 
                 Patent Application
 Patent Application
                     20080232596
 20080232596
                    This application is based upon and claims the benefit of priority from prior Japanese Patent Application No. 2007-077355, filed Mar. 23, 2007, the entire contents of which are incorporated herein by reference.
1. Field of the Invention
This invention relates to a data processing apparatus and a program used to write distributed data to a storage medium such as a hard disk drive (HDD) in an open environment in which access is not limited.
2. Description of the Related Art
Generally, processes for distributing contents such as music data and video data via a communication network such as ROM media and Internet are widely performed. In the contents distribution field, it is proposed to provide a system which distributes a bundle of decrypting keys having a plurality of decrypting keys capable of individually decrypting the respective encrypted contents when a plurality of encrypted contents are distributed (for example, refer to Jpn. Pat. Appln. KOKAI Publication No. 2006-254204).
In the system disclosed in Jpn. Pat. Appln. KOKAI Publication No. 2006-254204, for example, a protected area is used to store an encrypted counter value indicating the frequency of applications of a decrypting key bundle (distribution key bundle). The protected area is a storage area which can be accessed only from a program executing portion having certain secret information. As a device having the protected area, for example, a Secure Digital (SD) card is provided. When the SD card is held by a user's terminal including a program executing portion having a device key, the SD card and program executing portion commonly have the same session key via authentication and key exchange processes (AKE). Then, the program executing portion inputs and outputs data encrypted by use of the session key to and from the SD card to set a state in which the read/write operation can be performed with respect to the protected area of the SD card. Further, if the program executing portion has no device key, the authentication process is performed in failure and the read/write operation with respect to the protected area cannot be performed. If the session key is not known, data of the protected area cannot be correctly read/written.
Generally, a storage medium having the protected area includes a general area which can be subjected to a read/write operation without performing the authentication process, an encrypted content is recorded in the general area, for example, and the decrypting key of the encrypted content is recorded in the protected area in some cases. In this case, the program executing portion having secret information reads the decrypting key from the protected area so as to decrypt and reproduce the encrypted content.
Further, as another technique using the protected area, for example, a technique for restoring original data from data groups which are additionally stored in a distributed form in a plurality of existing lists based on an additional file list stored in a stable location (protected area) to which the third party cannot access is known (for example, refer to Jpn. Pat. Appln. KOKAI Publication No. 2001-282621).
As a recording medium having no protected area, generally, a hard disk drive (HDD, hereinafter simply referred to as a hard disk) is known. The hard disk is widely used in a personal computer and the like as a recording medium for given data which is not limited to the contents. In the case of a general hard disk, a protected area which requires an authentication process is not provided and access is not limited.
However, if an area similar to a protected area can be structured in a recording medium such as a hard disk to which access can be freely made, it is preferable from the viewpoint of protecting stored data. In this case, the “area similar to the protected area” indicates an area in which access is not limited and which is protected (by the technique such as the secret distributing technique and encrypting technique other than the access limitation technique). The protected area is an area protected by access limitation. A method for structuring an area similar to the protected area in a recording medium in which access is not limited is explained below.
First, a protected area master key used to encrypt information recorded in the area similar to the protected area is prepared. The protected area master key is also recorded on the hard disk but it is impossible to completely prevent access to the protected area master key from the viewpoint of the property of the hard disk.
However, since various programs such as an OS are used to read or write information with respect to the hard disk, it becomes difficult to specify the protected area master key if the recording position of the protected area master key is made unclear. More specifically, for example, if the protected area master key is distributed as a plurality of distributed information items by use of a threshold value secret distribution method and the distributed information items are recorded in plural locations of the hard disk, the recording position of the protected area master key can be made unclear. As the threshold value secret distribution method, for example, a method called a (k, n) threshold value secret distribution method is proposed by Shamir in 1979 (for example, refer to A. Shamir; “How to Share a Secret”, Communication of the ACM, 22, 11, pp. 612 to 613 [1979]).
