JP4765262B2 - Electronic data storage device, program - Google Patents

Description

  The present invention relates to an electronic data storage device that stores electronic data such as an electronic file, and more particularly, provides long-term evidence that electronic data stored in such an electronic data storage device has not been tampered with. It relates to the technology to be secured.

  According to the present invention, when generating a signature for certain data, a MAC (Message Authentication Code) is also generated, and if it is suspected that the signature has been forged, the MAC is verified to confirm the hardware that generated the signature. And “determining the presence or absence of forgery” (Non-Patent Document 1). Conventionally, a digital signature with a MAC is a technique that shows evidence that electronic data such as an electronic file has not been tampered with.

  In the conventional system, an IC card is assumed as an external device, and a PC (personal computer) is assumed as a client. Since an IC card as an external device performs both processing of an electronic signature and an authentication code, processing time in seconds is required. Therefore, when it is necessary for a client to process a large amount of electronic data at high speed, the processing speed becomes an obstacle. In order to solve this problem, it is necessary to prepare a large number of personal computers and IC cards and perform parallel processing.

Therefore, the applicant has a ROM area and a RAM area, and is secretly stored in a tamper-proof IC card or USB key that is electrically and mechanically coupled to the server and a storage area that cannot be rewritten by the manufacturer at the time of manufacture. An electronic data storage server that operates using a read-only storage medium on which a key is burnt has been proposed (Patent Document 1). The IC card has an algorithm for generating a temporary secret key based on a secret key copied from a read-only storage medium in the ROM area, stores the temporary secret key in the RAM area, and stores the temporary secret key and given electronic data. At least a part of the program that generates the authentication code from is stored as an object in the ROM area. The server reads the algorithm, the object, and the temporary secret key, and generates an electronic data authentication code from the electronic data in cooperation with the read algorithm, the object, and the temporary secret key, and stores the electronic data and the authentication code. To do. Accordingly, an authentication code generation object in which at least an important part of the authentication code generation process and the signature generation process on the data storage server side is stored in the IC card for the electronic data to be stored sent after mutual authentication from the client This makes it possible to perform high-speed and large-volume data processing by the MAC digital signature scheme.
Masashi Une, “Problems and Countermeasures Regarding Leakage of Private Key for Digital Signature Generation”, Bank of Japan Financial Research Institute, Discussion Paper No.2002-J-32 (2002) Japanese Patent Application No. 2004-041183

  However, in the above method, it is necessary to connect an IC card reader / writer having tamper resistance to the server as hardware and to copy the secret key from the read-only storage medium to the IC card RAM area. And inconvenience in terms of required work.

It is an object of the present invention to solve problems in terms of cost and work such as connection of an IC card reader / writer and copying to a ROM or RAM such as an IC card.
The present invention has been made to solve the above-described problems, and does not require the use of a tampering IC card or USB key or a troublesome copying operation of the key, and can be used in an environment where a large number of clients are connected. Another object of the present invention is to provide a system that enables a server to process a digital signature and an authentication code at high speed and safely.

Electronic data storage device of the present invention have been restricted access secondary storage device, an electronic data storage device to secure evidence of the electronic data authentication code and an electronic signature, prior to the start of operation, first A first key encryption key generating unit that generates a key encryption key based on the random number value and the personal identification number, and performing a hash operation on an arbitrary secret key a predetermined number of times before starting operation , a first key generating means for generating a "first key for generating the authentication code", before starting operation, and the number of times the hash computation and the first key, the key encryption key It generates an encryption key information by encrypting by the encryption key information generating and storing means for storing the encrypted key information thus generated to the secondary storage device, before the start of operation, the key encryption key the first random value used in generating the electronic data A first random number storage means for storing the storable storage medium is separated from the tube system, after the start of operation, the inputted personal identification number and the pre-crisis憶媒the first random number value stored in the body from decoding the encrypted key information by using a second key encrypting key generating means for generating a key encryption key, the key encryption key the second key encrypting key generating means has generated Yes result, the first key and the decryption means the Ru calculated the hash number of operations, and authentication code generation means for generating a new authentication code using the first key obtained in該復Goka means The authentication code generation means performs an authentication code generation key by performing a hash operation on the first key by the number of times of the third random number value with an arbitrary third random value for each electronic data. It generates, any electronic data by using the authentication code generation key thus generated And generating the new authentication code for.

