JP2009244302A - Encryption device, decryption device, data protection system, data protection method, encryption program, decryption program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a technology with which data capacity required for decryption of data can be reduced and difficulty in fraudulent decryption by a malicious third party can be increased in a data protection system for encrypting and decrypting data. <P>SOLUTION: An encryption device includes: an encryption processing section 101 performing a prescribed encryption processing to the object data to be encrypted; and a mask processing section 102 calculating the exclusive OR of a data string of a portion of the encrypted data generated through the encryption processing of the encryption processing section 101 and random numbers having the same data length as the data string. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to a technique that contributes to improvement of a data protection level in a data encryption / decryption system.

  Conventionally, a data encryption / decryption technique using an encryption key and a decryption key paired therewith is known.

  In the above conventional data encryption / decryption system, in order to decrypt the encrypted data generated by the encryption process using a predetermined encryption key, a corresponding decryption key is required (for example, non-patent) See references 1 and 2.)

  When a malicious third party obtains this encrypted data, it attempts to decrypt it by brute force using the decryption key in order to obtain unauthorized data, such as “Brute Force Attack” or “Brute Force Password Cracking”. Can be used.

  For this technique, measures such as increasing the cost of brute force by increasing the length of the decryption key or adopting an encryption algorithm with a large computation load for decryption processing are considered. It is done. However, with the above measures, there is a possibility that the data protection function at the level assumed at the time of encryption cannot be maintained for a long period of time due to improvement in the performance of the computer.

In addition, as a technique for solving the problems caused by the improvement in the performance of the computer as described above, an encryption technique “one-time pad encryption” using a random number having the same data length as the plaintext data to be encrypted is known. (For example, refer nonpatent literature 3.).
RLRivest, “All-Or-Nothing Encryption and The Package Transform”, Fast Software Encryption FSE'97 Lecture Notes in Computer Science, vol. 1267, pp. 210-218, 1997 NIST: FIPS PUB 81 “DES MODES OF OPERATION” (http://www.itl.nist.gov/fipspubs/fip81.htm) December 13, 2002 Lecture "Cryptography and Random Numbers" Professor Eiji Okamoto, University of Tsukuba (http://www.21coe.chuo-u.ac.jp/security/okamoto2002-12-13/okamoto.pdf)

  However, in the above "One Time Pad Encryption", it is necessary for the device that decrypts the encrypted data to receive a random number having the same data length as the plaintext data to be encrypted in the same way as the encrypted data. There is a problem that the amount of communication in the device that performs the decoding is large.

  The present invention has been made to solve the above-described problems. In a data protection system for encrypting and decrypting data, the present invention aims to reduce the data capacity required for data decryption and It is an object of the present invention to provide a technique that can increase the difficulty of unauthorized decryption by a person.

  In order to solve the above-described problem, an encryption apparatus according to an aspect of the present invention includes an encryption processing unit that performs predetermined encryption processing on target data to be encrypted, and encryption processing performed by the encryption processing unit. A mask processing unit that calculates an exclusive OR of a partial data string of the generated encrypted data and a random number having the same data length as the data string is provided. .

  In addition, a decryption device according to an aspect of the present invention is a decryption device that decrypts encrypted data that has been subjected to predetermined mask processing using random number data, and is a decryption target A data acquisition unit for acquiring target data; a mask information acquisition unit for acquiring random number data used in the predetermined mask processing; and a data area obtained by calculating an exclusive OR with the random number data; and the mask information Based on the information acquired by the acquisition unit, generated by the mask cancellation unit and the mask cancellation unit for canceling data protection by predetermined mask processing for the data to be decoded acquired by the data acquisition unit A decryption key obtaining unit for obtaining a decryption key for decrypting the encrypted data, and an encryption generated by the mask release unit based on the decryption key obtained by the decryption key obtaining unit. It is to characterized in that it comprises a decoding unit for decoding of Data.

  The data protection system according to one aspect of the present invention includes an encryption processing unit that performs predetermined encryption processing on target data to be encrypted, and encrypted data generated by the encryption processing in the encryption processing unit. An encryption apparatus having a mask processing unit that performs a predetermined mask process for calculating an exclusive OR of a part of the data string and random number data having the same data length as the data string; and A data acquisition unit that acquires data subjected to mask processing, and mask information acquisition that acquires random number data used in the predetermined mask processing and information indicating a data area obtained by calculating an exclusive OR with the random number data The data protection by the predetermined mask process for the data to be decoded acquired by the data acquisition unit based on the information acquired by the unit and the mask information acquisition unit Based on the decryption key, the decryption key acquisition unit for acquiring the decryption key for decrypting the encrypted data generated by the mask release unit, and the decryption key acquired by the decryption key acquisition unit And a decryption device having a decryption unit for decrypting the encrypted data generated by the mask canceling unit.

