JP2011054028A - System for encryption network storage - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an inexpensive system for encryption network storage that improves security in data encryption/decryption thereof and requires no dedicated application program on a client side. <P>SOLUTION: The system for encryption network storage converts a secret encryption key input from a client terminal to a one-way encryption key including a secure hash, and transmits it to a server, to encrypt/decrypt a file using the one-way encryption key. The one-way encryption in the client terminal is executed in a web browser of the client terminal using a script embedded in an HTML file downloaded from the server. The one-way encryption key transmitted from the client terminal to the server is not stored in the server. <P>COPYRIGHT: (C)2011,JPO&INPIT

Description

  The present invention relates to an encrypted network storage system, and in particular, has a feature in a method for creating and managing an encryption key used when encrypting / decrypting data stored in a network storage.

  Network storage is a file server dedicated machine that is directly connected to the network, but is a single-function server that integrates a hard disk with a network interface, OS, management utility, etc., and allows storage devices to be directly connected to the network. It is called like this because it seems to be connected. It can be used as a shared disk from other computers connected to the network in the same way as a normal file server. Since the file system and network communication function are built-in from the beginning, it is easy to introduce and add to the system, and it is easy to share data from multiple servers of different types.

On the other hand, security is required for exchanging important corporate information. For this reason, data stored in the network storage is encrypted.
One method is to perform encryption processing in a user computer (hereinafter referred to as “client terminal”) that uses network storage, and transfer the encrypted data to a server for storage. This is highly secure in that plaintext data is not leaked to the outside, but it is necessary to prepare a dedicated application program for each client terminal, and the system becomes complicated, so a normal Web browser was used. There is a problem that the system cannot be constructed.
In another method, an encryption key (plaintext) and data (plaintext) are transmitted from a client terminal to a server via a network, and the server encrypts and stores the data using the encryption key. Although there is no risk of leakage during communication if the security of the communication path is ensured, there is always a risk of information leakage by the server side administrator. In other words, when the encryption key is stored in the server without being transmitted every time in order to simplify the system and the encryption / decryption is performed using the key, the server side administrator reads the encryption key. This is because the stored encrypted data is decrypted. Therefore, it is conceivable to use a system in which the encryption key is not stored in the server, is sent from the client terminal each time, and is not stored (destroyed) after the encryption / decryption processing is completed (see paragraph 0096 of Patent Document 1).
However, since the plaintext encryption key is transmitted to the server, if it is read by a third party, the data is easily decrypted.

JP 2003-271438 A

  The present invention has been made in view of the circumstances as described above, and improves the security of data encryption / decryption in an encrypted network storage system and does not require a dedicated application program on the client side. An object is to provide an inexpensive encrypted network storage system.

According to the present invention, a Web server provided with a storage device and a plurality of user client terminals are connected to each other via a network so that they can communicate with each other, and a data file uploaded from the client terminal is reversibly encrypted. The above object of the present invention relates to an encrypted network storage system stored in
The client terminal performs one-way encryption on the input means and the plaintext secret encryption key input by the input means, and generates a one-way encrypted encryption key (hereinafter referred to as “one-way encryption key”). One-way encryption generation means, and storage means for storing the one-way encryption key,
The Web server includes message authentication means for detecting whether or not the one-way encryption key transmitted from the client terminal has been tampered with, and the data file is reversibly encrypted using the one-way encryption key and reversibly encrypted. Reversible encryption means for storing the stored data file in the storage device,
The message authentication means calculates a message authentication code (hereinafter referred to as “MAC value”) of the one-way encryption key transmitted from the client terminal, and stores the MAC value and the storage device in advance. The MAC value of the one-way encryption key is checked, and if it matches, the encryption by the reversible encryption means is permitted, and if it does not match, the encryption is not permitted and the client terminal is notified of that, The one-way encryption generating means of the client terminal is executed by the Web browser of the client terminal by a script embedded in an HTML file downloaded from the Web server, and the one-way encryption key is: As part of cookie information transmitted from the client terminal to the Web server, the storage means Is 憶, the the Web server is achieved by encrypting the network storage system, characterized in that not saved.

  The object of the present invention is further characterized in that the client terminal further comprises reversible encryption means for reversibly encrypting the plaintext secret encryption key and generating a reversibly encrypted secret encryption key, wherein the reversible encryption is performed. The encryption network storage system is effectively achieved by storing the secret encryption key in the storage means and displaying the decrypted secret encryption key.

