JP2002344442A - Data transmitter and data receiver and communication system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide communication equipment, capable of transmitting and receiving desired data with higher security property. SOLUTION: Two IC cards 40-1 and 40-2 , and 40-3 and 40-4 , respectively held by a user and a manager, are mounted at both a transmission side and a reception side so that divided pattern tables, key tables, and enciphered pattern tables stored to be divided in the respective two IC cards can be formed as a complete table, and that the following data communication processing can be properly executed. Under that condition, data to be transmitted are connected and then divided by a data dividing part 13, and added with electronic signatures by an electronic signature part 14, and added with dummy files by a dummy file adding part 15, and added with dummy data by a dummy data adding part 16, and enciphered by an enciphering part 17, and transmitted by a transmitting part 18. At the reception side, the reverse processing is executed, so that the original data file can be restored.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

The present invention relates to a data transmitting apparatus, a data receiving apparatus, and a communication system for performing data file communication with higher security.

[0002]

2. Description of the Related Art With the advance of information processing technology and communication technology,
2. Description of the Related Art Information can be easily and efficiently transmitted via a communication network, and the amount of information transmitted via the communication network is increasing exponentially. There are various forms of such communication networks, but the Internet, in which a plurality of computer systems and local communication networks are connected on a worldwide scale, has a scale,
It is attracting attention from the viewpoint of communication cost and is widely used. By the way, via such a communication network, various confidential data communications are also performed between individuals and companies. Such data requiring confidentiality is usually transmitted after being encrypted. To perform this encryption, an encryption key is used. However, a person who encrypts and transmits data needs to securely maintain and manage this encryption key so that it is not lost or leaked.

[0003]

However, with the progress of the encryption technology, the decryption technology is also progressing.
It is in a situation where security is not sufficient by just encrypting. For example, when transmitting a significant data string such as a sentence, cipher text can be relatively easily created by using general knowledge of the general structure of the sentence, frequently used data strings, and expressions. It is known that it can be deciphered. Once the encryption is decrypted, that is, once the encryption key or encryption algorithm is decrypted, subsequent encryption can be decrypted as easily as a valid recipient, and the confidentiality of the data is completely Will not be retained.

[0004] It is therefore an object of the present invention to provide a data transmission device which makes it more difficult to decrypt a cipher and can transmit desired data with higher security. Another object of the present invention is to provide a data receiving apparatus capable of receiving data transmitted with such high security and appropriately decoding the data to receive data with high security. It is in. Still another object of the present invention is to provide a communication device that can transmit and receive desired data with higher security, in which it is more difficult to decrypt a cipher.

[0005]

In order to solve the above problems, a data transmission device according to the present invention communicates with a storage device, which is arranged at a predetermined position and stores key data,
A storage device interface unit for reading the key data, a file dividing unit for dividing a data file to be transmitted to generate a plurality of divided data files, and using the key data for the generated plurality of divided data files. And encrypting means for selectively encrypting the divided data files, and transmitting means for transmitting the plurality of divided data files selectively encrypted.

Preferably, the apparatus further comprises electronic signature means for performing an electronic signature on the selectively encrypted plurality of divided data files using the read key data, wherein the transmission means comprises: Transmitting the plurality of selectively encrypted divided data files with the electronic signature. More preferably, the electronic signature unit uses the first key data read from the first storage device and the second key data read from the second storage device via the storage device interface unit. The digital signature is performed by performing encryption in two steps.

More preferably, the first storage device comprises:
A device that is substantially owned by the user of the data transmission device and stores the first key data based on the authority of the user, and the second storage device is provided by an administrator of the data transmission device. A device that substantially owns and stores the second key data based on the authority of the administrator, wherein the electronic signature unit uses the first key data based on the authority of the user to perform the first key data using the first key data. And performs the second encryption using the second key data based on the authority of the administrator, thereby performing the electronic signature.

Preferably, the apparatus further comprises file integrating means for integrating a plurality of data files to be transmitted into one data file, wherein the file dividing means divides the combined data file, Generate multiple split data files. More specifically, there is further provided a second file integrating means for integrating a plurality of divided data files divided by the file dividing means, and the transmitting means comprises a file integrated by the second file integrating means. Send

Further, a data receiving apparatus according to the present invention comprises:
The data file to be transmitted is divided, receiving means for selectively receiving the transmitted transmission data that has been respectively encrypted and transmitted, and communicates with a storage device in which key data is stored, which is arranged at a predetermined position, Storage device interface means for reading the key data; decryption means for selectively decrypting the received selectively encrypted transmission data using the read key data; and the selective decryption File integrating means for integrating the converted data and generating the original data file to be transmitted.

