WO2016199812A1 - Data processing device, data transmission method, and computer program - Google Patents

Data processing device, data transmission method, and computer program Download PDF

Info

Publication number
WO2016199812A1
WO2016199812A1 PCT/JP2016/067062 JP2016067062W WO2016199812A1 WO 2016199812 A1 WO2016199812 A1 WO 2016199812A1 JP 2016067062 W JP2016067062 W JP 2016067062W WO 2016199812 A1 WO2016199812 A1 WO 2016199812A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
encryption
encrypted
unit
random number
Prior art date
Application number
PCT/JP2016/067062
Other languages
French (fr)
Japanese (ja)
Inventor
梅野 健
大浦 佑次
Original Assignee
国立大学法人京都大学
パテネット株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 国立大学法人京都大学, パテネット株式会社 filed Critical 国立大学法人京都大学
Publication of WO2016199812A1 publication Critical patent/WO2016199812A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • H04L9/0656Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
    • H04L9/0662Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher with particular pseudorandom sequence generator
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/30Compression, e.g. Merkle-Damgard construction
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/34Encoding or coding, e.g. Huffman coding or error correction

Definitions

  • the present invention relates to a data processing device, a data transmission method, and a computer program.
  • the present invention has been made in view of such circumstances, and an object of the present invention is to provide a data processing apparatus, a data transmission method, and a computer program capable of reducing the time required for processing to encrypt and transmit data.
  • a data processing device is a data processing device that compresses and encrypts data and transmits the data to another device, the data dividing unit configured to divide the data and generate a plurality of divided data; Encrypted using a data compression unit that generates multiple compressed data by reversibly compressing each of the divided data, and a multidimensional data encryption algorithm that encrypts multidimensional data with each of multiple encryption target data as elements A data encryption unit that transmits the plurality of encrypted data to the other device, and the data encryption unit provides the plurality of compressed data as elements of the multidimensional data. And generating a plurality of encrypted data by encrypting the plurality of compressed data using the multi-dimensional data encryption algorithm.
  • the plurality of pieces of the plurality of pieces of encrypted data are set such that a period for generating one piece of encrypted data and a period for producing pieces of encrypted data other than the one piece of encrypted data overlap each other.
  • the encrypted data is generated, and the transmission control unit transmits the generated encrypted data to the other device every time the plurality of encrypted data is generated.
  • the period for generating at least one encrypted data and another encrypted data overlaps, so that one encrypted data and the other encrypted data are sequentially encrypted.
  • the time required for encryption can be shortened as compared with the case of doing so.
  • the transmission control unit transmits the generated encrypted data to another device, so that transmission is not performed until all of the plurality of pieces of encrypted data are generated. Can do.
  • the waiting time for encryption can be compressed compared with the case where transmission is performed after waiting for all of the plurality of divided data to be transmitted to be encrypted.
  • the time required can be shortened. As described above, according to this configuration, it is possible to reduce the time required for the process of encrypting and transmitting data.
  • the data encryption unit generates a plurality of encrypted data by sequentially encrypting the plurality of compressed data, and starts generation of the plurality of encrypted data at a sequentially delayed timing. Generating the plurality of encrypted data such that the generation periods of the plurality of encrypted data overlap each other between adjacent encrypted data, and the transmission control unit generates the plurality of encrypted data.
  • the plurality of encrypted data may be transmitted so as to be transmitted to each other.
  • the data encryption unit includes a random number data generation unit that generates a plurality of random number data used for encryption of each of the plurality of compressed data, and the random number data generation unit includes the plurality of random number data.
  • the next random number data is generated based on one random number data, and the data encryption unit sequentially generates the plurality of encrypted data each time the random number data generation unit generates the random number data.
  • the timing of starting the generation of the subsequent encrypted data may be set to a timing after a period necessary for generating the random number data from the timing of starting the generation of the previous encrypted data.
  • the data encryption unit generates a plurality of encrypted data by sequentially encrypting the plurality of compressed data, and starts generation of the plurality of encrypted data at a sequentially delayed timing.
  • the plurality of encrypted data is generated so as to start generation of the last generated encrypted data during a period of generating the first generated encrypted data among the plurality of encrypted data. May be.
  • the periods for generating the plurality of encrypted data overlap each other. As a result, the time required for the process of encrypting and transmitting data can be further shortened.
  • the data encryption unit includes a random number data generation unit that generates a plurality of random number data used for encryption of each of the plurality of compressed data, and the plurality of random number data generated by the random number data generation unit. And the data encryption unit may generate the plurality of encrypted data using the plurality of random number data stored in the storage unit. In this case, a period for generating random number data is not required when generating a plurality of encrypted data. As a result, the time required for the process of encrypting and transmitting data can be further shortened.
  • a data processing device is a data processing device that compresses and encrypts data and transmits the data to another device, and divides the data to generate a plurality of divided data
  • a data compression unit that generates a plurality of compressed data by reversibly compressing each of the plurality of divided data, and a plurality of the plurality of compressed data by encrypting the plurality of compressed data as a plurality of data using a multidimensional data encryption algorithm.
  • a transmission control unit for transmission.
  • a data transmission method is a data transmission method for compressing and encrypting data and transmitting the data to another device, the data dividing step of dividing the data to generate a plurality of divided data, Using a data compression step for generating a plurality of compressed data by reversibly compressing each of the plurality of divided data, and a multi-dimensional data encryption algorithm for encrypting multi-dimensional data having each of the plurality of encryption target data as elements
  • a data encryption step for encrypting, and a transmission control step for transmitting the plurality of encrypted data to the other device, wherein the data encryption step is provided as an element of the multi-dimensional data.
  • a plurality of encrypted data is encrypted by encrypting the compressed data using the multi-dimensional data encryption algorithm.
  • the plurality of encrypted data is generated, and the transmission control step transmits the generated encrypted data to the other device each time the plurality of encrypted data is generated.
  • a computer program is a computer program for causing a computer to execute a data transmission process of compressing and encrypting data and transmitting the data to another device.
  • the computer program divides the data into a plurality of data.
  • the converting step is given as an element of the multi-dimensional data.
  • the transmission control step includes: Is a computer program that transmits the generated encrypted data to the other device each time.
  • the computer program further includes an instruction for executing the process of encrypting the plurality of compressed data and generating the plurality of encrypted data in the data encryption step for each of the plurality of compressed data.
  • (A) is a conceptual diagram of the data compression / encryption processing according to the present embodiment
  • (b) is a conceptual diagram of the data restoration processing according to the present embodiment.
  • FIG. 1 is a schematic configuration diagram of a data management system.
  • the data management system includes a data server 1, a plurality of terminals 2, and a backup server 3.
  • the data server 1 is communicably connected to a plurality of terminals 2 via a LAN (Local Area Network) or the Internet 4.
  • the data server 1 is connected to the backup server 3 via the Internet 4 so as to be communicable with each other.
  • LAN Local Area Network
  • the data server 1 when the data server 1 accepts a data accumulation request from at least one of the plurality of terminals 2, the data server 1 accepts and accumulates user data transmitted from the terminal 2 that has transmitted the data accumulation request. To do.
  • the data server 1 when the data server 1 accepts a data withdrawal request from at least one of the plurality of terminals 2, the data server 1 transmits user data stored therein to the terminal 2 that has transmitted the data withdrawal request.
  • the data server 1 also has a function of transmitting user data to the backup server 3 when receiving and storing user data transmitted from the terminal 2, and storing and storing the user data as backup data in the backup server 3. Yes. That is, the data server 1 has a function as a main data center, and the backup server 3 has a function as a data backup data center.
  • the terminal 2 is constituted by an information processing apparatus such as a personal computer provided with a storage device (not shown) such as a CPU (not shown) or a memory, for example, and user data stored in the terminal 2 is stored.
  • a function for transmitting a storage request for requesting storage to the data server 1 to the data server 1, a function for transmitting user data to be stored to the data server 1, and for extracting stored user data from the data server 1 The function of transmitting the data withdrawal request to the data server 1 and the function of accepting user data transmitted from the data server 1 in response to the data withdrawal request.
  • the backup server 3 is constituted by an information processing device such as a workstation or a personal computer provided with a storage device (not shown) such as a CPU (not shown), a memory, and a hard disk, for example. It has a function of receiving and storing data to be transmitted for backup. The backup server 3 also has a function of transmitting stored and accumulated data to the data server 1 in response to a request from the data server 1.
  • the data server 1 includes a control device 11 as a data processing device, a storage device 12, and a communication device 13.
  • the storage device 12 has a function of storing data transmitted from the terminal 2, and is composed of an external storage device such as a hard disk.
  • the communication device 13 has a function for communication connection with the terminal 2 and the backup server 3, and is configured by a LAN interface, for example.
  • the control device 11 stores user data transmitted and given from the terminal 2 in the storage device 12 and accumulates it, or transmits data transmitted from the terminal 2 to the backup server 3.
  • the control device 11 is constituted by a personal computer, for example, and has a CPU (not shown) and a memory (not shown). Various functions of the control device 11 are realized by the CPU executing predetermined computer programs read into the memory. Note that at least a part of the control device 11 may be configured by an integrated circuit such as an FPGA (Field Programmable Gate Array).
  • FPGA Field Programmable Gate Array
  • the control device 11 functionally includes a data control unit 15 and an encryption processing unit 16.
  • the encryption processing unit 16 has a function of dividing user data given from the terminal 2, compressing the divided divided data, and performing encryption processing (data compression / encryption processing).
  • the encryption processing unit 16 has a function of performing processing (data recovery processing) for decrypting and expanding the encrypted data that has been divided and compressed and encrypted by the encryption processing unit 16 and combining them to restore the original user data. Also have.
  • the data control unit 15 causes the encryption processing unit 16 to perform data compression / encryption processing on the user data given from the terminal 2 in response to a storage request or withdrawal request from the terminal 2, and the encrypted encrypted data is
  • the storage device 12 has a function of sending and storing the restored user data by reading the encrypted data stored in the storage device 12 and reading the encrypted data and causing the encryption processing unit 16 to perform data restoration processing. ing. Further, the data control unit 15 has a function of performing backup processing in which the encrypted data generated by the encryption processing unit 16 is transmitted to the backup server 3 via the Internet 4 and stored and stored in the backup server 3. Yes.
  • the data control unit 15 transmits the encrypted data stored and accumulated in the backup server 3 to the backup server 3 and retrieves it, stores it in the storage device 12, or performs the data restoration process in the encryption processing unit 16 as it is. It also has a function of performing the transmission to the terminal 2.
  • the data control unit 15 performs control related to the exchange of user data and encrypted data with the terminal 2 and the backup server 3.
  • FIG. 2 is a block diagram illustrating a configuration of the encryption processing unit 16.
  • the encryption processing unit 16 divides, compresses, and encrypts the user data to generate a plurality of encrypted data.
  • the encryption processing unit 16 decrypts, expands, and combines the encrypted data to generate original user data.
  • the encryption processing unit 16 gives the generated plurality of encrypted data and user data to the data control unit 15.
  • the encryption processing unit 16 includes a data division unit 20, a data compression unit 21, a data encryption unit 22, a data decryption unit 23, a data expansion unit 24, and a data combination unit 25.
  • the encryption processing unit 16 further includes a secret key holding unit 26 that holds a secret key used by the data encryption unit 22 and the data decryption unit 23.
  • the data dividing unit 20 divides the user data into a predetermined length and generates a plurality of divided data.
  • the data dividing unit 20 divides user data into a plurality of pieces of divided data having a predetermined length, the data dividing unit 20 gives the plurality of divided data to the data compression unit 21.
  • the data compressing unit 21 compresses each given divided data by parallel processing.
  • the data compression unit 21 compresses data using a reversible compression algorithm. Specifically, the data compression unit 21 performs lossless compression processing of data using a compression algorithm such as LZ77 (Lempel-Ziv) or LZSS (Lemple-Ziv-Storer-Symanski). Then, the data compression unit 21 gives the compressed data obtained by the process of compressing the data to the data encryption unit 22.
  • the data encryption unit 22 performs an encryption process using a multi-dimensional data encryption algorithm on the compressed data given from the data compression unit 21.
  • the data encryption unit 22 performs encryption processing by regarding a plurality of compressed data as multidimensional data. Then, the data encryption unit 22 gives the encrypted compressed data (hereinafter referred to as “encrypted data”) to the data control unit 15.
  • the data decrypting unit 23 performs a decryption process using an encryption method on the plurality of encrypted data. Apply. Then, the data decryption unit 23 provides the data decompression unit 24 with the compressed data obtained by performing decryption processing on the plurality of encrypted data.
  • FIG. 3 is a block diagram of the data encryption unit 22 and the data decryption unit 23.
  • the data encryption unit 22 includes an encryption operation unit 22a and an encryption random number generation unit 22b.
  • the encryption random number generation unit 22b generates a plurality of random number data used for encryption of each of the plurality of compressed data based on the secret key held by the secret key holding unit 26.
  • the secret key holding unit 26 holds, for example, N (N is a natural number) secret keys.
  • the encryption random number generation unit 22 b obtains a secret key from the secret key holding unit 26 when the compressed data is given from the data compression unit 21.
  • the random number generator for encryption 22b generates the required number of random number data in the range of N or more M (M is a natural number) for encryption from the N secret keys.
  • FIG. 4 is a block diagram showing a configuration of the encryption random number generator 22b.
  • the encryption random number generator 22b includes an initial value generator 31, a first storage 32, a second storage 33, a first calculator 34, a second calculator 35, and an output unit. 36.
  • the initial value generation unit 31 generates an initial value of the first vector x and an initial value of the second vector y when given a secret key.
  • the initial value generation unit 31 provides the first vector x, which is an initial value, to the first storage unit 32 and also provides the second vector y, which is an initial value, to the second storage unit 33.
  • the first storage unit 32 stores this and also gives it to the first calculation unit 34.
  • the three vectors x ′ are given to the output unit 36 and the second calculation unit 35.
  • the second storage unit 33 stores this and also gives it to the second calculation unit 35.
  • the output unit 36 generates a vector z obtained by combining the third vector x ′ and the fourth vector y ′, and supplies this to the encryption operation unit 22a as random number data.
  • the first calculation unit 34 gives the obtained third vector x ′ to the first update unit 37.
  • the first update unit 37 gives the third vector x ′ to the first storage unit 32 as the first vector x.
  • the first storage unit 32 discards the past first vector x and stores the newly given first vector x.
  • the first storage unit 32 gives the first vector x given from the first update unit 37 to the first calculation unit 34.
  • the second calculator 35 gives the obtained fourth vector y ′ to the second updater 38.
  • the second update unit 38 gives the fourth vector y ′ to the second storage unit 33 as the second vector y.
  • the second storage unit 33 discards the past second vector y and stores the newly given second vector y.
  • the second storage unit 33 gives the second vector y given from the second update unit 38 to the second calculation unit 35.
  • the first calculation unit 34 and the second calculation unit 35 provide the third vector x ′ and the fourth vector y ′ to the output unit 36.
  • the output unit 36 generates the next vector z and gives the next random number data to the encryption operation unit 22a.
  • first rational vector map f and the second rational vector map g a rational map derived by the addition theorem of an elliptic function can be used.
  • the encryption random number generator 22b uses the third vector x ′ and the fourth vector y ′ calculated from the first vector x and the second vector y to obtain one random number data, While updating as the first vector x and the second vector y used for the calculation for obtaining the random number data, the necessary number of random number data is sequentially generated and given to the encryption operation unit 22a.
  • the random number generator for encryption 22b since the random number generator for encryption 22b generates the next random number data based on the one random number data, the next random number data is generated after the one random number data is generated.
  • the random number generator 22b for encryption gives the random number data generated every time random number data is generated to the encryption calculator 22a.
  • the generation of random number data by the encryption random number generator 22b is described in Japanese Patent No. 3030341.
  • the encryption operation unit 22a performs the encryption operation using the compressed data given from the data compression unit 21 and the random number data given from the encryption random number generation unit 22b, thereby obtaining the encrypted data. Is generated.
  • the encryption operation unit 22a calculates an exclusive OR of the compressed data and the random number data as the encryption operation.
  • the encryption operation is not limited to the exclusive OR calculation.
  • the encryption operation unit 22a generates encryption data by performing encryption operation using the compressed data and the random number data. Therefore, each time the random number data is given from the encryption random number generation unit 22b, each of the compressed data The encryption operation is started for, and encrypted data is generated. Therefore, the encryption operation unit 22a of the data encryption unit 22 sequentially generates a plurality of encryption data every time random number data is given. The encryption operation unit 22a gives the generated data to the data control unit 15 every time encrypted data is generated.
  • the encryption processing unit 16 performs data compression / encryption processing on the user data given from the data control unit 15, generates a plurality of encrypted data, and gives the data control unit 15.
  • the data decryption unit 23 includes a decryption calculation unit 23a and a decryption random number generation unit 23b. Based on the secret key held by the secret key holding unit 26, the decryption random number generation unit 23b generates a plurality of random number data used for decoding each of the plurality of encrypted data.
  • the decryption random number generator 23 b obtains the secret key from the secret key holding unit 26 when the encrypted data is given from the data control unit 15.
  • the decryption random number generator 23b generates a necessary number of random number data in the range of M for decryption from the N secret keys.
  • the configuration of the decryption random number generator 23b is the same as that of the encryption random number generator 22b. Therefore, the description is omitted here.
  • the decryption operation unit 23a performs decryption operation using the plurality of encrypted data provided from the data control unit 15 and the random number data provided from the decryption random number generating unit 23b, thereby decrypting the plurality of encrypted data and compressing the compressed data. Is generated.
  • the decryption operation unit 23a calculates, for example, an exclusive OR of encryption data and random number data as a decryption operation. Note that the encryption operation is not limited to exclusive OR.
  • the decryption operation unit 23 a gives the generated plurality of compressed data to the data expansion unit 24.
  • the data decompression unit 24 decompresses each of the given plurality of compressed data by parallel processing.
  • the data expansion unit 24 expands data using the above-described lossless compression algorithm.
  • the data expansion unit 24 gives the expansion data obtained by the data expansion process to the data combining unit 25.
  • the data combining unit 25 combines a plurality of expanded data given from the data expanding unit 24 to generate original user data.
  • the encryption processing unit 16 performs data restoration processing on the plurality of encrypted data provided from the data control unit 15 and restores original user data from the plurality of encrypted data.
  • FIG. 5 is a sequence diagram showing processing related to the exchange of user data between the data server and the terminal in the data management system according to the present embodiment.
  • step S1 assume that the terminal 2 transmits to the data server 1 a data storage request for requesting that the user data held by the terminal 2 be stored in the data server 1 (step S1). Then, the data control unit 15 of the data server 1 accepts the data accumulation request transmitted from the terminal 2, and transmits a notification (accumulation of accumulation) that permits accumulation when it is determined that accumulation is possible (step S2).
  • the terminal 2 that has accepted the storage permission transmits user data held by itself to the data server 1 (step S3).
  • the data control unit 15 of the data server 1 stores part or all of the user data given from the terminal 2 in, for example, a data buffer in a memory included in the control device 11.
  • the data control unit 15 identifies a storage area in the storage device 12 in which user data transmitted from the terminal 2 is written (step S4).
  • the data control unit 15 of the data server 1 causes the encryption processing unit 16 to perform data compression / encryption processing on the user data to generate a plurality of encrypted data corresponding to the user data (step S5).
  • the data control unit 15 writes the plurality of encrypted data in the storage device 12.
  • the terminal 2 transmits a data withdrawal request for requesting that the terminal 2 retrieves user data stored in the data server 1 to the data server 1 (step S6).
  • the data control unit 15 of the data server 1 receives the data withdrawal request transmitted from the terminal 2 and specifies a storage area in the storage device 12 in which a plurality of encrypted data corresponding to the user data of the terminal 2 is stored. (Step S7).
  • the data control unit 15 of the data server 1 reads a plurality of encrypted data corresponding to the user data of the terminal 2, and causes the encryption processing unit 16 to perform a data restoration process on the plurality of encrypted data to restore the user data. (Step S8). Thereafter, the data control unit 15 transmits the restored user data to the terminal 2 (step S8).
