

In a storage device that stores data,
Means for calculating the hash value of the stored data;
Means for transmitting the hash value to a time certificate authority;
Means for requesting time authentication from the time certificate authority;
Means for storing a time stamp received from the time certification authority;
Is provided.

  As described above, according to the present invention, time authentication can be performed while digital data is stored in the storage server, and the digital data stored at any time can be downloaded in a variable form for editing, The authenticated digital data can be downloaded to a third party to be verified and time-authenticated in an unchangeable form.

〔System configuration〕
FIG. 1 is a configuration diagram of a device in an embodiment of the present invention. Here, there are an image processing apparatus 102, an information processing apparatus 103, a time authentication server 104, and a storage server 105, and these can communicate with each other via the network 101. The image processing apparatus 102 scans a paper document, processes and prints a print job sent from the information processing apparatus 103, processes print data put by the FTP protocol from the information processing apparatus 103, A function is provided for scanning a paper document, converting the image into PDF data, attaching it to an e-mail, and sending it to the information processing apparatus 103 or storage server 105. The information processing device 103 creates digital data by an application such as document software, calculates a hash value of the digital data and transmits it to the time authentication server 104, and receives a time stamp from the time authentication server 104 thereafter. It has a function to do. The time authentication server 104 has a clock that accurately records time according to the standard, generates a time stamp based on the time, and in accordance with requests from the image processing device 102, the information processing device 103, the storage server 105, etc. It has functions for sending time stamps and verifying the created time stamps. The storage server 105 has a function of receiving and storing digital data from these in accordance with requests from the image processing apparatus 102, the information processing apparatus 103, the time authentication server 104, etc., and transmitting them to them.

  In this figure, only one image processing apparatus, information processing apparatus, time authentication server, and storage server are shown. However, a case where there are a plurality of image processing apparatuses, information processing apparatuses, time authentication servers, and storage servers is also conceivable. In this embodiment, the network 101 may be a LAN (local area network), INTRANET (intranet), or INTERNET (Internet). Any type of network may be used as long as these devices are connected to the network. For example, a cable is often used in a LAN that is a network for connecting computers in a floor or an office in a building. As a connection method with the Internet, in the past, dial-up by telephone, broadband connection by xDSL or optical fiber is often used recently. As described above, the image processing apparatus 102, the information processing apparatus 103, the time certificate authority 104, and the storage server 105 can be implemented in the same manner regardless of whether they exist on the Internet or on the intranet.

[User operation when creating digital data and uploading to storage server]
Here, a case where digital data is created and uploaded to a storage server will be described.

  First, a user creates digital data using an application such as document software in an information processing apparatus 103 represented by a PC (personal computer). When creation is completed, it is saved as digital data. Since the user wants to share this digital data so that others can edit it again, the user uploads it to the storage server 105 on the network, and stores this digital data in the storage server 105.

  Alternatively, it may be considered that digital data is created by the image processing apparatus 102 represented by a copy and multifunction peripheral. The user sets a paper document on the scanner provided in the image processing apparatus 102 and starts it. The image processing apparatus 102 scans a paper document, reads the image, converts it into digital data such as TIFF or JPEG, and further converts it into a file format such as multi-TIFF or PDF. It is directly uploaded from the image processing apparatus 102 to the storage server 105, or the digital data is once transferred to the information processing apparatus 103 and uploaded to the storage server 105. Thereafter, the storage server 105 receives and stores the digital data.

  Cabinet is shown as an example of the storage server 105. FIG. 2 shows an example of the operation screen when logging in to the service. The first line 201 of the screen has a bar for selecting a menu of commands that can be operated on the operation screen. In this case, there are a file 202, a command 203, and a help 204. The second line 205 of the screen displays the name of the user who has logged in to Cabinet. In this case, the login name is AAA_USER005656. The third line 206 of the screen displays the name of the top directory that the user can access after logging in to Cabinet. A folder list screen 207 in the lower left half displays a list of folders under the folder list screen 207. The right half digital data list screen 209 shows a list of digital data in the folder selected in the left half folder list screen 207 (in this case, Personal 208). In this case, four digital data are stored, and a digital data name 212, a digital data size 213, a creation date 214, a thumbnail display 211 of a representative page, a time stamp state 215, and the like are shown. From this folder name and its date, the target digital data can be accessed. The screen example in FIG. 2 is an example of an operation screen in a dedicated application, but anything can be used. In addition, Microsoft Internet Explorer and HTTP client can be considered as Web clients.

