Data management system
Abstract
The present invention provides a system to ensure security of data in a computer network system. A center certifies a public-key of user of the system and distributes a secret-key. A first system comprises the center in a network, an information provider and a plurality of users. The center identifies utilization status by requests of the secret-key. The data is encrypted by the secret-key and is stored and transferred, while the data to be stored and transferred is encrypted by a secret-key different from the secret-key of the transferred data. An original data label is added to the original data, and an edit label is added to the edited data, and the center does not store the data and stores only the original data label and the edit label. A second system comprises a center and an information provider in a network, and a plurality of users utilizing the network. The center stores the original data and editing scenario, and also the original data label, user label and edit label. The data is not transferred between the users, but data label encrypted by the public-key is transferred. In electronic commerce system, every data is distributed through a mediator in the network, data which is transferred from a maker to a user is encrypted by a secret-key for encryption, and data which is transferred from the user to the maker is encrypted by a secret-key for re-encryption.
Claims
exact text as granted — not AI-modified1. A system for managing digital data to be transferred from an owner of data to a user of data via broadcast, a communication network or data recording medium , said system comprising:
storage storing public-keys, private-keys, user labels and edit labels used in the data management system;
a data management center and the owner linked to a public-key the storage, and arranged on said a communication network;
wherein said data management center is configured to certifying public-keys of said owner and said presented by users of said system and storing said is further configured to access a first user label and said a first edit label associated with a first set of digital data;
a first user device configured to obtain ing said first set of digital data from said communication network by presenting said first user label to use said first set of digital data, wherein said first user device is further configured to edit ing the first set of digital data, and obtaining said first edit label from said data management center via said communication network by presenting said first user label and an editing scenario, ;
wherein said first set of digital data is not only temporarily stored in a said first user device of each of said user after using e of said first set of digital data by a first user, and wherein said first user device is configured to transfer said first edit label is transferred to a next user without said digital data for the next user's use of the edited said first set of digital data, wherein the first set of digital data is not transferred to the next user.
2. A data management system according to claim 1 , wherein said first set of digital data is not stored in the device of said user removed from the first user device by deletion of said first set of digital data from random access memory of the first user device.
3. A data management system according to claim 1 , wherein said first set of digital data is not stored in removed from a memory of the first user device of said user after said first set of digital data is converted to a one-way hash value.
4. A data management system according to claim 1 , wherein said data management center is further linked configured to generate a secret-key generator , and said first set of digital data is encrypted by using a the secret-key of said secret-key generator and stored in the device of said user .
5. A data management system according to claim 1 , wherein said first edit label is encrypted by using a public-key of said next user, and is transferred to said next user;
said next user decrypts the encrypted first edit label by using private-key of said next user and presents said decrypted first edit label to said data management center;
said data management center is configured to transfers the first set of digital data to said next user based on said first edit label;
said next user uses and edits said first set of digital data by using the editing scenario included in said first edit label.
6. A data management system according to claim 1 , wherein said first user transfers said first edit label to said next user;
said next user presents said first edit label to said data management center;
said data management center transfers said first set of digital data to said next user based on said first edit label;
said next user uses and edits said first set of digital data by using the editing scenario included in said first edit label.
7. A data management system according to claim 6 , wherein said first user performs device is configured to append a digital signature to said first edit label by using private-key of said first user.
8. A data management system according to claim 1 wherein there are a plurality of said digital data includes a plurality of sets of digital data.
9. A data management system according to claim 1 wherein the data management center is configured to charging e a data usage fee is performed by presenting said to the first user based on the first user label presented to said data management center by said first user.
10. A data management system according to claim 9 , wherein the charging a fee is performed by metering post-payment method after usage of the first set of digital data and is based on use results metering of said usage.
11. A data management system according to claim 10 , wherein the metering data based on use results said metering is stored in said data management center.
12. A data management system according to claim 10 , wherein the metering data based on use results said metering is stored in a said first user device of said user .
13. A data management system according to claim 9 , wherein the charging fee is performed by prepayment method prior to usage of said first set of digital data.
14. A data management system according to claim 13 , wherein the prepayment data relating to said charging is stored in said data management center.
15. A data management system according to claim 13 , wherein the prepayment data relating to said charging is stored in a said first user device of said user .
16. A data management system according to claim 1 wherein said first set of digital data has a general file structure and only a data body thereof only is encrypted.
17. A data management system according to claim 16 , wherein a part of said data body is encrypted.
18. A data management system according to claim 17 , wherein the part of said data body with encryption is repeatedly arranged in said data body.
19. A data management system according to claim 17 , wherein a plurality of parts of said data body with encryption is intermittently arranged in said data body.