  Furthermore, the object of the present invention is to provide a file name encryption key and a file based on the one-way encryption key so that the Web server separately encrypts the file name and file data of the data file. Further comprising encryption key generation means for generating data encryption keys, wherein the reversible encryption means reversibly encrypts the file name and the file data using the file name encryption key and the file data encryption key, respectively. And is effectively achieved by the encrypted network storage system characterized in that it is stored in the storage device.

Still further, the object of the present invention is that the Web server further includes a one-way encryption generating unit, and the one-way encryption is performed from the extended key input from the input unit of the client terminal and the file data encryption key. Generate an encryption key for extended file data by, and
The reversible encryption unit is more effectively achieved by the encrypted network storage system, wherein the file data is reversibly encrypted using the extended file data encryption key and stored in the storage device. .

Furthermore, the object of the present invention is that the Web server further comprises random number generation means,
At the time of upload request of the data file from the client terminal, a fingerprint is generated by the one-way encryption generation unit from a part of the extended file data encryption key and the random number generated by the random number generation unit, and the random number And storing in the storage device together with
Based on the extension key corresponding to the data file input from the client terminal and the random number read from the storage device at the time of the download request of the data file from the client terminal, the one-way encryption generating means Regenerating a fingerprint, collating the regenerated fingerprint with the fingerprint read from the storage device, and permitting downloading of the data file if they match This is achieved more effectively by the network storage system.

According to the encrypted network storage system of the present invention, the secret encryption key (plain text) input from the client terminal is one-way encrypted and transmitted to the Web server, and is used as the encryption / decryption key for file data. Even if the administrator of the Web server steals the encryption key, it cannot be restored to the original secret encryption key (plaintext). Therefore, the encrypted data file is impersonated by the user. It cannot be decrypted and downloaded.
In addition, since the one-way encryption of the secret encryption key (plain text) in the client terminal is executed by a script embedded in HTML downloaded from the Web server, it is only necessary to install a Web browser on the client terminal. The system installation cost is low because no special software is required. Furthermore, since the Web browser is used, the one-way encryption key is stored as a cookie in the client terminal, and it is not necessary to re-enter the secret encryption key (plain text) at the next access.

According to the preferred embodiment of the present invention, not only the file data but also the file name is encrypted using different encryption keys, so that the contents of the file can be inferred from the file name and subjected to attack. Can be prevented.
In addition, the encryption key used to encrypt / decrypt file data is added with a different extension key for each file, and a new encryption key is generated and used, greatly improving safety. To do.

1 is a block diagram showing the overall configuration of an encrypted network storage system according to the present invention. It is a block diagram which shows an example of an internal structure of the web server in the encryption network storage system which concerns on this invention. It is a block diagram which shows an example of an internal structure of the client terminal in the encryption network storage system which concerns on this invention. It is a figure for demonstrating the procedure of the initialization of the encryption key by a management user. It is a figure for demonstrating the procedure of the initialization of the encryption key by a general user. It is a figure for demonstrating the procedure of the upload to a Web server in Example 1 of this invention. It is a figure for demonstrating the procedure of the download from a Web server in Example 1 of this invention. It is a figure for demonstrating the procedure of the upload to a Web server in Example 2 of this invention. It is a figure for demonstrating the procedure of the download from a Web server in Example 2 of this invention. It is a figure for demonstrating the procedure of the upload to a Web server in Example 3 of this invention. It is a figure for demonstrating the procedure which produces | generates the encryption key for extended file data in Example 3 of this invention, and the fingerprint. It is a figure for demonstrating the procedure of the download from a Web server in Example 3 of this invention.

  An embodiment of an encrypted network storage system according to the present invention will be described in detail with reference to the drawings.

  FIG. 1 is a block diagram showing the overall configuration of an encrypted network storage system according to the present invention. A provider's Web server (hereinafter simply referred to as “server”) 100 that provides this system, and this system are used. A user client terminal 200 (consisting of a management user terminal 201 and a general user terminal 202) is connected via a network 300 so as to be able to communicate with each other.

