An archive apparatus (storage apparatus) is well known, for example, which manages content data (e.g., contents, archive file) stored in a storage apparatus and inspects whether content data has been tampered or make reference to by an unauthorized user (hereinafter, such acts are simply referred to as “tampering”) in order to ensure the authenticity of data stored on the storage apparatus (for example, see Japanese Laid-open Patent Publications Nos. 2006-260176, 2007-188307, and 2006-065488).
FIG. 7 is a diagram schematically illustrating one example of a technique to detect tampering of content data using a conventional archive apparatus.
For example, a technique is well known which detects tampering of content data using an archive apparatus 90 as depicted in FIG. 7.
The archive apparatus 90 is configured to include a management information storage portion 91, a disk apparatus 92, a tape apparatus 93, and a content management processor 94.
The management information storage portion 91 is adapted to maintain content management information that is generated for each content. Such content management information may include various data items, such as a content ID, information on storage on which content is stored.
The disk apparatus 92 and the tape apparatus 93 are adapted to function as storage apparatuses as described above, and are adapted to store content data generated by a specific operation server 95.
The content management processor 94 is configured to manage content data stored on the disk apparatus 92 and the tape apparatus 93.
More specifically, for example, upon registering (storing) content data generated by the specific operation server 95 into the disk apparatus 92, the content management processor 94 generates a hash code for the content. The content management processor 94 stores the generated hash code by relating it to the content data to be stored on the disk apparatus 92 (see the reference symbol “G1” in FIG. 7).
Thereafter, the content management processor 94 makes comparison every time the specific operation server 95 accesses to content data stored on the disk apparatus 92 (see the reference symbol “G2” in FIG. 7). For example, when the content data that is saved on the disk apparatus 92 has been updated, the content management processor 94 compares the hash code that was generated when the content was registered (saved) against the hash code generated when the content was updated, and determines whether there is any discrepancy between them.
Suppose that content data saved on the disk apparatus 92 is tampered by a terminal (not depicted) other than the specific operation server 95 by making data access to the archive apparatus 90 (see the reference symbol “G3” in FIG. 7), the content management processor 94 generates a hash code that is different from the hash code that was generated upon registration. Thereafter, when the specific operation server 95 accesses to the content data stored on the disk apparatus 92, the content management processor 94 detects that there is discrepancy between the hash code that was generated when the content was registered and the hash code that was generated when the content was tampered (see the reference symbol “G4” in FIG. 7). This makes it possible to check whether or not content data saved on the disk apparatus 92 has been tampered.
However, the above-described technique to detect tampering of content data can detect and identify tampering of content data only after the content data stored on the disk apparatus 92 is accessed by the specific operation server 95, that is, after the content data was tampered.
Since tampering of content data cannot be detected and identified in real-time, notification of tampering and recovery of tampered data are not possible shortly after the tampering was made.