In addition, the electronic data storage device of the present invention described above further includes, for example, the first key obtained by the decryption unit and the number of hash operations after the operation is started and before the processing of the authentication code generation unit. And a new encryption key information generation / storage means for generating and storing new encryption key information , and the new encryption key information generation / storage means generates a second random number value. A new key encryption key is generated from the second random number value and the input personal identification number, and a new hash operation is performed on the first key obtained by the decryption unit. Means for generating a first key and erasing the old first key; means for incrementing the number of hash operations obtained by the decryption means to obtain a new number of hash operations; and the new first key The key, the new hash operation count Encrypting with an encryption key to generate new encryption key information, storing the generated new encryption key information in the secondary storage device, and the new encryption key information by the storage unit And a means for erasing the new key encryption key after generation and storage, and the first key used by the authentication code generation means is the new first key.

In another aspect , the present invention provides a program that secures evidence of electronic data with an authentication code and an electronic signature in an electronic data storage device. The program of the present invention realizes the same means on the computer as each means of the electronic data storage device described above .

  Conventionally, for data protection, an IC card reader / writer must be connected to a server, or an IC card must be distributed to each client. According to the present invention, encryption is performed with a key encryption key in the DASD of the server. Therefore, it is not necessary to connect an IC card reader / writer or distribute an IC card, which is advantageous in terms of both cost and operation.

  The key encryption key itself is protected by requiring both a PIN and a temporary random number stored in a RAM such as a flexible disk. The PIN itself can be further improved in safety by using personal authentication technology such as biometric authentication.

  The key encryption key restored on the main memory generates a new random number and deletes it after generating a new encryption key. The new encryption key is also deleted immediately after storing the new random number in a RAM such as a flexible disk. To protect against eavesdropping.

  In addition, when an object on the main memory is in a process waiting state, by encrypting the authentication code generation temporary secret key with the temporary key encryption key, it is possible to improve the safety in case of eavesdropping by an unauthorized accessor or administrator. it can. The temporary key encryption key stored in the RAM can be easily detected even if unauthorized access, falsification, or theft occurs by checking access by recording to the RAM and periodically reading the RAM.

Hereinafter, the present invention will be described in detail with reference to embodiments of the present invention and the accompanying drawings. In addition, when showing the same element in several drawing, the same referential mark is attached | subjected.
[First Embodiment]
FIG. 1 is a schematic block diagram showing the configuration of an electronic data storage system according to the first embodiment of the present invention. 1, an electronic data storage system 1 according to the present invention includes an electronic data storage server 10 connected to a network such as the Internet, an input / output device 20 for an operator of the server 10 to operate the server 10, and the network. It consists of a plurality of or many clients 40 that can communicate with the server 10. The input / output device 20 includes a display device, a keyboard, a pointing device, and the like. The electronic data storage server 10 communicates with the client 40 via a CPU (Central Processing Unit) 11, a ROM (Read Only Memory) 12, a RAM (Random Access Memory) 13, and a network, like a normal server. Communication interface 14, I / O interface 16 to input / output device 20, FD drive 18 for using floppy disk (FD) 32, CD-ROM (compact disc read only memory) 34, read-only or readable / writable Optical disc drive 19 capable of reading / writing optical discs such as DVDs of various standards (indicated as ROM / RAM in FIG. 1) 36, and a large-capacity DASD for storing various programs and data used by server 10 ( direct access storage device) 17.

  The electronic data storage server 10 is operated by an administrator who belongs to the organization that operates the server 10 and manages the server 10, and preferably audits the operation of the server 10 that does not belong to the organization that operates the server 10. It is preferable to limit to an auditor and an arbitrator who has no interest in the organization and the user of the client 40.

  The system 1 in FIG. 1 can be a document long-term storage originality assurance system in which the server 10 is an originality assurance server and the client is a document management server. Further, the system 1 in FIG. 1 can be a long-term data evidence guarantee system for electronic application data, with the server 10 as the originality assurance server and the client 40 as the electronic application server. Furthermore, the system 1 of FIG. 1 can be a data evidence guarantee server that guarantees traceability data over a long period of time by using the server 10 as a data storage server and the client as a data collection server.