Preferably, the transmission data is data that has been selectively encrypted and further subjected to an electronic signature.
Electronic signature verification means for inspecting the electronic signature using the read key data is further provided, and the decryption means selectively decrypts the transmission data on which the electronic signature has been inspected. More preferably, the electronic signature checking means includes a third key data and a fourth key data read from a third storage device via the storage device interface means.
Using the fourth key data read from the storage device of
The digital signature is checked by performing decryption in a step.

[0011] More preferably, the third storage device comprises:
A device which is substantially owned by the user of the data receiving device and stores the third key data based on the authority of the user, wherein the fourth storage device is provided by an administrator of the data receiving device. A device that substantially owns and stores the fourth key data based on the authority of the administrator, wherein the electronic signature verification unit uses the fourth key data based on the authority of the administrator to store the fourth key data. 1 is decrypted, and the electronic signature is checked by performing a second decryption using the third key data based on the authority of the user.

Preferably, the original data file to be transmitted is a file generated by combining a plurality of data files to be transmitted, and the original data file to be transmitted integrated by the file integrating means. And a file dividing unit that divides the data file and generates the plurality of data files to be transmitted. Also, specifically,
The transmission data received by the reception means is data generated by further combining the divided data files to be transmitted, and further includes a second file division means for dividing the received transmission data. The file integrating unit integrates the divided data to generate the original data file to be transmitted.

Further, the communication system according to the present invention communicates with a portable storage medium, which is arranged at a predetermined position and stores key data, and reads out the key data. File dividing means for dividing the target data file to generate a plurality of divided data files, and encrypting means for selectively encrypting the generated plurality of divided data files using the key data, A data transmission device having transmission means for transmitting the plurality of divided data files selectively encrypted, and a data file to be transmitted is divided,
A receiving means for selectively receiving the transmission data transmitted in an encrypted form, and a portable storage medium arranged at a predetermined position and communicating with a portable storage medium storing key data and reading the key data Integrating the storage medium interface means, the decryption means for selectively decrypting the received selectively encrypted transmission data using the read key data, and the selectively decrypted data And a data receiving device having file integrating means for generating the original data file to be transmitted.

[0014]

DESCRIPTION OF THE PREFERRED EMBODIMENTS One embodiment of the present invention will be described with reference to FIGS. FIG. 1 is a diagram schematically showing an overall configuration of a communication system 1 according to the present embodiment. FIG.
FIG. 1 is a block diagram showing in detail a configuration of a communication system 1, particularly, a configuration of a transmission device 10 and a reception device 30. As illustrated in FIG. 1, the communication system 1 has a configuration in which a transmission device 10 and a reception device 30 are connected via a transmission line 20. The transmitting device 10 and the receiving device 30 have IC cards 40 _-1 and 40 _-2 held by a user and an administrator of the device, respectively.
By mounting the data files 40 _-3 and 40 _-4 , desired data files can be transmitted and received.

First, the configuration and function of each section of the communication system 1 will be described. First, the IC cards 40 _-1 to 40 _-4 of the users on the transmitting side and the receiving side, which are mounted on the transmitting device 10 and the receiving device 30, and the manager will be described. Each IC card- _i (i = 1 to 4) stores setting data, a division pattern table, an encryption pattern table, and a key table, respectively.

The setting data includes a cardholder ID, a cardholder name, a password, a user flag, a manager flag, and a user ID and a manager ID on the transmission side and the reception side.
And the owner, the corresponding administrator and the receiving party, such as the name, the cardholder's RSA private key, the cardholder's RSA public key, and the corresponding receiving or transmitting user and administrator's RSA public key. This is information for identifying the user and the administrator. Note that the user flag is a flag indicating that the owner of the IC card is the user, and the administrator flag is a flag indicating that the owner of the IC card is the administrator.

