WO2011058629A1 - 情報管理システム - Google Patents
情報管理システム Download PDFInfo
- Publication number
- WO2011058629A1 WO2011058629A1 PCT/JP2009/069257 JP2009069257W WO2011058629A1 WO 2011058629 A1 WO2011058629 A1 WO 2011058629A1 JP 2009069257 W JP2009069257 W JP 2009069257W WO 2011058629 A1 WO2011058629 A1 WO 2011058629A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- information
- attribute
- server
- terminal
- identification code
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
Definitions
- the present invention relates to an information management system that transmits personal information such as member attribute information to an information processing terminal that is an access (call) source via a network without information leakage.
- biometric information of a registrant received from a biometric information input unit is divided into two, and an authentication storage unit that stores one divided biometric information and a registrant specific that stores the other divided biometric information.
- An authentication system including an IC card and a control unit is described.
- the control unit accepts the biometric information of the authenticator and the other divided biometric information from the IC card, and the other divided biometric information and one divided
- the biometric information is synthesized and personal authentication is performed by comparing the synthesized biometric information with the biometric information of the certifier accepted from the biometric information input unit. This prevents unauthorized use even if one of the divided information is stolen.
- Patent Document 2 discloses an acquisition unit that acquires multimedia information that is information for confirming an individual, a dividing unit that divides the multimedia information, and a divided multimedia that is multimedia information divided into a plurality of pieces by the dividing unit.
- a registration device is described that includes storage control means for storing media information in a plurality of storage means of the verification device. More specifically, in the invention of Patent Document 2, the division unit divides the multimedia information from divided multimedia information with a small amount of information into divided multimedia information with a large amount of information in stages, and the storage control unit Thus, the divided multimedia information is stored in different storage means. Furthermore, instead of synthesizing the divided multimedia information and then collating it, it is possible to repeat the collation multiple times step by step for each divided multimedia information. It makes it difficult to restore media information.
- Patent Document 1 is a mode in which personal information is stored in two divided into an IC card and a storage device in the collation device, personal information is stolen from one medium and the information is used to impersonate another person. There is a risk of passing through the verification process.
- Patent Documents 1 and 2 when information divided at a given ratio is distributed and stored in a plurality of storage units, the storage location is identified, while regarding the confidentiality of the information itself, No measures beyond distributed processing are taken. Therefore, there is a limit to the risk of information theft, which is not sufficient in terms of security.
- the present invention divides and stores personal attribute information, associates the divided information with linked information, and does not include attribute information when an access request is made to an information storage source, and reads the attribute information It is an object of the present invention to provide an information management system which prevents theft of information itself by setting it as a constant value of a program file, and further makes it impossible to decode the information even if the information is stolen.
- the data is selectively transmitted from the server storing each piece of information of the plurality of attribute items for identifying the member to the information processing terminal possessed by the member that is the access source via the network.
- the server has divided attribute information in which the attribute information in each attribute item is divided into at least two in order from one end side to the other end side according to a predetermined rule Each of the division attribute information, the division identification code information for identifying the division attribute information, the division identification code information of the division attribute information of the next order in the ordering, and the location of the division attribute information of the next order.
- Terminal communication processing means for receiving the read program file, and executing the received read program file, reading each division attribute information of the attribute item to the output unit, and sequentially dividing the next division identification code information into the division Read to the terminal communication processing means to transmit to the information storage unit corresponding to the storage location information of the identification code information It is characterized in that a program execution processing unit.
- each of the attribute information in each attribute item is divided into at least two divided attribute information items in order from one end side to the other end side according to a predetermined rule.
- the division identification code information for identifying the division attribute information, the division identification code information of the division attribute information of the next order in the ordering, and the location of the division attribute information of the next order Read program files for storing the storage location information as constant values are stored in a distributed manner. Then, the read program file sending means returns a read program file corresponding to the divided identification code information from the designated information storage unit to the information processing terminal of the access source, and the terminal communication processing means sends out the member attribute information.
- the division identification code information from the one end to the other end and the corresponding storage destination information are sequentially transmitted to the information storage unit corresponding to the storage destination information for designation, and the division from the information storage unit
- the read program file corresponding to the identification code information is received.
- the received read program file is executed by the program execution processing means, and each division attribute information of the attribute item is read to the output unit, and the next division identification code information is sequentially stored in the division identification code information.
- the server also has a plurality of information storage units, and is distributed and stored in the plurality of information storage units according to the division identification code information and the storage location information for each division attribute information. Therefore, even if one piece of division attribute information is wiretapped, only the division identification code information and storage location information in the following order can be obtained in this information. Information cannot be collected. In addition, associating the divided information with the linked information so that the attribute information is not included when calling the information storage unit, and the attribute information is set as a constant value of the read program file, so that a reply from the server is also possible. Decoding is difficult, and the information itself is prevented from being stolen.
- the next division identification code information is transmitted to any of the information storage units via the management unit 4 (see FIG. 1).
- the management unit 4 since it is merely a distribution process, it is substantially the same as that information is transmitted from the terminal communication processing means to the information storage unit corresponding to the storage location information.
- personal attribute information is divided and distributed and stored, and the divided information is associated with the linked information, and the attribute information is not included when calling the information storage unit, and the attribute information is stored.
- FIG. 1 is a schematic configuration diagram of a network system to which an information management system according to the present invention is applied.
- the block diagram which each divided the function which a terminal, a USB memory, and a member server have is shown.
- 3 is a diagram showing an example of a memory map of a USB memory 2 and data servers 51 to 56.
- FIG. 4 is a diagram illustrating an example of a list of program files A.
- FIG. 4 is a flowchart for explaining a procedure of member information registration processing executed by a control unit 41 of the management unit 4. It is a flowchart explaining the procedure of the mounting determination process of the USB memory 2 performed by the control part of a terminal. It is a flowchart explaining the procedure of the browsing permission grant process of member information performed by the control part of a terminal.
- FIG. 1 is a schematic configuration diagram of a network system to which an information management system according to the present invention is applied.
- the network system shown in FIG. 1 includes, for example, a terminal (information processing terminal) 1 that is a member, a consumer, a store, a company, or the like, and a terminal (information processing terminal) 1 arranged in one or more financial institutions that perform settlement. And a member server 3 disposed in a management organization that performs overall management and storage of information between the terminal 1 and the terminal 1.
- the terminal 1 is generally composed of a personal computer or the like with a built-in CPU (Central Processing Unit).
- general processing such as information creation, processing, storage using general document and figure creation software, and transmission / reception of information using communication software, etc.
- a program file (see the general-purpose AP (application software) storage unit 131 in FIG. 2) and a program file that performs processing related to the execution of specific application software (a specific AP (in FIG. 2)).
- Application software storage unit 132). More specifically, in the terminal 1 such as a consumer, a store, or a company, a specific AP storage unit 132 is used as software for making and communicating each document related to buying and selling of goods and services, estimation or billing, and deposit and withdrawal. The software is installed.
- the terminal 1 performs settlement in general commercial transactions, for example, issuance and receipt of invoices from a merchant store, and deposit (i.e., payment) instructions from the purchaser to the account of the contract financial institution that issued the invoice.
- deposit i.e., payment
- the terminal 1 can create various documents as electronic files in text format or binary format.
- the electronic file is exchanged between the terminals 1 via the member server 3, for example.
- Special application software that performs payment instruction processing (such as instructions for payment processing between financial institutions) in accordance with the financial payment document from the terminal 1 of the consumer or company is also installed in each financial institution terminal 1. ing.
