WO2010038763A1 - Système de gestion d'informations, unité de terminal, dispositif serveur et programme - Google Patents

Système de gestion d'informations, unité de terminal, dispositif serveur et programme Download PDF

Info

Publication number
WO2010038763A1
WO2010038763A1 PCT/JP2009/067004 JP2009067004W WO2010038763A1 WO 2010038763 A1 WO2010038763 A1 WO 2010038763A1 JP 2009067004 W JP2009067004 W JP 2009067004W WO 2010038763 A1 WO2010038763 A1 WO 2010038763A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
user
encryption key
related information
encrypted
Prior art date
Application number
PCT/JP2009/067004
Other languages
English (en)
Japanese (ja)
Inventor
土屋敏子
Original Assignee
株式会社Icon
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 株式会社Icon filed Critical 株式会社Icon
Publication of WO2010038763A1 publication Critical patent/WO2010038763A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/061Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying further key derivation, e.g. deriving traffic keys from a pair-wise master key

Definitions

  • the present invention relates to an information management system, a terminal device, a server device, and a program for storing and managing user-related information (secret information) input from a terminal device in a server device.
  • An object of the present invention is to provide an information management system, a terminal device, a server device, and a program capable of storing and managing user-related information in a safe state while improving user convenience.
  • the information management system of the present invention is an information management system in which a terminal device and a server device are connected.
  • the terminal device An identification information storage unit that stores identification information for identifying a user;
  • An information registration encryption key generation unit that generates an encryption key based on authentication information input when authenticating a user;
  • encrypted user-related information is generated by encrypting the user-related information using the encryption key, and the encrypted user-related information and the identification
  • An information registration encryption processing unit for transmitting information to the server device;
  • An information acquisition encryption key generation unit that generates the encryption key based on the input authentication information when authentication information is input for the purpose of acquiring the encrypted user-related information stored in the server device;
  • a search keyword information generating unit that generates search keyword information for searching for the specified user related information;
  • An information acquisition encryption processing unit for generating encrypted search keyword information by encrypting the search keyword information using the encryption key, and transmitting the encrypted search keyword information and the identification information
  • a user related information storage unit that stores the encrypted user related information in association with the identification information;
  • the encrypted search keyword information and the identification information transmitted from the terminal device are received, the encrypted user related information stored in the user related information storage unit is stored in association with the identification information.
  • a search processing unit that searches and reads encrypted user related information corresponding to the encrypted search keyword information and transmits the information to the terminal device.
  • the terminal device of the present invention includes an identification information storage unit that stores identification information for specifying a user, An information registration encryption key generation unit that generates an encryption key based on authentication information input when authenticating a user;
  • An information registration encryption key generation unit that generates an encryption key based on authentication information input when authenticating a user
  • encrypted user-related information is generated by encrypting the user-related information using the encryption key, and the encrypted user-related information and the identification
  • An information registration encryption processing unit for transmitting information to the server device
  • An information acquisition encryption key generation unit that generates the encryption key based on the input authentication information when authentication information is input for the purpose of acquiring the encrypted user-related information stored in the server device
  • a search keyword information generating unit that generates search keyword information for searching for the specified user related information
  • An information acquisition encryption processing unit for generating encrypted search keyword information by encrypting the search keyword information using the encryption key, and transmitting the encrypted search keyword information and the identification information to the server device;
  • the server device of the present invention when receiving the encrypted user related information and the identification information transmitted from the terminal device, a user related information storage unit that stores the encrypted user related information in association with the identification information; , When the encrypted search keyword information and the identification information transmitted from the terminal device are received, the encrypted user related information stored in the user related information storage unit is stored in association with the identification information. And a search processing unit that searches and reads encrypted user related information corresponding to the encrypted search keyword information and transmits the information to the terminal device.
  • the program of the present invention is a program for causing a computer to execute processing executed in an information management system in which a terminal device and a server device are connected.
  • An information registration encryption key generation step for generating an encryption key based on authentication information input when authenticating the user;
  • encrypted user-related information is generated by encrypting the user-related information using the encryption key, and the encrypted user-related information and the user are
  • Information registration encryption processing step for transmitting identification information for specifying from the terminal device to the server device;
  • An information acquisition encryption key generation step for generating the encryption key based on the input authentication information when authentication information is input for the purpose of acquiring the encrypted user-related information stored in the server device;
  • a search keyword information generating step for generating search keyword information for searching
  • Another program of the present invention is a program for causing a computer to execute processing executed in a terminal device connected to a server device.
  • An information registration encryption key generation step for generating an encryption key based on authentication information input when authenticating the user;
  • encrypted user-related information is generated by encrypting the user-related information using the encryption key, and the encrypted user-related information and the user are
  • An information registration encryption processing step for transmitting identification information for identification to the server device;
  • An information acquisition encryption key generation step for generating the encryption key based on the input authentication information when authentication information is input for the purpose of acquiring the encrypted user-related information stored in the server device;
  • a search keyword information generating step for generating search keyword information for searching for the specified user related information; Encrypting the search keyword information using the encryption key to generate encrypted search keyword information, and transmitting the encrypted search keyword information and the identification information to the server device;
  • Another program of the present invention is a program for causing a computer to execute processing executed in a server device connected to a terminal device, When receiving the encrypted user related information and identification information transmitted from the terminal device, an encrypted user related information storage step for storing the encrypted user related information in association with the identification information; When the encrypted search keyword information and the identification information transmitted from the terminal device are received, the encrypted search keyword information is stored in association with the identification information from the stored encrypted user related information, and the encrypted search keyword A search processing step of searching for encrypted user-related information corresponding to the information, reading it, and transmitting it to the terminal device is executed by a computer.
  • another information management system of the present invention is an information management system in which a terminal device and a server device are connected.
  • the terminal device An identification information storage unit for storing identification information for specifying a user and individual identification information unique to the terminal device;
  • An authentication processing unit that performs authentication processing based on authentication information input when authenticating the user;
  • the server device When registering user-related information, the authentication information, the identification information, the individual identification information, and user-related information that is information related to the user are transmitted to the server device, and the user-related information stored in the server device
  • a transmission unit that transmits the identification information and the individual identification information to the server device;
  • the server device A first encryption key generation unit that generates a first encryption key based on the authentication information transmitted from the terminal device;
  • a first encryption unit that encrypts the user related information transmitted from the terminal device with the first encryption key to generate encrypted user related information;
  • a second encryption key generation unit for information registration for generating a second encryption key based on the individual identification information transmitted from the terminal device;
  • a second decryption unit Encrypted user-related information decrypted by the second decryption unit using the first encryption key stored in the user-related information storage unit in association with the identification information transmitted from the terminal device And a first decoding unit that generates user-related information to be acquired and transmits it to the terminal device.
