JP2012212294A - Storage medium management system, storage medium management method, and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To surely prevent information leakage even when a storage medium is lost or stolen, without degrading convenience of the storage medium.SOLUTION: When a USB memory 2 is instructed to move or copy a file (S12), a PC 5 accesses a server 6 (S13). Also, when a test PIN is input, the PC 5 transmits the test PIN to an IC card 3 (S15), and the IC card 3 performs authentication of a PIN44 (S16) and transmits a user identification number 42 and authentication data (response) to the server 6 via the PC 5 (S18 and S19). The server 6 authenticates the IC card 3 (S20), verifies use propriety (S21), generates an encryption key material (S22), and transmits the encryption material to the IC card 3 via the PC 5 (S25). The IC card 3 generates an encryption key based on an encryption master key 41 and the encryption key material (S26), and transmits the encryption key to the PC 5 (S27). The PC 5 encrypts a file by using the encryption key (S28) and destroys the encryption key (S29).

Description

  The present invention relates to a storage medium management system for managing a portable storage medium. In particular, the present invention relates to a storage medium management system for preventing leakage of information stored in a storage medium even if the storage medium is lost or stolen.

  In recent years, in companies and the like, information leakage such as trade secrets and personal information has become a problem. In particular, information leakage often occurs due to loss or theft of portable storage media.

  For example, a USB (Universal Serial Bus) memory is easily used as a file exchanging means because it has a large capacity and is inexpensive. In many cases, the USB memory is used as a simple data backup means. When the USB memory is normally used as a file exchanging means or a data backup means, important data related to business (such as trade secrets and personal information) is always stored in the USB memory. In such a case, information leakage immediately occurs due to loss or theft of the USB memory.

  Therefore, many products having a function of encrypting the flash memory in the USB memory are commercially available in preparation for loss or theft of the USB memory. In most of such products, even if the USB memory is attached to the computer, the data stored in the flash memory remains encrypted unless a regular password is input.

However, the password protection alone has the following problems.
First, when a third party obtains a USB memory, the password may be decrypted by a password decrypting technique called “brute force attack”. When the password is decrypted, the data stored in the USB memory is decrypted by the third party inputting the password.
In addition, when an application program for realizing the encryption function is stored in a non-encrypted storage area of the USB memory, if the encryption key used for encryption is hard-coded in the application program, the application program There is a risk that the encryption key is decrypted by the attack. When the encryption key is decrypted, data stored in the USB memory is decrypted by a third party executing the decryption program using the encryption key.
Even if an application program for realizing the encryption function is stored in the hard disk of the computer, if the computer and the USB memory are lost or stolen together, the encryption key is decrypted in the same manner as described above. There is a risk.

  With respect to these problems, Patent Document 1 discloses a system in which a check is always performed via a decryption server when the USB memory is taken out or decrypted. According to the technique described in Patent Document 1, the decryption server checks the person who takes out the USB memory, the network location (host name, IP address, etc.) of the computer on which the USB memory is installed, and the time limit. . As a result, when the USB memory is lost or stolen, it is possible to prevent a third party from decrypting data stored in the USB memory to some extent.

JP 2009-169821 A

However, the technique described in Patent Document 1 cannot reliably prevent information leakage in the sense that personal authentication data and a decryption password flow on the network.
Further, when the self-decoding program is stored in a storage medium such as a USB memory, it cannot be said that information leakage can be surely prevented in the sense that there is a risk of being attacked by the self-decoding program.
Furthermore, the convenience is low in the sense that the network location and time limit of the computer is limited.

  The present invention has been made in view of the above-described problems, and its purpose is to reliably prevent information leakage even if a storage medium is lost or stolen without impairing convenience. It is to provide a storage medium management system that can be used.

In order to achieve the above-described object, a first invention includes a portable storage medium, an authentication device having tamper resistance, a terminal capable of transmitting and receiving data to and from the storage medium, the authentication device, and the terminal and a network. And a server that manages the storage medium, and the terminal receives a file read / write command to the encrypted storage area of the storage medium, A communication means for accessing a server; and an encryption means for decrypting or encrypting a file stored in the encrypted storage area based on an encryption key generated by the authentication device. The device includes: first storage means for storing encryption key generation information and authentication user identification information including a user identification number and a PIN; and A user authentication means for performing user authentication by comparing the entered trial PIN with the PIN, and generated by the encryption key generation information and the server only when the user authentication is successful within a predetermined number of trials. Encryption key generating means for generating the encryption key based on the encryption key material, and the server stores the use availability of the storage medium in association with the user identification number And, when accessed from the terminal, referring to the storage content of the second storage means, authenticates the authentication device and determines whether or not the storage medium can be used, and the authentication device by the authentication means The encryption key material is generated only when the authentication is successful and the storage medium is usable, and the generated encryption key material is stored in the second storage means and sent to the terminal. An encryption key material providing means for a storage medium management system comprising.
According to the first invention, it is possible to reliably prevent information leakage even if the storage medium is lost or stolen without impairing convenience.

