JP2006120089A - Data management system and data management method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a data management system that prevents leakage of secret data due to tampering by disabling the reading of secret data whose effective period has expired. <P>SOLUTION: The data management system 100 comprises a data storage part 105 for storing encrypted secret data, a metadata storage part 104 for storing a data group descriptor associating and holding a value identifying a data group that is a management unit of the secret data and a value of the effective period of the data group, a time key generation part 200 for generating a key corresponding to the effective period if the current time is included in the effective period, and a decryption part 103 for decrypting the encrypted secret data with the key generated by the time key generation part 200. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to a data management system and a data management method for managing secret data.

  The data management system is a subsystem used in electronic computers and communication terminals, stores secret data in response to data storage requests and read requests from legitimate external systems, and provides stored secret data. On the other hand, it is a system that does not follow an illegal request from an external system but has a mechanism that prevents secret data from leaking even by hardware signal analysis (tamper).

  As such a data management system, a data management system shown in FIG. 13 is disclosed (for example, see Patent Document 1). The data management system 900 includes a security protection unit 910 having tamper resistance and an encrypted data storage unit 902 that stores the created encrypted data. The security protection unit 910 includes a control unit 913 that generates an encryption key using a random number, a random number generation unit 914, an encryption key storage unit 916 that stores the generated encryption key, and performs encryption processing on the requested data. And an encryption / decryption unit 912 that creates encrypted data.

In the data management system 900, when an external system requests storage of secret data, the encryption / decryption unit 912 encrypts the secret data using the encryption key generated by the random number generation unit 914, and the encrypted data storage unit 902 And the encryption key is stored in the encryption key storage unit 916. On the other hand, when the data management system 900 is requested to read out the secret data from the external system, the encrypted secret data stored in the encrypted data storage unit 902 is stored in the encryption key storage unit 916. Using the key, the encryption / decryption unit 912 decrypts it and passes it to the external system. In this way, the encryption key does not exit the security protection unit 910 in a series of processes, and the security protection unit 910 has tamper resistance as described above, so that even if the data management system 900 is tampered, it is encrypted. Although it is possible that the confidential data is leaked, it is safe because the encryption key for decrypting it cannot be obtained.
Japanese Patent Laid-Open No. 10-271107

  By the way, a valid period may be set for a secret data management unit (hereinafter referred to as a “data group”). For example, when the data management system stores secret data based on a service contract, the data group stored based on the service contract is a reasonable amount that the data management system holds when the service contract expires or is canceled. Sex and legality will be lost. In this case, the period of the service contract can be regarded as the effective period of the data group.

  However, in the conventional data management system 900 described above, encryption keys are not managed in consideration of the validity period of the data group.

  For this reason, the secret data belonging to a certain data group and the encryption key that encrypts the secret data continue to be stored in the data management system 900 in a form in which the secret data can be decrypted even after the validity period of the data group ends. There is a problem that secret data is provided to an external system by a read request.

  In view of the above problems, an object of the present invention is to provide a data management system and a data management method that make it impossible to read secret data whose validity period has expired and prevent leakage of secret data due to tampering.

  In order to achieve the above object, the first feature of the present invention is that: (a) a data storage unit that stores encrypted secret data; and (b) a value that identifies a data group that is a management unit of secret data. A metadata storage unit for storing a data group descriptor that stores the valid value of the data group in association with each other; and (c) if the valid time includes the current time, a key corresponding to the valid period is generated. The gist of the present invention is a data management system including a time key generation unit and (d) a decryption unit that decrypts the encrypted secret data using the key generated by the time key generation unit.

  According to the data management system according to the first feature, since the secret data is decrypted with the key corresponding to the valid period of the data group, the secret data whose valid period has expired cannot be read, and the leak of the secret data by the tamper Can be prevented.

  In addition, the time key generation unit in the data management system according to the first feature includes a secret key storage unit that stores a secret key, and a hash value with a key that depends on the validity period based on the secret key. And a hashed output unit with a key that outputs as a key corresponding to.

  According to this data management system, it is possible to output a keyed hash value corresponding to the validity period.

  In the data management system according to the first feature, the time key generation unit may have an abnormality in the clock unit that outputs a value that monotonously increases in response to an external request or over time. If there is a possibility, a random number generator for generating a new secret key may be further provided.

  According to this data management system, since the secret key is updated, the return value when a key acquisition operation is requested to the time key generation unit is different from the return value when the exact same request is made before the reset process. become. By using this property, it is possible to perform effective batch erasure of all stored secret data.

  In the data management system according to the first feature, the data group descriptor may further hold a value for identifying a parent data group on which the data group depends, in association with a value for identifying the data group.

  According to this data management system, the relationship between data groups can be recognized.

