JP4047573B2 - Electronic information management apparatus and program - Google Patents

Description

[0001]
BACKGROUND OF THE INVENTION
The present invention relates to an electronic information management device for safely storing and managing electronic information. Placement And programs.
[0002]
[Prior art]
An electronic information management system for protecting electronic information from unauthorized viewing and falsification of electronic information by a malicious third party, erroneous operation by a user who shares the same electronic computer, etc. Is widely used.
[0003]
This type of electronic information management system has many methods for safely storing and managing electronic information in a storage device by an operating system (OS) or the like. However, according to the management method by the OS, electronic information in the storage device may be stolen due to theft and / or analysis of the storage device.
[0004]
There is also a method using a tool group such as a file encryption tool so as to protect electronic information from theft. However, in the method using the file encryption tool, the encryption method is known, and key information or the like as a clue for decryption may be stored in the storage device, and there is still a possibility that electronic information is stolen. .
[0005]
On the other hand, from the viewpoint of preventing the storage device from being stolen, a method in which key information or the like is stored in a portable device such as an IC card (smart card) and carried by the user can be considered. However, since the method for carrying key information sets different encryption keys for each user, it becomes difficult to share information between users.
[0006]
[Problems to be solved by the invention]
As described above, in the electronic information management system, in the case of the management method using the OS or the method using the file encryption tool, there is a possibility that the electronic information is stolen by theft and / or analysis of the storage device.
[0007]
In addition, when an encryption key is set for each user, it becomes difficult to share information between different users.
[0008]
The present invention has been made in consideration of the above circumstances, and even if the storage device is analyzed, the decryption of the stored content can be prevented, and the electronic information management device that can improve the safety. Placement And to provide a program.
[0009]
Another object of the present invention is to provide an electronic information management device that can facilitate information sharing among users even when an encryption key is set for each user. Placement And providing a program.
[0010]
[Means for Solving the Problems]
A first invention is an electronic information management device that is connected to a management server device and manages electronic information, and when writing input electronic information, any one of a plurality of encryption algorithms Information encryption means for encrypting the electronic information based on an encryption algorithm to obtain encrypted electronic information; and a dividing means for dividing the encrypted electronic information obtained by the information encryption means into a plurality of fragments; Fragment writing means for writing each fragment divided by the dividing means by designating random physical position information, physical position information used in the fragment writing means, and encryption used in the encryption means Correspondence table creation means for creating a correspondence table including a conversion algorithm name and the correspondence table created by the correspondence table creation means The encryption correspondence table writing means for writing the specified encryption correspondence table by designating the physical position information, and the physical position information used by the encryption correspondence table writing means are transmitted to the management server device And an electronic information management device comprising:
[0011]
Thereby, the electronic information is encrypted by the information encryption means, divided into fragments by the dividing means, and written into random physical positions by the fragment writing means.
[0012]
Here, the correspondence table including the physical position information necessary for reading the electronic information and the name of the encryption algorithm used for the encryption is encrypted and written. This makes it difficult to specify the physical position information of each fragment and the encryption algorithm used for encryption.
[0013]
Even if the encryption correspondence table is decrypted, the physical position information of the encryption correspondence table is managed by the management server device, so that it is difficult to specify the encryption correspondence table before decryption.
[0014]
Therefore, even if the storage device of the electronic information management device is analyzed, decryption of the stored content can be prevented, and safety can be improved.
[0015]
Even when an encryption key is set for each user, information can be easily shared between users by transmitting correspondence table acquisition information according to the access authority of the user on the management server side.
[0016]
According to a second invention, in the first invention, the table position acquisition means for acquiring the physical position information transmitted by the table position transmission means from the management server device, and the physical position information acquired by the table position acquisition means An encryption correspondence table reading means for reading out the encryption correspondence table, a correspondence table decrypting means for decrypting the encryption correspondence table read by the encryption correspondence table and obtaining a correspondence table, and Based on the correspondence table obtained by the correspondence table decoding means, fragment reading means for reading each fragment, combining means for combining the fragments read by the fragment reading means, and each fragment combined by the combining means The encrypted electronic information consisting of the encryption described in the correspondence table Decoded based on the encryption algorithm algorithm names, and information decoding means for outputting the electronic information obtained, an electronic information management apparatus having a.
[0017]
Thereby, in addition to the effect | action of 1st invention, in the case of a read-out process, electronic information can be read out easily and reliably.
[0020]
Each of the above inventions is expressed as “device”, but is not limited thereto, and may be expressed by another expression such as “program”, “method”, or “system”.
[0021]
DETAILED DESCRIPTION OF THE INVENTION
Embodiments of the present invention will be described below with reference to the drawings.
(First embodiment)
FIG. 1 is a schematic diagram showing a configuration of an electronic information management system according to the first embodiment of the present invention, and FIG. 2 is a schematic diagram showing a storage form of each electronic information managed by the system. 3 is a schematic diagram showing a configuration of a correspondence table for managing each electronic information, and FIG. 4 is a schematic diagram showing a configuration of correspondence table acquisition information for managing the correspondence table.