The encryption key material providing means included in the server according to the first aspect of the invention stores the encryption key material stored in the second storage means when the predetermined time has elapsed since the previous generation of the encryption key material. Acquired as an encryption key material, newly generates the encryption key material as a new encryption key material, stores the new encryption key material in the second storage means, and stores the old encryption key material and the new encryption key material. The encryption key generation means included in the authentication device generates an old encryption key based on the encryption key generation information and the old encryption key material, and the encryption key generation information and A new encryption key is generated based on the new encryption key material, and the encryption means included in the terminal decrypts the file stored in the encryption storage area based on the old encryption key, and , The new dark It is desirable to encrypt the decrypted file based on the key.
As a result, information leakage can be prevented more reliably.

The non-encrypted storage area of the storage medium stores a communication application for causing the terminal to function as the communication means and an encryption application for causing the terminal to function as the encryption means. The application and the encryption application may be loaded in the volatile memory of the terminal and started when the storage medium is loaded in the terminal.
In the first invention, since the encryption key is not decrypted even if it is attacked by the encryption application, it is safe to store the encryption application in the storage medium.

The second invention is an authentication comprising a portable storage medium and tamper-resistant first storage means for storing encryption key generation information and authentication user identification information including a user identification number and a PIN. A device, a terminal capable of transmitting / receiving data to / from the storage medium and the authentication device, and a second storage means connected to the terminal via a network and storing the use / nonuse of the storage medium in association with the user identification number. A storage medium management method in a storage medium management system comprising: a server that manages the storage medium, wherein the terminal accepts a file read / write command to an encrypted storage area of the storage medium Accessing the server, and when the server is accessed from the terminal, the stored content of the second storage means is referred to Authenticating an authentication device and determining whether or not the storage medium can be used; and the server generates and generates the encryption key material only when the authentication device is successfully authenticated and the storage medium is usable Storing the encrypted encryption key material in the second storage means and transmitting it to the terminal, and the authentication device compares the trial PIN input to the terminal with the PIN to perform user authentication And the authentication device generates an encryption key based on the encryption key generation information and the encryption key material generated by the server only when the user authentication is successful within a predetermined number of attempts, and And the terminal decrypts or encrypts the file stored in the encrypted storage area based on the encryption key. It is a method.
According to the second invention, it is possible to reliably prevent information leakage even if the storage medium is lost or stolen without impairing convenience.

According to a third aspect of the present invention, there is provided an encryption storage area of the storage medium connected to a server that manages a portable storage medium via a network and capable of transmitting / receiving data to / from the storage medium and a tamper resistant authentication device When a file read / write command is received, the file stored in the encrypted storage area is decrypted or encrypted based on the communication means for accessing the server and the encryption key generated by the authentication device. A first storage means for storing authentication key generation information and authentication user identification information including a user identification number and a PIN; A user authentication unit that compares the trial PIN with the PIN and performs user authentication, and when the user authentication is successful within a predetermined number of trials And functioning as encryption key generation means for generating the encryption key based on the encryption key generation information and the encryption key material generated by the server, and associating the server with the user identification number. , Second storage means for storing the availability of the storage medium, and when accessed from the terminal, the authentication device is authenticated by referring to the storage content of the second storage means, and the availability of the storage medium Only when the authentication device is successfully authenticated by the authentication means and the storage medium is usable, the encryption key material is generated, and the generated encryption key material is stored in the second storage. A program for functioning as encryption key material providing means that is stored in the means and transmitted to the terminal.
According to the third invention, the storage medium management system according to the first invention can be constructed while the hardware itself is the conventional product.

  According to the present invention, it is possible to reliably prevent information leakage even if a storage medium is lost or stolen without impairing convenience.

The figure which shows an example of the whole structure of the storage medium management system 1 The figure which shows an example of a structure of the USB memory 2 The figure which shows an example of a structure of IC card 3 Hardware configuration diagram of a computer for realizing the PC 5 and the server 6 The figure which shows an example of the memory content of the memory | storage part 54 of the server 6 The figure which shows an example of the authentication information database 63 Flow chart showing the flow of encryption processing Flow chart showing the flow of decryption processing Flow chart showing the flow of periodic change processing

In the embodiment of the present invention, as an example of “portable storage medium”, USB (Universal
(Serial Bus) memory will be described as an example. In addition to USB memory, portable storage media include magnetic disks such as external HD (Hard Disk) with USB connection, optical disks such as CD (Compact Disk) and DVD (Digital Versatile Disk), SD (Secure
Digital) memory cards and other memory cards are conceivable, but not limited to these.
In the embodiment of the present invention, an IC (Integrated Circuit) card will be described as an example of an “tamper resistant authentication device”. As tamper-resistant authentication devices, in addition to IC cards, SIM (Subscriber Identity Module) cards, UIMs (Universal
Subscriber Identity Module) cards are conceivable, but not limited to these.
In the embodiment of the present invention, a desktop or notebook PC (Personal Computer) will be described as an example of “a terminal capable of transmitting and receiving data to and from a storage medium and an authentication device”. As a terminal capable of transmitting and receiving data to and from the storage medium and the authentication device, a mobile phone, a smartphone, a tablet terminal, an electronic book terminal, etc. can be considered in addition to a desktop or notebook PC, but is not limited thereto. .