- the terminal 1 also has a USB port P1 to which a portable storage medium (member external storage medium), for example, a USB (Universal Serial Bus) memory 2 can be attached (connected).
- a portable storage medium member external storage medium
- the storage medium may be stick-like hardware using an IEEE 1394 port.
- the USB memory 2 is given to members, and has storage units (areas) in which predetermined information can be updated and stored as will be described later. Note that the storage medium does not have to be a rewritable memory in the case where there is no variation processing as will be described later.
- the member server 3 stores attribute information relating to various attribute items for identifying a member, such as a member's name, date of birth, address, and telephone number, in units of members. The storage form of these information will be described later.
- the member server 3 further includes an unillustrated file storage unit that stores a file transmission / reception history of each member, its files, and the like for each member.
- this system creates and stores secret information, for example, information communication between a plurality of terminals 1 connected to a LAN in a corporate organization that is a public institution.
- secret information for example, information communication between a plurality of terminals 1 connected to a LAN in a corporate organization that is a public institution.
- This system uses an Internet network in terms of hardware. That is, while the terminal 1 is connected to the Internet, as described later, the above-described specific AP that is secured with software is permitted to execute with the Internet. From the viewpoint of a network divided by software according to the present invention, it can be handled as a dedicated network different from the Internet. As a result, it is possible to construct a system that does not require a new infrastructure, and each terminal 1 can communicate with other personal computers via the Internet as needed and perform normal information communication and Web site on the Internet. Search, browse and obtain information.
- the terminal 1 is connected to a network 7 via a provider (ISP) 6.
- ISP provider
- a plurality of terminals 1 are connected to the ISP 6.
- an appropriate number of servers having Web sites that provide various types of information are connected to the ISP 6.
- the terminal 1 connected to the ISP 6 includes a terminal 1 as a member in which a specific AP is installed, and a normal terminal 1 ′ in which only a general-purpose AP is installed.
- the predetermined application software in the specific AP includes processing for executing processing with the USB memory 2, for example, mounting determination processing on the terminal 1, and reading and writing processing of predetermined information.
- the member server 3 includes a management unit 4 and a database 5.
- the database 5 stores the above-described member attribute information, and has a predetermined number, for example, data servers 51 to 56.
- the data servers 51 to 56 store attribute information of all members for each member, and details will be described later.
- the management unit 4 is provided on the network 7 and manages information reading processing, information reception, fluctuation, writing processing, and the like between the terminal 1 and the database 5.
- the management unit 4 substantially functions as a server.
- the function of the management unit 4 may be provided in each of the data servers 51 to 56.
- the member attribute information can be acquired, for example, by displaying necessary attribute items on the display unit 15 as an input guide screen and inputting via the operation unit 14 at the time of member registration (membership).
- the input attribute information is divided according to a predetermined rule, and is further distributed and stored in any of the data servers 51 to 56 in a form in which linked information is sequentially attached.
- FIG. 2 shows a block diagram in which the functions of the terminal 1, the USB memory 2, and the member server 3 are respectively blocked.
- the terminal 1 includes a control unit 11 composed of a CPU.
- a ROM (Read Only Memory) 12 and a RAM (Random Access Memory) 13 are connected to the control unit 11.
- the CPU of the control unit 11 functions as an execution unit for normal processing by executing the general-purpose AP stored on the RAM 13.
- the CPU of the control unit 11 executes the specific AP held on the RAM 13 to give the authorization processing unit 111 that determines the mounting of the USB memory 2 and the authority to permit browsing of personal information of itself.
- a call signal to the member server 3 is sent from the terminal 1 of the member and the browsing permission granting unit 112 that designates the attribute item to which the browsing permission is given, and the member terminal 1 to which the browsing permission is given by the browsing permission granting unit 112.
- Read program file execution for executing the read program file stored in the call setting unit 113 and the data servers 51 to 56 generated as the browsing request signal and read by the terminal 1 (calling source) Unit 114, encryption processing unit 115 for encrypting information to be transmitted to the member server 3, encryption received from the member server 3
- the authentication processing unit 111 determines whether or not the USB memory 2 is mounted on the USB port P1, and determines whether or not the USB memory 2 is mounted based on the presence or absence of a response signal to the handshake signal that is periodically sent to the USB port P1. Like to do. In addition, when the installation of the USB memory 2 is confirmed, the authentication processing unit 111 confirms the installation of the USB memory 2 with a specific AP that has been installed in the specific AP storage unit 132 in the RAM 13 in advance. In response, a process of switching to executable is performed.
- FIG. 3 is a diagram showing an example of a memory map of the USB memory 2 and the data servers 51 to 56.
- the terminal 1A is the member A's terminal
- the USB memory 2A is the member A's.
- the terminal 1B is a member B's terminal different from the member A
- the USB memory 2B is the member B's.
- the member A's attribute information includes the name “Taro Tanaka”, the date of birth “March 4, 1975”, the address “1-1 Asahioka, Nerima-ku, Tokyo”, and the telephone number “03-1234”. -5678 ".
- the name is “Koji Suzuki”
- the date of birth is “March 11, 1980”
- the address is “3-10-21 Motoazabu, Minato-ku, Tokyo”
- the telephone is “03-9876-5432”. ”.
- the USB memory 2 includes an authentication information storage unit 21 that stores authentication information and an attribute information list storage unit 22 that stores an attribute information list.
- the authentication information is identification information (USBID) for identifying the USB memory 2 individually.
- the member server 3 stores the identification information of each USB memory 2 and verification information (member ID) and USBID corresponding to the password information for member authentication adopted as necessary. Yes. Note that the member ID), the USB ID, and the identification information of the terminal 1 owned by the member may be stored correspondingly.
- the attribute information list is storage destination information (ID) indicating any one of the identification code information and the data servers 51 to 56 where the information is stored for each attribute item of name to telephone number.
- ID storage destination information
- the identification code information is “402001” and the storage destination information is “server 1”.
- the identification code information is “500101”, and the storage location information is “server 3”.
- the identification code information is “100213” and the storage location information is “server 4”.
- the identification code information is “200073” and the storage location information is “server 6”.
- information is stored for each attribute item in the USB memory 2B of the member B.
- the attribute information list is stored in such a manner that it is placed as a constant value of the read program file, as will be described later.
- the attribute information list is stored in the form of a read program file, it cannot be easily decrypted, and the read program file is stored in the USB 2 in an encrypted state by the terminal 1 as will be described later. Further confidentiality against exploitation and alteration can be secured.
- the identification code information of the member A attribute information “name” is “402001”, and the storage location information is “server 1”. Accordingly, when the identification code information “402001” of the data server 51 (corresponding to “server 1”) is observed, “Tanaka” is stored as the attribute item “surname”. Furthermore, as the attribute item “name”, “006125” as identification code information and “server 5” as storage destination information are stored in association with each other, that is, as linked information. Next, “Taro” is stored in the identification code information “006125” of the attribute item “name” in the data server 55 (corresponding to “server 5”). This information has no further associated information.
- the attribute item “name” is divided into “last name” and “first name” in order from the top.
- the identification code information of the attribute item “name” is the identification code information of the first “last name”.
- the identification code information of the attribute item “birth date” in the USB memory 2 of the member A is “500101”, and the storage location information is “server 3”. . Therefore, when the identification code information “500101” of the data server 53 is observed, “1975” is stored as the attribute item “year”. Furthermore, as the attribute item “month / day”, identification code information “417890” and “server 2” as storage destination information are stored in association with each other, that is, as linked information. Next, in the data server 52, “March 4” is stored in the identification code information “417890” of the attribute item “Month day”. This information has no further associated information.
