JP2005165738A - Electronic content management system, electronic content management method, and its program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To enhance security; and to simply conduct the management operation of enciphering keys by enciphering/decoding a plurality of data portions being encipherment of interest in an electronic content by means of a plurality of enciphering keys. <P>SOLUTION: An electronic content management method comprises: enciphering the electronic content in a data portion unit being the encipherment of interest by means of the plurality of enciphering keys; linking authority instituting the range of an action being previously effectively done with each of the plurality of enciphering keys to associate identification information on a user with each authority. Checking the identification information provided from the user against the authority-associated identification information specifies the authority corresponding to the identification information on the user and the enciphering key corresponding to the authority when access by the user is authenticated. Reading and changing the data portion corresponding to the enciphering key is permitted. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

  The present invention relates to an electronic content management system, an electronic content management method, and a program thereof that encrypt and manage electronic contents such as documents, music, still images, and moving images.

In recent years, regarding the management of electronic contents such as documents, music, still images, and moving images, a technique for encrypting and storing the data itself has been disclosed as a countermeasure against external hacking and some data leakage accidents. Patent Document 1 encrypts electronic information and generates necessary decryption key information and usage authority information; an electronic information creation apparatus that registers the usage authority information and the decryption key information; and Electronic information management apparatus for storing encryption key information necessary for encryption, and electronic information reference apparatus for decrypting electronic information encrypted using the encryption key and displaying the decrypted electronic information Disclose the distribution system.
Japanese Patent Laid-Open No. 2003-30056

  However, Patent Document 1 has a problem that if one decryption key is leaked, all corresponding electronic information is decrypted. In addition, the user's authority can define how to use electronic information such as viewing, saving, printing, transferring, and editing, and the user can be allowed to use the electronic information according to the authority. The range of data parts that can be equalized was not defined according to authority. Therefore, it is difficult to apply to electronic contents whose range that can be browsed for each user is to be adjusted.

  The present invention has been made in view of the above problems, and can enhance security by encrypting / decrypting a plurality of data portions to be encrypted in electronic contents with a plurality of encryption keys. An object is to provide an electronic content management system, an electronic content management method, and a program thereof.

  In addition, the present invention provides an electronic content management system, an electronic content management method, and a program thereof that can easily perform encryption key management operations when one electronic content is encrypted / decrypted with a plurality of encryption keys. The purpose is to provide.

  In order to achieve such an object, the invention described in claim 1 includes an encrypted electronic content recording unit 141 for recording electronic content encrypted with a plurality of encryption keys in a data part unit to be encrypted, and the plurality An encryption key recording unit 142 that records the encryption key of each of the plurality of encryption keys, an encryption key / authority association unit 143 that defines each of the plurality of encryption keys in association with an authority that defines a range of actions that can be effectively performed in advance, and , Authority / individual association means 144 that associates and defines user identification information with each authority defined by the encryption key / authority association means 143, and creates the encryption key to encrypt the electronic content. Encryption / decryption means 123 for decrypting the encrypted electronic content using the encryption key, identification information input from the user, and the authority / individual pair The authentication means 121 for determining whether or not to authenticate the user's access by collating with the identification information defined in the associating means 144, and for the access of the user authenticated by the authentication means 121, A data processing unit 122 that permits browsing or changing part or all of the electronic content; and a temporary storage unit 130 that is used as a work area of the encryption / decryption unit 123 and the data processing unit 122. The data processing means 122 identifies the authority corresponding to the user authenticated by the authentication means 121 with reference to the authority / personal association means 144, and determines the encryption key corresponding to the authority as the encryption key / The encryption / decryption unit 123 specifies the encryption key specified by the data processing unit 122 by specifying with reference to the authority correspondence association unit 143. Thus, the data portion corresponding to the specified encryption key in the encrypted electronic content recorded in the encrypted electronic content recording unit 141 is decrypted in the temporary storage unit 130. .