  The data protection method according to one aspect of the present invention includes an encryption processing step for performing predetermined encryption processing on target data to be encrypted, and encrypted data generated by the encryption processing in the encryption processing step. A mask processing step for performing a predetermined mask processing for calculating an exclusive OR of a part of the data sequence and random number data having the same data length as the data sequence, and the mask processing is performed in the mask processing step. A data acquisition step of acquiring the acquired data, a mask information acquisition step of acquiring information indicating a random number data used in the predetermined mask process and a data area obtained by calculating an exclusive OR with the random number data, and the mask information Based on the information acquired in the acquisition step, the data to be decoded acquired by the data acquisition unit is decoded by a predetermined mask process. Acquired in the mask release step for releasing the data protection, the decryption key acquisition step for acquiring the decryption key for decrypting the encrypted data generated in the mask release step, and the decryption key acquisition step And a decrypting step for decrypting the encrypted data generated in the unmasking step based on the decryption key.

  An encryption program according to one aspect of the present invention includes an encryption processing step for performing predetermined encryption processing on target data to be encrypted, and encrypted data generated by the encryption processing in the encryption processing step. A mask processing step of calculating an exclusive OR of a part of the data string and a random number having the same data length as the data string is executed by a computer.

  In addition, a decryption program according to an aspect of the present invention is a decryption program for decrypting encrypted data that has been subjected to predetermined mask processing using random number data, and is a decryption target to be decrypted A data acquisition step for acquiring data; a mask information acquisition step for acquiring random number data used in the predetermined mask processing; and information indicating a data area obtained by calculating exclusive OR with the random number data; and the mask information acquisition Based on the information acquired in the step, the data to be decrypted acquired in the data acquisition unit is generated in a mask cancellation step for canceling data protection by a predetermined mask process and the mask cancellation step. Obtained in a decryption key obtaining step for obtaining a decryption key for decrypting encrypted data and the decryption key obtaining step Based on the decryption key, it is characterized in that to execute a decoding step of decoding the encrypted data generated by the unmasking step on the computer.

  As described above in detail, according to the present invention, in a data protection system that encrypts and decrypts data, the data capacity required for decrypting data is reduced, and unauthorized decryption by a malicious third party is performed. It is possible to provide a technique capable of increasing the difficulty of the conversion.

  Embodiments of the present invention will be described below with reference to the drawings.

  FIG. 1 is a diagram showing a schematic system configuration of a data protection system according to an embodiment of the present invention. As shown in FIG. 1, the data protection system according to the present embodiment includes an encryption device 1, a decryption device 2, and a database 3.

  In the data protection system according to the present embodiment, the encryption device 1, the decryption device 2, and the database 3 can communicate with each other via an electric communication line such as the Internet 9. In the present embodiment, as an example, the encryption device 1, the decryption device 2, and the database 3 are connected to be communicable via the Internet line. However, the present invention is not limited to this. Instead, for example, a connection may be made via a telecommunication line such as a LAN (Local Area Network) or a WAN (Wide Area Network).

  In the data protection system according to the present embodiment, data that has been subjected to data protection processing such as encryption by the encryption device 1 is transmitted to the decryption device 2 via the Internet 9. The decryption device 2 decrypts the data received from the encryption device 1 based on various information acquired from the database 3.

  Details of the functions of the encryption device 1, the decryption device 2, and the database 3 will be described below. FIG. 2 is a functional block diagram for explaining the function of each component constituting the data protection system according to the present embodiment.

  First, the encryption device 1 will be described. The encryption apparatus 1 according to the present embodiment includes an encryption processing unit 101, a mask processing unit 102, a mask data setting unit 103, a mask data generation unit 104, an operation input unit 105, a CPU 108, and a MEMORY 109. Yes.

  The encryption processing unit 101 has a role of performing predetermined encryption processing on target data to be encrypted by the encryption device 1.

  The encryption processing executed by the encryption processing unit 101 is, for example, a block encryption method using a common key (for example, a CBC (Cipher Block Chaining) method). Specifically, in the block encryption processing in the encryption processing unit 101, the “target data” to be encrypted is divided into a plurality of blocks each having a predetermined data length, and the encryption processing is performed on each of the plurality of blocks. Perform the block encryption process to be performed.

  Of course, the encryption in the encryption processing unit 101 is not limited to the CBC method, and the key method is not limited to the common key method, and for example, a public key method can be adopted. The encryption processing unit 101 according to the present embodiment sends a decryption key for decrypting the data encrypted by the encryption processing unit 101 to the decryption device 2 via an electric communication line such as the Internet 9. Send.