  When uploading to the storage server, create a folder to organize the digital data. When the command 203 is selected from the menu bar 201 in FIG. 2, it is possible to select from the functions prepared as commands as shown in FIG. Here, when “Create Folder” 406 is selected, a screen 301 for naming the folder is displayed as shown on the left side of FIG. When a folder name 302 is input here, a new folder is created on the folder list screen 207 in FIG.

  Thereafter, a newly created folder is selected, and an instruction is given to upload digital data in this folder. Further, the command 203 is selected from the menu bar 201, and the upload 402 in FIG. 4 is selected. Then, a screen 303 for inputting the name of the digital data to be uploaded is displayed as shown on the right side of FIG. When the digital data name 304 is input here, the uploaded digital data is displayed on the digital data list screen 209 in FIG. On the screen, the digital data name 212, the digital data size 213, the creation date 214, the thumbnail display 211 of the representative page, the time stamp state 215, and the like are displayed. When the storage server 105 is accessed after uploading the digital data, the digital data stored in the storage server 105 can be viewed as shown in FIG.

[User operation at time authentication acquisition]
Here, a case will be described in which time authentication is performed on digital data stored in a storage server.

  First, the user logs into the storage server 105 and specifies the target digital data. The method so far is the same as already described in the previous section. After the identification, since the storage server 105 has time authentication, the execution is instructed. A specific example of the screen display at this time is shown in FIG.

  For example, in the screen of FIG. 2, when a target folder name is selected on the folder list screen 207, digital data stored in the folder is displayed. In FIG. 2, when “Personal” 208 is selected on the folder list screen 207, four digital data stored in this folder are displayed on the digital data list screen 209. In this case, “friend” “marriage” “cards” "Map" is saved. For example, an operation for performing time authentication on digital data named “cards” will be described. The digital data “cards” is indicated as “none” in the Time stamp column 215, which indicates that the digital data has not been time-authenticated.

  In the digital data list screen 209 of FIG. 2, a check box in the check column 210 of digital data “cards” is selected. When checked, the check box changes from white to black. Thereafter, “perform time authentication” 408 shown in FIG. After the confirmation screen for the user is displayed, the storage server 105 performs time authentication on the digital data “cards”.

  Since the above-described method is an example of an operation method for performing time authentication on digital data stored in the storage server 105, a method for selecting digital data and a method for instructing time authentication on selected digital data are: As long as the user can instruct the storage server 105, it may be different depending on the application or OS that realizes this screen.

  After time authentication is performed by the time authentication server 104, the storage server 105 receives a time stamp from the time authentication server 104. The received time stamp is stored in association with time-authenticated digital data (in this case, “cards”). For example, a method of saving the time-authenticated digital data and the time stamp in the same folder of the storage server 105 can be considered.

  For example, in the digital data list screen 209 of FIG. 2, the digital data “friend” is time-authenticated and the time stamp is stored, and “done” is displayed in the time stamp state 215.

[User operation at time authentication confirmation]
Here, a case where the user wants to perform time authentication after acquiring time authentication will be described.

  First, the user logs into the storage server 105 and selects the desired digital data. The method so far is the same as already described in the previous section. Of the four digital data shown in the digital data list screen 209 of FIG. 2, “friend” has “done” in its Time stamp field 215, and as described above, this is the time. It shows that it is authenticated and its time stamp is stored. When the digital data “friend” is selected, the display in the check column 210 changes from white to black. Thereafter, “verify time authentication” 409 shown in FIG. After the confirmation screen for the user is displayed, the storage server 105 verifies the time authentication for the digital data “friend”. The storage server 105 displays the verification result sent from the time authentication server 104 to the user. A screen example of the result display is shown in FIG. Here, “valid” and “invalid” are displayed in the result display field 1002, respectively. The time verified by the time authentication server 104 is also displayed in the verification time column 1003.

  In the digital data list screen 209 of FIG. 2, the digital data “marriage” is time-authenticated and its time stamp is stored and verified by the time authentication server 104. In the state 215, “valid” is displayed.

  “Valid” in this verification means that the created time stamp is created by the time authentication server 104 and that it is guaranteed that there is no falsification between the creation and the time of verification. Then, since there is no guarantee of tampering after verification, it does not mean that it will be effective in the future. However, there is a desire for users to be effective when viewing digital data. In this case, when the storage server is accessed, time authentication is always verified and the result is displayed. As an option, it is only necessary to select whether the verification is always performed or the location is performed only when the user instructs. An example of this option selection screen is shown in FIG.

