JP2006053721A - Data deletion device, image forming device, data deletion method, and data deletion program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To safely and efficiently perform deletion of encrypted data stored in a storage means in a short time by using the property of encryption algorithm that "deletion of a predetermined quantity of an encrypted sentence disables decoding to a plane sentence". <P>SOLUTION: This device comprises a storage means selection part 31 selecting a storage means that is an object of data deletion, an encrypted data management part 32 extracting an encryption method of encrypted data stored in a storage means 16 and a minimum data quantity disabling decoding of the encrypted data by referring to an encrypted data management table, a deletion method selection part 34 selecting, based on the extracted encryption method, a deletion method of encrypted data by referring to a deletion method management table; and a data deletion processing part 36 overwrite-deleting the data in the minimum data quantity according to the selected deletion method. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to a data erasing device for erasing encrypted data (hereinafter referred to as encrypted data) from a storage means, an image forming apparatus equipped with the data erasing device, and data for erasing encrypted data stored in the storage means. An erasing method and a data erasing program that can execute the data erasing method, and that can safely and efficiently perform an erasing process using the properties of an encryption algorithm, an image forming apparatus, and data The present invention relates to an erasing method and a data erasing program.

  In recent years, various data storage means have been developed with the development of computers and mobile devices. Examples of computer storage means include a hard disk (hereinafter referred to as HDD), a magneto-optical disk (hereinafter referred to as MO), and an external storage device (hereinafter referred to as storage) such as a magnetic tape. Examples of the storage means of the mobile device include a memory card such as a PC card (registered trademark), a compact flash (registered trademark) card (hereinafter referred to as a CF card), and a smart media (registered trademark).

  In these storage means, data is divided into a file management area and an actual data area, and information such as the file name of the data, the storage location of the storage means, the directory name, and the creation date is stored in the file management area. The presence or absence of data in the storage means is determined based on the information in the file management area.

  For this reason, even if the data stored in the storage means is deleted by an operation of a computer or mobile device, the information in the file management area is only partially changed, and the actual data remains as it is. Further, even if these storage means are formatted, the actual data area remains as it is only by deleting the information in the file management area.

  By analyzing the data remaining in the actual data area, it is possible to infer information on the changed or deleted file management area. For this reason, data deleted or formatted by operation of a computer or mobile device cannot always be completely restored, but can be restored to the original data. In addition, for the sound reason of “rescuing an erroneously erased memory”, a lot of software for restoring data by such a method is commercially available. For this reason, anyone can easily restore the data stored in the storage means.

For this reason, when transferring or disposing of these storage means or a computer or mobile device equipped with the storage means, the confidential data stored in the storage means is restored and leaked or misused to develop a trouble. There is a problem.
Therefore, when transferring or discarding the storage means or the like, it is necessary to delete the data by a more reliable data erasing method so that the data deleted from the storage means cannot be restored. However, such a process requires a specialized engineer with a predetermined skill.

Therefore, a system is provided in which a normal user, not a professional engineer, can automatically operate a personal computer (hereinafter referred to as a PC) to overwrite and erase (whitening) data in the HDD (for example, , See Patent Document 1).
The system disclosed in Patent Document 1 includes, as means, an MS-DOS system, an automatic startup file that is automatically read by the MS-DOS system, and an overwrite erasure program that is started by the automatic startup file. The gist of the disk overwrite erasing system is that the overwrite erasure program includes information acquisition means for acquiring information related to the HDD of the PC and overwrite erasure means for overwriting the HDD with the acquired information.
Therefore, according to this system, the information related to the HDD is acquired by the overwrite erasure program, and the inside of the HDD is overwritten by the acquired information. Therefore, the overwrite erasure can be performed automatically and easily. It was.