  In the data management system according to the first feature, the data group descriptor may further hold a value obtained by encrypting a data group key that is an encryption key used when encrypting and decrypting secret data. Good.

  According to this data management system, secret data can be encrypted and stored with a data group key unique to the data group to which the data belongs.

  The data management system according to the first feature may further include an encryption unit that encrypts the data group key with an encryption key that depends on a key generated corresponding to the validity period of the data group. Good.

  The data management system according to the first feature further includes an encryption unit that encrypts the data group key with an encryption key that depends on the data group key that encrypts the parent data group on which the data group depends. May be.

  In addition, in the data management system according to the first feature, when deletion of secret data is requested, a value that identifies a data group that is a management unit of secret data or a value that identifies the data group is set to the parent data A data group descriptor held as a value for identifying a group may be specified, and a value obtained by encrypting the data group key held in the data group descriptor may be overwritten and deleted.

  According to this data management system, when a data group is deleted, a data group key unique to the data group can be deleted.

  Further, in the data management system according to the first feature, when a change in the validity period of the data group is requested, the decryption unit depends on the data group key generated based on the current validity period. The decryption may be performed using the encryption key, and the encryption unit may re-encrypt the decrypted data group key using an encryption key that depends on the key generated corresponding to the new validity period.

  According to this data management system, when the valid period is changed, a key corresponding to the valid period can be newly generated.

  The second feature of the present invention is that (a) a step of storing encrypted secret data, (b) a value for identifying a data group that is a management unit of the secret data, and a value of an effective period of the data group, Storing a data group descriptor that holds the data in association with each other, (c) if the effective period includes the current time, generating a key corresponding to the effective period, and (d) using the generated key Thus, the gist of the present invention is a data management method including a step of decrypting encrypted secret data.

  According to the data management method according to the second feature, since the secret data is decrypted with the key corresponding to the valid period of the data group, the secret data whose valid period has expired cannot be read, and the secret data is leaked by the tamper Can be prevented.

  According to the present invention, it is possible to provide a data management system and a data management method that make it impossible to read secret data whose valid period has expired and prevent leakage of secret data due to tampering.

  Next, embodiments of the present invention will be described with reference to the drawings. In the following description of the drawings, the same or similar parts are denoted by the same or similar reference numerals. However, it should be noted that the drawings are schematic.

(Data management system)
In the embodiment of the present invention, a data management system will be described in which secret data is encrypted and stored, and the decryption key is not obtained outside the valid period of the secret data. More specifically, in the data management system, the decryption key of the secret data is encrypted with a time key generated by the time key generation unit 200 described later, and the time key of the time key is outside the valid period of the secret data. Is not provided. For this reason, if only the time key generation unit 200 is tamper resistant, the secret data will not leak even if other parts are tampered with.

  As shown in FIG. 1, a data management system 100 according to an embodiment of the present invention includes a random number generation unit 101, an encryption unit 102, a decryption unit 103, a metadata storage unit 104, and a data storage unit 105. The time key generation unit 200 and the control unit 110 are provided.

  The random number generation unit 101 generates a random number used as an encryption key.

  The encryption unit 102 encrypts a data group key, which is an encryption key used when encrypting and decrypting secret data, with an encryption key that depends on a key generated corresponding to the validity period of the data group To do. The encryption unit 102 encrypts the data group key with an encryption key that depends on the data group key that encrypts the parent data group on which the data group depends. In addition, when a change in the validity period of the data group is requested, the encryption unit 102 again uses the encryption key depending on the key generated corresponding to the new validity period to decrypt the decrypted data group key. Encrypt.

  The decryption unit 103 decrypts the encrypted secret data using the key generated by the time key generation unit 200. In addition, when the change of the valid period of the data group is requested, the decryption unit 103 decrypts the data group key with an encryption key that depends on the key generated corresponding to the current valid period.

  The metadata storage unit 104 stores a data group descriptor to be described later.

  The data storage unit 105 stores the encrypted secret data.

  When the current time is included in the effective period, the time key generating unit 200 generates a time-limited key corresponding to the effective period. The time key generation unit 200 will be described in detail later.

  The control unit 110 controls the random number generation unit 101, the encryption unit 102, the decryption unit 103, the metadata storage unit 104, the data storage unit 105, and the time key generation unit 200. In addition, the control unit 110 performs data input / output with the external system 120. Further, when deletion of secret data is requested, the control unit 110 uses a value for identifying a data group that is a management unit of secret data, or a value for identifying the data group as a value for identifying a parent data group. The data group descriptor to be held is specified, and the value obtained by encrypting the data group key held in the data group descriptor is overwritten and erased.

  Next, details of the time key generation unit 200 will be described. As illustrated in FIG. 2, the time key generation unit 200 includes a random number generation unit 201, a secret key storage unit 202, a keyed hash output unit 203, a clock unit 204, and a time key control unit 210.