  According to the first aspect of the present invention, the encrypted electronic content recording means 141 constructed by a database or the like is a data part unit (for example, a tag unit of an XML document file) for encrypting electronic content (for example, an XML document file). ) Are encrypted and recorded with a plurality of encryption keys, and the encryption key recording means 142 records the plurality of encryption keys. The encryption key / authority correspondence associating means 143 associates each of the plurality of encryption keys with an authority (for example, authority corresponding to the department or position of the organization) that defines the range of actions that can be effectively performed in advance. The personal correspondence association means 144 associates the user identification information with each authority. The temporary storage means 130 constructed by a volatile memory or the like is used as a work area for encryption / decryption and various data processing. The encryption / decryption means 123 encrypts the electronic content by an arbitrary encryption method such as DES, and decrypts the encrypted electronic content using the encryption key. Whether the authentication unit 121 authenticates the user's access by collating the identification information provided by the user by inserting an IC card or the like with the identification information defined in the authority / personal correspondence association unit 144 Judging. The data processing unit 122 identifies the authorized user's authority and the encryption key associated with the authority, and permits viewing or changing part or all of the electronic content.

  According to a second aspect of the invention, in the first aspect of the invention, the encryption / decryption means 123 creates a plurality of encryption keys that can encrypt / decrypt one or more data portions in the electronic content. Then, a plurality of encryption keys in which the range in which the electronic content can be encrypted / decrypted are hierarchized are created.

  According to the second aspect of the present invention, the encryption / decryption means 123 encrypts / decrypts one or more data parts in the electronic content (for example, encrypts / decrypts one data part). The electronic content can be encrypted / decrypted by creating an encryption key that can be decrypted, an encryption key that can encrypt / decrypt two data parts, an encryption key that can encrypt / decrypt all data parts, etc. Create multiple encryption keys with hierarchical ranges.

  The invention according to claim 3 is the invention according to claim 1 or 2, wherein the encryption / decryption means 123 encrypts / decrypts a general encryption key which is an encryption key recorded in the encryption key recording means 142. The encryption key recording unit 142 records the general encryption key encrypted with the main encryption key, and the main encryption key is stored in the temporary storage unit 130. It is characterized by.

  According to the third aspect of the invention, the encryption / decryption means 123 creates one main encryption key for encrypting / decrypting the encryption key recorded in the encryption key recording means 142. The main encryption key is stored in the temporary storage means 130 without being recorded on a hard disk or the like.

  The invention according to claim 4 is the invention according to any one of claims 1 to 3, wherein the data portion is a tag unit.

  According to the fourth aspect of the present invention, a portion to be encrypted of one electronic content is encrypted with a plurality of encryption keys for each tag.

  The invention according to claim 5 is an encrypted electronic content recording means 141 for recording electronic content encrypted with a plurality of encryption keys in a data part unit to be encrypted, and an encryption key for recording the plurality of encryption keys. A recording unit 142; an encryption key / authority association unit 143 that defines each of the plurality of encryption keys in association with an authority that defines a range of actions that can be effectively performed in advance; and the encryption key / authority association An electronic content management method for managing electronic content using authority / individual correspondence associating means 144 that associates and defines user identification information with each of the authorities defined by the means 143, and is input from the user And an identification step for determining whether or not to authenticate the user's access by comparing the identification information and the identification information defined in the authority / personal association means 143. An authority corresponding to the identification information of the user authenticated by the authentication step, an encryption key specifying step for specifying an encryption key corresponding to the authority, and data corresponding to the encryption key specified by the encryption key specifying step A browsing permission step for permitting browsing or changing of the portion.

  According to the fifth aspect of the present invention, in the authentication step, whether or not the user's access is authenticated by comparing the identification information provided by the user by inserting the IC card or the like with the identification information associated with the authority. Determine whether. The encryption key specifying step specifies an authority corresponding to the user information of the authenticated user and an encryption key corresponding to the authority. In the browsing permission step, browsing or changing the data portion corresponding to the specified encryption key is permitted.

  The invention according to claim 6 is the electronic content encryption according to claim 5, wherein when the electronic content is inputted, the electronic content is encrypted with a plurality of encryption keys in units of data parts to be encrypted. A step of associating each of the plurality of encryption keys encrypted in the electronic content encryption step with an authority defining a range of actions that can be effectively performed in advance, and an authority associating step, / When there is a change in the user defined in the personal correspondence association means 144, the authority / individual association for associating the changed user identification information with the predetermined authority defined in the authority / personal correspondence association means 144 And a step.

  According to the invention described in claim 6, the electronic content encryption step encrypts the electronic content (for example, XML document file) in a data portion unit (for example, a tag unit of the XML document file) to be encrypted with a plurality of encryption keys. The encryption key / authority associating step associates each of the plurality of encryption keys with an authority (for example, authority corresponding to the department or job title of the organization) that defines a range of actions that can be effectively performed in advance. The personal association step associates user identification information with each authority.