  As a result, the user can easily recognize the existence and validity of the time stamp for the target digital data.

  Further, a case where the user prints the verification result of the time authentication will be described. When the verification result is displayed as shown in FIG. 10, a screen 501 on which the user can instruct printing of the result is displayed as shown in FIG. On this screen 501, the mode for printing out can be selected.

  The cover printing 502 in FIG. 5 is a mode for printing out the verification result together with the thumbnail, name, and date of the image according to the contents displayed on the screen. A link print 503 in FIG. 5 is a mode in which link data indicating a link to digital data stored in the storage server 105 is printed out. 5 is a mode in which all pages of authenticated digital data stored in the storage server are printed out. These print modes can be specified in combination. The user can start printing by pressing the OK button 505 after specifying the mode. When printing is performed with these print modes specified, the time authentication verification result is valid, the time authenticated time, the ID information such as the name of the time authentication server 104 that issued the type stamp, and the time authentication verified time The specified option is printed together with the basic information. Alternatively, the specified option is printed together with the verification result such as invalid.

  When the cancel button 506 is pressed, printing is not performed.

  FIG. 12 shows an example of the print output. 1201 is an output example in which basic information is printed. This basic information 1201 includes a digital data name 1202 (in this case, marriage), a verification result 1203 (valid in this case), an authentication time 1204 (in this case, authenticated at 2003.09.15 15:23), and the authentication The performed authentication server 1205 (Cabinet in this case) and the time 1206 (in this case, 2003.09.18 18:01) at which the time authentication was verified are described. When the front cover printing 502 in FIG. 5 is designated, output paper 1211 is output. This output paper 1211 includes a digital data name 1212 (in this case, marriage), a digital data creation date 1213 (in this case, 2003.09.10 10:10), a verification result 1214 (in this case, valid), and a representative page The thumbnail 1215 is listed. When link printing 503 in FIG. 5 is designated, output paper 1221 is output. On this output paper 1221, the digital data name 1222 (in this case, marriage) and link information 1223 to the digital data (in this case, the link information is printed as a bar code, and the link information is accurately obtained by calling it with a bar code scanner. Is entered). When the body print 504 in FIG. 5 is designated, output paper 1231 is output. This is a printout of digital data. These print outputs 1201, 1211, 1221, and 1231 are not only printed on the respective sheets, but may be printed together.

  By performing the above operation, the user can obtain the authenticated time and the authenticated digital data for the print output with the time stamp, thereby confirming the print output with the time authentication.

[Time certificate expiration date]
The time stamp has an expiration date like other digital certificates. Although it depends on the encryption method and key length, it is often several years. When the expiration date has passed, there is a problem that even if the time stamp is pressed, the contents cannot be modified or the time of existence cannot be verified.

  In the digital data list screen 209 of FIG. 2, four digital data (“friend”, “marriage”, “cards”, “map”) stored in the folder “Personal” 208 are displayed. For example, the digital data “marriage” is displayed as “valid” in the time stamp state 215, but this is time-validated, the time-stamp is stored, verified by the time-authentication server 104, and is valid. It is shown that. For example, the digital data “map” is displayed as “invalid” in the time stamp state 215, but this is invalid when the time is authenticated and the time stamp is stored and verified by the time authentication server 104. It is shown that. This invalidation corresponds to a case where the expiration date of the time stamp has been exceeded in addition to the case where the contents are falsified or the time stamp is falsified.

  In order to avoid invalidating data whose time stamp has been exceeded after the expiration date, there is a method of adding a time stamp again within the expiration date. Specifically, a hash value is calculated for digital data including a time stamp, and thereafter, it is transmitted to the time authentication server 104 in the same manner as described above for the first time stamp. What is necessary is just to acquire a new time stamp. The time authentication server at the time of reissuance does not need to be the previous time authentication server, and further does not need to have the same encryption method and key length. By extending the expiration date in this way, it is possible to guarantee the validity of a long-term time stamp.