  The random number generator 201 generates a random number used as a secret key. The random number generation unit 201 generates a new secret key in response to a request from the outside or when there is a possibility that an abnormality has occurred in the clock unit 204.

  The secret key storage unit 202 stores a secret key.

  Based on the secret key stored in the secret key storage unit 202, the keyed hash output unit 203 outputs a keyed hash value that depends on the validity period as a key corresponding to the validity period.

  The clock unit 204 outputs a value that monotonously increases with time.

  The time key control unit 210 controls the random number generation unit 201, the secret key storage unit 202, the keyed hash output unit 203, and the clock unit 204. In addition, the timed key control unit 210 performs predetermined processing as necessary, such as processing for obtaining a key from the control unit 110 described later and processing when a reset request is made.

  The time key generation unit 200 performs tamper-proof mounting such as mounting in a one-chip configuration, for example, and it is extremely difficult to directly observe and operate the internal state from the outside.

(data structure)
Next, the data group descriptor stored in the metadata storage unit 104 will be described.

  As shown in FIG. 3, the data group descriptor includes a data group ID column, a validity period column, a parent data group column, and a data group key column. For example, the data group descriptor 303 has U122 in the data group ID column, 259200 and 604800 in the validity period column, U101 in the parent data group column, and the data group key column Oxa308da05833a57ec204e74bd63d1de2a (not shown in the figure). In the data group ID column, a data group ID of the data group corresponding to the data group descriptor, that is, a value for identifying the data group is described. In the effective period column, a two-dimensional vector value having two time values, that is, a start time and an end time of the effective period in terms of time used by the clock unit 204 of the time key generation unit 200, is described. In the parent data group column, a data group ID of a data group (hereinafter referred to as “parent data group”) on which the data group to which the data group descriptor corresponds depends is described. The value described in the parent data group column is a vector value, and a plurality of data group ID values can be described. In the data group key column, a value obtained by encrypting a data group key, which is an encryption key used when encrypting and decrypting secret data, is described.

  The data group descriptor 304 is an example in which two data groups IDs U101 and U102 are described in the parent data group column. The parent data group column of the data group descriptor corresponding to the data group having no dependent data group is blank. Data group descriptors 301 and 302 are examples thereof. FIG. 3 is a hierarchical diagram showing the relationship between each data descriptor and the parent data group. An arrow reflecting the dependency between the data groups is added between the data group descriptors. This is to help intuitive understanding, and does not mean that data describing such a relationship is stored in the metadata storage unit 104 (in addition to the parent data group column of the data group descriptor). .

  In this embodiment, the term “time” is mainly used in the meaning equivalent to a so-called date and time including a date, that is, it is mainly assumed that the same time will not come twice. In addition to this, it is good also as "time" that the same time comes repeatedly. For example, “23: 46: 6” is a time without a date, other than the year, month, day, day of the week, hour, minute, second, or a time expression with a plurality omitted. It is also good.

(Data management method)
Next, the data management method according to the present embodiment will be described with reference to FIGS.

= Data group addition processing =
First, the operation of the data management system 100 when the external system 120 requests addition of a data group using the data group ID, the validity period, and the parent data group as parameters will be described with reference to FIG.

  First, in step S101, the control unit 110 assigns the parameter data group ID value to the variable S, the validity period value to the variable T, and the parent data group value to the variable SP. Here, the valid period value and the variable T are vectors, and have a valid period disclosure time and an end time as elements. The parent data group value and the variable SP are also vectors, which corresponds to a case where there are a plurality of parent data groups.

  Next, in step S102, the control unit 110 converts the time of T into the time expression of the clock unit 204 of the time key generation unit 200 (that is, converts the time expression of each element of T) and substitutes it into the variable TL. Then, a new random number is generated using the random number generator 201 and substituted into the variable KS.

  Next, in step S103, the control unit 110 uses a data group key encryption procedure, which will be described later, as parameters, and sets the TL value as the validity period value, the SP value as the parent data group ID value, and the KS value as the data group key value. Each is specified and called, and the return value is assigned to variable K.

  Next, in step S104, the control unit 110 creates a new data group descriptor in the metadata storage unit 104, the S value in the data group ID column, the SP value in the parent data group column, and the validity period column. The TL value and the K value value are stored in the data group key column, and the process ends.

  Here, a supplementary description will be given of the conversion of the time expression in step S102. As an example, suppose that the clock unit 204 is a clock that expresses an integer value obtained by counting the number of seconds elapsed from midnight on February 1, 1998, Japan, in units of 1 second. If the expression and meaning of the start time element of the effective period of the variable T at that time are “Japan Standard Time February 2, 1998 00: 00: 00: 00”, it is converted into the time expression of the clock unit 204. The start time element of the vector value assigned to the variable TL is 86400 as an integer value. The same conversion is performed for the end time element.