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. First, the configuration of the storage medium management system 1 will be described with reference to FIGS.

  FIG. 1 is a diagram illustrating an example of the overall configuration of the storage medium management system 1. As shown in FIG. 1, the storage medium management system 1 includes a USB memory 2, an IC card 3, an IC card R / W (reader / writer) 4, a PC 5, a server 6, and the like. The PC 5 and the server 6 are connected via the network 7.

FIG. 2 is a diagram illustrating an example of the configuration of the USB memory 2.
The USB memory 2 is an example of a portable storage medium. The USB memory 2 has hardware such as a driver chip 21 and a flash memory 22. The driver chip 21 has a function of causing the PC 5 to recognize the flash memory 22 as an external storage device. The flash memory 22 is a nonvolatile semiconductor memory.

  The storage area of the flash memory 22 includes a non-encrypted storage area 23 and an encrypted storage area 24. The non-encrypted storage area 23 is an area where files that are not encrypted are stored. The encryption storage area 24 is an area for storing files to be encrypted.

  The non-encrypted storage area 23 includes a communication application 25 (hereinafter referred to as “communication application 25”), an encryption application 26 (hereinafter referred to as “encryption application 26”), a USB identification number 27, and the like. Is remembered.

  The communication application 25 is a program for causing the PC 5 to function as a predetermined communication unit. The predetermined communication means is means that the PC 5 accesses the server 6 when the PC 5 receives a file read / write command to the encrypted storage area 24 of the USB memory 2. The communication application 25 also includes connection destination information of the server 6.

  The encryption application 26 is a program for causing the PC 5 to function as a predetermined encryption unit. The predetermined encryption means is means for decrypting or encrypting the file stored in the encryption storage area 24 based on the encryption key generated by the IC card 3. The encryption application 26 includes processing for realizing data transmission / reception with the IC card 3.

  The USB identification number 27 is a number that uniquely identifies the USB. The USB identification number 27 is not an essential component. Therefore, when the present invention is applied to another storage medium instead of the USB memory 2, the storage medium does not have to be assigned an identification number.

  An encrypted file 28 is stored in the encrypted storage area 24. The encrypted file 28 is a file that is encrypted according to the encryption application 26. The user stores important data (trade secret, personal information, etc.) related to the business in the encryption storage area 24 of the USB memory 2.

  When the USB memory 2 is attached to the PC 5, the communication application 25 and the encryption application 26 are expanded in the volatile memory of the PC 5 and automatically activated. Since the communication application 25 and the encrypted application 26 are stored in the non-encrypted storage area 23, the PC 5 can be executed without performing special processing.

  The non-encrypted storage area 23 is preferably hidden from the PC 5 or the like. In other words, it is desirable not to display the file stored in the non-encrypted storage area 23 on the screen of the PC 5. This is to prevent an erroneous operation in which important data related to business is erroneously stored in the non-encrypted storage area 23. Another reason is to prevent a malicious user from knowing the existence of the communication application 25 and the encryption application 26.

FIG. 3 is a diagram illustrating an example of the configuration of the IC card 3.
The IC card 3 is a CPU (Central
It includes hardware such as a processing unit (RAM) 31, a random access memory (RAM) 32, an electrically erasable programmable read only memory (EEPROM) 33, a read only memory (ROM) 34, and a communication I / F (interface) 35.

  The CPU 31 calls a program stored in the ROM 33 to the work memory area on the RAM 32 and executes it, thereby realizing processing performed by the IC card 3.

  The RAM 32 is a volatile memory. The RAM 32 temporarily stores programs, data, and the like loaded from the ROM 33, and includes a work area used by the CPU 31 to perform various processes.

  The EEPROM 33 is a nonvolatile memory. The EEPROM 33 stores encryption key generation information for generating an encryption key (used by the encryption application 26) and authentication user identification information for authenticating a user. Specifically, the EEPROM 33 stores an encryption master key 41, a user identification number 42, an authentication key 43, a PIN (Personal Identification Number) 44, and the like.

The encryption master key 41 is one piece of encryption key generation information. The encryption master key 41 is different data for each IC card 3.
The user identification number 42 is one piece of authentication user identification information. The user identification number 42 is a number that uniquely identifies the user, for example, an employee number.
The authentication key 43 is one piece of user identification information for authentication. The authentication key 43 is different data for each user.
The PIN 44 is one of user identification information for authentication. The PIN 44 is a password for the IC card 3 to authenticate the user, and is different data for each user.

  The ROM 33 is a nonvolatile memory. The ROM 33 permanently stores programs executed by the IC card 3 and data. The ROM 33 stores processing contents such as a PIN authentication command 45 and an encryption key generation command 46 transmitted from the PC 5 via the IC card R / W 4 as programs.

The processing content of the PIN authentication command 45 is to perform user authentication by comparing the trial PIN input to the PC 5 with the PIN 44 which is authentication user identification information.
The processing content of the encryption key generation command 46 includes the encryption master key 41 that is encryption key generation information and the encryption generated by the server 6 only when the user authentication is successful within a predetermined number of trials (for example, 3 times). The encryption key is generated based on the key material.