  • FIG. 6A is a conceptual diagram of data compression / encryption processing according to the present embodiment.
  • the data dividing unit 20 of the encryption processing unit 16 divides user data into a plurality of divided data (four in the illustrated example).
  • the data compression unit 21 performs lossless compression of the plurality of divided data by parallel processing, and generates a plurality of compressed data.
  • the plurality of compressed data constitutes multidimensional data.
  • the data encryption unit 22 performs encryption on a plurality of compressed data by parallel processing based on a multi-dimensional data encryption algorithm.
  • a multi-dimensional data encryption algorithm encryption is performed using an arbitrary-dimensional parallel-capable chaos encryption reversible algorithm that can encrypt an arbitrary-dimensional rational vector by parallel processing.
  • a plurality of compressed data is obtained by a chaotic encryption method that encrypts N-dimensional (N is a natural number and N ⁇ M) rational number vectors using M secret keys (M is a natural number). Is encrypted. That is, rational vector of arbitrary N ( ⁇ M) dimensions is encrypted collectively.
  • the “rational vector” is a multi-dimensional vector having each of a plurality of compressed data as elements. If the number of the plurality of compressed data is N, each of the plurality of compressed data is encrypted using N random number data generated from N or less M secret keys.
  • the chaotic encryption method is described in Japanese Patent No. 3030341, Japanese Patent No. 4219629, and Japanese Patent Application Laid-Open No. 2011-35800.
  • the data encryption unit 22 encrypts a plurality of compressed data by parallel processing.
  • the time required for the data encryption process can be shortened compared to a configuration in which the encryption processing unit 16 individually encrypts a plurality of compressed data in order.
  • FIG. 6B is a conceptual diagram of data restoration processing according to the present embodiment.
  • the data decryption unit 23 of the encryption processing unit 16 decrypts each of the plurality of encrypted data by parallel processing based on the multi-dimensional data encryption algorithm, thereby generating a plurality of compressed data.
  • the plurality of encrypted data constitutes multi-dimensional data.
  • the data expansion unit 24 generates a plurality of decompressed data by performing decompression of each of the plurality of compressed data by parallel processing.
  • the data combining unit 25 combines the plurality of decompressed data to restore the data.
  • the data decryption unit 23 decrypts a plurality of encrypted data by parallel processing. Thereby, for example, the time required for the data restoration processing can be shortened as compared with a configuration in which the data decryption unit 23 individually decrypts a plurality of pieces of encrypted data in order.
  • FIG. 7 is a sequence diagram illustrating a backup process performed by the data server 1.
  • FIG. 7 shows a case where the data server 1 transmits user data requested to be stored from the terminal 2 to the backup server 3 for backup.
  • the terminal 2 first transmits a data storage request to the data server 1 (step S11).
  • the data control unit 15 of the data server 1 stores data for requesting the backup server 3 to store data to be backed up by the backup server 3.
  • a request is transmitted (step S12).
  • the backup server 3 receives the data accumulation request transmitted from the data server 1 and, if it determines that accumulation is possible, transmits a notification (accumulation permission) to permit accumulation to the data server 1 (step S13).
  • the data control unit 15 of the data server 1 that has received the storage permission from the backup server 3 transmits to the terminal 2 a notification (storage permission) that the storage is permitted to the terminal 2 (step S14).
  • the terminal 2 that has accepted the storage permission transmits the user data held by itself to the data server 1 (step S15).
  • the data control unit 15 of the data server 1 temporarily stores part or all of the user data given from the terminal 2 in, for example, a data buffer in a memory included in the control device 11.
  • the data control unit 15 gives user data to the encryption processing unit 16 in order to cause the encryption processing unit 16 to perform data compression / encryption processing.
  • the encryption processing unit 16 divides and compresses the user data to generate a plurality of compressed data (step S16). Thereafter, the data encryption unit 22 of the encryption processing unit 16 starts encryption of the plurality of compressed data (step S17).
  • the data encryption unit 22 (the encryption operation unit 22a) provides the data control unit 15 (FIG. 1) with the encrypted data generated every time the encrypted data is generated. Therefore, a plurality of encrypted data is sequentially given to the data control unit 15.
  • the data control unit 15 transmits the one encrypted data to the backup server 3 without waiting for another encrypted data to be generated and provided when one encrypted data is generated and given from among the plurality of encrypted data. To do.
  • step S18 when the data encryption unit 22 generates the first encrypted data among a plurality of encrypted data and gives it to the data control unit 15, the data control unit 15 performs backup without waiting for other encrypted data to be provided.
  • the transmission of encrypted data toward the server 3 is started (step S18).
  • FIG. 8 is a time chart when the encryption processing unit 16 starts encryption and the data control unit 15 transmits encrypted data.
  • FIG. 8 shows a case where four pieces of encrypted data (encrypted data 1 to 4) are generated in parallel from four pieces of compressed data (compressed data 1 to 4).
  • the encryption processing unit 16 causes the data encryption unit 22 to encrypt the four compressed data.
  • the data encryption unit 22 performs encryption using a multi-dimensional data encryption algorithm that encrypts multi-dimensional data having each of a plurality of encryption target data as elements.
  • the encryption target data is data to be encrypted by the data encryption unit 22.
  • the data encryption unit 22 encrypts the four compressed data (compressed data 1 to 4) given from the data compressing unit 21 by using a multi-dimensional data encryption algorithm, thereby four encrypted data (encrypted data 1 to 4). 4) is generated. That is, four compressed data are given to the data encryption unit 22 as elements of multidimensional data.
  • periods P1 to P4 are periods for generating random data
  • periods Q1 to Q4 are periods for encrypting compressed data to generate encrypted data
  • periods R1 to R4 are for encrypting data.
  • a period for transmission to the backup server 3 is shown.
  • the encryption processing unit 16 When the encryption processing unit 16 starts encryption at the start point of the period P1 (step S17 in FIG. 8), the encryption processing unit 16 first obtains a secret key and generates random number data used for encryption of the first compressed data 1. Start. In FIG. 8, the encryption processing unit 16 generates random number data used for encryption of the compressed data 1 in the period P1. Here, as the random number data used for encryption by the data encryption unit 22, the next random number data is generated based on one random number data as described above (FIG. 4).
  • the encryption processing unit 16 (the encryption random number generation unit 22b) generates random number data used for encryption of the compressed data 1 in the period P1, and then in the period P2 immediately after the period P1, the compressed data 1
  • the random number data for the compressed data 2 is generated based on the random number data.
  • the encryption processing unit 16 After generating the random number data for the compressed data 2 in the period P2, the encryption processing unit 16 generates the random number data for the compressed data 3 based on the random number data for the compressed data 2 in the period P3 immediately after the end of the period P2. To do.
  • the encryption processing unit 16 After generating the random number data for the compressed data 3 in the period P3, the encryption processing unit 16 generates the random number data for the compressed data 4 based on the random number data for the compressed data 3 in the period P4 immediately after the end of the period P3. Is generated.
  • the encryption processing unit 16 When the encryption processing unit 16 generates random number data used for encryption of each compressed data in each period P1, P2, P3, P4, the random number data is used in each subsequent period Q1, Q2, Q3, Q4. Encryption is performed to generate encrypted data 1, 2, 3, and 4.
  • the encryption processing unit 16 generates the next random number data based on the one random number data, and therefore generates the random number data used for each of the compressed data 2 to 4 and starts the encryption (period
  • the respective starting points of P2 to P4 are sequentially delayed by a period (P1 to P3) necessary for generating random number data.
  • the encryption of the compressed data 1 that has been encrypted at the earliest timing is completed first, and the compressed data 2 is sequentially added. Encryption is completed in the order of 3, 4 and 4. In this example, it is assumed that the divided data (compressed data) has substantially the same length (data amount).
  • the encryption processing unit 16 gives the encrypted data to the data control unit 15 every time encryption is completed and encrypted data is generated. As described above, when one encrypted data is generated and given from among a plurality of encrypted data, the data control unit 15 does not wait for the other encrypted data to be generated and given, and then sends the one encrypted data to the backup server. 3 to send.
  • the encryption processing unit 16 gives the encrypted data 1 generated in the period Q1 to the data control unit 15, the data control unit 15 does not wait for generation of the other encrypted data 2 to 4 and waits for the period.
  • the encrypted data 1 is transmitted. That is, the data control unit 15 starts transmission of encrypted data toward the backup server 3 at the start point of the period R1 (step S18 in FIG. 8).
  • the data control unit 15 sends the provided encrypted data to the backup server 3 without waiting for generation of other encrypted data. Send sequentially.
  • the encryption processing unit 16 When the encryption processing unit 16 generates the encryption data 4 in the period Q4, the encryption processing unit 16 finishes encryption of all the compressed data. Therefore, the encryption processing unit 16 finishes the encryption of the user data at the end point of the period Q4 (step S19 in FIG. 8).
  • the data control unit 15 receives the encrypted data 4 from the encryption processing unit 16 and ends the transmission of all the encrypted data when the transmission of the encrypted data 4 is completed in the period R4. Therefore, the data control unit 15 finishes transmitting the encrypted data at the end point of the period R4 (step S20 in FIG. 8).
  • the data control unit 15 when the data control unit 15 as the transmission control unit generates and gives one encrypted data among the plurality of encrypted data, the data control unit 15 does not wait for another encrypted data to be generated and given. Since the encrypted data is transmitted to the backup server 3 as another device, the encrypted data can be transmitted without waiting for all of the plurality of encrypted data to be generated. For this reason, the waiting time for encryption can be compressed and the time required for the transmission processing of user data, compared to the case where transmission is performed after waiting for all of the plurality of divided data to be encrypted. Can be shortened.
  • the data control unit 15 waits for transmission of the encrypted data until the timing of step S19 in FIG. In order to start data transmission, a period for transmitting a maximum of three encrypted data indicated by a broken line is required after step S20 in FIG. 8.
  • a period for transmitting a maximum of three encrypted data indicated by a broken line is required after step S20 in FIG. 8.
  • the period indicated by the broken line can be shortened.
  • a plurality of encrypted data is transmitted from the data server 1 to the backup server 3 through the Internet 4, and the plurality of encrypted data is obtained by encrypting a plurality of divided data obtained by dividing user data. Since it is obtained, even if a third party obtains encrypted data, it can be prevented from being easily restored to the original user data.
  • the data server 1 transmits a transmission end notification to the backup server 3 (step S21).
  • the backup server 3 that has received the transmission end notification recognizes that all the encrypted data has been received, and accumulates the plurality of encrypted data.
  • the data control unit 15 When the data control unit 15 generates each encrypted data, the data control unit 15 temporarily stores the generated plurality of encrypted data in a data buffer or the like in a memory included in the control device 11. After completing the transmission of the encrypted data to the backup server 3, the data control unit 15 gives the plurality of encrypted data temporarily stored in the data buffer to the storage device 12 of the data server 1 for storage (step). S22). As a result, the data server 1 can cause the backup server 3 to back up the user data that is encrypted data while accumulating the user data that is encrypted data.
  • the storage of the encrypted data in the storage device 12 may be performed at any time after the encrypted data is generated, may be performed sequentially each time each encrypted data is generated, or the encrypted data is transmitted. You may go right after it is finished.
  • the backup processing in which the data server 1 backs up the user data requested to be stored from the terminal 2 to the backup server ends.
  • the data server 1 When extracting the encrypted data stored in the backup server 3, the data server 1 transmits a withdrawal request to the backup server 3.
  • the data request can be sent by the data server 1 voluntarily, or the terminal 2 can cause the data server 1 to send a data withdrawal request to the backup server 3.
  • the backup server 3 accepts the withdrawal request, the backup server 3 transmits the encrypted data corresponding to the request to the requesting data server 1.
  • the data server 1 that has received the encrypted data from the backup server 3 can restore the user data by performing decryption, expansion, and combination.
  • the data server 1 gives the restored user data to the terminal 2.
  • the control device 11 (data processing device) included in the data server 1 of the present embodiment divides user data given from the terminal 2 and generates a plurality of divided data, and a plurality of divided data, respectively.
  • a data compression unit 21 that generates a plurality of compressed data by reversible compression, and a data encryption that generates encrypted data by encrypting the plurality of compressed data as multidimensional data using a multidimensional data encryption algorithm
  • Data control for transmitting the one encrypted data to the backup server 3 (another device) without waiting for the generation of the other encrypted data when one encrypted data is generated from the unit 22 and the plurality of encrypted data Unit 15 (transmission control unit).
  • the data dividing unit 20 divides user data to generate a plurality of divided data, and the data compression unit generates a plurality of compressed data by reversibly compressing each of the plurality of divided data.
  • the data encryption unit 22 encrypts a plurality of compressed data as multidimensional data.
  • the data encryption part 22 can employ
  • the data control unit 15 transmits one encrypted data to the backup server 3 without waiting for the generation of the other encrypted data when one encrypted data is generated among the plurality of encrypted data. It is possible to transmit without waiting for all the encrypted data to be generated. Therefore, it is possible to compress the waiting time for encryption as compared with the case where user data is encrypted without being divided, or when waiting for all the divided data to be encrypted and transmitted. And the time required for the user data transmission process can be shortened. As described above, according to this embodiment, it is possible to reduce the time required for the process of encrypting and transmitting user data.
  • the backup server 3 may be connected to the data server 1 so as to be communicable. It may be connected to the data server 1 by LAN or telephone communication.
  • the case where the data server 1 transmits encrypted data to one backup server 3 and the encrypted data is stored in the backup server 3 is exemplified.
  • a plurality of pieces of encrypted data generated from one user data may be distributed and stored. Thereby, it can suppress more effectively that encryption data is easily decompress
  • the data encryption unit 22 sequentially generates four encrypted data by sequentially encrypting four compressed data, and sequentially generates four encrypted data.
  • the four ciphers are started at a delayed timing, and the generation of the cipher data 4 generated last is started during the period Q1 of the cipher data 1 generated first among the four cipher data. Generate data.
  • the periods Q1 to Q4 for generating the four encrypted data 1 to 4 overlap each other. That is, the period Q1 for generating the encrypted data 1 overlaps with the other periods Q2, Q3, and Q4. Similarly, the period Q2 also overlaps with the other periods Q1, Q3, and Q4. As described above, since all the periods Q1 to Q4 for generating the four encrypted data 1 to 4 overlap each other, the time required for the process of encrypting and transmitting the data can be further shortened.
  • control device 11 various functions of the control device 11 are realized by the CPU executing a predetermined computer program read into the memory.
  • the control device 11 functionally includes a data control unit 15 and an encryption processing unit 16 when the CPU of the control device 11 executes the computer program.
  • the encryption processing unit 16 includes a data dividing unit 20 that generates a plurality of divided data, a data compression unit 21 that generates a plurality of compressed data by lossless compression of each of the plurality of divided data, and a plurality of encryption target data. And a data encryption unit 22 that encrypts the data using a multi-dimensional data encryption algorithm that encrypts multi-dimensional data each of which is an element.
  • the data control unit 15 transmits a plurality of encrypted data to the backup server 3.
  • the plurality of compressed data are given to the data encryption unit 22 as elements of the multi-dimensional data.
  • the data encryption unit 22 generates a plurality of encrypted data by encrypting the plurality of compressed data using the multi-dimensional data encryption algorithm. Further, as shown in FIG. 8, the data encryption unit 22 generates a period for generating one encrypted data among the plurality of encrypted data and other encrypted data other than the one encrypted data. The plurality of pieces of encrypted data are generated such that the periods for the same overlap each other. Further, as shown in FIG. 8, the data control unit 15 transmits the generated encrypted data to the backup server 3 each time the plurality of encrypted data is generated.
  • the data encryption unit 22 generates a plurality of encrypted data by sequentially encrypting a plurality of compressed data, as shown in FIG.
  • the data encryption unit 22 starts the generation of the plurality of pieces of encrypted data at a sequentially delayed timing so that the generation periods of the plurality of pieces of encryption data overlap each other between the pieces of encryption data in which the generation order is adjacent.
  • the plurality of encrypted data is generated.
  • the data control unit 15 performs the subsequent processing when the generation of the previous encryption data is completed between the encryption data whose generation orders are adjacent to each other in each of the plurality of encryption data.
  • the plurality of encrypted data are transmitted so that the previous encrypted data is transmitted to the backup server 3 without waiting for the end of generation of the encrypted data.
  • the computer program executed by the CPU reversibly compresses each of the plurality of divided data and a data division step which is a function as a data dividing unit 20 that generates a plurality of divided data, in the CPU included in the control device 11. And a data compression step that is a function as the data compression unit 21 that generates a plurality of compressed data, and a multi-dimensional data encryption algorithm that encrypts multi-dimensional data having each of the plurality of encryption target data as elements.
  • the computer program In the data encryption step, the computer program generates a plurality of encrypted data by encrypting the plurality of compressed data using the multi-dimensional data encryption algorithm, and among the plurality of encrypted data, Control processing for generating the plurality of encrypted data such that a period for generating one encrypted data and a period for generating other encrypted data other than the one encrypted data overlap each other.
  • the CPU of the apparatus 11 is configured to be executed.
  • the computer program causes the CPU of the control device 11 to execute a process of transmitting the generated encrypted data to the backup server 3 each time the plurality of encrypted data is generated. It is configured.
  • the computer program includes an instruction for executing the process of generating the plurality of encrypted data by encrypting the plurality of compressed data in the data encryption step for each of the plurality of compressed data.
  • the instructions are added to the computer program as instructions to be executed by the CPU when the computer program is compiled, for example.
  • the CPU of the control device 11 executes the plurality of compressed data in parallel according to the above instruction.
  • the encryption processing unit 16 generates the encrypted data 1 to 4 so that the periods Q1 to Q4 overlap each other as shown in FIG.
  • the instruction is configured to be executable in consideration of the processing capability of the CPU that executes the instruction. Nevertheless, the CPU of the control device 11 may interrupt and execute other processes that need to be executed during the process of generating the plurality of encrypted data by encrypting the plurality of compressed data. is there.
  • FIG. 9 shows another example of a time chart when the encryption processing unit 16 starts encryption and the data control unit 15 transmits encrypted data. 9, the difference from FIG. 8 is between a period P4 in which random number data used for encryption of the compressed data 4 is generated and a period Q4 in which the compressed data 4 is encrypted and the encrypted data 4 is generated. In addition, another process is interrupted and executed.
  • the control device 11 determines whether or not the own CPU has a resource capable of executing the other process while executing the process of generating the encrypted data. If it is determined that there is no resource that can execute both processes, the CPU of the control device 11 releases part of the resources used for the process of generating the encrypted data for other processes.
  • the CPU of the control device 11 maintains the process of generating the encrypted data 1, 2, and 3 and stops the process of generating the encrypted data 4.
  • the CPU of the control device 11 interrupts and executes other processing between the period P4 and the period Q4.
  • the CPU of the control device 11 When the CPU of the control device 11 finishes executing other processes, it starts a process of generating the encrypted data 4.
  • the CPU of the control device 11 starts the process of generating the encrypted data 4 during the period R3 (the period during which the encrypted data 3 is transmitted to the backup server 3). For this reason, the period Q4 does not overlap with the periods Q1, Q2, and Q3.
  • the instruction included in the computer program is configured to be executable in consideration of the processing capability of the CPU executing the instruction, and is exceptionally overlapped with other periods as in the period Q4. Even if a period in which no occurrence occurs, the other periods Q1, Q2, and Q3 overlap each other, and as a whole, it is possible to reduce the time required for the process of encrypting and transmitting data.
  • FIG. 9 shows a case where a period Q4 that does not overlap with the periods Q1, Q2, and Q3 for generating other encrypted data appears in order to execute other processes.
  • the data encryption unit 22) may generate four pieces of encrypted data such that at least any two of the periods Q1 to Q4 for generating a plurality of pieces of encrypted data overlap each other.
  • the encryption processing unit 16 generates four pieces of encrypted data so that the period Q1 and the period Q2 overlap each other, the period Q3 does not overlap another period, and the period Q4 also does not overlap another period. May be.