- the attribute item “birth date” is divided into “year” and “month / day” in order from the top.
- the identification code information of the attribute item “birth date” is the identification code information of the first “year”.
- the identification code information of the attribute item “address” in the USB memory 2 of the member A is “100213”, and the storage destination information is “server 4”. Therefore, when the identification code information “100213” of the data server 54 is observed, “Nerima-ku, Tokyo” is stored as the attribute item “address 1”. Further, as the attribute item “address 2”, identification code information “508729” and “server 2” as storage destination information are stored in correspondence with each other, that is, as linked information. Next, the data server 52 stores “Asahioka” in the identification code information “508729” of the attribute item “address 2”.
- identification code information “000834” and “server 1” as storage location information are stored in association with each other, that is, as linked information.
- the data server 51 stores “1-1” in the identification code information “000834” of the attribute item “address 3”. This information has no further associated information.
- the attribute item “address” is divided into “address 1”, “address 2”, and “address 3” in order from the top.
- the identification code information of the attribute item “address” is the identification code information of the first “address 1”.
- the identification code information of the attribute item “telephone” in the USB memory 2 of the member A is “200073”, and the storage destination information is “server 6”. Therefore, when the identification code information “200073” of the data server 56 is observed, “03” is stored as the attribute item “telephone 1”. Further, as the attribute item “telephone 2”, identification code information “380026” and “server 5” as storage destination information are stored in association with each other, that is, as linked information. Next, the data server 55 stores “1234” in the identification code information “380026” of the attribute item “telephone 2”.
- identification code information “740034” and “server 4” as storage destination information are stored in association with each other, that is, as linked information.
- the data server 54 stores “5678” in the identification code information “740034” of the attribute item “phone 3”. This information has no further associated information.
- the attribute item “telephone” is divided into “telephone 1”, “telephone 2”, and “telephone 3” in order from the top.
- the identification code information of the attribute item “telephone” is the identification code information of the first “telephone 1”.
- each attribute information is divided according to a predetermined rule, distributed according to a predetermined rule, and distributed and stored in the data servers 51 to 56.
- the division rule is divided in basic units of information or in units of a predetermined dimension.
- a mode in which mechanical division is equally performed or equal division into a predetermined number may be employed.
- the divided attribute information is called divided attribute information, and the code for identifying the divided attribute information is called divided identification code information.
- the distribution rule may be set randomly using a random number generated from a random number generator (in this embodiment, a numerical value “1” to “6”), or may be set in advance. Rules may be adopted. It is preferable that continuous division attribute information is not continuously stored in the same data server.
- the browsing permission assigning unit 112 displays the attribute information list (see FIG. 3) stored in the attribute information list storage unit 22 of the USB memory 2 on the display unit 15 and operates the operation unit 14 to operate the required attribute.
- the item is instructed.
- the attribute item instruction is for permitting a specific member to view the contents of a predetermined attribute item in his / her attribute information.
- the USB memory 2A is attached to the terminal 1A, and the member A, for example, the name and address attribute items are permitted to be viewed by any member, for example, the member B.
- the browsing permission granting unit 112 has information of a specific member designated by the operation unit 14, for example, member B, and a read program file including the specified operation content and a browsing permission signal.
- the browsing permission means that the management unit of the member server 3 through the execution of the read program file including the designated operation content and the browsing permission signal received by the member B from the member A via the member server 3 as will be described later.
- accessing (calling) 4 it is possible to view or acquire the attribute information of the name and address of the authorized member A.
- a member terminal may be specified.
- This process assumes that, for example, member A who is a consumer makes a purchase at member B's store and pays with this network system.
- member B which is a store, needs to issue a bill to member A.
- the member B needs to know the name and address of the member A described in the invoice, so that the member A passes the member server 3 to the terminal 1B of the member B with his / her personal information.
- a process for permitting browsing of a certain name and address is performed.
- member A has a certain certificate issued by member B such as an organization
- member B needs to know the predetermined information of member A, such as the name and date of birth. is there.
- the member A performs a process for permitting the terminal 1B of the member B to browse the name and date of birth as the personal information of the member B via the member server 3.
- the designated operation content includes the content of the designated attribute item and the attribute information list in the USB memory 2, that is, the read program file in which the attribute item, its identification code information, and storage destination information are placed as constant values. It is.
- the attribute information list itself may be included in the browsing permission grant information between the terminals 1A and 1B. In this case, when the terminal 1B makes a call to the member server 3, it may be configured to send and receive information about only the attribute items permitted to be viewed.
- the call setting unit 113 generates a call signal as a browsing request in the database 5 by attaching the designated operation content and the browsing permission signal received from another member, and the generated call signal is the communication processing unit 118. Is transmitted to the member server 3.
- the transmission permission may be determined based on the presence / absence of the browsing permission signal in the received signals from other members. It is preferable that a rule is set in advance for the browsing permission signal. When there is no browsing permission signal or when it is wrong, it can be determined as an unauthorized access.
- the browsing permission signal may be a specially created signal, or another signal, for example, partner information for permitting browsing.
- the read program file execution unit 114 receives and executes a read program file corresponding to the call content.
- the encryption processing unit 115 performs the same processing on the authentication information in the USB memory 2 and the contents of the attribute information list in addition to the encryption on the information exchanged with the member server 3. As a result, the contents of the authentication information and the attribute information list in the USB memory 2 are encrypted and stored by the encryption program at that time. Therefore, easy decoding is prevented. Note that a decryption program paired with the encryption program executed by the encryption processing unit 115 is also taken into the terminal 1 at the same time, and information read from the USB memory 2 executes the decryption program. Decrypted by the decryption processing unit 116. Next, when it is transmitted to the member server 3, it is re-encrypted by the latest received encryption / decryption program.
- FIG. 4 is a diagram showing an example of a read program file. More specifically, it shows an example of a list of the read program file A, and includes a constant value and a logic part.
- the constant value is described (coded) in the program in association with the logic part, and is generated as one executable file (program file) when compiled.
- it is uniformly called a read program file.
- This division identification code information (ID), this division attribute information, this division corresponds to the four pieces of information of division identification code information (ID) for identifying the next (NEXT) division attribute information in the division order with respect to the attribute information and the storage information of the next (NEXT) division attribute information. To do.
- the next (NEXT) division identification code information (ID) and the next (NEXT) storage location information are the associated information described above. In the case of the last division attribute information in the division order, there is no next division attribute information, so only the last division identification code information (ID) and division attribute information are provided.
- the logic part includes the output (OUTPUT) of the current division attribute information, the next (NEXT) storage location information, and the next (NEXT) division identification code information call (CALL). With this output, the division attribute information is output and displayed on the display unit 15, for example.
- the call executes a read request for the corresponding read program file in the same manner as the previous time in accordance with the next storage location information.
- the read program file execution unit 114 finishes the output and the call up to the last divided attribute information of each specified attribute item, the read program file execution unit 114 sequentially combines the divided attribute information for each attribute item and displays the combined attribute information on the display unit 15. .
- the output mode may be output to a printer, audio output from a speaker, or only temporary writing processing in the RAM 13 as necessary.
- the management unit 4 also executes a process of changing (changing) the distributed storage status of the divided attribute information of the data servers 51 to 56 according to a predetermined condition including regular or irregular.
- the update processing unit 117 rewrites the storage location information of the corresponding attribute item in the USB memory 2 when the storage location information of the first division attribute information is changed by the management unit 4.
- the execution result can be reflected (updated) in the USB memory 2 at that time.