  The invention described in claim 7 is an encrypted electronic content recording unit 141 for recording electronic content encrypted with a plurality of encryption keys in a data part unit to be encrypted, and an encryption key for recording the plurality of encryption keys. A recording unit 142; an encryption key / authority association unit 143 that defines each of the plurality of encryption keys in association with an authority that defines a range of actions that can be effectively performed in advance; and the encryption key / authority association A computer-readable program for managing electronic contents by causing an authority / personal correspondence association means 144 that associates and defines user identification information to each of the authorities defined by the means 143 to manage electronic content. Whether to authenticate the user's access by collating the input identification information with the identification information defined in the authority / personal association means 144 The authentication process to be refused, the authority corresponding to the identification information of the user authenticated by the authentication process, the encryption key specifying process for specifying the encryption key corresponding to the authority, and the encryption key specified by the encryption key specifying process And a browsing permission process for permitting browsing or changing of a data portion corresponding to.

  According to the seventh aspect of the present invention, whether or not the authentication process authenticates the user's access by comparing the identification information provided by the user by inserting an IC card and the like with the identification information associated with the authority. Determine whether. The encryption key specifying process specifies the authority corresponding to the authenticated user identification information and the encryption key corresponding to the authority. The browsing permission process permits browsing or changing of the data portion corresponding to the specified encryption key.

  The invention according to claim 8 is the electronic content encryption according to claim 7, wherein when the electronic content is input, the electronic content is encrypted with a plurality of encryption keys in units of data parts to be encrypted. An encryption key / authority association process for associating each of the plurality of encryption keys encrypted by the electronic content encryption process with an authority that defines a range of actions that can be effectively performed in advance, When there is a change in the user defined in the personal correspondence association means 144, the authority / individual association process for associating the changed user identification information with the predetermined authority defined in the authority / personal correspondence association means 144 Are further executed by a computer.

  According to the eighth aspect of the invention, the electronic content encryption process encrypts electronic content (for example, an XML document file) with a plurality of encryption keys in a data part unit (for example, a tag unit of the XML document file) to be encrypted. In the encryption key / authority association process, each of the plurality of encryption keys is associated with an authority (for example, authority corresponding to a department or a post of an organization) that defines a range of actions that can be effectively performed in advance. In the personal association process, individual authority user information is associated with each authority.

  According to the first aspect of the present invention, the electronic content is encrypted and recorded with a plurality of encryption keys in the data portion unit to be encrypted, so that it is more secure than the case where it is encrypted with one encryption key. Can be increased. In addition, since a plurality of encryption keys are not assigned to an individual but are assigned to an authority, it is not necessary for the individual to manage the encryption key, and the operation can be easily performed. Individuals need only perform general authentication without being aware of the encryption key. Even if there is an organizational change or a role change, it is not necessary to transfer or re-encrypt the encryption key, and it is only necessary to change the association between the encryption key and the authority or the association between the authority and the individual. Furthermore, by managing the encryption key not by an individual but by the system, it is possible to immediately encrypt the electronic content after it is received, thereby improving security.

  According to the invention described in claim 2, in addition to the effect of the invention described in claim 1, a plurality of encryption keys having different ranges that can be encrypted / decrypted using the hierarchical encryption method are generated, and the encryption By associating the key with the authority, the encryption key can be made to correspond one-to-one to the hierarchical authority structure such as a government agency organization or a company organization, and the encryption key can be managed easily.

  According to the invention described in claim 3, in addition to the effect of the invention described in claim 1 or 2, the encryption key for encrypting / decrypting the data portion to be encrypted in the electronic content is the main encryption key. By using and encrypting, security can be further enhanced.

  According to the invention described in claim 4, in addition to the effect of the invention described in any one of claims 1 to 3, the encryption key is generated in a unit in which the meaning can be understood by encrypting in tag units. It is possible to associate information that is not excessive or insufficient with respect to authority.

  According to the fifth and seventh aspects of the invention, the electronic content is encrypted and managed with a plurality of encryption keys in the data portion unit to be encrypted, compared with the case of encrypting with one encryption key, Security can be increased. In addition, since a plurality of encryption keys are not assigned to an individual but are assigned to an authority, it is not necessary for the individual to manage the encryption key, and the operation can be easily performed. Individuals need only perform general authentication without being aware of the encryption key.