20. A data management system according to claim 1 wherein said first set of digital data has a general file structure, and a data header and a data body thereof are encrypted.
21. A data management system according to claim 20 , wherein only a part of said data header and the entire part of said data body are encrypted.
22. A data management system according to claim 20 , wherein a part of said data header and a part of said data body are encrypted respectively.
23. A data management system according to claim 1 wherein said first set of digital data has a general file structure and only a data header thereof only is encrypted.
24. A data management system according to claim 23 , wherein the entire part of said data header is encrypted.
25. A data management system according to claim 23 , wherein only a part of said data header only is encrypted.
26. A data management system according to claim 1 , wherein said first set of digital data has a general file structure that includes said first user label, and wherein only said first user label is encrypted.
27. A data management system according to claim 26 , wherein only a part of said first user label is encrypted.
28. A data management system according to claim 1 wherein said first set of digital data has an object-formed file structure, and only a method is encrypted.
29. A system for electronic commerce between a maker and a user via a mediator, said system comprising:
a maker system including at least one computer system;
a user system including at least one computer system; and
a mediator system including at least one computer system;
said mediator system is linked to a first entity to manage public-keys and a second entity to generate secret-keys and is arranged on a communication network;
said user system is configured to requests electronic commerce data from said mediator system;
said mediator system is configured to transfers the request of said electronic commerce data together with a first secret-key of said second entity, which are encrypted by using a public-key of said maker system, to said maker system;
said maker system is configured to decrypts the encrypted first secret-key by using a private-key of said maker and system, encrypts said electronic commerce data using the decrypted first secret-key and transfers encrypted electronic commerce data to said mediator system;
said mediator system is configured to decrypts said encrypted electronic commerce data using said first secret-key, re-encrypts decrypted electronic commerce data using a second secret-key of said second entity, and transfers the re-encrypted electronic commerce data together with the second secret-key, which are encrypted using a public-key of said user system, to said user system;
said user system is configured to decrypts the encrypted second secret-key using a private-key of said user system, decrypts the re-encrypted electronic commerce data using the decrypted second secret-key, makes an order sheet by entering order content into the decrypted electronic commerce data, encrypts said order sheet using the second secret-key, and transfers the encrypted order sheet to said mediator system;
said mediator system is configured to decrypts said encrypted order sheet using said second secret-key, encrypt s the decrypted order sheet using the public-key of said maker system, and transfer s the encrypted order sheet to said maker system; and
said maker system is configured to decrypts the encrypted order sheet using the private-key of said maker , system and makes an order acceptance.
30. An electronic commerce system according to claim 29 , wherein said electronic commerce data has a general file structure and only a data body thereof is encrypted.
31. An electronic commerce system according to claim 30 , wherein a part of said data body is encrypted.
32. An electronic commerce system according to claim 31 , wherein the part of said data body with encryption is repeatedly arranged in said data body.
33. An electronic commerce system according to claim 31 , wherein a plurality of parts of said data body with encryption is intermittently arranged in said data body.
34. An electronic commerce system according to claim 29 , wherein said electronic commerce data has a general file structure, and a data header and a data body thereof are encrypted.
35. An electronic commerce system according to claim 34 , wherein only a part of said data header and the entire part of said data body are encrypted.
36. An electronic commerce system according to claim 34 , wherein a part of said data header and a part of said data body are encrypted respectively.
37. An electronic commerce system according to claim 29 , wherein said electronic commerce data has a general file structure and only a data header thereof is encrypted.
38. An electronic commerce system according to claim 37 , wherein the entire part of said data header is encrypted.
39. An electronic commerce system according to claim 37 , wherein only a part of said data header only is encrypted.
40. An electronic commerce system according to claim 29 , wherein said electronic commerce data has a general file structure and only label is encrypted.
41. An electronic commerce system according to claim 40 , wherein a part of said label only is encrypted.
42. An electronic commerce system according to claim 29 , wherein said electronic commerce data has an object-formed file structure and a method is encrypted.
43. A method, comprising:
certifying one or more public - keys of a first user; said first user obtaining digital data from a communication network by presenting a user label to use said digital data, editing the digital data, and obtaining an edit label from said communication network by presenting said user label and an editing scenario; not storing said digital data in a device of each of one or more users after using said digital data; and transferring said edit label to a next user without said digital data for the next user's use of said digital data.
44. A method according to claim 43 , wherein said digital data is not stored in the device of said one or more users by deletion of said digital data.
45. A method according to claim 43 , wherein said digital data is not stored in the device of said one or more users after said digital data is converted to a one- way hash value.