  The mask processing unit 102 calculates an exclusive OR of a partial data string of the encrypted data generated by the encryption process in the encryption processing part 101 and a random number having the same data length as the data string. To do.

  The mask data setting unit 103 is a partial data string of the encrypted data generated by the encryption processing in the encryption processing unit 101 in the mask processing unit 102 based on the user's operation input to the operation input unit 105. And the data length of the random number data used to calculate the exclusive OR.

  Based on the setting process in the mask data setting unit 103, the mask data generation unit 104 performs (1) desired pseudo-random number data used for a predetermined mask process, and (2) the random data and the exclusive logic in the encrypted data. Information indicating the data area (mask position) in which the sum is calculated (or information regarding the mask position) is generated. The random number data generated by the mask data generation unit 104 is transmitted to the mask processing unit 102 and is also transmitted to the database 3 and registered in the database 3.

  The operation input unit 105 includes, for example, a keyboard, a mouse, a touch panel display, and the like, and has a role of receiving an operation input by a user.

  The CPU 108 has a role of performing various processes in the decryption apparatus 2 and also has a role of realizing various functions by executing a program stored in the MEMORY 109. The MEMORY 109 includes, for example, a ROM, a RAM, and the like, and has a role of storing various information and programs used in the decryption apparatus 2.

  Next, details of the function of the decoding device 2 according to the present embodiment will be described. The decryption apparatus 2 according to the present embodiment has a role of decrypting encrypted data that has been subjected to a predetermined mask process in the encryption apparatus 1. The decryption apparatus 2 includes a data acquisition unit 201, a mask information acquisition unit 202, a mask release unit 203, a decryption key acquisition unit 204, a decryption unit 205, a CPU 208, a MEMORY 209, and an operation input unit 210.

  The data acquisition unit 201 acquires decryption target data (data subjected to encryption processing and mask processing in the encryption device 1) to be decrypted and transmitted from the encryption device 1 via the Internet 9. . The data to be decrypted here is transmitted to the decryption apparatus 2 via the Internet 9, for example, by mail transmission processing by attaching it as an attached file to an email or data transmission processing by a data transfer technique such as FTP. The

  The mask information acquisition unit 202 acquires, from the database 3, information indicating the random number data used for the predetermined mask processing and the data area of the encrypted data obtained by calculating exclusive OR with the random number data.

  Based on the information acquired by the mask information acquisition unit 202, the mask cancellation unit 203 cancels data protection by “predetermined mask processing” for “decryption target data” acquired by the data acquisition unit 201.

  The decryption key acquisition unit 204 acquires a decryption key for decrypting the encrypted data generated by the mask release unit 203 from the encryption processing unit 101 in the encryption device 1 via the Internet 9.

  As described above, in the present embodiment, the data subjected to the mask processing by the mask processing unit 102 and the decryption key information transmitted from the encryption processing unit 101 are transmitted to the decryption apparatus 2 via the Internet 9. It is configured to be transmitted. Of course, the present invention is not limited to this, and in order to further improve the security level, the masked data and the decryption key information are transmitted to the decryption device 2 via different communication means. You can also

The decryption unit 205 decrypts the encrypted data generated by the mask release unit 203 based on the decryption key acquired by the decryption key acquisition unit 204. Specifically, in the decryption processing of the data subjected to the encryption processing in the encryption processing unit 101 adopting the CBC method, each block of the encrypted data is expressed as C _i (i = 1, 2,..., N). In this case, it is represented by the equation of FIG. In the formula of the figure, m _i denotes the data after decoding, K is shown a decryption key, D () shows a decoding processing.

  The CPU 208 has a role of performing various processes in the decryption apparatus 2 and also has a role of realizing various functions by executing a program stored in the MEMORY 209. The MEMORY 209 is composed of, for example, a ROM, a RAM, and the like, and has a role of storing various information and programs used in the decoding device 2. The operation input unit 210 includes, for example, a keyboard, a mouse, a touch panel display, and the like, and has a role of receiving an operation input by a user.

  Next, details of the functions of the database 3 in the present embodiment will be described. The database 3 according to the present embodiment has a role as a data database for managing various information used in the data protection system according to the present embodiment. Specifically, the database 3 includes a mask data management unit 301 that manages random number data used in the encryption device 1 and the decryption device 2, information on a mask position in mask processing, and the like. The database 3 is realized by a device that can transmit data to the decryption device 2 using a communication path different from that of the encryption device 1 (for example, route B in FIG. 2).

  As described above, in the present embodiment, in order to reduce the risk of data decryption by a malicious third party, random data generated by the mask data generation unit 104 is stored in the route B (database 3 shown in FIG. 2). Route to the decoding device 2 via the route), and the data subjected to the mask processing by the mask processing unit 102 is directly transmitted from the mask processing unit 102 to the decoding device 2 as shown in FIG. To the decryption device 2 via the route). In addition, for communication between the encryption device 1, the decryption device 2, and the database 3, it is desirable to perform communication encryption in order to prevent leakage of communication contents to a third party.