= Data group key encryption procedure call processing =
Next, the operation of the data management system 100 when receiving a call to the data group key encryption procedure using the valid period, the parent data group ID, and the data group key as parameters will be described with reference to FIG.

  First, in step S201, the control unit 110 assigns the parameter validity period value to the variable TL, the parent data group ID value to the variable SP, and the data group key value to the variable KS.

  Next, in step S202, the control unit 110 specifies the value of TL as a period value as a parameter, and requests the key acquisition operation from the time key generation unit 200. Then, control unit 110 assigns the return value to variable KT, and calls a data group key decryption procedure described later using the value of SP as a parameter. Furthermore, the control part 110 substitutes the return value for the variable KP. However, when the SP value is empty, the data group key decryption procedure is not called and the value of the variable KP is empty. When the SP value is composed of a plurality of data group IDs, a data group key decryption procedure is called for each data group ID, and a vector value having a corresponding return value as an element is assigned to the variable KP.

  Next, in step S203, the control part 110 substitutes the value depending on each value of KT and KP to the variable KTP.

  Next, in step S204, the control unit 110 designates the KTP value as an encryption key, encrypts the KS value using the encryption unit 102, and substitutes it into the variable K.

  Next, in step S205, the control unit 110 sets the value of K as the return value of the procedure, and ends the process.

  Here, a supplementary description will be given of the value to be substituted for the variable KTP in step S203. As means for obtaining values depending on the values of the variables KT and KP, for example, arithmetic operations such as arithmetic sum and product, logical operations such as logical sum, product and exclusive OR, concatenation as a bit string, It is possible to use various means such as a combination thereof, and an output obtained by passing it through a function. However, as a requirement, it is a means that both the values of KT and KP affect the value of KTP. There must be.

= Data group key decryption procedure call processing =
Next, the operation of the data management system 100 when receiving a call to the data group key decryption procedure using the data group ID as a parameter will be described with reference to FIG.

  First, in step S <b> 301, the control unit 110 identifies a data group descriptor having the parameter data group ID value in the data group ID column in the data group descriptor stored in the metadata storage unit 104. Then, the control unit 110 assigns the value of the validity period column of the data group descriptor to the variable TL, the value of the parent data group column to the variable SP, and the value of the data group key column to the variable K.

  Next, in step S302, the control unit 110 specifies the value of TL as a period value as a parameter, and requests the key acquisition operation to the time key generation unit 200. Then, control unit 110 assigns the return value to variable KT, and calls the data group key decryption procedure using the SP value as a parameter. Furthermore, the control part 110 substitutes the return value for the variable KP. However, when the SP value is empty, the data group key decryption procedure is not called and the value of the variable KP is empty. When the SP value is composed of a plurality of data group IDs, a data group key decryption procedure is called for each data group ID, and a vector value having a corresponding return value as an element is assigned to the variable KP.

  Next, in step S303, the control unit 110 substitutes values depending on the values of KT and KP into the variable KTP. The process of step S303 is the same as the process of step S203 in FIG.

  Next, in step S304, the control unit 110 designates the KTP value as the encryption key, decrypts the K value using the decryption unit 103, and substitutes it into the variable KS.

  Next, in step S305, the value of KS is set as the return value of the procedure, and the process ends.

= Secret data writing process =
Next, the operation of the data management system 100 when the external system 120 requests writing of secret data using the secret data and the data group ID as parameters will be described with reference to FIG.

  First, in step S401, the control unit 110 assigns the secret data value of the parameter to the variable D and the data group ID value to the variable S.

  Next, in step S402, the control unit 110 calls the data group key decryption procedure as a parameter, specifying the value of S as the data group ID value, and assigns the return value to the variable KS.

  Next, in step S403, the control unit 110 designates the value of KS as an encryption key, encrypts the value of D using the encryption unit 102, and substitutes it for the variable DE.

  Next, in step S404, the control unit 110 stores the DE value in association with the S value in the data storage unit 105, and ends the process.

  Here, a supplementary description will be given of means for associating the data group ID (S value) with the encrypted secret data (DE value) in the process of step S404. As a means for this association, the method of storing the encrypted secret data and the data group ID adjacent to each other in the data storage unit 105, or the data group ID to the address obtained by converting the encrypted secret data or the storage address thereof by a hash function or the like. An example is a method of storing. Even with other methods, it is sufficient that the data group ID associated with the encrypted secret data can be specified when the encrypted secret data is specified in the process for the secret data read request described below.

= Secret data read processing =
Next, the operation of the data management system 100 when secret data is designated from the external system 120 and requested to be read out will be described with reference to FIG.