FIG. 2 is a block diagram showing an example of the internal configuration of the server 100 in the encrypted network storage system according to the present invention.
The storage device (storage) 101 is a place where files uploaded by the user are encrypted and stored, and is also a place where data (for example, authentication data) is stored as necessary. The server 100 does not necessarily have to be built in, and may be externally attached.
As will be described later, the encryption key registration unit 102 calculates the MAC value of the one-way encryption key transmitted from the client terminal (for management user) 201 at the time of user registration, and registers it in the storage device 101. is there.
The message authentication unit 103 calculates the MAC value of the one-way encryption key transmitted each time the client terminal 200 accesses, and the MAC value and the MAC value of the one-way encryption key registered in the storage device 101 If they match, the file encryption / decryption is permitted, and if they do not match, the file is not permitted and is notified to the client terminal 200.
The reversible encryption unit 104 reversibly encrypts the data file uploaded from the client terminal 200 using the one-way encryption key, stores the reversibly encrypted data file in the storage device 101, and receives data from the client terminal 200. Based on the download request, the data file is decrypted using a one-way encryption key. As a reversible encryption algorithm, for example, a common key cryptosystem such as DES can be used.
The encryption key generation unit 105 includes a file name encryption key and a file name encryption key for individually encrypting the file name and file data of the data file from the one-way encryption key transmitted from the client terminal (for general user) 202. Each file data encryption key is generated. For example, two new encryption keys can be generated by rearranging the bit strings of the one-way encryption keys according to different rules.
The random number generator 106 generates a random number having a predetermined number of bits. In addition, the one-way encryption generation unit 107 generates a fingerprint (message digest) of input data, and for example, a hash function can be used.
The communication means 108 communicates with an external device via a network, and the control means 109 controls each of the above means by a predetermined control program, and includes a CPU, RAM, ROM, and the like.

FIG. 3 is a block diagram showing an example of the internal configuration of a client terminal (hereinafter referred to as “terminal”) 200 in the encrypted network storage system according to the present invention. The configuration is the same for both administrative users and general users. A general personal computer is available.
The input unit 211 is for inputting data to the terminal 200, and is, for example, a keyboard. The display means 212 displays data in a form that can be seen by human eyes, and a display device corresponds to this. The storage unit 213 stores input data or downloaded data, and a fixed storage device (for example, a hard disk) or a USB memory can be used.
The one-way cipher generation unit 214 generates a one-way encryption key from the input secret encryption key (plain text) and stores it in the storage unit 213 as part of the cookie information. For example, a hash function or a MAC function (Including HMAC) is available.
Also, the reversible encryption means 215 performs reversible encryption (common key encryption method) on the input secret encryption key with a system-fixed common key (not shown), and stores it in the storage means 213 as part of the cookie information. Is. The one-way encryption generation unit 214 and the reversible encryption unit 215 are referred to as a Web browser (hereinafter simply referred to as “browser”) by using a script (for example, JavaScript (registered trademark)) incorporated in an HTML file downloaded from the server. ) Run on. Since the reversible encryption of the secret encryption key is performed in order to safely store the secret encryption key in the terminal, if the secret encryption key can be safely stored in a safe by writing it on paper The reversible encryption means 215 can be omitted.
The communication means 216 communicates with the server via a network, and the control means 217 controls each of the above means by a predetermined control program, and is composed of a CPU, RAM, ROM, and the like.

FIG. 4 is a diagram for explaining the procedure of initial setting of the encryption key by the management user. The management user means a management department of a contract user (mainly a company) who uses a service provided by this system. That is, a secret encryption key used by a user (general user) who actually performs business using this system is created and secretly distributed to the general user and registered for use on the server. A person who makes arrangements for use. Hereinafter, a description will be given based on the drawings.
First, an administrative user accesses a server of a supplier that provides a service (hereinafter referred to as “this service”) of the encrypted network storage system according to the present invention, and displays an encryption key setting screen (not shown) on the terminal 201. To do. When the management user inputs a secret encryption key (A) freely proposed on the setting screen and executes one-way encryption, the encryption key (A) is one-way encrypted, and the one-way encryption key (A ′) is Generated. The key A ′ is, for example, a hash value (such as SHA-1) or a MAC value of the key A. The key A ′ is stored as a cookie in the storage unit 213 of the terminal 201 and is transmitted to the server, and the MAC value is calculated by the encryption key registration unit 102 of the server, and is registered in the storage device 101 of the server.
At the same time, the key A is reversibly encrypted by the reversible encryption means 215 (becomes a key A ″) and stored in the storage means 213 as part of the cookie information. By decrypting the key A ″ as necessary, it can be displayed on the display as the original key A. Since the key A ″ is stored as a cookie, it is automatically transmitted each time the server is accessed, but is discarded without being used on the server side.
Note that the key A ″ is encrypted with a common key generated from different information for each browser and terminal, and therefore has a different value for each terminal, and cannot be restored to the original key A in other terminals. .

  FIG. 5 is a diagram for explaining a procedure for initial setting of an encryption key by a general user. The general user acquires the secret encryption key (A) that has been proposed and registered by the management user from the management user, and inputs it to the initial setting screen of the terminal 202. The input key A is one-way encrypted, stored as a cookie in the storage unit 213, and transmitted to the server as a key A '. The MAC value of the key A ′ transmitted to the server is calculated by the message authentication means 103 and checked against the MAC value of the key A ′ registered in the storage device 101 in advance. If they do not match, the terminal 202 is notified of the authentication failure. Note that the reversible encryption of the key A is the same as that of the management user, and thus the description thereof is omitted.