  In FIG. 1, the ROM / RAM 36 has an authentication code generation key Km that is a temporary secret key, the number of hashes m used to generate the key Km, an authentication code generation algorithm f, an authentication code generation algorithm identification number FID, and an authentication code generation key Km. Is a ROM such as a CD-ROM or a RAM such as a flexible disk that stores data obtained by encrypting the identification number KIDm with a temporary key encryption key.

  A random number So is stored in the flexible disk (RAM) 32. The random number So is a random number used when generating the key encryption key KEKo. The key encryption key KEKo is generated from a PIN (personal identification number) and a random number So by a hash function h (PIN, So) (described later in detail). The random number So on the RAM is rewritten with the random number generated by the authentication code generation process. The RAM 32 is read and written from the server at the time of generating the authentication code generation process (when the system is started up), and is usually separated from the server and stored in a safe place by an auditor.

  The ROM 34 only needs to have a read-only storage function, such as a CD-ROM, in which the authentication code private key Ko is written. The ROM 34 may be an IC card or a USB key. The ROM is usually separated from the server and stored in a safe place, and is used only when verifying the authentication code.

  The communication interface (IF) 14 receives electronic data X to be stored from the client 40 via the network. At this time, the server 10 and the client 40 perform mutual authentication, and also encrypt data on the transmission path to ensure safety.

The DASD 17 stores various programs.
For example, the authentication code generation process 75 performs the processes shown in FIGS. This process is an encapsulated object such as an access right process 94 that can be accessed only from a specific user and object by using, for example, the Security Manager function of Java (registered trademark).

  The signature generation process 97 receives the data and the authentication code from the authentication code generation process 75, and performs an electronic signature on the received data. The digital signature scheme and private key can be changed at any time to prevent compromise and to ensure security. When the electronic signature is generated, the data to be stored is stored as stored data 80 in the format of FIG.

The signature verification process 99 verifies whether the data extracted from the stored data 80 has been falsified, decrypts the electronic signature with the signature public key, and matches the data digest.
The authentication code verification process 96 is activated by the mediator for suspected data when there is a suspected forgery of the electronic signature. The authentication code verification process 96 generates an authentication code for the data by the authentication code generation process 75. In this case, the authentication code private key Ko stored in the ROM 34 is used. Further, the administrator takes out the authentication code of the data stored as the stored data 80 and presents it to the mediator. The mediator compares the two, and if they match, it determines that the electronic signature has not been forged. In this case, the authentication code temporary secret key is hash-calculated n times in the server 10 as shown in FIG.

  If there is a suspicion of forgery of the electronic signature, the mediator verifies the authentication code obtained by the authentication code verification process 96 for the electronic data and the authentication code of the electronic data passed from the administrator, and if they match, Judge that there is no suspicion of counterfeiting. The mediator can access only the authentication code verification process 96 from the console 20 attached to the server 10.

Further, the DASD 17 stores the following data and programs.
A data storage program 90 for storing electronic data requested to be stored by the client 40
A data read program 92 for sending electronic data to the requesting client 40 when there is a retrieval request from the client 40 for the electronic data stored in the stored data storage unit 80
Access restriction program 94 that restricts access to programs with restricted access
Policy table 82 that is referred to during access restriction processing
A log table 84 that stores a log recorded each time various objects are activated.
-Log filter 98 for checking abnormal logs due to unauthorized access
The communication between the server 10 and the client 40 is performed after mutual authentication (ECOM IC card usage guideline 1.0 version (March 1, 1998)) as shown in FIG. 4 is performed. Counters illegal use.

  The administrator is a server administrator. Predetermined information in the server 10 can be accessed from the console 20 attached to the server 10. The inspector audits the work of the server 10 administrator by referring to the log data audit in the log storage 84 and the warning data of the log filter processing 98. Also, when generating the authentication code generation process (such as when the system is started up), the RAM 32 is attached to the server 10 and the PIN is input from the console 20 attached to the server.

  The temporary key storage unit 81 includes an authentication code generation key Km, which is a temporary secret key, the hash count m used to generate the key Km, an authentication code generation algorithm f, an authentication code generation algorithm identification number FID, and an authentication code generation key Km. KEko (Km, m, f, KIDm, FID) obtained by encrypting the identification number KIDm with the temporary key encryption key KEKo is stored. Only an auditor is allowed to access the temporary key storage unit 81.