  First, in step S501, the control unit 110 reads the designated secret data (encrypted) and the data group ID associated therewith from the data storage unit 105. Then, the control unit 110 assigns the secret data and the data group ID to the variable DE and the variable S, respectively.

  In step S502, the control unit 110 calls the data group key decryption procedure as a parameter, specifies the value of S as the data group ID value, and assigns the return value to the variable KS.

  Next, in step S503, the control unit 110 designates the KS value as an encryption key, decrypts the DE value using the decryption unit 103, and substitutes it into the variable D.

  Next, in step S504, the control unit 110 returns the value of D as a return value to the external system 120, and ends the process.

  Here, a supplementary description will be given of a method in which the external system 120 designates encrypted secret data. Examples of methods for specifying the secret data include a method for specifying an address where the encrypted secret data is stored in the data storage unit 105, and a method for specifying a unique name in association with the secret data. Conceivable. Whichever method is used, additional processing (for example, notification of the storage address to the external system 120) is required for the above-described secret data writing processing and reading processing, and these processing should be devised and implemented. Since it is easy for people involved in such fields, details are omitted.

= Data group deletion processing =
Next, the operation of the data management system 100 when a deletion of a data group is requested from the external system 120 using the data group ID as a parameter will be described.

  The control unit 110 identifies the data group descriptor having the data group ID value of the parameter in the data group ID column in the data group descriptor stored in the metadata storage unit 104, and the data group of the data group descriptor Overwrite the key field with an invalid value and end the process. As this invalid value, a value different from the value previously described in the data group key column, for example, a random number or a numerical value 0 is used.

  In addition, the control unit 110 identifies a data group descriptor having the parameter data group ID value in the parent data group column in the data group descriptor stored in the metadata storage unit 104, and the data group descriptor The data group key field may be overwritten with an invalid value.

= Valid period change processing =
Next, the operation of the data management system 100 when the external system 120 is requested to change the data group validity period using the data group ID and the validity period as parameters will be described with reference to FIG.

  First, in step S601, the control unit 110 assigns the parameter data group ID value to the variable S and the validity period value to the variable TN.

  Next, in step S602, the control unit 110 converts the time of TN into the time expression of the clock unit 204 of the time key generation unit 200 and substitutes it into the variable TNL. Then, the control unit 110 uses the data group key decryption procedure as a parameter, specifies and reads the value of S as the data group ID value, and assigns the return value to the variable KS.

  Next, in step S603, the control unit 110 uses a data group key decryption procedure as a parameter to set a data group descriptor having a TNL value as a valid period value and a S value as a parent data group ID value in a data group ID column ( The KS value is designated as the value of the parent data group column and the data group key value (stored by the metadata storage unit 104) and called, and the return value is substituted into the variable K.

  Next, in step S604, the control unit 110 sets the TNL value and the data group key column in the validity period column of the data group descriptor (stored in the metadata storage unit 104) having the S value in the data group ID column. Each of the values of K is stored in and the process is terminated.

= Timed key generation processing =
Next, the operation of the time key generation unit 200 of the data management system 100 will be described with reference to FIG. FIG. 10 shows an operation when a key acquisition operation is requested using a period value as a parameter.

  First, in step S701, the time key control unit 210 substitutes the value of the start time element of the period value into the variable S and the value of the end time element into the variable E.

  Next, in step S702, the time key control unit 210 compares each value of S and E with the value of the current time indicated by the clock unit 204, and the value of S is equal to or smaller than the current time value (current or past). If the value of E is greater than the current time value (indicating a future time), the process proceeds to step S703. Otherwise, the process proceeds to step S704.

  When the process proceeds to step S703, the time key control unit 210 uses the keyed hash output unit 203 to obtain a keyed hash value that depends on the values of S and E, and assigns it to the variable H. To do. Means for obtaining a value depending on S and E is in accordance with the description of step S203 in the data group key encryption procedure described above. In addition, the secret key stored in the secret key storage unit 202 is used as the key specified for the hash value with the hour key.

  When the processing proceeds to step S704, the time key control unit 210 substitutes an invalid value for the variable H. As this invalid value, a value different from the value that would have been substituted for H at the time when the process of step S703 was performed, for example, a random number or a numerical value 0 is used.

  Next, in step S705, the time key control unit 210 returns the value of H to the requester (control unit 110) of the key acquisition operation, and ends the process.

  Next, a reset process performed by the time key control unit 210 of the time key generation unit 200 based on an external request or spontaneously will be described.