  • another server device of the present invention includes a first encryption key generation unit that generates a first encryption key based on authentication information transmitted from the terminal device; A first encryption unit that encrypts user-related information transmitted from the terminal device with the first encryption key to generate encrypted user-related information; A second encryption key generation unit for information registration for generating a second encryption key based on the individual identification information transmitted from the terminal device; A second encryption unit that re-encrypts the encrypted user-related information encrypted in the first encryption unit with the second encryption key; A user-related information storage unit that stores the re-encrypted user-related information and the first encryption key in association with the identification information transmitted from the terminal device; When receiving the identification information and the individual identification information transmitted from the terminal device for the purpose of obtaining user-related information, the re-encrypted user-related information stored in the user-related information storage unit A search processing unit that searches and reads out the re-encrypted user-related information stored in association with the identification information, and a second encryption based on the individual identification information transmitted from
  • a second decryption unit Encrypted user-related information decrypted by the second decryption unit using the first encryption key stored in the user-related information storage unit in association with the identification information transmitted from the terminal device And a first decoding unit that generates user-related information to be acquired and transmits it to the terminal device.
  • another program of the present invention is a program for causing a computer to execute processing executed in a server device connected to a terminal device, A first encryption key generation step of generating a first encryption key based on authentication information transmitted from the terminal device; A first encryption step of encrypting the user related information transmitted from the terminal device with the first encryption key to generate encrypted user related information; A second encryption key generation step for information registration for generating a second encryption key based on the individual identification information transmitted from the terminal device; A second encryption step of re-encrypting the encrypted user-related information encrypted in the first encryption step with the second encryption key; A user-related information storage step for storing the re-encrypted user-related information and the first encryption key in association with the identification information transmitted from the terminal device; When receiving the identification information and the individual identification information transmitted from the terminal device for the purpose of obtaining user-related information, the re-encrypted user-related information stored in the user-related information storage unit A search processing step for searching and reading out the re-encrypted user-related information
  • a second decoding step Using the first encryption key stored in association with the identification information transmitted from the terminal device, the decrypted encrypted user-related information is further decrypted to generate user-related information to be acquired. Causing the computer to execute a first decoding step to be transmitted to the terminal device.
  • another information management system of the present invention is an information management system in which a terminal device and a server device are connected.
  • the terminal device An identification information storage unit for storing identification information for specifying a user and individual identification information unique to the terminal device;
  • An authentication processing unit that performs authentication processing based on authentication information input when authenticating the user;
  • When registering user-related information, the authentication information, the identification information, the individual identification information, and user-related information that is information related to the user are transmitted to the server device, and the user-related information stored in the server device
  • a transmission unit that transmits the authentication information, the identification information, and the individual identification information to the server device;
  • the server device An information registration first encryption key generation unit that generates a first encryption key based on the authentication information transmitted from the terminal device;
  • a first encryption unit that encrypts the user related information transmitted from the terminal device with the first encryption key to generate encrypted user related information;
  • a second encryption key generation unit for information registration for generating a second encryption key based on the individual identification information transmitted
  • a second encryption key generation unit for information acquisition for generating a second encryption key;
  • An information acquisition first encryption key generation unit that generates a first encryption key based on the authentication information transmitted from the terminal device;
  • the re-encrypted user related information read out by the search processing unit is decrypted with the second encryption key generated by the second information acquisition key generation unit to generate encrypted user related information.
  • a second decryption unit User-related information to be acquired by further decrypting the encrypted user-related information decrypted by the second decryption unit with the first encryption key generated by the first information-acquisition key generation unit And a first decoding unit that transmits the data to the terminal device.
  • another server device of the present invention includes an information registration first encryption key generation unit that generates a first encryption key based on authentication information transmitted from the terminal device, A first encryption unit that encrypts user-related information transmitted from the terminal device with the first encryption key to generate encrypted user-related information; A second encryption key generation unit for information registration for generating a second encryption key based on the individual identification information transmitted from the terminal device; A second encryption unit that re-encrypts the encrypted user-related information encrypted in the first encryption unit with the second encryption key; A user-related information storage unit that stores the re-encrypted user-related information in association with the identification information transmitted from the terminal device; When receiving the authentication information, the identification information and the individual identification information transmitted from the terminal device for the purpose of acquiring user related information, the re-encrypted information stored in the user related information storage unit is received.
  • a second encryption key generation unit for information acquisition for generating a second encryption key;
  • An information acquisition first encryption key generation unit that generates a first encryption key based on the authentication information transmitted from the terminal device;
  • the re-encrypted user related information read out by the search processing unit is decrypted with the second encryption key generated by the second information acquisition key generation unit to generate encrypted user related information.
  • a second decryption unit User-related information to be acquired by further decrypting the encrypted user-related information decrypted by the second decryption unit with the first encryption key generated by the first information-acquisition key generation unit And a first decoding unit for transmitting to the terminal device.
  • another program of the present invention is a program for causing a computer to execute processing executed in a server device connected to a terminal device, A first encryption key generation step for information registration for generating a first encryption key based on the authentication information transmitted from the terminal device; A first encryption step of encrypting the user related information transmitted from the terminal device with the first encryption key to generate encrypted user related information; A second encryption key generation step for information registration for generating a second encryption key based on the individual identification information transmitted from the terminal device; A second encryption step of re-encrypting the encrypted user-related information encrypted in the first encryption step with the second encryption key; A user-related information storage step of storing the re-encrypted user-related information in association with the identification information transmitted from the terminal device; When receiving the authentication information, the identification information and the individual identification information transmitted from the terminal device for the purpose of acquiring user related information, the re-encrypted information stored in the user related information storage unit is received.
  • a second encryption key generation step for obtaining information to generate a second encryption key;
  • a first encryption key generation step for information acquisition for generating a first encryption key based on the authentication information transmitted from the terminal device;
  • the re-encrypted user-related information read in the search processing step is decrypted with the second encryption key generated in the information acquisition second encryption key generation step to generate encrypted user-related information.
  • a second decoding step Using the first encryption key generated in the information acquisition first encryption key generation step, the decrypted encrypted user-related information is further decrypted to generate user-related information to be acquired and stored in the terminal device. Causing the computer to execute the first decoding step to be transmitted.
  • the information management system terminal device, server device, and program of the present invention, it is possible to store and manage user-related information in a safe state while improving user convenience.
  • FIG. 1 shows a configuration of an information management system 10 according to the first exemplary embodiment of the present invention.
  • the information management system 10 is a system for realizing a secret information management service for managing secret information (user related information) of a contracted user.
  • the mobile phone 20 and the server device 30 are connected by a network 300. It becomes the composition.
  • the mobile phone 20 and the server device 30 are connected by a plurality of networks such as a mobile communication network and the Internet.