  According to the inventions of claims 6 and 8, in addition to the effects of the inventions of claims 5 and 6, since a technique for directly associating and managing an encryption key and an individual is not employed, organizational changes, role changes, etc. Even in such a case, it is not necessary to transfer or re-encrypt the encryption key, and it is only necessary to change the association between the encryption key and the authority or the association between the authority and the individual. Furthermore, by managing the encryption key not by an individual but by the system, it is possible to immediately encrypt the electronic content after it is received, thereby improving security.

  The best mode for carrying out the present invention will be described below in detail with reference to the accompanying drawings.

  FIG. 1 is a diagram showing a basic configuration of an electronic content management system according to an embodiment of the present invention. Terminal devices 210 and 220 are connected to the electronic content management system shown in FIG.

  The electronic content management system 100 includes an input / output interface 110, a control unit 120, a temporary storage unit 130, an encrypted electronic content recording unit 141, an encryption key recording unit 142, an encryption key / authority association unit (encryption key / authority correspondence table). 143 and authority / individual association means (authority / individual correspondence table) 144.

  The input / output interface 110 is an interface for communicating with an external device, and may communicate with the external device using an SSL (Secure Sockets Layer) or a TLS (Transport Layer Security) protocol.

  The control unit 120 includes an authentication unit 121, a data processing unit 122, and an encryption / decryption unit 123. The control unit 120 includes a CPU (Central Processing Unit), a ROM (Read Only Memory), and the like. The authentication means 121 is based on the user ID and password input from the terminal devices 210 and 220, or authentication information input from an authentication medium reader such as an IC (Integrated Circuit) card (not shown), and the authority / person correspondence table 144. Referring to the above, specify whether the accessed user has authority and the scope of authority. The authentication unit 121 can also have a function of performing mutual authentication by exchanging information with an existing or new user authentication system or the like and prohibiting other access. In this case, unauthorized access such as impersonation can be prevented. Can be prevented.

  The data processing unit 122 reads and writes data of the encrypted electronic content recording unit 141, the encryption key recording unit 142, the encryption key / authority correspondence table 143, and the authority / individual correspondence table 144, updates the data, Other accompanying processing is performed.

  The encryption / decryption means 123 encrypts / decrypts electronic content such as documents, music, still images, and moving images. At this time, encryption / decryption is performed with a different encryption key for each data portion of electronic content (for example, for each tag of an XML (Extensible Markup Language) document). In addition, the plurality of encryption keys can be encrypted / decrypted. As the encryption method, AES (Advanced Encryption Standard), DES (Data Encryption Standard), Rijndael, and the layered encryption method disclosed by the present inventor in JP-A-2002-366030 can be used. .

  It should be noted that the encryption / decryption means 123 does not require processing such as encryption by the user himself / herself when electronic content is input by the administrator or when electronic content is received from the outside. In addition, encryption processing such as a layered encryption method may be performed on the electronic content.

  The temporary storage unit 130 is used as a work area for data read from the encrypted electronic content recording unit 141, the encryption key recording unit 142, the encryption key / authority correspondence table 143, and the authority / personal correspondence table 144. When a plurality of encryption keys for encrypting / decrypting electronic content for each data part to be encrypted are encrypted and recorded in the encryption key recording unit 142, a key for encrypting the encryption key is used. Always remember. Hereinafter, an encryption key for encrypting a data portion to be encrypted of electronic content is referred to as a general encryption key, and an encryption key for encrypting the general encryption key is referred to as a main encryption key.

  The number of general encryption keys is basically the same as the number of data parts. However, when the hierarchical encryption method is used, the number of general encryption keys is more than the number of data parts. There is usually one main encryption key. The backup of the main encryption key is not recorded on the hard disk but is recorded on a recording medium such as a flexible disk, and the administrator manages it.

  The encrypted electronic content recording unit 141 records electronic content in which a data portion to be encrypted is encrypted. FIG. 3 is a diagram showing an example of data recorded in the encrypted electronic content recording unit 141. For example, when personal information such as name, date of birth, address, permanent address, phone number, spouse, occupation, income, and medical history is electronically managed as an XML document file, it is encrypted and recorded for each tag. Is done. In FIG. 3, the character string sandwiched between the tags is the encrypted data. Of course, the present invention is not limited to an XML file, and can be applied to a WAVE file or the like.

  The encryption key recording unit 142 records a plurality of general encryption keys for encrypting / decrypting one or more data portions to be encrypted in the electronic content. These general encryption keys may be recorded after being encrypted with the main encryption key.