  However, when digital data with a time stamp is stored in the storage server, it is difficult to notice that the expiration date has passed and the data becomes invalid. Therefore, a storage method is provided in consideration of the expiration date when time authentication is performed by the storage server. For example, in the digital data list screen 209 of FIG. 2, a check box in the check column 210 of digital data “cards” is selected. When checked, the check box changes from white to black. Thereafter, “perform time authentication” 408 shown in FIG. After the confirmation screen for the user is displayed, the storage server 105 performs time authentication on the digital data “cards”. At this time, as shown in FIG. 13, an option regarding the expiration date is set. A screen 1301 for setting options related to the expiration date is displayed. Among these, the expiration date is monitored by the storage server 105, and before it arrives, the time stamp is automatically generated again and set to extend the expiration date. 1302. On the other hand, a check mark “confirm before extending the expiration date” 1303 is not automatic but asks the administrator of the digital data to extend. In this case, it is necessary to register information related to the manager who asks for extension, and information is registered using the “confirmation destination information” setting button 1304. As an example of registration information, a name 1305 and a mail address 1306 are shown.

[Operations of storage server related to extension of expiration date]
The storage server 105 performs an operation related to the extension of the expiration date based on the information set in FIG.

  For all digital data stored in the storage server 105, the expiration date of the time stamp is captured from the information in the time stamp. The storage server 105 compares the expiration date with the current time of the storage server 105, and starts an operation related to extension before an appropriate time for the expiration date. When the extension setting of the digital data is automatic extension, a hash value is calculated for the data obtained by combining the digital data and its time stamp. The hash value is transmitted to the time authentication server 104, and a new time stamp is acquired. The newly obtained time stamp is stored in association with the digital data. At this time, there are a plurality of time stamps, both new and old. Therefore, by storing the time stamps in the order in which they were created, the relevance of multiple time stamps becomes clear.

  Next, the case where the extension setting of digital data is confirmed will be described. Similar to the automatic extension, the storage server 105 contacts the registered administrator before an appropriate time before the expiration date and asks whether or not to extend. If confirmation can be obtained within the expiration date of the digital data, follow the instructions. In the case of extension, as in the case of automatic extension, a hash value is calculated for data that is a combination of digital data and its time stamp, the hash value is sent to the time authentication server 104, a new time stamp is obtained, and a new value is obtained. Save the time stamp associated with the digital data. At this time, there are a plurality of time stamps, both new and old. Similar to the automatic extension, the time stamps are stored in the order in which they were created, thereby clarifying the relationship between the plurality of time stamps.

  Finally, when the storage server 105 extends the time stamp, it notifies the administrator of the result. The notification destination and notification method are notified by e-mail, voice phone, mail, etc., based on registered information (not shown).

[User operation when digital data is downloaded from the storage server]
Here, a case where digital data stored in the storage server is acquired will be described.

  There are two purposes for downloading: downloading in a variable form for editing stored digital data, and time authentication for sending time-certified digital data to a third party for verification. Some of them are downloaded in an unchangeable form. In each case, the digital data to be downloaded is different. Therefore, the user instructs the download to the storage server 105 by specifying whether the download is in a variable form or a time-authenticated changeable form.

  The operation method will be described. In FIG. 2, digital data whose time is authenticated are selected. In FIG. 2, the top two are digital data that has been time-authenticated, and the bottom two are digital data that has not been time-authenticated. Select what you want to download from these digital data. When the check box in the Check column 210 is selected, the display changes from white to black. Thereafter, download is executed from the command 203. At this time, if you want to download the stored digital data in a variable format, execute “Download in variable format” 403 to download the time-authenticated digital data in a time-authenticated unchangeable format. To do so, execute “Download with time authentication” 404. With this different operation, the digital data format desired by the user can be notified to the storage server 105. Accordingly, the user can download digital data in respective formats suitable for different purposes from the storage server 105.

[Internal operation of storage server at time authentication acquisition]
Here, with reference to FIG. 6, when acquiring time authentication, a detailed description will be given regarding the internal operation of the storage server.

  When the user gives an instruction, the instruction is sent to the data management processing unit 158 of the storage server 105 via the network 101, and the storage server 105 starts time authentication of the digital data. First, the storage server 105 generates a hash value for the digital data managed by the data management processing unit 158 using a one-way function in the hash value generation unit 153. The one-way function and its parameters used at this time are negotiated in advance by the time certificate authority processing unit 154 via the time authentication server 104 and the network 101, and the one-way function and its parameters designated by the time authentication server 104 are recognized. And stored in the time certificate authority processing unit 154. Using this information, the hash value generation unit 153 generates a hash value. In this embodiment, there is no problem with any time authentication server. In general, for the operational advantage, a time authentication server with which the storage server 105 is linked and contracted is used. Alternatively, if the user cooperates or contracts with several time authentication servers, the user may be presented with options and follow the user's selection. Therefore, since the time authentication server for authentication is uniquely determined, the one-way function to be used and its parameters can be determined. At this time, the time certificate authority processing unit 154 manages a plurality of time authentication servers.