  • the plurality of networks are represented by a single network 300. To do.
  • the mobile phone 20 and the server device 30 are each configured by a storage device such as a CPU, a memory, and a hard disk drive (HDD), a communication interface device, a user interface device, and the like.
  • CPU controls operation
  • the functional configuration of the mobile phone 20 realized by executing the control program is shown in the block diagram of FIG. 2, and the functional configuration of the server device 30 is shown in the block diagram of FIG.
  • the storage unit 60 of the mobile phone 20 corresponding to the identification information storage unit stores identification information (individual identification number) unique to the mobile phone 20 in advance.
  • the control unit 40 stores the password in the storage unit 60 and registers the password.
  • this authentication information may use, for example, a character selection, a color selection, a character name, a favorite word, or a combination thereof instead of a password.
  • the case where the individual identification number unique to the mobile phone 20 is used as the identification information is described.
  • user identification information such as a user ID for identifying the user is used as the identification information. Is also possible.
  • the control unit 40 uses the input password.
  • the password is given to the authentication processing unit 80 as an input password.
  • the control unit 40 reads the password stored and registered in the storage unit 60 and provides the read password to the authentication processing unit 80 as a registered password.
  • the authentication processing unit 80 performs an authentication process by comparing the input password and the registered password. If the input password matches the registered password and the authentication is successful, the authentication processing unit 80 notifies the control unit 40 that the authentication is successful and causes the next processing to be executed.
  • the authentication processing unit 80 notifies the control unit 40 that the authentication has failed.
  • the control unit 40 prompts the user to input a password again by displaying a display screen indicating that the authentication has failed on the display unit 160.
  • the authentication processing unit 80 notifies the control unit 40 when the number of failed authentications exceeds a predetermined number. In this case, the control unit 40 invalidates an input operation performed thereafter, assuming that a third party other than the user having the mobile phone 20 is trying to use it illegally.
  • the control unit 40 reads the identification information and the registered password from the storage unit 60 and gives them to the encryption key generation unit 70.
  • the encryption key generation unit 70 operates as an information registration encryption key generation unit, generates an encryption key based on the identification information and the registration password, and gives this to the temporary storage unit 65 via the control unit 40.
  • the encryption key is temporarily stored in the temporary storage unit 65.
  • a hash function is used to calculate a hash value by performing a hash operation on a character string including identification information and a registered password. A method in which this hash value is used as an encryption key can be used.
  • the encryption key generation unit 70 generates the encryption key based on the identification information and the authentication information (registered password).
  • the encryption key can be generated from any character string.
  • the encryption key may be generated based only on either the identification information or the authentication information.
  • the encryption key generation unit 70 may generate an encryption key using information that is different for each user and cannot be known by others, other than authentication information and identification information.
  • the control unit 40 Is stored in the temporary storage unit 65.
  • the secret information include financial information including a bank cash card PIN, an address book, an address book, an e-mail, a schedule book, a diary, an insurance card number, and an image such as a photograph taken by the camera 150.
  • the control unit 40 reads the encryption key and secret information from the temporary storage unit 65 and gives them to the encryption processing unit 100.
  • the encryption processing unit 100 operates as an information registration encryption processing unit together with the control unit 40, encrypts secret information using an encryption key, and controls the obtained encrypted secret information (that is, encrypted user related information). Part 40 is given. Thereafter, the control unit 40 erases the encryption key and secret information stored in the temporary storage unit 65.
  • the secret information when the secret information includes character information, a portion of the secret information that does not need to be encrypted (that is, a character string to be encrypted) is selected in advance as a keyword. Keep it. Then, this pre-selected keyword is extracted from the secret information. Examples of this keyword include “@”, “ ⁇ ”, “sama”, “san”, “chan”, “sha”, “ha”, “number”, “etc.”.
  • search method for searching for a keyword there are a first search method for searching all the keywords selected in advance and a second search method for searching after selecting a keyword according to the type of character information. is there.
  • the confidential information is financial information including a bank card PIN
  • the bank is selected as a keyword
  • the confidential information is an address book.
  • “town” and “number” are selected as keywords.
  • the secret information is an address book
  • “@”, “ ⁇ ” and “.” are selected as keywords
  • the secret information is an e-mail.
  • “sama”, “san”, “chan”, “company”, and “ha” are selected as keywords.
  • At least one character string located before the keyword is extracted from the secret information, and only the extracted character string is encrypted. For example, when a part of the confidential information is “patent Taro”, only “Taro” is encrypted.
  • the secret information is image information and the image information includes a face image
  • an “eye” portion is extracted from the image information, and the Only the extracted “eye” part is encrypted.
  • the confidential information is voice information
  • one voice part of “Fa” or “do”, “le”, and “mi” are selected from the voice information. Are extracted, and only the extracted voice information is encrypted.
  • a character string of at least one character located before the keyword is extracted from the secret information.
  • the secret information has English information, keywords such as “Hi”, “From”, “Name”, “To”, When "E-mail”, "tel”, “Dear”, “ID”, etc. are selected in advance and the pre-selected keyword is extracted from the secret information, It is also possible to extract a character string of at least one character located thereafter and encrypt only the extracted character string. In short, it is only necessary to encrypt at least one character string located before or after the keyword.
  • the control unit 40 reads the identification information unique to the mobile phone 20 from the storage unit 60, and sends the encryption secret information and the identification information to the transmission / reception processing unit. It transmits to the server apparatus 30 via 110 and the antenna 120.
  • the reception processing unit 170 of the server device 30 When receiving the encrypted secret information and the identification information transmitted from the mobile phone 20, the reception processing unit 170 of the server device 30 gives the encrypted secret information and the identification information to the storage unit 180, thereby encrypting the secret information. Is associated with the identification information and stored in the storage unit 180 as a user-related information storage unit.
  • the server apparatus 30 stores and manages the encrypted secret information in the storage unit 180 for each user.
  • the control unit 40 gives the input password to the authentication processing unit 80 as an input password.
  • the control unit 40 reads the password stored and registered in the storage unit 60 and provides the read password to the authentication processing unit 80 as a registered password.
  • the authentication processing unit 80 performs an authentication process by comparing the input password and the registered password. If the input password matches the registered password and the authentication is successful, the authentication processing unit 80 notifies the control unit 40 that the authentication is successful and causes the next processing to be executed.
  • the authentication processing unit 80 notifies the control unit 40 that the authentication has failed.
  • the control unit 40 prompts the user to input a password again by displaying a display screen indicating that the authentication has failed on the display unit 160.
  • the authentication processing unit 80 notifies the control unit 40 when the number of failed authentications exceeds a predetermined number. In this case, the control unit 40 invalidates an input operation performed thereafter, assuming that a third party other than the user having the mobile phone 20 is trying to use it illegally.
  • the control unit 40 reads the identification information and the password from the storage unit 60 and gives them to the encryption key generation unit 70.
  • the encryption key generation unit 70 operates as an information acquisition encryption key generation unit, generates an encryption key based on these identification information and password, and gives this to the temporary storage unit 65 via the control unit 40, thereby The key is temporarily stored in the temporary storage unit 65.
  • the control unit 40 operates as a search keyword information generation unit, and generates search keyword information for searching for the selected encrypted secret information.
  • the control unit 40 selects “Address Book” or “Patent” according to the user's input operation. “Taro" is generated as search keyword information.
  • control unit 40 reads the encryption key from the temporary storage unit 65 and gives it to the encryption processing unit 100.
  • the encryption processing unit 100 operates as an information acquisition encryption processing unit together with the control unit, encrypts the search keyword information using an encryption key, and provides the obtained encrypted search keyword information to the control unit 40.
  • the control unit 40 When the encrypted search keyword information is given from the encryption processing unit 100, the control unit 40 reads the identification information unique to the mobile phone 20 from the storage unit 60, and sends the encrypted search keyword information and the identification information to the transmission / reception processing unit. It transmits to the server apparatus 30 via 110 and the antenna 120.
