JP2011172099A - Data transfer method, data transfer system, data transmitting apparatus, data management apparatus, data decrypting apparatus and computer program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To securely transfer data on a network. <P>SOLUTION: A data transfer method includes: a public key acquiring step in which a data transmitting apparatus 12 for transmitting data to a designated user acquires a public key corresponding to the user from a data management apparatus 13 that is a transmission destination of the data; a data transmitting step in which the data transmitting apparatus 12 transmits encryption completed data, which are encrypted data, and an encryption completed decryption key, which is a decryption key for decrypting the data and encrypted with the public key acquired in the public key acquiring step, to the data management apparatus 13; and a data preserving step in which the data management apparatus 13 preserves the encrypted data and the encrypted decryption key, which are transmitted in the data transmitting step, in a storage means, while associating them with the user. <P>COPYRIGHT: (C)2011,JPO&INPIT

Description

  The present invention relates to a data transfer method, a data transfer system, a data transmission device, a data management device, a data decoding device, and a computer program.

  Along with the expansion of the use of networks, techniques for securely transferring data over the network have been actively developed. For example, in Patent Document 1, a data transfer technique using a public key cryptosystem in which plaintext data is encrypted and transmitted using a public key on the transmission side, and decrypted using a private key on the reception side to extract plaintext data. Has been proposed.

JP 2007-259279 A

  By the way, in recent years, a system that stores data in a server device on a network that is shared by a plurality of users without storing data in a terminal device such as a PC, such as a cloud system, has been widely used. Yes. However, the technology for safely transferring data on the network is based on the premise that the data is stored in the terminal device, and is used as it is in a system that stores data in a server device on the network shared by a plurality of users. Could not be applied.

  For this reason, even in a system that stores data in a server device on a network shared by a plurality of users, there has been a strong demand for the realization of a technology that can safely transfer data on the network. The present invention has been made in view of the above, and provides a data transfer method, a data transfer system, a data transmission device, a data management device, a data decoding device, and a computer program capable of safely transferring data on a network. The purpose is to provide.

  In order to solve the above-described problems and achieve the object, the data transfer method according to the present invention is a data management device in which a data transmission device that transmits data to a specified user is a transmission destination of the data A public key acquisition step of acquiring a public key corresponding to the user from the key, a key generation step in which the data transmission device dynamically generates a key for encrypting the data, and the data transmission device, A data encryption step of encrypting the data using the key generated in the key generation step to generate encrypted data; and the data transmitting device for decrypting the data from the encrypted data A decryption key encryption step for encrypting a decryption key using the public key acquired in the public key acquisition step to generate an encrypted decryption key, and the data transmitting device, the encrypted data and the A data transmission step of transmitting an encrypted decryption key to the data management device, and the data management device corresponds to the user the encrypted data and the encrypted decryption key transmitted in the data transmission step And a data storage step for storing the data in the storage means.

  The data transfer system according to the present invention is a data transfer system including a data transmission device that transmits data addressed to a specified user, and a data management device that stores data addressed to the user, The data transmitting device encrypts data to be transmitted using a dynamically generated key to generate encrypted data, and a decryption key for decrypting the data from the encrypted data is designated An encryption unit that generates an encrypted decryption key by encrypting using a public key, the encrypted data, and the encryption by designating a public key corresponding to the user acquired from the data management device A control unit that transmits the encrypted decryption key generated by a unit to the data management device, wherein the data management device stores a public key in association with a user, and Encrypted data And a data storage unit that stores the encrypted decryption key in association with the user, and responds to the data transmission device with a public key corresponding to the specified user in response to a request from the data transmission device. A control unit that stores the encrypted data and the encrypted decryption key transmitted from the data transmission device in the data storage unit in association with a user designated by the data transmission device. It is characterized by.

  The data transmission apparatus according to the present invention is a data transmission apparatus that transmits data to a data management apparatus that stores data addressed to a user, and encrypts data to be transmitted using a dynamically generated key. Generating encrypted data, encrypting a decryption key for decrypting the data from the encrypted data using a specified public key, and generating an encrypted decryption key; and Sending the encrypted data and the encrypted decryption key generated by the encryption unit by specifying the public key corresponding to the user acquired from the data management device to the data management device And a control unit that stores the data in association with the user.

  The data management device according to the present invention is a data management device for storing data addressed to a user, a public key storage unit that stores a public key in association with the user, and a data management device that stores the data addressed to the user. Encrypted data, which is encrypted data transmitted from the data transmission device that is the transmission source, and a decryption key for decrypting the data, stored in the public key storage unit in association with the user A data storage unit that stores an encrypted decryption key that is a decryption key encrypted using a public key that is associated with the user, and is specified in response to a request from the data transmission device A public key corresponding to the user is responded to the data transmission device, and the encrypted data and the encrypted decryption key transmitted from the data transmission device are associated with the user designated by the data transmission device. Add the data Characterized in that it comprises a control unit to be stored in the part.

  The data decryption device according to the present invention is a data decryption device for decrypting encrypted data stored in a data management device for storing data addressed to a user, using a designated decryption key, A decryption unit for decrypting data from the encrypted data, encrypted data stored in the data management device, a decryption key for decrypting data from the encrypted data, and the user An encrypted decryption key which is a decryption key encrypted using a public key stored in the data management apparatus in association with the encrypted decryption key, and the obtained encrypted decryption key is used as the encrypted decryption key To the terminal of the user corresponding to the public key, causing the terminal to execute the process of decrypting the decryption key from the encrypted decryption key using the secret key corresponding to the public key, and specifying the decryption key The data decrypted by the decryption unit Characterized in that it comprises a control unit for transmitting to the serial terminal.