The division pattern table is a table in which a plurality of division patterns defining a division method for dividing a data file to be transmitted are stored. This divided pattern table is composed of two IC cards 40 _-1 , 40 _-2 and an IC card 4 for each user and manager on the transmitting and receiving sides.
0 _-3 and 40 _-4 are separately stored. In other words, by integrating the table data of the two IC cards 40 _-1 and 40 _-2 or the IC cards 40 _-3 and 40 _-4 , each IC card 40 is configured so that one divided pattern table is formed. Table data is stored in _-i . The divided pattern tables stored in the two IC cards 40 _-1 and 40 _-2 and the IC cards 40 _-3 and 40 _-4 on the transmission side and the reception side are the same table.

The encryption pattern table is a table in which a plurality of data defining an encryption method for encrypting a data file to be transmitted is stored. This encryption pattern table is divided and stored respectively in two IC cards 40 _-1 and 40 _-2 and IC cards 40 _-3 and 40 _-4 of the user and the administrator on the transmission side and the reception side, respectively. You. That is, by integrating the table data of the two IC cards 40 _-1 and 40 _-2 or the IC cards 40 _-3 and 40 _-4 , each IC card is configured such that one encryption pattern table is formed. Table data is stored in 40- _i . The encryption pattern tables stored in the two IC cards 40 _-1 and 40 _-2 and the IC cards 40 _-3 and 40 _-4 on the transmission side and the reception side are the same table.

The key table stores a plurality of encryption keys used when performing encryption and digital signature on the transmission side, and a plurality of decryption keys used when performing decryption and verification of the electronic signature on the reception side. It is a table. This key table also contains two IC cards 40 _-1 , 40 _-2 and I for each user and administrator on the transmitting and receiving sides.
The data is divided and stored in the C cards 40 _-3 and 40 _-4 , respectively. That is, the two IC card 40 _-1, 40 _-2, or IC card 40 _-3, by each integrating 40 _-4 table data, so that one key table is configured, the IC card 40 _- Table data is stored in _i .

On the transmitting side, the user (operator) who actually operates the transmitting apparatus 10 transmits the IC card 40 _-1 to 40 _-4 in which such data is stored. the first IC card 40 _-1, usually a boss of the user, the administrator is responsible for the processing in the transmitter 10, respectively to hold the second IC card 40 _-2 for the administrator. On the receiving side, the receiving device 30
Is operated by a third IC card 40 for the user.
_-3 , the manager who is usually the boss of the user and is in charge of the processing in the receiving device 30,
Each of the C cards _40-4 is held.

Next, the transmitting device 10 will be described. The transmission device 10 appropriately combines and divides a desired data file to be transmitted, and adds a dummy file and dummy data. Further, the transmitting device 10 adds an electronic signature, encrypts the digital signature, and transmits the digital signature to the receiving device 30 via the transmission path 20. As shown in FIG. 2, the transmitting device 10 includes an IC card reading unit 11, a user / administrator transmitting / receiving side specifying unit 12, a data dividing unit 13, an electronic signature unit 14, a dummy file adding unit 15, a dummy data adding unit 16. , An encryption unit 17 and a transmission unit 18.

The IC card reader 11, at the same time, or the division pattern table used in the one from the user of the IC card 40 _-1 and administrator of the IC card 40 _-2 mounted, division processing and encryption processing after And information such as an encryption pattern table and a key table. For this purpose, the IC card reading unit 11 firstly reads the IC card 40 _-1 of the user who has been mounted and the IC card 40
_-2 , the cardholder ID, cardholder name, password, user flag,
Identify the owner, corresponding administrator and recipient users and administrators, such as the administrator flag and the IDs and names of the sender and recipient users and administrators as shown in FIG. The information is read out and output to a user / administrator transmitting / receiving side specifying unit 12 described later.

The owner of the user's IC card _40-1 and the administrator's IC card _{40-2 in} the user / administrator transmission / reception side specifying unit 12 may be the proper user and administrator of the transmission device 10. If detected, the IC card reading section 11 then sends the user's IC card 40 _{-1 as} shown in FIG.
And the administrator's IC card 40 _-2 , the above-mentioned divided pattern table, encryption pattern table, key table and setting data, the transmission side administrator RSA secret key, the transmission side user RSA secret key, and the reception side administrator The information of the RSA public key and the RSA public key of the user on the receiving side are read. The read division pattern table is output to the data division unit 13, the encryption pattern table and the key table are output to the encryption unit 17, and data necessary for setting data such as key information is output to the electronic signature unit 14.