- the change process is executed while the USB memory 2 is not attached, and the next attribute when the member's USB memory 2 is attached to the terminal 1 next time. If there is a change history for the information, the update process may be executed first.
- the control unit 11 is connected to a ROM 12 storing an operation system (OS) and the like, and a RAM 13 storing various application software and information being processed.
- the RAM 13 includes a general-purpose AP storage unit 131, a specific AP storage unit 132, a file storage unit 133 that stores a created document and a written file, a read program file storage unit 134 that temporarily stores a received read program file, and an encryption A decryption program storage unit 135 and a decryption program storage unit 136.
- the management unit 4 includes a control unit 41 composed of a CPU.
- a ROM 42 and a RAM 43 are connected to the control unit 41.
- the CPU of the control unit 41 executes a program developed on the RAM 43, thereby dividing the attribute information at the time of member registration and performing a distributed storage, and a corresponding reading program call in response to a call signal.
- a read program file sending unit 412 that controls sending to the original terminal 1, an encryption / decryption program setting unit 413 that selects a plurality of encryption and decryption programs prepared in advance, and transmission information to the terminal 1 are set.
- the read program file sending unit 412 When the read program file sending unit 412 receives the call signal designating the data server corresponding to the storage destination information, the read program file sending unit 412 stores the read program file including the constant value and the logic part stored in the data server. This is a reply to the terminal 1.
- the read program file that is the attribute information list in the USB memory 2 ⁇ / b> A of the member A is transmitted to the member server 3 and temporarily stored.
- the temporarily stored read program file of member A is transmitted to terminal 1B. That is, the member B attribute information acquisition process by the member B is started by executing the read program file that is the member A attribute information list.
- the USBID is attached to the member A's read program file, and the management unit 4 of the member server 3 monitors the presence / absence of the USBID to determine whether or not the file is an illegally read program file. You may do it.
- the management unit 4 of the member server 3 sends an unauthorized read program file of the member A to the terminal 1B, and then illegally determines whether the USBID attached to the read program file is received as an inquiry signal from the terminal 1B. It may be determined whether or not there is.
- the terminal 1B cannot execute the read program file of the member A received from the member server 3 as it is, and the execution ban that is returned from the management unit 4 to the terminal 1B in response to the reception of the inquiry signal.
- An execution condition is that a signal is received.
- the encryption / decryption program setting unit 413 prepares a large number of paired encryption programs and decryption programs in the encryption / decryption program storage unit 431, from which the member server 3 transmits them to the terminal 1 side.
- the encryption program and the decryption program for performing encryption and decryption are respectively changed for the information to be transmitted and the information transmitted from the terminal 1 to the member server 3.
- the encryption / decryption program setting unit 413 transmits the set encryption program and decryption program to the terminal 1 and stores them in the encryption program storage unit 135 and the decryption program storage unit 136 of the RAM 13.
- the encryption / decryption program setting unit 413 executes the change process every time the USB memory 2 is attached and the attribute information browsing process is executed.
- the present invention is not limited to this, and when the member operates through the operation unit 14, the change process may be performed every time the number of browsing processes reaches a predetermined number or every time a predetermined time elapses. .
- a substitution expression that replaces a character or phrase in a general format with another character or symbol (group) a character substitution expression that replaces a single character with another character / symbol (group), two characters, or three
- a spelling substitution formula that changes a character group such as a character to another character or symbol (group)
- a dictionary formula that changes to another character or symbol group in units of characters, words, phrases, short sentences, etc., or two or more substitution tables A multi-table expression that encrypts while changing the table according to the rules, and a random number (character) expression that encrypts by adding a random number (letter) to a single-format ciphertext converted to a number (character)
- Encrypted text that is frequently updated using lexicographic or spelling ciphers is often updated with character substitutions, secondary expressions that are encrypted with spelling substitutions, and the first part is used as the key, and then the original text or cipher is
- the encryption processing unit 414 and the decryption processing unit 415 decrypt the information received from any one of the terminals 1 with a decryption program that has been set most recently with the terminal 1, and the decrypted information is transmitted to another terminal. Before being transmitted to 1, the data is encrypted with the encryption program set most recently with the other terminal 1.
- the change processing unit 416 changes (changes) the storage location of the divided attribute information, and the change process is executed every time the USB memory 2 is attached and the attribute information browsing process is executed.
- the change process is performed by changing the storage location of “Taro” of “Name”, which is the division attribute information, from “Server 5” to “Server 3” in the “Name” attribute item.
- the NEXT storage location information of the data server 51 is rewritten from “server 5” to “server 3”, and the information of “ID: 006125, name, Taro” in the data server 55 before the change is changed.
- the data server 53 is rewritten (and deleted from the data server 55).
- the storage destination information in the corresponding attribute item of the USB memory 2 is updated. Updated by the unit 117.
- the shuffle relation storage unit 432 of the RAM 43 stores the result changed for each member by the change processing unit 416. For example, the content of the attribute information list of the USB memory 2 when the storage information of the first divided attribute information at the time of initial member registration is changed to “server 3” next time is “server 3”. Until the call is updated, if the call related to the viewing request for the attribute item of the member from the terminal 1 is “server 1”, the call destination is changed with reference to the shuffle relation storage unit 432 To “Server 3”. Then, when the contents of the USB memory 2 are updated, the change information of the storage location information of the member in the shuffle relation storage unit 432 may be deleted. It is possible to adopt a mode in which the contents of the USB memory are not updated. In this case, the shuffle relation storage unit 432 creates a comparison table between the first storage destination information and the latest storage destination information whenever there is a change. This will be possible.
- FIG. 5 is a flowchart for explaining the procedure of member information registration processing executed by the control unit 41 of the management unit 4.
- the attribute information is divided in order according to a predetermined rule, for example, from the top side (that is, from one end to the other end).
- Information is created, and in the created division attribute information, the division identification code information and storage location information of the next division attribute information are set as linked information (step S1).
- the order of attribute items is represented by c
- the division order is represented by d.
- step S15 a read program file that is information stored in any of the data servers 51 to 56 of the database 5 in order Is created (step S11) and transmitted (step S13).
- This transmission is preferably performed with the information encrypted.
- the encryption is performed by an encryption program among encryption and decryption programs set in advance between the terminal 1 and the member server 3. Until the next call, the memory is maintained in the state encrypted by the encryption program. Thereby, the confidentiality of information on the member server 3 side is maintained.
- FIG. 6 is a flowchart for explaining the procedure of the USB memory 2 attachment determination process executed by the control unit 11 of the terminal 1.
- a handshake signal is periodically transmitted to the USB port P1, and the state of the USB port P1 is determined (step S21).
- the attachment is confirmed by returning a response signal in response to the handshake signal (step S23).
- the response signal is not returned (NO in step S21), and the process exits this flow.
- a response signal is returned, it is assumed that the USB memory 2 is attached and the specific AP can be executed (step S25).
- FIG. 7 is a flowchart for explaining the procedure of the member information browsing permission grant process executed by the control unit 11 of the terminal 1.
- the presence / absence of an operation for designating a member who is permitted to browse is determined (step S31). If there is a designating operation, the presence / absence of an operation for designating an attribute item that is permitted to be browsed is determined (step S33). If it is determined that an attribute item designation operation has been performed, the terminal information of the other party to be authorized is attached to the read program file including the attribute information list and the designated attribute item information, and the member server is used as a browsing permission grant signal. 3 to the management unit 4 (step S35).
- designated time of the other party's terminal 1 may be before and after designation
- the browsing permission grant signal transmitted to the management unit 4 of the member server 3 is transmitted after being encrypted by the encryption program set with the terminal 1. Therefore, after receiving, the management unit 4 performs decoding using the set decoding program.