  The time key control unit 210 generates a new random number as a secret key using the random number generation unit 201 and stores it in the secret key storage unit 202. In addition, the time key control unit 210 initializes the clock unit 204 and ends the process. When initialization is performed, the clock unit 204 indicates a time value within the range of the time expression, and starts to clock in from the time value. It is conceivable to carry out as an operation to start updating the time after setting the time to a fixed time value regardless of the time value shown so far, but the time value shown so far (for example, “25 When the value is within the range of the time expression (not like “time”), the operation may be performed as an operation for starting the update of the time from the time value.

  A supplementary explanation will be given of the use opportunity of the reset processing. When the reset process is performed, the secret key stored in the secret key storage unit 202 is updated. Therefore, when the key acquisition operation is requested to the time key generation unit 200, the same return request is made before the reset process. The return value will be different. Accordingly, in the data management system 100, since the step S302 of the above-described data group key decryption procedure is not normally performed and the data group key cannot be decrypted normally, the secret that has been encrypted and stored in the data storage unit 105 so far Data cannot be decrypted after reset processing. By using this property, it is possible to perform effective batch erasure of all stored secret data. This is a case where the time key control unit 210 performs the reset process based on an external request, but it may be considered that the time key control unit 210 performs the reset process spontaneously. In that case, the time was not updated in the clock unit 204 until just before, for example, when power supply to the time key generation unit 200 was started or when power supply became stable after becoming unstable. In some cases, there is a possibility that the time value has changed abnormally or any one other than the reset process. As a security functional requirement of the time key generation unit 200, when the time of the clock unit 204 has returned to the past, or has changed more or less than the actual past time, the secret key storage The private key stored in the unit 202 must be updated. Therefore, when the above-described instability of power supply that may cause such a condition is detected, the timed key control unit 210 must perform a reset process. However, implementation means for detecting instability of power supply and the like and executing a predetermined process are well known to those who are involved in such fields, and the details are omitted.

(Function and effect)
According to the data management system 100 and the data management method according to the present embodiment, only when the current time is included in the validity period, a hash value with a key is output, and a value depending on the output value is used as a decryption key, Data can be decrypted. For this reason, since the hash value cannot be obtained outside the valid period, the secret data cannot be decrypted and the secret data cannot be read. Therefore, leakage of secret data due to tampering can be prevented.

  In addition, according to the data management system 100 according to the present embodiment, the time key generation unit 200 generates a new secret key in response to a request from the outside or when there is a possibility that an abnormality has occurred in the clock unit 204. Can be provided. In this way, since the secret key is updated, the return value when the key acquisition operation is requested to the time key generation unit is different from the return value when the same request is made before the reset process. By using this property, it is possible to perform effective batch erasure of all stored secret data.

  Further, according to the data management system 100 according to the present embodiment, when deletion of secret data is requested, a value that identifies a data group that is a management unit of secret data or a value that identifies the data group is set to a parent value. A data group descriptor held as a value for identifying a data group can be specified, and a value obtained by encrypting the data group key held in the data group descriptor can be overwritten and erased. For this reason, when a data group is deleted, a data group key unique to the data group can be deleted.

  Also, according to the data management system 100 according to the present embodiment, when a change in the validity period of the data group is requested, the decryption unit 103 uses the data group key as a key generated corresponding to the current validity period. The encryption unit 102 can re-encrypt the decrypted data group key with the encryption key depending on the key generated corresponding to the new validity period. . For this reason, when the valid period is changed, a key corresponding to the valid period can be newly generated.

  Further, in the conventional data management system 900, encryption keys are not managed in consideration of the affiliation relationship between the secret data and the data group and the dependency relationship between the data groups. For this reason, secret data belonging to a data group A or belonging to a data group B dependent on A and an encryption key obtained by encrypting the secret data are stored in the data group A after the data group A is deleted or the validity period ends. Even after the rationality and legality of storing the system is lost, the secret data can be stored in the data management system in a decryptable form, and the secret data is provided to the external system by a read request. was there.

  For example, when there is a data group A stored based on a comprehensive service contract and a data group B stored based on an individual service contract established depending on the comprehensive service contract, the comprehensive service contract is canceled. When this happens, not only the data group A but also the rationality and legality of holding B are lost. In this case, the individual contract depends on the comprehensive contract, but it can be modeled that the data group B depends on the data group A in terms of data management. If the rationality or legality of retaining the data group is lost, the stored data group or encryption key must be deleted, but this was not done in the prior art. .

  According to the data management system 100 according to the present embodiment, since the data descriptor includes information related to the parent data group on which the data group depends, the problems in the prior art can be solved.

(Application example)
Next, a specific application example of the data management system according to the present embodiment will be described.