  • the encryption processing unit 16 generates four encrypted data so that the period Q2 and the period Q3 overlap each other, the period Q1 does not overlap with other periods, and the period Q4 also does not overlap with other periods. May be.
  • FIG. 10 is a block diagram illustrating a configuration of the data encryption unit 22 according to another embodiment.
  • the present embodiment is different from the above embodiment in that the data encryption unit 22 includes a storage unit 22c that stores random number data generated by the encryption random number generation unit 22b.
  • the encryption processing unit 16 causes the encryption random number generation unit 22b to generate a plurality of random number data used for encryption.
  • the encryption random number generator 22b generates a required number of random number data.
  • the encryption random number generator 22b When the number of compressed data (divided data) is recognized, the encryption random number generator 22b generates a required number of random data according to the number of compressed data.
  • the encryption random number generator 22b When the number of compressed data (divided data), which is the required number of random data, is not recognized, the encryption random number generator 22b generates the required number of random data according to the size of user data and the like.
  • the encryption random number generation unit 22b generates a required number of random number data while the data dividing unit 20 and the data compressing unit 21 execute division and compression of user data.
  • the random number data generated by the encryption random number generation unit 22b is given to the storage unit 22c.
  • the storage unit 22c stores the required number of random number data given from the encryption random number generation unit 22b.
  • the data encryption unit 22 encrypts the compressed data using the required number of random number data stored in the storage unit 22c.
  • the random number data stored in the storage unit 22 c and the compressed data from the data compression unit 21 are given to the encryption calculation unit 22 a of the data encryption unit 22.
  • the random number data is output from the storage unit 22c according to the order in which it is generated, and is provided to the encryption operation unit 22a.
  • the encryption operation unit 22a generates encryption data by performing an encryption operation using the compressed data provided from the data compression unit 21 and the random number data provided from the storage unit 22c.
  • the encryption operation unit 22a sequentially generates a plurality of encryption data every time random number data is given from the storage unit 22c.
  • FIG. 11 is a diagram illustrating an example of a time chart showing a period for generating a plurality of encrypted data and a period for transmitting a plurality of encrypted data according to another embodiment.
  • the random number data used for encryption by the encryption operation unit 22a of the encryption processing unit 16 is generated while the data dividing unit 20 and the data compressing unit 21 execute division and compression of user data, It is stored in the storage unit 22c. Therefore, the encryption processing unit 16 does not need a period for generating random number data when generating each of the encrypted data 1 to 4.
  • the periods t1 to t4 existing before the periods Q1 to Q4 for generating the encryption data are periods necessary for the random number data from the storage unit 22c to be given to the encryption operation unit 22a.
  • the periods P1 to P4 for generating random number data shown in FIG. 8 are the period necessary for the random number data to be given from the encryption random number generator 22b to the encryption calculator 22a, and the encryption random number generator. 22b includes a period for actually generating random number data. Therefore, the periods t1 to t4 do not include a period during which the encryption random number generator 22b actually generates random number data, and are shorter than the periods P1 to P4 in FIG.
  • the encrypted data 1 to 4 are generated using the random number data stored in the storage unit 22c. Therefore, when the encrypted data 1 to 4 are generated, the period for generating the random number data Do not need. As a result, the time required for the process of encrypting and transmitting data can be further shortened.
  • the data encryption part 22 of the said embodiment may be provided with several encryption calculating part 22a, 22d, 22e, 22f as shown in FIG.
  • the random number data output from the storage unit 22c is given to the encryption calculation units 22a, 22d, 22e, and 22f.
  • compressed data is given from the data compression unit 21 to the encryption calculation units 22a, 22d, 22e, and 22f.
  • Each of the encryption operation units 22a, 22d, 22e, and 22f performs the encryption operation using the compressed data provided from the data compression unit 21 and the random number data provided from the storage unit 22c, whereby encrypted data 1 to 4 is obtained. Is generated. As described above, in the present embodiment, four encryption calculation units 22a, 22d, 22e, and 22f are provided for the four encryption data 1 to 4.
  • FIG. 13 is an example of a time chart showing a period for generating a plurality of pieces of encrypted data and a period for transmitting a plurality of pieces of encrypted data according to a modification of the embodiment.
  • the data encryption unit 22 since the data encryption unit 22 includes four encryption operation units 22a, 22d, 22e, and 22f, the encryption operation can be executed in parallel.
  • the random number data and the compressed data are given so as to have almost the same timing among the respective encryption operation units 22a, 22d, 22e, and 22f, as shown in FIG.
  • the end timing is almost the same.
  • the start timing and end timing of each of the periods Q1 to Q4 are substantially the same.
  • the start and end timings of the periods R1 to R4 are also substantially the same.
  • the data encryption unit 22 since the data encryption unit 22 includes the four encryption operation units 22a, 22d, 22e, and 22f, the encryption operation can be executed in parallel, and the data is The time required for the process of encrypting and transmitting can be further shortened.
  • the data processing device can also be regarded as having the following configuration. That is, a data processing device according to an embodiment is a data processing device that compresses and encrypts data and transmits the data to another device, and divides the data to generate a plurality of divided data; A data compression unit that generates a plurality of compressed data by reversibly compressing each of the plurality of divided data, and encryption by encrypting the plurality of compressed data as multidimensional data using a multidimensional data encryption algorithm A data encryption unit that generates data, and when one encrypted data among the plurality of encrypted data is generated, the one encrypted data is transmitted to the other device without waiting for generation of the other encrypted data. A transmission control unit.
  • the data dividing unit divides the data to generate a plurality of divided data
  • the data compression unit generates a plurality of compressed data by reversibly compressing each of the plurality of divided data.
  • the compression time can be shortened as compared with the configuration in which the data compression unit compresses the data before the division, so that the time required for the data encryption process can be shortened.
  • the data encryption unit encrypts the plurality of compressed data as multidimensional data.
  • the data encryption part can employ
  • the transmission control unit transmits one encrypted data to another device without waiting for the generation of the other encrypted data when one encrypted data is generated among the plurality of encrypted data, the plurality of encrypted data You can send without waiting for everything to be generated. For this reason, the waiting time for encryption can be compressed compared with the case where transmission is performed after waiting for all of the plurality of divided data to be transmitted to be encrypted. The time required can be shortened. As described above, according to this configuration, it is possible to reduce the time required for the process of encrypting and transmitting data.
  • the data encryption unit includes a random number data generation unit that generates a plurality of random number data used for encryption of each of the plurality of compressed data, and the random number data generation unit includes the plurality of random number data.
  • the next random number data is generated based on the one random number data, and the data encryption unit sequentially generates the plurality of encrypted data every time the random number data generation unit generates the random number data. It is preferable. In this case, every time random number data is generated, encrypted data is sequentially generated. Therefore, the transmission control unit sequentially transmits to another apparatus every time one piece of encrypted data is generated among the plurality of pieces of encrypted data. As a result, the time required for the transmission process can be effectively shortened.
  • a data transmission method is a data transmission method for compressing and encrypting data and transmitting the data to another device, the data dividing step of dividing the data to generate a plurality of divided data, A data compression step for generating a plurality of compressed data by reversibly compressing each of the plurality of divided data, and encryption by encrypting the plurality of compressed data as multidimensional data using a multidimensional data encryption algorithm A data encryption step for generating data; and when one encrypted data among the plurality of encrypted data is generated, the one encrypted data is transmitted to the other device without waiting for generation of the other encrypted data.
  • a transmission control step is a data transmission method for compressing and encrypting data and transmitting the data to another device, the data dividing step of dividing the data to generate a plurality of divided data, A data compression step for generating a plurality of compressed data by reversibly compressing each of the plurality of divided data, and encryption by encrypting the plurality of compressed data as multidimensional data using a multidimensional data encryption algorithm
  • a computer program is a computer program for causing a computer to execute a data transmission process of compressing and encrypting data and transmitting the data to another device.
  • the computer program divides the data into a plurality of data.
  • a data encryption step for generating encrypted data by encrypting using an algorithm, and when one encrypted data among the plurality of encrypted data is generated, the one of the encrypted data is not waited for to be generated.
  • a transmission control step of transmitting encrypted data to the other device Is a computer program.
  • the data server is a data server that compresses and encrypts data and transmits the data to a backup server, and divides the data to generate a plurality of divided data, and the plurality of data
  • a data compression unit for generating a plurality of compressed data by reversibly compressing each of the divided data, and generating the encrypted data by encrypting the plurality of compressed data as a plurality of data using a multidimensional data encryption algorithm
  • a transmission control unit that transmits the one encrypted data to the other device without waiting for the generation of the other encrypted data when one of the plurality of encrypted data is generated. And.
  • the data transmission method the computer program, and the data server configured as described above, it is possible to reduce the time required for processing to compress and transmit data.

Abstract

A data server 1 according to the present invention is provided with a data division unit 20 for dividing user data given from a terminal 2 and generating a plurality of divided data, a data compression unit 21 for reversibly compressing each of the plurality of divided data and thereby generating a plurality of compressed data, a data encryption unit 22 for encrypting the plurality of compressed data as two- or higher-dimensional data using a two- or higher-dimensional data encryption algorithm and thereby generating encrypted data, and a data control unit 15 for transmitting the plurality of encrypted data to a backup server 3. The data encryption unit 22 generates the plurality of encrypted data so that a period for generating one piece of encrypted data and a period for generating encrypted data other than the one piece of encrypted data overlap each other. The data control unit 15 transmits generated encrypted data to the backup server 3 every time each of the plurality of encrypted data is generated.

Description

データ処理装置、データ送信方法、及びコンピュータプログラムData processing apparatus, data transmission method, and computer program
 本発明は、データ処理装置、データ送信方法、及びコンピュータプログラムに関する。 The present invention relates to a data processing device, a data transmission method, and a computer program.
 従来、データを暗号化してストレージ(記憶装置)に記憶する技術が提案されている(例えば特許文献1参照)。また、データをストレージに保存する際、データを圧縮することが一般的に行われている。そして、これらの技術を組み合わせて、データに対して圧縮と暗号化とを別々のプロセスで行うことが一般的に行われている。 Conventionally, a technique for encrypting data and storing it in a storage (storage device) has been proposed (see, for example, Patent Document 1). In addition, when data is stored in a storage, the data is generally compressed. And combining these techniques, it is generally performed that data is compressed and encrypted in separate processes.
特許第4219629号Japanese Patent No. 4219629
 しかしながら、データに対して圧縮と暗号化とを別々のプロセスで行う場合、データが大きくなると圧縮及び暗号化に要する時間が増加してしまう。
 さらに、圧縮及び暗号化を行ったデータを、例えば、外部のバックアップサーバに記憶させるために当該バックアップサーバに送信する場合、データに対する圧縮及び暗号化が完了するまで送信することができないので、これら処理が完了するまで送信を待たなければならず、無駄な待ち時間が生じることがあった。 However, when data is compressed and encrypted by separate processes, the time required for compression and encryption increases as the data increases.
Furthermore, when the compressed and encrypted data is transmitted to the backup server for storage in an external backup server, for example, the data cannot be transmitted until the data is compressed and encrypted. Therefore, it is necessary to wait for the transmission until it is completed.
 本発明はこのような事情に鑑みてなされたものであり、データを暗号化し送信する処理に要する時間の短縮を図ることができるデータ処理装置、データ送信方法、及びコンピュータプログラムを提供することを目的とする。 The present invention has been made in view of such circumstances, and an object of the present invention is to provide a data processing apparatus, a data transmission method, and a computer program capable of reducing the time required for processing to encrypt and transmit data. And
 一実施形態に係るデータ処理装置は、データを圧縮及び暗号化し他の装置に送信するデータ処理装置であって、前記データを分割して、複数の分割データを生成するデータ分割部と、前記複数の分割データそれぞれを可逆圧縮することにより複数の圧縮データを生成するデータ圧縮部と、複数の暗号対象データそれぞれを要素とする複数次元データを暗号化する複数次元データ暗号化アルゴリズムを用いて暗号化するデータ暗号化部と、前記複数の暗号データを前記他の装置に送信する送信制御部と、を備え、前記データ暗号化部は、前記複数の圧縮データが、前記複数次元データの要素として与えられ、前記複数の圧縮データを、前記複数次元データ暗号化アルゴリズムを用いて暗号化することにより複数の暗号データを生成するとともに、前記複数の暗号データの内、一の暗号データを生成するための期間と、前記一の暗号データ以外の他の暗号データを生成するための期間とが、互いに重複するように、前記複数の暗号データを生成し、前記送信制御部は、前記複数の暗号データそれぞれが生成されるごとに、生成された暗号データを前記他の装置に送信する。 A data processing device according to an embodiment is a data processing device that compresses and encrypts data and transmits the data to another device, the data dividing unit configured to divide the data and generate a plurality of divided data; Encrypted using a data compression unit that generates multiple compressed data by reversibly compressing each of the divided data, and a multidimensional data encryption algorithm that encrypts multidimensional data with each of multiple encryption target data as elements A data encryption unit that transmits the plurality of encrypted data to the other device, and the data encryption unit provides the plurality of compressed data as elements of the multidimensional data. And generating a plurality of encrypted data by encrypting the plurality of compressed data using the multi-dimensional data encryption algorithm. The plurality of pieces of the plurality of pieces of encrypted data are set such that a period for generating one piece of encrypted data and a period for producing pieces of encrypted data other than the one piece of encrypted data overlap each other. The encrypted data is generated, and the transmission control unit transmits the generated encrypted data to the other device every time the plurality of encrypted data is generated.
 上記構成のデータ処理装置によれば、少なくとも一の暗号データと他の暗号データとについては、生成するための期間が重複しているので、一の暗号データと他の暗号データとを逐次暗号化する場合と比較して、暗号化に要する時間を短縮することができる。
 さらに、送信制御部は、複数の暗号データそれぞれが生成されるごとに、生成された暗号データを他の装置に送信するので、複数の暗号データ全部が生成されるのを待つことなく送信することができる。このため、送信すべきデータである複数の分割データが全て暗号化されるのを待って送信する場合と比較して、暗号化のための待ち時間を圧縮することができ、データの送信処理に要する時間を短縮することができる。
 以上のように、本構成によれば、データを暗号化し送信する処理に要する時間の短縮を図ることができる。 According to the data processing apparatus having the above-described configuration, the period for generating at least one encrypted data and another encrypted data overlaps, so that one encrypted data and the other encrypted data are sequentially encrypted. The time required for encryption can be shortened as compared with the case of doing so.
Furthermore, since each time a plurality of pieces of encrypted data are generated, the transmission control unit transmits the generated encrypted data to another device, so that transmission is not performed until all of the plurality of pieces of encrypted data are generated. Can do. For this reason, the waiting time for encryption can be compressed compared with the case where transmission is performed after waiting for all of the plurality of divided data to be transmitted to be encrypted. The time required can be shortened.
As described above, according to this configuration, it is possible to reduce the time required for the process of encrypting and transmitting data.
 上記データ処理装置において、前記データ暗号化部は、前記複数の圧縮データを、順次暗号化することにより複数の暗号データを生成するとともに、前記複数の暗号データの生成を順次遅れたタイミングで開始させ、前記複数の暗号データそれぞれの生成の期間が、生成される順番が隣り合う暗号データ間において互いに重複するように、前記複数の暗号データを生成し、前記送信制御部は、前記複数の暗号データのそれぞれにおいて、生成される順番が隣り合って前後する暗号データ間で、前の暗号データの生成が終了すると後の暗号データの生成の終了を待たずに前記前の暗号データが前記他の装置に送信されるように、前記複数の暗号データの送信をするように構成してもよい。 In the data processing device, the data encryption unit generates a plurality of encrypted data by sequentially encrypting the plurality of compressed data, and starts generation of the plurality of encrypted data at a sequentially delayed timing. Generating the plurality of encrypted data such that the generation periods of the plurality of encrypted data overlap each other between adjacent encrypted data, and the transmission control unit generates the plurality of encrypted data. In each of the above, when the generation of the previous cipher data is completed between the cipher data whose generation order is adjacent to each other, the previous cipher data is transferred to the other device without waiting for the end of the generation of the subsequent cipher data. The plurality of encrypted data may be transmitted so as to be transmitted to each other.
 上記データ処理装置において、前記データ暗号化部は、前記複数の圧縮データそれぞれの暗号化に用いる複数の乱数データを生成する乱数データ生成部を備え、前記乱数データ生成部は、複数の前記乱数データの内、一の前記乱数データに基づいて次の前記乱数データを生成し、前記データ暗号化部は、前記乱数データ生成部が前記乱数データを生成するごとに前記複数の暗号データを順次生成し、前記後の暗号データの生成を開始するタイミングは、前記前の暗号データの生成を開始するタイミングから、前記乱数データを生成するために必要な期間をおいたタイミングとされていてもよい。 In the data processing device, the data encryption unit includes a random number data generation unit that generates a plurality of random number data used for encryption of each of the plurality of compressed data, and the random number data generation unit includes the plurality of random number data. The next random number data is generated based on one random number data, and the data encryption unit sequentially generates the plurality of encrypted data each time the random number data generation unit generates the random number data. The timing of starting the generation of the subsequent encrypted data may be set to a timing after a period necessary for generating the random number data from the timing of starting the generation of the previous encrypted data.
 上記データ処理装置において、前記データ暗号化部は、前記複数の圧縮データを、順次暗号化することにより複数の暗号データを生成するとともに、前記複数の暗号データの生成を順次遅れたタイミングで開始させ、前記複数の暗号データの内、最初に生成される暗号データを生成する期間の間に、最後に生成される暗号データの生成を開始するように、前記複数の暗号データを生成するように構成してもよい。
 この場合、複数の暗号データを生成する期間それぞれが互いに重複する。この結果、データを暗号化し送信する処理に要する時間をより短縮することができる。 In the data processing device, the data encryption unit generates a plurality of encrypted data by sequentially encrypting the plurality of compressed data, and starts generation of the plurality of encrypted data at a sequentially delayed timing. The plurality of encrypted data is generated so as to start generation of the last generated encrypted data during a period of generating the first generated encrypted data among the plurality of encrypted data. May be.
In this case, the periods for generating the plurality of encrypted data overlap each other. As a result, the time required for the process of encrypting and transmitting data can be further shortened.
 上記データ処理装置において、前記データ暗号化部は、前記複数の圧縮データそれぞれの暗号化に用いる複数の乱数データを生成する乱数データ生成部と、前記乱数データ生成部が生成した前記複数の乱数データを記憶する記憶部と、を備え、前記データ暗号化部は、前記記憶部に記憶された前記複数の乱数データを用いて前記複数の暗号データを生成してもよい。
 この場合、複数の暗号データを生成する際に、乱数データを生成する期間を必要としない。この結果、データを暗号化し送信する処理に要する時間をより短縮することができる。 In the data processing apparatus, the data encryption unit includes a random number data generation unit that generates a plurality of random number data used for encryption of each of the plurality of compressed data, and the plurality of random number data generated by the random number data generation unit. And the data encryption unit may generate the plurality of encrypted data using the plurality of random number data stored in the storage unit.
In this case, a period for generating random number data is not required when generating a plurality of encrypted data. As a result, the time required for the process of encrypting and transmitting data can be further shortened.
 また、一実施形態に係るデータ処理装置は、データを圧縮及び暗号化し他の装置に送信するデータ処理装置であって、前記データを分割して、複数の分割データを生成するデータ分割部と、前記複数の分割データそれぞれを可逆圧縮することにより複数の圧縮データを生成するデータ圧縮部と、前記複数の圧縮データを、複数次元データとして複数次元データ暗号化アルゴリズムを用いて暗号化することにより複数の暗号データを生成するデータ暗号化部と、前記複数の暗号データの内、一の暗号データが生成されると他の暗号データの生成を待たずに前記一の暗号データを前記他の装置に送信する送信制御部と、を備えている。 A data processing device according to an embodiment is a data processing device that compresses and encrypts data and transmits the data to another device, and divides the data to generate a plurality of divided data, A data compression unit that generates a plurality of compressed data by reversibly compressing each of the plurality of divided data, and a plurality of the plurality of compressed data by encrypting the plurality of compressed data as a plurality of data using a multidimensional data encryption algorithm. A data encryption unit for generating the encrypted data, and when one of the plurality of encrypted data is generated, the one encrypted data is transferred to the other device without waiting for generation of the other encrypted data. A transmission control unit for transmission.