[0022]
In this electronic information management system, as shown in FIG. 1, a client device 2 connected to a storage device 1 is connected to a management server 4 via a communication line 3 such as the Internet and / or a dedicated line.
[0023]
Here, the storage device 1 stores each fragment e of the electronic information E and the correspondence table T so as to be readable / writable from the client device 2, and is not limited to the connected form as shown in FIG. The client device 2 may be built in, or may be a detachable small storage medium.
[0024]
As shown in FIG. 2, the electronic information E is converted into encrypted electronic information E ′ by encryption in the client device 2 and then divided into each fragment e and stored in the storage area 1 a in the storage device 1. Remembered. The fragment e is a unit obtained by dividing the encrypted electronic information E ′ into a fixed length or a random size. Note that redundancy may be added to fragments by a method such as secret sharing or error correction code from the viewpoint of improving reliability.
[0025]
The correspondence table T is a collection of data for decrypting each fragment e in the storage device 1 and includes common information C and storage area information M as shown in FIG. Is stored in a storage area in the storage device 1 in an encrypted state (hereinafter also referred to as an encryption correspondence table T ′).
[0026]
Note that the correspondence table T is collected for each electronic information group classified according to the defined access rules, and is encrypted using a different public key for each correspondence table T. As an encryption correspondence table T ′, It is stored in the storage device 1.
[0027]
The common information C includes identification information c1 for identifying the electronic information E to be stored, an encryption algorithm name c2 used for encryption, and a decryption key c3 corresponding to the used encryption algorithm.
[0028]
As the identification information c1, any information that can identify the electronic information E such as an identifier such as a file name or a hash value can be used.
[0029]
The encryption algorithm name c2 and the decryption key c3 are basically arbitrary, but from the viewpoint of high-speed processing, those corresponding to the common key cryptosystem are used in this embodiment. Accordingly, in the following description, the decryption key c3 is also referred to as a common key c3.
[0030]
The storage area information M is configured to include a combination order m1, a size m2, physical position information m3 in the storage device 1, and a compressed value m4 for each fragment e.
[0031]
The storage area information M can be any information as long as it indicates the storage location of each fragment e in the storage device 1. For example, a physical address or a pointer can be used as the physical position information m3. The size m2 may be omitted.
[0032]
The compressed value m4 is data for verifying each fragment e, and is a value obtained by processing each fragment e with a one-way function such as a hash function.
[0033]
On the other hand, the client device 2 includes a communication interface 10, an operating system (hereinafter referred to as OS) 20, and an information management module 30, and the information management module 30 is connected to the storage device 1.
[0034]
The communication interface 10 is an interface between the communication line 3 and the information management module 30.
The OS 20 has a function of managing the information management module 30 and accessing electronic information in the storage device 1 via the information management module 30 in addition to the functions of a normal OS.
[0035]
The information management module 30 includes a mutual authentication unit 31, a correspondence table management unit 32, a random number generation unit 33, an algorithm selection unit 34, a key generation unit 35, an encryption / decryption unit 36, an input / output unit 37, and a storage / read unit 38. Yes.
[0036]
Here, the mutual authentication unit 31 includes an authentication unit 31a that executes mutual authentication processing with the management server 4 and a communication unit 31b that executes communication processing with the management server 4, and the mutual authentication unit 31a performs mutual processing. When the authentication result is valid, the communication unit 31b sends the correspondence table acquisition information G transmitted from the management server 4 to the correspondence table management unit 32, and the correspondence table name and physical position received from the correspondence table management unit 32 Information is communicated to the management server 4 on the communication line 3 via the communication interface 10.
[0037]
The mutual authentication unit 31 can use an arbitrary authentication method such as a challenge and response method based on a public key encryption method or an authentication using a public key infrastructure as a mutual authentication method. Similarly, any method can be used for the key exchange method.
[0038]
After the authentication with the management server 4 is established, the correspondence table management unit 32 retrieves the encryption correspondence table T ′ from the storage device 1 via the storage / reading unit 38 based on the correspondence table acquisition information G from the mutual authentication unit 31. The function of reading and decoding and the correspondence table T obtained by decoding at the time of reading from the storage device 1, the storage / reading unit 38 is controlled and each fragment e in the storage device 1 is encrypted / decrypted 36. It has a function to send to.
[0039]
On the other hand, the correspondence table management unit 32 encrypts the correspondence table T with a function for creating or updating the correspondence table T based on each information received from each unit 36 to 38 when writing to the storage device 1. A function of obtaining the encryption correspondence table T ′, a function of writing the encryption correspondence table T ′ into the storage device 1 via the storage / reading unit 38, and physical location information of the encryption correspondence table T ′ in the storage device 1 And correspondence table storage information including the correspondence table name is sent to the mutual authentication unit 31 addressed to the management server 4.
[0040]
As shown in FIG. 4, the correspondence table acquisition information G includes a correspondence table name g1, a secret key g2 of the management server 4 that can decrypt the correspondence table T, and correspondence table storage area information g3.