  On the other hand, methods for preventing leakage of confidential information by encrypting data have been actively developed. In particular, today, as networks such as the Internet have advanced, information has great value, and accordingly, security for information has a great meaning as well. For this reason, "cryptographic technology" aimed at concealing information is positioned as one of the cores of many security technologies. It should be noted that the encryption means a special symbol or character, or a procedure or method thereof, which has been decided so that only the parties can understand the meaning so that only the parties understand. In addition, the process of converting “plain text”, which is the original text that the sender wants to send, into “cipher text” is “encryption”, and the receiver returns “cipher text” to “plain text” as “decryption ( ) ”. A procedure for performing encryption and decryption is called an “algorithm”, and parameters used for encryption and decryption are called “key” or “key”. That is, “plaintext” is encrypted to “ciphertext” by “key”, and “ciphertext” is decrypted to “plaintext” by “key”. Therefore, if the “key” is not leaked, the “plain text” is not leaked even if the “cipher text” is read.

Therefore, a content management device is provided that securely and efficiently deletes the encrypted data stored in the storage means by making it impossible to decrypt the “ciphertext” into “plaintext” by overwriting and deleting the “key”. (For example, see Patent Document 2).
According to the content management apparatus disclosed in Patent Document 2, a title key recording unit that records a title key for content encryption / decryption, and a content using a key recorded in the title key recording unit Decoding means for decoding in block units, time varying key extracting means for extracting time varying keys generated when each block in the content is decrypted by the decrypting means, and title key recording means Key update means for updating the title key with the time variable key extracted by the time variable key extraction means is provided. With such a configuration, the title key that is the “key” of the encrypted content is overwritten and erased by the time-varying key, and the encrypted content cannot be decrypted. As a result, the same effect as deleting the content itself stored in the storage means such as the HDD can be obtained.
JP 2001-344071 A JP 2003-101529 A

However, the above prior art has the following problems.
That is, according to the system shown in Patent Document 1, since all data in the HDD is overwritten and erased, the time required for processing is long. In addition, it is considered sufficient to perform overwriting and erasing with meaningless data once. However, when overwriting once, data is recorded on the HDD due to vibration caused by rotation of the drive. Because there is a possibility that the residual magnetism generated by the angle deviation between the magnetic head and the magnetic surface can be read by a special device, the standard for data erasure such as the NAS recommended method is random number, fixed data and its complement. It is recommended to erase the data by overwriting three times. For this reason, in order to perform the overwriting and erasing process with high quality, at least processing exceeding those standards is required, so the processing time becomes enormous. Furthermore, if the data is encrypted, the amount of data is usually larger than the plain text, and the processing time is longer.

Further, according to the content management apparatus disclosed in Patent Document 2, the title key that is the “key” of the encrypted content is overwritten and erased with the time-varying key, but the encrypted data remains in the storage unit. For this reason, there is a possibility that the encrypted data can be read or copied.
By the way, although it is difficult to decrypt the “ciphertext” without the “key”, it is possible to identify the “key” by analyzing the “ciphertext” with a high-performance computer. For this reason, the content management apparatus shown in Patent Document 2 cannot guarantee safety.

  The present invention has been proposed in order to solve the problems of the conventional techniques as described above. The encryption algorithm has the following message: “If a predetermined amount of ciphertext is lost, it cannot be decrypted into plaintext.” It is an object of the present invention to provide a data erasing apparatus, an image forming apparatus, a data erasing method, and a data erasing program that are capable of erasing encrypted data safely and efficiently in a short time by using the property.

  In order to achieve the above object, a data erasing apparatus according to the present invention is a data erasing apparatus for erasing encrypted data stored in a storage means, as described in claim 1, wherein the encrypted data is decrypted. An overwriting erasure processing unit for overwriting and erasing a minimum amount of data that is impossible is provided.

  According to the data erasing apparatus having such a configuration, since the minimum amount of data that makes it impossible to decrypt the encrypted data is overwritten and erased, it becomes impossible to decrypt the encrypted data. It is possible to obtain the same effect as overwriting all the stored encrypted data. Since the minimum amount of data that makes it impossible to decrypt the encrypted data is naturally smaller than the total amount of encrypted data, the time required for the overwrite erasure process can be shortened. In addition, since the overwriting process is performed so that the encrypted data itself cannot be decrypted, the data is not restored and lost, and it is safe. Thus, by overwriting and erasing the minimum amount of data, the same effect as overwriting and erasing all can be obtained, so that efficient processing can be performed in a short time.