 また、一実施形態に係るデータ送信方法は、データを圧縮及び暗号化し他の装置に送信するデータ送信方法であって、前記データを分割して、複数の分割データを生成するデータ分割ステップと、前記複数の分割データそれぞれを可逆圧縮することにより複数の圧縮データを生成するデータ圧縮ステップと、複数の暗号対象データそれぞれを要素とする複数次元データを暗号化する複数次元データ暗号化アルゴリズムを用いて暗号化するデータ暗号化ステップと、前記複数の暗号データを前記他の装置に送信する送信制御ステップと、を含み、前記データ暗号化ステップは、前記複数次元データの要素として与えられる、前記複数の圧縮データを、前記複数次元データ暗号化アルゴリズムを用いて暗号化することにより複数の暗号データを生成するとともに、前記複数の暗号データの内、一の暗号データを生成するための期間と、前記一の暗号データ以外の他の暗号データを生成するための期間とが、互いに重複するように、前記複数の暗号データを生成し、前記送信制御ステップは、前記複数の暗号データそれぞれが生成されるごとに、生成された暗号データを前記他の装置に送信する。 A data transmission method according to an embodiment is a data transmission method for compressing and encrypting data and transmitting the data to another device, the data dividing step of dividing the data to generate a plurality of divided data, Using a data compression step for generating a plurality of compressed data by reversibly compressing each of the plurality of divided data, and a multi-dimensional data encryption algorithm for encrypting multi-dimensional data having each of the plurality of encryption target data as elements A data encryption step for encrypting, and a transmission control step for transmitting the plurality of encrypted data to the other device, wherein the data encryption step is provided as an element of the multi-dimensional data. A plurality of encrypted data is encrypted by encrypting the compressed data using the multi-dimensional data encryption algorithm. And a period for generating one encrypted data among the plurality of encrypted data and a period for generating other encrypted data other than the one encrypted data overlap each other, The plurality of encrypted data is generated, and the transmission control step transmits the generated encrypted data to the other device each time the plurality of encrypted data is generated.
 また、一実施形態に係るコンピュータプログラムは、データを圧縮及び暗号化し他の装置に送信するデータ送信処理をコンピュータに実行させるためのコンピュータプログラムであって、コンピュータに前記データを分割して、複数の分割データを生成するデータ分割ステップと、前記複数の分割データそれぞれを可逆圧縮することにより複数の圧縮データを生成するデータ圧縮ステップと、複数の暗号対象データそれぞれを要素とする複数次元データを暗号化する複数次元データ暗号化アルゴリズムを用いて暗号化するデータ暗号化ステップと、前記複数の暗号データを前記他の装置に送信する送信制御ステップと、を実行させるためのコンピュータプログラムであり、前記データ暗号化ステップは、前記複数次元データの要素として与えられる、前記複数の圧縮データを、前記複数次元データ暗号化アルゴリズムを用いて暗号化することにより複数の暗号データを生成するとともに、前記複数の暗号データの内、一の暗号データを生成するための期間と、前記一の暗号データ以外の他の暗号データを生成するための期間とが、互いに重複するように、前記複数の暗号データを生成し、前記送信制御ステップは、前記複数の暗号データそれぞれが生成されるごとに、生成された暗号データを前記他の装置に送信するコンピュータプログラムである。 A computer program according to an embodiment is a computer program for causing a computer to execute a data transmission process of compressing and encrypting data and transmitting the data to another device. The computer program divides the data into a plurality of data. A data division step for generating divided data, a data compression step for generating a plurality of compressed data by reversibly compressing each of the plurality of divided data, and multi-dimensional data having each of a plurality of encryption target data as elements A data encryption step for encrypting using a multi-dimensional data encryption algorithm, and a transmission control step for transmitting the plurality of encrypted data to the other device. The converting step is given as an element of the multi-dimensional data. And generating a plurality of encrypted data by encrypting the plurality of compressed data using the multi-dimensional data encryption algorithm, and generating one encrypted data among the plurality of encrypted data The plurality of encrypted data is generated such that a period and a period for generating other encrypted data other than the one encrypted data overlap each other, and the transmission control step includes: Is a computer program that transmits the generated encrypted data to the other device each time.
 上記コンピュータプログラムにおいて、前記データ暗号化ステップにおいて前記複数の圧縮データを暗号化して複数の暗号データを生成する処理を、前記複数の圧縮データごとに並列実行させるための命令をさらに含む。 The computer program further includes an instruction for executing the process of encrypting the plurality of compressed data and generating the plurality of encrypted data in the data encryption step for each of the plurality of compressed data.
 本発明によれば、データを圧縮し送信する処理に要する時間の短縮を図ることができる。 According to the present invention, it is possible to reduce the time required for processing to compress and transmit data.
データ管理システムの概略構成図である。It is a schematic block diagram of a data management system. 暗号化処理部の構成を示すブロック図である。It is a block diagram which shows the structure of an encryption process part. データ暗号化部、及びデータ復号部のブロック図である。It is a block diagram of a data encryption part and a data decryption part. 暗号化用乱数発生部の構成を示すブロック図である。It is a block diagram which shows the structure of the random number generation part for encryption. 本実施形態に係るデータ管理システムにおけるデータサーバと端末との間におけるユーザデータの授受に関する処理を示すシーケンス図である。It is a sequence diagram which shows the process regarding transmission / reception of the user data between the data server and terminal in the data management system which concerns on this embodiment. (a)は、本実施形態に係るデータ圧縮・暗号化処理の概念図、(b)は、本実施形態に係るデータ復元処理の概念図である。(A) is a conceptual diagram of the data compression / encryption processing according to the present embodiment, and (b) is a conceptual diagram of the data restoration processing according to the present embodiment. データサーバが行うバックアップ処理を示すシーケンス図である。It is a sequence diagram which shows the backup process which a data server performs. 暗号化処理部が暗号化を開始し、データ制御部が暗号データを送信する際のタイムチャートである。It is a time chart when an encryption process part starts encryption and a data control part transmits encryption data. 暗号化処理部が暗号化を開始し、データ制御部が暗号データを送信する際のタイムチャートの他の例を示す図である。It is a figure which shows the other example of the time chart when an encryption process part starts encryption and a data control part transmits encryption data. 他の実施形態に係るデータ暗号化部の構成を示すブロック図である。It is a block diagram which shows the structure of the data encryption part which concerns on other embodiment. 他の実施形態に係る、複数の暗号データを生成する期間、及び複数の暗号データを送信する期間を示したタイムチャートの一例を示す図である。It is a figure which shows an example of the time chart which showed the period which produces | generates several encryption data based on other embodiment, and the period which transmits several encryption data. 他の実施形態の変形例に係るデータ暗号化部の構成を示すブロック図である。It is a block diagram which shows the structure of the data encryption part which concerns on the modification of other embodiment. 他の実施形態の変形例に係る、複数の暗号データを生成する期間、及び複数の暗号データを送信する期間を示したタイムチャートの一例を示す図である。It is a figure which shows an example of the time chart which showed the period which produces | generates several encryption data, and the period which transmits several encryption data based on the modification of other embodiment.
 以下、好ましい実施形態について図面を参照しつつ説明する。
 なお、以下に記載する各実施形態の少なくとも一部を任意に組み合わせてもよい。 Hereinafter, preferred embodiments will be described with reference to the drawings.
Note that at least a part of each embodiment described below may be arbitrarily combined.
〔構成について〕
 図1は、データ管理システムの概略構成図である。
 データ管理システムは、データサーバ1と、複数の端末2と、バックアップ用サーバ3とを備えている。
  データサーバ1は、LAN(Local Area Network)や、インターネット4を介して複数の端末2との間で互いに通信可能に接続されている。また、データサーバ1は、インターネット4を介してバックアップ用サーバ3との間で互いに通信可能に接続されている。 [About configuration]
FIG. 1 is a schematic configuration diagram of a data management system.
The data management system includes a data server 1, a plurality of terminals 2, and a backup server 3.
The data server 1 is communicably connected to a plurality of terminals 2 via a LAN (Local Area Network) or the Internet 4. The data server 1 is connected to the backup server 3 via the Internet 4 so as to be communicable with each other.
 このデータ管理システムでは、データサーバ1が複数の端末2の少なくとも1つからデータ蓄積要求を受け付けると、当該データサーバ1は、データ蓄積要求を送信した端末2から送信されるユーザデータを受け付けて蓄積する。一方、データサーバ1が複数の端末2の少なくとも1つからデータ引出し要求を受け付けると、データサーバ1は、自らが蓄積するユーザデータを、データ引出し要求を送信した端末2に向けて送信する。 In this data management system, when the data server 1 accepts a data accumulation request from at least one of the plurality of terminals 2, the data server 1 accepts and accumulates user data transmitted from the terminal 2 that has transmitted the data accumulation request. To do. On the other hand, when the data server 1 accepts a data withdrawal request from at least one of the plurality of terminals 2, the data server 1 transmits user data stored therein to the terminal 2 that has transmitted the data withdrawal request.
 また、データサーバ1は、端末2から送信されるユーザデータを受け付けて蓄積する際、ユーザデータをバックアップ用サーバ3に送信し、バックアップ用サーバ3にバックアップデータとして記憶し蓄積させる機能も有している。
 つまり、データサーバ1はメインのデータセンターとしての機能を有しており、バックアップ用サーバ3は、データバックアップ用のデータセンターとしての機能を有している。 The data server 1 also has a function of transmitting user data to the backup server 3 when receiving and storing user data transmitted from the terminal 2, and storing and storing the user data as backup data in the backup server 3. Yes.
That is, the data server 1 has a function as a main data center, and the backup server 3 has a function as a data backup data center.
 端末2は、例えば、CPU(図示せず)やメモリ等の記憶装置(図示せず)を備えたパーソナルコンピュータ等の情報処理装置によって構成されており、当該端末2が記憶しているユーザデータをデータサーバ1に蓄積することを要求するための蓄積要求をデータサーバ1に送信する機能や、蓄積すべきユーザデータをデータサーバ1に送信する機能、蓄積されたユーザデータをデータサーバ1から引き出すためのデータ引出し要求をデータサーバ1に送信する機能、データ引出し要求に応じてデータサーバ1から送信されるユーザデータを受け付ける機能を有している。 The terminal 2 is constituted by an information processing apparatus such as a personal computer provided with a storage device (not shown) such as a CPU (not shown) or a memory, for example, and user data stored in the terminal 2 is stored. A function for transmitting a storage request for requesting storage to the data server 1 to the data server 1, a function for transmitting user data to be stored to the data server 1, and for extracting stored user data from the data server 1 The function of transmitting the data withdrawal request to the data server 1 and the function of accepting user data transmitted from the data server 1 in response to the data withdrawal request.
 バックアップ用サーバ3は、例えば、CPU(図示せず)やメモリ、ハードディスク等の記憶装置(図示せず)を備えたワークステーションやパーソナルコンピュータ等の情報処理装置によって構成されており、データサーバ1がバックアップのために送信するデータを受け付けて記憶する機能を有している。
 また、バックアップ用サーバ3は、記憶し蓄積しているデータをデータサーバ1からの要求に応じて当該データサーバ1に送信する機能も有している。 The backup server 3 is constituted by an information processing device such as a workstation or a personal computer provided with a storage device (not shown) such as a CPU (not shown), a memory, and a hard disk, for example. It has a function of receiving and storing data to be transmitted for backup.
The backup server 3 also has a function of transmitting stored and accumulated data to the data server 1 in response to a request from the data server 1.
 図1に示すように、データサーバ1は、データ処理装置としての制御装置11と、記憶装置12と、通信装置13とを備えている。
 記憶装置12は、端末2から送信されるデータを記憶する機能を有しており、例えばハードディスク等の外部記憶装置から構成される。
 通信装置13は、端末2やバックアップ用サーバ3との間で通信接続するための機能を有しており、例えばLANインターフェース等から構成される。 As shown in FIG. 1, the data server 1 includes a control device 11 as a data processing device, a storage device 12, and a communication device 13.
The storage device 12 has a function of storing data transmitted from the terminal 2, and is composed of an external storage device such as a hard disk.
The communication device 13 has a function for communication connection with the terminal 2 and the backup server 3, and is configured by a LAN interface, for example.
 制御装置11は、端末2から送信されて与えられるユーザデータを記憶装置12へ格納して蓄積したり、端末2から送信されたデータをバックアップ用サーバ3に送信する処理を行う。
 制御装置11は、例えばパーソナルコンピュータによって構成されており、CPU(図示せず)とメモリ(図示せず)とを有する。制御装置11の各種機能は、CPUがメモリに読み出された所定のコンピュータプログラムを実行することにより実現されている。なお、制御装置11は、その少なくとも一部がFPGA(Field Programmable Gate Array)等の集積回路から構成されていてもよい。 The control device 11 stores user data transmitted and given from the terminal 2 in the storage device 12 and accumulates it, or transmits data transmitted from the terminal 2 to the backup server 3.
The control device 11 is constituted by a personal computer, for example, and has a CPU (not shown) and a memory (not shown). Various functions of the control device 11 are realized by the CPU executing predetermined computer programs read into the memory. Note that at least a part of the control device 11 may be configured by an integrated circuit such as an FPGA (Field Programmable Gate Array).
 制御装置11は、データ制御部15と、暗号化処理部16とを機能的に備えている。暗号化処理部16は、端末2から与えられるユーザデータを分割し、分割した分割データを圧縮し、暗号化する処理(データ圧縮・暗号化処理)を行う機能を有している。また、暗号化処理部16は、当該暗号化処理部16が分割して圧縮暗号化した暗号データを復号、展開し、結合して元のユーザデータを復元する処理(データ復元処理)を行う機能も有している。 The control device 11 functionally includes a data control unit 15 and an encryption processing unit 16. The encryption processing unit 16 has a function of dividing user data given from the terminal 2, compressing the divided divided data, and performing encryption processing (data compression / encryption processing). The encryption processing unit 16 has a function of performing processing (data recovery processing) for decrypting and expanding the encrypted data that has been divided and compressed and encrypted by the encryption processing unit 16 and combining them to restore the original user data. Also have.
 データ制御部15は、端末2からの蓄積要求や引出し要求に応じて、端末2から与えられるユーザデータについて暗号化処理部16にデータ圧縮・暗号化処理を行わせ、暗号化された暗号データを記憶装置12に与えて蓄積させたり、記憶装置12に蓄積されている暗号データを読み出して暗号化処理部16にデータ復元処理を行わせ、復元したユーザデータを端末2に送信する機能を有している。
 また、データ制御部15は、暗号化処理部16が生成した暗号データをインターネット4を介してバックアップ用サーバ3に送信し、バックアップ用サーバ3に記憶し蓄積させるバックアップ処理を行う機能を有している。
 また、データ制御部15は、バックアップ用サーバ3に記憶し蓄積させた暗号データをバックアップ用サーバ3に送信させて引出し、記憶装置12に蓄積させたり、そのまま暗号化処理部16にデータ復元処理を行わせて端末2に送信する機能も有している。 The data control unit 15 causes the encryption processing unit 16 to perform data compression / encryption processing on the user data given from the terminal 2 in response to a storage request or withdrawal request from the terminal 2, and the encrypted encrypted data is The storage device 12 has a function of sending and storing the restored user data by reading the encrypted data stored in the storage device 12 and reading the encrypted data and causing the encryption processing unit 16 to perform data restoration processing. ing.
Further, the data control unit 15 has a function of performing backup processing in which the encrypted data generated by the encryption processing unit 16 is transmitted to the backup server 3 via the Internet 4 and stored and stored in the backup server 3. Yes.
Further, the data control unit 15 transmits the encrypted data stored and accumulated in the backup server 3 to the backup server 3 and retrieves it, stores it in the storage device 12, or performs the data restoration process in the encryption processing unit 16 as it is. It also has a function of performing the transmission to the terminal 2.
 このように、データ制御部15は、端末2やバックアップ用サーバ3との間におけるユーザデータや暗号データの授受に関する制御を行う。 As described above, the data control unit 15 performs control related to the exchange of user data and encrypted data with the terminal 2 and the backup server 3.
 図2は、暗号化処理部16の構成を示すブロック図である。
 暗号化処理部16は、データ制御部15から端末2のユーザデータが与えられると、当該ユーザデータに対して、分割、圧縮、暗号化を行い、複数の暗号データを生成する。
 また、暗号化処理部16は、データ制御部15から複数の暗号データが与えられると、当該暗号データに対して、復号、展開、結合を行って、元のユーザデータを生成する。
 暗号化処理部16は、生成した複数の暗号データ及びユーザデータをデータ制御部15に与える。 FIG. 2 is a block diagram illustrating a configuration of the encryption processing unit 16.
When the user data of the terminal 2 is given from the data control unit 15, the encryption processing unit 16 divides, compresses, and encrypts the user data to generate a plurality of encrypted data.
In addition, when a plurality of pieces of encrypted data are given from the data control unit 15, the encryption processing unit 16 decrypts, expands, and combines the encrypted data to generate original user data.
The encryption processing unit 16 gives the generated plurality of encrypted data and user data to the data control unit 15.
 暗号化処理部16は、データ分割部20と、データ圧縮部21と、データ暗号化部22と、データ復号部23と、データ展開部24と、データ結合部25とを備えている。また、暗号化処理部16は、更に、データ暗号化部22やデータ復号部23が使用する秘密鍵を保持する秘密鍵保持部26を備えている。 The encryption processing unit 16 includes a data division unit 20, a data compression unit 21, a data encryption unit 22, a data decryption unit 23, a data expansion unit 24, and a data combination unit 25. The encryption processing unit 16 further includes a secret key holding unit 26 that holds a secret key used by the data encryption unit 22 and the data decryption unit 23.
 データ分割部20は、データ制御部15からユーザデータが与えられると、当該ユーザデータを所定の長さに分割し、複数の分割データを生成する。データ分割部20は、ユーザデータを所定の長さの複数の分割データに分割すると、複数の分割データをデータ圧縮部21へ与える。 When the user data is given from the data control unit 15, the data dividing unit 20 divides the user data into a predetermined length and generates a plurality of divided data. When the data dividing unit 20 divides user data into a plurality of pieces of divided data having a predetermined length, the data dividing unit 20 gives the plurality of divided data to the data compression unit 21.
 データ圧縮部21は、データ分割部20から複数の分割データが与えられると、与えられた分割データそれぞれの圧縮を並列処理により行う。データ圧縮部21は、可逆圧縮アルゴリズムを利用してデータの圧縮を行う。具体的には、データ圧縮部21は、例えばLZ77(Lempel-Ziv)やLZSS(Lemple-Ziv-Storer-Szymanski)等の圧縮アルゴリズムを利用してデータの可逆圧縮処理を行う。
 そして、データ圧縮部21は、データを圧縮する処理により得られる圧縮データをデータ暗号化部22へ与える。 When a plurality of pieces of divided data are given from the data dividing unit 20, the data compressing unit 21 compresses each given divided data by parallel processing. The data compression unit 21 compresses data using a reversible compression algorithm. Specifically, the data compression unit 21 performs lossless compression processing of data using a compression algorithm such as LZ77 (Lempel-Ziv) or LZSS (Lemple-Ziv-Storer-Symanski).
Then, the data compression unit 21 gives the compressed data obtained by the process of compressing the data to the data encryption unit 22.