  A computer program according to the present invention causes a computer to function as one or more of the data transmission device, the data management device, and the data decoding device.

  The data transfer method, data transfer system, data transmission device, data management device, data decoding device, and computer program according to the present invention have the effect that data can be transferred safely over a network.

FIG. 1-1 is a diagram illustrating the configuration of the data transfer system according to the first embodiment. FIG. 1-2 is a diagram illustrating a configuration of a modified example of the data transfer system according to the first embodiment. FIG. 2 is a diagram illustrating an example of public key information. FIG. 3 is a diagram illustrating an example of data management information. FIG. 4 is a diagram illustrating a processing procedure of data transmission processing. FIG. 5 is a diagram illustrating a processing procedure of data acquisition processing. FIG. 6 is a diagram showing a processing procedure of data acquisition processing when the data decoding device is merged with the data management device. FIG. 7 is a diagram illustrating the configuration of the data transfer system according to the second embodiment. FIG. 8 is a diagram illustrating a processing procedure of data transmission processing. FIG. 9 is a diagram illustrating a processing procedure of data acquisition processing. FIG. 10 is a diagram showing a data transfer processing procedure triggered by a request from the user terminal side. FIG. 11 is a diagram illustrating another example of a data transfer processing procedure triggered by a request from the user terminal side. FIG. 12 is a functional block diagram illustrating a computer that executes a data management program.

  Hereinafter, embodiments of a data transfer method, a data transfer system, a data transmission device, a data management device, a data decoding device, and a computer program according to the present invention will be described in detail with reference to the drawings. Note that the present invention is not limited to the embodiments.

  First, the configuration of the data transfer system according to the present embodiment will be described with reference to FIG. As illustrated in FIG. 1A, the data transfer system according to the present embodiment includes a data holding device 11, a data transmission device 12, a data management device 13, a data decryption device 14, and a plurality of user terminals 15. including. The data transmission device 12, the data management device 13, and the data decoding device 14 are connected via the network 1. The data management device 13, the data decryption device 14, and the plurality of user terminals 15 are connected via the network 2. In FIG. 1-1, one data transmission device 12, one data management device 13, and one data decoding device 14 are shown, but the number of each device may be arbitrary.

  In the following description, it is assumed that the network 1 is a relatively insecure network such as the Internet, and the network 2 is a relatively insecure network such as a LAN. Note that such a network configuration is an example, and the network 1 and the network 2 may be the same network (for example, the Internet).

  Here, as described in other embodiments, information exchanged via a relatively insecure network such as the Internet is signed using a technology such as Apache XML Security in order to prevent tampering. It is preferable that it is provided. Further, although not particularly mentioned in the following examples, it is preferable that the exchange of information through a relatively insecure network such as the Internet is performed using a highly secure protocol such as https or ftp over SSL.

  The data holding device 11 holds data to be transferred. The data to be transferred may be data generated by the data holding device 11 or data transferred from another device to the data holding device 11 by some method.

  The data transmission device 12 is connected to the data holding device 11, and transmits the data to be transferred held by the data holding device 11 to the data management device 13. The data transmission device 12 includes a transfer control unit 121 that performs various controls for data transfer, and an encryption unit 122 that encrypts data in order to transmit data safely.

  The encryption unit 122 dynamically generates a key used for encryption and decryption of data to be transferred every time transmission of data to the data management device 13 becomes necessary, and uses the generated key to transfer the data to be transferred. Is encrypted. The encryption unit 122 acquires the public key of the user designated as the data transmission destination from the data management apparatus 13 via the transfer control unit 121, and decrypts the transfer target data from the encrypted data. The decryption key is encrypted using the public key and transmitted to the data management apparatus 13 together with the encrypted data.

  The connection between the data transmission device 12 and the data holding device 11 may be realized by a network such as a LAN or a WAN, or realized based on a standard for connecting an information processing device such as a fiber channel. It may be. In addition, the data transmission device 12 may be connected to a plurality of data holding devices 11, or the data transmission device 12 and the data holding device 11 may be integrally configured.

  The data management device 13 stores the data transmitted from the data transmission device 12 so that only a specific user can use it. The data transmitted from the data transmission device 12 includes the encrypted data body and the encrypted decryption key for decrypting the data from the encrypted data. The data management device 13 stores a transfer control unit 131 that performs various controls for data transfer, a U / I providing unit 132 that provides various screens for data transfer to a user, and various types of information. Storage unit 133.

  The U / I providing unit 132 generates a screen definition file of an operation screen for transferring data in, for example, an HTML format, and transmits the generated screen definition file to the user terminal 15 via the transfer control unit 131 to display the display unit. An operation screen is displayed on 152.

  The storage unit 133 is, for example, a hard disk device or a semiconductor storage device, and stores public key information 133a, data management information 133b, and data 133c that is data transmitted from the data transmission device 12.

  An example of the public key information 133a is shown in FIG. The public key information 133a is information that holds the public key of the user of the data management apparatus 13 for each user, and includes items such as a user ID and a public key as shown in FIG. The user ID is an identifier for identifying the user of the data management device 13. The public key is the public key of the user corresponding to the user ID. In the example shown in FIG. 2, the user's mail address is set as the user ID, but the value of the user ID is not limited to this and may be unique for each user.