  FIG. 11 is a block diagram illustrating the hardware configuration of the data management system according to this application example. As shown in FIG. 11, a computer terminal 400, which is an application example of the data management system of the present invention, has a CPU (Central Processing Unit) 401 that processes data according to a computer program (hereinafter referred to as “program”). A time management key chip 402 in which the time key generation unit 200 is mounted by one-chip hardware, a data management program 521 that is a program for executing the control unit 110, the random number generation unit 101, the encryption unit 102, and the decryption unit 103; A program for executing a virtual machine monitor 501 and an external system 120, which will be described later, is stored, and includes a metadata storage unit 104 and a memory 403 that functions as the data storage unit 105. The CPU 401, the time key chip 402, and the memory 403 are connected by a bus 404 including a data bus, an address bus, and other signal lines. A secure signal 405 to be notified can be transmitted from the CPU 401 to them. The secure signal 405 may be implemented as a unique signal line, but as a signal by a special combination of signal lines included in the bus 404 or a signal by sending a special code sequence to the data bus or address bus. You may do it.

  In this application example, most of the functions of the data management system 100 described in the present embodiment are implemented by a data management program 521, which is constructed and managed by a virtual machine monitor 501 as shown in FIG. It is executed on a virtual machine 511 which is a virtual computer environment.

  The virtual machine monitor 501 is generally a program for the purpose of constructing a plurality of such virtual computer environments on a single computer. In FIG. 12, in addition to the virtual machine 511, the virtual machine monitor 501 In this example, a virtual machine 512 and a virtual machine 513 are constructed, and external system programs 522 and 523 that are programs for executing the external system 120 are executed on the respective virtual machines.

  Of these programs, only the data management program 512 is executed in the secure mode. The secure mode is an operation mode of the CPU 401. Switching to the non-secure mode, which is an operation mode other than the secure mode, is performed by the virtual machine monitor 501, and these modes cannot be switched by other programs. Whether the CPU 401 is in the secure mode is notified to the peripheral device by a secure signal 405. That is, the time key chip 402 and the memory 403 that receive the secure signal 405 can know whether the CPU 401 is in the secure mode. The time key chip 402 performs processing for a key acquisition operation request only when the CPU 401 is in the secure mode, and the memory 403 has a secure memory space 406 that can be accessed only when the CPU 401 is in the secure mode.

  In the hardware and software configuration as described above, the computer terminal 400 of this application example stores the data management program 521 and data (temporary data) temporarily used in the execution of the program in the secure memory space 406. .

  Next, the effect obtained by implementing in this way is demonstrated. From the external system programs 522 and 523 operating in the non-secure mode, it is possible to access the encrypted secret data stored in the data storage unit 105 and the data group descriptor stored in the metadata storage unit 104. However, since the timed key chip 402 does not process a key acquisition operation request in the non-secure mode, these external system programs cannot decrypt the data group key stored in the data group descriptor. The secret data encrypted with cannot be decrypted. There may be a moment in the memory 403 where there is a variable KS that appears in step S304 of the data group key decryption procedure executed by the data management program 521, that is, a data group key that has been decrypted into plaintext. The changed data group key is temporary data and is placed in the secure memory space 406, and therefore cannot be accessed from these external system programs. From the above, these external system programs cannot decrypt the secret data without permission, and the security of the secret data is guaranteed.

  Further, it is considered that the attacker accesses the secret data outside the valid period by tampering with the computer terminal 400. In this case, since it is considered that the secure signal line can be freely operated by the attacker, the attacker can use the function of the time key chip 402 and can also store the data stored in the memory 403 including the data in the secure memory space 406. All are considered readable and writable. In this case, the attacker can obtain the encrypted secret data and data group descriptor, but if the key acquisition operation request is made to the time key chip 402, an invalid value is returned if it is outside the valid period. Therefore, the attacker cannot decrypt the data group key and cannot decrypt the secret data. Therefore, since the attacker cannot obtain the decrypted secret data, it is safe. However, in the secure memory space 406, if the variable KS that appears in step S304 of the data group key decryption procedure or the data group key that has become plaintext in other processing remains forgotten, the attacker obtains it. Secret data can be decrypted. Therefore, the data management program 521 needs to perform processing so that the data group key is quickly overwritten when it is stored in the memory 403 in plain text.

(Other embodiments)
Although the present invention has been described according to the above-described embodiments, it should not be understood that the description and drawings constituting a part of this disclosure limit the present invention. From this disclosure, various alternative embodiments, examples and operational techniques will be apparent to those skilled in the art.

  For example, in the data management system 100 according to the present embodiment, it is described that a period determined by two of a start time and an end time is used as the effective period of the secret data. Is not specified (always valid after the start time), or the start time is not specified only by the end time (always valid before the end time). If the effective period required by the system can be expressed sufficiently only at either the start time or the end time, part of the data structure and part of the processing in the data management system 100 can be simplified. For example, in the data group descriptor, only one of the time values is described instead of the vector value consisting of the start and end times in the validity period column, and the current time is set in the processing of step S702 of the time key control unit 210. The comparison target can be only one of the variables S and T. There are other parts that can be simplified, but it is easy for those who are involved in such fields to implement them, so details are omitted.