The user / administrator transmitting / receiving side specifying unit 12
Card holder ID input from the C card reading unit 11,
Based on information such as the cardholder name, password user flag, administrator flag, and the IDs and names of the transmitting and receiving users and administrators, etc.
It is detected whether the worker who has attached the C card _40-1 and the administrator's IC card _40-2 to the transmission device 10 is a proper user and administrator of the transmission device 10, and determines the detection result as an IC.
Notify the card reading unit 11.

The data dividing unit 13 combines a plurality of input data files to be transmitted and generates one combined file. Then, based on the division pattern tables read from the user's IC card _40-1 and the administrator's IC card _40-2 , the combined one combined file is divided into a plurality of temporary divided files, and the dummy file adding unit 15 Output to As described above, in the division pattern table, a plurality of division patterns in which the distribution destination file for each byte of each data of the data file is described, for example, as shown in FIG. The data division unit 13 selects an arbitrary division pattern from the plurality of division patterns and, based on the selected division pattern, divides the combined file into one file, for example, as shown in FIG.
Is divided into three files as shown in FIG. At this time, the data division unit 13 calculates the hash value of the file name of the combined file previously combined and outputs the calculated hash value to the electronic signature unit 14.

The electronic signature unit 14 has a hash value of the file name of the combined file obtained by combining the data files to be transmitted, input from the data division unit 13,
7, the sender-side administrator RSA private key input by the IC card reading unit 11 based on the initial encryption key number created by the IC card reader 7 and the information on the ID and name of each user and administrator on the sender and receiver sides. , The sending user's RSA private key,
Electronic signature data is created using the RSA public key of the receiving side administrator and the RSA public key of the receiving side user, and the created electronic signature data is output to the dummy file adding unit 15.

FIG. 6 is a diagram showing the structure of digital signature data. The hash value storage unit stores the hash value of the file name of the combined file obtained by combining the data files to be transmitted input from the data dividing unit 13 with the RSA of the transmitting user.
This area stores data that has been subjected to RSA encryption processing using a secret key and further subjected to RSA encryption processing using the RSA public key of the receiving side administrator. The key storage unit is an encryption unit 1 described later.
7 is subjected to an RSA encryption process using the RSA public key of the user on the receiving side (operator), and is further processed using the RSA private key of the administrator on the transmitting side.
A area for storing data subjected to A-encryption processing. The signature path storage unit is an area for storing DES-encrypted data of the IDs and names of the users and administrators on the transmission side and the reception side. DES used for this DES encryption
The encryption key is generated according to a predetermined rule based on the data in the hash value storage unit and the key storage unit.

The dummy file adding unit 15 generates one or a plurality of dummy files having contents unrelated to the temporary divided file generated by the data dividing unit 13 and, as shown in FIG. 13 to the plurality of temporary divided files, and outputs the resultant to the dummy data adding unit 16. At this time, the dummy file addition unit 15 generates or adds the number of the division pattern table used in the data division unit 13, the initial value of the DES encryption process used in the encryption unit 17, to the dummy file,
Then, the digital signature data generated by the digital signature unit 14 is written.

As shown in FIG. 8, the dummy data adding unit 16 selectively or indirectly adds one or more or all of the temporary divided files input from the dummy file adding unit 15 to the temporary divided file. Add dummy data. Then, the temporary file and the dummy file added by the dummy file adding unit 15 are output to the encrypting unit 17. Here, dummy data is added to each file so that the data size of each file is a multiple of 8 bytes.

The encryption unit 17 based on the encryption pattern table and key table read from the IC card 40 _-2 IC card 40 _-1 and administrator of the user in the IC card reading unit 11, generates an encryption key Then, using the generated encryption key, the temporary division file and the dummy file, to which the dummy data is selectively added, input from the dummy data addition unit 16 are subjected to encryption processing and output to the transmission unit 18. Further, the encryption unit 17 combines the digital signature data generated by the digital signature unit 14 and the hash value of the file name of the dummy file generated by the dummy file addition unit 15 to generate a control file including the hash value. 18 is output.

User's IC card 40_-1And admin's
IC card 40_-2The encryption pattern table read from
As shown in FIG. 9A, a plurality of encryption schemes
Is stipulated. The user's IC card 40_-1You
And administrator's IC card 40 _-2Key table read from
As shown in FIG. 9A, a plurality of ciphers
The key is registered. The encryption unit 17 uses the plurality of ciphers.
Encryption method such as Triple DES rather than encryption method
And select an arbitrary encryption key from the multiple encryption keys.
Based on the selected and selected encryption key, as shown in FIG.
In this way, encryption is performed.