In the (k, n) threshold value secret distribution method, secret information is divided into n distributed information items, and original secret information can be restored by collecting desired k information items from the n distributed information items, but information relating to the original secret information cannot be attained at all based on the (k−1) distributed information items. That is, the (k, n) threshold value secret distribution method has a secret information restoring characteristic with the threshold value k set as a boundary (1<k≦n). Therefore, according to the (k, n) threshold value secret distribution method, the management process can be performed such that the original secret information can be safely protected even if distributed information items of (k−1) or less are leaked and the original secret information can be restored even if distributed information items of (n−k) or less are lost.
However, if distributed information items of the protected area master key are simply stored in a distributed form by use of the (k, n) threshold value secret distribution method, there occurs a possibility that the protected area master key and record information before encryption can be restored by backup-restoring distributed information items and record information encrypted by use of the protected area master key in a case where the recording position of the distributed information items is known. The “backup-restoring” is a process for copying record information in a storage area to another location and writing back the copied information to the original storage area after rewriting the record information to restore the record information before rewriting.
Therefore, it is important to update the protected area master key each time the record information in the storage area is rewritten and make unclear the recording positions of distributed information items relating to the protected area master key after updating from the viewpoint of preventing the backup-restoring process. This is because the protected area master key after updating and record information before encryption can be restored as described before if the recording positions of the distributed information items are made clear (for example, refer to Toru Kambayashi, Kenji Shimoda, Hiroyuki Sakamoto, “Content Protection for SD Memory Card”, Toshiba Review, Toshiba Inc. 2003, Vol. 58 No. 6, pp. 32 to 35).
However, in the method for structuring the area similar to the protected area, in a case where the recording positions of the respective distributed information items are kept the same at each time, there occurs a problem that the backup-restoring process can be performed if the recording position is once made clear.
An object of this invention is to provide a data processing apparatus and a program capable of making it difficult to specify a recording position of distributed information stored in a storage device in which access is not limited.
In a first aspect of the present invention, there is provided a data processing apparatus capable of updating and writing a plurality of distributed information items generated based on to-be-held secret information with respect to a storage device in which access is not limited, comprising: a distributed information generation device configured to generate a plurality of distributed information items updated this time according to secret information to be held this time based on a threshold value secret distribution method, a recording position selecting device configured to select recording positions of the distributed information items updated this time to leave behind distributed information items of a number less than a threshold value among the plurality of distributed information items updated last time or leave behind none of the above distributed information items with respect to a plurality of distributed information items updated and stored in the storage device, and a distributed information writing device configured to write the distributed information items updated this time to the storage device based on the selected recording positions.
In a second aspect of the present invention, there is provided a data processing apparatus capable of updating and writing a plurality of distributed information items generated based on to-be-held secret key information with respect to a storage device in which access is not limited, comprising: a file input device configured to input a file by an operation of an operator, a file key generation device configured to generate file key information according to the file, a file encrypting device configured to encrypt the file by use of the file key information and write the thus obtained encrypted file to the storage device, a key encrypting device configured to encrypt a key management file containing file addresses of the file key information and encrypted file and file addresses of different file key information and different encrypted file stored in the storage device by use of the secret key information and write the thus obtained encrypted key management file to the storage device, a distributed information generation device configured to generate a plurality of distributed information items updated this time according to secret key information to be held this time based on a threshold value secret distribution method, a recording position selecting device configured to select recording positions of the distributed information items updated this time to leave behind distributed information items of a number less than a threshold value among the plurality of distributed information items updated last time or leave behind none of the above distributed information items with respect to a plurality of distributed information items updated and stored in the storage device, a distributed information writing device configured to write the distributed information items updated this time to the storage device based on the selected recording positions, a device configured to read the distributed information items updated this time from the storage device, a key restoring device configured to restore secret key information from the read distributed information items by use of the threshold value secret distribution method, a device configured to decrypt the encrypted key management file in the storage device based on the restored secret key information to obtain a key management file, and a device configured to decrypt a corresponding encrypted file in the storage device based on corresponding file key information in the key management file and a file address input from an exterior to obtain a file.
The first and second aspects are expressed by the “apparatus”, but are not limited to this and the apparatus and a set of apparatuses can be expressed by a “program”, “computer-readable recording medium having a program stored therein” or “method”.