[0041]
The correspondence table name g1 is the name of the encryption correspondence table T ′ and corresponds to the name of the correspondence table. The correspondence table storage area information g3 is physical position information indicating the physical position of the encryption correspondence table T ′ in the storage device 1.
[0042]
The random number generation unit 33 has a function of generating a random number when the OS 20 accesses the input / output unit 37 and sending the obtained random number to the encryption algorithm selection unit 34 and the key generation unit 35.
[0043]
The algorithm selection unit 34 selects any one of a plurality of common-key cryptosystem encryption algorithms based on the random number sent from the random number generation unit 33, and selects the selection result as the key generation unit 35 and the encryption / decryption unit. 36.
[0044]
The key generation unit 35 randomly generates a common key that can be used for the encryption algorithm selected by the algorithm selection unit 34 based on the random number sent from the random number generation unit 33, and the obtained common key c3 is an encryption / decryption unit. 36.
[0045]
The encryption / decryption unit 36 includes an information encryption unit 361, a division unit 362, a compression unit 363, a verification unit 364, a combination unit 365, and an information decryption unit 366.
The information encryption unit 361 encrypts the electronic information E input from the input / output unit 37 based on the encryption algorithm selected by the encryption algorithm selection unit 34 and the common key c3 generated by the key generation unit 35, It has a function of sending the obtained encrypted electronic information E ′ to the dividing unit 362. The information encryption unit 361 has a function of sending the encryption algorithm name c2 and the common key c3 used for encryption to the correspondence table management unit 32.
[0046]
The dividing unit 362 divides the encrypted electronic information E ′ sent from the information encryption unit 361 to create a plurality of fragments e, and sends each fragment e and its combination order m1 (and size m2) to the compression unit 363. Has a function to send. Note that the size m2 may be omitted when it is obtained separately, as in the case where all the values are the same value or when the size m2 is constant for each combination order m1.
[0047]
The compression unit 363 has a function of transferring each fragment e, the joining order m1 and the size m2 sent from the dividing unit 362 to the storage / reading unit 38, and a compressed value m4 obtained by compressing each fragment e, in correspondence table management. And a function for sending to the unit 32.
[0048]
The verification unit 364 compares the compression value obtained by compressing each fragment e read by the storage / reading unit 38 by the same process as the compression unit 363 and the corresponding compression value m4 in the correspondence table T, Only when the compressed values match, each fragment e is sent to the combining unit 365.
[0049]
The combining unit 365 has a function of combining the fragments e sent from the verification unit 364 to create encrypted electronic information E ′ and sending the obtained encrypted electronic information E ′ to the information decrypting unit 366.
[0050]
The information decryption unit 366 decrypts the encrypted electronic information E ′ received from the combining unit 365 based on the encryption algorithm name c2 and the common key c3 of the correspondence table T, and the obtained electronic information E is input / output unit 37. It has a function to send to.
[0051]
The input / output unit 37 includes an input unit 37a and an output unit 37b.
The input unit 37a activates the random number generation unit 33 by inputting the electronic information E to the information encryption unit 361 among the electronic information E received from the OS 20, the identification information, and the write request, and sending the write request. And a function of sending identification information to the correspondence management table 32.
[0052]
The output unit 37b has a function of outputting the electronic information E received from the information decoding unit 366 to the OS 20.
[0053]
The storage / reading unit 38 includes a storage unit 38a and a reading unit 38b.
The storage unit 38a stores the fragment e received from the compression unit 363 in the storage device 1, adjusts the storage area based on the random number received from the random number generation unit 33, and stores each fragment e. a function of sending physical position information m3 indicating a storage area storing e and a joining order m1 of each fragment to the correspondence table management unit 32.
[0054]
Here, the function of adjusting the storage area is, for example, a moving method for moving each existing fragment e to another storage area, or storing each new fragment e while holding the existing fragment e as it is. A new addition method for storing in the area can be used as appropriate.
[0055]
The storage unit 38a has a function of sending physical position information m3 indicating a storage area in which each fragment e is stored, a combination order m1 of each fragment e, and a size m2 to the correspondence table management unit 32.
[0056]
The reading unit 38b controls the correspondence table management unit 32 to read the encrypted correspondence table T ′ from the storage device 1 and send it to the correspondence table management unit 32, and correspondence table management obtained by decrypting the correspondence table T. Under the control of the unit 32, each fragment e in the storage device 1 is read out and sent to the verification unit 364.
[0057]
On the other hand, the management server 4 has a function of processing a login request and a logoff request from the client device 2, respectively.
Functions for processing a login request include a function for performing mutual authentication with the client device 2, a function for authenticating user authentication information when the result of mutual authentication is valid, and a function for authenticating user authentication. And a function of transmitting correspondence table acquisition information G stored in advance to the client device 2 based on a predetermined access rule and a read request transmitted from the client device 2. The user authentication function may be omitted.