 データ暗号化部22は、データ圧縮部21から与えられる圧縮データに対して、複数次元データ暗号化アルゴリズムを利用した暗号化処理を施す。ここでは、データ暗号化部22は、複数の圧縮データを複数次元データとみなして暗号化処理を行う。そして、データ暗号化部22は、暗号化された圧縮データ(以下、「暗号データ」と称する。)をデータ制御部15に与える。 The data encryption unit 22 performs an encryption process using a multi-dimensional data encryption algorithm on the compressed data given from the data compression unit 21. Here, the data encryption unit 22 performs encryption processing by regarding a plurality of compressed data as multidimensional data. Then, the data encryption unit 22 gives the encrypted compressed data (hereinafter referred to as “encrypted data”) to the data control unit 15.
 一方、データ復号部23は、データ制御部15から一のユーザデータの暗号化によって得られた複数の暗号データが与えられると、これら複数の暗号データに対して、暗号化法を利用した復号処理を施す。そして、データ復号部23は、複数の暗号データに対して復号処理を施すことにより得られた圧縮データをデータ展開部24に与える。 On the other hand, when a plurality of encrypted data obtained by encrypting one user data is given from the data control unit 15, the data decrypting unit 23 performs a decryption process using an encryption method on the plurality of encrypted data. Apply. Then, the data decryption unit 23 provides the data decompression unit 24 with the compressed data obtained by performing decryption processing on the plurality of encrypted data.
 図3は、データ暗号化部22、及びデータ復号部23のブロック図である。 FIG. 3 is a block diagram of the data encryption unit 22 and the data decryption unit 23.
 データ暗号化部22は、暗号化演算部22aと、暗号化用乱数発生部22bとを備えている。
 暗号化用乱数発生部22bは、秘密鍵保持部26が保持する秘密鍵に基づいて、複数の圧縮データそれぞれの暗号化に使用する複数の乱数データを生成する。
 秘密鍵保持部26は、例えばN個(Nは自然数)の秘密鍵を保持している。
 暗号化用乱数発生部22bは、データ圧縮部21から圧縮データが与えられると、秘密鍵保持部26から秘密鍵を取得する。暗号化用乱数発生部22bは、N個の秘密鍵から暗号化用のN個以上のM個(Mは自然数)の範囲で必要数の乱数データを生成する。 The data encryption unit 22 includes an encryption operation unit 22a and an encryption random number generation unit 22b.
The encryption random number generation unit 22b generates a plurality of random number data used for encryption of each of the plurality of compressed data based on the secret key held by the secret key holding unit 26.
The secret key holding unit 26 holds, for example, N (N is a natural number) secret keys.
The encryption random number generation unit 22 b obtains a secret key from the secret key holding unit 26 when the compressed data is given from the data compression unit 21. The random number generator for encryption 22b generates the required number of random number data in the range of N or more M (M is a natural number) for encryption from the N secret keys.
 図4は、暗号化用乱数発生部22bの構成を示すブロック図である。
 図4中、暗号化用乱数発生部22bは、初期値生成部31と、第1記憶部32と、第2記憶部33と、第1計算部34と、第2計算部35と、出力部36とを備えている。 FIG. 4 is a block diagram showing a configuration of the encryption random number generator 22b.
4, the encryption random number generator 22b includes an initial value generator 31, a first storage 32, a second storage 33, a first calculator 34, a second calculator 35, and an output unit. 36.
 初期値生成部31は、秘密鍵か与えられると、第1ベクトルxの初期値及び第2ベクトルyの初期値を生成する。初期値生成部31は、初期値である第1ベクトルxを第1記憶部32に与えるとともに、初期値である第2ベクトルyを第2記憶部33に与える。第1記憶部32は、第1ベクトルxが与えられるとこれを記憶するとともに、第1計算部34に与える。
 第1計算部34は、第1ベクトルxが与えられると、当該第1ベクトルxに第1の有理ベクトル写像fを適用した第3ベクトルx’(=f(x))を求め、求めた第3ベクトルx’を出力部36と、第2計算部35とに与える。 The initial value generation unit 31 generates an initial value of the first vector x and an initial value of the second vector y when given a secret key. The initial value generation unit 31 provides the first vector x, which is an initial value, to the first storage unit 32 and also provides the second vector y, which is an initial value, to the second storage unit 33. When the first storage unit 32 is given the first vector x, the first storage unit 32 stores this and also gives it to the first calculation unit 34.
Given the first vector x, the first calculation unit 34 obtains a third vector x ′ (= f (x)) obtained by applying the first rational vector mapping f to the first vector x, The three vectors x ′ are given to the output unit 36 and the second calculation unit 35.
 また、第2記憶部33は、初期値生成部31から第2ベクトルyが与えられるとこれを記憶するとともに、第2計算部35に与える。
 第2計算部35は、第2ベクトルy及び第1計算部34から第3ベクトルx’が与えられると、これらに第2の有理ベクトル写像gを適用した第4ベクトルy’(=g(x’,y))を求め、求めた第4ベクトルy’を出力部36に与える。 In addition, when the second value y is given from the initial value generation unit 31, the second storage unit 33 stores this and also gives it to the second calculation unit 35.
When given the second vector y and the third vector x ′ from the first calculation unit 34, the second calculation unit 35 applies the second rational vector mapping g to the fourth vector y ′ (= g (x ', Y)) is obtained, and the obtained fourth vector y' is given to the output unit 36.
 出力部36は、第3ベクトルx’と、第4ベクトルy’とを結合したベクトルzを生成し、これを乱数データとして暗号化演算部22aに与える。 The output unit 36 generates a vector z obtained by combining the third vector x ′ and the fourth vector y ′, and supplies this to the encryption operation unit 22a as random number data.
 また、第1計算部34は、求めた第3ベクトルx’を第1更新部37に与える。第1更新部37は、第3ベクトルx’を第1ベクトルxとして第1記憶部32に与える。
 第1記憶部32は、第1更新部37から第1ベクトルxが与えられると、過去の第1ベクトルxを破棄して新たに与えられた第1ベクトルxを記憶する。次いで、第1記憶部32は、第1更新部37から与えられた第1ベクトルxを第1計算部34に与える。 In addition, the first calculation unit 34 gives the obtained third vector x ′ to the first update unit 37. The first update unit 37 gives the third vector x ′ to the first storage unit 32 as the first vector x.
When the first vector x is given from the first updating unit 37, the first storage unit 32 discards the past first vector x and stores the newly given first vector x. Next, the first storage unit 32 gives the first vector x given from the first update unit 37 to the first calculation unit 34.
 さらに、第2計算部35は、求めた第4ベクトルy’を第2更新部38に与える。第2更新部38は、第4ベクトルy’を第2ベクトルyとして第2記憶部33に与える。
 第2記憶部33は、第2更新部38から第2ベクトルyが与えられると、過去の第2ベクトルyを破棄して新たに与えられた第2ベクトルyを記憶する。次いで、第2記憶部33は、第2更新部38から与えられた第2ベクトルyを第2計算部35に与える。 Further, the second calculator 35 gives the obtained fourth vector y ′ to the second updater 38. The second update unit 38 gives the fourth vector y ′ to the second storage unit 33 as the second vector y.
When the second vector y is given from the second updating unit 38, the second storage unit 33 discards the past second vector y and stores the newly given second vector y. Next, the second storage unit 33 gives the second vector y given from the second update unit 38 to the second calculation unit 35.
 その後、第1計算部34及び第2計算部35は、第3ベクトルx’及び第4ベクトルy’を出力部36に与える。
 出力部36は、次のベクトルzを生成し、次の乱数データを暗号化演算部22aに与える。 Thereafter, the first calculation unit 34 and the second calculation unit 35 provide the third vector x ′ and the fourth vector y ′ to the output unit 36.
The output unit 36 generates the next vector z and gives the next random number data to the encryption operation unit 22a.
 なお、第1の有理ベクトル写像f及び第2の有理ベクトル写像gとしては、楕円関数の加法定理により導かれる有理写像を用いることができる。 Note that, as the first rational vector map f and the second rational vector map g, a rational map derived by the addition theorem of an elliptic function can be used.
 以上のように、暗号化用乱数発生部22bは、一の乱数データを得るために第1ベクトルx及び第2ベクトルyから演算された第3ベクトルx’及び第4ベクトルy’を、次の乱数データを求めるための計算に用いる第1ベクトルx及び第2ベクトルyとして更新しつつ、順次、必要数の乱数データを生成し、暗号化演算部22aに与える。 As described above, the encryption random number generator 22b uses the third vector x ′ and the fourth vector y ′ calculated from the first vector x and the second vector y to obtain one random number data, While updating as the first vector x and the second vector y used for the calculation for obtaining the random number data, the necessary number of random number data is sequentially generated and given to the encryption operation unit 22a.
 このように、暗号化用乱数発生部22bは、一の乱数データに基づいて次の乱数データを生成するので、一の乱数データを生成した後に、次の乱数データを生成する。
 暗号化用乱数発生部22bは、乱数データを生成するごとに生成した乱数データを暗号化演算部22aに与える。 Thus, since the random number generator for encryption 22b generates the next random number data based on the one random number data, the next random number data is generated after the one random number data is generated.
The random number generator 22b for encryption gives the random number data generated every time random number data is generated to the encryption calculator 22a.
 なお、暗号化用乱数発生部22bによる乱数データの生成については、特許第3030341号公報に記載されている。 The generation of random number data by the encryption random number generator 22b is described in Japanese Patent No. 3030341.
 図3に戻って、暗号化演算部22aは、データ圧縮部21から与えられる圧縮データと、暗号化用乱数発生部22bから与えられる乱数データとを用いて暗号化演算を行うことにより、暗号データを生成する。この暗号化演算部22aは、暗号化演算として、例えば、圧縮データと乱数データとの排他的論理和を計算する。なお、暗号化演算は、排他的論理和の計算に限定されるものではない。 Returning to FIG. 3, the encryption operation unit 22a performs the encryption operation using the compressed data given from the data compression unit 21 and the random number data given from the encryption random number generation unit 22b, thereby obtaining the encrypted data. Is generated. For example, the encryption operation unit 22a calculates an exclusive OR of the compressed data and the random number data as the encryption operation. The encryption operation is not limited to the exclusive OR calculation.
 暗号化演算部22aは、圧縮データと、乱数データとを用いて暗号化演算を行うことにより暗号データを生成するので、暗号化用乱数発生部22bから乱数データが与えられるごとに各圧縮データそれぞれについて暗号化演算を開始し、暗号データを生成する。よって、データ暗号化部22の暗号化演算部22aは、乱数データが与えられるごとに複数の暗号データを順次生成する。
 暗号化演算部22aは、暗号データを生成するごとに生成した暗号データをデータ制御部15に与える。 The encryption operation unit 22a generates encryption data by performing encryption operation using the compressed data and the random number data. Therefore, each time the random number data is given from the encryption random number generation unit 22b, each of the compressed data The encryption operation is started for, and encrypted data is generated. Therefore, the encryption operation unit 22a of the data encryption unit 22 sequentially generates a plurality of encryption data every time random number data is given.
The encryption operation unit 22a gives the generated data to the data control unit 15 every time encrypted data is generated.
 以上のようにして、暗号化処理部16は、データ制御部15から与えられるユーザデータに対してデータ圧縮・暗号化処理を行い、複数の暗号データを生成してデータ制御部15に与える。 As described above, the encryption processing unit 16 performs data compression / encryption processing on the user data given from the data control unit 15, generates a plurality of encrypted data, and gives the data control unit 15.
 データ復号部23は、復号演算部23aと、復号用乱数発生部23bとを備えている。
 復号用乱数発生部23bは、秘密鍵保持部26が保持する秘密鍵に基づいて、複数の暗号データそれぞれの復号に使用する複数の乱数データを生成する。
 復号用乱数発生部23bは、データ制御部15から暗号データが与えられると、秘密鍵保持部26から秘密鍵を取得する。復号用乱数発生部23bは、N個の秘密鍵から復号用のM個の範囲で必要数の乱数データを生成する。
 なお、復号用乱数発生部23bの構成は、暗号化用乱数発生部22bと同様の構成である。よって、ここでは説明を省略する。 The data decryption unit 23 includes a decryption calculation unit 23a and a decryption random number generation unit 23b.
Based on the secret key held by the secret key holding unit 26, the decryption random number generation unit 23b generates a plurality of random number data used for decoding each of the plurality of encrypted data.
The decryption random number generator 23 b obtains the secret key from the secret key holding unit 26 when the encrypted data is given from the data control unit 15. The decryption random number generator 23b generates a necessary number of random number data in the range of M for decryption from the N secret keys.
The configuration of the decryption random number generator 23b is the same as that of the encryption random number generator 22b. Therefore, the description is omitted here.
 復号演算部23aは、データ制御部15から与えられる複数の暗号データと、復号用乱数発生部23bから与えられる乱数データとを用いて復号演算を行うことにより、複数の暗号データを復号し圧縮データを生成する。この復号演算部23aは、復号演算として、例えば、暗号データと乱数データとの排他的論理和を計算する。なお、暗号化演算は、排他的論理和に限定されるものではない。
 復号演算部23aは、生成した複数の圧縮データをデータ展開部24に与える。 The decryption operation unit 23a performs decryption operation using the plurality of encrypted data provided from the data control unit 15 and the random number data provided from the decryption random number generating unit 23b, thereby decrypting the plurality of encrypted data and compressing the compressed data. Is generated. The decryption operation unit 23a calculates, for example, an exclusive OR of encryption data and random number data as a decryption operation. Note that the encryption operation is not limited to exclusive OR.
The decryption operation unit 23 a gives the generated plurality of compressed data to the data expansion unit 24.
 図2に戻って、データ展開部24は、データ復号部23から複数の圧縮データが与えられると、与えられた複数の圧縮データそれぞれの展開を並列処理により行う。データ展開部24は、前述の可逆圧縮アルゴリズムを利用してデータの展開を行う。
 データ展開部24は、データを展開する処理により得られる展開データをデータ結合部25へ与える。 Returning to FIG. 2, when a plurality of compressed data is given from the data decoding unit 23, the data decompression unit 24 decompresses each of the given plurality of compressed data by parallel processing. The data expansion unit 24 expands data using the above-described lossless compression algorithm.
The data expansion unit 24 gives the expansion data obtained by the data expansion process to the data combining unit 25.
 データ結合部25は、データ展開部24から与えられる複数の展開データを結合して元のユーザデータを生成する。
 このようにして、暗号化処理部16は、データ制御部15から与えられる複数の暗号データに対してデータ復元処理を行い、複数の暗号データから元のユーザデータを復元する。 The data combining unit 25 combines a plurality of expanded data given from the data expanding unit 24 to generate original user data.
In this manner, the encryption processing unit 16 performs data restoration processing on the plurality of encrypted data provided from the data control unit 15 and restores original user data from the plurality of encrypted data.
 次に、本実施形態に係るデータ管理システムの動作について説明する。
〔データサーバと端末との間の処理について〕
 図5は、本実施形態に係るデータ管理システムにおけるデータサーバと端末との間におけるユーザデータの授受に関する処理を示すシーケンス図である。 Next, the operation of the data management system according to this embodiment will be described.
[About processing between data server and terminal]
FIG. 5 is a sequence diagram showing processing related to the exchange of user data between the data server and the terminal in the data management system according to the present embodiment.
 図5中、まず、端末2が保持するユーザデータをデータサーバ1に蓄積することを要求するデータ蓄積要求を、当該端末2がデータサーバ1に送信したとする(ステップS1)。
 すると、データサーバ1のデータ制御部15は、端末2から送信されたデータ蓄積要求を受け付け、蓄積可能と判断すれば、蓄積を許可する旨の通知(蓄積許可)を送信する(ステップS2)。 In FIG. 5, first, assume that the terminal 2 transmits to the data server 1 a data storage request for requesting that the user data held by the terminal 2 be stored in the data server 1 (step S1).
Then, the data control unit 15 of the data server 1 accepts the data accumulation request transmitted from the terminal 2, and transmits a notification (accumulation of accumulation) that permits accumulation when it is determined that accumulation is possible (step S2).
 蓄積許可を受け付けた端末2は、データサーバ1に対して、自らが保持するユーザデータを送信する(ステップS3)。このとき、データサーバ1のデータ制御部15は、端末2から与えられるユーザデータの一部又は全部を例えば制御装置11が有するメモリ内のデータバッファに蓄積する。
 そして、データ制御部15は、記憶装置12における、端末2から送信されるユーザデータを書き込む記憶領域を特定する(ステップS4)。
 その後、データサーバ1のデータ制御部15は、暗号化処理部16にユーザデータに対するデータ圧縮・暗号化処理を行わせて当該ユーザデータに対応する複数の暗号データを生成させる(ステップS5)。次いで、データ制御部15は、これら複数の暗号データを記憶装置12に書き込む。 The terminal 2 that has accepted the storage permission transmits user data held by itself to the data server 1 (step S3). At this time, the data control unit 15 of the data server 1 stores part or all of the user data given from the terminal 2 in, for example, a data buffer in a memory included in the control device 11.
Then, the data control unit 15 identifies a storage area in the storage device 12 in which user data transmitted from the terminal 2 is written (step S4).
Thereafter, the data control unit 15 of the data server 1 causes the encryption processing unit 16 to perform data compression / encryption processing on the user data to generate a plurality of encrypted data corresponding to the user data (step S5). Next, the data control unit 15 writes the plurality of encrypted data in the storage device 12.
 また、端末2がデータサーバ1に蓄積しているユーザデータを引き出すことを要求するデータ引出し要求を、当該端末2がデータサーバ1に送信したとする(ステップS6)。
 すると、データサーバ1のデータ制御部15は、端末2から送信されたデータ引出し要求を受け付け、記憶装置12における、端末2のユーザデータに対応する複数の暗号データが格納された記憶領域を特定する(ステップS7)。 Further, it is assumed that the terminal 2 transmits a data withdrawal request for requesting that the terminal 2 retrieves user data stored in the data server 1 to the data server 1 (step S6).
Then, the data control unit 15 of the data server 1 receives the data withdrawal request transmitted from the terminal 2 and specifies a storage area in the storage device 12 in which a plurality of encrypted data corresponding to the user data of the terminal 2 is stored. (Step S7).
 そして、データサーバ1のデータ制御部15は、端末2のユーザデータに対応する複数の暗号データを読み出して、暗号化処理部16に複数の暗号データについてデータ復元処理を行わせてユーザデータを復元させる(ステップS8)。
 その後、データ制御部15は、復元したユーザデータを端末2に対して送信する(ステップS8)。 Then, the data control unit 15 of the data server 1 reads a plurality of encrypted data corresponding to the user data of the terminal 2, and causes the encryption processing unit 16 to perform a data restoration process on the plurality of encrypted data to restore the user data. (Step S8).
Thereafter, the data control unit 15 transmits the restored user data to the terminal 2 (step S8).
〔データ圧縮・暗号化処理について〕
 次に、データ圧縮・暗号化処理の詳細について説明する。
 図6(a)は、本実施形態に係るデータ圧縮・暗号化処理の概念図である。
 まず、暗号化処理部16のデータ分割部20が、ユーザデータを複数の分割データ(図例では4つ)に分割する。
 次に、データ圧縮部21が、複数の分割データの可逆圧縮を並列処理により行い、複数の圧縮データを生成する。この複数の圧縮データは、複数次元データを構成する。 [About data compression / encryption processing]
Next, details of the data compression / encryption processing will be described.
FIG. 6A is a conceptual diagram of data compression / encryption processing according to the present embodiment.
First, the data dividing unit 20 of the encryption processing unit 16 divides user data into a plurality of divided data (four in the illustrated example).
Next, the data compression unit 21 performs lossless compression of the plurality of divided data by parallel processing, and generates a plurality of compressed data. The plurality of compressed data constitutes multidimensional data.
 その後、データ暗号化部22が、複数の圧縮データを複数次元データ暗号化アルゴリズムに基づいて、暗号化を並列処理により行う。ここでは、複数次元データ暗号化アルゴリズムとして、任意次元の有理数ベクトルの暗号化を並列処理により行うことが可能な任意次元並列可能カオス暗号可逆アルゴリズムを用いて暗号化を行う。 Thereafter, the data encryption unit 22 performs encryption on a plurality of compressed data by parallel processing based on a multi-dimensional data encryption algorithm. Here, as a multi-dimensional data encryption algorithm, encryption is performed using an arbitrary-dimensional parallel-capable chaos encryption reversible algorithm that can encrypt an arbitrary-dimensional rational vector by parallel processing.
