In general, the present invention relates to a data management apparatus, a data management method adopted in the data management apparatus and a computer program for implementing the data management method. More particularly, the present invention relates to a data management apparatus having an anti-falsification verification function capable of efficiently verifying validity of data of information supposed to be not falsified and adaptable to operations of updating data such as addition and deletion of data, relates to a data management method to be adopted in the data management apparatus as well as relates to a computer program for implementing the data management method. Examples of the information absolutely supposed to be not falsified are a content, a license information and charging information.
In recent years, services to provide various kinds of data such as musical data, video data and a game program by wire and radio communications through a variety of communication networks including the Internet and through a satellite have been becoming flourishing. In addition, circulation of contents through distributable recording media such as a DVD, a CD and a memory card has also been becoming flourishing as well. These distributed contents are stored in an apparatus owned by the user or a game apparatus. Examples of the apparatus owned by the user are a TV, a PC (Personal Computer) and a reproduction apparatus.
When a variety of contents mentioned above is used in a user apparatus such as a PC, in addition to the contents, various kinds of data are also stored in a storage unit employed in the user apparatus. The stored data includes licenses each serving as a right to use a content and charging information. These pieces of data each have a structure for preventing the data from being illegally changed by the user.
As a structure for implementing avoidance of data falsification and verification of validity of data, a digital signature is used. A digital signature is generated in an encoding process carried out on data for anti-falsification verification or on a data abstract value by applying a secret key of a disclosed-key encryption system to the encoding process. The digital signature generated in this way is added to main data as the data for anti-falsification verification.
In a data verification process to determine whether or not data has been falsified, a process of decrypting a digital signature is carried out by applying a disclosed key corresponding to the secret key applied to the above process to generate the digital signature. Then, data obtained as a result of the process to decrypt a digital signature is compared with the original data, that is, the data for anti-falsification verification or the data abstract value, to determine whether or not the resulting data matches the original data. Resulting data matching the original data proves that the main data was not falsified.
If the main data stored in the user apparatus is updated, however, the digital signature described above cannot be used as data for guaranteeing that the main data has been updated legally.
For example, the user purchases a license allowing a certain musical content to be reproduced only three times. The license is stored in a storage unit employed in the user apparatus in accordance with a content utilization program for carrying out a content utilization process based on the license. An example of the content utilization program is such as a content player and an example of the storage unit is a hard disk.
The content utilization program renews the license every time the user reproduces the musical content typically as follows:                The number of allowable remaining reproductions=2,        the number of allowable remaining reproductions=1 and        the number of allowable remaining reproductions=0.If the content is used properly, in accordance with the license, the content cannot be reproduced more than three times.        
If the user copies the license allowing the musical content to be reproduced only three times and stores the copy of the license in the storage unit as it is as backup data, however, after the content has been reproduced three times on the basis of the original license, the content can be used again by applying the license saved as the backup data.
Even if a digital signature added to the license has been verified, the same digital signature as the original one can be added to the copied license. Thus, there will be a situation in which the content utilization program determines that the copied license is valid and allows the content to be reproduced.
Documents such as Japanese Patent Laid-open No. 2003-85321 disclose a configuration in which a hash value of management-object data is used as anti-falsification verification data used for verification of no falsification of data. In the following description, Japanese Patent Laid-open No. 2003-85321 is referred to as patent document 1. However, in the configuration disclosed in patent document 1, it is necessary to generate a hash value for each piece of management-object data and keep the generated hash value as management-data verification value. Thus, the configuration raises a problem that, as the number of pieces of management-object data increases, the number of management-data verification values also rises as well.