The operation and operation of the electronic data storage system 1 having the above configuration will be described.
FIG. 3 is a flowchart showing a procedure up to the start of operation according to the principle of the present invention. In FIG. 3, the manufacturer of the ROM 34 generates an authentication code secret key Ko on the manufacturer side in step 100 and burns it into the ROM 34 such as a CD. The ROM 34 is stored in a safe place by the manufacturer, mediator, or auditor. In step 102, a hash operation is performed m times on the authentication code private key Ko to generate a temporary private key Km. The secret key Km is given by Km = hm (Ko). In step 104, the manufacturer encrypts the authentication code private key Km, the hash count m, the authentication code generation object f, the authentication code private key Km identifier KIDm, and the authentication code generation object identifier FID with the key encryption key KEKo, And so on. The secret key KEKo is generated by hashing the PIN and the random value So with the hash function h according to the expression KEKo = h (PIN, So). Here, according to the password-based encryption (PBE) method, h (PIN, So) means that a hash operation is performed on the exclusive OR of PIN and So. Therefore, KEKo = h (PIN, So) = h (PINxorSo). Here, AxorB represents an exclusive OR of A and B. Next, in step 106, the manufacturer stores the random value So in a RAM 32 such as a flexible disk. The RAM 32 is stored by the auditor together with the PIN. Subsequently, in step 108, the auditor copies the data in the ROM / RAM 36 such as the CD created in step 104 to a disk whose access is restricted to those other than the auditor of the server 10, that is, DASD 17. In step 110, the administrator starts operating the server. In step 112, the auditor attaches the RAM 32 such as a flexible disk storing the random number value So to the server 10 and inputs the PIN. Thereby, the authentication code generation process 75 is started.

  In normal operation, there is a data storage process 90 for storing electronic data from the client in the server 10 in response to a client request, and a data reading 92 for sending the data stored in the server 10 to the client in response to a client request. Done.

<Data storage>
When data to be stored in the data storage server 10 is generated on the client 40 side, the client 40 encrypts the data in a computer-readable format as electronic data, together with a storage or registration request, via a network. The data is sent to the data storage server 10. In this case, first, the operator of the client 40 sends his / her PIN (personal identification number) to the data storage server 10, and the data storage server 10 has a PIN list (not shown) of personnel permitted to use the client 40. Only when the received PIN exists, the client 40 is allowed to perform the subsequent operation. Prior to electronic data communication, the mutual authentication shown in FIG. 4 is performed between the client 40 and the data storage server 10 as described above.

  When receiving a request for storing or registering electronic data (X) from the client 40, the data storage server 10 performs an authentication code generation process described later. After generating the authentication code, the data archiving server 10 performs an electronic signature on the electronic data X. As already described with reference to FIG. 2, the data archiving server 10 sets the electronic data X, the authentication code, and the electronic signature as a set in the stored data recording unit 80. store.

[First Embodiment]
FIG. 5 is a flowchart showing an operation in which the CPU 11 generates an authentication code according to the first embodiment of the present invention. The authentication code generation process is protected from unauthorized use by an access right process such as use of the Security Manager function of Java (registered trademark). The DASD 17 such as a hard disk stores an authentication code generation temporary secret key encrypted with a temporary key encryption key and a hash count m, that is, KE Ko (Km, m, f, KIDm, FID). The program object 75 of the authentication code generation process is also protected so that it cannot be accessed except by the auditor's authority. When the generation of the authentication code is started in FIG. 5, first, in step 120, the MAC key decryption / encryption process of FIG. 6 is executed.