- FIG. 8 is a flowchart for explaining the procedure of the member information browsing permission information reception process executed by the control unit 11 of the terminal 1.
- a new browsing permission grant signal has been received from the management unit 4 of the member server 3 (step S41), and if received, the buffer unit of the terminal 1 (even in a predetermined buffer area in the RAM 13). Is taken in (step S43).
- step S45 it is determined whether or not the terminal 1 is operating (step S45). If the terminal 1 is operating, it is written, for example, in a list in accordance with the chronological direction, for example, in an e-mail reception history (step S49).
- the terminal 1 waits for activation (YES in step S47), and is written in the e-mail reception history in step S49. Note that this flow is exited when the signal is not a new browsing permission grant signal (NO in step S41) and the terminal 1 is not operating (power off) (NO in step S47).
- the browsing permission grant signal is encrypted on the member server 3 side using an encryption / decryption program set in advance with the counterpart terminal 1 as described later, Decoding is performed on the terminal 1 side of the other party.
- the browsing permission grant signal may be transmitted directly from the terminal 1 that permits browsing to the terminal 1 that is permitted to browse or in parallel with transmission to the member server 3. Good.
- the present embodiment (indirect) performed through the member server 3 is substantially transmitted from the terminal 1 that permits browsing to the terminal 1 that permits browsing.
- FIG. 9 is a flowchart for explaining the procedure of the writing process to the USB memory 2 executed by the control unit 11 of the terminal 1.
- step S61 it is determined whether or not the USB memory 2 is mounted. If it is determined that the USB memory 2 is mounted, the first divided identification code information for each attribute item is determined from its own attribute information written in the member server 3. And the storage location information are encrypted and written, and the attribute information list is written (step S63).
- FIG. 10 is a flowchart for explaining the procedure of the member information acquisition request (call to the member server 3) process executed by the control unit 11 of the terminal 1.
- step S71 it is determined whether or not the USB memory 2 is mounted. If it is determined that the USB memory 2 is mounted, it is determined whether or not there is an operation for a call from the operation unit 14 (step S73). When there is an operation for a call, a call signal is created based on the browsing permission information and further encrypted (step S75). Next, this first call signal is transmitted to the management unit 4 of the member server 3 (step S77). On the management unit 4 side of the member server 3, the data server corresponding to the storage location information of the attribute item included in the call signal is designated from the data servers 51 to 56.
- FIG. 11 is a flowchart for explaining the read program file reply process executed by the control unit 41 of the management unit 4.
- the presence / absence of a call (including the first call) is determined (step S91).
- a decoding process is performed on the received call signal (step S93).
- a data server corresponding to the storage location information in the call signal is selected (step S95).
- information of the read program file corresponding to the division identification code information in the call signal is selected and encrypted. (Step S97).
- the encrypted information is returned to the caller terminal 1 (step S99). If there is no call in step S91, the process exits this flow.
- FIG. 12 is a flowchart for explaining the procedure of the read program file execution process executed by the control unit 11 of the terminal 1.
- a reply signal that is, a read program file is received from the member server 3 (step S111), and if received, decryption is executed (step S113), and the read program file is executed.
- the execution result is output to the display unit 15 (step S115).
- the process exits this flow.
- step S117 the presence / absence of linked information, that is, the division identification code information in the next order and its storage location information is determined in the reply signal received this time (step S117). If there is next linked information, a call signal is created and encrypted based on the next division identification code information and its storage location information (step S119) and transmitted to the management unit 4 of the member server 3. (Step S121), this flow is finished. On the other hand, if there is no next linked information in step S117, it is determined whether or not all of the attribute items permitted to be browsed are finished (step S123), and if there are remaining attribute items, it corresponds to the next attribute item.
- a call signal is created based on the information in the attribute information list, encrypted (step S125), and transmitted to the management unit 4 of the member server 3 (step S127). On the other hand, if the call processing is completed for all the attribute items permitted to be browsed in step S123, this flow ends. After the call signal is transmitted in steps S121 and S127, a reply signal from the member server 3 is in a standby state (NO in step S111).
- the read program file that has already been executed may be deleted immediately, but in this embodiment, the read program file is deleted after completion of the predetermined processing as follows. That is, when two read program files adjacent to each other in the order of division are compared to the read program file of the “parent and child”, the child read program file returned this time is the source of the reply after decoding.
- a parent-child relationship authentication process is first executed with the parent read program file returned immediately before.
- the information for the parent-child relationship authentication is created by, for example, so-called tally information, and may be created at the time of creation of a child call signal (for reading a child reading program file) or by joining.
- the child read program file may have been created illegally.
- the parent read program file may be deleted after the authentication process is completed. Further, in the case where the execution result is output to the display unit 15 on the condition that the read program file is executed for all the attribute items to which browsing permission is given, the authentication denial is halfway through the processing. When such unauthorized access is discovered, no attribute information is displayed on the display unit 15, which is preferable.
- FIG. 13 is a flowchart for explaining the procedure of the encryption / decryption program change process executed by the control unit 41 of the management unit 4.
- the change condition may be one before or after the member information acquisition process.
- a stage of handshake (session) signal exchange with the management unit 4 before issuing the first call signal and after the member information acquisition process is a series of call signals This is a point in time before the reply signal is sent and the line is disconnected.
- it may be every time information communication occurs with the member server 3, or may be preset every hour or time, and further may be every number of communications or every traffic.
- the encryption / decryption program is shuffled (step S143).
- the shuffle process may be random or based on a predetermined rule. It is desirable that the predetermined rule includes at least one of the information on the time, the amount of communication information, and the number of times of communication described above because it is substantially random.
- the encryption / decryption program is adopted for information communication between a certain terminal 1 and the member server 3, and is a mode in which information is exchanged (typically, a certain terminal). It is preferable to use different encryption programs for the call signal from the one side and the return signal from the member server 3 in response to the call signal (ie, the forward path and the return path). The encryption / decryption program is changed and set.
- step S145 one of the changed encryption / decryption programs of each pair is transmitted to the caller terminal 1 (step S145), and this flow is finished.
- the encryption / decryption program transmitted to each terminal 1 is written in the shuffle relationship storage unit 32 in a state where it can be browsed.
- FIG. 14 is a flowchart for explaining a procedure for changing the storage destination of the division attribute information executed by the control unit 41 of the management unit 4.
- Information storage location change processing is executed (step S153).
- the change process may be performed for at least one kind of attribute item of the member who has permitted the browsing, or may be performed for all the attribute items.
- the change process may be executed for a different attribute item each time.
- the storage location information of the division attribute information at the beginning of the attribute item (in this embodiment, the same as the attribute information in the attribute information list of the USB memory 2 as shown in FIG. 3) is changed, and the second and later in the division order.
- the storage location information (corresponding to the above-described tied information) of the divided attribute information is considered to be changed.
- the present invention only needs to be changed for at least one of them.
- the change processing includes rewriting of the linked information portion of the target divided attribute information and rewriting between data servers actually stored as constant values for the target attribute item.
- the target split attribute information is sequentially selected, and each of the current data servers 51 to 56 is changed from the current data server 51 to 56 according to a random or predetermined rule. It is executed by setting.
- an actual information rewrite process is executed for the data servers 51 to 56 (step S155).
- the rewriting is a process for changing the storage location information of the linked portion, and updating the division attribute information, the division identification code information, and the storage location information for the data server before and after the change.
- step S157 it is determined whether or not the storage location of the first division attribute information has been changed.