  • the reception processing unit 170 of the server device 30 When the reception processing unit 170 of the server device 30 receives the encrypted search keyword information and the identification information transmitted from the mobile phone 20, the reception processing unit 170 gives the encrypted search keyword information and the identification information to the search processing unit 190.
  • the search processing unit 190 searches for the encrypted secret information stored in association with the identification information from the encrypted secret information stored in the storage unit 180, so that the user who owns the mobile phone 20 Search for encrypted secret information. Subsequently, the search processing unit 190 reads out the encrypted secret information to be acquired that matches all or a part of the encrypted search keyword information from the searched encrypted secret information, and transmits it to the transmission processing unit. The data is transmitted to the mobile phone 20 via 200.
  • the search processing unit 190 stores the encrypted secret information to be acquired that is stored in association with the identification information from the encrypted secret information stored in the storage unit 180 and that corresponds to the encrypted search keyword information.
  • the data is retrieved and read, and is transmitted from the server device 30 to the terminal device 20.
  • the transmission / reception processing unit 110 of the mobile phone 20 When the transmission / reception processing unit 110 of the mobile phone 20 receives the encrypted secret information to be acquired transmitted from the server device 30, the transmission / reception processing unit 110 gives the encrypted secret information to the control unit 40.
  • the control unit 40 provides the encrypted secret information to the decryption processing unit 90, reads the encryption key from the temporary storage unit 65, and provides the read encryption key to the decryption processing unit 90.
  • the decryption processing unit 90 generates the acquisition target secret information by decrypting the acquisition target encrypted secret information using the encryption key. Then, the decryption processing unit 90 outputs the secret information to be acquired to the display unit 160 via the control unit 40, thereby displaying a display screen corresponding to the secret information and outputting it to the outside. Thereafter, the control unit 40 erases the encryption key stored in the temporary storage unit 65.
  • FIG. 4 shows a secret information registration processing procedure RT10 according to the present embodiment.
  • the process proceeds to step SP10 where the user operates the input unit 50 of the mobile phone 20 to input a password.
  • the control unit 40 causes the authentication processing unit 80 to perform authentication processing.
  • step SP30 when the control unit 40 determines that the user authentication is successful, the control unit 40 proceeds to step SP40 and causes the encryption key generation unit 70 to generate an encryption key.
  • step SP50 when the user operates the input unit 50 to input the secret information, the process proceeds to step SP60, and the control unit 40 controls the operation of the encryption processing unit 100 to thereby obtain the secret information using the encryption key. Encrypt.
  • step SP70 the control unit 40 transmits the encrypted secret information and the identification information to the server device 30, and then proceeds to step SP80 to associate the encrypted secret information with the identification information in the storage unit 180 of the server device 30.
  • step SP80 the process proceeds to step SP90, and the secret information registration processing procedure RT10 is terminated.
  • step SP30 if the control unit 40 determines that user authentication has failed, the control unit 40 proceeds to step SP100 and determines whether the number of authentication failures has exceeded a predetermined number.
  • step SP100 If it is determined in step SP100 that the number of authentication failures has exceeded the predetermined number, the control unit 40 moves to step SP110 and invalidates the user input operation performed thereafter.
  • step SP100 when it is determined in step SP100 that the number of authentication failures does not exceed the predetermined number, the control unit 40 returns to step SP10 and displays a display screen indicating that the authentication has failed. Is displayed on the display unit 160, and the above process is repeated by prompting the user to input the password again.
  • FIG. 5 shows a secret information acquisition processing procedure RT20 according to the present embodiment.
  • the process proceeds to step SP200, where the user operates the input unit 50 of the mobile phone 20 to input a password.
  • the control unit 40 causes the authentication processing unit 80 to perform authentication processing.
  • step SP220 when the control unit 40 determines that the user authentication is successful, the control unit 40 proceeds to step SP230 and causes the encryption key generation unit 70 to generate an encryption key.
  • step SP240 when the user operates the input unit 50, selects confidential information to be acquired, and generates search keyword information, the process proceeds to step SP250, and the control unit 40 controls the operation of the encryption processing unit 100.
  • the search keyword information is encrypted using the encryption key.
  • step SP260 the control unit 40 transmits the identification information and the encrypted search keyword information to the server device 30, and then proceeds to step SP270 to control the operation of the search processing unit 190, thereby identifying the identification information and the encrypted search.
  • the encrypted secret information to be acquired is retrieved from the encrypted secret information stored in the storage unit 180, and the retrieved encrypted secret information is transmitted to the mobile phone 20.
  • step SP280 when the transmission / reception processing unit 110 receives the encrypted secret information to be acquired transmitted from the server device 30, the control unit 40 proceeds to step SP290 and controls the operation of the decryption processing unit 90.
  • the encrypted secret information to be acquired is decrypted using the encryption key.
  • step SP300 the control unit 40 displays a display screen corresponding to the secret information on the display unit 160, thereby notifying the user of the secret information. Then, the process proceeds to step SP310, and the secret information acquisition processing procedure RT20 is terminated.
  • step SP220 when the control unit 40 determines that user authentication has failed, the control unit 40 proceeds to step SP320 and determines whether the number of authentication failures has exceeded a predetermined number.
  • step SP320 If it is determined in step SP320 that the number of authentication failures has exceeded a predetermined number, the control unit 40 moves to step SP330 and invalidates the user input operation performed thereafter.
  • step SP320 determines whether the number of authentication failures does not exceed the predetermined number. If it is determined in step SP320 that the number of authentication failures does not exceed the predetermined number, the control unit 40 returns to step SP200 and displays a display screen indicating that the authentication has failed. Is displayed on the display unit 160, and the above process is repeated by prompting the user to input the password again.
  • FIG. 6 is a sequence chart showing a secret information registration processing procedure according to this embodiment
  • FIG. 7 is a sequence chart showing a secret information acquisition processing procedure according to this embodiment.
  • step S301 When the user operates the input unit 50 of the mobile phone 20 to input a password (authentication information) (step S301), authentication processing is executed in the authentication processing unit 80 (step S302). If it is determined in this authentication process that the user has a legitimate authority, the encryption key generator 70 generates an encryption key from the password and the identification information (step S303).
  • step S304 When secret information (user-related information) to be managed by the server device 30 is input (step S304), the encryption processing unit 100 encrypts the secret information with the generated encryption key ( Step S305). Then, the authentication information, secret information, and encryption key are discarded from the mobile phone 20 (step S306).
  • the identification information and the encrypted secret information are transferred from the mobile phone 20 to the server device 30 (step S307) and stored in the storage unit 180 of the server device 30 (step S308).
  • step S401 authentication processing is executed in the authentication processing unit 80 (step S402). If it is determined in this authentication process that the user has a legitimate authority, the encryption key generation unit 70 generates an encryption key from the password and identification information (step S403).
  • search keyword information for searching for secret information to be acquired by the user is input by operating the input unit 50 (step S404), the search keyword information is encrypted by the encryption processing unit 100 ( Step S405).
  • the encrypted search keyword information is transmitted from the cellular phone 20 to the server device 30 together with the identification information (step S406). Then, the search processing unit 190 of the server device 30 searches the storage unit 180 using the encrypted search keyword information and the identification information, thereby searching for the encrypted secret information that the user intends to acquire (step S407). The retrieved encrypted secret information is transmitted from the server device 30 to the mobile phone 20 (step S408).
  • the terminal device 20 that has received the encrypted secret information from the server device 30 performs a decryption process on the encrypted secret information received by the decryption processing unit 220 (step S409), and the obtained secret information is displayed on the display unit 160. Is displayed (step S410).
  • the secret information is encrypted and stored in the server device 30, and an encryption key is generated every time the user tries to acquire the secret information.
  • the encrypted secret information is decrypted by using the encryption key in the terminal device 20, so that the secret information can be stored and managed in a safe state while improving the user-friendliness. .
  • the encryption key is generated based on information different for each user, such as a password and identification information. Therefore, the encrypted secret information is stored for each user. It is encrypted with a different encryption key. For this reason, even if the encrypted secret information leaks, a malicious third party cannot obtain the secret information without obtaining the encryption key for each user. As a result, according to the information management system 10 of the present embodiment, it is possible to improve the safety as compared with the case where the secret information is encrypted and managed with one encryption key common to a plurality of users.