 このアルゴリズムでは、M個(Mは自然数)の秘密鍵を用いてN次元(Nは自然数であり、N≧M)の有理数ベクトルを一括化して暗号化するカオス暗号化法により、複数の圧縮データを暗号化する。つまり、任意N(≧M)次元の有理数ベクトルを一括して暗号化する。ここで、「有理数ベクトル」とは、複数の圧縮データそれぞれを要素とする複数次元のベクトルである。そして、複数の圧縮データの個数をN個とすると、N個以下のM個の秘密鍵から生成されるN個の乱数データを用いて、複数の圧縮データそれぞれを暗号化する。なお、カオス暗号化法については、特許第3030341号公報、特許第4219629号公報および特開2011-35800号公報に説明されている。 In this algorithm, a plurality of compressed data is obtained by a chaotic encryption method that encrypts N-dimensional (N is a natural number and N ≧ M) rational number vectors using M secret keys (M is a natural number). Is encrypted. That is, rational vector of arbitrary N (≧ M) dimensions is encrypted collectively. Here, the “rational vector” is a multi-dimensional vector having each of a plurality of compressed data as elements. If the number of the plurality of compressed data is N, each of the plurality of compressed data is encrypted using N random number data generated from N or less M secret keys. The chaotic encryption method is described in Japanese Patent No. 3030341, Japanese Patent No. 4219629, and Japanese Patent Application Laid-Open No. 2011-35800.
 以上のように、データ暗号化部22が、複数の圧縮データの暗号化を並列処理により行う。これにより、例えば、暗号化処理部16が、複数の圧縮データを個別に順番に暗号化する構成に比べて、データ暗号化処理に要する時間を短縮できる。 As described above, the data encryption unit 22 encrypts a plurality of compressed data by parallel processing. Thereby, for example, the time required for the data encryption process can be shortened compared to a configuration in which the encryption processing unit 16 individually encrypts a plurality of compressed data in order.
〔データ復元処理について〕
 次に、データ復元処理の詳細について説明する。
 図6(b)は、本実施形態に係るデータ復元処理の概念図である。
 まず、暗号化処理部16のデータ復号部23が、複数の暗号データそれぞれの復号を、複数次元データ暗号化アルゴリズムに基づいて並列処理により行うことにより、複数の圧縮データを生成する。ここで、複数の暗号データが、複数次元データを構成している。
 次に、データ展開部24が、複数の圧縮データそれぞれの展開を並列処理により行うことにより、複数の展開データを生成する。
 その後、データ結合部25が、複数の展開データを結合することにより、データを復元する。 [About data restoration processing]
Next, details of the data restoration process will be described.
FIG. 6B is a conceptual diagram of data restoration processing according to the present embodiment.
First, the data decryption unit 23 of the encryption processing unit 16 decrypts each of the plurality of encrypted data by parallel processing based on the multi-dimensional data encryption algorithm, thereby generating a plurality of compressed data. Here, the plurality of encrypted data constitutes multi-dimensional data.
Next, the data expansion unit 24 generates a plurality of decompressed data by performing decompression of each of the plurality of compressed data by parallel processing.
Thereafter, the data combining unit 25 combines the plurality of decompressed data to restore the data.
 以上のように、データ復号部23が、複数の暗号データの復号を並列処理により行う。これにより、例えば、データ復号部23が、複数の暗号データを個別に順番に復号する構成に比べて、データ復元処理に要する時間を短縮できる。 As described above, the data decryption unit 23 decrypts a plurality of encrypted data by parallel processing. Thereby, for example, the time required for the data restoration processing can be shortened as compared with a configuration in which the data decryption unit 23 individually decrypts a plurality of pieces of encrypted data in order.
〔バックアップ処理について〕
 図7は、データサーバ1が行うバックアップ処理を示すシーケンス図である。
 この図7では、端末2から蓄積要求されたユーザデータをデータサーバ1がバックアップ用サーバ3に送信しバックアップする場合について示している。 [About backup processing]
FIG. 7 is a sequence diagram illustrating a backup process performed by the data server 1.
FIG. 7 shows a case where the data server 1 transmits user data requested to be stored from the terminal 2 to the backup server 3 for backup.
 図7中、まず、端末2がデータ蓄積要求をデータサーバ1に送信したとする(ステップS11)。
 端末2からのデータ蓄積要求を受け付けると、データサーバ1のデータ制御部15は、バックアップ用サーバ3に対して、バックアップ処理の対象となるデータの蓄積をバックアップ用サーバ3に要求するためのデータ蓄積要求を送信する(ステップS12)。
 バックアップ用サーバ3は、データサーバ1から送信されたデータ蓄積要求を受け付け、蓄積可能と判断すれば、蓄積を許可する旨の通知(蓄積許可)をデータサーバ1に送信する(ステップS13)。 In FIG. 7, it is assumed that the terminal 2 first transmits a data storage request to the data server 1 (step S11).
When the data storage request from the terminal 2 is received, the data control unit 15 of the data server 1 stores data for requesting the backup server 3 to store data to be backed up by the backup server 3. A request is transmitted (step S12).
The backup server 3 receives the data accumulation request transmitted from the data server 1 and, if it determines that accumulation is possible, transmits a notification (accumulation permission) to permit accumulation to the data server 1 (step S13).
 バックアップ用サーバ3からの蓄積許可を受け付けたデータサーバ1のデータ制御部15は、端末2に対して蓄積を許可する旨の通知(蓄積許可)を端末2に送信する(ステップS14)。 The data control unit 15 of the data server 1 that has received the storage permission from the backup server 3 transmits to the terminal 2 a notification (storage permission) that the storage is permitted to the terminal 2 (step S14).
 蓄積許可を受け付けた端末2は、データサーバ1に対して、自らが保持するユーザデータを送信する(ステップS15)。データサーバ1のデータ制御部15は、端末2から与えられるユーザデータの一部又は全部を例えば制御装置11が有するメモリ内のデータバッファに一時的に蓄積する。 The terminal 2 that has accepted the storage permission transmits the user data held by itself to the data server 1 (step S15). The data control unit 15 of the data server 1 temporarily stores part or all of the user data given from the terminal 2 in, for example, a data buffer in a memory included in the control device 11.
 データ制御部15は、暗号化処理部16にデータ圧縮・暗号化処理を行わせるために、ユーザデータを当該暗号化処理部16に与える。
 暗号化処理部16は、ユーザデータが与えられると、当該ユーザデータに対して分割、圧縮を行い、複数の圧縮データを生成する(ステップS16)。
 その後、暗号化処理部16のデータ暗号化部22は、複数の圧縮データに対する暗号化を開始する(ステップS17)。 The data control unit 15 gives user data to the encryption processing unit 16 in order to cause the encryption processing unit 16 to perform data compression / encryption processing.
When the user data is given, the encryption processing unit 16 divides and compresses the user data to generate a plurality of compressed data (step S16).
Thereafter, the data encryption unit 22 of the encryption processing unit 16 starts encryption of the plurality of compressed data (step S17).
 データ暗号化部22(の暗号化演算部22a)は、上述のように、暗号データを生成するごとに生成した暗号データをデータ制御部15(図1)に与える。よって、データ制御部15には、複数の暗号データが順次与えられる。
 データ制御部15は、前記複数の暗号データの内、一の暗号データが生成され与えられると他の暗号データが生成され与えられるのを待たずに前記一の暗号データをバックアップ用サーバ3に送信する。 As described above, the data encryption unit 22 (the encryption operation unit 22a) provides the data control unit 15 (FIG. 1) with the encrypted data generated every time the encrypted data is generated. Therefore, a plurality of encrypted data is sequentially given to the data control unit 15.
The data control unit 15 transmits the one encrypted data to the backup server 3 without waiting for another encrypted data to be generated and provided when one encrypted data is generated and given from among the plurality of encrypted data. To do.
 よって、データ暗号化部22が複数の暗号データの内、最初の暗号データを生成してデータ制御部15に与えると、データ制御部15は、他の暗号データが与えられるのを待たずにバックアップ用サーバ3に向けた暗号データの送信を開始する(ステップS18)。 Therefore, when the data encryption unit 22 generates the first encrypted data among a plurality of encrypted data and gives it to the data control unit 15, the data control unit 15 performs backup without waiting for other encrypted data to be provided. The transmission of encrypted data toward the server 3 is started (step S18).
 図8は、暗号化処理部16が暗号化を開始し、データ制御部15が暗号データを送信する際のタイムチャートである。なお、図8では、4つの圧縮データ(圧縮データ1~4)から4つの暗号データ(暗号データ1~4)を並列に処理して生成する場合を示している。 FIG. 8 is a time chart when the encryption processing unit 16 starts encryption and the data control unit 15 transmits encrypted data. FIG. 8 shows a case where four pieces of encrypted data (encrypted data 1 to 4) are generated in parallel from four pieces of compressed data (compressed data 1 to 4).
 暗号化処理部16は、4つの圧縮データの暗号化をデータ暗号化部22に実行させる。
 ここで、データ暗号化部22は、複数の暗号対象データそれぞれを要素とする複数次元データを暗号化する複数次元データ暗号化アルゴリズムを用いた暗号化を行う。なお、暗号対象データとは、データ暗号化部22による暗号化の対象となるデータである。 The encryption processing unit 16 causes the data encryption unit 22 to encrypt the four compressed data.
Here, the data encryption unit 22 performs encryption using a multi-dimensional data encryption algorithm that encrypts multi-dimensional data having each of a plurality of encryption target data as elements. The encryption target data is data to be encrypted by the data encryption unit 22.
 データ暗号化部22は、データ圧縮部21から与えられる4つの圧縮データ(圧縮データ1~4)を、複数次元データ暗号化アルゴリズムを用いて暗号化することにより4つの暗号データ(暗号データ1~4)を生成する。つまり、データ暗号化部22には、4つの圧縮データが、複数次元データの要素として与えられる。 The data encryption unit 22 encrypts the four compressed data (compressed data 1 to 4) given from the data compressing unit 21 by using a multi-dimensional data encryption algorithm, thereby four encrypted data (encrypted data 1 to 4). 4) is generated. That is, four compressed data are given to the data encryption unit 22 as elements of multidimensional data.
 また、図8中、期間P1~P4は、それぞれ乱数データを生成する期間、期間Q1~Q4は、それぞれ圧縮データを暗号化して暗号データを生成する期間、期間R1~R4は、それぞれ暗号データをバックアップ用サーバ3に送信する期間を示している。 In FIG. 8, periods P1 to P4 are periods for generating random data, periods Q1 to Q4 are periods for encrypting compressed data to generate encrypted data, and periods R1 to R4 are for encrypting data. A period for transmission to the backup server 3 is shown.
 暗号化処理部16は、期間P1の始点において暗号化を開始すると(図8中、ステップS17)、まず、秘密鍵を取得して1番目の圧縮データ1の暗号化に用いる乱数データの生成を開始する。
 図8中、暗号化処理部16は、期間P1で圧縮データ1の暗号化に用いる乱数データを生成する。
 ここで、データ暗号化部22が暗号化に用いる乱数データは、上述したように、一の乱数データに基づいて次の乱数データが生成される(図4)。 When the encryption processing unit 16 starts encryption at the start point of the period P1 (step S17 in FIG. 8), the encryption processing unit 16 first obtains a secret key and generates random number data used for encryption of the first compressed data 1. Start.
In FIG. 8, the encryption processing unit 16 generates random number data used for encryption of the compressed data 1 in the period P1.
Here, as the random number data used for encryption by the data encryption unit 22, the next random number data is generated based on one random number data as described above (FIG. 4).
 よって、暗号化処理部16(の暗号化用乱数発生部22b)は、期間P1で圧縮データ1の暗号化に用いる乱数データを生成した後、期間P1終了直後の期間P2において、圧縮データ1用の乱数データに基づいて圧縮データ2用の乱数データを生成する。
 暗号化処理部16は、期間P2で圧縮データ2用の乱数データを生成した後、期間P2終了直後の期間P3において、圧縮データ2用の乱数データに基づいて圧縮データ3用の乱数データを生成する。
 さらに、暗号化処理部16は、期間P3で圧縮データ3用の乱数データを生成した後、期間P3終了直後の期間P4において、圧縮データ3用の乱数データに基づいて圧縮データ4用の乱数データを生成する。 Therefore, the encryption processing unit 16 (the encryption random number generation unit 22b) generates random number data used for encryption of the compressed data 1 in the period P1, and then in the period P2 immediately after the period P1, the compressed data 1 The random number data for the compressed data 2 is generated based on the random number data.
After generating the random number data for the compressed data 2 in the period P2, the encryption processing unit 16 generates the random number data for the compressed data 3 based on the random number data for the compressed data 2 in the period P3 immediately after the end of the period P2. To do.
Furthermore, after generating the random number data for the compressed data 3 in the period P3, the encryption processing unit 16 generates the random number data for the compressed data 4 based on the random number data for the compressed data 3 in the period P4 immediately after the end of the period P3. Is generated.
 暗号化処理部16は、各期間P1、P2、P3、P4において、各圧縮データの暗号化に用いる乱数データを生成すると、その後の各期間Q1、Q2、Q3、Q4において、乱数データを用いて暗号化を行い、暗号データ1、2、3、4を生成する。 When the encryption processing unit 16 generates random number data used for encryption of each compressed data in each period P1, P2, P3, P4, the random number data is used in each subsequent period Q1, Q2, Q3, Q4. Encryption is performed to generate encrypted data 1, 2, 3, and 4.
 上記のように、暗号化処理部16は、一の乱数データに基づいて次の乱数データを生成するため、各圧縮データ2~4に用いる乱数データを生成して暗号化を開始するタイミング(期間P2~P4それぞれの始点)が、乱数データを生成するために必要な期間(P1~P3)ずつ順次遅れる。 As described above, the encryption processing unit 16 generates the next random number data based on the one random number data, and therefore generates the random number data used for each of the compressed data 2 to 4 and starts the encryption (period The respective starting points of P2 to P4 are sequentially delayed by a period (P1 to P3) necessary for generating random number data.
 よって、分割データ(圧縮データ)がほぼ同じ長さ(データ量)とされているとすると、最も早いタイミングで暗号化が開始された圧縮データ1の暗号化が最初に完了し、順次圧縮データ2、3、4の順に暗号化が完了する。
 なお、本例では、分割データ(圧縮データ)がほぼ同じ長さ(データ量)とされているものとする。 Therefore, assuming that the divided data (compressed data) has substantially the same length (data amount), the encryption of the compressed data 1 that has been encrypted at the earliest timing is completed first, and the compressed data 2 is sequentially added. Encryption is completed in the order of 3, 4 and 4.
In this example, it is assumed that the divided data (compressed data) has substantially the same length (data amount).
 暗号化処理部16は、暗号化が完了し暗号データを生成するごとに当該暗号データをデータ制御部15に与える。
 データ制御部15は、上述ように、複数の暗号データの内、一の暗号データが生成され与えられると他の暗号データが生成され与えられるのを待たずに前記一の暗号データをバックアップ用サーバ3に送信する。 The encryption processing unit 16 gives the encrypted data to the data control unit 15 every time encryption is completed and encrypted data is generated.
As described above, when one encrypted data is generated and given from among a plurality of encrypted data, the data control unit 15 does not wait for the other encrypted data to be generated and given, and then sends the one encrypted data to the backup server. 3 to send.
 よって、図8中、暗号化処理部16が期間Q1において生成した暗号データ1をデータ制御部15に与えると、データ制御部15は、他の暗号データ2~4の生成を待たずに、期間R1において、暗号データ1の送信を行う。つまり、データ制御部15は、期間R1の始点において、バックアップ用サーバ3に向けた暗号データの送信を開始する(図8中、ステップS18)。 Therefore, in FIG. 8, when the encryption processing unit 16 gives the encrypted data 1 generated in the period Q1 to the data control unit 15, the data control unit 15 does not wait for generation of the other encrypted data 2 to 4 and waits for the period. In R1, the encrypted data 1 is transmitted. That is, the data control unit 15 starts transmission of encrypted data toward the backup server 3 at the start point of the period R1 (step S18 in FIG. 8).
 その後、暗号化処理部16が生成した暗号データを順次データ制御部15に与えると、データ制御部15は、他の暗号データの生成を待たずに、与えられた暗号データをバックアップ用サーバ3に順次送信する。 Thereafter, when the encrypted data generated by the encryption processing unit 16 is sequentially given to the data control unit 15, the data control unit 15 sends the provided encrypted data to the backup server 3 without waiting for generation of other encrypted data. Send sequentially.
 暗号化処理部16は、期間Q4において暗号データ4を生成すると、全ての圧縮データの暗号化を終える。よって、暗号化処理部16は、期間Q4の終点において、ユーザデータの暗号化を終える(図8中、ステップS19)。
 また、データ制御部15は、暗号化処理部16から暗号データ4が与えられ、期間R4において、暗号データ4の送信を終えると、全ての暗号データの送信を終える。よって、データ制御部15は、期間R4の終点において、暗号データの送信を終える(図8中、ステップS20)。 When the encryption processing unit 16 generates the encryption data 4 in the period Q4, the encryption processing unit 16 finishes encryption of all the compressed data. Therefore, the encryption processing unit 16 finishes the encryption of the user data at the end point of the period Q4 (step S19 in FIG. 8).
In addition, the data control unit 15 receives the encrypted data 4 from the encryption processing unit 16 and ends the transmission of all the encrypted data when the transmission of the encrypted data 4 is completed in the period R4. Therefore, the data control unit 15 finishes transmitting the encrypted data at the end point of the period R4 (step S20 in FIG. 8).
 上記構成によれば、送信制御部としてのデータ制御部15が、複数の暗号データの内、一の暗号データが生成され与えられると他の暗号データが生成され与えられるのを待たずに一の暗号データを他の装置としてのバックアップ用サーバ3に送信するので、複数の暗号データ全部が生成されるのを待つことなく送信することができる。このため、このため、複数の分割データが全て暗号化されるのを待って送信する場合と比較して、暗号化のための待ち時間を圧縮することができ、ユーザデータの送信処理に要する時間を短縮することができる。 According to the above configuration, when the data control unit 15 as the transmission control unit generates and gives one encrypted data among the plurality of encrypted data, the data control unit 15 does not wait for another encrypted data to be generated and given. Since the encrypted data is transmitted to the backup server 3 as another device, the encrypted data can be transmitted without waiting for all of the plurality of encrypted data to be generated. For this reason, the waiting time for encryption can be compressed and the time required for the transmission processing of user data, compared to the case where transmission is performed after waiting for all of the plurality of divided data to be encrypted. Can be shortened.
 仮に全暗号データが生成された後に各暗号データを送信する場合、データ制御部15は、図8中、ステップS19のタイミングまで暗号データの送信を待つことになり、ステップS19のタイミング以後に全暗号データの送信を開始するため、図8中、ステップS20以降において、破線で示す、最大で3つの暗号データを送信するための期間が必要となる。
 本実施形態では、上述のように、一の暗号データが生成されると他の暗号データが生成されるのを待たずに一の暗号データをバックアップ用サーバ3に送信するので、図8中、破線で示す期間を短縮することができる。 If all the encrypted data is transmitted after all the encrypted data is generated, the data control unit 15 waits for transmission of the encrypted data until the timing of step S19 in FIG. In order to start data transmission, a period for transmitting a maximum of three encrypted data indicated by a broken line is required after step S20 in FIG. 8.
In the present embodiment, as described above, when one encrypted data is generated, one encrypted data is transmitted to the backup server 3 without waiting for another encrypted data to be generated. The period indicated by the broken line can be shortened.