[0058]
As a function for processing a logoff request, based on a logoff request from the client apparatus 2, a function for transmitting the public key of the own apparatus 4 to the client apparatus 2 and a correspondence table storage information transmitted from the client apparatus 2 are used. And the function of generating the correspondence table acquisition information G and storing it in the own device 4.
[0059]
The client device 2, the information management module 30, and the management server 4 can be realized by a software configuration and / or a hardware configuration, respectively. When realized by a software configuration, a program for realizing the functions of the devices 2 and 4 is installed in the devices 2 and 4 from a storage medium or a network in advance.
[0060]
Next, the operation of the electronic information management system configured as described above will be described with reference to the sequence diagram of FIG. 5, the schematic diagrams of FIGS. 6 and 8, and the flowcharts of FIGS.
[0061]
(At login, times t1 to t4, ST1)
Assume that the client device 2 is logged in by a user operation.
As shown in FIG. 5, the information management module 30 of the client device 2 transmits a login request to the management server 4 (time t1) as shown in FIG. Is executed (time t2).
[0062]
When mutual authentication between the devices 2 and 4 is established, the authentication information of the user is authenticated by the management server 4. After the user authentication is established, the information management module 30 and the management server 4 establish a safe communication path between the mutual 30 and 4.
[0063]
After the mutual authentication and the user authentication are completed, the management server 4 transmits correspondence table acquisition information G corresponding to the access authority of the authenticated user to the client device 2 in accordance with a preset access rule (time t3). Thereafter, the management server 4 performs exclusive processing without transmitting the correspondence table acquisition information G to other users until the logoff is completed.
[0064]
In the client device 2, the correspondence table management unit 32 reads the encryption correspondence table T ′ from the storage device 1 via the storage / readout unit 38 based on the correspondence table acquisition information G (time t 4). The correspondence table T ′ is decrypted with the secret key g2 in the correspondence table acquisition information G, and the correspondence table T is obtained (ST1).
[0065]
(Reading process; time t5, ST2 to ST5)
Next, the reading process will be described with reference to FIGS.
Now, it is assumed that a read request is input from the OS 20 to the correspondence table management unit 32 via the input unit 37a. The correspondence table management unit 32 identifies each piece of information described in the correspondence table T based on the identification information of the electronic information that is the target of the reading request.
[0066]
Subsequently, the correspondence table management unit 32 controls the reading unit 38 b based on the storage area information M. The reading unit 38b reads each corresponding fragment e in the storage device 1 and sends it to the verification unit 364 (ST2).
[0067]
The verification unit 364 compares the compression value obtained by compressing each sent fragment e by the same process as the compression unit 363 and the corresponding compression value m4 in the correspondence table T received from the correspondence table management unit 32, When it is verified that the contents have not been tampered with (both compression values match) (ST3), each fragment e is sent to the combining unit 365.
[0068]
The combining unit 365 combines these fragments e to create encrypted electronic information E ′ (ST4), and sends the obtained encrypted electronic information E ′ to the information decrypting unit 366.
[0069]
On the other hand, the correspondence table management unit 32 sends the common key c3 in the correspondence table T to the information decryption unit 366 and sends the encryption algorithm corresponding to the encryption algorithm name c2 in the correspondence table T via the encryption algorithm selection unit 34. The information is sent to the information decoding unit 366.
[0070]
The information decryption unit 366 decrypts the encrypted electronic information E ′ from the combining unit 365 based on the common key c3 and the encryption algorithm (ST5), and sends the obtained electronic information E to the output unit 37b.
[0071]
The output unit 37b sends the electronic information E to the OS 20.
(Write process; time t5, ST11 to ST16)
Next, the writing process will be described with reference to FIGS. Now, the electronic information E is input from the OS 20 to the information encryption unit 361 via the input unit 37a, and the identification information c1 and the write request of the electronic information E are received from the OS 20 via the input unit 37a. In addition, it is assumed that a write request is input from the OS 20 to the random number generation unit 33 via the input unit 37a.
[0072]
Upon receiving this write request, the random number generation unit 33 generates a random number and sends the obtained random number to the encryption algorithm selection unit 34 and the key generation unit 35.
[0073]
Based on the random number, the algorithm selection unit 34 selects one of a plurality of common key encryption algorithms, and sends the selection result to the key generation unit 35 and the encryption / decryption unit 36.
[0074]
The key generation unit 35 randomly generates a common key usable for the selected encryption algorithm based on the random number received from the random number generation unit 33 (ST11), and the obtained common key c3 is stored in the encryption / decryption unit 36. Send it out.
[0075]
The information encryption unit 361 encrypts the electronic information E from the input unit 37a based on the transmitted encryption algorithm and the common key c3, and sends the obtained encrypted electronic information E ′ to the dividing unit 362. The encryption algorithm name c2 and common key c3 used for encryption are sent to the correspondence table management unit 32.
[0076]
The dividing unit 362 divides the encrypted electronic information E ′ received from the information encryption unit 361 into a plurality of fragments e (ST12), and sends each fragment e, its combination order m1 and size m2 to the compression unit 363.