  In FIG. 6, the DASD 17 includes an authentication code generation key Km, a hash count m used to generate the key Km, an authentication code generation algorithm f, an authentication code generation algorithm identification number FID, and an identification number KIDm of the authentication code generation key Km. KE Ko (Km, m, f, KIDm, FID) encrypted with the temporary key encryption key KEKo is stored. The key encryption key KEKo is previously generated by the manufacturer using the hash function h (PIN, So). DASD is protected from access by non-auditors in the access right processing 94 of FIG. First, the CPU 11 reads the encryption key information KEKo (Km, m, f, KIDm, FID) from the DASD 17 (step 200). When the inspector managing the RAM 32 in FIG. 1 attaches the RAM 32 to the server, the CPU 11 reads So from the FD 32, which is the RAM (step 202), and requests the input of the PIN (204). In response to this, the inspector inputs the PIN (step 206), and then removes the RAM 32 from the server 10 and stores it in a safe place. In this case, when it is desired to increase the security level of PIN input, a biometric device such as a fingerprint or an iris may be connected to the server to identify the inspector himself. Next, in step 208, the key encryption key KEKo is regenerated using the hash function h (PIN, So). In step 210, a random number S1 is generated. In step 212, a new key encryption key KEK1 is generated by the hash function h (PIN, S1), and the PIN is deleted. In step 214, KEKo (Km, m, f, KIDm, FID) is decrypted using the key encryption key KEKo regenerated in step 208, and after obtaining Km, m, KEKo is deleted. Next, in step 216, an authentication code generation temporary secret key Km + 1 = h (Km) is calculated, and Km is deleted using this as a secret key. In step 218, the authentication code generation temporary secret key Km + 1 is encrypted with the new key encryption key KEK1 to generate KEK1 (Km + 1, m + 1, f, KIDm + 1, FID). In step 220, the random number S1 is written into the RAM 32. Subsequently, the new encryption key information KEK1 (Km + 1, m + 1, f, KIDm + 1, FID) is written in the temporary key holding position 81 of the DASD 17 (step 222), and the old encryption key information KEKo (Km , M, f, KIDm, FID) are deleted (step 224), and KEK1 is deleted (226). In this way, a new authentication code generation key Km + 1, that is, new encryption key information KEK1 (Km + 1, m + 1, f, KIDm + 1, FID) is generated.

  Now, referring back to FIG. 5, in step 122, Km + 1 is used as the encryption key Km of the message authentication code (MAC = message authentication code). Next, in step 124, the file X to be stored is fetched by the data input process, and the hash operation Kmn = hn (Km) of the secret key Km with the random number n is performed, and this is used as the secret key. At this time, it is also possible to set an upper limit value for the random number for reasons such as reducing the server load in consideration of performance. Km is erased after generating Kmn, and thereafter Kmn is used for Km. Also, mn = m + n and m is deleted. When returning from step 130, Kmn and mn are used as Km and m.

  Subsequently, in step 126, the authentication code MAC (X) = f (X, Km) (= f () from the data Km obtained in step 124 (actually, Kmn was obtained but is no longer handled as Km). X, Kmn): Kmn is the value obtained in step 124), and the current secret key Km with the random number n is subjected to the hash operation Kmn = hn (Km), and this is used as the secret key, and the old Kmn is deleted. To do. The MAC generation algorithm uses an algorithm such as HMAC or UMAC. Further, mn = mn + n.

  Next, in step 128, the acquired data and authentication code are passed to the signature generation process 97, and Km and mn used in step 126 are deleted. The authentication code includes MAC (X), hash count m = 0, n = mn, authentication code generation algorithm FID, and authentication code generation secret key KIDm. The number of hashes is set to m = 0 for the number of hashes performed in the ROM / RAM such as an IC card in order to be consistent with the method using ROM / RAM such as an IC card. At this time, in order to prevent eavesdropping / leakage of secret information, it is also possible to encrypt and store the hash times m and n.

  In determination step 130, it is determined whether an instruction indicating the end of processing has been received from the administrator. This instruction can be performed at any time based on the judgment of the administrator. If the end of processing has not been received, the process returns to step 124. If an end processing instruction has been received, the process proceeds to step 132, where Kmn and mn are deleted, and the authentication code generation processing ends.

  The authentication code generation is generated as described above for the data X to be stored sent from the client, and the data X, the authentication code, and the electronic signature are stored as stored data 80 as shown in FIG.

<Read data>
When the client 40 needs the electronic data stored in the storage data recording unit 80, the data storage server 10 sends an electronic data read request via the network together with information (electronic data identification information) that can identify the necessary electronic data. Send to. Of course, in this case as well, the client 40 is subject to the mutual authentication and PIN access restriction of FIG.