  In addition, the random number data generation processing in the mask data generation unit 104 generates random numbers in advance in order to shorten the processing time from generation of a random number generation request to completion of random number generation when it is necessary to perform mask processing. The data may be stored in the MEMORY 109 or the like, and may be used by appropriately selecting from the previously stored random number data.

  Next, details of processing in the data protection system according to the present embodiment will be described.

  The encrypted data encrypted by the encryption processing unit 101 in the encryption device 1 is masked by the mask processing unit 102 and is generated by the mask data generation unit 104 (data having the same size as the encrypted data). And XOR (exclusive OR) processing in units of BIT. FIG. 4 is an image diagram showing an outline of the XOR process between the encrypted data and the mask data in the mask processing unit 102.

  In FIG. 4, each horizontally long rectangle indicates each block in the CBC scheme of block cipher, and “mask data” in FIG. 4 is obtained by filling odd-numbered blocks with random number data and filling the rest with “0”. It has become.

  FIG. 5 is a diagram for explaining details of processing executed in the mask data generation unit 104. The mask data generation unit 104 includes a random number distribution pattern generator 104a, a random number generator 104b, and a random number data position generator 104c.

  The mask data generation unit 104, for example, “required protection strength level for protection of target data”, “decryption device 2” set by the mask data setting unit 103 based on a user operation input to the operation input unit 105. The mask data pattern is selected and generated based on the “capacity of the communication line used in” and the “capacity of the storage area (for example, the database 3 or the MEMORY 209) holding the mask data”. Specifically, a parameter given as a mask data pattern from the mask data setting unit 103 to the mask data generation unit 104 is “encrypted data to be masked” of “random number data ratio (“ data length of random number data ”). The ratio to the “data length”) ”,“ number of subdivisions ”,“ block selection rule ”, and the like.

  First, the mask data generation unit 104 obtains the total random number data length Z * P in the random number distribution pattern generator 104a from the size Z of the target encrypted data and the random number data ratio P. Next, random number data of length Z * P is generated in the random number generator 104b. The random number distribution pattern generator 104a divides the generated random number data by the subdivision number M, and embeds the divided random number data in the data previously filled with 0 of the length Z. This embedding position is determined as follows according to a predetermined block selection rule.

(1) If the block selection rule is “0”, select an odd block,

Length of divided random data ≥ Block length

If so, random number data is embedded from the start position of each odd block.

on the other hand,

Length of divided random data <block length

In this case, the random number data position generator 104c generates a uniform random number ranging from 0 to the block length, and embeds the random number data divided using the random value as the start position in the block.

  (2) If the block selection rule is “1”, an even block is selected, processed in the same manner as the odd block, and the divided random number data is embedded.

(3) When the block selection rule is “2”,

Length of divided random data ≥ Block length

If so, the random number data position generator generates a uniform random number ranging from 0 to the total number of blocks, and embeds the random number data divided from the start position of the block of the random value.

on the other hand,

Length of divided random data <block length

If so, the random number data position generator generates a uniform random number in the range from 0 to the total number of blocks and a uniform random number in the range from 0 to the block length, and becomes an embedding target based on the random number value. Select the block and the start position in the block, and embed the divided random number data.

  Depending on the start position of the mask data in the selected block, the random number data as the mask data may straddle adjacent blocks. In such a case, there is a possibility that the mask process is not performed in the same area in the block in a plurality of adjacent blocks. Therefore, in order to prevent the occurrence of the above situation, if there is mask data exceeding the rear end of the block to be masked, the mask data is assigned to an unmasked area in the block to be masked. Therefore, it is preferable to embed random number data. FIG. 6 is a diagram illustrating an example of a mask data arrangement method for blocks to be masked.

  In the example shown in FIG. 6, the mask data exceeding the rear end of the block to be masked is arranged from the front end of the block (see symbol Q in FIG. 6), but is not limited to this. For example, the remaining mask data may be arranged from the start position in the block toward the front end of the block (see the region Z surrounded by the broken line in FIG. 6).

  The mask data and the encrypted data generated as described above are subjected to mask processing by the mask processing unit 102 (see FIG. 4), and the masked encrypted data (hereinafter referred to as mask encrypted data). ) To the decoding device 2. The mask encrypted data transmitted from the mask processing unit 102 is acquired by the data acquisition unit 201 in the decryption apparatus 2 and stored in, for example, the MEMORY 209.