  The public key held in the public key information 133a is one of the pair keys created for each user by a third party such as a certificate authority, and is, for example, packaged in a DER format certificate for data management The information is notified to the device 13 and stored in the public key information 133a in association with the user ID of the corresponding user. A secret key, which is the other key of the pair key created by a third party organization, is stored, for example, in an IC card or the like and sent to the corresponding user.

  An example of the data management information 133b is shown in FIG. The data management information 133b is information that holds the correspondence between the data 133c stored in the data management device 13 and the user, and includes items such as a user ID, a data ID, and a path name as shown in FIG. The user ID is an identifier for identifying the user of the data management apparatus 13, and corresponds to the user ID of the public key information 133a. The data ID is an identifier for identifying each of the data 133c. The path name indicates the storage location of data corresponding to the data ID.

  The data decryption device 14 decrypts the data from the encrypted data stored in the data management device 13 in accordance with the request from the user terminal 15 and transmits the decrypted data to the requesting user terminal 15. The data decryption apparatus 14 includes a transfer control unit 141 that performs various controls for data transfer, a U / I providing unit 142 that provides various screens for data decryption to a user, and data decryption. And a decoding unit 143 for executing.

  The U / I providing unit 142 generates a screen definition file of an operation screen for decoding data, for example, in an HTML format, and transmits the generated screen definition file to the user terminal 15 via the transfer control unit 141 to display the display unit. An operation screen is displayed on 152.

  When the decryption unit 143 is requested to decrypt the data, the decryption key decryption unit 154 is connected to the requesting user terminal 15 via the transfer control unit 141 while the decryption key for decrypting the data is still encrypted. And the user terminal 15 is caused to execute a process of decrypting the decryption key using the secret key from the encrypted decryption key. Then, the decrypted decryption key is received via the transfer control unit 141 and used for decrypting the data.

  The user terminal 15 is a terminal device operated by a user, and includes a storage unit 151, a display unit 152, an input unit 153, a decryption key decryption unit 154, and a control unit 155. The storage unit 151 is a device that stores various types of information, such as a hard disk device or a semiconductor storage device. The display unit 152 is a device that displays various types of information, for example, a liquid crystal display device. The input unit 153 is a device that receives user input, and is, for example, a keyboard.

  The decryption key decryption unit 154 is a device that decrypts encrypted information using a secret key, and is used to decrypt the decryption key from the encrypted decryption key. The decryption key decryption unit 154 stores an internal secret key created for each user by a third party such as a certificate authority, and decrypts and outputs the input information using the private key. It may be a device composed of a plurality of devices, such as a combination of a portable device such as a card and an input / output device that inputs and outputs information to the device.

  The control unit 155 is a control unit that totally controls the user terminal 15, and includes a transfer control unit 155a, a decoding control unit 155b, and a U / I control unit 155c. The transfer control unit 155a performs various controls for data transfer.

  The decryption control unit 155 b causes the decryption key decryption unit 154 to execute a process of decrypting the decryption key from the encrypted decryption key transmitted from the data decryption device 14. When the decryption key decryption unit 154 includes a portable device and an input / output device, the decryption control unit 155b is used so that the input / output device can perform input / output with respect to the portable device. The display unit 152 is also controlled to display a message requested by the user.

  The U / I control unit 155c displays an operation screen on the display unit 152 based on the screen definition file transmitted from the data management device 13 or the data decoding device 14, and inputs the displayed operation screen in the input unit 153. The transferred information is notified to the transfer control unit 155a to execute processing corresponding to the input.

  Next, a processing procedure of data transmission processing in the data transfer system according to the present embodiment will be described with reference to FIG. As shown in FIG. 4, when data F needs to be transmitted to a certain user, the data holding device 11 requests the data transmitting device 12 to transmit the data F by specifying the user ID of the user. (Step S101). Upon receiving a request from the data holding device 11, the transfer control unit 121 of the data transmission device 12 transmits the specified user ID to the data management device 13, and requests transmission of the public key KP corresponding to the user ID. (Step S102).

  When receiving the request from the data transmission device 12, the transfer control unit 131 of the data management device 13 searches the public key information 133a of the storage unit 133 for the public key KP corresponding to the user ID (step S103). When the public key KP corresponding to the user ID is found (step S104), the transfer control unit 131 returns the found public key KP to the data transmission device 12 (step S105). The public key KP returned to the data transmission device 12 is notified from the transfer control unit 121 to the encryption unit 122 (step S106).

  The transfer control unit 121 of the data transmission device 12 requests the data management device 13 to transmit the public key KP, while requesting the encryption unit 122 to encrypt the data F (step S107). When the encryption of the data F is requested, the encryption unit 122 decrypts the data F from the encryption key Ke for encrypting the data F and the data F encrypted with the encryption key Ke. A decryption key Kd is generated (step S108).

  Here, the data F may be encrypted using either a common key encryption method or a public key encryption method. When the common key cryptosystem is used, the encryption key Ke and the decryption key Kd are the same. When the public key cryptosystem is used, the encryption key Ke is a public key, and the decryption key Kd is a secret key corresponding to the encryption key Ke.

  The encryption unit 122 encrypts the data F using the generated encryption key Ke, and generates Ke (F) that is the encrypted data F (step S109). Also, the encryption unit 122 encrypts the decryption key Kd using the public key KP notified from the transfer control unit 121, and generates KP (Kd) that is the encrypted decryption key Kd (step S110). . The encryption unit 122 notifies the transfer control unit 121 of the generated Ke (F) and KP (Kd) (step S111).