  When the data storage server 10 receives the electronic data read request and the electronic data identification information, the data read program 92 takes out the record of the electronic data specified by the electronic data identification information from the storage data recording unit 80 and extracts the extracted electronic data. Whether or not the data has been tampered with is verified by decrypting the electronic signature with the signature public key and verifying the match with the data digest. If they match and the signature verification is successful, the data reading program 92 sends the read electronic data to the requesting client 40 via the network. If they do not match and the signature verification fails, the data reading program 92 notifies the client 40 to that effect via the network, and issues a visual alarm, an audible alarm, or both to the administrator. Inform.

<Authentication code verification>
If any one of the administrator, the operator of the client 40, or the user who received the service through the client 40 determines that the electronic signature of some stored data (X) is suspected of being counterfeit, the arbitrator is suspected. It is possible to request verification of verification code of stored data X having a certain number. FIG. 9 is a flowchart showing a procedure for verifying an authentication code according to an embodiment of the present invention. In FIG. 9, when performing verification of the authentication code, in step 400, the mediator attaches a ROM 34 such as a CD storing the authentication code private key K 0 to the server 10. In step 402, the administrator passes the authentication code MAC (X) of the electronic data X designated by the mediator, the number of hashes m, n, the authentication code generation algorithm FID, and the authentication code generation secret key KIDm to the coordinator. In the system 404, the mediator activates the authentication code verification process 96 of the server 10.

  In step 406, the authentication code collation process reads one authentication code private key K0 from a ROM such as a CD, and reads data X from a CD or a flexible disk. The inspector attaches to the server 10 the RAM 32 in which the random number value So is stored and the ROM / RAM 36 such as a CD in which the authentication code generation algorithm f is encrypted with the key encryption key KEKo, and inputs the PIN. As a result, the authentication code generation algorithm f encrypted with the key encryption key KEKo is decrypted by generating h (PIN, S0). The authentication code MACm + n (X) = f (hm + n (K0), X) is calculated from the hash counts m and n input from the server console by the coordinator. At this time, it is confirmed that the authentication code generation algorithm FID of the authentication code verification process matches the authentication code generation algorithm FID input from the console of the server by the coordinator.

  In step 408, if it is confirmed that the authentication code MAC (X) passed in step 402 matches the authentication code MACm + n (X) generated in step 404, the mediator determines that the electronic data X has not been tampered with. . If no match is confirmed, it is determined that the electronic data X has been tampered with.

In this way, the authenticity of the electronic data X can be confirmed.
[Second Embodiment]
In the above embodiment, the secret key KEK ₁ is erased in step 226 after encrypting Km and m. In the present invention, the secret key KEK ₁ is used for encryption of Km and m, then stored in the RAM, and when waiting for processing by the object in the server, the KEK ₁ stored in the RAM is used. By encrypting the authentication code generation temporary secret key, the security of the authentication code generation temporary secret key of the object in the server is enhanced.

  FIG. 7 shows a flowchart of generating an authentication code when encrypting a writing in the main memory. The flowchart in FIG. 7 is the same as the flowchart in FIG. 5 except that steps 120 and 132 are replaced with steps 120a and 332 and steps 340 and 342 are added. In step 120a, the MAC key decryption / encryption subroutine of FIG. 8 is executed. The subroutine of FIG. 8 is the same as the subroutine of FIG. 6 except that step 226 is replaced with steps 230 to 238. . Therefore, only the differences will be described.

First, in the MAC key decryption / encryption process when encrypting the key in the main memory of FIG.
In step 224, after erasing the encryption key information KEKo (Km, m, f, KIDm, FID) in DASD 17, when the CPU 11 issues a RAM replacement request (step 230), the inspector sets the RAM accordingly. Replacement (step 232), the CPU 11 detects the completion of RAM replacement (step 234). In step 236, the key KEK1 is written into the replaced RAM 32a, and thereafter, the RAM 32a is periodically read. In step 238, the key KEK1 is deleted and the MAC key decryption / encryption process is completed. In this way, a new authentication code generation key Km + 1, that is, new encryption key information KEK1 (Km + 1, m + 1, f, KIDm + 1, FID) is generated.

  In the authentication code generation of FIG. 7, when a processing end instruction is received in the determination step 130, Kmn and mn are erased in the step 332 and the periodic reading check of the RAM 32a started in the step 236 of FIG. 8 is stopped. To do.