- the storage location of the first divided attribute information is changed, it is necessary to update the storage location information of the target attribute item in the attribute information list of the USB memory 2, so that the change result is permitted to be viewed. It is transmitted to the terminal 1 of the member who made it (step S159).
- FIG. 15 is a flowchart for explaining the procedure of the attribute information list update process executed by the control unit 11 of the terminal 1.
- step S171 it is determined whether or not the USB memory 2 is mounted. If it is determined that the USB memory 2 is mounted, it is determined whether or not storage destination change result information is received from the member server 3 (step S171). S173). If the storage destination change result information is received, the storage destination information of the corresponding attribute item in the attribute information list of the mounted USB memory 2 is updated according to the change result (step S175). On the other hand, if the USB memory 2 has been removed in step S171, no information is received due to the confidentiality of the information, and this flow ends.
- the attribute list is encrypted and stored in the form of a read program file
- the partial update in the attribute information list of the USB memory 2 is temporarily read out and decrypted to the terminal 1 side. After performing a predetermined update process, the data is encrypted again and written to the USB memory 2.
- the member information acquisition process may be restricted so as to be performed from its own terminal 1.
- the determination can be made, for example, by comparing the authentication information of the mounted USB memory 2 with the identification information set in advance in the terminal 1.
- the specific application software stored in the specific AP storage unit 132 is stored in the member server 3 or a corresponding program authentication server, and is downloaded from the program authentication server and installed. preferable. Thereby, it is possible to execute the specific application software installed in the terminal 1 in an appropriate state by applying a virus countermeasure to the program authentication server.
- virus information can be obtained by using code information (hash value code, etc.) created by using the program, header information, etc., periodically calculating the hash value code, and checking it against the first code. It is possible to determine the possibility of the application, and to effectively prohibit the execution of application software that may be infected with a virus.
- the number of data servers is six, the number is not limited to this, and an appropriate number can be set in terms of the number of types of attribute items, the number of divisions of attribute information, and securing dispersibility.
- the information to be changed may include the division attribute code information in addition to the storage location information to further improve the confidentiality.
- the description of the process of inputting the member ID as a password and authenticating whether or not the USB memory 2 is attached to the terminal 1 by a legitimate member has been omitted.
- an authentication method when the USB memory 2 is attached to the terminal 1, a screen for prompting the input of a password is displayed, a required password is received, transmitted to the member server 3 in pairs with the USBID, and the member server 3 It is determined whether or not the member is a legitimate member by collating with the member ID of each member for collation stored in advance. In the case of mismatch, a prohibition signal transmitted from the member server 3 side is received, and processing for prohibiting all execution of the specific AP of the terminal 1 is performed.
- the following methods are also conceivable as other methods of member authentication.
- it is a method of determining the legitimacy of the person who has attached the USB memory 2 to the terminal 1 by communicating with the member server 3 using other information communication means.
- the member server 3 is configured to have a communication function capable of communicating with the other information communication means, and a function for collating the received information with the identification information of the information communication means registered at the time of enrollment, a collation result It is only necessary to further provide a function of determining whether the terminal is legitimate according to the above and issuing an operation permission signal to the terminal 1.
- the present invention selectively transmits the above data to the information processing terminal possessed by the member, which is the access source, from the server storing each piece of information of the plurality of attribute items for identifying the member.
- the server has divided attribute information in which attribute information in each attribute item is divided into at least two in order from one end side to the other end side according to a predetermined rule Each of the division attribute information, the division identification code information for identifying the division attribute information, the division identification code information of the division attribute information of the next order in the ordering, and the location of the division attribute information of the next order.
- a plurality of information storage units in which read program files for storing storage destination information for indicating as constant values are distributed and stored.
- Read program file sending means for returning a read program file corresponding to the divided identification code information from the information storage unit to the information processing terminal of the access source, wherein the information processing terminal is the one end of the member attribute information From the information storage unit to the division identification code information, the division identification code information from the first to the other end and the corresponding storage location information are sequentially transmitted to the information storage unit corresponding to the storage location information.
- the terminal communication processing means for receiving the read program file, and the received read program file are executed to read each division attribute information of the attribute item to the output unit, and the next division identification code information is sequentially divided into the division Read to the terminal communication processing means to transmit to the information storage unit corresponding to the storage location information of the identification code information It is characterized in that a program execution processing unit.
- one attribute information is divided into a plurality of divided attribute information.
- the server also has a plurality of information storage units, and is distributed and stored in the plurality of information storage units according to the division identification code information and the storage location information for each division attribute information. Therefore, even if one piece of division attribute information is wiretapped, only the division identification code information and storage location information in the following order can be obtained in this information. Information cannot be collected.
- associating the divided information with linked information so that attribute information is not included when calling to the information storage unit, and the attribute information is set as a constant value of the read program file, a reply from the server is also possible Decoding is difficult, and the information itself is prevented from being stolen.
- the program execution processing unit combines the read division attribute information according to the ordering and reproduces the information on the output unit. According to this configuration, the divided attribute information is automatically reproduced.
- the terminal communication processing unit receives the one-end division identification code information and the storage location information on the member attribute item from another member's information processing terminal, the one-end division identification code It is preferable that transmission of information and its storage location information to the information storage unit is permitted.
- a browsing permission signal transmitted directly or indirectly (that is, via the server) from the member who is the granting authority of browsing permission is received, and the received information is used to Since it is possible to make a call for acquiring member attribute information, unauthorized access (call) can be prevented, and operation at the time of the call is facilitated.
- the information processing terminal includes first and second operation units and a connection unit to which a portable member external storage medium possessed by a member can be attached and detached.
- the division identification code information at one end and the corresponding storage location information for each attribute item of a member who is a member are stored, and the terminal communication processing means is configured such that the member external storage medium is connected to the connection unit.
- the corresponding storage location information is transmitted to the server with the information on the information processing terminal designated by the second operation unit, and the server stores the division identification code information at the one end and the corresponding storage.
- Destination information It is preferable to transmit to the information processing terminal that is specified by the second operation unit. According to this configuration, a desired designation operation is facilitated by the first operation unit using the storage information in the member external storage medium. In addition, it is desirable from the point of secrecy that the storage information in the member external storage medium is in the form of a read program file.
- a management server that manages the information storage unit on the network, the management server for each predetermined condition, the division identification corresponding to the division attribute information in the next order stored in the information storage unit; It is preferable to provide a change processing means for changing the storage location of the code information between the information storage units and rewriting the content of the information storage unit before the change to the information storage unit after the change according to the change content. According to this configuration, it is possible to appropriately change the storage location of so-called tied information and its divided attribute information, and high confidentiality can be achieved against unauthorized access.
- the change processing means updates an update instruction signal for updating the contents of the member external storage medium attached to the connection unit when the information to be changed is storage destination information of the one-side split attribute information To the information processing terminal attached to the connection unit, and the information processing terminal updates the content of the attached member external storage medium in accordance with the received update instruction signal. It is preferable to provide an update processing means. According to this configuration, the content of the member external storage medium is updated by changing the divided attribute information at one end of the attribute information, for example, the head side, so that the external storage medium that has not been updated is illegal. It becomes possible to check as.
- the predetermined condition is that the member external storage medium is attached to the connection unit. According to this configuration, when the member external storage medium is attached to the connection unit, the storage destination is changed, so that it is impossible to eavesdrop on specific information by unauthorized access.
- the change processing means perform the change at random. According to this configuration, since the storage destination cannot be predicted, unauthorized access is effectively prevented.