The transmitting unit 18 transmits the encrypted divided file and dummy file and the control file input from the encrypting unit 17 to the receiving device 30 via the transmission path 20. The transmission device 10 having such a configuration
As a result, the desired transmission target data file is
Sent to

The transmission path 20 includes the transmitting device 10 and the receiving device 3
0 is an arbitrary transmission path connecting the Internet to the Internet in this embodiment.

Next, the receiving device 30 of the communication system 1 will be described. The receiving device 30 receives the data subjected to the various processes described above in the transmitting device 10 and transmitted via the transmission path 20, and decodes the data, removes the dummy file, removes the dummy data, and outputs the data. Perform processing such as integration and division of the original data file to restore the original data file. The receiving device 30 includes, as shown in FIG.
1. IC card reading section 32, user / administrator transmitting / receiving side specifying section 33, dummy file removing section 34, electronic signature section 3
5, a decoding unit 36, a dummy data removing unit 37, and a data integrating unit 38.

The receiving section 31 transmits the signal from the transmitting apparatus 10 to the transmission path 2
0, that is, the encrypted divided file and the dummy file, and the control file, which are received, and output to the dummy file removing unit 34.

The IC card reading section 32 receives a divided pattern table for use in subsequent decoding processing and integration processing from the user's IC card _40-3 and the administrator's IC card _40-4 which are simultaneously or sequentially mounted. And information such as an encryption pattern table and a key table. Therefore, IC card reader 32 first, the IC card of the IC card 40 _-3 and administrators of the attached user 40
_-4 , the cardholder ID, cardholder name, password, user flag,
Retrieve information to identify the owner, corresponding administrator and recipient users and administrators, such as the administrator flag and the IDs and names of the sender and recipient users and administrators. Output to the user / administrator transmitting / receiving side specifying unit 33.

In the user / administrator transmitting / receiving side specifying unit 33, the owner of the user's IC card _40-3 and the administrator's IC card _40-4 may be the proper user and administrator of the receiving device 30. If detected, the IC card reading unit 32 then displays the user's IC card _40-3 and the administrator's IC card.
From the card 40 _-4, respectively, reads out information such as division pattern table, the encryption pattern table and key table described above. Then, the read divided pattern table is output to the data integration unit 38, the encrypted pattern table and the key table are output to the decryption unit 36, and data necessary for setting data such as key information is output to the electronic signature unit 35.

The user / administrator transmitting / receiving side specifying unit 33
Card owner ID input from the C card reading unit 32,
The IC card _40-3 of the user and the administrator based on information such as the card holder's name, password, user flag, administrator flag, and the IDs and names of the users and managers on the transmitting and receiving sides. Is detected as to whether or not the worker who has mounted the IC card _40-4 of the receiving device 30 is an appropriate user and manager of the receiving device 30, and the detection result is
Notify the C card reading unit 32.

The dummy file removing unit 34 includes the receiving unit 31
, The control unit reads the hash value of the file name of the dummy file stored in the control file, and identifies the dummy file from each data file input from the receiving unit 31. After identifying the dummy file, the dummy file and the remaining divided file are decoded by the decoding unit 36.
Output to

The electronic signature unit 35 is the electronic signature unit 1 described above.
The digital signature data input from the decryption unit 36 is decrypted by sequentially performing the processing opposite to the processing in step 4, and the hash value of the combined file, the initial encryption key data, and the signature path data are extracted. Then, the hash value of the extracted combined file is output to the data integration unit 38, the initial encryption key data is output to the decryption unit 36, and the signature path data is output to the user / administrator transmission / reception side identification unit 33.

The decryption unit 36 includes the dummy file removal unit 3
4 to decode the dummy file and the divided file inputted. The decryption unit 36 first obtains a decryption key based on the hash value of the control file, and decrypts the dummy file using this to generate a temporary dummy file. Next, the decryption unit 36 extracts the initial value of the DES decryption key from the decrypted temporary dummy file, generates a DES decryption key based on this, and decrypts the divided file. The decoding unit 36 extracts the division pattern number from the decoded temporary dummy file,
8 is output. The decryption unit 36 combines the decrypted temporary dummy file and the contents of the control file to generate digital signature data, and outputs the digital signature data to the digital signature unit 35.

The dummy data removing unit 37 includes a decoding unit 36
The dummy data is removed from the input temporary divided file and output to the data integration unit 38.