According to a second aspect of the present invention, the data erasing device is extracted by the encrypted data management unit for extracting the encryption method and the minimum data amount of the encrypted data, and the encrypted data management unit. An erasing method selection unit that selects an erasing method of encrypted data by the encryption method, and the overwrite erasure processing unit uses the erasing method selected by the erasing method selection unit to extract the minimum extracted by the encrypted data management unit. A limited amount of data is overwritten and erased.
According to the data erasing apparatus having such a configuration, it is possible to cope with various encryption methods. In addition, since the erasing method can be changed in accordance with the encryption method, the overwrite erasing process can be performed more efficiently.

According to a third aspect of the present invention, an image forming apparatus includes the data erasing device (the data erasing device according to the first or second aspect).
Usually, since the image forming apparatus does not have a margin for the performance of the CPU and RAM, when performing the data overwriting and erasing process during the printing process, the processing speed becomes extremely slow, and this state continues for a long time. According to the image forming apparatus provided with the data erasing apparatus of the present invention, the amount of encrypted data overwriting erasure processing is reduced, so that such a slow processing speed state can be quickly resolved. Further, it is necessary to perform overwrite erasure processing so that data is not lost from the built-in HDD or the like when the product is discarded, but the processing can be performed safely and efficiently in a short time.

  The data erasing method of the present invention is a data erasing method for erasing encrypted data stored in a storage means, as described in claim 4, wherein the encrypted data encryption method and encrypted data are decrypted. A first step of extracting a minimum amount of data that is impossible, a second step of selecting an encryption data erasing method according to the encryption method extracted in the first step, And a third step of overwriting and erasing the minimum amount of data extracted in the first step by the erasing method selected in the step.

  According to such a data erasing method, since there is a first step of extracting the encryption data encryption method and the minimum data amount that makes it impossible to decrypt the encryption data, various encryption methods are available. It becomes possible to cope with. And a second step of selecting an encryption method for erasing the encrypted data based on the encryption method extracted in the first step, so that the erasure method can be changed in accordance with the encryption method, so that the overwrite erasure can be performed more efficiently. Can be processed. In addition, since there is a third step of overwriting and erasing the minimum amount of data extracted in the first step by the erasing method selected in the second step, it becomes impossible to decrypt the encrypted data. The same effect as overwriting all the encrypted data stored in the storage means can be obtained. Further, since the minimum data amount that makes it impossible to decrypt the encrypted data is naturally smaller than the entire encrypted data amount, the time required for the overwrite erasure process can be shortened. Also, since the overwriting process is performed so that the encrypted data itself cannot be decrypted, the data is not restored and lost, and it is safe. Furthermore, by overwriting and erasing the minimum amount of data, the same effect as overwriting all the data can be obtained, which is efficient.

  The data erasure program of the present invention is a data erasure program for erasing encrypted data stored in the storage means, as described in claim 5, wherein the encryption method of the encrypted data stored in the storage means A first step of extracting a minimum amount of data that makes it impossible to decrypt the encrypted data; and a second step of selecting an erase method of the encrypted data based on the encryption method extracted in the first step. The data erasing apparatus executes the step and the third step of overwriting and erasing the minimum amount of data extracted in the first step by the erasing method selected in the second step.

  According to such a data erasing program, the data erasing apparatus executes the first step of extracting the encryption data encryption method and the minimum data amount that makes it impossible to decrypt the encrypted data. It is possible to support various encryption methods. Since the data erasing apparatus executes the second step of selecting the erasure method of the encrypted data based on the encryption method extracted in the first step, the erasure method can be changed according to the encryption method, so that it is more efficient. Can be overwritten and erased. In addition, the third step of overwriting and erasing the minimum amount of data extracted in the first step is executed by the data erasing device by the erasing method selected in the second step, so that the encrypted data is decrypted. Thus, the same effect as that of overwriting and erasing all the encrypted data stored in the storage means can be obtained. Further, since the minimum data amount that makes it impossible to decrypt the encrypted data is naturally smaller than the entire encrypted data amount, the time required for the overwrite erasure process can be shortened. Also, since the overwriting process is performed so that the encrypted data itself cannot be decrypted, the data is not restored and lost, and it is safe. Furthermore, by overwriting and erasing the minimum amount of data, the same effect as overwriting all the data can be obtained, which is efficient.