If the process end instruction is not received in the decision step 130, or if the target file waiting for the data input process is in step 340, the KEK ₁ is read from the RAM, the Kmn, mn is encrypted, and the KEK ₁ (Kmn, mn) , Erase KEK ₁ . Further, in step 342,
When a target file for data input processing is generated, KEK ₁ is read from the RAM, Kmn and mn are decrypted, and then KEK ₁ is deleted. Thus, the authentication code generation process is completed.

  For the data X to be stored sent from the client, the authentication code generation is generated as described above, and the data X, the authentication code and the electronic signature are stored as stored data 80 as shown in FIG. it can.

  The above are merely examples for explaining the present invention. Accordingly, it is easy for those skilled in the art to make various changes, modifications, or additions to the above-described embodiments in accordance with the technical idea or principle of the present invention.

  For example, in the first embodiment, the authentication code is generated for the entire electronic data X from the client 40. However, the electronic data X may be divided into a plurality of pieces and the authentication code may be generated for each divided data. .

  In the above embodiment, only one electronic data storage server 10 is used. However, an evidence-proof electronic data storage system including a plurality of electronic data storage servers may be configured.

  In the above example, the data storage server is connected to a plurality of clients via a network, but it is also possible to exchange electronic data with one terminal without going through the network.

Security may be enhanced by applying copy protection technology such as Alpha-ROM or Secure ROM to the ROM that stores the initial authentication code private key.
In the above-described embodiment, the initial authentication code private key Ko is burned into the ROM by the manufacturer. However, the program itself for generating the key Ko is loaded into the DASD 17 of the server 10, and Ko is used as the server 10 by using this program. May be used to generate an authentication code.

  In Step 216 of FIGS. 6 and 8, Km is hashed once to generate a new authentication code generation key, but the number of times of hashing at this time does not have to be one.

1 is a schematic block diagram showing a configuration example of an evidence-proof electronic data storage system 1 according to an embodiment of the present invention. It is a figure which shows the example of a recording of the electronic data stored in the storage data recording part 80 of FIG. It is a flowchart which shows the procedure until the server operation start by this invention. It is a correlation chart which shows the flow of the data in the mutual authentication which the electronic data storage system 1 of FIG. 1 performs, and a process. It is a flowchart which shows the operation | movement which produces | generates an authentication code by the 1st Embodiment of this invention. 6 is a flowchart of a MAC key decryption / encryption subroutine executed in step 120 of FIG. 5. It is a flowchart which shows the operation | movement which produces | generates an authentication code by the 2nd Embodiment of this invention (encryption in main memory). It is a flowchart of a MAC key decryption / encryption subroutine executed in step 120a of FIG. It is a flowchart which shows the flow of the authentication code collation process by one Embodiment of this invention.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Electronic data storage system of this invention 10 Data storage server of this invention 11 CPU
12 ROM
13 RAM
14 Communication interface 16 I / O interface 17 DASD
18 FD drive 19 Optical disk drive 32 Floppy disk 34 ROM
36 ROM or RAM
75 Authentication code generation object 80 Storage data storage unit 82 Policy table 84 Log table 90 Data storage program 92 Data read program 94 Access restriction 96 Authentication code verification 97 Signature generation processing program 98 Log filter processing program 99 Signature verification processing program

Claims (10)