The data integrating section 38 integrates the temporary divided files generated by the dummy data removing section 37 based on the divided pattern to generate one combined file.
Then, the generated one combined file is divided, and the original plurality of data files are restored. As described above, the receiving device 30 restores and outputs a plurality of original data files from the received data.

The transmitting device 10 and the receiving device 30
Is a general-purpose computer device such as a personal computer having one or two IC card drives and communication means capable of communicating with an arbitrary node via the transmission path 20. And receiving unit 3
1 to 1 are realized by installing software for realizing the function of each component of the data integration unit 38.

Next, the operation of the communication system 1 will be described.
I do. The plurality of data files to be transmitted are
When the sender is ready to send
Side user IC card 40_-1The sender administrator
Master IC card 40_-2Are attached to the transmission device 10, respectively.
In the transmitting device 10, first, the IC card reading unit 11
Is an IC card 40_-1And IC card 40_-2Of the owner of
Perform authentication. As a result, the IC card 40_-1, 40_-2of
If the owner is appropriate, then the user / administrator
The setting unit 52 determines the relationship between the transmitting side user and the transmitting side administrator.
To check. And the relationship between the user and the administrator
In this case, the IC card reading unit 51
Mode 40 _-1, 40_-2More configuration file, partial splitter
Table, encryption pattern table and encryption key table
And the electronic signature unit 14 and the data division unit 1
3 and to the encryption unit 17.

The plurality of input data files to be transmitted are first combined in the data dividing unit 13 into one file, and then divided into a plurality of temporary divided files different from the original data file. At this time, the division method is determined based on the selected specific division pattern in the division pattern table read from the two IC cards _40-1 and _40-2 . Next, a dummy file is added in the dummy file adding section 15, dummy data is added in the dummy data adding section 16, and each is encrypted in the encryption section 17. This encryption two IC card 40 _-1, the particular encryption scheme that is selected from the encryption pattern table read from 40 _-2, two IC card 40 _-1, than the read key table from 40 _-2 This is performed using the selected specific encryption key.

At this time, in the electronic signature unit 14, the hash value of the file name of the combined file, the initial encryption key number, and the I and
Digital signature data is created based on the information of D and name,
The created digital signature data is superimposed on the dummy file in the dummy file adding unit 15 together with the division pattern number and the initial value of the encryption processing. Then, each of the encrypted files and the control file is transmitted to the transmission path 2
0 to the receiving device 30.

In the receiving device 30, each file transmitted in the receiving unit 31 is received and stored in a storage device in the receiving device 30. Then, similarly to the transmitting apparatus 10, the user and the administrator on the receiving side can use the IC cards _40-3 and 40-3.
_-4 is attached to the receiving device 30, and when the authentication is obtained, the viewing process of the received file is started. That is, first, the dummy file is specified by the dummy file removing unit 34 from the information of the control file. The specified dummy file is decrypted by the decryption unit 36, and the superimposed electronic signature data, the division pattern number, and the initial value of the encryption processing are extracted. Next, the signature path, the initial encryption key number, and the hash value of the combined file are extracted from the extracted signature in the electronic signature unit 35, and the user / administrator transmission / reception side identification unit 33 uses the signature path to use the transmission / reception side. And administrators are identified.

Next, in the decrypting section 36, each received file is decrypted by the decryption key obtained by converting the initial value and the initial encryption key number extracted earlier, and the dummy data removing section 37 Dummy data is removed. Then, after the decrypted files are once combined into one combined file by the data integration unit 38, the files are divided into a plurality of original transmission target files, restored to the original plurality of data files, and received. Output from the device 30.

As described above, in the communication system 1 according to the present embodiment, the data files to be transmitted are integrated,
The data is divided, dummy data is added, a dummy file is added, and the encrypted data is transmitted. Therefore, the decryption is very difficult as compared with the case where the data is simply encrypted, and the data can be transferred in a more secure state. Further, processes such as encryption, decryption, and digital signature cannot be performed without using two IC cards of a user and a manager. Therefore, security can be improved as compared with the conventional method in which one user performs these processes with his / her own authority.