- the change processing means performs the rewriting on a member basis. According to this configuration, since rewriting is performed depending on the circumstances of each member or independently of it, unauthorized access aimed at a specific member is effectively prevented.
- the change processing means performs the rewriting on a member-by-member attribute item basis. According to this configuration, by making it possible to change the storage destination for a part of member attribute information, it is possible to perform a change process rich in elasticity.
- the management server includes server encryption processing means for encrypting a read program file to be transmitted to the information processing terminal, and server decryption processing means for decrypting information transmitted encrypted from the information processing terminal.
- the information processing terminal includes: a terminal encryption processing unit that encrypts information to be transmitted to the server; and a terminal decryption processing unit that decrypts the encrypted read program file received from the server. It is preferable to provide. According to this configuration, since the information exchanged between the information processing terminal and the management server is encrypted, the confidentiality is improved.
- the management server includes a plurality of encryption programs and decryption programs corresponding to each other, and a predetermined encryption program is stored in each communication with an information processing terminal in which the member external storage medium is mounted.
- a pair of decryption programs is set, and the set pair of encryption program and decryption program is transmitted to the information processing terminal.
- the information processing terminal includes a third operation unit, and the terminal communication processing unit performs the third identification for the division identification code information and the storage destination information related to the division attribute information at the one end of the attribute information ordering. It is preferable that a transmission instruction is received from the operation unit to perform transmission. According to this configuration, since the attribute information is finally combined and reproduced by an operation of instructing information that is not the attribute information itself such as a so-called leading identification code or storage destination, the instruction operation becomes easy.
- the attribute item preferably includes a name and an address. According to this configuration, it is possible to protect basic personal attribute information such as name and address under high confidentiality.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Stored Programmes (AREA)
Abstract
Description
11 制御部
111 認証処理部
112 閲覧許可付与部
113 コール設定部(端末通信処理手段の一部)
114 読出プログラムファイル実行部(端末通信処理手段の一部、プログラム実行処理手段)
115 暗号処理部
116 復号処理部
117 更新処理部(更新処理手段)
118 通信処理部118(端末通信処理手段の一部)
132 特定AP記憶部
134 読出プログラムファイル記憶部
14 操作部
15 表示部(出力部)
2 USBメモリ(会員用外部記憶媒体)
22 属性情報リスト記憶部
3 会員サーバ(サーバ)
4 管理部(管理サーバ)
41 制御部
411 登録処理部
412 読出プログラムファイル送出部(読出プログラムファイル送出手段)
413 暗号/復号プログラム設定部
414 暗号処理部(サーバ暗号化処理手段)
415 復号処理部(サーバ復号化処理手段)
416 変更処理部(変更処理手段)
417 通信処理部
431 暗号化・復号化プログラム記憶部
432 シャッフル関係記憶部
5 データベース
51~56 データサーバ(情報記憶部)
7 ネットワーク
Claims (14)
- 会員を識別するための複数の属性項目の各情報を記憶するサーバからネットワークを介して、アクセス元である、会員の所持する情報処理端末に上記データを選択的に送信し、出力部に導く情報管理システムにおいて、
前記サーバは、
各属性項目内の属性情報が所定のルールで一方端側から他方端側に向けて順序付けて少なくとも2以上に分割された分割属性情報のそれぞれについて、分割属性情報及び当該分割属性情報を識別するための分割識別コード情報と、前記順序付けにおける次の順序の分割属性情報の分割識別コード情報及び前記次の順序の分割属性情報の所在を示すための格納先情報とを定数値として置くための読出プログラムファイルがそれぞれ分散して格納される複数の情報記憶部と、
指定された前記情報記憶部から分割識別コード情報に対応した読出プログラムファイルをアクセス元の情報処理端末に返信する読出プログラムファイル送出手段とを備え、
前記情報処理端末は、
会員の属性情報のうちの前記一方端から前記他方端までの各分割識別コード情報及び対応する格納先情報を指定用として、順次、格納先情報に対応した情報記憶部に送信すると共に前記情報記憶部から前記分割識別コード情報に対応する前記読出プログラムファイルを受信する端末通信処理手段と、
受信した前記読出プログラムファイルを実行して、前記属性項目の各分割属性情報を前記出力部に読み出すと共に、順次次の分割識別コード情報を当該分割識別コード情報の格納先情報に対応する前記情報記憶部に送信するべく前記端末通信処理手段に読み出すプログラム実行処理手段とを備えたことを特徴とする情報管理システム。 - 前記プログラム実行処理手段は、読み出した分割属性情報を順序付けに従って結合し、前記出力部に再生することを特徴とする請求項1に記載の情報管理システム。
- 前記端末通信処理手段は、会員の属性項目についての前記一方端の分割識別コード情報及びその格納先情報を他の会員の情報処理端末から受信した場合に、当該前記一方端の分割識別コード情報及びその格納先情報の前記情報記憶部への送信が許可されることを特徴とする請求項1又は2に記載の情報管理システム。
- 前記情報処理端末は、第1、第2の操作部と、会員が所持する携行型の会員用外部記憶媒体が着脱可能な接続部とを備え、
前記会員用外部記憶媒体には、所持者である会員の前記属性項目毎の前記一方端の分割識別コード情報及び対応する格納先情報が記憶されており、
前記端末通信処理手段は、前記会員用外部記憶媒体が前記接続部に接続されて前記情報処理端末と通信可能にされた状態で、前記第1の操作部によって選択された前記会員用外部記憶媒体の記憶内容の全部又は一部の属性項目の前記一方端の分割識別コード情報及び対応する格納先情報を、前記第2の操作部によって指定された前記情報処理端末の情報を付して前記サーバに送信し、
前記サーバは、前記一方端の分割識別コード情報及び対応する格納先情報を前記第2の操作部によって指定された前記情報処理端末に送信することを特徴とする請求項1~3のいずれかに記載の情報管理システム。 - 前記ネットワーク上に前記情報記憶部を管理する管理サーバを備え、
前記管理サーバは、所定の条件毎に、前記情報記憶部に記憶された、次の順番の分割属性情報に対応する分割識別コード情報の格納先を前記情報記憶部間で変更すると共に、前記変更内容に従って、変更前の前記情報記憶部の内容を変更後の情報記憶部に書き換える変更処理手段を備えたことを特徴とする請求項4に記載の情報管理システム。 - 前記変更処理手段は、前記変更される情報が前記一方端の分割属性情報の格納先情報である場合、前記接続部に装着された前記会員用外部記憶媒体の内容を更新する更新指示信号を、前記会員用外部記憶媒体が前記接続部に装着された情報処理端末に送信し、
前記情報処理端末は、受信した更新指示信号に従って、装着された前記会員用外部記憶媒体の内容を更新する更新処理手段を備えることを特徴とする請求項5に記載の情報管理システム。 - 前記所定の条件は、前記会員用外部記憶媒体が前記接続部に装着された場合であることを特徴とする請求項5又は6に記載の情報管理システム。
- 前記変更処理手段は、前記変更を無作為に行うことを特徴とする請求項5~7のいずれかに記載の情報管理システム。
- 前記変更処理手段は、前記書き換えを会員単位で行うことを特徴とする請求項5~8のいずれかに記載の情報管理システム。
- 前記変更処理手段は、前記書き換えを会員個々の属性項目単位で行うことを特徴とする請求項5~8のいずれかに記載の情報管理システム。