 また、本実施形態において、複数の暗号データは、インターネット4を通じてデータサーバ1からバックアップ用サーバ3に送信されるが、これら複数の暗号データは、ユーザデータを分割した複数の分割データを暗号化して得たものなので、第三者が、暗号データを取得したとしても、元のユーザデータに容易に復元されるのを抑制することができる。 In the present embodiment, a plurality of encrypted data is transmitted from the data server 1 to the backup server 3 through the Internet 4, and the plurality of encrypted data is obtained by encrypting a plurality of divided data obtained by dividing user data. Since it is obtained, even if a third party obtains encrypted data, it can be prevented from being easily restored to the original user data.
 図7に戻って、ユーザデータの暗号化を終え(ステップS19)、暗号データの送信を終えると(ステップS20)、データサーバ1は、送信終了通知をバックアップ用サーバ3に送信する(ステップS21)。
 送信終了通知を受け付けたバックアップ用サーバ3は、全暗号データを受信したことを認識し、これら複数の暗号データを蓄積する。 Returning to FIG. 7, when the encryption of the user data is completed (step S19) and the transmission of the encrypted data is completed (step S20), the data server 1 transmits a transmission end notification to the backup server 3 (step S21). .
The backup server 3 that has received the transmission end notification recognizes that all the encrypted data has been received, and accumulates the plurality of encrypted data.
 なお、データ制御部15は、各暗号データを生成すると、生成した複数の暗号化データを制御装置11が有するメモリ内のデータバッファ等に一時的に蓄積する。
 データ制御部15は、バックアップ用サーバ3への暗号データの送信を終えると、前記データバッファに一時的に蓄積していた複数の暗号データをデータサーバ1の記憶装置12に与えて蓄積させる(ステップS22)。
 これにより、データサーバ1は、暗号データとされたユーザデータを自身に蓄積しつつ、暗号データとされたユーザデータのバックアップをバックアップ用サーバ3に行わせることができる。
 なお、暗号データの記憶装置12への蓄積は、暗号データが生成された後であれば、いつ行ってもよく、各暗号データを生成するごとに逐次行ってもよいし、暗号データの送信が終わった直後に行ってもよい。 When the data control unit 15 generates each encrypted data, the data control unit 15 temporarily stores the generated plurality of encrypted data in a data buffer or the like in a memory included in the control device 11.
After completing the transmission of the encrypted data to the backup server 3, the data control unit 15 gives the plurality of encrypted data temporarily stored in the data buffer to the storage device 12 of the data server 1 for storage (step). S22).
As a result, the data server 1 can cause the backup server 3 to back up the user data that is encrypted data while accumulating the user data that is encrypted data.
The storage of the encrypted data in the storage device 12 may be performed at any time after the encrypted data is generated, may be performed sequentially each time each encrypted data is generated, or the encrypted data is transmitted. You may go right after it is finished.
 以上により、端末2から蓄積要求されたユーザデータをデータサーバ1がバックアップ用サーバにバックアップするバックアップ処理は、終了する。 Thus, the backup processing in which the data server 1 backs up the user data requested to be stored from the terminal 2 to the backup server ends.
 バックアップ用サーバ3に蓄積された暗号データを引き出す場合、データサーバ1は、バックアップ用サーバ3に引出し要求を送信する。なお、引出し要求の送信は、データサーバ1が自発的に送信することもできるし、端末2がデータサーバ1にバックアップ用サーバ3に対する引出し要求を送信させることもできる。
 バックアップ用サーバ3は、この引出し要求を受け付けると、要求に応じた暗号データを要求元のデータサーバ1に送信する。 When extracting the encrypted data stored in the backup server 3, the data server 1 transmits a withdrawal request to the backup server 3. The data request can be sent by the data server 1 voluntarily, or the terminal 2 can cause the data server 1 to send a data withdrawal request to the backup server 3.
When the backup server 3 accepts the withdrawal request, the backup server 3 transmits the encrypted data corresponding to the request to the requesting data server 1.
 バックアップ用サーバ3からの暗号データを受け付けたデータサーバ1は、復号、展開、及び結合を行ってユーザデータを復元することができる。
 データサーバ1は、復元したユーザデータを端末2に与える。 The data server 1 that has received the encrypted data from the backup server 3 can restore the user data by performing decryption, expansion, and combination.
The data server 1 gives the restored user data to the terminal 2.
〔効果について〕
 本実施形態のデータサーバ1が有する制御装置11(データ処理装置)は、端末2から与えられるユーザデータを分割して、複数の分割データを生成するデータ分割部20と、複数の分割データそれぞれを可逆圧縮することにより複数の圧縮データを生成するデータ圧縮部21と、複数の圧縮データを、複数次元データとして複数次元データ暗号化アルゴリズムを用いて暗号化することにより暗号データを生成するデータ暗号化部22と、複数の暗号データの内、一の暗号データが生成されると他の暗号データの生成を待たずに前記一の暗号データをバックアップ用サーバ3(他の装置)に送信するデータ制御部15(送信制御部)と、を備えている。 [Effect]
The control device 11 (data processing device) included in the data server 1 of the present embodiment divides user data given from the terminal 2 and generates a plurality of divided data, and a plurality of divided data, respectively. A data compression unit 21 that generates a plurality of compressed data by reversible compression, and a data encryption that generates encrypted data by encrypting the plurality of compressed data as multidimensional data using a multidimensional data encryption algorithm Data control for transmitting the one encrypted data to the backup server 3 (another device) without waiting for the generation of the other encrypted data when one encrypted data is generated from the unit 22 and the plurality of encrypted data Unit 15 (transmission control unit).
 本実施形態によれば、データ分割部20がユーザデータを分割して複数の分割データを生成し、データ圧縮部が、複数の分割データそれぞれを可逆圧縮することにより複数の圧縮データを生成する。これにより、データ圧縮部21が分割前のユーザデータを圧縮する構成に比べて、圧縮時間の短縮を図ることができるので、ユーザデータの暗号化処理に要する時間を短縮することができる。また、データ暗号化部22が、複数の圧縮データを複数次元データとして暗号化する。これにより、データ暗号化部22が、複数の圧縮データそれぞれの暗号化に、複数次元データ暗号化アルゴリズムを採用することができる。 According to the present embodiment, the data dividing unit 20 divides user data to generate a plurality of divided data, and the data compression unit generates a plurality of compressed data by reversibly compressing each of the plurality of divided data. Thereby, compared with the structure which the data compression part 21 compresses the user data before a division | segmentation, since compression time can be shortened, the time required for the encryption process of user data can be shortened. In addition, the data encryption unit 22 encrypts a plurality of compressed data as multidimensional data. Thereby, the data encryption part 22 can employ | adopt a multidimensional data encryption algorithm for encryption of each of several compression data.
 さらに、データ制御部15が、複数の暗号データの内、一の暗号データが生成されると他の暗号データの生成を待たずに一の暗号データをバックアップ用サーバ3に送信するので、複数の暗号データ全部が生成されるのを待つことなく送信することができる。このため、ユーザデータを分割せずそのまま暗号化する場合や、複数の分割データが全て暗号化されるのを待って送信する場合と比較して、暗号化のための待ち時間を圧縮することができ、ユーザデータの送信処理に要する時間を短縮することができる。
 以上のように、本実施形態によれば、ユーザデータを暗号化し送信する処理に要する時間の短縮を図ることができる。 Furthermore, since the data control unit 15 transmits one encrypted data to the backup server 3 without waiting for the generation of the other encrypted data when one encrypted data is generated among the plurality of encrypted data. It is possible to transmit without waiting for all the encrypted data to be generated. Therefore, it is possible to compress the waiting time for encryption as compared with the case where user data is encrypted without being divided, or when waiting for all the divided data to be encrypted and transmitted. And the time required for the user data transmission process can be shortened.
As described above, according to this embodiment, it is possible to reduce the time required for the process of encrypting and transmitting user data.
 なお、上記実施形態では、バックアップ用サーバ3がインターネット4を介してデータサーバ1に接続された場合を例示したが、バックアップ用サーバ3は、データサーバ1に通信可能に接続されていればよく、LANや電話通信等によってデータサーバ1に接続されていてもよい。 In the above embodiment, the case where the backup server 3 is connected to the data server 1 via the Internet 4 is exemplified. However, the backup server 3 may be connected to the data server 1 so as to be communicable. It may be connected to the data server 1 by LAN or telephone communication.
 また、上記実施形態では、データサーバ1が一つのバックアップ用サーバ3に対して暗号データを送信し、このバックアップ用サーバ3に暗号データを蓄積させる場合を例示したが、例えば、複数のバックアップ用サーバ3に一つのユーザデータから生成された複数の暗号データを分散して蓄積させてもよい。
 これにより、暗号データが第三者によって容易に元のユーザデータに復元されるのをより効果的に抑制することができる。 In the above embodiment, the case where the data server 1 transmits encrypted data to one backup server 3 and the encrypted data is stored in the backup server 3 is exemplified. 3, a plurality of pieces of encrypted data generated from one user data may be distributed and stored.
Thereby, it can suppress more effectively that encryption data is easily decompress | restored by the third party to the original user data.
 また、上記実施形態では、データ暗号化部22は、図8に示すように、4つの圧縮データを、順次暗号化することにより4つの暗号データを生成するとともに、4つの暗号データの生成を順次遅れたタイミングで開始させ、4つの暗号データの内、最初に生成される暗号データ1を生成する期間Q1の間に、最後に生成される暗号データ4の生成を開始するように、4つの暗号データを生成する。 In the above embodiment, as shown in FIG. 8, the data encryption unit 22 sequentially generates four encrypted data by sequentially encrypting four compressed data, and sequentially generates four encrypted data. The four ciphers are started at a delayed timing, and the generation of the cipher data 4 generated last is started during the period Q1 of the cipher data 1 generated first among the four cipher data. Generate data.
 この場合、4つの暗号データ1~4を生成する期間Q1~Q4それぞれが、互いに重複する。つまり、暗号データ1を生成する期間Q1は、他の期間Q2、Q3、Q4と重複しており、同様に、期間Q2も他の期間Q1、Q3、Q4と重複している。
 このように、4つの暗号データ1~4を生成する期間Q1~Q4の全てが、互いに重複しているので、データを暗号化し送信する処理に要する時間をより短縮することができる。 In this case, the periods Q1 to Q4 for generating the four encrypted data 1 to 4 overlap each other. That is, the period Q1 for generating the encrypted data 1 overlaps with the other periods Q2, Q3, and Q4. Similarly, the period Q2 also overlaps with the other periods Q1, Q3, and Q4.
As described above, since all the periods Q1 to Q4 for generating the four encrypted data 1 to 4 overlap each other, the time required for the process of encrypting and transmitting the data can be further shortened.
〔その他〕
 上記実施形態では、上述したように、制御装置11の各種機能は、CPUがメモリに読み出された所定のコンピュータプログラムを実行することにより実現されている。制御装置11は、当該制御装置11のCPUが前記コンピュータプログラムを実行することにより、データ制御部15と、暗号化処理部16とを機能的に備えている。 [Others]
In the above embodiment, as described above, various functions of the control device 11 are realized by the CPU executing a predetermined computer program read into the memory. The control device 11 functionally includes a data control unit 15 and an encryption processing unit 16 when the CPU of the control device 11 executes the computer program.
 暗号化処理部16は、複数の分割データを生成するデータ分割部20と、前記複数の分割データそれぞれを可逆圧縮することにより複数の圧縮データを生成するデータ圧縮部21と、複数の暗号対象データそれぞれを要素とする複数次元データを暗号化する複数次元データ暗号化アルゴリズムを用いて暗号化するデータ暗号化部22とを備えている。
 データ制御部15は、複数の暗号データをバックアップ用サーバ3に送信する。 The encryption processing unit 16 includes a data dividing unit 20 that generates a plurality of divided data, a data compression unit 21 that generates a plurality of compressed data by lossless compression of each of the plurality of divided data, and a plurality of encryption target data. And a data encryption unit 22 that encrypts the data using a multi-dimensional data encryption algorithm that encrypts multi-dimensional data each of which is an element.
The data control unit 15 transmits a plurality of encrypted data to the backup server 3.
 また、データ暗号化部22には、前記複数の圧縮データが、前記複数次元データの要素として与えられる。
 データ暗号化部22は、前記複数の圧縮データを、前記複数次元データ暗号化アルゴリズムを用いて暗号化することにより複数の暗号データを生成する。
 さらに、図8に示すように、データ暗号化部22は、前記複数の暗号データの内、一の暗号データを生成するための期間と、前記一の暗号データ以外の他の暗号データを生成するための期間とが、互いに重複するように、前記複数の暗号データを生成する。
 また、データ制御部15は、図8に示すように、前記複数の暗号データそれぞれが生成されるごとに、生成された暗号データをバックアップ用サーバ3に送信する。 Further, the plurality of compressed data are given to the data encryption unit 22 as elements of the multi-dimensional data.
The data encryption unit 22 generates a plurality of encrypted data by encrypting the plurality of compressed data using the multi-dimensional data encryption algorithm.
Further, as shown in FIG. 8, the data encryption unit 22 generates a period for generating one encrypted data among the plurality of encrypted data and other encrypted data other than the one encrypted data. The plurality of pieces of encrypted data are generated such that the periods for the same overlap each other.
Further, as shown in FIG. 8, the data control unit 15 transmits the generated encrypted data to the backup server 3 each time the plurality of encrypted data is generated.
 より詳細には、データ暗号化部22は、図8に示すように、複数の圧縮データを、順次暗号化することにより複数の暗号データを生成する。データ暗号化部22は、前記複数の暗号データの生成を順次遅れたタイミングで開始させ、前記複数の暗号データそれぞれの生成の期間が、生成される順番が隣り合う暗号データ間において互いに重複するように、前記複数の暗号データを生成する。 More specifically, the data encryption unit 22 generates a plurality of encrypted data by sequentially encrypting a plurality of compressed data, as shown in FIG. The data encryption unit 22 starts the generation of the plurality of pieces of encrypted data at a sequentially delayed timing so that the generation periods of the plurality of pieces of encryption data overlap each other between the pieces of encryption data in which the generation order is adjacent. In addition, the plurality of encrypted data is generated.
 また、データ制御部15は、図8に示すように、前記複数の暗号データのそれぞれにおいて、生成される順番が隣り合って前後する暗号データ間で、前の暗号データの生成が終了すると後の暗号データの生成の終了を待たずに前記前の暗号データがバックアップ用サーバ3に送信されるように、前記複数の暗号データの送信をする。 In addition, as shown in FIG. 8, the data control unit 15 performs the subsequent processing when the generation of the previous encryption data is completed between the encryption data whose generation orders are adjacent to each other in each of the plurality of encryption data. The plurality of encrypted data are transmitted so that the previous encrypted data is transmitted to the backup server 3 without waiting for the end of generation of the encrypted data.
 また、CPUが実行する前記コンピュータプログラムは、制御装置11が備えるCPUに、複数の分割データを生成するデータ分割部20としての機能であるデータ分割ステップと、前記複数の分割データそれぞれを可逆圧縮することにより複数の圧縮データを生成するデータ圧縮部21としての機能であるデータ圧縮ステップと、複数の暗号対象データそれぞれを要素とする複数次元データを暗号化する複数次元データ暗号化アルゴリズムを用いて暗号化するデータ暗号化部22としての機能であるデータ暗号化ステップと、複数の暗号データをバックアップ用サーバ3に送信するデータ制御部15としての機能である送信制御ステップと、を実行させるためのコンピュータプログラムである。 Further, the computer program executed by the CPU reversibly compresses each of the plurality of divided data and a data division step which is a function as a data dividing unit 20 that generates a plurality of divided data, in the CPU included in the control device 11. And a data compression step that is a function as the data compression unit 21 that generates a plurality of compressed data, and a multi-dimensional data encryption algorithm that encrypts multi-dimensional data having each of the plurality of encryption target data as elements. A computer for executing a data encryption step that is a function as the data encryption unit 22 to be converted and a transmission control step that is a function as the data control unit 15 that transmits a plurality of encrypted data to the backup server 3 It is a program.
 前記データ暗号化ステップにおいて、コンピュータプログラムは、前記複数の圧縮データを、前記複数次元データ暗号化アルゴリズムを用いて暗号化することにより複数の暗号データを生成するとともに、前記複数の暗号データの内、一の暗号データを生成するための期間と、前記一の暗号データ以外の他の暗号データを生成するための期間とが、互いに重複するように、前記複数の暗号データを生成する処理を、制御装置11のCPUに実行させるように構成されている。
 また、前記送信制御ステップにおいて、コンピュータプログラムは、前記複数の暗号データそれぞれが生成されるごとに、生成された暗号データをバックアップ用サーバ3に送信する処理を、制御装置11のCPUに実行させるように構成されている。 In the data encryption step, the computer program generates a plurality of encrypted data by encrypting the plurality of compressed data using the multi-dimensional data encryption algorithm, and among the plurality of encrypted data, Control processing for generating the plurality of encrypted data such that a period for generating one encrypted data and a period for generating other encrypted data other than the one encrypted data overlap each other. The CPU of the apparatus 11 is configured to be executed.
In the transmission control step, the computer program causes the CPU of the control device 11 to execute a process of transmitting the generated encrypted data to the backup server 3 each time the plurality of encrypted data is generated. It is configured.
 さらに、前記コンピュータプログラムには、前記データ暗号化ステップにおいて前記複数の圧縮データを暗号化して複数の暗号データを生成する処理を、複数の圧縮データごとに並列実行させるための命令が含まれている。 Further, the computer program includes an instruction for executing the process of generating the plurality of encrypted data by encrypting the plurality of compressed data in the data encryption step for each of the plurality of compressed data. .
 前記命令は、例えば、前記コンピュータプログラムをコンパイルする際に、CPUに実行させる命令として当該コンピュータプログラムに付加される。
 制御装置11のCPUは、前記複数の圧縮データを暗号化して複数の暗号データを生成する処理を実行する際、上記命令に従って複数の圧縮データごとに並列実行する。
 これにより、暗号化処理部16は、図8に示すように、期間Q1~Q4が互いに重複するように、暗号データ1~4の生成を行う。 The instructions are added to the computer program as instructions to be executed by the CPU when the computer program is compiled, for example.
When executing the process of generating the plurality of encrypted data by encrypting the plurality of compressed data, the CPU of the control device 11 executes the plurality of compressed data in parallel according to the above instruction.
Thereby, the encryption processing unit 16 generates the encrypted data 1 to 4 so that the periods Q1 to Q4 overlap each other as shown in FIG.
 前記命令は、当該命令を実行するCPUの処理能力を考慮して実行可能に構成される。
 それにも関わらず、制御装置11のCPUは、前記複数の圧縮データを暗号化して複数の暗号データを生成する処理の実行中に、他に実行する必要がある処理を割り込ませて実行することがある。 The instruction is configured to be executable in consideration of the processing capability of the CPU that executes the instruction.
Nevertheless, the CPU of the control device 11 may interrupt and execute other processes that need to be executed during the process of generating the plurality of encrypted data by encrypting the plurality of compressed data. is there.
 図9は、暗号化処理部16が暗号化を開始し、データ制御部15が暗号データを送信する際のタイムチャートの他の例を示している。
 図9において、図8との間の相違点は、圧縮データ4の暗号化に用いる乱数データが生成された期間P4と、圧縮データ4を暗号化して暗号データ4を生成する期間Q4との間に、他の処理を割り込ませて実行している点である。 FIG. 9 shows another example of a time chart when the encryption processing unit 16 starts encryption and the data control unit 15 transmits encrypted data.
9, the difference from FIG. 8 is between a period P4 in which random number data used for encryption of the compressed data 4 is generated and a period Q4 in which the compressed data 4 is encrypted and the encrypted data 4 is generated. In addition, another process is interrupted and executed.
 例えば、他の処理の緊急度や優先度が暗号データを生成する処理のそれよりも高く、暗号データを生成する処理の実行中に他の処理を実行する必要が生じた場合、制御装置11のCPUは、暗号データを生成する処理を実行しつつ前記他の処理を実行することが可能なリソースを自CPUが有しているか否かを判定する。両処理を実行可能なリソースを有していないと判定すると、制御装置11のCPUは、暗号データを生成する処理に用いているリソースの一部を他の処理のために開放する。 For example, when the urgency or priority of other processing is higher than that of processing for generating encrypted data, and it is necessary to execute other processing during execution of processing for generating encrypted data, the control device 11 The CPU determines whether or not the own CPU has a resource capable of executing the other process while executing the process of generating the encrypted data. If it is determined that there is no resource that can execute both processes, the CPU of the control device 11 releases part of the resources used for the process of generating the encrypted data for other processes.