In the first aspect, it is possible to make it difficult to specify the recording positions of distributed information items stored in the storage device in which access is not limited since the recording positions of the respective distributed information items are made different at each time by making a configuration to write distributed information items updated this time to the storage device so that distributed information items of a number less than a threshold value among a plurality of distributed information items updated last time will be left behind or will not be completely left behind.
In the second aspect, an operation of protecting a plurality of files by encryption can be attained in addition to the same operation as that of the first aspect.
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
Embodiments of the present invention will be described with reference to the accompanying drawings. In the following apparatuses, a hardware configuration or a combined configuration of a hardware source and software can be used for each apparatus. As shown in 
  
The data processing apparatus 10 includes an interface portion 11 and secret information management portion 12.
The interface portion 11 has an interface function between the data storage device 20 and the internal portion of the data processing apparatus 10. For clarifying the explanation, the description to the effect that the input/output operations with respect to both of the apparatus 10 and device 20 are performed via the interface portions 11, 21 is appropriately omitted.
The secret information management portion 12 includes a secret information generating portion 12-1, secret distribution processing portion 12-2, distributed information management portion 12-3 and secret distribution restoring portion 12-4.
The secret information generating portion 12-1 has a function of generating secret information to be held this time in response to the operation of an operator and a function of supplying the thus generated secret information to the secret distribution processing portion 12-2.
The secret distribution processing portion 12-2 has a function of generating a plurality of distributed information items to be updated this time according to the secret information supplied from the secret information generating portion 12-1 based on a (k, n) threshold value secret distribution method utilizing a threshold value k and distribution number n and supplying the thus obtained distributed information items to the distributed information management portion 12-3. As shown in 
The distributed information management portion 12-3 has the following functions (f12-3-1) to (f12-3-5).
(f12-3-1): The function of selecting recording positions of respective distributed information items to be updated this time so that distributed information items of a number less than the threshold value k among n distributed information items updated last time are left behind with respect to L (k<L<2k) distributed information items D1 to DL updated and stored in the distributed information storing portion 22 when the respective distributed information items are received from the secret distribution processing portion 12-2.
(f12-3-2): The function of writing respective distributed information items to be updated this time to the distributed information storing portion 22 based on the selected recording positions.
(f12-3-3): The function of writing distribution IDs and position information items corresponding thereto to a distributed position information table T in a table storage portion 23 with respect to the written distributed information items.
(f12-3-4): The function of reading at least k distributed information items D1 to Dk from the distributed information storing portion 22 by referring to the distributed position information table T in the table storage portion 23 in response to the operation of the operator.
(f12-3-5): The function of supplying the read distributed information items D1 to Dk to the secret distribution restoring portion 12-4.
The recording positions of the distributed information items may be selected by use of random numbers, for example. Further, positions different from the recording positions used at the preceding time may be intentionally selected by referring to the table storage portion 23. The number of operations of writing distributed information items in each cycle is not limited to n and can be freely set to any value if it is set in the range of k and n.
The secret distribution restoring portion 12-4 has a function of subjecting distributed information items received from the distributed information management portion 12-3 to a restoring process based on a threshold secret distribution method and restoring secret information.
The data storage device 20 includes the interface portion 21, distributed information storing portion 22 and table storage portion 23.
The interface portion 21 has an interface function between the data processing apparatus 10 and the internal portion of the data storage portion 20.
The distributed information storing portion 22 has L storage areas which can be subjected to a read/write operation by use of the data processing apparatus 20 and store L distributed information items D1, D2, Dn, . . . , DL. In this case, it is preferable to set the relation of n<L<2k. The reason why the relation of n<L is preferable is that there occurs a problem that n distributed information items may be recorded in the same positions at each time if n=L and there occurs a problem that n distributed information items cannot be recorded if n>L. Further, the reason why the relation of L<2k is preferable is that there occurs a problem that k (=n) distributed information items before updating are left behind (a problem that the secret information before updating can be restored) even if n (=k) distributed information items after updating are written at the time of n=k in the case of L=2k. The same problem occurs in the case of 2k<L.