  The transfer control unit 121 transmits Ke (F) and KP (Kd) notified from the encryption unit 122 to the data management device 13 and requests storage (step S112). The transfer control unit 131 of the data management device 13 stores Ke (F) and KP (Kd) requested to be stored in the storage unit 133 as data 133c. Then, the transfer control unit 131 generates a data ID corresponding to the stored Ke (F) and KP (Kd), and records the data ID in the data management information 133b in association with the user ID included in the request received in step S102. (Step S113).

  The data F transferred to the data management device 13 in this way cannot be known unless the decryption key Kd is decrypted from KP (Kd) using the secret key Kp corresponding to the public key KP. The secret key Kp is not stored in the data holding device 11, the data transmission device 12, and the data management device 13. For this reason, the transferred data F is safely stored in the data management device 13.

  Next, a processing procedure of data acquisition processing, which is processing for decrypting data from encrypted data stored in the data management device 13 and transferring the data to the user terminal 15, will be described with reference to FIG. As shown in FIG. 5, when certain data is required in the user terminal 15, the transfer control unit 155a of the user terminal 15 designates the data ID of the data and issues a data acquisition request for requesting data acquisition. It transmits to the data decoding apparatus 14 (step S201). The data ID specified here is obtained, for example, as a result of the user of the user terminal 15 searching for desired data using a search screen provided by the U / I providing unit 132 of the data management device 13.

  When receiving the request from the user terminal 15, the transfer control unit 141 of the data decoding device 14 transmits the designated data ID to the data management device 13 and requests transmission of data corresponding to the data ID ( Step S202).

  When receiving the request from the data decryption device 14, the transfer control unit 131 of the data management device 13 searches the data management information 133b of the storage unit 133 for the path name of the data corresponding to the data ID (step S203). When the path name corresponding to the data ID is found, the transfer control unit 131 encrypts the data F encrypted with the encryption key Ke from the storage position indicated by the path name Ke (F) and the public key KP. KP (Kd), which is the decrypted decryption key Kd, is acquired (step S204).

  The transfer control unit 131 returns the acquired Ke (F) and KP (Kd) to the data decoding device 14 (step S205). Ke (F) and KP (Kd) responded to the data decryption device 14 are notified from the transfer control unit 141 to the decryption unit 143 (step S206). The decryption unit 143 transmits KP (Kd) to the user terminal 15 via the transfer control unit 141, and requests to decrypt the decryption key Kd from KP (Kd) (steps S207 and S208).

  When the transfer control unit 155a of the user terminal 15 receives the request from the data decoding device 14, the transfer control unit 155a notifies the decoding control unit 155b of KP (Kd) (step S209). Then, the decryption control unit 155b causes the decryption key decryption unit 154 to execute a process of decrypting the decryption key Kd from KP (Kd) using the secret key Kp (step S210).

  The decryption key decryption unit 154 passed with KP (Kd) decrypts the decryption key Kd from KP (Kd) using the private key Kp held by itself, and returns the decrypted decryption key Kd to the decryption control unit 155b. .

  The decrypted decryption key Kd is notified from the decryption control unit 155b to the transfer control unit 155a (step S211), and the transfer control unit 155a returns the notified decryption key Kd to the data decryption device 14 (step S212). The transfer control unit 141 of the data decryption apparatus 14 notifies the decryption unit 143 of the returned decryption key Kd (step S213).

  The decryption unit 143 decrypts the data F from Ke (F) using the notified decryption key Kd (step S214). The decryption unit 143 notifies the transfer control unit 141 of the decrypted data F (step S215), and the transfer control unit 141 transmits the notified data F to the user terminal 15 as a response to the data acquisition request (step S216). ). The transfer control unit 155a of the user terminal 15 stores the response data F in the storage unit 151 (step S217).

  The data decryption device 14 receives the decryption key Kd returned from the user terminal 15, the encrypted data F Ke (F), and the data F decrypted by the decryption unit 143. The data F may be deleted after being transmitted to 15, or one or all of these may be stored without being deleted. Further, in accordance with an instruction included in the request transmitted by the user terminal 15 in step S201, the data decryption apparatus 14 may determine whether to delete or store them.

  By such a processing procedure, the data F is transferred to the user terminal 15 in a decrypted state. In this processing procedure, the decryption key Kd generated for each transferred data flows on the network, but the secret key Kp necessary for decrypting the data stored in the data management device 13 does not flow on the network. Absent. For this reason, the safety of the data stored in the data management device 13 is maintained.

  Note that the components of various devices included in the data transfer system shown in FIG. 1-1 can be separated or merged as appropriate. For example, the data management device 13 can be separated into a device that realizes the function of the transfer control unit 131, a device that realizes the function of the U / I providing unit 132, and a device that realizes the function of the storage unit 133. . Further, the data decoding device 14 can be merged with the data management device 13 or the user terminal 15. When the data decryption device 14 is merged with the data management device 13, the data management device 13 further includes a decryption unit 143 as shown in FIG. 1-2, and provides the U / I with the transfer control unit 131 of the data management device 13. The units 132 also serve as the functions of the transfer control unit 141 and the U / I providing unit 142, respectively.

  FIG. 6 shows a processing procedure of data acquisition processing when the data decoding device 14 is merged with the data management device 13. As shown in FIG. 6, when certain data is required in the user terminal 15, the transfer control unit 155a of the user terminal 15 sends a data acquisition request for requesting data acquisition by specifying the data ID of the data. It transmits to the management apparatus 13 (step S301).