[0077]
The compression unit 363 individually compresses each fragment e sent from the division unit 362 to generate each compression value m4 (ST13), and sends each obtained compression value m4 to the correspondence table management unit 32. Each fragment e, the joining order m1 and the size m2 are transferred to the storage unit 38a.
[0078]
The storage unit 38a randomly determines the physical position of the storage device 1 based on the random number received from the random number generation unit 33 (ST14), and stores each fragment e in the determined physical position (ST15).
[0079]
Thereafter, the storage unit 38a sends the physical position information m3 indicating the storage area in which each fragment e is stored, the joining order m1 and the size m2 of each fragment e to the correspondence table management unit 32.
[0080]
The correspondence table management unit 32 includes identification information c1 from the input unit 37a, an encryption algorithm name c2 and a common key c3 from the information encryption unit 361, a compressed value m4 from the compression unit 363, a combination order m1 from the storage unit 38a, The correspondence table T is created or updated based on the size m2 and the physical position information m3 (ST16).
[0081]
(At logoff, time t6 to t9)
Assume that the client device 2 is logged off by a user operation.
The information management module 30 of the client device 2 transmits a logoff request to the management server 4 through the communication unit 31b (time t6), and acquires the public key for encryption of the correspondence table T from the management server 4 (time t7). .
[0082]
When the correspondence table management unit 32 encrypts the obtained correspondence table T with this public key to obtain the encryption correspondence table T ′, the encryption correspondence table T ′ and the public key are stored in the storage device 38a via the storage unit 38a. 1 is written (time t8).
[0083]
When the correspondence table management unit 32 receives the physical position information and the correspondence table name of the encryption correspondence table T ′ in the storage device 1 from the storage unit 38a, the correspondence table storage information including the physical position information and the correspondence table name is received. Is transmitted to the management server 4 via the communication unit 31b and the communication interface 10 (time t9).
[0084]
The management server 4 generates correspondence table acquisition information G from the secret key g2 corresponding to the public key transmitted to the client device 2, the physical position information acquired from the client device 2, and the correspondence table name g1, and is managed by the own device 4 To do.
[0085]
As described above, according to the present embodiment, the encrypted electronic information E is divided and randomly written in the storage device 1, the correspondence table T necessary for reading and decryption is concealed, and the correspondence table acquisition information G Can be prevented even if the storage device 1 is analyzed.
[0086]
Specifically, the electronic information E is encrypted by the information encryption unit 361, divided into each fragment e by the dividing unit 362, and written into random physical positions of the storage device 1 by the storage unit 38 a.
[0087]
However, the correspondence table T including the physical position information m3 necessary for reading the electronic information E and the name c2 of the encryption algorithm used for encryption is encrypted and written. For this reason, it becomes difficult to specify each fragment e and the encryption algorithm used for encryption.
[0088]
For example, when the encrypted electronic information E is to be decrypted by dividing into fragments e, it is necessary to collect all the divided fragments e.
[0089]
However, when the storage device 1 is a virtual storage device in which a plurality of physical disks are virtually integrated, since each fragment e is distributed to each physical disk, it is extremely difficult to collect all the fragments e.
[0090]
Further, when the length of each fragment e is divided at random, it can be determined only in a state where the fragment group in the storage device 1 is combined into one ciphertext, and it becomes difficult to extract individual fragments e.
[0091]
Here, even if the direct collection of each fragment e is stopped and the encryption correspondence table T ′ is decrypted, the physical position information of the encryption correspondence table T ′ is managed by the management server 4. It is difficult to specify the encryption correspondence table T ′.
[0092]
Therefore, in any case, even if the storage device 1 of the client device 2 is analyzed, the decryption of the stored content can be prevented and the safety can be improved.
[0093]
In addition, since the management server 4 transmits the correspondence table acquisition information G according to the access authority of the user of the client device 2, it is possible to easily share information between different users.
[0094]
In particular, in an electronic computer that handles highly confidential information, it is possible to perform safer electronic information management without imposing an excessive burden on the user.
[0095]
On the other hand, in the reading process, electronic information can be read easily and reliably based on the correspondence table T. Further, since the verification unit 364 compares the compressed value by the compression unit 363 with the compressed value by each read fragment, it is possible to detect a case where each fragment has been tampered with.
[0096]
(Second Embodiment)
FIG. 10 is a schematic diagram showing the configuration of an electronic information management system according to the second embodiment of the present invention. The same parts as those in the above-mentioned drawings are given the same reference numerals, and detailed descriptions thereof are omitted. Is mainly described. In the following embodiments, the same description is omitted.
[0097]
That is, unlike the first embodiment in which the encryption correspondence table T ′ is stored in the storage device 1, the present embodiment is configured to store the encryption correspondence table T ′ in the management server 4x.