  The encryption key / authority correspondence table 143 is a table that defines authorities corresponding to a plurality of general encryption keys recorded in the encryption key recording unit 142. FIG. 4 is a diagram showing an example of a table managed by the encryption key / authority correspondence table 143. As shown in FIG. The example shown in FIG. 4 associates a corresponding authority with a usable general encryption key based on the affiliation and title in the government office organization. These are predetermined and can only be changed by the administrator. In addition, authority can be applied to other departments and positions within the organization. For example, in a service that provides information for a fee, the authority can be associated with a fee course.

  The authority / individual correspondence table 144 is a table that associates user information with the authority defined in the encryption key / authority correspondence table 143. FIG. 5 is a diagram illustrating an example of a table managed in the authority / personal correspondence table 144. The example shown in FIG. 5 associates personal user information with the authority defined in the example shown in FIG. In FIG. 5, the authentication information may be either a user ID (Identification) and password, or an IC card ID. In addition, biometric information such as a user's fingerprint may be used instead of the authentication information. Only the administrator can change the authority / individual correspondence table 144. Although the encryption key / authority correspondence table 143 and the authority / individual correspondence table 144 have been described separately, they may be constructed with one table.

  The encrypted electronic content recording unit 141, the encryption key recording unit 142, the encryption key / authority correspondence table 143, and the authority / individual correspondence table 144 can be constructed by SQL (Structured Query Language), but are not limited thereto. is not.

  The electronic content management system 100 can be configured by one or a plurality of servers. FIG. 2 is a block diagram illustrating a configuration example of the electronic content management system 100. In FIG. 2, the electronic content management system 100 is constructed by three servers: an encryption key server 100a, an operation server 100b, and an authentication server 100c. The encryption key server 100a constitutes the encryption key recording means 142, the operation server 100b constitutes the encrypted electronic content recording means 141, and the authentication server 100c constitutes the authentication means 121. Other elements can be constructed by arbitrarily sharing the three servers. Therefore, without actually exchanging the encryption key between the encryption key server 100a and the operation server 100b, the operation server 100b transmits the data part of the electronic content to be decrypted to the encryption key server 100a for decryption. The decrypted data portion can also be received. Of course, communication between the three servers may be enhanced by using SSL or the like.

  Since the encryption key server 100a is provided independently of the operation server 100b, the encryption key is recorded in another server even if the data of the operation server 100b in which the encrypted electronic content is recorded leaks. The electronic content cannot be decrypted. Moreover, the existing authentication server 100c can be used.

  The terminal devices 210 and 220 are configured by a PC (Personal Computer) or the like, and are used by a user who wants to access electronic content in the encrypted electronic content recording unit 141. A user whose user ID and password are registered in the authority / personal correspondence table 144 can access the electronic content to the limit corresponding to his / her authority by inputting them. In FIG. 1, two terminal apparatuses 210 and 220 are described, but the number of terminal apparatuses is not limited, and an arbitrary number of terminal apparatuses can be connected.

  Although not shown, an authentication medium reading device such as an IC card or a biometric information reading device such as a fingerprint can be connected to replace the user ID and password. A user whose user ID and authentication information are registered in the authority / individual correspondence table 144 inserts an IC card or the like owned by the user into the authentication medium reading device, so that the electronic content is limited to the limit corresponding to his authority. Can be accessed.

  The electronic content management system 100 according to the present embodiment can exchange electronic content with other systems and devices via the Internet or a dedicated line.

  Next, the operation (electronic content management method) of the electronic content management system in the embodiment of the present invention will be described. FIG. 6 is a flowchart for explaining the operation (electronic content management method) of the electronic content management system in the embodiment of the present invention. First, the user inputs a user ID and password to the terminal devices 210 and 220. Alternatively, an IC card owned by the user is inserted into an authentication medium reading device (not shown). Such authentication information is transmitted from the input / output interface 110 to the electronic content management system 100. The authentication unit 210 refers to the authority / individual correspondence table 144 to determine whether or not the authentication information is valid. When the authentication information is registered, the user is allowed to access (step S1). .

  Next, the data processing means 122 refers to the authority / individual correspondence table 144 and specifies the authority corresponding to the authentication information (step S2). Next, based on the specified authority, the corresponding general encryption key is specified with reference to the encryption key / authority correspondence table 143 (step S3).