  When receiving the request from the user terminal 15, the transfer control unit 131 of the data management device 13 searches the data management information 133b of the storage unit 133 for the path name of the data corresponding to the data ID (step S302). When the path name corresponding to the data ID is found, the transfer control unit 131 encrypts the data F encrypted with the encryption key Ke from the storage position indicated by the path name Ke (F) and the public key KP. KP (Kd), which is the decrypted decryption key Kd, is acquired (step S303).

  The transfer control unit 131 notifies the obtained Ke (F) and KP (Kd) to the decoding unit 143 (step S304). The decryption unit 143 transmits KP (Kd) to the user terminal 15 via the transfer control unit 131, and requests to decrypt the decryption key Kd from KP (Kd) (steps S305 and S306).

  When the transfer control unit 155a of the user terminal 15 receives the request from the data management device 13, the transfer control unit 155a notifies the decryption control unit 155b of KP (Kd) (step S307). Then, the decryption control unit 155b causes the decryption key decryption unit 154 to execute a process of decrypting the decryption key Kd from the acquired KP (Kd) (step S308).

  The decryption key decryption unit 154 passed with KP (Kd) decrypts the decryption key Kd from KP (Kd) using the private key Kp held by itself, and returns the decrypted decryption key Kd to the decryption control unit 155b. .

  The decrypted decryption key Kd is notified from the decryption control unit 155b to the transfer control unit 155a (step S309), and the transfer control unit 155a returns the notified decryption key Kd to the data management device 13 (step S310). The transfer control unit 131 of the data management device 13 notifies the decryption unit 143 of the returned decryption key Kd (step S311).

  The decryption unit 143 decrypts the data F from Ke (F) using the notified decryption key Kd (step S312). The decryption unit 143 notifies the transfer control unit 131 of the decrypted data F (step S313), and the transfer control unit 131 transmits the notified data F to the user terminal 15 as a response to the data acquisition request (step S314). ). The transfer control unit 155a of the user terminal 15 stores the response data F in the storage unit 151 (step S315).

  The data management device 13 uses the decryption key Kd returned from the user terminal 15, the encrypted data F Ke (F), and the data F decrypted by the decryption unit 143 as the user terminal. The data F may be deleted after being transmitted to 15, or one or all of these may be stored without being deleted. Further, in accordance with an instruction included in the request transmitted by the user terminal 15 in step S301, the data management apparatus 13 may determine whether to delete or store these.

  In the present embodiment, an example is shown in which a signature is added to transferred data in order to suppress falsification of transferred data. In the following description, parts that are the same as the parts that have already been described are assigned the same reference numerals as those already described, and redundant descriptions are omitted.

  First, the configuration of the data transfer system according to the present embodiment will be described with reference to FIG. As shown in FIG. 7, the data transfer system according to this embodiment includes a data holding device 11, a data transmission device 22, a data management device 13, a data decryption device 24, a plurality of user terminals 15, and an authentication. Station 26. The data transmission device 22, the data management device 13, the data decryption device 24, and the certificate authority 26 are connected via the network 1. The data management device 13, the data decryption device 24, and the plurality of user terminals 15 are connected via the network 2. In FIG. 7, one data transmission device 22, one data management device 13, and one data decoding device 24 are illustrated, but the number of each device may be arbitrary.

  The certificate authority 26 is used for signature verification. In this embodiment, a specific signature scheme is not specified.

  The data transmission device 22 is connected to the data holding device 11 and transmits the data to be transferred held by the data holding device 11 to the data management device 13. The data transmission device 22 includes a transfer control unit 121 that performs various controls for data transfer, and an encryption unit 222 that encrypts data in order to transmit data safely. The encryption unit 222 has the same function as the encryption unit 122 described in the first embodiment, except that a signature is added to data in order to prevent data from being falsified.

  The data decryption device 24 decrypts the data from the encrypted data stored in the data management device 13 in accordance with the request from the user terminal 15 and transmits the decrypted data to the requesting user terminal 15. The data decoding device 24 includes a transfer control unit 141 that performs various controls for data transfer, a U / I providing unit 142 that provides various screens for data decoding to a user, and data decoding. And a decrypting unit 243 for executing. The decryption unit 243 is the same as the decryption unit 143 described in the first embodiment except that the originality is confirmed by verifying the data using a signature attached to the data in order to confirm whether the data has been tampered with. It has the same function.

  Next, a processing procedure of data transmission processing in the data transfer system according to the present embodiment will be described with reference to FIG. As shown in FIG. 8, when data F needs to be transmitted to a certain user, the data holding device 11 requests the data transmitting device 22 to transmit the data F by designating the user ID of the user. (Step S401). When receiving the request from the data holding device 11, the transfer control unit 121 of the data transmission device 22 transmits the specified user ID to the data management device 13 and requests transmission of the public key KP corresponding to the user ID. (Step S402).

  When receiving the request from the data transmission device 22, the transfer control unit 131 of the data management device 13 searches the public key information 133a of the storage unit 133 for the public key KP corresponding to the user ID (step S403). When the public key KP corresponding to the user ID is found (step S404), the transfer control unit 131 responds to the data transmission device 22 with the found public key KP (step S405). The public key KP returned to the data transmission device 22 is notified from the transfer control unit 121 to the encryption unit 222 (step S406).