  The communication I / F 35 is an interface for performing communication between the IC card 3 and the IC card R / W4. The IC card R / W4 is a contact type or non-contact type reader / writer, and may be integrated with the USB memory 2 or may be a separate body.

The IC card 3 is formed so that memories such as the CPU 31 and the RAM 32 are integrated into one chip and the wiring is not exposed to the outside. Therefore, it is difficult to process control signals and read bus signals.
Further, access control by the CPU 31 (control by the above-described PIN authentication) is applied to access from an external terminal (in the case of contact type) or a built-in antenna (in the case of non-contact type). Accordingly, unauthorized reading and writing cannot be performed unless PIN authentication is successful.
Further, when the PIN authentication fails continuously for a predetermined number of times, the IC card 3 locks the PIN 44. The operation of unlocking the PIN 44 is performed only by the administrator. Therefore, the PIN 44 is not decrypted by a password decryption technique called “brute force attack”.

  FIG. 4 is a hardware configuration diagram of a computer that implements the PC 5 and the server 6. Note that the hardware configuration in FIG. 4 is merely an example, and various configurations can be adopted depending on the application and purpose.

  As shown in FIG. 4, in the computer, a CPU 51, a RAM 52, a ROM 53, a storage unit 54, a media input / output unit 55, an input unit 56, a display unit 57, and a communication unit 58 are connected via a bus 59.

The CPU 51 calls a program stored in the ROM 53, the storage unit 54, a recording medium (including the USB memory 2), etc., to the work memory area on the RAM 52 and executes it, and drives each device connected via the bus 59. Control and implement processing performed by computer.
The RAM 52 is a volatile memory, and temporarily stores programs, data, and the like loaded from the ROM 53, the storage unit 54, a recording medium, and the like, and includes a work area used by the CPU 51 for performing various processes.
The ROM 53 is a nonvolatile memory, and permanently stores a computer boot program, a program such as a BIOS, data, and the like.

The storage unit 54 is, for example, an HD (hard disk), and stores a program executed by the CPU 51, data necessary for program execution, an OS, and the like. As for the program, a control program corresponding to the OS, an application program executed in the thin client system 1, files, and the like are stored. Each of these program codes is read by the CPU 51 as necessary, transferred to the RAM 52, and executed as various means.
The media input / output unit 55 performs input / output of data on a recording medium, for example, a CD drive (-ROM, -R, -RW, etc.), a DVD drive (-ROM, -R, -RW, etc.), a USB port, etc. Have A USB memory 2, an IC card R / W4, and the like are attached to the USB port.

The input unit 56 inputs data and includes, for example, a keyboard, a pointing device such as a mouse, and an input device such as a numeric keypad.
The display unit 57 includes a display device such as a liquid crystal panel and a logic circuit (a video adapter or the like) for realizing a video function in cooperation with the display device.
The communication unit 58 includes a communication control device, a communication port, and the like, and is a communication interface that mediates communication between other computers, and performs communication control.
The bus 59 is a path that mediates transmission / reception of control signals, data signals, and the like between the devices.

FIG. 5 is a diagram illustrating an example of the contents stored in the storage unit 54 of the server 6.
The storage unit 54 of the server 6 includes an authentication application (hereinafter referred to as “authentication application”) 61, an encryption key material providing application (hereinafter referred to as “encryption key material providing application”) 62, and an authentication information database. 63 etc. are stored. The authentication information database 63 may be stored not in the storage unit 54 of the server 6 but in an external storage device.

The authentication application 61 is a program for causing the server 6 to function as a predetermined authentication unit. The predetermined authentication means refers to means for authenticating the IC card 3 and determining whether or not the USB memory 2 can be used by referring to the stored contents of the authentication information database 63 when accessed from the PC 5.
The encryption key material providing application 62 is a program for causing the server 6 to function as predetermined encryption key material providing means. The predetermined encryption key material providing means generates an encryption key material only when the authentication of the IC card 3 by the predetermined authentication means is successful and the USB memory 2 can be used, and the generated encryption key material is used as authentication information. This means stores the data in the database 63 and transmits it to the PC 5. Here, the encryption key material is, for example, a random number. The encryption key material is generated when accessed from the PC 5 for the first time. Also, the encryption key material may be changed periodically at the second and subsequent accesses from the PC 5.

FIG. 6 is a diagram illustrating an example of the authentication information database 63.
The authentication information database 63 includes data items such as a user identification number 71, a USB identification number 72, an authentication key 73, a usability 74, an encryption key material 75, and an encryption key material generation date and time 76.

The user identification number 71 is one piece of authentication user identification information. The user identification number 71 is a number that uniquely identifies the user, and is the same as the user identification number 42.
The USB identification number 72 is a number that uniquely identifies the USB memory 2 and is the same as the USB identification number 27.
The authentication key 73 is one piece of authentication user identification information. The authentication key 73 is different data for each user and is the same as the authentication key 43.

The usability 74 is a flag indicating whether or not the USB memory 2 can be used, and is “OK” (= usable) or “NG” (= unusable). The initial value of the availability 74 is “OK”. When there is a notification of loss or theft of the USB memory 2, the administrator sets the usability 74 to “NG”.
The encryption key material 75 is data generated by the encryption key material providing application 62, and is, for example, a random number.
The encryption key material generation date and time 76 is data indicating the date and time when the encryption key material 75 was generated by the encryption key material providing application 62.