46. A method according to claim 43 , further comprising encrypting said edit label by using a public- key of said next user, and transferring the encrypted edit label to said next user.
47. A method according to claim 43 , further comprising said first user performing digital signature to said edit label by using a private- key of said first user.
48. A method according to claim 43 , further comprising said one or more users paying a fee based on presenting said user label to a data management center by said one or more users.
49. A method according to claim 43 , wherein said digital data has a general file structure and at least a portion of a data body thereof only is encrypted.
50. A method according to claim 43 , wherein said digital data has a general file structure, and at least a portion of a data header and at least a portion of a data body thereof are encrypted.
51. A method according to claim 43 , wherein said digital data has a general file structure and at least a portion of a data header thereof only is encrypted.
52. A method according to claim 43 , wherein said digital data has a general file structure, and only at least a portion of said user label is encrypted.
53. A method according to claim 43 wherein said digital data has an object- formed file structure, and only at least a portion of a method surrounding a slot in said object - formed file structure is encrypted.
54. An apparatus, comprising:
means for certifying one or more public - keys of a first user; means for said first user obtaining digital data from a communication network by presenting a user label to use said digital data, editing the digital data, and obtaining an edit label from said communication network by presenting said user label and an editing scenario; means for not storing said digital data in a device of each user after using said digital data; and means for transferring said edit label to a next user without said digital data for the next user's use of said digital data.
55. An apparatus according to claim 54 , wherein said means for not storing said digital data in the device of said one or more users after using said digital data comprises means for not storing said digital data in the device of said one or more users by deletion of said digital data.
56. An apparatus according to claim 54 , wherein said means for not storing said digital data in the device of said one or more users after using said digital data comprises means for not storing said digital data in the device of said one or more users after said digital data is converted to a one- way hash value.
57. An apparatus according to claim 54 , further comprising means for encrypting said edit label by using a public- key of said next user, and means for transferring the encrypted edit label to said next user.
58. An apparatus according to claim 54 , further comprising means for said first user performing digital signature to said edit label by using a private- key of said first user.
59. An apparatus according to claim 54 , further comprising means for said one or more users paying a fee based on presenting said user label to a data management center by said one or more users.
60. An apparatus according to claim 54 , wherein said digital data has a general file structure and further comprising means for encrypting only at least a portion of a data body thereof.
61. An apparatus according to claim 54 , wherein said digital data has a general file structure, and further comprising means for encrypting only at least a portion of a data header and at least a portion of a data body thereof.
62. An apparatus according to claim 54 , wherein said digital data has a general file structure and further comprising means for encrypting only at least a portion of a data header thereof.
63. An apparatus according to claim 54 , wherein said digital data has a general file structure, and further comprising means for encrypting only at least a portion of said user label.
64. An apparatus according to claim 54 , wherein said digital data has an object- formed file structure, and further comprising means for encrypting only at least a portion of a method surrounding a slot in said object - formed file structure.
65. An apparatus, comprising:
a computing device, said computing device capable of: certifying one or more public - keys of a first user; said first user obtaining digital data from a communication network by presenting a user label to use said digital data, editing the digital data, and obtaining an edit label from said communication network by presenting said user label and an editing scenario; not storing said digital data in a device of each user after using said digital data; and transferring said edit label to a next user without said digital data for the next user's use of said digital data.
66. An apparatus according to claim 65 wherein said computing device is further capable of not storing said digital data in the device of said one or more users by deletion of said digital data.
67. An apparatus according to claim 65 , wherein said computing device is further capable of not storing said digital data in the device of said one or more users after said digital data is converted to a one- way hash value.
68. An apparatus according to claim 65 , wherein said computing device is further capable of encrypting said edit label by using a public- key of said next user, and wherein said computing device is further capable of transferring the encrypted edit label to said next user.
69. An apparatus according to claim 65 , wherein said computing device is further capable of said first user performing digital signature to said edit label by using a private- key of said first user.
70. An apparatus according to claim 65 , wherein said computing device is further capable of said one or more users paying a fee based on presenting said user label to a data management center by said one or more users.
71. An apparatus according to claim 65 , wherein said digital data has a general file structure and wherein said computing device is further capable of encrypting only at least a portion of a data body thereof.
72. An apparatus according to claim 65 , wherein said digital data has a general file structure, and wherein said computing device is further capable of encrypting only at least a portion of a data header and at least a portion of a data body thereof.
73. An apparatus according to claim 65 , wherein said digital data has a general file structure and wherein said computing device is further capable of encrypting only at least a portion of a data header thereof.
74. An apparatus according to claim 65 , wherein said digital data has a general file structure and wherein said computing device is further capable of encrypting only at least a portion of said user label.