As described above, according to the data erasing apparatus, the image forming apparatus, the data erasing method, and the data erasing program of the present invention, it is possible to overwrite and erase the minimum data amount that makes it impossible to decrypt the encrypted data. it can.
Therefore, the same effect as overwriting and erasing all the encrypted data stored in the storage means can be obtained safely and efficiently in a short time.

Hereinafter, preferred embodiments of the present invention will be described with reference to the drawings.
FIG. 1 is a block diagram illustrating a configuration of an image forming apparatus including a data erasing apparatus according to a preferred embodiment of the present invention.
As shown in FIG. 1, the image forming apparatus 10 includes a front panel 11, an input / output interface (hereinafter referred to as an input / output I / F) 12, a main storage device 13, a CPU 14, a data erasing device 15, and storage means (storage). A medium (HDD) 16, an encryption device 17, a decryption device 18, and a system bus 19.

The front panel 11 is composed of a liquid crystal panel or the like, and is a device that performs operation input and the like of the image forming apparatus 10.
The input / output I / F 12 is connected to a network such as a LAN (not shown) so that the image forming apparatus 10 can be shared and used by a plurality of PCs as clients on the network.
The main storage device 13 is constituted by a RAM or the like, and performs print processing of print data input from the input / output I / F 12.
In order to execute various functions of the image forming apparatus 10, the CPU 14 causes the constituent parts of the image forming apparatus 10 to execute predetermined processes, or executes the predetermined processes themselves.
The data erasing device 15 will be described later.

The storage means 16 is a storage medium or the like for storing data input from the input / output I / F 12, and is constituted by an HDD in this embodiment. However, as shown in FIG. 2, a storage 21 built in the image forming apparatus 10 or a memory card 22 externally attached to the image forming apparatus 10 may be used.
The encryption device 17 is a device that encrypts data input via the input / output I / F 12, and includes a plurality of types of encryption methods. The data encrypted by the encryption device 17 is stored in the storage unit 16.
The encryption device 17 can store the encryption method in the encrypted data management table storage unit 33 when encrypting the data. At this time, the erasable block can be stored together with the encryption method.

The decryption device 18 is a device for decrypting the encrypted data stored in the storage means 16, and has decryption methods respectively corresponding to a plurality of types of encryption methods provided in the encryption device 17. Note that the decrypted data is printed by a printing unit (not shown).
The system bus 19 is a transmission path for each apparatus to exchange data within the image forming apparatus 10.

Next, FIG. 3 is a block diagram showing a configuration of the data erasing apparatus 15 which is a preferred embodiment of the present invention.
As shown in FIG. 3, the data erasure device 15 includes a storage means selection unit 31, an encrypted data management unit 32, an encrypted data management table storage unit 33, an erasure method selection unit 34, an erasure method management table storage unit 35, and a data erasure unit. The processing unit 36 is configured.

The storage means selection unit 31 is a device that selects a storage means that is a target of data erasure. Specific examples of data erasure targets include, for example, a storage unit 16 (HDD or the like), a storage 21, a memory card 22, and the like.
Further, the storage means selection unit 31 can select a file (file) or a partition (Partition) to be erased in the selected storage means.

The encrypted data management unit 32 refers to the encrypted data management table, and uses the storage means (or file, partition, etc.) selected by the storage means selection unit 31 as a key to encrypt the encryption data to be overwritten. And a minimum data amount that makes it impossible to decrypt the encrypted data (hereinafter referred to as an erasable block) from the encrypted data management table.
If the encryption method is known, an erasable block can be extracted using the encryption method as a key.

The encrypted data management table storage unit 33 stores an encrypted data management table. As shown in FIG. 4, the encrypted data management table is a table in which data erasure target ranges, encryption methods, and erasable blocks are associated with each other.
Here, the data erasure target range refers to means, a range, and the like that are data erasure targets. Specifically, for example, storage means, files, partitions, and the like are included.