However, it is not indispensable to set the relation of n<L<2k and the relation can be adequately changed depending on values of (k, n). For example, in order to avoid the case wherein (k, n) is set to (3, 7) and L which satisfies the relation of n<L<2k is not present (for example, the case of 7<L<2·3), it is possible to change the relation to the relation of k<L<2k, for example, and write k to (2k−2) distributed information items.
In the table storage portion 23, a distributed position information table which can be subjected to a read/write operation by use of the data processing apparatus 20 is stored. In the distributed position information table T, position information items (address information items) in the distributed information storage portion 22 are stored for respective distributed IDs with respect to the L distributed information items D1, D2, . . . , Dn, . . . , DL.
Next, the operation of the data processing apparatus with the above configuration is explained with reference to 
(Recording Operation)
As shown in 
The secret distribution processing portion 12-2 distributes the secret information as n distributed information items D1 to Dn based on the (k, n) threshold value secret distribution method (ST2) and supplies the distributed information items D1 to Dn to the distributed information management portion 12-3.
When receiving the distributed information items D1 to Dn, the distributed information management portion 12-3 refers to the distributed position information table T stored in the table storage portion 23 of the data storage device 20 to select recording positions of the respective distributed information items D1 to Dn so as to leave behind distributed information items of a number less than the threshold value k among n distributed information items D1′ to Dn′ updated last time (ST3). The recording position of, for example, at least one distributed information Di as the number of the distributed information items less than the threshold value k is selected to be different from the recording positions of the n distributed information items D1′ to Dn′ updated last time.
After this, the distributed information management portion 12-3 writes the n distributed information items D1 to Dn to n selected storage areas among the L storage areas of the distributed information storing portion 22 (ST4). Further, the distributed information management portion 12-3 writes distribution IDs and position information items corresponding thereto with respect to the written distributed information items D1 to Dn to the distributed position information table T in the table storage portion 23.
(Restoring Operation)
As shown in 
The secret distribution restoring portion 12-4 restores secret information based on the k distributed information items D1 to Dk by use of the threshold value secret distribution method (ST12).
As described above, according to the present embodiment, with the configuration in which the distributed information items D1 to Dn updated this time are written to the distributed information storing portion 22 so as to leave behind distributed information items of a number less than the threshold value k among the n distributed information items D1′ to Dn′ updated last time, since the recording positions of the respective distributed information items are made different for each time, it becomes possible to make it difficult to specify the recording positions of the distributed information items stored in the storage device in which access is not limited.
The present embodiment may be modified into a configuration obtained by omitting the table storage portion 23 as shown by the following modifications (1) to (5).
(1) As shown in 
(2) As shown in 
(3) As shown in 
(4) It is possible to make it difficult to analyze generation information, distributed position information table T and distributed information items D1 to DL by encrypting them. Further, it is advantageous from the viewpoint of detecting data falsification to form a modified configuration in which verify information used to verify whether restored secret information is correct or not is recorded in a portion different from the distributed information storing portion 22. In this case, as the verify information, a digital signature of the data processing apparatus 10 with respect to secret information, a hash value with respect to secret information and the like can be appropriately used. Further, as the portion different from the distributed information storing portion 22, for example, a desired storage area of the data storage device 20 or data processing apparatus 10 can be used.
(5) The system of the threshold value secret distribution method can be changed when secret information is updated. For example, it is possible to make switching between a (3, 3) threshold value secret distribution method and a (3, 4) threshold value secret distribution method. According to this modification, it is possible to make it more difficult to specify the secret information distribution method.
A data processing apparatus according to a second embodiment of this invention is explained with reference to 
More specifically, for example, when secret information is set to a0 and is distributed by use of the (k, n) threshold value secret distribution method, the threshold value secret distribution method is realized by freely selecting (k−1) coefficients a1, a2, . . . , ak−1, preparing a (k−1)th degree polynomial of x, y, where y=a0+a1×x+a2×x2+ . . . +ak−1×xk−1, and freely selecting different points (x1, y1), . . . , (xn, yn) on the (k−1)th degree polynomial. When k distributed information items are collected from the n distributed information items distributed at the restoring time, the set (k−1)th degree polynomial can be specified and secret information a0 can be derived.