Note that the present invention is not limited to the present embodiment, and various suitable modifications are possible. For example, in the transmitting apparatus according to the above-described embodiment, the data dividing unit 13 combines a plurality of data files to be transmitted and then divides the data files, and transmits the plurality of files generated based on the combined data from the transmitting unit 18. ing. But,
The file thus divided is further transmitted to the transmission unit 1
Before sending in step 8, merge them into one file,
This may be transmitted. The integration method at that time may be simply combined in order, or may be integrated by shuffling by some method. Further, the integration unit for file integration may be arranged at a stage after the encryption unit or may be arranged at a stage before the encryption unit. In addition, the receiving device may be provided with a dividing unit for temporarily dividing the received file according to such a modification of the transmitting device. Of course, the number of the original transmission target file may be one, and in such a case, the subsequent division and integration of the file may be performed in the same manner as when there are a plurality of files.

Further, in the above-described embodiment, 2
Although the desired data communication is performed by performing appropriate encryption and decryption processing by using one IC card, a configuration using only one IC card may be used. Also, using three or more IC cards,
Approval of data communication may be performed. The form of the IC card may be any form such as a contact type, a close contact type, and a non-contact type. Further, the present invention is not limited to a so-called IC card, and an arbitrary storage medium or storage device such as a magnetic card may be used.

The order of processing such as data combination, data division, digital signature, dummy file addition, dummy data addition and encryption in the transmitting device, and dummy file removal, digital signature inspection, decryption,
The order of processing such as dummy data removal, data integration, and data division is not limited to the present embodiment,
It may be changed arbitrarily. Further, data relating to encryption and decryption stored in the IC card may be arbitrary data. In addition, the configurations of the transmitting device 10 and the receiving device 30 and the respective encryption schemes are not limited to the above-described embodiment, and may be arbitrarily changed.

[0054]

As described above, according to the present invention, it is possible to provide a data transmission device which can transmit desired data with higher security by making decryption more difficult. Further, it is possible to provide a data receiving device capable of receiving data with high security by receiving data transmitted with such high security and appropriately decoding the data. further,
It is possible to provide a communication device that can transmit and receive desired data with higher security, in which it is more difficult to decrypt the code.

[Brief description of the drawings]

FIG. 1 is a block diagram schematically illustrating an overall configuration of a communication system according to an embodiment of the present invention.

FIG. 2 is a block diagram showing a configuration of a transmitting device and a receiving device of the communication system shown in FIG. 1 in detail.

FIG. 3 is a diagram illustrating a state in which an IC card reading unit of the transmission device illustrated in FIG. 2 reads stored IDs and names of a user and an administrator on a transmitting / receiving side from an IC card; .

FIG. 4 is a diagram illustrating a state in which a stored division pattern table, an encryption pattern table, a key table, and control data are read from an IC card in an IC card reading unit of the transmission device illustrated in FIG. 2; It is.

FIG. 5 is a diagram illustrating a process of dividing a file to be transmitted based on a division pattern table read from an IC card in a data dividing unit of the transmission device illustrated in FIG. 2;

FIG. 6 is a diagram illustrating digital signature data generated by a digital signature unit of the transmission device illustrated in FIG. 2;

FIG. 7 is a diagram illustrating a process of adding a dummy file in a dummy file adding unit of the transmission device illustrated in FIG. 2;

FIG. 8 is a diagram illustrating a process of adding dummy data in a dummy data adding unit of the transmitting device illustrated in FIG. 2;

9 is a diagram illustrating a process of encrypting a file to be transmitted based on an encryption pattern table and a key table read from an IC card in an encryption unit of the transmission device illustrated in FIG. 2; .

[Explanation of symbols]

DESCRIPTION OF SYMBOLS 1 ... Communication system 10 ... Transmission device 11 ... IC card reading part 12 ... User / administrator transmission / reception side identification part 13 ... Data division part 14 ... Electronic signature part 15 ... Dummy file addition part 16 ... Dummy data addition part 17 ... Encryption Conversion unit 18 Transmission unit 20 Transmission path 30 Receiving device 31 Receiving unit 32 IC card reading unit 33 User / administrator transmitting / receiving side specifying unit 34 Dummy file removing unit 35 Digital signature unit 36 Decryption Unit 37: Dummy data removal unit 38: Data integration unit 40 _-1 to 40 _-4 ... IC card

 ──────────────────────────────────────────────────続 き Continued on the front page F term (reference) 5B017 AA03 BA07 CA16 5B082 GA11 HA05 5J104 AA01 AA09 AA16 EA02 EA04 LA05 NA02 NA35 NA37 PA07

Claims (13)