The erasing method selection unit 34 refers to the erasing method management table based on the encryption method of the encrypted data extracted by the encrypted data management unit 32, and one or more erasing formats registered in the erasing method management table. Is a device for selecting a predetermined erasing format from the above.
The erasing method management table storage unit 35 stores an erasing method management table. In the erasing method management table, as shown in FIG. 5, one or more erasing methods are written. As a specific example of the erasing method, for example, “0 is written once”, “1 is written once”, “random number is written once”, “NSA method”, “ There are “old NSA method”, “US Department of Defense method”, “NATO method”, “Gutmann method” and the like.
The data erasure processing unit 36 is a device that performs an overwrite erasure process on the erasable block extracted by the encrypted data management unit 32 according to a predetermined erasure format selected by the erasure method selection unit 34.

FIG. 6 is a flowchart showing a procedure of data erasure processing of encrypted data executed in the data erasure apparatus according to the preferred embodiment of the present invention.
In step 61, the storage means selection unit 31 selects the storage means 16 that performs the data erasing process according to the input from the front panel 11.
As a method for specifying / selecting a data erasure target, for example, in addition to a method for specifying on the front panel, a command from a utility tool activated in an information processing apparatus (personal computer: PC, etc.) or an input / output I / F is used. There is a method to select the target by receiving.

In step 62, the data erasure processing unit 36 selects a file, partition, or the like to be subjected to data erasure processing from the storage means 16 selected in step 61 according to the input of the front panel 11.
In step 63, the encryption method and erasable block of the file etc. selected in step 62 are extracted from the encrypted data management table 33 shown in FIG. Note that the encryption method shown in FIG. 6 is a mode such as ECB, CBC, or PCBC of the most common DES method as a block cipher, for example. Further, the erasable blocks are determined by the durability against information deterioration, disappearance, tampering, etc. of each mode, for example, the ECB mode has a strong durability and all blocks, and the CBC has a medium durability and a half of the blocks. PCBC is the first block because of its low durability.

In step 64, the erasure method selection unit 34 selects a predetermined erasure format from the erasure method management table 35 according to the encryption method extracted in step 63.
In step 65, the data erasure processing unit 36 performs erasable block overwrite erasure processing according to the predetermined erasure format selected in step 64. Here, the erasable block is the minimum amount of data that makes it impossible to decrypt the encrypted data. Therefore, when this data is overwritten and erased, it becomes impossible to decrypt the encrypted data. . Therefore, it is possible to obtain the same effect as overwriting all the encrypted data stored in the storage means. In addition, since only the minimum data amount needs to be overwritten and erased, the data erase process can be efficiently performed in a short time. Further, the image forming apparatus 10 including the storage unit 16 can reduce the overwriting process for a short time because the amount of overwriting the encrypted data is reduced. For this reason, the performance of the CPU 14 and the main storage device 13 usually has no margin, and when performing the data overwriting and erasing process during the printing process, the processing speed becomes extremely slow and the processing is performed for a long time. According to the image forming apparatus 10 including the means 16, the processing time can be shortened because the amount of encrypted data overwriting and erasing processing is reduced.

A data erasing method according to a preferred embodiment of the present invention is a data erasing process procedure executed in the data erasing apparatus.
A data erasure program according to a preferred embodiment of the present invention is a program that causes each component to execute a data erasure process procedure in the data erasure apparatus.

Next, the data erasing program will be described.
The data erasing function (function for executing the data erasing method) of the computer (data erasing apparatus, image forming apparatus, etc.) in the above embodiment is realized by a data erasing program stored in a storage means (for example, ROM, HDD, etc.). Is done.

The data erasure program is read by a computer control means (CPU or the like) to send instructions to each part of the computer, and a predetermined process, for example, a memory means selection process for data erasure in the memory means selection part, The encryption method extraction processing of the encrypted data management unit, the erasable block extraction processing, the erasing method selection processing of the erasing method selection unit, the overwriting processing of the overwrite erasure processing unit, and the like are performed.
As a result, the data erasing function is realized by the cooperation of the data erasing program as software and each component means of a computer (data erasing apparatus, image forming apparatus, etc.) as hardware resources.