  After generating the hash value, the storage server 105 transmits the generated hash value to the time authentication server 104 via the network 101, and requests time authentication. The time authentication server 104 has a clock that records accurate time, and can obtain accurate time from the clock. Upon receiving the hash value transmitted from the storage server 105, the time authentication server 104 generates an electronic signature by using the secret key of the authentication server for the time information and the hash value transmitted at that time, and generates the time signature. A reply is sent to the storage server 105 as a stamp. As the protocol in this authentication sequence, the protocol specified by the authentication server is used. In general, this protocol is standardized, and time stamps are obtained accordingly. This sequence does not change whether it is a time certificate authority on the Internet or a time certificate server on an intranet.

[Internal operation of storage server after obtaining time authentication]
Here, with reference to FIG. 6, a detailed description will be given regarding the internal operation of the storage server after obtaining the time authentication.

  First, the storage server 105 receives a time stamp sent from the time authentication server 104 via the network 101 by the network interface 152. The received time stamp is sent to the data management processing unit 158 in the storage server 105 and stored there. The data management processing unit 158 manages the time-authenticated digital data in association with the time stamp. There are various ways of associating. For example, a folder is prepared for each digital data, and a pair of digital data and a time stamp are stored therein, or a description language such as XML. A method of specifying a digital data and a time stamp that are paired with data using the can be considered.

  Alternatively, there is a method in which digital data and a time stamp are merged into one digital data and then converted into data that cannot be edited and managed. For example, there is a time authentication plug-in for Adobe Acrobat. In this case, the digital data managed by the data management processing unit 158 is converted into PDF data by the time stamp data processing unit 155. Thereafter, the time stamp sent from the time authentication server 104 and stored in the data management processing unit 158 is sent to the time stamp data processing unit 155, and the time stamp data processing unit 155 embeds the time stamp in the PDF data. In addition, PDF data is used as an attribute that cannot be edited using the encryption function of Acrobat. Since this method has already been realized in Acrobat, by using this method as it is, it is possible to realize a method of managing as unchangeable digital data in which a time stamp is embedded.

  As a specific example, let us consider a case where time-authenticated digital data 2002.09.21_meeting_memo.doc and digital data 2002.09.21_meeting_memo.tms that is the time stamp exist. The PDF data 2002.09.21_meeting_memo.pdf is obtained by converting 2002.09.21_meeting_memo.doc into a PDF file and embedding a time stamp. This PDF data is characterized by the fact that the contents of the time-authenticated file are known and the time stamp is also built in, so that the time authentication can be verified only with this PDF data. That is, the storage server 105 in this patent stores the file itself in order to store the file, and when time authentication is performed, the time stamp, and the data and time stamp are integrated into a file that cannot be edited. It is characterized by saving various types of files. These are managed by the data management processing unit 158.

  As described above, the steps of the internal operation at the time authentication acquisition are summarized in a flowchart as shown in FIG.

[Internal operation of storage server at time authentication confirmation]
Here, with reference to FIG. 6, a detailed description will be given regarding the internal operation of the storage server after obtaining the time authentication.

  When the user gives an instruction, the instruction is sent to the data management processing unit 158 of the storage server 105 via the network 101, and the storage server 105 starts checking the time authentication of the digital data. First, as described in the previous section, the storage server 105 searches for a time stamp corresponding to the designated digital data using the internal management table or a link file described in another XML. The searched time stamp is processed in the time stamp data processing unit 155, and the time authentication server that performed time authentication is specified. In response to the identified time authentication server 104, the storage server 105 transmits a time stamp managed by the data management processing unit 158 from the network interface 152 via the network 101, and requests confirmation of time authentication. Since the structure of this time stamp is defined in the standard, details of the method for specifying the time authentication server will not be described. When there is a confirmation request in the time authentication server 104, the electronic signature in the time stamp is decrypted with a secret key possessed only by the time authentication server 104, it is determined whether or not there has been falsification, and the embedded time information is taken out at the same time. These results are returned to the image processing apparatus 102. The protocol specified by the authentication server is used as the protocol in this authentication confirmation sequence. In general, this protocol is standardized, and the time stamp is acquired according to the standard. Therefore, details are omitted.