  In this way, the mask processing unit 102, for example, the data sequence of even-numbered or odd-numbered blocks from the first block of the target data divided into a plurality of blocks in the encryption processing by the encryption processing unit 101, and An exclusive OR with a random number having the same data length as the data string can be calculated. Of course, the data sequence of the even-numbered or odd-numbered block does not necessarily have to be a mask target, and the mask processing unit 102 does not need to include at least the target data divided into a plurality of blocks in the encryption processing by the encryption processing unit 101. A configuration may be adopted in which an exclusive OR of a data string included in one block and a random number having the same data length as the data string is calculated.

  Note that the mask data used in the mask processing in the mask processing unit 102 is stored in the database 3. The mask data management unit 301 performs data management while holding each mask data held in the database 3 and the correspondence between the mask data and the mask encrypted data.

  Next, the flow of processing performed on the mask encrypted data after the decryption apparatus 2 receives the mask encrypted data will be described in detail.

  The mask information acquisition unit 202 in the decryption apparatus 2 acquires from the database 3 mask data (random number data and information indicating the mask position) corresponding to the mask encrypted data acquired by the data acquisition unit 201. At this time, when the mask data management unit 301 in the database 3 confirms that the user or the decryption apparatus 2 is used for a legitimate purpose by an authentication process or the like, if necessary, and determines that the use is unauthorized. May refuse to provide mask data.

  The mask information acquisition unit 202 inputs the acquired mask data and the mask encrypted data acquired by the data acquisition unit 201 (or the mask encrypted data held in the MEMORY 209) to the mask release unit 203.

  FIG. 7 is a diagram showing details of the mask release processing in the mask release unit 203. The mask release unit 203 calculates the exclusive OR as shown in FIG. 7 to obtain encrypted data from the exclusive OR property when the same mask data is applied.

  The decryption key acquisition unit 204 acquires a decryption key necessary for decrypting the encrypted data from the encryption processing unit 101.

  The decryption unit 205 uses the decryption key acquired by the decryption key acquisition unit 204 to decrypt the encrypted data obtained by the mask release unit 203. In the present embodiment, as an example, the configuration in which the decryption key is directly transmitted from the encryption processing unit 101 to the decryption device 2 via the Internet 9 is shown, but the present invention is not limited to this. For example, the decryption device 2 may obtain the decryption key by an input method such as an input by an operation input to the operation input unit 210 by a user of the decryption device 2 or an input via a medium such as a USB key. Alternatively, a secure data storage area (such as a tamper-resistant memory area) in which information cannot be easily extracted from the outside is provided inside the decryption apparatus 2, and a decryption key is stored in advance in the data storage area. May be.

  In general, in the encryption process by the “CBC block method”, if there are two consecutive blocks divided into a plurality of blocks at the time of encryption, the decrypted data can be obtained illegally by a brute force attack against the decryption key.

However, if the encrypted data is further masked as in this embodiment (see FIG. 4), either C _i or C _{i + 1} is XORed with random number data. , to get the correct result m _i, unauthorized users other than the decryption key K, it is necessary to estimate the brute random data, it becomes more difficult to obtain unauthorized results. If attention is paid to the block unit, the same effect as the one-time pad encryption can be obtained.

  In addition, since the mask data generated by the processing shown in the present embodiment only needs to send each block of random number data and information indicating the random number data application position (odd number) to the decoding device 2 during communication. Compared with the case of encryption by one-time pad encryption, it is possible to greatly reduce the amount of data communication. In addition, mask data can be saved by significantly reducing the storage area capacity as compared with the one-time pad encryption. Also, the XOR (exclusive OR) process of the random number data and the mask encrypted data at the time of the decryption process in the decryption unit 205 is much larger than when applied to the entire data length as in the one-time pad cipher. Reduction of processing can be realized.

  In order to further reduce the communication capacity, the storage area capacity, and the calculation processing amount, as shown in FIG. 8, the area to be filled with the random number data of the mask data is reduced, and “α” in FIG. 8 is used instead. As shown, it may be filled with “0”. In this case, an unauthorized user who does not have mask data may estimate the decryption key while performing a brute force attack of the decryption key while estimating the size and information of the part disturbed by the random number data of the mask encryption data. This is necessary and is more difficult than simply estimating the decryption key K.

  Further, as can be easily inferred from the effect of the one-time pad encryption, even if the data in the region disturbed by the random number data in the mask data has the correct decryption key K, it can be normally decrypted without the mask data. It is not possible. Also, various patterns can be adopted for the masking position by the random number data, and unauthorized acquisition of the protection target data can be made more difficult by changing this pattern as necessary. Note that the mask position pattern based on the mask data may be stored in advance in the MEMORY 109 of the encryption apparatus 1 as a template and may be used as appropriate. 9 to 12 are diagrams showing some pattern examples of the mask position based on the mask data.