[Claims] 1. A storage device interface means for communicating with a storage device storing key data and arranged at a predetermined position and reading the key data; and a plurality of divided data files for dividing a data file to be transmitted. File encrypting means for selectively encrypting the generated plurality of divided data files using the key data; and the plurality of selectively encrypted divided data files. A data transmission device comprising: a transmission unit that transmits a data file. 2. The electronic apparatus according to claim 1, further comprising: an electronic signature unit configured to perform an electronic signature on the plurality of divided data files selectively encrypted using the read key data. The data transmitting apparatus according to claim 1, wherein the plurality of divided data files, which are signed and selectively encrypted, are transmitted. 3. The electronic signature unit uses the first key data read from the first storage device and the second key data read from the second storage device via the storage device interface unit. 3. The data transmitting apparatus according to claim 2, wherein the digital signature is performed by performing encryption in two steps. 4. The first storage device is a device substantially owned by a user of the data transmission device and stores the first key data based on the authority of the user. Is a device that is substantially owned by an administrator of the data transmission device and stores the second key data based on the authority of the administrator. The electronic signature unit includes an authority of the user. Performing the first encryption using the first key data based on the first key data, and performing the second encryption using the second key data based on the authority of the administrator. Item 4. The data transmission device according to item 3. 5. A file integrating means for integrating a plurality of data files to be transmitted into one data file, wherein said file dividing means divides said combined data file and said plurality of divided data files. The data transmission device according to claim 1, wherein the data transmission device generates a data file. 6. The apparatus according to claim 1, further comprising a second file integrating means for integrating a plurality of divided data files divided by said file dividing means, wherein said transmitting means converts the file integrated by said second file integrating means. The data transmitting device according to claim 1, wherein the data is transmitted. 7. A receiving means for receiving transmission data which is a data file to be transmitted divided and selectively encrypted and transmitted, and a storage device arranged at a predetermined position and storing key data. Communication with the storage device interface means for reading the key data, and the received selectively encrypted transmission data,
A data receiving unit comprising: a decrypting unit for selectively decrypting the read key data; and a file integrating unit for integrating the selectively decrypted data to generate an original data file to be transmitted. apparatus. 8. The transmission data is data that has been selectively encrypted and further digitally signed, and the received digitally signed transmission data is obtained by using the read key data. 8. The data receiving apparatus according to claim 7, further comprising electronic signature inspection means for inspecting the electronic signature, wherein the decryption means selectively decrypts the transmission data on which the electronic signature has been inspected. . 9. The electronic signature checking means uses third key data read from a third storage device and fourth key data read from a fourth storage device via the storage device interface means. 9. The data receiving apparatus according to claim 8, wherein the digital signature is inspected by performing decryption in two stages. 10. The third storage device is a device that is substantially owned by a user of the data receiving device and stores the third key data based on the authority of the user. Is a device that is substantially owned by an administrator of the data receiving device and stores the fourth key data based on the authority of the administrator. Inspection of the electronic signature by performing a first decryption using the fourth key data based on the authority and performing a second decryption using the third key data based on the authority of the user The data receiving apparatus according to claim 9, which performs the following. 11. The original data file to be transmitted is:
A file generated by combining a plurality of transmission target data files, wherein the original transmission target data file integrated by the file integration unit is divided to generate the plurality of transmission target data files. The data receiving device according to claim 7, further comprising a file dividing unit. 12. The transmission data received by the receiving means is data generated by further combining the divided data files to be transmitted, and a second file for dividing the received transmission data. The data receiving apparatus according to claim 7, further comprising a dividing unit, wherein the file integrating unit integrates the divided data to generate an original data file to be transmitted. 13. A portable storage medium interface means for communicating with a portable storage medium storing key data and arranged at a predetermined position and reading the key data; File dividing means for generating the divided data files, encryption means for selectively encrypting the plurality of generated divided data files using the key data, and wherein the selectively encrypted A data transmission device having a transmission unit for transmitting the plurality of divided data files; a reception unit for receiving transmission data in which a data file to be transmitted is divided and selectively encrypted and transmitted; A portable storage medium interface means for communicating with a portable storage medium in which key data is stored, and reading the key data; Selectively each encrypted transmitted the received data,
A data receiving unit comprising: a decrypting unit for selectively decrypting the read key data; and a file integrating unit for integrating the selectively decrypted data to generate an original data file to be transmitted. A communication system having a device.