  As described above, the present invention naturally includes various embodiments not described herein. Therefore, the technical scope of the present invention is defined only by the invention specifying matters according to the scope of claims reasonable from the above description.

1 is a configuration block diagram of a data management system according to the present embodiment. It is a block diagram of the configuration of the time key generation unit of the data management system according to the present embodiment. It is a figure explaining an example of the data group descriptor concerning this embodiment. It is a flowchart which shows the data management method (data group addition process) which concerns on this embodiment. It is a flowchart which shows the data management method (call processing of a data group key encryption procedure) concerning this embodiment. It is a flowchart which shows the data management method (call processing of a data group key decryption procedure) concerning this embodiment. It is a flowchart which shows the data management method (write processing of secret data) concerning this embodiment. It is a flowchart which shows the data management method (reading process of secret data) concerning this embodiment. It is a flowchart which shows the data management method (validity period change process) which concerns on this embodiment. It is a flowchart which shows the data management method (time key generation process) which concerns on this embodiment. It is a block diagram which shows the hardware constitutions of the data management system which concerns on an application example. It is a figure explaining the software of the data management system which concerns on an application example. It is a block diagram of a conventional data management system.

Explanation of symbols

DESCRIPTION OF SYMBOLS 100 ... Data management system 101 ... Random number generation part 102 ... Encryption part 103 ... Decryption part 104 ... Metadata storage part 105 ... Data storage part 110 ... Control part 120 ... External system 200 ... Time limit key generation part 201 ... Random number generation part 202 ... Secret key storage unit 203 ... Hash output unit 204 ... Clock unit 210 ... Timed key control unit 301, 302, 303, 304 ... Data group descriptor 400 ... Computer terminal 401 ... CPU
402 ... Timed key chip 403 ... Memory 404 ... Bus 405 ... Secure signal 406 ... Secure memory space 501 ... Virtual machine monitor 511 ... Virtual machine 512 ... Data management program 512 ... Virtual machine 513 ... Virtual machine 521 ... Data management program 522 ... External System program 900 ... Data management system 902 ... Encrypted data storage section 910 ... Security protection section 912 ... Encryption / decryption section 913 ... Control section 914 ... Random number generation section 916 ... Encryption key storage section

Claims (10)

A data storage unit for storing encrypted secret data;
A metadata storage unit that stores a data group descriptor that stores a value that identifies a data group that is a management unit of the secret data and a valid period value of the data group; and
If the current period is included in the valid period, a time key generation unit that generates a key corresponding to the valid period;
A data management system comprising: a decryption unit that decrypts the encrypted secret data using the key generated by the time key generation unit. The time key generation unit
A secret key storage unit for storing the secret key;
The keyed hash output unit that outputs a keyed hash value having a value depending on the validity period as a key corresponding to the validity period based on the secret key. Data management system.   The time key generation unit is configured to acquire a new secret key when there is a possibility that an abnormality has occurred in a clock unit that outputs a value that monotonously increases with the request from the outside or with the passage of time. The data management system according to claim 2, further comprising a random number generation unit that generates the data.   4. The data group descriptor further holds a value that identifies a parent data group on which the data group depends, in association with a value that identifies the data group. The data management system described in the section.   The data group descriptor further holds a value obtained by encrypting a data group key that is an encryption key used when encrypting and decrypting secret data. The data management system described in the section.   6. The data management system according to claim 5, further comprising: an encryption unit that encrypts the data group key with an encryption key that depends on a key generated corresponding to the validity period of the data group. .   6. The data according to claim 5, further comprising an encryption unit that encrypts the data group key with an encryption key that depends on a data group key that encrypts a parent data group on which the data group depends. Management system.   A data group description that holds a value that identifies a data group that is a management unit of the secret data or a value that identifies the data group as a value that identifies the parent data group when deletion of secret data is requested The control unit according to any one of claims 5 to 7, further comprising a control unit that identifies a child and overwrites and erases a value obtained by encrypting the data group key held in the data group descriptor. Data management system. When a change in the validity period of a data group is requested,
The decryption unit decrypts the data group key with an encryption key depending on a key generated corresponding to a current validity period;
9. The encryption unit according to claim 6, wherein the encryption unit re-encrypts the decrypted data group key with an encryption key depending on a key generated corresponding to a new valid period. The data management system according to any one of the above. Storing encrypted secret data; and
Storing a data group descriptor that holds a value that identifies a data group that is a management unit of the secret data and a valid period value of the data group;
If the validity period includes a current time, generating a key corresponding to the validity period;
Decrypting the encrypted secret data using the generated key. A data management method comprising:

Images