  • this encryption key is generated every time secret information is registered or acquired, and is discarded when the processing is completed, and does not exist in any system. Therefore, even a system administrator cannot decrypt the encrypted secret information, and can securely manage the secret information.
  • the encrypted secret information registered in the server device 30 is discarded from the mobile phone 20, so that the secret information is stored in the mobile phone 20 even in an encrypted state. not exist. Therefore, even if the user loses the mobile phone 20, the confidential information cannot be leaked to others.
  • the user can register and view the secret information without performing a complicated operation only by entering the password and receiving authentication. It can be carried out. Therefore, according to the present embodiment, it is possible to realize safe management of secret information without deteriorating user convenience.
  • control unit 40 of the mobile phone 20 stores the encrypted secret information generated by the encryption processing unit 100 in the storage unit 60. Further, the control unit 40 reads the encryption key from the temporary storage unit 65 and also reads the identification information from the storage unit 60, and transmits the encryption key and the identification information to the server device 30 via the transmission / reception processing unit 110 and the antenna 120. To do.
  • the reception processing unit 170 of the server device 30 gives the encryption key to the encryption processing unit 210 that operates as the server device storage unit together with the storage unit 180. At the same time, identification information is given to the storage unit 180.
  • the encryption processing unit 210 encrypts the encryption key and stores the encrypted encryption key in the storage unit 180 in association with the identification information.
  • the control unit 40 causes the authentication processing unit 80 to perform authentication processing.
  • control unit 40 operates as a read processing unit.
  • the control unit 40 reads the identification information from the storage unit 60 and transmits the identification information to the transmission / reception processing unit 110 and the antenna 120. Is transmitted to the server device 30 via.
  • the reception processing unit 170 of the server device 30 gives this identification information to the search processing unit 190.
  • the search processing unit 190 operates as a search processing unit together with the decryption processing unit 220, searches for an encrypted encryption key stored in association with the identification information in the storage unit 180, and searches the decryption processing unit 220. To give.
  • the decryption processing unit 220 decrypts the encrypted encryption key and transmits the obtained encryption key to the mobile phone 20 via the transmission processing unit 200.
  • the transmission / reception processing unit 110 of the mobile phone 20 When the transmission / reception processing unit 110 of the mobile phone 20 receives the encryption key transmitted from the server device 30, the transmission / reception processing unit 110 gives it to the control unit 40.
  • the control unit 40 provides the encryption key to the decryption processing unit 90, reads the encrypted secret information from the storage unit 60, and provides the read encrypted secret information to the decryption processing unit 90.
  • the decryption processing unit 90 decrypts the encrypted secret information using the encryption key, and provides the obtained secret information to the display unit 160 via the control unit 40, thereby displaying a display screen corresponding to the secret information. .
  • the password is set.
  • the authentication process may be performed by inputting and specifying a mobile phone number, date of birth, character, and the like.
  • the control unit 40 uses these as registration authentication information. Then, the data is transmitted to the server device 30 via the transmission / reception processing unit 110 and the antenna 120.
  • the reception processing unit 170 of the server device 30 gives the authentication processing unit 230 and stores it.
  • the control unit 40 transmits these as input authentication information to the server device 30 via the transmission / reception processing unit 110 and the antenna 120.
  • the reception processing unit 170 of the server device 30 When the reception processing unit 170 of the server device 30 receives the encrypted input authentication information transmitted from the mobile phone 20, the reception processing unit 170 gives this to the authentication processing unit 230.
  • the authentication processing unit 230 performs authentication processing by comparing the given encrypted input authentication information with the encryption registration authentication information stored in advance.
  • the authentication processing unit 230 sends authentication success information indicating that the authentication is successful via the transmission processing unit 200.
  • the data is transmitted to another person's mobile phone 20 in use.
  • the transmission / reception processing unit 110 of the mobile phone 20 When the transmission / reception processing unit 110 of the mobile phone 20 receives the authentication success information transmitted from the server device 30, the transmission / reception processing unit 110 gives this to the control unit 40. In this case, the control unit 40 causes the user to execute the next process by displaying a display screen indicating that the authentication is successful on the display unit 160.
  • the authentication processing unit 230 sends authentication failure information indicating that the authentication has failed via the transmission processing unit 200. To the other person's mobile phone 20 in use.
  • the transmission / reception processing unit 110 of the mobile phone 20 When the transmission / reception processing unit 110 of the mobile phone 20 receives the authentication failure information transmitted from the server device 30, the transmission / reception processing unit 110 gives this to the control unit 40. In this case, the control unit 40 displays a display screen indicating that the authentication has failed on the display unit 160, and invalidates an input operation performed thereafter.
  • the encryption key is generated in the terminal device 20, but in the information management system of the present embodiment, the encryption key is generated on the server device 30 side.
  • the server device 30 in the present embodiment is greatly different from the first embodiment in that an encryption key generation unit corresponding to the encryption key generation unit 70 in FIG. 2 is provided.
  • the identification information in the present embodiment will be described as user identification information for identifying a user such as a so-called user ID.
  • the transmission / reception processing unit 110 in the terminal device 20 of the present embodiment functions as a transmission unit, and when registering secret information, the password, identification information, individual identification number (individual identification information), and secret information are stored in the server device 30.
  • the password is input for the purpose of acquiring the secret information stored in the server device 30, the identification information and the individual identification number are transmitted to the server device 30.
  • the encryption key generation unit in the server device 30 of the present embodiment transmits the first encryption key generation unit that generates the first encryption key based on the password transmitted from the terminal device 20 and the terminal device 20.
  • a second encryption key generation unit for information registration for generating a second encryption key based on the individual identification number that has been generated, and a second encryption key based on the individual identification number transmitted from the terminal device 20 And an information acquisition second encryption key generation unit.
  • the encryption processing unit 210 in the server device 30 of the present embodiment encrypts the secret information transmitted from the terminal device 20 with the first encryption key and generates the encrypted secret information. And a second encryption unit that re-encrypts the encrypted secret information encrypted by the first encryption unit with the second encryption key.
  • the storage unit 180 in the server device 30 of the present embodiment functions as a user-related information storage unit, and the re-encrypted secret information and the first encryption key are sent to the identification information transmitted from the terminal device 2. Store in association with each other.
  • the search processing unit 190 in the server device 30 of the present embodiment receives the identification information and the individual identification number transmitted from the terminal device 20 for the purpose of acquiring secret information
  • the search processing unit 190 is stored in the storage unit 180.
  • the re-encrypted secret information stored in association with the identification information is retrieved from the re-encrypted secret information.
  • the decryption processing unit 220 in the server device 30 uses the second encryption key generation unit for acquiring the re-encrypted user-related information read by the search processing unit.
  • a second decryption unit that generates encrypted secret information by decrypting with the encryption key and a first encryption key stored in the storage unit 180 in association with the identification information transmitted from the terminal device 20 From the first decryption unit that further decrypts the encrypted secret information decrypted by the second decryption unit to generate the secret information to be acquired and transmits it to the terminal device 20 by the transmission processing unit 200 Composed.
  • FIG. 8 is a sequence chart showing a secret information registration processing procedure according to this embodiment
  • FIG. 9 is a sequence chart showing a secret information acquisition processing procedure according to this embodiment.
  • step S501 When the user operates the input unit 50 of the mobile phone 20 to input a password (authentication information) (step S501), the authentication processing unit 80 executes an authentication process (step S502).
  • the secret information (user related information) to be managed by the server device 30 is input to the mobile phone 20 (step S503), the password, the identification information, the secret information, and the individual identification number are transferred from the terminal device 20 to the server. It is transmitted to the device 30 (step S504).
  • the individual identification number is a number different from the telephone number, and is a unique number allocated to each mobile phone terminal device.