[0098]
Accordingly, the correspondence table management unit 32x replaces the functions related to the correspondence table acquisition information G and the correspondence table storage information described above, and after the authentication with the management server 4 is established, the encryption correspondence table T ′ from the mutual authentication unit 31. Is obtained by decrypting the private table with its own private key, obtaining the correspondence table, encrypting the correspondence table T updated in the storage device 1 with the public key of the management server 4x, and obtaining the encryption correspondence table T ″, It has a function of sending the table T ″ to the mutual authentication unit 31 addressed to the management server 4 and a function of deleting the correspondence table T of the client environment after sending the encryption correspondence table T ″.
[0099]
On the other hand, instead of the function relating to the correspondence table acquisition information G and the correspondence table storage information described above, the management server 4x uses a client device after mutual authentication and user authentication in the function of processing a login request as shown in FIG. 2 is the encryption correspondence table T ′ (time t3x).
[0100]
Further, in the function of processing the logoff request, when the correspondence table T is obtained by decrypting the encryption correspondence table T ″ (time t9) transmitted from the client device 2 with its own private key, the correspondence table T is converted into the client device. The encryption correspondence table T ′ obtained by encrypting with the public key 2 is stored in the own device 4.
[0101]
With the configuration as described above, even when the correspondence table T is not managed by the client device 2x and is managed on the management server 4x side, the same effect as that of the first embodiment can be obtained.
[0102]
In the present embodiment, it is only necessary to manage the correspondence table T on the management server 4x side. For example, the same effect can be obtained even when the correspondence table T in the plaintext state is communicated without the encryption correspondence table T ′, T ″ being communicated between the client device 2x and the management server 4x. be able to.
[0103]
(Third embodiment)
FIG. 12 is a schematic diagram showing the configuration of an electronic information management system according to the third embodiment of the present invention.
[0104]
This embodiment is a modification of the second embodiment in which the correspondence table T is managed on the management server 4x side, and a portable electronic computer 40 in which the storage device 1 and the client device 2x are downsized and built in, and the management server 4x. It is comprised from the information storage apparatus 50 with a calculation function which reduced in size and was incorporated.
[0105]
Here, the portable electronic computer 40 can be realized by, for example, a portable information terminal PDA or a cellular phone, and when reading the electronic information E of its own storage device 1, the correspondence table T of the information storage device 50 is obtained. The electronic information E can be read out as in the second embodiment. Further, when the electronic information E of the storage device 1 is written, the correspondence table T can be transmitted to the information storage device 50 after the electronic information E is written, as in the second embodiment.
[0106]
The information storage device 50 is a small device such as an IC card (smart card) having a tamper-resistant memory, and personal identification based on identification information such as biometric identification and / or PIN (personal identification number, eg, password). It has a function. When a biometric identification device is provided as a personal identification function, a biometric identification information reading device as a part of the biometric identification device may be arranged in the portable electronic computer 40. Also, the initial authentication at the time of user login is that after the mutual authentication between the devices 40 and 50, biometric identification information such as a fingerprint, a voiceprint or an iris is collated in the information storage device 50, and the right to use the information storage device 50 is acquired. do it.
[0107]
According to the above configuration, the correspondence table T for reading the electronic information E is stored in the information storage device 50. Therefore, in addition to the effects of the second embodiment, a development tool for a portable electronic computer is used. This prevents unauthorized operation of electronic information.
[0108]
In addition, when the personal identification result based on the biometric identification information is valid, the right to use the information storage device 50 is acquired, so that safer electronic information management can be performed.
[0109]
As a modification of the present embodiment, the information storage device 50 does not require that all memories be tamper resistant. For example, the tamper resistant memory stores at least the correspondence table T (or the encryption correspondence table). Preferably, in addition to the correspondence table T, it may be used for storing biometric identification information and / or PIN information. In this case, a normal memory having no tamper resistance may be used for storing information (less confidential) such as the correspondence table T other than highly confidential information. With such a modification, the storage capacity of the high-cost tamper-resistant memory can be suppressed to a necessary minimum, so that the cost can be reduced.
[0110]
(Fourth embodiment)
FIG. 13 is a schematic diagram showing the configuration of an electronic information management system according to the fourth embodiment of the present invention.
[0111]
The present embodiment is a modification of the first embodiment in which the correspondence table T is managed on the client device 2 side. The portable electronic computer 40y in which the storage device 1 and the client device 2 are reduced in size and the management server 4 is included. It is comprised from the information storage apparatus 50y with a calculation function which reduced in size and was incorporated.
[0112]
Here, as described above, the portable electronic computer 40y can be realized by, for example, a portable information terminal PDA or a cellular phone, and preferably, the entire storage area of the built-in storage device 1 or the correspondence table T is stored. A tamper resistant memory is used for the storage area.
[0113]
As described above, the information storage device 50y is a small device such as an IC card having a tamper-resistant memory, and has a personal identification function such as biometric identification and / or PIN. Similarly, in the information storage device 50y, a tamper resistant memory is preferably used for the entire storage region of the built-in storage device (not shown) or the storage region for the correspondence table acquisition information G.