  In the above-described embodiment, the data sequence masked with the random number data in the mask processing is an even number or an odd number from the first block of the target data divided into a plurality of blocks in the encryption processing by the encryption processing unit 101. However, it is not always necessary to perform such regular mask processing. For example, when the data to be protected is compressed data, the data area in which the dictionary data in the compressed data is stored becomes a particularly important data part for decoding the data to be protected. In such a case, it is possible to further increase the level of data protection by intensively masking the data portion (data string located in a predetermined data area).

  Further, in the mask processing by the mask processing unit 102, it is not always necessary to uniformly apply mask processing to all data strings of encrypted data. Only the periphery of the important data portion as described above is masked. You may make it raise a density and a coverage. For example, the mask processing unit 102 uses a data string located in a predetermined data area in the encrypted data generated in the encryption process by the encryption processing part 101 from a data string in a data area other than the predetermined data area. Also, the mask process can be performed so that the ratio of the data amount for calculating the exclusive OR with the random number is increased.

  FIG. 13 is a flowchart for explaining the flow of processing (data protection method) in the data protection system according to this embodiment.

  The mask data setting unit 103 is a partial data string of the encrypted data generated by the encryption processing in the encryption processing unit 101 in the mask processing unit 102 based on the user's operation input to the operation input unit 105. And the data length of the random number data used to calculate the exclusive OR (mask data setting step) (S101). In this way, by controlling the data length (data capacity) of random number data used for mask processing according to the importance (required security level) of the target data to be encrypted, control of the traffic during decryption And the amount of additional processing can be controlled.

  Note that the various setting processes by the mask data setting unit 103 do not necessarily need to be based on the user's operation input. For example, the data length of the target data, communication used for communication between the encryption device 1 and the decryption device 2 It may be automatically set based on the type of line, traffic load, calculation load in the encryption device 1 and decryption device 2, and the like.

  The mask data generation unit 104 generates desired pseudorandom number data based on the setting process in the mask data setting unit 103 (mask data generation step) (S102).

  The encryption processing unit 101 performs predetermined encryption processing on the target data to be encrypted (encryption processing step) (S103).

  The mask processing unit 102 includes a partial data string of encrypted data generated by the encryption process in the encryption process step, and random data having the same data length as the data string (generated in the mask data generation step) A predetermined mask process for calculating the exclusive OR with is performed (mask process step) (S104).

  The data acquisition unit 201 acquires the data subjected to the mask processing in the mask processing step (data acquisition step) (S105).

  The mask information acquisition unit 202 acquires random number data used for a predetermined mask process and information indicating a data area obtained by calculating exclusive OR with the random number data (mask information acquisition step) (S106).

  Based on the information acquired in the mask information acquisition step, the mask cancellation unit 203 cancels data protection by predetermined mask processing for the data to be decoded acquired in the data acquisition unit (mask cancellation step) ( S107).

  The decryption key acquisition unit 204 acquires a decryption key for decrypting the encrypted data generated in the mask release step (decryption key acquisition step) (S108).

  Based on the decryption key acquired in the decryption key acquisition step, the decryption unit 205 decrypts the encrypted data generated in the mask release step (decryption step) (S109).

  Each step in the processing in the encryption apparatus described above is realized by causing the CPU 108 to execute the encryption program stored in the MEMORY 109. Each step in the processing in the decryption apparatus is realized by causing the CPU 208 to execute the encryption program stored in the MEMORY 209.

  In this embodiment, the function for implementing the invention is recorded in advance in the apparatus. However, the present invention is not limited to this, and the same function may be downloaded from the network to the apparatus, and the same function is recorded. What is stored in the medium may be installed in the apparatus. The recording medium may be any form as long as the recording medium can store the program and can be read by the apparatus, such as a CD-ROM. Further, the function obtained by installing or downloading in advance may be realized in cooperation with an OS (operating system) or the like inside the apparatus.

  As described above, in the present embodiment, the properties of the block encryption processing generally used for data encryption and the properties of the one-time pad encryption method are applied to the encrypted data encrypted by a normal method. On the other hand, post-processing is performed. Thereby, unauthorized data decryption by a brute force attack on the decryption key can be made more difficult. In addition, even when a device that performs decoding is a small terminal device with low processing capability, by reducing the data amount of information necessary for decoding as much as possible, the computation load and communication amount in decoding can be reduced. Compared to the one-time pad encryption method, it can be kept low.

  Although the present invention has been described in detail according to particular embodiments, it will be apparent to those skilled in the art that various changes and modifications can be made without departing from the spirit and scope of the invention.