In the present embodiment, the (k, n) threshold value secret distribution method is improved as follows:
That is, when m (m≦k−1) distributed information items used last time are contained in n distributed information items used this time, secret information is substituted into a0′ and the m distributed information items used last time are substituted into points (x, y) in a polynomial of y=a0+a1×x+a2×x2+ . . . +ak−1×xk−1 to obtain m simultaneous equations.
Then, if (k−1−m) values are randomly and independently set from coefficients a1′ to ak−1′, the remaining coefficients are determined. After this, (n−m) distributed information items used as new distributed information items (x1, y1), (xn−m, yn−m) are freely selected.
Next, as shown in 
As the concrete configuration, the secret distribution processing portion 12-2 has a function of reading distributed information items of a number less than the threshold value among the distributed information items updated last time and a function of generating a plurality of distributed information items updated this time to contain the read distributed information items used last time and to-be-held secret information items by use of the threshold value secret distribution method.
Next, the operation of the data processing apparatus with the above configuration is explained with reference to 
(Recording Operation)
It is supposed now that seven distributed information items D1 to D7 are stored in the distributed information storing portion 22 as shown in 
When receiving the updated secret information, the secret distribution processing portion 12-2 reads distributed information items of m (m≦k−1) less than the threshold value among distributed information items D1′ to Dn′ updated last time from the distributed information storing portion 22.
Next, the secret distribution processing portion 12-2 distributes secret information as (n−m) distributed information items D1 to Dn−m used this time and m distributed information items Dn−m+1 to Dn used last time by use of the (k, n) threshold value secret distribution method. For example, m simultaneous equations are derived by preparing the equation of y=a0+a1×x+a2×x2+ . . . +ak−1×xk−1 and substituting the m distributed information items Dn−m+1 to Dn used last time into the above equation. After this, coefficients a0 to ak−1 are randomly and independently set to satisfy the derived simultaneous equations. Then, the remaining distributed information items D1 to Dn−m are created.
Next, a case of n=k=4 and m=1 is taken as an example and explained.
When receiving the updated secret information, the distributed information management portion 12-3 selects the distributed information D7 which has the newest generation information and a reuse flag of “1” among the distributed information items D1 to D7 in the distributed information storing portion 22 shown in 
Next, the distributed information management portion 12-3 distributes the updated secret information as three distributed information items Da, Db, Dc used this time and one distributed information D7 used last time based on the (3, 4) threshold value secret distribution method (ST22). At this time, generation information items of the distributed information items Da, Db, Dc are set to the newest value “3”.
The distributed information management portion 12-3 selects areas used to update the three distributed information items Da, Db, Dc used this time among the storage areas of the distributed information items D1 to D7 in the distributed information storing portion 22 shown in 
Further, for example, the storage area of the distributed information D1 is selected as the storage area of the distributed information to be reused among the storage areas of the distributed information items D1, D3, D5 (ST24). At this time, the reuse flag of the distributed information D1 is set to “1”.
After this, as shown in 
Thus, the distributed information updating process is terminated. At the secret information restoring time, the three distributed information items D1, D3, D5 used this time and the distributed information D7 used last time are read.
Next, the secret information restoring operation is explained.
As shown in 
The secret distribution restoring portion 12-4 restores secret information from the four distributed information items D1, D3, D5, D7 by use of the (3, 4) threshold value secret distribution method (ST26).
As described above, according to the present embodiment, the effect that specification of the location of the distributed information of the secret information can be made difficult since the m distributed information items used last time other than the (n−m) distributed information items updated this time can be also used for restoring can be attained in addition to the effect of the first embodiment.
A data processing apparatus according to a third embodiment of this invention is explained with reference to 
In this case, the distributed information management portion 12-3 has the following functions (f12-3-6) and (f12-3-7) in addition to the functions (f12-3-1) to (f12-3-5) described before.