  The transfer control unit 121 of the data transmission device 22 requests the data management device 13 to transmit the public key KP, while requesting the encryption unit 222 to encrypt the data F (step S407). When requested to encrypt the data F, the encryption unit 222 decrypts the data F from the encryption key Ke for encrypting the data F and the data F encrypted with the encryption key Ke. A decryption key Kd is generated (step S408).

  Here, the data F may be encrypted using either a common key encryption method or a public key encryption method. When the common key cryptosystem is used, the encryption key Ke and the decryption key Kd are the same. When the public key cryptosystem is used, the encryption key Ke is a public key, and the decryption key Kd is a secret key corresponding to the encryption key Ke.

  The encryption unit 222 adds a signature S (F) to the data F using a pre-assigned secret key (step S409). The public key corresponding to the secret key assigned to the encryption unit 222 is disclosed to the data decryption device 24 by an electronic certificate or the like. Then, the encryption unit 222 encrypts F, S (F) to which the signature is given using the encryption key Ke, and obtains Ke (F, S (F)) that is the encrypted signed data F. Generate (step S410). In addition, the encryption unit 222 encrypts the decryption key Kd using the public key KP notified from the transfer control unit 121, and generates KP (Kd) that is the encrypted decryption key Kd (step S411). . The encryption unit 222 notifies the transfer control unit 121 of the generated Ke (F, S (F)) and KP (Kd) (step S412).

  The transfer control unit 121 transmits Ke (F, S (F)) and KP (Kd) notified from the encryption unit 222 to the data management device 13 and requests storage (step S413). The transfer control unit 131 of the data management device 13 stores Ke (F, S (F)) and KP (Kd) requested to be stored in the storage unit 133 as data 133c. Then, the transfer control unit 131 generates a data ID corresponding to the stored Ke (F, S (F)) and KP (Kd), and associates the data with the user ID included in the request received in step S402. It records in the management information 133b (step S414).

  Next, a processing procedure of a data acquisition process that is a process of decrypting data from encrypted data stored in the data management device 13 and transferring the data to the user terminal 15 will be described with reference to FIG. As shown in FIG. 9, when certain data is needed in the user terminal 15, the transfer control unit 155a of the user terminal 15 designates the data ID of the data and issues a data acquisition request for requesting data acquisition. The data is transmitted to the data decoding device 24 (step S501).

  When receiving the request from the user terminal 15, the transfer control unit 141 of the data decoding device 24 transmits the specified data ID to the data management device 13 and requests transmission of data corresponding to the data ID ( Step S502).

  When receiving the request from the data decryption device 24, the transfer control unit 131 of the data management device 13 searches the data management information 133b of the storage unit 133 for the path name of the data corresponding to the data ID (step S503). When the path name corresponding to the data ID is found, the transfer control unit 131 uses Ke (F, S (F)), which is the signed data F encrypted with the encryption key Ke from the storage position indicated by the path name. Then, KP (Kd), which is the decryption key Kd encrypted with the public key KP, is acquired (step S504).

  The transfer control unit 131 returns the acquired Ke (F, S (F)) and KP (Kd) to the data decoding device 24 (step S505). The Ke (F, S (F)) and KP (Kd) responded to the data decryption device 24 are notified from the transfer control unit 141 to the decryption unit 243 (step S506). The decryption unit 243 transmits KP (Kd) to the user terminal 15 via the transfer control unit 141, and requests to decrypt the decryption key Kd from KP (Kd) (steps S507 and S508).

  When receiving the request from the data decoding device 24, the transfer control unit 155a of the user terminal 15 notifies the decoding control unit 155b of KP (Kd) (step S509). Then, the decryption control unit 155b causes the decryption key decryption unit 154 to execute a process of decrypting the decryption key Kd from the acquired KP (Kd) (step S510).

  The decryption key decryption unit 154 passed with KP (Kd) decrypts the decryption key Kd from KP (Kd) using the private key Kp held by itself, and returns the decrypted decryption key Kd to the decryption control unit 155b. .

  The decrypted decryption key Kd is notified from the decryption control unit 155b to the transfer control unit 155a (step S511), and the transfer control unit 155a responds the notified decryption key Kd to the data decryption device 24 (step S512). The transfer control unit 141 of the data decryption device 24 notifies the decryption unit 243 of the returned decryption key Kd (step S513).

  The decryption unit 243 decrypts F, S (F), which is data F with a signature, from Ke (F, S (F)) using the notified decryption key Kd (step S514). Then, the decryption unit 243 separates the data F and the signature S (F), and verifies the data F with the signature S (F) (step S515). The decryption unit 243 notifies the transfer control unit 141 of the decrypted data F and the signature verification result R (step S516), and the transfer control unit 141 uses the notified data F and the signature verification result R as a response to the data acquisition request. It transmits to the user terminal 15 (step S517).

  The transfer control unit 155a of the user terminal 15 stores the returned data F and the signature verification result R in the storage unit 151 (step S518).

  Note that the data decryption device 24 decrypts the decryption key Kd returned from the user terminal 15, Ke (F, S (F)) that is the encrypted signed data F, and the decryption unit 143. The data F may be deleted after the data F is transmitted to the user terminal 15, or one or all of these may be stored without being deleted. Further, in accordance with an instruction included in the request transmitted by the user terminal 15 in step S501, the data decryption device 24 may determine whether to delete or store them.

  As described above, in this embodiment, since the signature is given to the transferred data, even if the data is falsified on the transfer path, the decryption unit 243 detects it and the falsified. Can alert the operator, receiver, or sender of the device. In this way, falsification of data can be suppressed.