1 is a diagram showing a schematic system configuration of a data protection system according to an embodiment of the present invention. It is a functional block diagram for demonstrating the function of each component which comprises the data protection system by this Embodiment. It is a figure which shows the computing equation in a decoding process. It is an image figure which shows the outline | summary of the XOR process of the encrypted data and mask data in the mask process part. 6 is a diagram for explaining details of processing executed inside a mask data generation unit 104. FIG. It is a figure which shows an example of the arrangement method of the mask data with respect to the block which is a mask object. It is a figure which shows the detail of the mask release process in the mask release part 203. FIG. It is a figure for demonstrating the case where the area | region filled with the random number data of mask data is made small. It is a figure which shows the example of a pattern of the mask position by mask data. It is a figure which shows the example of a pattern of the mask position by mask data. It is a figure which shows the example of a pattern of the mask position by mask data. It is a figure which shows the example of a pattern of the mask position by mask data. It is a flowchart for demonstrating the flow of the process (data protection method) in the data protection system by this Embodiment.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Encryption apparatus, 101 Encryption process part, 102 Mask process part, 103 Mask data setting part, 104 Mask data generation part, 105 Operation input part, 108 CPU, 109 MEMORY, 2 Decryption apparatus, 201 Data acquisition part, 202 Mask information acquisition unit, 203 Mask release unit, 204 Decryption key acquisition unit, 205 Decryption unit, 208 CPU, 209 MEMORY, 210 Operation input unit, 3 Database, Mask data management unit 301

Claims (22)