(f12-3-6): The function of writing distributed information items of “threshold value k−1” among the distributed information items D1 to Dn updated this time to the distributed information storing portion 22 so as to set the number of distributed information items D1′ to Dn′ updated last time equal to the “threshold value k” when the number of distributed information items D1′ to Dn′ updated last time and stored in the distributed information storing portion 22 is larger than the threshold value k.
(f12-3-7): The function of writing one of the distributed information items updated this time over the distributed information updated last time when the number of distributed information items updated last time and stored in the distributed information storing portion 22 is set equal to the “threshold value k”.
  
A case wherein distributed information items D1 to Dn are recorded by use of the (k, n) threshold value secret distribution method in L storage areas in which distributed information items D1′ to DL′ of plural generations are recorded by use of the (k′, n′) threshold value secret distribution method is explained. First, (k−1) distributed information items D1 to Dk−1 to be updated are recorded to erase (k′−n′) or more previous distributed information items Dk+1′ to DL′. In the recording process, the previous distributed information items can be simultaneously erased by overwriting.
The sequence of recording and then erasing is desirable by taking into consideration that the recording process is interrupted although the sequence of the recording process is not specifically limited. After this, new kth distributed information is written to the position of the previous distributed information. Since the number of previous distributed information items becomes (k−1) when the writing process is terminated, the previous secret information cannot be restored. At the same time, since the number of distributed information items after updating becomes k, it becomes possible to restore the secret information after updating.
As described above, according to the present embodiment, the effect that the state other than the state before or after updating can be prevented from occurring at the time of writing to the distributed information storing portion 22 in the configuration in which (k−1) distributed information items used this time are written while k distributed information items used last time are kept left and then the next one distributed information item (kth one of the distributed information items used this time) is written over one of the k previous distributed information items can be attained in addition to the effect of the first embodiment.
Next, a data processing apparatus according to a fourth embodiment of this invention is explained.
  
The data processing apparatus 10 includes an interface portion 11, secret information management portion 12, key management file management portion 13, file encrypting portion 14 and file decrypting portion 15.
The interface portion 11 and secret information management portion 12 are the same those described before. However, a protected area master key MK as shown in 
The key management file management portion 13 has the following functions (f13-1) to (f13-4).
(f13-1): The function of generating file key information ki according to a file ia or ib input from the exterior in response to the operation of the operator.
(f13-2): The function of encrypting a key management file MFa or MFb containing a MAC value, file address and file sub address of an encrypted file ia or ib and file key information ki and a MAC value, file address and file sub address of another encrypted file and other file key information in a protected area portion 25 by use of the protected area master key MK and writing the thus obtained encrypted key management file MFa or MFb to a protected area key storage portion 24. In this case, the MAC value can be omitted.
(f13-3): The function of decrypting the encrypted key management file MFa or MFb in the protected area key storage portion 24 by use of the protected area master key MK supplied from the secret information management portion 12 to acquire a key management file MFa or MFb.
(f13-4): The function of supplying corresponding file key information, file address and file sub address to the file decrypting portion 15 based on the decrypted key management file MFa or MFb and the file address input from the exterior.
The file encrypting portion 14 has a function of inputting a file ia or ib by the operation of the operator and a function of encrypting the input file ia or ib by use of file key information ki and writing the thus obtained encrypted file ia or ib to the protected area portion 25.
The file decrypting portion 15 decrypts the corresponding encrypted file ia or ib in the protected area portion 25 based on the file key information, file address and file sub address received from the key management file management portion 13 to acquire a file ia or ib.
The data storage device 20 includes an interface portion 21, distributed information storing portion 22, table storage portion 23, protected area key storage portion 24 and protected area portion 25.
The interface portion 21, distributed information storing portion 22 and table storage portion 23 are the same as those described before.
The protected area key storage portion 24 is a storage area which can be subjected to a read/write operation by use of the data processing apparatus 10 and encrypted key management files MFa, MFb are stored therein.