[0114]
Even with the configuration as described above, the correspondence table T for reading out the electronic information E is stored in the portable electronic computer 40y, so that it is a small electronic information management system including the portable electronic computer 40y and the information storage device 50y. However, the effect of the first embodiment can be obtained.
[0115]
The method described in each of the above embodiments is a program that can be executed by a computer, such as a magnetic disk (floppy (registered trademark) disk, hard disk, etc.), an optical disk (CD-ROM, DVD, etc.), a magneto-optical disk ( MO), and can be stored and distributed in a storage medium such as a semiconductor memory.
[0116]
In addition, as long as the storage medium can store a program and can be read by a computer, the storage format may be any form.
[0117]
In addition, an OS (operating system) running on a computer based on an instruction of a program installed in the computer from a storage medium, MW (middleware) such as database management software, network software, and the like implement the present embodiment. A part of each process may be executed.
[0118]
Further, the storage medium in the present invention is not limited to a medium independent of a computer, but also includes a storage medium in which a program transmitted via a LAN, the Internet, or the like is downloaded and stored or temporarily stored.
[0119]
Further, the number of storage media is not limited to one, and the case where the processing in the present embodiment is executed from a plurality of media is also included in the storage media in the present invention, and the media configuration may be any configuration.
[0120]
The computer according to the present invention executes each process according to the present embodiment based on a program stored in a storage medium, and includes a single device such as a personal computer or a system in which a plurality of devices are connected to a network. Any configuration may be used.
[0121]
In addition, the computer in the present invention is not limited to a personal computer, but includes an arithmetic processing device, a microcomputer, and the like included in an information processing device, and is a generic term for devices and devices that can realize the functions of the present invention by a program. .
[0122]
Note that the present invention is not limited to the above-described embodiments, and various modifications can be made without departing from the scope of the invention at the stage of implementation.
For example, the information management module 30 in the client device 2 in the first to fourth embodiments may be implemented as a board or may be implemented on software.
[0123]
The information management module 30 may be mounted as a chip or a circuit in the PDA, or may be mounted in a form in which the card-shaped information management module 30 is inserted into the slot of the client device 2.
[0124]
Further, the information management module 30 may be entirely installed on the hard disk as software, or a part of the whole except the mutual authentication unit 31 is mounted on the hard disk as software, and the mutual authentication unit 31 is used as software for the OS 20. You may implement it above.
[0125]
In addition, the embodiments may be appropriately combined as much as possible, and in that case, combined effects can be obtained. Furthermore, the above embodiments include inventions at various stages, and various inventions can be extracted by appropriate combinations of a plurality of disclosed configuration requirements. For example, when an invention is extracted by omitting some constituent elements from all the constituent elements shown in the embodiment, when the extracted invention is implemented, the omitted part is appropriately supplemented by a well-known common technique. It is what is said.
[0126]
In addition, the present invention can be implemented with various modifications without departing from the gist thereof.
[0127]
【The invention's effect】
As described above, according to the present invention, even if a storage device is analyzed, decryption of the stored content can be prevented, and safety can be improved. Moreover, even when an encryption key is set for each user, information sharing among users can be facilitated.
[Brief description of the drawings]
FIG. 1 is a schematic diagram showing a configuration of an electronic information management system according to a first embodiment of the present invention.
FIG. 2 is a schematic diagram showing a storage form of each electronic information in the embodiment
FIG. 3 is a schematic diagram showing a correspondence table in the embodiment;
FIG. 4 is a schematic diagram showing a configuration of correspondence table acquisition information according to the embodiment;
FIG. 5 is a sequence diagram for explaining an operation in the embodiment;
FIG. 6 is a schematic diagram for explaining a read operation in the embodiment;
FIG. 7 is a flowchart for explaining a read operation in the embodiment;
FIG. 8 is a schematic diagram for explaining a write operation in the embodiment;
FIG. 9 is a flowchart for explaining a writing operation in the embodiment;
FIG. 10 is a schematic diagram showing a configuration of an electronic information management system according to a second embodiment of the present invention.
FIG. 11 is a sequence diagram for explaining an operation in the embodiment;
FIG. 12 is a schematic diagram showing a configuration of an electronic information management system according to a third embodiment of the present invention.
FIG. 13 is a schematic diagram showing a configuration of an electronic information management system according to a fourth embodiment of the present invention.