75. An apparatus according to claim 65 , wherein said digital data has an object- formed file structure, and wherein said computing device is further capable of encrypting only at least a portion of a method surrounding a slot in said object - formed file structure.
76. An article of manufacture comprising a non- transitory storage medium having instructions stored thereon that, in response to execution by a device, cause the device to perform operations including: obtaining digital data from a communication network by presenting a user label to use said digital data, editing the digital data, and obtaining an edit label from said communication network by presenting said user label and an editing scenario; removing said digital data from memory after using said digital data; and transferring said edit label to a next user without said digital data for the next user's use of said digital data.
77. An article of manufacture according to claim 76 , wherein said digital data is not stored in the device of said one or more users by deletion of said digital data.
78. An article of manufacture according to claim 76 , wherein said digital data is not stored in the device of said one or more users after said digital data is converted to a one- way hash value.
79. An article of manufacture according to claim 76 , further comprising encrypting said edit label by using a public- key of said next user, and transferring the encrypted edit label to said next user.
80. An article of manufacture according to claim 76 , wherein the operations further include:
appending a digital signature to said edit label by using a private - key.
81. An article of manufacture according to claim 76 , wherein the operations further include;
paying a data usage fee based on presenting said user label to a data management center.
82. An article of manufacture according to claim 76 , wherein said digital data has a general file structure and at least a portion of a data body thereof only is encrypted.
83. An article of manufacture according to claim 76 , wherein said digital data has a general file structure, and at least a portion of a data header and at least a portion of a data body thereof are encrypted.
84. An article of manufacture according to claim 76 , wherein said digital data has a general file structure and at least a portion of a data header thereof only is encrypted.
85. An article of manufacture according to claim 76 , wherein said digital data has a general file structure, and only at least a portion of said user label is encrypted.
86. An article of manufacture according to claim 76 , wherein said digital data has an object- formed file structure, and only at least a portion of a method surrounding a slot in said object - formed file structure is encrypted.
87. A system for managing digital data, comprising:
a data management center storing digital data, user labels, edit labels, and sets of edits corresponding to said digital data, wherein said stored digital data includes a first set of digital data, and wherein said user labels include a first user label associated with a first user; a first computing device configured to obtain the first set of digital data from the data management center by presenting the first user label, wherein the first computing device is further configured to perform a first set of edits on the first set of digital data to produce an edited first set of digital data, and wherein the first computing device is further configured to obtain a first edit label for the edited first set of digital data from the data management center by presenting the first user label and the first set of edits; and wherein said first set of digital data is only temporarily stored in a memory of the first computing device and is removed therefrom after utilization of the first set of digital data by the first computing device, and wherein the first edit label is transferable from the first computing device to a second computing device in order to facilitate a second user receiving the edited first set of digital data from the data management center at the second computing device.
88. The system according to claim 87 , wherein the data management center is configured to change a data usage fee to the first user based on the user presented to said data management center by said first user.
89. The system according to claim 87 , wherein said first set of digital data has a data header and a data body, wherein only the data body is encrypted.
90. The system according to claim 87 , wherein said first set of digital data has a general file structure that includes said first user label, and wherein only said first user label is encrypted.
91. A system for electronic commerce, comprising:
a first computing device configured to manage public-keys and to generate secret-keys; a second computing device configured to request electronic commerce data from said first computing device; a third computing device configured to receive the request of said electronic commerce data together with a first secret-key from the first computing device, wherein the request and the first secret-key are encrypted by using a public-key of said third computing device; wherein said third computing device is configured to decrypt the encrypted first secret-key by using a private-key of said third computing device, and to encrypt said requested electronic commerce data using the decrypted first secret-key and to transfer the encrypted electronic commerce data to said first computing device; wherein said first computing device is configured to decrypt said encrypter electronic commerce data using said first secret-key, to re-encrypt decrypted electronic commerce data usinng a second secret-key, and to transfer the re-encrypted electronic commerce data together with the second secret-key to the second computing device, wherein the transferred electronic commerce data and the second secret-key are encrypted using a public-key of the second computing device; wherein said second computing device is configured to decrypt the transferred second secret-key using a priviate-key of said second computing device, to decrypt the transferred electronic commerce data using the decrypted second secret-key, to generate a response relating to the decrypted electronic commerce data, to encrypt said response using the second secret-key, and to transfer the encrypted response to the first computing device; wherein said first computing is configured to decrypt said encrypted response using said second secret-ksy, to re-encrypt the decrypted response using the public-key of said third computing device, and to transfer the re-encrypted response to said third computing device; and wherein said third computing device is configured to decrypt the transferred response using the private key of said third computing device.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.