As shown in 
In this case, the a-series and b-series are two series indicating the states before and after updating. In the case of the encrypted key management files MFa, MFb, the state before updating is copied except one file key information ki (where i=1, 2, . . . , h), file address, file sub address and MAC value updated this time and a protected area management file MAC corresponding to the updating operation. For one file key information ki, file address, file sub address and MAC value updated this time and the protected area management file MAC corresponding to the updating operation, one of the two series indicates the state before updating and the other series indicates the state after updating.
Likewise, in the case of the encrypted files 1a to ha and 1b to hb, the state before updating is copied except one encrypted file ia or ib (where i=1, 2, . . . , h) updated this time in each of the a-series and b-series. Further, for one encrypted file ia or ib updated this time, one of the two series indicates the encrypted file ia or ib before updating and the other series indicates the encrypted file ib or ia after updating.
That is, even when the power source is turned OFF while the distributed information items D1 to Dn are being updated, the encrypted files 1a to ha or 1b to hb before or after updating can be restored by holding the encrypted key management files MFa, MFb before and after updating and the encrypted files 1a to ha and 1b to hb in the data storage device 20.
The file key information items k1 to kh in the encrypted key management file MFa correspond to the encrypted files 1a to ha in the protected area portion 25. The file key information items are key information items used to decrypt the encrypted files 1a to ha and key information items used to encrypt the files 1a to ha in the non-encrypted state and acquire encrypted files 1a to ha. For example, the file key information k1 corresponds to the encrypted file 1a in the protected area portion 25. The file key information is key information used to decrypt the encrypted file 1a and key information used to encrypt the file 1a in the non-encrypted state and acquire an encrypted file 1a.
The file addresses are address information items indicating the encrypted files 1a to ha and 1b to hb in the protected area portion 25. For example, the file address corresponding to the file key information k1 is address information commonly used for both of the encrypted files 1a and 1b in the protected area portion 25.
The file sub addresses are sub address information items indicating the encrypted files 1a to ha or encrypted files 1b to hb among the encrypted files 1a to ha and 1b to hb. For example, the file sub address corresponding to the file key information k1 in the encrypted key management file MFa is sub address information indicating the encrypted file 1a. That is, the recording position of the encrypted file 1a or 1b in the protected area portion 25 can be specified by combining the file address and file sub address.
MAC indicates a MAC value for the file key information, file address and file sub address.
The protected area management file MAC indicates a MAC value for h file key information items, file addresses, file sub addresses and MAC values.
The protected area portion 25 is a storage area which can be subjected to a read/write operation by use of the data processing apparatus 10 and encrypted files 1a to ha and 1b to hb before and after updating are stored therein for every h files.
Next, the operation of the data processing apparatus with the above configuration is explained with reference to 
(Decrypting Operation)
As shown in 
The key management file management portion 13 checks the recording position of the encrypted key management file MFa or MFb according to a key management file bit of the protected area master key MK (ST32). The recording positions of the encrypted key management files MFa, MFb are previously held by the key management file management portion 13 at the updating time and one of the recording position of the encrypted key management file MFa and the recording position of the encrypted key management file MFb which is to be used is specified by use of the key management file bit.
The key management file management portion 13 reads a specified encrypted key management file, for example, MFa from the protected area key storage portion 24 (ST33). Further, the key management file management portion 13 decrypts the encrypted key management file MFa by use of master key data of the protected area master key MK and confirms the MAC value (not shown) of the encrypted key management file MFa (ST34).
Next, the key management file management portion 13 checks file key information, for example, k1 and file sub address (location) associated with a file address specified by the operator according to the encrypted key management file MFa based on the above file address (ST35).
After this, the key management file management portion 13 supplies the corresponding file key information k1, file address and file sub address to the file decrypting portion 15.
The file decrypting portion 15 reads an encrypted file 1a from the protected area portion 25 based on the file address and file sub address (ST36).
The file decrypting portion 15 performs a process of decrypting the encrypted file 1a based on the file key information k1 and confirms a MAC value (not shown) of the thus obtained file 1a (ST37).
The confirmation process of the MAC value in the steps ST34, ST37 is preferable from the viewpoint of verifying whether falsification is made or not, but is not indispensable and can be omitted.