[Explanation of symbols]
1 Storage device
2,2x ... Client device
3. Communication line
4,4x ... Management server
10 Communication interface
20 ... OS
30 ... Information management module
31 ... Mutual authentication part
31a: Authentication unit
31b ... Communication part
32, 32x ... correspondence table management unit
33 ... Random number generator
34. Algorithm selection part
35 ... Key generator
36: Encryption / decryption unit
361 ... Information encryption unit
362 ... division part
363 ... Compression unit
364 ... Verification unit
365 ... coupling part
366 ... Information decoding unit
37 ... Input / output section
37a ... Input section
37b: Output unit
38 ... Storage / reading unit
38a ... preservation part
38b ... reading unit
40, 40y ... portable electronic computer
50, 50y ... Information storage device
E ... Electronic information
E '... Encrypted electronic information
T ... correspondence table
T ', T "... Encryption correspondence table
e ... fragment
C ... Common information
c1 ... Identification information
c2: Encryption algorithm name
c3: Decryption key, common key
M: Storage area information
m1 ... Join order
m2 ... Size
m3 ... Physical position information
m4: Compression value
G ... Correspondence table acquisition information
g1 ... Corresponding table name
g2 ... Secret key
g3 ... Correspondence table storage area information

Claims (7)

An electronic information management device that is connected to a management server device and manages electronic information,
An information encryption means for encrypting the electronic information based on any one of a plurality of encryption algorithms and obtaining the encrypted electronic information when writing the input electronic information;
Dividing means for dividing the encrypted electronic information obtained by the information encryption means into a plurality of fragments;
Fragment writing means for performing writing processing by designating random physical position information for each fragment divided by the dividing means;
A correspondence table creating means for creating a correspondence table including each physical position information used in the fragment writing means and an encryption algorithm name used in the encryption means;
An encryption correspondence table writing means for encrypting the correspondence table created by the correspondence table creation means and writing the specified encryption correspondence table by designating physical position information;
Table position transmitting means for transmitting physical position information used in the encryption correspondence table writing means to the management server device;
An electronic information management device comprising: The electronic information management device according to claim 1,
Table position acquisition means for acquiring physical position information transmitted by the table position transmission means from the management server device;
An encryption correspondence table reading means for reading out the encryption correspondence table based on the physical position information acquired by the table position acquisition means;
A correspondence table decrypting means for decrypting the encrypted correspondence table read by the encryption correspondence table and obtaining a correspondence table;
Fragment reading means for reading out each fragment based on the correspondence table obtained by the correspondence table decoding means;
Combining means for combining the fragments read by the fragment reading means;
Information decrypting means for decrypting the encrypted electronic information composed of the fragments combined by the combining means based on the encryption algorithm of the encryption algorithm name described in the correspondence table, and outputting the obtained electronic information;
An electronic information management device comprising: A program used in an electronic information management apparatus that is connected to a management server apparatus and manages electronic information,
A computer of the electronic information management device;
An information encryption means for encrypting the electronic information based on any one of a plurality of encryption algorithms and obtaining the encrypted electronic information when writing the input electronic information;
Dividing means for dividing the encrypted electronic information obtained by the information encryption means into a plurality of fragments;
Fragment writing means for writing each fragment divided by the dividing means by designating random physical position information.
Correspondence table creating means for creating a correspondence table including each physical position information used in the fragment writing means and an encryption algorithm name used in the encryption means;
An encryption correspondence table writing means for encrypting the correspondence table created by the correspondence table creation means and writing the obtained encryption correspondence table by designating physical position information;
Table position transmitting means for transmitting physical position information used in the encryption correspondence table writing means to the management server device;
Program to function as. In the program according to claim 3,
A computer of the electronic information management device;
Table position acquisition means for acquiring physical position information transmitted by the table position transmission means from the management server device;
An encryption correspondence table reading means for reading out the encryption correspondence table based on the physical position information acquired by the table position acquisition means;
Correspondence table decrypting means for decrypting the encryption correspondence table read by the encryption correspondence table and obtaining the correspondence table;
Fragment reading means for reading out each fragment based on the correspondence table obtained by the correspondence table decoding means;
Combining means for combining the fragments read by the fragment reading means;
Information decryption means for decrypting the encrypted electronic information composed of the fragments combined by the combining means based on the encryption algorithm of the encryption algorithm name described in the correspondence table, and outputting the obtained electronic information;
Program to function as. In the program according to claim 3,
A computer of the electronic information management device;
Instead of the encryption correspondence table writing means and the table position transmission means,
Table transmitting means for encrypting the correspondence table created by the correspondence table creating means, and transmitting the obtained encrypted correspondence table to the management server device;
Program to function as. The program according to claim 5 ,
A computer of the electronic information management device;
An encryption correspondence table transmitted by the table transmission means or another correspondence table obtained by decrypting the correspondence table obtained by decryption from the encryption correspondence table is obtained from the management server device. Table acquisition means,
A correspondence table decrypting means for decrypting the encryption correspondence table obtained by the table obtaining means to obtain a correspondence table;
Fragment reading means for reading out each fragment based on the correspondence table obtained by the correspondence table decoding means;
Combining means for combining the fragments read by the fragment reading means;
Information decryption means for decrypting the encrypted electronic information composed of the fragments combined by the combining means based on the encryption algorithm of the encryption algorithm name described in the correspondence table, and outputting the obtained electronic information;
Program to function as. In the program according to claim 4 or 6,
A computer of the electronic information management device;
Compression means for compressing each fragment divided by the dividing means to obtain a first compressed value;
Each fragment read by the fragment reading means is compressed, and the second compression value obtained is compared with the first compression value obtained by the compression means. A verification means that permits binding by means,
Program to function as.

Images