FIG. 6 is a diagram for explaining a procedure for uploading to the server in the first embodiment of the present invention.
When the server 100 is accessed from the general user terminal 202, the upload screen is opened, and the data file in the storage means of the terminal 202 is uploaded to the server 100, the key A ′ and the key A ″ are simultaneously uploaded as cookies. For the key A ′ automatically transmitted to the server, the MAC value is calculated by the message authentication means 103, and the MAC value and the MAC value registered in the storage device 101 are collated. The reversible encryption is executed, and the encrypted data file is stored in the storage device 101. The key A ′ is discarded without being stored in the server after encryption. If they do not match, the terminal 202 is notified that the authentication has failed. The automatically transmitted key A ″ is discarded without being used at all by the server.

FIG. 7 is a diagram for explaining a procedure for downloading from the server in the first embodiment of the present invention.
When the general user terminal 202 accesses the server 100, opens the download screen, and transmits the file name of the data file to be downloaded from the terminal 202 to the server 100, the key A ′ and the key A ″ are also transmitted as cookies simultaneously. The For the key A ′ automatically transmitted to the server, the MAC value is calculated by the message authentication means 103, and the MAC value and the MAC value registered in the storage device 101 are collated. After the search in the storage device 101 is performed and the requested data file is extracted, the data file is decrypted with the key A ′, and the decrypted data file is downloaded to the terminal 202. The key A ′ is discarded without being stored in the server after decryption. If they do not match, the terminal 202 is notified that the authentication has failed. The automatically transmitted key A ″ is discarded without being used at all by the server.
In the first embodiment, the file name is not encrypted but only the file data is encrypted. In the second and third embodiments described below, the file name and the file data are separately encrypted with different encryption keys. Is to do. Since there is no plain text file name on the server side, there is no risk of guessing the contents from the file name, and the safety is further improved.

FIG. 8 is a diagram for explaining the uploading procedure to the server in the second embodiment of the present invention. Since the operation on the terminal 202 side is the same as that of the first embodiment, only the operation on the server 100 side will be described. However, the description of the parts common to the first embodiment is omitted.
The key A ′ automatically transmitted from the terminal 202 is input to the encryption key generation means 105, and the file name encryption key and the file data encryption key are generated separately. For example, the file name encryption key and the file data encryption key can be generated separately by rearranging the bit strings of the keys A ′ according to different rules. Alternatively, the key A ′ may be divided into two and each may be hashed.
Using the file name encryption key and the file data encryption key generated as described above, the reversible encryption unit 104 reversibly encrypts the file name and the file data, and stores them in the storage device 101.

FIG. 9 is a diagram for explaining a procedure for downloading from the server according to the second embodiment of the present invention. Since the operation on the terminal 202 side is the same as that of the first embodiment, only the operation on the server 100 side will be described. However, the description of the parts common to the first embodiment is omitted.
When the general user terminal 202 accesses the server 100, opens the download screen, and transmits the file name (plain text) of the data file to be downloaded from the terminal 202 to the server 100, the key A ′ and the key A ″ are also used as cookies. Sent at the same time. The key A ′ automatically transmitted from the terminal 202 is input to the encryption key generation means 105, and the file name encryption key and the file data encryption key are generated separately.
Next, the file name of the data file requested for download is encrypted with the file name encryption key, and the storage device 101 is searched with the encrypted file name, and the corresponding encrypted file data is extracted. To do. The encrypted file data is decrypted using the file data encryption key and downloaded to the terminal 202 as plain file data.

  FIG. 10 is a diagram for explaining a procedure for uploading to a server according to the third embodiment of the present invention. Although the file name and file data are individually encrypted with different encryption keys, this is the same as in the second embodiment, but the file data encryption key is further enhanced by using the extended file data encryption key further strengthened. And a fingerprint (message digest) of the encryption key for extended file data is generated and stored in association with the encrypted file data.

FIG. 11 is a diagram for explaining the procedure for generating the extended file data encryption key and the fingerprint thereof in the third embodiment of the present invention.
An extension file data encryption key is generated by the one-way encryption generation means 107 from the file data encryption key generated from the key A ′ and the extension key manually input from the terminal 202, and the file data is reversibly used by using the generated encryption key. Encrypt. At this time, a fingerprint including a secure hash (for example, SHA-1) is generated by the one-way encryption generation means 107 from a part (for example, half) of the generated extended file data encryption key and a random number generated in the server. The fingerprint is generated together with the random number and stored in the storage device 101 in association with the encrypted file data.