  When the storage server 105 receives the result of the time authentication confirmation sent from the time authentication server 104 via the network 101 by the network interface 152, the storage server 105 sends this to the time stamp data processing unit 155. The time stamp data processing unit 155 notifies the data management processing unit 158 of the result. The data management processing unit 158 displays the result together with the presence of digital data and time stamp, and notifies the user.

  The steps of the internal operation at the time authentication confirmation are summarized in the flowchart as shown in FIG.

[Internal operation of storage server when digital data is downloaded]
Here, the internal operation of the storage server when the user downloads digital data will be described in detail with reference to FIG.

  The user instructs the storage server 105 to download by specifying whether it is a download in a variable form or a time-authenticated unchangeable download. The instruction is sent to the data management processing unit 158 of the storage server 105 via the network 101, and the storage server 105 starts downloading the digital data. The request determination processing unit 157 of the storage server 105 determines the content of the instruction, and determines whether the download is in a variable form or a time-authenticated unchangeable form. This tells the user what he wants to do, as described in the previous section regarding user operations. Since the instruction contents differ depending on the request, the request determination processing unit 157 may determine this. The request determination processing unit 157 notifies the data management processing unit 158 of the determination. Based on the notification, the data management processing unit 158 transmits appropriate data to the user. Specifically, in the case of a download request in a variable form, the data management processing unit 158 selects the digital data itself uploaded by the user from the managed data, and the time-authenticated non-changeable form. In the case of a download request, the data management processing unit 158 selects unchangeable digital data in which the time stamp is filled out of the managed data. The data management processing unit 158 transmits the data selected according to the user download request via the network 101 by the network interface 152. As a result, the storage server 105 identifies whether it is digital data stored in a variable form or digital data stored in a time-certified non-changeable form among the digital data stored therein. And can be downloaded to the user.

  The internal operation steps are summarized in the flowchart as shown in FIG.

[Save server has time authentication server function]
Needless to say, it is also conceivable that the storage server has a time authentication server function so that the storage server does not have to perform time authentication via a network. With this configuration, it is generally accepted that the time display used by the storage server is correct, but it is not always proven that the time attribute of the data retrieved from the storage server is correct. The need is not gone.

It is a network block diagram of the apparatus relevant to this invention. It is a specific example of a user operation screen when uploading the digital data shown in the embodiment to the storage server. It is a specific example of a user operation screen when uploading the digital data shown in the embodiment to the storage server. It is a specific example of the FTP command shown in the embodiment. It is a specific example of a user operation screen at the time authentication confirmation shown in the embodiment. It is a block diagram of the preservation | save server shown in the Example. The step of the internal operation | movement at the time of the time authentication acquisition shown in the Example is shown with the flowchart. The step of the internal operation | movement at the time authentication confirmation shown in the Example is shown with the flowchart. The step of the internal operation | movement after the time authentication confirmation shown to the Example is shown with the flowchart. It is an example of a screen which displays the verification result of the time authentication shown in the Example. It is an example of a screen which designates the option of time authentication shown in the example. It is a print example of the verification result of the time authentication shown in the embodiment. It is an example of a screen which designates the expiration date option of the time authentication shown in the embodiment.

Claims (5)

In a storage device that stores data,
Means for calculating the hash value of the stored data;
Means for transmitting the hash value to a time certificate authority;
Means for requesting time authentication from the time certificate authority;
Means for storing a time stamp received from the time certification authority;
A storage device comprising: The storage device according to claim 1,
Have a way to get information about the expiration date from the timestamp,
The storage apparatus, wherein an operation related to extension of the expiration date is started before an appropriate time to become the expiration date. The storage device according to claim 2,
According to a user setting, a storage device that determines whether to perform an operation related to extension of an expiration date without performing confirmation or whether to perform confirmation. The storage device according to claim 2,
Means for calculating a second hash value for the combined data and the time stamp;
Means for transmitting the second hash value to a time certificate authority;
Means for requesting time authentication from the time certificate authority;
Means for receiving a second time stamp from the time certificate authority;
Means for associating and storing the second time stamp with the data and the first time stamp;
A storage device comprising: The storage device according to claim 2,
A storage device comprising means for notifying a person concerned with the data after extending the expiration date.

Images