An encryption processing unit that performs predetermined encryption processing on target data to be encrypted;
A mask processing unit that calculates an exclusive OR of a partial data string of encrypted data generated by the encryption processing in the encryption processing unit and a random number having the same data length as the data string;
An encryption device comprising: The encryption device according to claim 1,
The encryption processing unit divides the target data into a plurality of blocks each having a predetermined data length, and executes block encryption processing for performing encryption processing on each of the plurality of blocks.
The mask processing unit excludes a data sequence included in at least one block of target data divided into a plurality of blocks in the encryption processing by the encryption processing unit, and a random number having the same data length as the data sequence An encryption device that calculates a logical OR. The encryption device according to claim 1,
The encryption processing unit divides the target data into a plurality of blocks each having a predetermined data length, and executes block encryption processing for performing encryption processing on each of the plurality of blocks.
The mask processing unit has an even or odd block data string from the first block of the target data divided into a plurality of blocks in the encryption process by the encryption processing unit, and has the same data length as the data string An encryption device that calculates an exclusive OR with a random number. The encryption device according to claim 1,
The mask processing unit excludes at least a data sequence located in a predetermined data area of encrypted data generated in the encryption processing by the encryption processing unit and a random number having the same data length as the data sequence. An encryption device that calculates a logical OR. The encryption device according to claim 1,
The mask processing unit has a data string located in a predetermined data area in the encrypted data generated in the encryption process by the encryption processing part, more than a data string in a data area other than the predetermined data area. the random number and exclusive encryption device increase the proportion of the amount of data for calculating the logical sum. The encryption device according to claim 1,
An encryption apparatus comprising: a mask data setting unit that sets a data length that is an object of calculation of exclusive OR in the mask processing unit based on a user operation input. The encryption device according to claim 1,
The encryption processing unit divides the target data into a plurality of blocks each having a predetermined data length, and executes block encryption processing for performing encryption processing on each of the plurality of blocks.
The mask processing unit excludes a data string in a predetermined data area of each block of target data divided into a plurality of blocks in the encryption process by the encryption processing unit and a random number having the same data length as the data string An encryption device that calculates a logical OR. A decryption device for decrypting encrypted data subjected to a predetermined mask process using random number data,
A data acquisition unit for acquiring the decoding target data to be decoded;
A mask information acquisition unit that acquires information indicating a random number data used in the predetermined mask processing and a data area obtained by calculating an exclusive OR with the random number data;
Based on the information acquired by the mask information acquisition unit, the mask release unit for releasing data protection by a predetermined mask process for the data to be decoded acquired by the data acquisition unit;
A decryption key acquisition unit for acquiring a decryption key for decrypting the encrypted data generated by the mask release unit;
A decryption device comprising: a decryption unit that decrypts encrypted data generated by the mask release unit based on a decryption key acquired by the decryption key acquisition unit. The decoding device according to claim 8,
The data acquisition unit and the mask information acquisition unit are decoding devices that acquire data via different communication paths. An encryption processing unit that performs predetermined encryption processing on target data to be encrypted;
A predetermined mask process for calculating an exclusive OR of a partial data string of the encrypted data generated by the encryption process in the encryption processing unit and random number data having the same data length as the data string; An encryption device having a mask processing unit to perform,
A data acquisition unit for acquiring data subjected to mask processing in the mask processing unit;
A mask information acquisition unit that acquires information indicating a random number data used in the predetermined mask processing and a data area obtained by calculating an exclusive OR with the random number data;
Based on the information acquired by the mask information acquisition unit, the mask release unit for releasing data protection by a predetermined mask process for the data to be decoded acquired by the data acquisition unit;
A decryption key acquisition unit for acquiring a decryption key for decrypting the encrypted data generated by the mask release unit;
A data protection system comprising: a decryption device having a decryption unit that decrypts encrypted data generated by the mask release unit based on a decryption key acquired by the decryption key acquisition unit . The data protection system of claim 10, wherein
The data acquisition system wherein the data acquisition unit and the mask information acquisition unit acquire data via different communication paths. An encryption processing step for performing predetermined encryption processing on target data to be encrypted;
A predetermined mask process for calculating an exclusive OR of a partial data string of encrypted data generated by the encryption process in the encryption process step and random number data having the same data length as the data string; Mask processing steps to be performed;
A data acquisition step of acquiring data subjected to mask processing in the mask processing step;
A mask information obtaining step for obtaining information indicating a random number data used in the predetermined mask processing and a data area obtained by calculating an exclusive OR with the random number data;
Based on the information acquired in the mask information acquisition step, the mask release step for releasing data protection by a predetermined mask process for the data to be decoded acquired by the data acquisition unit;
A decryption key obtaining step for obtaining a decryption key for decrypting the encrypted data generated in the unmasking step;
Based on the decryption key acquired in the decryption key acquisition step, a decryption step of decrypting the encrypted data generated in the unmasking step;
A data protection method comprising: The data protection method according to claim 12,
A data protection method in which the data acquisition step and the mask information acquisition step acquire data via different communication paths. An encryption processing step for performing predetermined encryption processing on target data to be encrypted;
A mask processing step for calculating an exclusive OR of a partial data string of the encrypted data generated by the encryption process in the encryption processing step and a random number having the same data length as the data string;
An encryption program that causes a computer to execute. The encryption program according to claim 14,
The encryption processing step divides the target data into a plurality of blocks each having a predetermined data length, and executes block encryption processing for performing encryption processing on each of the plurality of blocks,
The mask processing step is an exclusive of a data string included in at least one block of target data divided into a plurality of blocks in the encryption process in the encryption processing step and a random number having the same data length as the data string An encryption program that calculates the logical OR. The encryption program according to claim 14,
The encryption processing step divides the target data into a plurality of blocks each having a predetermined data length, and executes block encryption processing for performing encryption processing on each of the plurality of blocks,
The mask processing step has the same data length as the data sequence of the even-numbered block or odd-numbered block from the first block of the target data divided into a plurality of blocks in the encryption processing in the encryption processing step. An encryption program that calculates exclusive OR with random numbers. The encryption program according to claim 14,
The mask processing step excludes at least a data string located in a predetermined data area in the encrypted data generated in the encryption process by the encryption processing step and a random number having the same data length as the data string An encryption program that calculates the logical OR. The encryption program according to claim 14,
In the mask processing step, a data string located in a predetermined data area in the encrypted data generated in the encryption process in the encryption processing step is more than a data string in a data area other than the predetermined data area. An encryption program for increasing a ratio of calculating an exclusive OR with the random number. The encryption program according to claim 14,
An encryption program comprising a mask data setting step for setting a data length that is a target of calculation of exclusive OR in the mask processing step based on a user operation input. The encryption program according to claim 14,
The encryption processing step divides the target data into a plurality of blocks each having a predetermined data length, and executes block encryption processing for performing encryption processing on each of the plurality of blocks,
The mask processing step excludes a data string in a predetermined data area of each block of target data divided into a plurality of blocks in the encryption process in the encryption processing step and a random number having the same data length as the data string An encryption program that calculates the logical OR. A decryption program for causing a computer to execute a process of decrypting encrypted data subjected to a predetermined mask process using random number data,
A data acquisition step for acquiring decryption target data to be decrypted;
A mask information obtaining step for obtaining information indicating a random number data used in the predetermined mask processing and a data area obtained by calculating an exclusive OR with the random number data;
Based on the information acquired in the mask information acquisition step, the mask release step for releasing data protection by a predetermined mask process for the data to be decoded acquired by the data acquisition unit;
A decryption key obtaining step for obtaining a decryption key for decrypting the encrypted data generated in the unmasking step;
A decryption program that causes a computer to execute a decryption step of decrypting the encrypted data generated in the unmasking step based on the decryption key acquired in the decryption key acquisition step. The decoding program according to claim 21, wherein
The data acquisition step and the mask information acquisition step are decoding programs for acquiring data via different communication paths.

Images