An electronic data storage device that has a secondary storage device with restricted access and secures evidence of electronic data with an authentication code and an electronic signature ,
First key encryption key generation means for generating a key encryption key based on the first random number value and the personal identification number before starting operation ;
A first key generation means for generating a “ first key for generating the authentication code ” by performing a hash operation on an arbitrary secret key a predetermined number of times before the start of operation ;
Before starting the operation, the first key and the number of times the hash calculation, the generate encryption key information by encrypting the key encryption key, the encryption key information thus generated secondary Encryption key information generation / storage means for storing in a storage device;
First random value storage means for storing the first random number value used when generating the key encryption key in a storage medium that can be stored separately from the electronic data storage device before starting operation ; ,
After the start of operation, from said first random number value stored before Kiki憶媒body and personal identification number inputted, a second key encrypting key generating means for generating a key encrypting key,
By decoding the encrypted key information by using the key encryption key the second key encrypting key generating means has generated, and decoding means asking you to said hash calculation times and the first key ,
And a authentication code generation means for generating a new authentication code using the first key obtained in該復Goka means,
The authentication code generation means generates an authentication code generation key by performing a hash operation on the first key by the number of times of the third random value for each electronic data with an arbitrary third random value. and, electronic data storage device and generates said new authorization code for any of the electronic data using the authentication code generation key thus generated. A new encryption key information is generated and stored by using the first key obtained by the decryption means and the number of hash operations after the start of operation and before executing the process of the authentication code generation means. Further having a means for generating and storing encryption key information,
The new encryption key information generation / storage means includes:
Generating a second random number, means for generating a new key encryption key from the second random value and the input personal identification number,
Means for generating a first key in a new performing the hash operation, erases the old first key to the first key obtained by the decoding means,
Means for determining a new hash calculation count is incremented the hash operation count obtained by said decoding means,
The new first key and the new number of hash operations are encrypted with the new key encryption key to generate new encryption key information, and the generated new encryption key information is stored in the secondary storage. Storage means for storing in the device;
An erasure unit for erasing the new key encryption key after the storage unit generates and stores the new encryption key information ;
2. The electronic data storage apparatus according to claim 1, wherein the first key used by the authentication code generating means is the new first key . The authentication code generation means includes
2. The electronic code according to claim 1, wherein immediately after generating the new authentication code, the authentication code generation key is updated by performing a hash operation on the authentication code generation key by the number of times of a third random number. Data storage device . Recording means for recording before erasing the new key encryption key, the read-write portable storage medium 該新 Tanakagi encryption key by said erasing means,
For target electronic data wait the data input, means for encrypting said authentication code generation key using the previous SL new Tanakagi encryption key recorded in the portable storage medium,
If the target electronic data of the data input process has occurred, further comprise a means for using a pre SL new Tanakagi encryption key recorded in the portable storage medium, decrypts the pre Symbol authentication code generation key The electronic data storage device according to claim 2 . When to enter the personal identification number of the electronic data storage according to any one of claims 1 to 4, characterized in that identifying the person entering the personal identification number by biometric devices such as a fingerprint or iris Equipment . The encryption key information is previously stored in a readable / writable / readable storage medium, and when the encryption key information is decrypted, the encryption key information is read from the readable / writable / readable storage medium, The electronic data storage device according to any one of claims 1 to 5 , wherein the electronic data storage device is decrypted. When generating the authentication code by storing the key encryption key in a readable / writable or readable storage medium in advance instead of using the key encryption key generated by the second key encryption key generation unit The electronic data storage device according to any one of claims 1 to 6 , wherein the key encryption key is read from the read / write or readable storage medium and used. A computer of an electronic data storage device that has a secondary storage device with restricted access and secures evidence of electronic data with an authentication code and an electronic signature.
First key encryption key generation means for generating a key encryption key based on the first random number value and the personal identification number before starting operation ;
A first key generation means for generating a “ first key for generating the authentication code ” by performing a hash operation on an arbitrary secret key a predetermined number of times before the start of operation ;
Before starting the operation, the first key and the number of times the hash calculation, the generate encryption key information by encrypting the key encryption key, the encryption key information thus generated secondary Encryption key information generation / storage means for storing in a storage device;
First random value storage means for storing the first random number value used when generating the key encryption key in a storage medium that can be stored separately from the electronic data storage device before starting operation ; ,
After the start of operation, from said first random number value stored before Kiki憶媒body and personal identification number inputted, a second key encrypting key generating means for generating a key encrypting key,
By decoding the encrypted key information by using the key encryption key the second key encrypting key generating means has generated, and decoding means asking you to said hash calculation times and the first key ,
A means for generating a new authentication code using the first key obtained by the decryption means, wherein for each electronic data , an arbitrary third random value is used for the first key. An authentication code generation means for generating an authentication code generation key by performing a hash operation for the number of times of the third random number value , and generating the new authentication code for arbitrary electronic data using the generated authentication code generation key;
Program to function as. The encryption key information is previously stored in a readable / writable / readable storage medium, and when the encryption key information is decrypted, the encryption key information is read from the readable / writable / readable storage medium, The program according to claim 8 , wherein the program is decrypted. When generating the authentication code by storing the key encryption key in a readable / writable or readable storage medium in advance instead of using the key encryption key generated by the second key encryption key generation unit The program according to claim 8 or 9, wherein the key encryption key is read from the read / write or readable storage medium for use.

Images