The data erasure program for realizing the data erasure function is stored in a computer ROM, hard disk, or the like, or may be stored in a computer-readable recording medium, such as an external storage device or a portable recording medium. it can.
An external storage device refers to a memory expansion device that incorporates a storage medium such as a CD-ROM and is externally connected to a data erasing device or an image forming apparatus. On the other hand, the portable recording medium is a recording medium that can be mounted on a recording medium driving device (drive device) and is portable, and refers to, for example, a flexible disk, a memory card, a magneto-optical disk, and the like.

Then, the program recorded on the recording medium is loaded into a RAM or the like of the computer and executed by the CPU (control means or control unit). By this execution, the functions of the data erasing apparatus and the image forming apparatus of the present embodiment described above are realized.
Further, when the data erasure program is loaded by the computer, the data erasure program held by another computer can be downloaded to its own RAM or external storage device using a communication line. The downloaded data erasing program is also executed by the CPU, and realizes the data erasing function of the data erasing apparatus or the image forming apparatus of the present embodiment.

  The data erasing apparatus of the present invention has been described with reference to the preferred embodiments. However, the data erasing apparatus according to the present invention is not limited to the above-described embodiments, and various modifications can be made within the scope of the present invention. It goes without saying that implementation is possible. For example, in the above-described embodiment, the data erasing device is mounted on the image forming apparatus, but may be mounted on another device such as a PC.

  As described above, the data erasing apparatus, the data erasing method, and the data erasing program according to the present invention are the data erasing apparatus, the data erasing method, and the data that can safely and efficiently erase the encrypted data in a short time. It can be suitably used as an erasing program.

1 is a block diagram illustrating a configuration of an image forming apparatus including a data erasing apparatus that is a preferred embodiment of the present invention. It is the schematic which shows the Example of the memory | storage means from which encryption data is deleted by the data erasing apparatus of this invention. It is a block diagram which shows the structure of the data erasing apparatus which is preferable embodiment of this invention. It is the schematic which shows the encryption system and the erasable block memorize | stored in the encryption data management table with which the data erasing apparatus of this invention is equipped. It is the schematic which shows the erase method memorize | stored in the erase method management table with which the data erasing apparatus of this invention is equipped. It is a flowchart which shows the procedure of the data erasure | elimination process of the encryption data performed in the data erasure apparatus which concerns on preferable embodiment of this invention.

Explanation of symbols

10 Image Printing Device 11 Front Panel 12 Input / Output I / F
13 Main memory 14 CPU
15 Data erasing device 16 Storage means 17 Encryption device 18 Decryption device 19 System bus 31 Storage means selection unit 32 Encrypted data management unit 33 Encrypted data management table storage unit 34 Erasing method selection unit 35 Erasing method management table storage unit 36 Data erasure processing section

Claims (5)

A data erasing device for erasing encrypted data stored in a storage means,
A data erasing apparatus comprising: an overwriting erasure processing unit for overwriting and erasing a minimum data amount that makes it impossible to decrypt the encrypted data. An encrypted data management unit for extracting the encryption method of the encrypted data and the minimum amount of data;
An erasure method selection unit that selects an erasure method of encrypted data by the encryption method extracted by the encrypted data management unit,
The overwriting erasure processing unit overwrites and erases the minimum amount of data extracted by the encrypted data management unit according to an erasing method selected by the erasing method selection unit. Data eraser. An image forming apparatus comprising the data erasing device according to claim 1. A data erasing method for erasing encrypted data stored in a storage means,
A first step of extracting an encryption method of the encrypted data and a minimum amount of data that makes it impossible to decrypt the encrypted data;
A second step of selecting an encryption data erasing method according to the encryption method extracted in the first step;
And a third step of overwriting and erasing the minimum amount of data extracted in the first step by the erasing method selected in the second step. A data erasure program for erasing encrypted data stored in a storage means,
A first step of extracting an encryption method of encrypted data stored in the storage means and a minimum data amount that makes it impossible to decrypt the encrypted data;
A second step of selecting an encryption data erasing method according to the encryption method extracted in the first step;
A third step of overwriting and erasing the minimum amount of data extracted in the first step by the erasing method selected in the second step;
A data erasing program for causing a data erasing device to execute.

Images