  • the individual identification number is automatically acquired by the server device 30.
  • the server device 30 that has received the information from the mobile phone 20 generates a first encryption key from the received password (step S505), and encrypts the secret information with the generated first encryption key (step S506). ).
  • the server device 30 generates a second encryption key from the received individual identification number (step S507), and re-encrypts the secret information encrypted with the generated second encryption key (step S508).
  • the server device 30 discards the individual identification number, the second encryption key, and the password (step S509). Finally, the re-encrypted secret information and the first encryption key are associated with the identification information. Stored (step S510).
  • step S601 When the user operates the input unit 50 of the mobile phone 20 to input a password (authentication information) (step S601), the authentication processing unit 80 executes an authentication process (step S602). Then, the identification information and the individual identification number are transmitted from the terminal device 20 to the server device 30 (step S603).
  • the server device 30 that has received the information from the cellular phone 20 generates a second encryption key from the received individual identification number (step S604), and is re-encrypted using the generated second encryption key.
  • the secret information is decrypted (step S605).
  • a first encryption key corresponding to this user is searched (step S606), and the secret encrypted using the searched first encryption key.
  • the information is decrypted (step S607).
  • the non-encrypted secret information obtained in this way is transmitted from the server device 30 to the mobile phone 20 (step S608) and displayed on the display unit 160 of the mobile phone 20 (step S609).
  • the secret information transmitted from the mobile phone 20 to the server device 30 is encrypted with the first encryption key generated based on the authentication information and based on the individual identification number.
  • the second encryption key generated in this way is re-encrypted and stored. Then, the individual identification number and the second encryption key are discarded from the server device 30. Therefore, there is no information in the server device 30 for decrypting the re-encrypted secret information, and even the system administrator cannot know the contents of the secret information, and the secret information is safely stored. Can be managed.
  • the secret information is encrypted twice with the two different encryption keys, the first and second encryption keys, and stored, there is a possibility of leakage to a third party.
  • the secret information can be safely managed at a low level.
  • the user can register and browse the confidential information without performing any complicated operation just by entering the password and receiving authentication. Therefore, according to the present embodiment, it is possible to realize safe management of secret information without deteriorating user convenience.
  • the first encryption key is stored on the server device 30 side after encrypting the secret information.
  • the server device 30 is configured to encrypt the secret information. The first encryption key is discarded, and the first encryption key is generated every time the encrypted secret information is decrypted.
  • the transmission / reception processing unit 110 in the terminal device 20 of the present embodiment functions as a transmission unit, and when registering secret information, the password, identification information, individual identification number (individual identification information), and secret information are stored in the server device 30.
  • a password is input for the purpose of acquiring secret information stored in the server device 30, the input password, identification information, and individual identification number are transmitted to the server device 30.
  • the encryption key generation unit in the server device 30 of the present embodiment includes an information registration first encryption key generation unit, an information registration second encryption key generation unit, and an information acquisition first encryption key generation unit. And a second encryption key generation unit for information acquisition.
  • the first encryption key generation unit for information registration and the first encryption key generation unit for information acquisition generate a first encryption key based on the password transmitted from the terminal device 20.
  • the second encryption key generation unit for information registration and the second encryption key generation unit for information acquisition generate a second encryption key based on the individual identification number transmitted from the terminal device 20.
  • the decryption processing unit 220 in the server device 30 uses the second encryption key generation unit for acquiring the re-encrypted user-related information read by the search processing unit.
  • the decrypted encrypted secret information is further decrypted to generate acquisition-target secret information, and is transmitted to the terminal device 20 by the transmission processing unit 200, and includes a first decryption unit.
  • FIG. 10 is a sequence chart showing a secret information registration processing procedure according to this embodiment
  • FIG. 11 is a sequence chart showing a secret information acquisition processing procedure according to this embodiment.
  • step S701 When the user operates the input unit 50 of the mobile phone 20 to input a password (authentication information) (step S701), the authentication processing unit 80 executes an authentication process (step S702).
  • the secret information (user related information) to be managed by the server device 30 is input to the mobile phone 20 (step S703), the password, the identification information, the secret information, and the individual identification number are transferred from the terminal device 20 to the server. It is transmitted to the device 30 (step S704).
  • the server device 30 that has received the information from the mobile phone 20 generates a first encryption key from the received password (step S705), and encrypts the secret information with the generated first encryption key (step S706). ).
  • the server device 30 generates a second encryption key from the received individual identification number (step S707), and re-encrypts the secret information encrypted with the generated second encryption key (step S708).
  • the individual identification number, the first and second encryption keys, and the password are discarded (step S709), and finally, the re-encrypted secret information is associated with the identification information. And stored (step S710).
  • step S801 When the user operates the input unit 50 of the mobile phone 20 to input a password (authentication information) (step S801), the authentication processing unit 80 executes an authentication process (step S802). Then, the input password, identification information, and individual identification number are transmitted from the terminal device 20 to the server device 30 (step S803).
  • the server device 30 that has received the information from the mobile phone 20 generates a second encryption key from the received individual identification number (step S804), and is re-encrypted using the generated second encryption key.
  • the secret information is decrypted (step S805).
  • a first encryption key is generated using the password received from the mobile phone 20 (step S806), and the secret information encrypted using the generated first encryption key is decrypted (step S807). ).
  • the non-encrypted secret information obtained in this way is transmitted from the server device 30 to the mobile phone 20 (step S808) and displayed on the display unit 160 of the mobile phone 20 (step S809).
  • the secret information transmitted from the mobile phone 20 to the server device 30 is encrypted with the first encryption key generated based on the authentication information and based on the individual identification number.
  • the second encryption key generated in this way is re-encrypted and stored.
  • the individual identification number and the first and second encryption keys are discarded from the server device 30. Therefore, there is no information in the server device 30 for decrypting the re-encrypted secret information, and even the system administrator cannot know the contents of the secret information, and the secret information is safely stored. Can be managed.
  • the secret information is encrypted twice with the two different encryption keys, the first and second encryption keys, and stored, there is a possibility of leakage to a third party.
  • the secret information can be safely managed at a low level.
  • the user can register and browse the confidential information without performing any complicated operation just by entering the password and receiving authentication. Therefore, according to the present embodiment, it is possible to realize safe management of secret information without deteriorating user convenience.
  • the present invention is limited to such a configuration. Is not to be done.
  • the present invention can be applied even when a portable information terminal such as a PDA (Personal Digital Assistant) or various terminal devices such as a personal computer (hereinafter referred to as a personal computer) is used as such a terminal device. is there.
  • any of the configurations of the first to third embodiments can be applied to a system using any terminal device.
  • a mobile phone having a limited storage capacity is generally used as a terminal device
  • the system configuration as in the second and third embodiments in which processing such as encryption key generation is performed on the server device side is suitable. Yes.
  • the storage capacity of mobile phones has increased dramatically in recent years, there is no problem even if any configuration is applied when using such mobile phones.
  • the system configuration as in the first embodiment in which processing such as generation of an encryption key is performed on the terminal device side should be used. In such a case, the load on the server device side can be reduced and the present invention can be realized.
  • the secret information is encrypted with one encryption key or one set of encryption keys (a set of first and second encryption keys).
  • a plurality of encryption keys or a plurality of sets of encryption keys are generated using a character string of the number of characters, and encrypted with a different encryption key or a set of different encryption keys for each secret information item to be registered in the server device 30. Also good. For example, two types of encryption keys or two sets of encryption keys may be generated, and the title of the electronic mail and the content of the body may be encrypted with each encryption key or set of encryption keys.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