  In FIG. 6, the authentication key 73 is “xyzxyz” and the usability 74 is “OK” for the USB memory 2 specified by the user identification number 71 “000000” and / or the USB identification number 72 “aaabbbccc”. ”, Data in which the encryption key material 75 is“ xxxxxxxxxx ”and the encryption key material generation date 76 is“ YYMMDDHHMMSS ”.

  Next, processing in the storage medium management system 1 will be described with reference to FIGS. In the storage medium management system 1, (1) encryption processing for encrypting and storing a file in the USB memory 2, (2) decryption processing for decrypting the file in the USB memory 2, and (3) encryption A periodic change process for periodically changing the encryption key used in the process and the decryption process is executed.

FIG. 7 is a flowchart showing the flow of the encryption process.
When the CPU 51 of the PC 5 recognizes that the USB memory 2 is attached (S11), it reads out the communication application 25 and the encrypted application 26 stored in the non-encrypted storage area 23 of the USB memory 2 and develops them in the RAM 52. Start up. In the subsequent processing, the CPU 51 of the PC 5 executes processing according to the communication application 25 and the encryption application 26.

When the user instructs to move or copy the file stored in the storage unit 54 or the like of the PC 5 to the USB memory 2 via the input unit 56 and the CPU 51 of the PC 5 accepts this instruction (S12), the CPU 51 of the PC 5 Accesses the server 6 via the network 7 (S13).
On the other hand, the CPU 51 of the server 6 authenticates the IC card 3 (authentication of the user of the USB memory 2) by a challenge response. Specifically, the CPU 51 of the server 6 generates a random number (challenge) and transmits it to the PC 5 (S14).

  Next, the CPU 51 of the PC 5 prompts the user to input a trial PIN. When the user inputs a trial PIN via the input unit 56 and the CPU 51 of the PC 5 accepts the trial PIN, the CPU 51 of the PC 5 transmits the trial PIN to the IC card 3 (S15).

The CPU 31 of the IC card 3 compares the trial PIN received from the PC 5 with the PIN 44 stored in the EEPROM 34, and authenticates the PIN 44 (S16). Then, the CPU 31 of the IC card 3 transmits the result of PIN authentication (“OK” or “NG”) to the PC 5.
On the other hand, the CPU 51 of the PC 5 only when the authentication of the PIN 44 in S16 is successful within the predetermined number of trials, that is, only when the result of the PIN authentication of “OK” is received within the predetermined number of trials. The process proceeds to the next process.

Next, the CPU 51 of the PC 5 transmits the random number (challenge) received from the server 6 to the IC card 3 (S17).
The CPU 31 of the IC card 3 generates authentication data (response) using the authentication key 43 stored in the EEPROM 34 and the random number (challenge) received from the PC 5, and generates the user identification number 42 stored in the EEPROM 34. Authentication data (response) is transmitted to the PC 5 (S18).
The CPU 51 of the PC 5 transmits the user identification number 42 and authentication data (response) received from the IC card 3 to the server 6 (S19). In addition, the CPU 51 of the PC 5 may also transmit the USB identification number 27 stored in the non-encrypted storage area 23 of the USB memory 2 to the server 6.

Next, the CPU 51 of the server 6 searches the authentication database 63 using the user identification number 42 received from the PC 5 as a search key, and acquires the user identification number 71 and the authentication key 73 of the authentication database 63. Further, the CPU 51 of the server 6 generates authentication data (response) for comparison using the authentication key 73 acquired from the authentication database 63 and the random number (challenge) generated in S14. Then, the CPU 51 of the server 6 compares the user identification number 71 acquired from the authentication database 63 and the generated comparison authentication data (response) with the user identification number 42 and authentication data (response) received from the PC 5, Authentication of the IC card 3 (authentication of the user of the USB memory 2) is performed (S20). When the USB identification number 27 is received from the PC 5, the CPU 51 of the server 6 receives the user identification number 71, the USB identification number 72 and the comparison authentication data (response) in the authentication database 63 and the user identification received from the PC 5. The number 42, the USB identification number 27, and the authentication data (response) are compared. In this way, if authentication is performed using a challenge response, the authentication key 43 stored in the IC card 3 does not flow on the communication path, and the IC card 3 can be authenticated safely.
The CPU 51 of the server 6 proceeds to the next process only when the authentication of the IC card 3 in S20 is successful.

Next, the CPU 51 of the server 6 searches the authentication database 63 using the user identification number 42 received from the PC 5 as a search key, and confirms whether or not the availability 74 of the authentication database 63 is “OK” (usable). (S21).
The CPU 51 of the server 6 proceeds to the next process only when the availability 74 is “OK” (usable) in S21.

  Next, the CPU 51 of the server 6 generates a random number as the encryption key material (S22). The CPU 51 of the server 6 registers the generated encryption key material as the encryption key material 75 of the authentication database 63, and registers the date and time when the encryption key material was generated as the encryption key material generation date and time 76 (S23). Further, the CPU 51 of the server 6 transmits the generated encryption key material to the PC 5 (S24).