  Next, the data processing unit 122 obtains a copy of one or more general encryption keys identified from the encryption key recording unit 142 from the encryption key recording unit 142, and creates it on the temporary storage unit 130 (step S4). The encryption / decryption means 123 decrypts the copy of the general encryption key using the main encryption key stored on the temporary storage means 130 (step S5).

  Next, the data processing unit 122 extracts the data part of the electronic content corresponding to the general encryption key and its peripheral data (hereinafter referred to as the corresponding part) from the encrypted electronic content recording unit 141, and temporarily stores the data. An extracted file is created above (step S6). At the same time, exclusive control is performed so that the corresponding part of the encrypted electronic content recording means 141 cannot be accessed from others (step S7).

  Next, the encryption / decryption means 123 decrypts the encrypted data portion in the corresponding location using the decrypted copy of the general encryption key (step S8).

  The user can browse the decrypted data portion from the terminal device 2n0 that the user is accessing (step S9). The data processing unit 122 refers to the encryption key / authority correspondence table 143 to investigate whether or not data change is possible with the authority of the user. (Step S10). When there is a data change authority (step S10 / Y), the user can arbitrarily update the data portion (step S11). When the browsing / updating by the user is completed, the encryption / decryption means 123 encrypts using the copy of the general encryption key (step S12). Then, the data processing unit 122 outputs the encrypted electronic content recording unit 141 to update the corresponding part (step S13). Finally, the data processing unit 122 deletes the copy of the general encryption key (step S15).

  In step S12, when there is no authority to change data (step S10 / N), the data processing unit 122 deletes the extracted file when browsing by the user is completed (step S14). Next, the data processing means 122 deletes the copy of the general encryption key after completing the above-described processing (step S15).

  Note that when the general encryption key is recorded in the encryption key recording unit 142 without being encrypted, the main encryption key is not necessary, and thus the process of step S5 is omitted.

  Next, a case where the layered encryption method is used in the electronic content management system according to the embodiment of the present invention will be described. FIG. 7 is a diagram for explaining the basic concept of the hierarchical encryption method. In the hierarchical encryption method, a master encryption key KM that can encrypt / decrypt all data portions to be encrypted in electronic content is created. Next, a child encryption key KAB that can encrypt / decrypt both the character string A and the character string B is created based on the master encryption key KM. Further, a child encryption key KC that can encrypt / decrypt the image C is created based on the master encryption key KM. Next, the grandchild encryption key KA that can encrypt / decrypt the character string A and the grandchild encryption key that can encrypt / decrypt the character string B based on the master encryption key KM and the child encryption key KAB Create a KB.

  When the data 1, data 2 and data 3 of the electronic content ABC are encrypted as shown in FIG. 7 using the encryption keys KA, KB and KC, the encryption keys KA, KB, KC, KAB and KM that can be decrypted are shown in the right column. It is layered as follows. Details of the hierarchized encryption method are disclosed in the above-mentioned JP-A-2002-366030.

  FIG. 8 is a diagram showing an example of the encryption key / authority correspondence table 143 and the authority / individual correspondence table 144 when the layered encryption method is used. FIG. 8A shows types of encryption keys that can encrypt / decrypt each data (data1, data2, data3) of the electronic content ABC shown in FIG. FIG. 8B is an example of the encryption key / authority correspondence table 143, and shows the correspondence between the encryption key shown in FIG. 8A and the authority (position). FIG. 8C is an example of the authority / individual correspondence table 144, and shows the correspondence between the authority (position) and user (individual) information shown in FIG. 8B.

  As described above, since the user information is not directly associated with the data portion (XML tag or the like) to be encrypted, the electronic content is set even if there is a change in the role or authority of the organization. It has no effect on encryption. Therefore, they can be easily changed.

  Next, the above-described main encryption key will be described in detail. As described above, the main encryption key is stored in the temporary storage unit 130. The backup of the main encryption key is not recorded on the hard disk in the server, but is recorded on a recording medium such as a flexible disk, and the administrator manages it. The main encryption key may be changed regularly (for example, every month).

  FIG. 9 is a flowchart for explaining the update process of the main encryption key. First, when the main encryption key is periodically updated or when there is an update instruction by the administrator, the encryption / decryption means 123 generates a new main encryption key (step S20). Next, one general encryption key recorded in the encryption key recording unit 142 is taken out to the temporary storage unit 130, and the general encryption key is decrypted using the old main encryption key (step S21). This is continued until all the general encryption keys are decrypted (step S22 / N). When all the general encryption keys are decrypted (step S22 / Y), all the general encryption keys on the temporary storage unit 130 are encrypted using the new main encryption key (step S23).