FIG. 12 is a diagram for explaining a procedure for downloading from the server according to the third embodiment of the present invention. The difference from the download operation in the second embodiment is that an extended key is manually input from a terminal when a download request is made.
That is, when an extended key is manually input from the terminal 202 and transmitted to the server 100, an encryption key for extended file data is generated, and a fingerprint and a random number corresponding to the requested file name are read from the storage device 101. It is. A fingerprint is generated from a part of the generated encryption key for extended file data and the read random number, and is compared with the read fingerprint. If they match, it is determined that the manually input extension key is valid, the decryption of the encrypted file data is permitted, and the file data decrypted with the extension file data encryption key is downloaded. On the other hand, if the fingerprints do not match, it is considered that the extended key is invalid, and this is notified to the terminal 202.

100 Web server 101 Storage device (storage)
102 encryption key registration means 103 message authentication means 104 reversible encryption means 105 encryption key generation means 106 random number generation means 107 one-way encryption generation means 108 communication means 109 control means 200 client terminal 201 administrative user terminal 202 general user terminal 211 input Means 212 Display means 213 Storage means 214 One-way encryption generation means 215 Reversible encryption means 216 Communication means 217 Control means 300 Network

Claims (7)

An encryption in which a Web server provided with a storage device and a plurality of user client terminals are communicably connected to each other via a network, and a data file uploaded from the client terminal is reversibly encrypted and stored in the storage device In the network storage system
The client terminal is
Input means;
One-way encryption generating means for generating a one-way encrypted encryption key (hereinafter referred to as “one-way encryption key”) by one-way encryption of a plaintext secret encryption key input by the input means;
Storage means for storing the one-way encryption key;
With
The web server
Message authentication means for detecting the presence or absence of falsification of the one-way encryption key transmitted from the client terminal;
Reversible encryption means for reversibly encrypting the data file using the one-way encryption key, and storing the reversibly encrypted data file in the storage device;
With
The message authentication means calculates a message authentication code (hereinafter referred to as “MAC value”) of the one-way encryption key transmitted from the client terminal, and stores the MAC value and the storage device in advance. The MAC value of the one-way encryption key is checked, and if it matches, the encryption by the reversible encryption means is permitted, and if it does not match, the encryption is not permitted and the client terminal is notified of that,
The one-way cipher generation unit of the client terminal is executed by a Web browser of the client terminal by a script embedded in an HTML file downloaded from the Web server,
The encrypted network storage system, wherein the one-way encryption key is stored in the storage unit as part of cookie information transmitted from the client terminal to the Web server, and is not stored in the Web server. The client terminal is
Reversible encryption means for reversibly encrypting the plaintext secret encryption key and generating a reversibly encrypted secret encryption key;
2. The encrypted network storage system according to claim 1, wherein the reversible encrypted secret encryption key is stored in the storage unit, and the decrypted secret encryption key can be displayed. .   The encrypted network storage system according to claim 1 or 2, wherein the one-way encryption key is automatically transmitted from the cookie of the Web browser to the Web server. The web server is
In order to separately encrypt the file name and file data of the data file, encryption key generation means for generating a file name encryption key and a file data encryption key based on the one-way encryption key, respectively Prepared,
The reversible encryption unit reversibly encrypts the file name and the file data using the file name encryption key and the file data encryption key, respectively, and stores them in the storage device. 4. The encrypted network storage system according to any one of items 1 to 3. The Web server further includes a one-way encryption generation unit, and generates an extension file data encryption key by one-way encryption from the extension key input from the input unit of the client terminal and the file data encryption key. With
5. The encrypted network storage system according to claim 4, wherein the reversible encryption unit reversibly encrypts the file data using the extended file data encryption key and stores the file data in the storage device. The web server further comprises random number generation means,
At the time of upload request of the data file from the client terminal,
From one part of the extended file data encryption key and the random number generated by the random number generation means, a fingerprint is generated by the one-way encryption generation means, and stored together with the random number in the storage device,
At the time of a download request for the data file from the client terminal,
Based on the extended key corresponding to the data file input from the client terminal and the random number read from the storage device, the one-way encryption generation unit regenerates a fingerprint, and the regenerated finger 6. The encrypted network storage system according to claim 5, wherein the print and the fingerprint read from the storage device are collated, and the download of the data file is permitted if they match.   The encrypted network storage system according to claim 1, wherein the one-way encryption generation unit is a hash function.

Images