  Next, the CPU 51 of the PC 5 transmits the encryption key material received from the server 6 to the IC card 3 (S25). Here, the CPU 51 of the PC 5 discards the encryption key material after transmitting the encryption key material to the IC card 3 (initializes the value of the encryption key material stored in the work area area of the RAM 52).

  Next, the CPU 31 of the IC card 3 generates an encryption key based on the encryption master key 41 stored in the EEPROM 34 and the encryption key material received from the PC 5 (S26). The CPU 31 of the IC card 3 transmits the generated encryption key to the PC 5 (S27). Here, after transmitting the encryption key to the PC 5, the CPU 31 of the IC card 3 discards the encryption key (initializes the value of the encryption key stored in the work area area of the RAM 32).

Next, the CPU 51 of the PC 5 encrypts the file using the encryption key received from the IC card 3 and stores it as the encrypted file 28 in the encryption storage area 24 of the USB memory 2 (S28).
Then, after storing the encrypted file 28 in the USB memory 2, the CPU 51 of the PC 5 discards the encryption key (initializes the value of the encryption key stored in the work area area of the RAM 52) (S29).

As described above, the user can store the plain text file stored in the storage unit 54 of the PC 5 as the encrypted file 28 in the encrypted storage area 24 of the USB memory 2.
The user's operations in the encryption process shown in FIG. 7 are only the installation of the USB memory 2 in S11, the instruction to move or copy the file in S12, and the input of the trial PIN in S15. That is, in the encryption process shown in FIG. 7, the user's operation content does not change as compared with the conventional product having the function of encrypting the flash memory in the USB memory.
The trial PIN in S15 may be, for example, a trial PIN input by the user via the input unit 56 when the OS of the PC 5 is activated. That is, PIN authentication for login management of the PC 5 and PIN authentication for storage medium management may be made common.

FIG. 8 is a flowchart showing the flow of the decoding process.
When the CPU 51 of the PC 5 recognizes that the USB memory 2 is attached (S41), it reads out the communication application 25 and the encrypted application 26 stored in the non-encrypted storage area 23 of the USB memory 2 and expands them in the RAM 52. Start up. In the subsequent processing, the CPU 51 of the PC 5 executes processing according to the communication application 25 and the encryption application 26.

  The user instructs to move or copy the encrypted file 28 stored in the encrypted storage area 24 of the USB memory 2 to the storage unit 54 or the like of the PC 5 via the input unit 56, and the CPU 51 of the PC 5 issues this instruction. When accepted (S42), the CPU 51 of the PC 5 accesses the server 6 via the network 7 (S43).

  Since the process of S44-S51 is the same as the process of S14-S21 shown in FIG. 7, description is abbreviate | omitted. Similarly to the encryption processing shown in FIG. 7, the CPU 51 of the server 6 can perform the following only when the authentication of the IC card 3 in S50 is successful and the availability 74 is “OK” (usable) in S51. Proceed to processing.

  Next, the CPU 51 of the server 6 searches the authentication database 63 using the user identification number 42 received from the PC 5 as a search key, acquires the encryption key material 75 of the authentication database 63, and transmits it to the PC 5 (S52).

  Next, the CPU 51 of the PC 5 transmits the encryption key material received from the server 6 to the IC card 3 (S53). Here, the CPU 51 of the PC 5 discards the encryption key material after transmitting the encryption key material to the IC card 3 (initializes the value of the encryption key material stored in the work area area of the RAM 52).

  Next, the CPU 31 of the IC card 3 generates an encryption key based on the encryption master key 41 stored in the EEPROM 34 and the encryption key material received from the PC 5 (S54). Further, the CPU 31 of the IC card 3 transmits the generated encryption key to the PC 5 (S55). Here, after transmitting the encryption key to the PC 5, the CPU 31 of the IC card 3 discards the encryption key (initializes the value of the encryption key stored in the work area area of the RAM 32).

Next, the CPU 51 of the PC 5 decrypts the encrypted file 28 stored in the encrypted storage area 24 of the USB memory 2 using the encryption key received from the IC card 3, and decrypts it to the storage unit 54 of the PC 5, etc. The file is stored (S56).
The CPU 51 of the PC 5 stores the decrypted file in the storage unit 54 or the like of the PC 5 and then discards the encryption key (initializes the value of the encryption key stored in the work area area of the RAM 52) (S57).

As described above, the user can store the encrypted file 28 stored in the encrypted storage area 24 of the USB memory 2 as a plain text file in the storage unit 54 of the PC 5 and refer to it.
The user operations in the encryption process shown in FIG. 8 are only the installation of the USB memory 2 in S41, the instruction to move or copy the file in S42, and the input of the trial PIN in S45. In other words, the decryption process shown in FIG. 8 does not change the user's operation contents as compared with the conventional product having the function of encrypting the flash memory in the USB memory.
Note that the trial PIN in S45 may be, for example, a trial PIN input by the user via the input unit 56 when the OS of the PC 5 is activated. That is, PIN authentication for login management of the PPC 5 and PIN authentication for storage medium management may be made common.