  Then, the old main encryption key is erased (step S24). The new main encryption key is stored on the temporary storage unit 130. The administrator records and manages a backup of the new main encryption key on a recording medium such as a flexible disk (step S25).

  Next, encryption of the main encryption key will be described in detail. First, a seed is given to the encryption algorithm. As an encryption algorithm, AES, DES, Rijndael, etc. can be used. The seed may be input by an administrator or may be automatically generated. In the case of automatic generation, the key may be encrypted using a method similar to a one-time password. For example, the number of seconds from January 1, 1970 (which can be acquired by time ()) is used as a seed, and the numerical value is left as a file. When decrypting, the encryption is canceled using the numerical value as a seed. By not disclosing the encryption type and details, even if the numerical value that becomes the seed is leaked, the encryption cannot be released.

  A general encryption key can also be encrypted by the same method. Further, a hierarchical encryption method may be used as the encryption algorithm.

  The general encryption key can be divided and stored (tally). The divided keys are associated with the same number of IC cards (and therefore the same number of members). Of course, other authentication methods such as biometric authentication may be used. If two IC cards or the like are authenticated by the authentication means 121 at the same time or within a short time, the encryption key can be synthesized and used as it is. In particular, the master encryption key when the hierarchical encryption method is used may be stored as a tally. In this case, it is necessary to install two authentication medium readers such as an IC card.

  Next, a method for checking whether or not each data portion of the electronic content is falsified will be described. FIG. 10 is a flowchart for explaining the operation (with tampering check) of the electronic content management system. The flowchart shown in FIG. 10 is basically the same as the flowchart shown in FIG.

  In the following, the difference will be described. When the data portion is updated when the extracted file encrypted in step S13 is embedded, the history including at least the user ID and the update date and time is stored as an electronic content such as an XML file. (Step S31). It is preferable to write the time immediately before the data portion is encrypted using the general encryption key, and further encrypt the character string representing the time.

  At the same time, a time stamp issued by a TSA (Time Stamping Authority) synchronized with Coordinated Universal Time is recorded in a separate file (step S32).

  In step S9, before permitting browsing, the last update date and time written in the electronic content is compared with the update date and time authenticated by the time stamp recorded in the type stamp file to check for data falsification ( Step S30).

  The above-described embodiment shows an example of a preferred embodiment of the present invention, and the present invention is not limited thereto, and various modifications can be made without departing from the scope of the invention.

  The electronic content management method of the present invention can be realized by causing a computer to execute a program. The program is provided by being recorded on an optical recording medium, a magnetic recording medium, a magneto-optical recording medium, or a semiconductor IC recording medium. Alternatively, it is provided by being downloaded from a program server via a network using a protocol such as FTP (File Transfer Protocol) or HTTP (Hypertext Transfer Protocol).

It is a figure which shows the basic composition of the electronic content management system in embodiment of this invention. 1 is a block diagram illustrating a configuration example of an electronic content management system 100. FIG. It is a figure which shows an example of the data recorded on the encryption electronic content recording means 141. FIG. 6 is a diagram illustrating an example of a table managed in an encryption key / authority correspondence table 143. FIG. 5 is a diagram illustrating an example of a table managed in an authority / personal correspondence table 144. FIG. It is a flowchart for demonstrating operation | movement (electronic content management method) of the electronic content management system in embodiment of this invention. It is a figure for demonstrating the basic concept of a layered encryption system. It is a figure which shows an example of the encryption key / authority correspondence table 143 and the authority / individual correspondence table 144 in the case of using a hierarchized encryption method. It is a flowchart for demonstrating the update process of a main encryption key. It is a flowchart for demonstrating operation | movement (with check of the presence or absence of tampering) of an electronic content management system.