  In this embodiment, an example in which data transfer is executed in response to a request from the user terminal 15 side is shown. The configuration of the data transfer system according to the present embodiment may be the same as either the configuration of the data transfer system shown in the first embodiment or the configuration of the data transfer system shown in the second embodiment. In the following description, the configuration of the data transfer system according to the present embodiment is assumed to be the same as the configuration of the data transfer system shown in the second embodiment.

  With reference to FIG. 10, a processing procedure for transferring data from the data holding device 11 to the data management device 13 in response to a request from the user terminal 15 will be described. As shown in FIG. 10, the user terminal 15 designates data to be acquired, and requests the data management apparatus 13 to acquire data (step S601).

  When receiving a request from the user terminal 15, the data management device 13 generates a request Q for requesting transfer of designated data (step S602), and adds a signature S (Q) to the request Q (step S603). ). Then, the data management device 13 transmits Q, S (Q), which is a request Q with a signature, to the data transmission device 22 (step S604).

  Upon receiving Q and S (Q), the data transmitting apparatus 22 separates the request Q and the signature S (Q), and verifies the request Q with the signature S (Q) (step S605). If the verification fails, the data transmission device 22 ends the data transfer process. If the verification is successful, the data transmission device 22 transmits the request Q to the data holding device 11 (step S606). Thereafter, the data transmission process shown in FIG. 8 is executed, and the data requested by the request Q is transferred from the data holding device 11 to the data management device 13 and stored in the data management device 13 (step S607). .

  Transfer of data from the data management device 13 to the user terminal 15 is appropriately executed according to the processing procedure shown in FIG.

  When the data decryption device 24 is integrated with the data management device 13, as shown in FIG. 11, the processing procedure until data is transferred to the user terminal 15 can be executed as a series of procedures. . Steps S601 to S607 are the same as those in FIG. 10, and therefore, steps S608 and after will be described.

  When the data transmission process is completed, the data management device 13 responds to the data transmission device 22 with the data ID assigned to the stored data (step S608). The response is preferably given a signature. The data transmitting device 22 generates a response rs including the responded data ID (step S609), adds a signature S (rs) to rs (step S610), and transmits it to the data management device 13 (step S611). .

  Upon receiving rs, S (rs), the data management device 13 separates the response rs and the signature S (rs), and verifies the response rs with the signature S (rs) (step S612). If the verification fails, the data management apparatus 13 ends the data transfer process. If the verification is successful, the data management apparatus 13 executes step S302 and subsequent steps of the data acquisition process shown in FIG. 6 and transmits the data to the user terminal 15 (step S613).

  The functions of the various apparatuses shown in FIGS. 1-1 and 7 can also be realized by causing a computer to execute pre-programmed software (computer program). An example of a computer that executes a data management program 1071 in which the function of the data management device 13 is implemented as software is shown below. Note that such software is not limited to any one of the various devices shown in FIGS. 1-1 and 7, and the functions of a plurality of devices can be realized by a computer. For example, one software can cause one computer to function as the data management device 13 and the data decoding device 14.

  FIG. 12 is a functional block diagram showing a computer 1000 that executes the data management program 1071. The computer 1000 includes a CPU (Central Processing Unit) 1010 that executes various arithmetic processes, an input device 1020 that receives input of data from a user, a monitor 1030 that displays various information, and a medium that reads a program from a recording medium. A bus 1080 includes a reading device 1040, a network interface device 1050 that exchanges data with other computers via a network, a RAM (Random Access Memory) 1060 that temporarily stores various information, and a hard disk device 1070. Connected and configured.

  The hard disk device 1070 includes a data management program 1071 having the same functions as those of the transfer control unit 131 and the U / I providing unit 132 illustrated in FIG. 1-1, and public key information 133a illustrated in FIG. Data management information 133b and data 133c are stored. The public key information 133a, the data management information 133b, and the data 133c can be appropriately distributed and stored in another computer connected via a network.

  Then, the CPU 1010 reads the data management program 1071 from the hard disk device 1070 and develops it in the RAM 1060, whereby the data management program 1071 functions as the data management process 1061. The data management process 1061 expands the information read from the hard disk device 1070 and the network interface device 1050 in the area allocated to itself on the RAM 1060 as appropriate, and executes various data processing based on the expanded data and the like. .

  Note that the data management program 1071 does not necessarily have to be stored in the hard disk device 1070, and the computer 1000 may read and execute this program stored in a storage medium such as a CD-ROM. . The computer 1000 stores the program in another computer (or server) connected to the computer 1000 via a public line, the Internet, a LAN (Local Area Network), a WAN (Wide Area Network), or the like. You may make it read and run a program from these.

DESCRIPTION OF SYMBOLS 1, 2 Network 11 Data holding apparatus 12, 22 Data transmission apparatus 121 Transfer control part 122, 222 Encryption part 13 Data management apparatus 131 Transfer control part 132 U / I provision part 133 Storage part 133a Public key information 133b Data management information 133c Data 14, 24 Data decryption device 141 Transfer control unit 142 U / I providing unit 143, 243 Decryption unit 15 User terminal 151 Storage unit 152 Display unit 153 Input unit 154 Decryption key decryption unit 155 Control unit 155a Transfer control unit 155b Decryption control Unit 155c U / I control unit 26 Certificate authority 1000 Computer 1010 CPU
1020 Input device 1030 Monitor 1040 Medium reader 1050 Network interface device 1060 RAM
1061 Data management process 1070 Hard disk device 1071 Data management program 1080 Bus

Claims (10)