(Recording Operation)
As shown in 
Then, the key management file management portion 13 of the data processing apparatus 10 updates file key information, for example, k1 in a memory (not shown) (ST45). When receiving a file 1b to be updated by the operation of the operator, the file encrypting portion 14 performs an encrypting process for the to-be-updated file 1b based on the file key information k1 after updating in the memory (ST46). The secret information management portion 12 updates the protected area master key MK in the memory (ST47) and performs a process of distributing the thus updated protected area master key MK (ST48).
Further, the key management file management portion 13 performs a MAC calculation process for the updated encrypted file 1b and encrypted key management file MFb (ST49) and updates the encrypted key management file MFb in the memory. The updated contents are a MAC value, file key information k1, file address and file sub address (ST50). After this, information items in the memory are actually held in the data storage device 20.
The file encrypting portion 14 copies encrypted files 2a to ha before updating, writes the same as encrypted files 2b to hb and writes an encrypted file 1b after updating (ST51).
Thus, the encrypted files 1a to ha before updating, encrypted file 1b after updating and encrypted files 2b to hb after updating obtained by copying the encrypted files 2a to ha before updating are present in the protected area portion 25.
The key management file management portion 13 copies the encrypted key management file MFa before updating and writes the same as an encrypted key management file MFb and writes an encrypted key management file MFb after updating over the above encrypted key management file MFb (ST52). Thus, the encrypted key management file MFa before updating and encrypted key management file MFb after updating are present in the protected area key storage portion 24.
The secret information management portion 12 writes distributed information items D1 to Dn of the protected area master key MK (ST53). The step ST53 can be performed as described in the first to third embodiments.
As described above, according to the present embodiment, the effect that a plurality of files can be protected by encrypting can be attained in addition to the effects of the first to third embodiments.
Further, by holding the encrypted files 1a to ha, 1b to hb and encrypted key management files MFa, MFb before and after updating in the data storage device 20, the files 1a to ha or 1b to hb before or after updating can be restored even when the power source is turned OFF while the distributed information items D1 to Dn in the distributed information storage portion 22 are being updated (during the process of the step ST53).
The technique described above for the embodiment can be stored as a program to be executed by a computer in memory mediums including magnetic disks (Floppy™ disks, hard disks, etc.), optical disks (CD-ROMs, DVDs, etc.), magneto-optical disks (MOs) and semiconductor memories for distribution.
Memory mediums that can be used for the purpose of the present invention are not limited to those listed above and memory mediums of any type can also be used for the purpose of the present invention so long as they are computer-readable ones.
Additionally, the OS (operating system) operating on a computer according to the instructions of a program installed in the computer from a memory medium, data base management software and/or middleware such as network software may take part in each of the processes for realizing the above embodiment.
Still additionally, memory mediums that can be used for the purpose of the present invention are not limited to those independent from computers but include memory mediums adapted to download a program transmitted by LANs and/or the Internet and permanently or temporarily store it.
It is not necessary that a single memory medium is used with the above described embodiment. In other words, a plurality of memory mediums may be used with the above-described embodiment to execute any of the above described various processes. Such memory mediums may have any configuration.
For the purpose of the present invention, a computer executes various processes according to one or more than one programs stored in the memory medium or mediums as described above for the preferred embodiment. More specifically, the computer may be a stand alone computer or a system realized by connecting a plurality of computers by way of a network.
For the purpose of the present invention, computers include not only personal computers but also processors and microcomputers contained in information processing apparatus. In other words, computers generally refer to apparatus and appliances that can realize the functional features of the present invention by means of a computer program.
The present invention is by no means limited to the above described embodiment, which may be modified in various different ways without departing from the spirit and scope of the invention. Additionally, any of the components of the above described embodiment may be combined differently in various appropriate ways for the purpose of the present invention. For example, some of the components of the above described embodiment may be omitted. Alternatively, components of different embodiments may be combined appropriately in various different ways for the purpose of the present invention.
| Number | Date | Country | Kind | 
|---|---|---|---|
| 2007-077355 | Mar 2007 | JP | national |