Explanation of symbols

DESCRIPTION OF SYMBOLS 100 Electronic content management system 110 Input / output interface 120 Control part 121 Authentication means 122 Data processing means 123 Encryption / decryption means 130 Temporary storage means 141 Encrypted electronic content recording means 142 Encryption key recording means 143 Encryption key / authority association means (Encryption key / authority correspondence table)
144 Authority / personal association means (authority / personal correspondence table)
210,220 Terminal device

Claims (8)

An encrypted electronic content recording means for recording electronic content encrypted with a plurality of encryption keys in a data portion unit to be encrypted;
Encryption key recording means for recording the plurality of encryption keys;
An encryption key / authority association means for defining each of the plurality of encryption keys in association with an authority that defines a range of actions that can be effectively performed in advance;
Authority / individual association means for associating and defining user identification information with each of the authorities defined by the encryption key / authority association means;
Encryption / decryption means for creating the encryption key, encrypting the electronic content, and decrypting the encrypted electronic content using the encryption key;
Authentication means for verifying whether or not to authenticate the user's access by comparing the identification information input from the user with the identification information defined in the authority / personal association means;
Data processing means for permitting browsing or changing part or all of the electronic content for access of a user authenticated by the authentication means;
Temporary storage means used as a work area for the encryption / decryption means and the data processing means,
The data processing means specifies an authority corresponding to the user authenticated by the authentication means with reference to the authority / personal correspondence association means, and an encryption key corresponding to the authority is associated with the encryption key / authority association Identify with reference to means,
The encryption / decryption means uses the encryption key specified by the data processing means to specify the specified encryption key in the encrypted electronic content recorded in the encrypted electronic content recording means An electronic content management system that decrypts a data portion corresponding to the information into the temporary storage means.   The encryption / decryption means creates a plurality of encryption keys capable of encrypting / decrypting one or more data portions in the electronic content, and the range in which the electronic content can be encrypted / decrypted is hierarchized. The electronic content management system according to claim 1, wherein a plurality of encryption keys are created. The encryption / decryption means creates a main encryption key for encrypting / decrypting a general encryption key that is an encryption key recorded in the encryption key recording means,
The encryption key recording means records the general encryption key encrypted by the main encryption key;
3. The electronic content management system according to claim 1, wherein the main encryption key is stored in the temporary storage unit.   4. The electronic content management system according to claim 1, wherein the data portion is a tag unit. Encrypted electronic content recording means for recording electronic content encrypted with a plurality of encryption keys in a data portion unit to be encrypted, encryption key recording means for recording the plurality of encryption keys, and the plurality of encryption keys Each of the encryption key / authority association means for defining the range of actions that can be effectively performed in advance and the authority defined by the encryption key / authority association means for each of the users. An electronic content management method for managing electronic content using an authority / personal association means for associating and defining identification information of
An authentication step of determining whether or not to authenticate the user's access by comparing the identification information input from the user with the identification information defined in the authority / personal association means;
An authority corresponding to the identification information of the user authenticated by the authentication step, and an encryption key specifying step for specifying an encryption key corresponding to the authority;
A browsing permission step for permitting browsing or changing a data portion corresponding to the encryption key specified by the encryption key specifying step;
An electronic content management method comprising: When the electronic content is input, an electronic content encryption step of encrypting the electronic content with a plurality of encryption keys in units of data parts to be encrypted;
An encryption key / authority associating step for associating each of the plurality of encryption keys encrypted in the electronic content encryption step with an authority that defines a range of actions that can be effectively performed in advance;
When there is a change in the user defined in the authority / individual association means, the authority / individual association associates the changed user identification information with the predetermined authority defined in the authority / individual association means. Steps,
The electronic content management method according to claim 5, further comprising: Encrypted electronic content recording means for recording electronic content encrypted with a plurality of encryption keys in a data portion unit to be encrypted, encryption key recording means for recording the plurality of encryption keys, and the plurality of encryption keys Each of the encryption key / authority association means for defining the range of actions that can be effectively performed in advance and the authority defined by the encryption key / authority association means for each of the users. A computer-readable program for managing electronic contents by functioning an authority / personal association means for associating and defining identification information of
An authentication process for determining whether to authenticate the user's access by comparing the identification information input from the user with the identification information defined in the authority / personal association means;
An authority corresponding to the identification information of the user authenticated by the authentication process, and an encryption key specifying process for specifying an encryption key corresponding to the authority;
A browsing permission process for permitting browsing or changing a data portion corresponding to the encryption key specified by the encryption key specifying process;
A computer-readable program characterized by causing a computer to execute. When the electronic content is input, an electronic content encryption process for encrypting the electronic content with a plurality of encryption keys in units of data parts to be encrypted;
An encryption key / authority association process for associating each of a plurality of encryption keys encrypted by the electronic content encryption process with an authority that defines a range of actions that can be effectively performed in advance;
When there is a change in the user defined in the authority / individual association means, the authority / individual association associates the changed user identification information with the predetermined authority defined in the authority / individual association means. Processing,
The computer-readable program according to claim 7, further comprising:

Images