A data transmission device that transmits data addressed to a specified user, a public key acquisition step of acquiring a public key corresponding to the user from a data management device that is a transmission destination of the data;
A key generating step in which the data transmitting device dynamically generates a key for encrypting the data;
A data encryption step in which the data transmitting device encrypts the data using the key generated in the key generation step to generate encrypted data;
Decryption in which the data transmitting device encrypts a decryption key for decrypting the data from the encrypted data using the public key acquired in the public key acquisition step, and generates an encrypted decryption key A key encryption process;
A data transmission step in which the data transmission device transmits the encrypted data and the encrypted decryption key to the data management device;
The data management device includes a data storage step of storing the encrypted data and the encrypted decryption key transmitted in the data transmission step in a storage unit in association with the user. Transfer method. An encrypted data acquisition step in which the data decryption apparatus obtains encrypted data and an encrypted decryption key stored in the storage means of the data management apparatus;
The data decryption device transmits the encrypted decryption key acquired in the encrypted data acquisition step to the user terminal;
A decryption key decryption step in which the terminal decrypts the decryption key from the encrypted decryption key using a secret key corresponding to the public key;
A data decryption step in which the data decryption device decrypts the data from the encrypted data using the decryption key decrypted in the decryption key decryption step;
The data transfer method according to claim 1, further comprising: a data acquisition step in which the terminal acquires the data decoded in the data decoding step from the data decoding device. The data transmitting device generates the encrypted data by encrypting the data to which a signature is attached in the data encryption step,
In the data decryption step, the data decryption device decrypts the signed data from the encrypted data using the decryption key, and verifies the data using a signature attached to the data. Confirm the originality of the data,
The data transfer method according to claim 2, wherein the terminal acquires both an originality confirmation result by the data decoding device and decoded data. A data transfer system including a data transmission device that transmits data addressed to a specified user, and a data management device that stores data addressed to the user,
The data transmission device includes:
Encrypt the data to be transmitted using the dynamically generated key to generate encrypted data, and encrypt the decryption key for decrypting the data from the encrypted data using the specified public key An encryption unit for generating an encrypted decryption key by
Control for transmitting the encrypted data and the encrypted decryption key generated by the encryption unit by designating a public key corresponding to the user acquired from the data management device to the data management device With
The data management device includes:
A public key storage unit for storing the public key in association with the user;
A data storage unit for storing the encrypted data and the encrypted decryption key in association with a user;
In response to a request from the data transmission device, the public key corresponding to the designated user is responded to the data transmission device, the encrypted data transmitted from the data transmission device, and the encrypted decryption key, And a control unit that stores the data in the data storage unit in association with a user designated by the data transmission device. A data decoding device;
The data decoding device comprises:
A decryption unit that decrypts the data from the encrypted data using a designated decryption key;
The encrypted data stored in the data storage unit of the data management device and the encrypted decryption key are obtained, and the obtained encrypted decryption key is obtained by the user corresponding to the encrypted decryption key. Sending to the terminal, causing the terminal to execute a process of decrypting the decryption key from the encrypted decryption key using a secret key corresponding to the public key, specifying the decryption key, and decrypting to the decryption unit The data transfer system according to claim 4, further comprising a control unit that transmits the processed data to the terminal. The encryption unit of the data transmission device generates the encrypted data by encrypting the data to which a signature is attached,
The decryption unit of the data decryption device decrypts the signed data from the encrypted data using a designated decryption key, and verifies the data using a signature attached to the data Confirm the originality of the data,
The data transfer system according to claim 5, wherein the control unit of the data decoding device transmits a verification result by the decoding unit to the terminal together with the decoded data. A data transmission device that transmits data to a data management device that stores data addressed to a user,
Encrypt the data to be transmitted using the dynamically generated key to generate encrypted data, and encrypt the decryption key for decrypting the data from the encrypted data using the specified public key An encryption unit for generating an encrypted decryption key by
The encrypted data and the encrypted decryption key generated by the encryption unit by designating the public key corresponding to the user acquired from the data management device are transmitted to the data management device. A data transmission device comprising: a control unit that stores the user in association with the user. A data management device for storing data addressed to users,
A public key storage unit for storing the public key in association with the user;
Encrypted data that is encrypted data transmitted from the data transmission device that is the transmission source of the data addressed to the user, and a decryption key for decrypting the data, in association with the user A data storage unit that stores an encrypted decryption key, which is a decryption key encrypted using a public key stored in the public key storage unit, in association with the user;
In response to a request from the data transmission device, the public key corresponding to the designated user is responded to the data transmission device, the encrypted data transmitted from the data transmission device, and the encrypted decryption key, And a control unit that stores the data in the data storage unit in association with a user designated by the data transmission device. A data decryption device for decrypting encrypted data stored in a data management device for storing data addressed to a user,
Using a designated decryption key, a decryption unit for decrypting data from the encrypted data;
Encrypted data stored in the data management device, and a decryption key for decrypting the data from the encrypted data and stored in the data management device in association with the user And an encrypted decryption key that is an encrypted decryption key is transmitted to the terminal of the user corresponding to the encrypted decryption key, and the public Using the secret key corresponding to the key, the terminal executes the process of decrypting the decryption key from the encrypted decryption key, and transmits the data decrypted by the decryption unit by designating the decryption key A data decoding device comprising: a control unit that performs:   A computer program that causes a computer to function as any one of the data transmission device according to claim 7, the data management device according to claim 8, or the data decoding device according to claim 9.

Images