La présente invention concerne un système de gestion d'informations qui peut en toute sécurité stocker et gérer des informations liées à un utilisateur tout en améliorant la convivialité. Une clé de chiffrement est générée par un téléphone cellulaire (20) à partir d'un mot de passe et d'informations d'identification, des informations confidentielles sont chiffrées au moyen de la clé de chiffrement puis envoyées à un dispositif serveur (30), puis la clé de chiffrement est supprimée. Lorsqu'un utilisateur tente d'obtenir les informations confidentielles, la clé de chiffrement est à nouveau générée à partir du mot de passe et des informations d'identification, les informations confidentielles chiffrées sont lues dans le dispositif serveur (30) puis les informations confidentielles chiffrées sont décodées, par une unité de terminal (20), au moyen de la clé de chiffrement.
PCT/JP2009/067004 2008-10-01 2009-09-30 Système de gestion d'informations, unité de terminal, dispositif serveur et programme WO2010038763A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2008256464 2008-10-01
JP2008-256464 2008-10-01

Publications (1)

Publication Number Publication Date
WO2010038763A1 true WO2010038763A1 (fr) 2010-04-08

Family

ID=42073524

Family Applications (2)

Application Number Title Priority Date Filing Date
PCT/JP2009/067004 WO2010038763A1 (fr) 2008-10-01 2009-09-30 Système de gestion d'informations, unité de terminal, dispositif serveur et programme
PCT/JP2009/067005 WO2010038764A1 (fr) 2008-10-01 2009-09-30 Dispositif de chiffrement, procédé de chiffrement et programme

Family Applications After (1)

Application Number Title Priority Date Filing Date
PCT/JP2009/067005 WO2010038764A1 (fr) 2008-10-01 2009-09-30 Dispositif de chiffrement, procédé de chiffrement et programme

Country Status (1)

Country Link
WO (2) WO2010038763A1 (fr)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5485452B1 (ja) * 2012-08-02 2014-05-07 エヌ・ティ・ティ・コミュニケーションズ株式会社 鍵管理システム、鍵管理方法、ユーザ端末、鍵生成管理装置、及びプログラム
JP5969716B1 (ja) * 2016-01-13 2016-08-17 株式会社ショーケース・ティービー データ管理システム、データ管理プログラム、通信端末及びデータ管理サーバ
JP2016151822A (ja) * 2015-02-16 2016-08-22 富士通株式会社 ストレージシステム、ストレージ制御装置及びストレージ制御プログラム
US10432601B2 (en) 2012-02-24 2019-10-01 Nant Holdings Ip, Llc Content activation via interaction-based authentication, systems and method