FIG. 9 is a flowchart showing the flow of the periodic change process.
The CPU 51 of the server 6 confirms the encryption key material generation date and time 76 (during the previous generation of the encryption key material) in the authentication database 63 at the second and subsequent accesses from the PC 5, and when a predetermined time has passed. Starts the process shown in FIG.

  The CPU 51 of the server 6 acquires the encryption key material 75 stored in the authentication database 63 as the encryption key material (old) (S71). Next, the CPU 51 of the server 6 newly generates an encryption key material as an encryption key material (new) (S72), registers the encryption key material (new) as the encryption key material 75 of the authentication database 63, and encrypts the encryption key material (new). The date and time when the material (new) is generated is registered as the encryption key material generation date and time 76 (S73). Next, the CPU 51 of the server 6 transmits the encryption key material (old) and the encryption key material (new) to the PC 5 (S74).

  The CPU 51 of the PC 5 transmits the encryption key material (old) and the encryption key material (new) to the IC card 3 (S75). Here, after transmitting the encryption key material (old) and the encryption key material (new) to the IC card 3, the CPU 51 of the PC 5 discards the encryption key material (old) and the encryption key material (new) (work of the RAM 52). The values of the encryption key material (old) and encryption key material (new) stored in the area area are initialized).

Next, the CPU 31 of the IC card 3 generates an encryption key (old) based on the encryption master key 41 stored in the EEPROM 34 and the encryption key material (old) received from the PC 5, and also the encryption master key. An encryption key (new) is generated based on 41 and the encryption key material (new) received from the PC 5 (S76).
Further, the CPU 31 of the IC card 3 transmits the generated encryption key (old) and encryption key (new) to the PC 5 (S77). Here, after transmitting the encryption key (old) and the encryption key (new) to the PC 5, the CPU 31 of the IC card 3 discards the encryption key (old) and the encryption key (new) (stored in the work area area of the RAM 32). Initialize the values of the encrypted encryption key (old) and encryption key (new)).

Next, the CPU 51 of the PC 5 decrypts the encrypted file 28 stored in the encrypted storage area 24 of the USB memory 2 using the encryption key (old) received from the IC card 3 (S78).
The CPU 51 of the PC 5 encrypts the decrypted file using the encryption key (new) received from the IC card 3 and stores it as the encrypted file 28 in the encryption storage area 24 of the USB memory 2 (S79).
Then, after storing the encrypted file 28 in the USB memory 2, the CPU 51 of the PC 5 discards the encryption key (old) and the encryption key (new) (the encryption key (old) stored in the work area area of the RAM 52 and The value of the encryption key (new) is initialized) (S80).

As described above, the encryption key used for encryption of the encrypted file 28 can be periodically changed.
There is no user operation in the periodic change process shown in FIG. That is, the user can change the encryption key safely without making the user aware of the periodic change of the encryption key.

As described above, in the storage medium management system 1, the data used for the encryption process and the decryption process are handled as follows.
The only data that should be kept secret by the user is the PIN 44, and the PIN 44 does not flow to the network 7.
The PIN 44 is stored only in the IC card 3 having tamper resistance, and the number of trial PINs input is limited.
The encryption master key 41 is stored only in the IC card 3 having tamper resistance, and does not flow through the USB cable as well as the network 7.
The encryption key material is transmitted from the server 6 to the IC card 3 via the PC 5 if the authentication of the IC card 3 is successful and the availability 74 of the authentication information database 63 is usable.
The encryption key is generated by the IC card 3 for each encryption process and decryption process based on the encryption master key 41 and the encryption key material.
The encryption key is not stored in the non-volatile memory of any device, but is discarded from the volatile memory immediately after use.

By handling the data used for the encryption process and the decryption process as described above, the following effects are obtained.
Even if the IC card 3 is lost or stolen together with the USB memory 2, the possibility of the PIN 44 being decrypted by a password decrypting technique called “brute force attack” is extremely low.
-Even if the encryption application 26 is attacked, the encryption key is not decrypted.
Since the encryption key is not decrypted even if it is attacked by the encryption application 26, it is safe to store the encryption application 26 in the USB memory 2. That is, it is not necessary to install the encryption application 26 or the like in the storage unit 54 of the PC 5.
-The PIN 44 and the encryption key do not flow to the network 7.
-Use place and use time of PC5 are free.

  Therefore, the storage medium management system 1 according to the embodiment of the present invention can reliably prevent information leakage even if the storage medium is lost or stolen without impairing convenience. Further, when the encryption key material 75 is periodically changed, information leakage can be prevented more reliably.

  In the above description, the communication application 25 and the encryption application 26 are stored in the non-encrypted storage area 23 of the USB memory 2. For example, when the PC 5 used by the user is determined in advance, The communication application 25 and the encryption application 26 may be installed in the storage unit 54 of the PC 5.

  The preferred embodiments of the storage medium management system and the like according to the present invention have been described above with reference to the accompanying drawings, but the present invention is not limited to such examples. It will be apparent to those skilled in the art that various changes or modifications can be conceived within the scope of the technical idea disclosed in the present application, and these naturally belong to the technical scope of the present invention. Understood.