- 前記管理サーバは、前記情報処理端末に送信する読出プログラムファイルを暗号化するサーバ暗号化処理手段と、前記情報処理端末から暗号化されて送信される情報を復号化するサーバ復号化処理手段とを備え、
前記情報処理端末は、前記サーバに送信する情報を暗号化する端末暗号化処理手段と、前記サーバから受信する暗号化された読出プログラムファイルを復号化する端末復号化処理手段とを備えていることを特徴とする請求項5~10のいずれかに記載の情報管理システム。 - 前記管理サーバは、互いに対応する暗号化プログラム及び復号化プログラムを複数備え、前記会員用外部記憶媒体が装着された状態の情報処理端末との通信毎に、その内から所定の暗号化プログラム及び復号化プログラムの対が設定され、設定された暗号化プログラム及び復号化プログラムの対が当該情報処理端末に送信されることを特徴とする請求項5~11のいずれかに記載の情報管理システム。
- 前記情報処理端末は、第3の操作部を備え、
前記端末通信処理手段は、前記属性情報の順序付けの前記一方端の分割属性情報に関する分割識別コード情報及び格納先情報に対する前記第3の操作部からの送信指示を受け付けて、送信を行うものであることを特徴とする請求項1~12のいずれかに記載の情報管理システム。 - 前記属性項目には、氏名及び住所が含まれることを特徴とする請求項1~13のいずれかに記載の情報管理システム。
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/JP2009/069257 WO2011058629A1 (ja) | 2009-11-12 | 2009-11-12 | 情報管理システム |
JP2011540355A JPWO2011058629A1 (ja) | 2009-11-12 | 2009-11-12 | 情報管理システム |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/JP2009/069257 WO2011058629A1 (ja) | 2009-11-12 | 2009-11-12 | 情報管理システム |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2011058629A1 true WO2011058629A1 (ja) | 2011-05-19 |
Family
ID=43991308
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2009/069257 WO2011058629A1 (ja) | 2009-11-12 | 2009-11-12 | 情報管理システム |
Country Status (2)
Country | Link |
---|---|
JP (1) | JPWO2011058629A1 (ja) |
WO (1) | WO2011058629A1 (ja) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2013012139A (ja) * | 2011-06-30 | 2013-01-17 | Yahoo Japan Corp | 情報管理装置及び方法 |
JP2015228084A (ja) * | 2014-05-30 | 2015-12-17 | 摩利夫 岡部 | 通信システム、並びにファイル保管システム |
JP2016164741A (ja) * | 2015-03-06 | 2016-09-08 | 日本電気株式会社 | 情報処理装置、情報処理方法、情報処理プログラム、及び、情報処理システム |
JP2016164740A (ja) * | 2015-03-06 | 2016-09-08 | 日本電気株式会社 | 情報処理装置、情報処理方法、情報処理プログラム、データ構造、及び、情報処理システム |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2001265633A (ja) * | 2000-03-21 | 2001-09-28 | Sanyo Electric Co Ltd | ファイル記録管理システムおよびファイル記録管理方法 |
JP2003046500A (ja) * | 2001-08-03 | 2003-02-14 | Nec Corp | 個人情報管理システム及び個人情報管理方法、並びに情報処理サーバ |
JP2004145755A (ja) * | 2002-10-25 | 2004-05-20 | Ntt Communications Kk | データ分割方法及びデータ復元方法並びにプログラム |
WO2007007643A1 (ja) * | 2005-07-12 | 2007-01-18 | Vodafone K.K. | プログラム及び移動通信端末装置 |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2004246642A (ja) * | 2003-02-14 | 2004-09-02 | Nissho Electronics Kk | 電子文書ファイル保管及び検索方法及びシステム |
-
2009
- 2009-11-12 JP JP2011540355A patent/JPWO2011058629A1/ja not_active Ceased
- 2009-11-12 WO PCT/JP2009/069257 patent/WO2011058629A1/ja active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2001265633A (ja) * | 2000-03-21 | 2001-09-28 | Sanyo Electric Co Ltd | ファイル記録管理システムおよびファイル記録管理方法 |
JP2003046500A (ja) * | 2001-08-03 | 2003-02-14 | Nec Corp | 個人情報管理システム及び個人情報管理方法、並びに情報処理サーバ |
JP2004145755A (ja) * | 2002-10-25 | 2004-05-20 | Ntt Communications Kk | データ分割方法及びデータ復元方法並びにプログラム |
WO2007007643A1 (ja) * | 2005-07-12 | 2007-01-18 | Vodafone K.K. | プログラム及び移動通信端末装置 |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2013012139A (ja) * | 2011-06-30 | 2013-01-17 | Yahoo Japan Corp | 情報管理装置及び方法 |
JP2015228084A (ja) * | 2014-05-30 | 2015-12-17 | 摩利夫 岡部 | 通信システム、並びにファイル保管システム |
JP2016164741A (ja) * | 2015-03-06 | 2016-09-08 | 日本電気株式会社 | 情報処理装置、情報処理方法、情報処理プログラム、及び、情報処理システム |
JP2016164740A (ja) * | 2015-03-06 | 2016-09-08 | 日本電気株式会社 | 情報処理装置、情報処理方法、情報処理プログラム、データ構造、及び、情報処理システム |
Also Published As
Publication number | Publication date |
---|---|
JPWO2011058629A1 (ja) | 2013-03-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109951489B (zh) | 一种数字身份认证方法、设备、装置、系统及存储介质 | |
JP5802137B2 (ja) | 安全なプライベート・データ記憶装置を有する集中型の認証システム、および方法 | |
JP5165598B2 (ja) | 秘密鍵とのアカウントリンク | |
KR100786551B1 (ko) | 복수 개의 방식에 의한 일회용 비밀번호의 사용자 등록,인증 방법 및 그러한 방법을 수행하는 프로그램이 기록된컴퓨터 판독 가능 기록 매체 | |
US10135614B2 (en) | Integrated contactless MPOS implementation | |
US8555079B2 (en) | Token management | |
EP3701668B1 (en) | Methods for recording and sharing a digital identity of a user using distributed ledgers | |
US8656180B2 (en) | Token activation | |
US20080059797A1 (en) | Data Communication System, Agent System Server, Computer Program, and Data Communication Method | |
CN103390124B (zh) | 安全输入和处理口令的设备、系统和方法 | |
US20120246075A1 (en) | Secure electronic payment methods | |
TW486902B (en) | Method capable of preventing electronic documents from being illegally copied and its system | |
JP2009526321A (ja) | 変化する識別子を使用して販売時点情報管理端末において取引を実行するためのシステム | |
KR20030057565A (ko) | 스프핑 방지 패스워드 보호 방법 및 장치 | |
WO2015060157A1 (ja) | 属性情報提供方法および属性情報提供システム | |
CN104662870A (zh) | 数据安全管理系统 | |
KR20130125316A (ko) | 패스워드의 보안 입력 및 처리 장치, 시스템 및 방법 | |
WO2013119914A1 (en) | Tokenization in mobile and payment environments | |
KR20030074483A (ko) | 서비스 제공자 장치로부터 네트워크를 통하여 서비스이용자 장치에 서비스를 제공하는 서비스 제공 시스템 | |
US7412603B2 (en) | Methods and systems for enabling secure storage of sensitive data | |
CN107332666A (zh) | 终端文件加密方法 | |
CN200993803Y (zh) | 网上银行系统安全终端 | |
KR100286904B1 (ko) | 분산 pc 보안관리 시스템 및 방법 | |
WO2011058629A1 (ja) | 情報管理システム | |
JP4256361B2 (ja) | 認証管理方法及びシステム |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 09851262 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2011540355 Country of ref document: JP |
|
32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 050912) |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 09851262 Country of ref document: EP Kind code of ref document: A1 |