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5688279B2 (ja) 2010-12-08 2015-03-25 ニュアンス コミュニケーションズ,インコーポレイテッド 秘匿情報をフィルタリングする情報処理装置、方法およびプログラム
JP5574550B2 (ja) * 2012-11-22 2014-08-20 京セラドキュメントソリューションズ株式会社 情報秘匿化方法および情報秘匿化装置

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002149608A (ja) * 2000-11-09 2002-05-24 Techno Brain:Kk 暗号の複合化による機密管理システム、暗号の複合化による機密管理方法及びその方法をコンピュータに実行させるプログラムを記録したコンピュータ読み取り可能な記録媒体
JP2005166033A (ja) * 2003-11-10 2005-06-23 Matsushita Electric Ind Co Ltd 機密情報管理システム、サーバ装置、端末装置
JP2006164096A (ja) * 2004-12-10 2006-06-22 Hitachi Ltd 暗号化データアクセス制御方法
JP2006211051A (ja) * 2005-01-25 2006-08-10 Trinity Security Systems Inc 携帯通信装置、バックアップ装置、バックアップ方法、およびバックアッププログラム
JP2007052698A (ja) * 2005-08-19 2007-03-01 Kddi Corp 暗号化された文書のためのインデックス生成および検索方法ならびに暗号化文書検索システム
WO2007142072A1 (fr) * 2006-06-09 2007-12-13 Heartland Co., Ltd. Dispositif terminal et système de gestion de données utilisant celui-ci

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPS63158663A (ja) * 1986-12-23 1988-07-01 Toshiba Corp 文書機密保護装置
JP3961760B2 (ja) * 2000-11-07 2007-08-22 沖電気工業株式会社 電子メール装置
JP2004287566A (ja) * 2003-03-19 2004-10-14 Fuji Xerox Co Ltd コンテンツ部分秘匿化装置及びこれを利用したコンテンツ流通システム
JP2009288856A (ja) * 2008-05-27 2009-12-10 Kyocera Corp 覗き見防止機能付き携帯端末

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002149608A (ja) * 2000-11-09 2002-05-24 Techno Brain:Kk 暗号の複合化による機密管理システム、暗号の複合化による機密管理方法及びその方法をコンピュータに実行させるプログラムを記録したコンピュータ読み取り可能な記録媒体
JP2005166033A (ja) * 2003-11-10 2005-06-23 Matsushita Electric Ind Co Ltd 機密情報管理システム、サーバ装置、端末装置
JP2006164096A (ja) * 2004-12-10 2006-06-22 Hitachi Ltd 暗号化データアクセス制御方法
JP2006211051A (ja) * 2005-01-25 2006-08-10 Trinity Security Systems Inc 携帯通信装置、バックアップ装置、バックアップ方法、およびバックアッププログラム
JP2007052698A (ja) * 2005-08-19 2007-03-01 Kddi Corp 暗号化された文書のためのインデックス生成および検索方法ならびに暗号化文書検索システム
WO2007142072A1 (fr) * 2006-06-09 2007-12-13 Heartland Co., Ltd. Dispositif terminal et système de gestion de données utilisant celui-ci

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
SUN EAST SYSTEM: "Browser e Drag dekiru Muryo", STORAGE KASHIKINKO.JP, 14 April 2008 (2008-04-14), Retrieved from the Internet <URL:http://web.archive.org/web/20080414234416/http://kashikinko.jp> [retrieved on 20091222] *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10432601B2 (en) 2012-02-24 2019-10-01 Nant Holdings Ip, Llc Content activation via interaction-based authentication, systems and method
US10841292B2 (en) 2012-02-24 2020-11-17 Nant Holdings Ip, Llc Content activation via interaction-based authentication, systems and method
US11503007B2 (en) 2012-02-24 2022-11-15 Nant Holdings Ip, Llc Content activation via interaction-based authentication, systems and method
JP5485452B1 (ja) * 2012-08-02 2014-05-07 エヌ・ティ・ティ・コミュニケーションズ株式会社 鍵管理システム、鍵管理方法、ユーザ端末、鍵生成管理装置、及びプログラム
JP2016151822A (ja) * 2015-02-16 2016-08-22 富士通株式会社 ストレージシステム、ストレージ制御装置及びストレージ制御プログラム
JP5969716B1 (ja) * 2016-01-13 2016-08-17 株式会社ショーケース・ティービー データ管理システム、データ管理プログラム、通信端末及びデータ管理サーバ

Also Published As

Publication number Publication date
WO2010038764A1 (fr) 2010-04-08

Similar Documents

Publication Publication Date Title
KR100969241B1 (ko) 네트워크 상의 데이터 관리 방법 및 시스템
CN101118586B (zh) 数据处理设备和数据处理方法
US8874929B2 (en) Cross domain discovery
US9191811B2 (en) Method and system for managing information on mobile devices
JP4597784B2 (ja) データ処理装置
WO2008030184A1 (fr) Systeme d&#39;authentification perfectionne
CA3156555C (fr) Gestion de cle cryptographique
WO2010038763A1 (fr) Système de gestion d&#39;informations, unité de terminal, dispositif serveur et programme
KR100954841B1 (ko) 모바일 기기에서의 통합형 데이터 관리 방법, 그 장치 및이를 기록한 기록 매체
CN110771190A (zh) 对数据的控制访问
EP1830296A1 (fr) Téléphone portable et programme pour l&#39;envoi et la réception de courrier électronique crypté
KR101485968B1 (ko) 암호화된 파일 접근 방법
US8781128B2 (en) Method and device for automatically distributing updated key material
WO2018142291A1 (fr) Vérification d&#39;identité
KR100842014B1 (ko) 다수의 장치로부터 네트워크 저장 장치상의 보호 데이터에대한 접근
Chang et al. An improved user authentication and key agreement scheme providing user anonymity
JP5257202B2 (ja) 情報提供システム
EP2418800B1 (fr) Procédé et dispositif pour distribuer automatiquement un matériau de touche mis à jour
TWI237483B (en) Mobile phone with file encrypting function and method of file encryption thereof
JP2002041523A (ja) 電子メール検索型データベースシステム及び電子メールを用いたデータベース検索方法
CN113906423A (zh) 身份验证程序、身份验证方法、用户终端和用户认证程序
JP2005202825A (ja) 検索システム、データベースシステム、プログラム、及び記憶媒体
JP2005252444A (ja) ファイルの暗号化方法および復号化方法および制御プログラム
KR20070116293A (ko) 데이터에 대한 접근을 제어하는 방법 및 시스템

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09817795

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09817795

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: JP