1 ... Storage medium management system 2 ... USB memory 3 ... IC card 4 ... IC card R / W
5 ……… PC
6 ... Server 7 ... Network 23 ... Unencrypted storage area 24 ... Encrypted storage area 25 ... Communication app 26 ... Encrypt app 27 ... USB identification number 28 ... ... Encrypted file 41 ... …… Cryptographic master key 42 ... …… User identification number 43 ... …… Authentication key 44 ... …… PIN
45 .... PIN authentication command 46 .... Encryption key generation command 61 .... Authentication application 62 .... Encryption key material providing application 63 .... Authentication information database

Claims (5)

A portable storage medium, an authentication device having tamper resistance, a terminal capable of transmitting and receiving data to and from the storage medium, a server connected to the terminal via a network, and managing the storage medium; A storage medium management system comprising:
The terminal
A communication means for accessing the server upon receiving a file read / write command to the encrypted storage area of the storage medium;
An encryption means for decrypting or encrypting a file stored in the encrypted storage area based on an encryption key generated by the authentication device;
Comprising
The authentication device is:
First storage means for storing encryption key generation information and authentication user identification information including a user identification number and a PIN;
A user authentication means for performing user authentication by comparing the trial PIN input to the terminal with the PIN;
Only when the user authentication is successful within a predetermined number of trials, an encryption key generating means for generating the encryption key based on the encryption key generation information and the encryption key material generated by the server;
Comprising
The server
Second storage means for storing availability of the storage medium in association with the user identification number;
When accessed from the terminal, referring to the storage content of the second storage means, authenticating the authentication device and determining whether or not the storage medium can be used;
The encryption key material is generated only when authentication of the authentication device by the authentication unit is successful and the storage medium is usable, and the generated encryption key material is stored in the second storage unit and the terminal Encryption key material providing means to be transmitted to
A storage medium management system comprising: The encryption key material providing unit included in the server acquires the encryption key material stored in the second storage unit as an old encryption key material when a predetermined time has elapsed since the last generation of the encryption key material. Then, a new encryption key material is generated and used as a new encryption key material, the new encryption key material is stored in the second storage means, and the old encryption key material and the new encryption key material are transmitted to the terminal. And
The encryption key generating means included in the authentication device generates an old encryption key based on the encryption key generation information and the old encryption key material, and based on the encryption key generation information and the new encryption key material. Generate a new encryption key,
The encryption means included in the terminal decrypts the file stored in the encryption storage area based on the old encryption key, and further encrypts the decrypted file based on the new encryption key. The storage medium management system according to claim 1. The non-encrypted storage area of the storage medium stores a communication application for causing the terminal to function as the communication means, and an encryption application for causing the terminal to function as the encryption means,
The storage medium management system according to claim 1 or 2, wherein the communication application and the encryption application are loaded into the volatile memory of the terminal and activated when the storage medium is attached to the terminal. A portable storage medium, an authentication device having tamper resistance, first key storage means for storing encryption key generation information, and authentication user identification information including a user identification number and a PIN, and the storage medium And a terminal capable of transmitting / receiving data to / from the authentication device, and a second storage means connected to the terminal via the network and storing the availability of the storage medium in association with the user identification number. A storage medium management method in a storage medium management system comprising:
When the terminal receives a file read / write command to the encrypted storage area of the storage medium, the terminal accesses the server;
When the server is accessed from the terminal, referring to the storage content of the second storage means, authenticating the authentication device, and determining whether the storage medium can be used;
The server generates the encryption key material only when the authentication device is successfully authenticated and the storage medium is usable, and stores the generated encryption key material in the second storage unit and the terminal Sending to
The authentication device compares a trial PIN input to the terminal with the PIN and performs user authentication;
The authentication device generates an encryption key based on the encryption key generation information and the encryption key material generated by the server only when the user authentication is successful within a predetermined number of attempts, and
The terminal performs decryption or encryption of a file stored in the encryption storage area based on the encryption key;
A storage medium management method. A terminal that is connected to a server that manages a portable storage medium via a network, and that is capable of transmitting and receiving data to and from the authentication device having tamper resistance;
A communication means for accessing the server upon receiving a file read / write command to the encrypted storage area of the storage medium;
An encryption means for decrypting or encrypting a file stored in the encrypted storage area based on an encryption key generated by the authentication device;
To function,
The authentication device,
First storage means for storing encryption key generation information and authentication user identification information including a user identification number and a PIN;
A user authentication means for performing user authentication by comparing the trial PIN input to the terminal with the PIN;
Only when the user authentication is successful within a predetermined number of trials, an encryption key generating means for generating the encryption key based on the encryption key generation information and the encryption key material generated by the server;
To function,
The server,
Second storage means for storing availability of the storage medium in association with the user identification number;
When accessed from the terminal, referring to the storage content of the second storage means, authenticating the authentication device and determining whether or not the storage medium can be used;
The encryption key material is generated only when authentication of the authentication device by the authentication unit is successful and the storage medium is usable, and the generated encryption key material is stored in the second storage unit and the terminal Encryption key material providing means to be transmitted to
Program to make it function.

Images