 図9では、制御装置11のCPUは、暗号データ1、2、3を生成する処理については維持し、暗号データ4を生成する処理については中止する。これによって制御装置11のCPUは、期間P4と、期間Q4との間に、他の処理を割り込ませて実行している。 In FIG. 9, the CPU of the control device 11 maintains the process of generating the encrypted data 1, 2, and 3 and stops the process of generating the encrypted data 4. Thus, the CPU of the control device 11 interrupts and executes other processing between the period P4 and the period Q4.
 制御装置11のCPUは、他の処理の実行を終えると、暗号データ4を生成する処理を開始する。図9において、制御装置11のCPUは、期間R3(暗号データ3をバックアップ用サーバ3に送信する期間)の間に、暗号データ4を生成する処理を開始する。
 このため、期間Q4は、期間Q1、Q2、Q3との間で重複していない。 When the CPU of the control device 11 finishes executing other processes, it starts a process of generating the encrypted data 4. In FIG. 9, the CPU of the control device 11 starts the process of generating the encrypted data 4 during the period R3 (the period during which the encrypted data 3 is transmitted to the backup server 3).
For this reason, the period Q4 does not overlap with the periods Q1, Q2, and Q3.
 このように、複数の暗号データを生成する処理を複数の圧縮データごとに並列実行させるための命令が含まれているコンピュータプログラムを、制御装置11のCPUに実行させた場合、図9のように、他の期間Q1、Q2、Q3との間で重複が生じない期間Q4が現れることがある。なお、他の期間Q1、Q2、Q3は互いに重複している。 In this way, when the CPU of the control device 11 is caused to execute a computer program including an instruction for executing a process for generating a plurality of encrypted data in parallel for each of a plurality of compressed data, as shown in FIG. A period Q4 in which there is no overlap with other periods Q1, Q2, and Q3 may appear. The other periods Q1, Q2, and Q3 overlap each other.
 このように、例外的に、他の期間Q1、Q2、Q3との間で重複が生じない期間Q4が現れる場合がある。
 しかし、上記コンピュータプログラムに含まれる前記命令は、当該命令を実行するCPUの処理能力を考慮して実行可能に構成されており、例外的に期間Q4のように、他の期間との間で重複が生じない期間が現れたとしても、他の期間Q1、Q2、Q3は、互いに重複しており、全体としては、データを暗号化し送信する処理に要する時間の短縮を図ることができる。 As described above, there may be an exceptional period Q4 in which no overlap occurs with other periods Q1, Q2, and Q3.
However, the instruction included in the computer program is configured to be executable in consideration of the processing capability of the CPU executing the instruction, and is exceptionally overlapped with other periods as in the period Q4. Even if a period in which no occurrence occurs, the other periods Q1, Q2, and Q3 overlap each other, and as a whole, it is possible to reduce the time required for the process of encrypting and transmitting data.
 なお、図9では、他の処理を実行するために、他の暗号データを生成するための期間Q1、Q2、Q3と重複しない期間Q4が現れる場合を示したが、暗号化処理部16(のデータ暗号化部22)は、複数の暗号データを生成するための期間Q1~Q4の内、少なくともいずれか2つの期間が互いに重複するように、4つの暗号データを生成してもよい。 FIG. 9 shows a case where a period Q4 that does not overlap with the periods Q1, Q2, and Q3 for generating other encrypted data appears in order to execute other processes. The data encryption unit 22) may generate four pieces of encrypted data such that at least any two of the periods Q1 to Q4 for generating a plurality of pieces of encrypted data overlap each other.
 例えば、暗号化処理部16は、期間Q1と期間Q2とが互いに重複し、期間Q3が他の期間に重複せず、期間Q4も他の期間に重複しないように、4つの暗号データを生成してもよい。 For example, the encryption processing unit 16 generates four pieces of encrypted data so that the period Q1 and the period Q2 overlap each other, the period Q3 does not overlap another period, and the period Q4 also does not overlap another period. May be.
 また、暗号化処理部16は、期間Q2と期間Q3とが互いに重複し、期間Q1が他の期間に重複せず、期間Q4も他の期間に重複しないように、4つの暗号データを生成してもよい。 In addition, the encryption processing unit 16 generates four encrypted data so that the period Q2 and the period Q3 overlap each other, the period Q1 does not overlap with other periods, and the period Q4 also does not overlap with other periods. May be.
〔他の実施形態について〕
 図10は、他の実施形態に係るデータ暗号化部22の構成を示すブロック図である。
 本実施形態は、データ暗号化部22が、暗号化用乱数発生部22bにより生成された乱数データを記憶する記憶部22cを備えている点で、上記実施形態と相違している。 [Other Embodiments]
FIG. 10 is a block diagram illustrating a configuration of the data encryption unit 22 according to another embodiment.
The present embodiment is different from the above embodiment in that the data encryption unit 22 includes a storage unit 22c that stores random number data generated by the encryption random number generation unit 22b.
 本実施形態において、暗号化処理部16は、データ制御部15からユーザデータが与えられると、暗号化用乱数発生部22bに暗号化に使用する複数の乱数データを生成させる。
 なお、暗号化用乱数発生部22bは、必要数の乱数データを生成する。圧縮データ(分割データ)の数を認識しているとき、暗号化用乱数発生部22bは、圧縮データの数に応じて必要数の乱数データを生成する。乱数データの必要数である圧縮データ(分割データ)の数を認識していないとき、暗号化用乱数発生部22bは、ユーザデータの大きさ等に応じて必要数の乱数データを生成する。 In the present embodiment, when the user data is given from the data control unit 15, the encryption processing unit 16 causes the encryption random number generation unit 22b to generate a plurality of random number data used for encryption.
The encryption random number generator 22b generates a required number of random number data. When the number of compressed data (divided data) is recognized, the encryption random number generator 22b generates a required number of random data according to the number of compressed data. When the number of compressed data (divided data), which is the required number of random data, is not recognized, the encryption random number generator 22b generates the required number of random data according to the size of user data and the like.
 暗号化用乱数発生部22bは、データ分割部20及びデータ圧縮部21が、ユーザデータの分割及び圧縮を実行する間に、必要数の乱数データを生成する。暗号化用乱数発生部22bが生成した乱数データは、記憶部22cに与えられる。
 記憶部22cは、暗号化用乱数発生部22bから与えられた必要数の乱数データを記憶する。 The encryption random number generation unit 22b generates a required number of random number data while the data dividing unit 20 and the data compressing unit 21 execute division and compression of user data. The random number data generated by the encryption random number generation unit 22b is given to the storage unit 22c.
The storage unit 22c stores the required number of random number data given from the encryption random number generation unit 22b.
 データ暗号化部22は、記憶部22cに記憶された必要数の乱数データを用いて圧縮データの暗号化を行う。
 データ暗号化部22の暗号化演算部22aには、記憶部22cに記憶された乱数データと、データ圧縮部21から圧縮データとが与えられる。 The data encryption unit 22 encrypts the compressed data using the required number of random number data stored in the storage unit 22c.
The random number data stored in the storage unit 22 c and the compressed data from the data compression unit 21 are given to the encryption calculation unit 22 a of the data encryption unit 22.
 乱数データは、生成された順番に従って記憶部22cから出力され暗号化演算部22aに与えられる。
 暗号化演算部22aは、データ圧縮部21から与えられる圧縮データと、記憶部22cから与えられる乱数データとを用いて暗号化演算を行うことにより、暗号データを生成する。暗号化演算部22aは、記憶部22cから乱数データが与えられるごとに複数の暗号データを順次生成する。 The random number data is output from the storage unit 22c according to the order in which it is generated, and is provided to the encryption operation unit 22a.
The encryption operation unit 22a generates encryption data by performing an encryption operation using the compressed data provided from the data compression unit 21 and the random number data provided from the storage unit 22c. The encryption operation unit 22a sequentially generates a plurality of encryption data every time random number data is given from the storage unit 22c.
 図11は、他の実施形態に係る、複数の暗号データを生成する期間、及び複数の暗号データを送信する期間を示したタイムチャートの一例を示す図である。
 本実施形態では、暗号化処理部16の暗号化演算部22aが暗号化に用いる乱数データは、データ分割部20及びデータ圧縮部21が、ユーザデータの分割及び圧縮を実行する間に生成され、記憶部22cに記憶されている。
 よって、暗号化処理部16は、各暗号データ1~4を生成する際に、乱数データを生成する期間を必要としない。 FIG. 11 is a diagram illustrating an example of a time chart showing a period for generating a plurality of encrypted data and a period for transmitting a plurality of encrypted data according to another embodiment.
In the present embodiment, the random number data used for encryption by the encryption operation unit 22a of the encryption processing unit 16 is generated while the data dividing unit 20 and the data compressing unit 21 execute division and compression of user data, It is stored in the storage unit 22c.
Therefore, the encryption processing unit 16 does not need a period for generating random number data when generating each of the encrypted data 1 to 4.
 図11中、暗号データを生成する期間Q1~Q4の前に存在している期間t1~t4は、暗号化演算部22aに記憶部22cからの乱数データが与えられるために必要な期間である。
 図8にて示した、乱数データを生成する期間P1~P4は、暗号化用乱数発生部22bから暗号化演算部22aに乱数データが与えられるために必要な期間と、暗号化用乱数発生部22bが実際に乱数データを生成する期間とを含んでいる。
 よってこの期間t1~t4は、暗号化用乱数発生部22bが実際に乱数データを生成する期間を含んでおらず、図8中の期間P1~P4よりも短い期間である。 In FIG. 11, the periods t1 to t4 existing before the periods Q1 to Q4 for generating the encryption data are periods necessary for the random number data from the storage unit 22c to be given to the encryption operation unit 22a.
The periods P1 to P4 for generating random number data shown in FIG. 8 are the period necessary for the random number data to be given from the encryption random number generator 22b to the encryption calculator 22a, and the encryption random number generator. 22b includes a period for actually generating random number data.
Therefore, the periods t1 to t4 do not include a period during which the encryption random number generator 22b actually generates random number data, and are shorter than the periods P1 to P4 in FIG.
 このように、本実施形態では、記憶部22cに記憶されている乱数データを用いて暗号データ1~4を生成するので、各暗号データ1~4を生成する際に、乱数データを生成する期間を必要としない。この結果、データを暗号化し送信する処理に要する時間をより短縮することができる。 As described above, in the present embodiment, the encrypted data 1 to 4 are generated using the random number data stored in the storage unit 22c. Therefore, when the encrypted data 1 to 4 are generated, the period for generating the random number data Do not need. As a result, the time required for the process of encrypting and transmitting data can be further shortened.
 なお、上記実施形態のデータ暗号化部22は、図12に示すように複数(図例では4つ)の暗号化演算部22a、22d、22e、22fを備えていてもよい。
 この上記実施形態の変形例の場合、記憶部22cから出力された乱数データは、各暗号化演算部22a、22d、22e、22fに与えられる。 In addition, the data encryption part 22 of the said embodiment may be provided with several encryption calculating part 22a, 22d, 22e, 22f as shown in FIG.
In the case of the modification of the above embodiment, the random number data output from the storage unit 22c is given to the encryption calculation units 22a, 22d, 22e, and 22f.
 各暗号化演算部22a、22d、22e、22fには、乱数データの他、データ圧縮部21から圧縮データが与えられる。 In addition to random number data, compressed data is given from the data compression unit 21 to the encryption calculation units 22a, 22d, 22e, and 22f.
 各暗号化演算部22a、22d、22e、22fは、データ圧縮部21から与えられる圧縮データと、記憶部22cから与えられる乱数データとを用いて暗号化演算を行うことにより、暗号データ1~4を生成する。このように、本実施形態では、4つの暗号データ1~4に対して4つの暗号化演算部22a、22d、22e、22fを備えている。 Each of the encryption operation units 22a, 22d, 22e, and 22f performs the encryption operation using the compressed data provided from the data compression unit 21 and the random number data provided from the storage unit 22c, whereby encrypted data 1 to 4 is obtained. Is generated. As described above, in the present embodiment, four encryption calculation units 22a, 22d, 22e, and 22f are provided for the four encryption data 1 to 4.
 図13は、上記実施形態の変形例に係る、複数の暗号データを生成する期間、及び複数の暗号データを送信する期間を示したタイムチャートの一例である。
 この場合、データ暗号化部22は、4つの暗号化演算部22a、22d、22e、22fを備えているので、暗号化演算を並列実行することができる。 FIG. 13 is an example of a time chart showing a period for generating a plurality of pieces of encrypted data and a period for transmitting a plurality of pieces of encrypted data according to a modification of the embodiment.
In this case, since the data encryption unit 22 includes four encryption operation units 22a, 22d, 22e, and 22f, the encryption operation can be executed in parallel.
 このため、乱数データ及び圧縮データを、各暗号化演算部22a、22d、22e、22fの間でほぼ同じタイミングとなるように与えると、図13に示すように、期間t1~t4それぞれの開始及び終了のタイミングがほぼ同じとなる。また、期間Q1~Q4それぞれの開始及び終了のタイミングもほぼ同じとなる。さらに、期間R1~R4それぞれの開始及び終了のタイミングも同様にほぼ同じとなる。 For this reason, when the random number data and the compressed data are given so as to have almost the same timing among the respective encryption operation units 22a, 22d, 22e, and 22f, as shown in FIG. The end timing is almost the same. Further, the start timing and end timing of each of the periods Q1 to Q4 are substantially the same. Further, the start and end timings of the periods R1 to R4 are also substantially the same.
 このように、本変形例によれば、データ暗号化部22は、4つの暗号化演算部22a、22d、22e、22fを備えているので、暗号化演算を並列実行することができ、データを暗号化し送信する処理に要する時間をさらに短縮することができる。 Thus, according to this modification, since the data encryption unit 22 includes the four encryption operation units 22a, 22d, 22e, and 22f, the encryption operation can be executed in parallel, and the data is The time required for the process of encrypting and transmitting can be further shortened.
〔付記〕
 上記データ処理装置(制御装置11)は、以下の構成を有するものとして捉えることもできる。
 すなわち、一実施形態に係るデータ処理装置は、データを圧縮及び暗号化し他の装置に送信するデータ処理装置であって、前記データを分割して、複数の分割データを生成するデータ分割部と、前記複数の分割データそれぞれを可逆圧縮することにより複数の圧縮データを生成するデータ圧縮部と、前記複数の圧縮データを、複数次元データとして複数次元データ暗号化アルゴリズムを用いて暗号化することにより暗号データを生成するデータ暗号化部と、前記複数の暗号データの内、一の暗号データが生成されると他の暗号データの生成を待たずに前記一の暗号データを前記他の装置に送信する送信制御部と、を備えている。 [Appendix]
The data processing device (control device 11) can also be regarded as having the following configuration.
That is, a data processing device according to an embodiment is a data processing device that compresses and encrypts data and transmits the data to another device, and divides the data to generate a plurality of divided data; A data compression unit that generates a plurality of compressed data by reversibly compressing each of the plurality of divided data, and encryption by encrypting the plurality of compressed data as multidimensional data using a multidimensional data encryption algorithm A data encryption unit that generates data, and when one encrypted data among the plurality of encrypted data is generated, the one encrypted data is transmitted to the other device without waiting for generation of the other encrypted data. A transmission control unit.
 本構成によれば、データ分割部がデータを分割して複数の分割データを生成し、データ圧縮部が、複数の分割データそれぞれを可逆圧縮することにより複数の圧縮データを生成する。これにより、データ圧縮部が、分割前のデータを圧縮する構成に比べて、圧縮時間の短縮を図ることができるので、データの暗号化処理に要する時間を短縮することができる。また、データ暗号化部が、複数の圧縮データを複数次元データとして暗号化する。これにより、データ暗号化部が、複数の圧縮データそれぞれの暗号化に、複数次元データ暗号化アルゴリズムを採用することができる。
 さらに、送信制御部が、複数の暗号データの内、一の暗号データが生成されると他の暗号データの生成を待たずに一の暗号データを他の装置に送信するので、複数の暗号データ全部が生成されるのを待つことなく送信することができる。このため、送信すべきデータである複数の分割データが全て暗号化されるのを待って送信する場合と比較して、暗号化のための待ち時間を圧縮することができ、データの送信処理に要する時間を短縮することができる。
 以上のように、本構成によれば、データを暗号化し送信する処理に要する時間の短縮を図ることができる。 According to this configuration, the data dividing unit divides the data to generate a plurality of divided data, and the data compression unit generates a plurality of compressed data by reversibly compressing each of the plurality of divided data. As a result, the compression time can be shortened as compared with the configuration in which the data compression unit compresses the data before the division, so that the time required for the data encryption process can be shortened. The data encryption unit encrypts the plurality of compressed data as multidimensional data. Thereby, the data encryption part can employ | adopt a multidimensional data encryption algorithm for encryption of each of several compressed data.
Further, since the transmission control unit transmits one encrypted data to another device without waiting for the generation of the other encrypted data when one encrypted data is generated among the plurality of encrypted data, the plurality of encrypted data You can send without waiting for everything to be generated. For this reason, the waiting time for encryption can be compressed compared with the case where transmission is performed after waiting for all of the plurality of divided data to be transmitted to be encrypted. The time required can be shortened.
As described above, according to this configuration, it is possible to reduce the time required for the process of encrypting and transmitting data.
 上記データ処理装置において、前記データ暗号化部は、前記複数の圧縮データそれぞれの暗号化に用いる複数の乱数データを生成する乱数データ生成部を備え、前記乱数データ生成部は、複数の前記乱数データの内、一の前記乱数データに基づいて次の前記乱数データを生成し、前記データ暗号化部は、前記乱数データ生成部が前記乱数データを生成するごとに前記複数の暗号データを順次生成することが好ましい。
 この場合、乱数データが生成されるごとに、暗号データが順次生成される。よって、送信制御部は、複数の暗号データの内、一の暗号データが生成されるごとに順次他の装置に送信する。これにより、送信処理に要する時間を効果的に短縮することができる。 In the data processing device, the data encryption unit includes a random number data generation unit that generates a plurality of random number data used for encryption of each of the plurality of compressed data, and the random number data generation unit includes the plurality of random number data. The next random number data is generated based on the one random number data, and the data encryption unit sequentially generates the plurality of encrypted data every time the random number data generation unit generates the random number data. It is preferable.
In this case, every time random number data is generated, encrypted data is sequentially generated. Therefore, the transmission control unit sequentially transmits to another apparatus every time one piece of encrypted data is generated among the plurality of pieces of encrypted data. As a result, the time required for the transmission process can be effectively shortened.
 また、一実施形態に係るデータ送信方法は、データを圧縮及び暗号化し他の装置に送信するデータ送信方法であって、前記データを分割して、複数の分割データを生成するデータ分割ステップと、前記複数の分割データそれぞれを可逆圧縮することにより複数の圧縮データを生成するデータ圧縮ステップと、前記複数の圧縮データを、複数次元データとして複数次元データ暗号化アルゴリズムを用いて暗号化することにより暗号データを生成するデータ暗号化ステップと、前記複数の暗号データの内、一の暗号データが生成されると他の暗号データの生成を待たずに前記一の暗号データを前記他の装置に送信する送信制御ステップと、を含む。 A data transmission method according to an embodiment is a data transmission method for compressing and encrypting data and transmitting the data to another device, the data dividing step of dividing the data to generate a plurality of divided data, A data compression step for generating a plurality of compressed data by reversibly compressing each of the plurality of divided data, and encryption by encrypting the plurality of compressed data as multidimensional data using a multidimensional data encryption algorithm A data encryption step for generating data; and when one encrypted data among the plurality of encrypted data is generated, the one encrypted data is transmitted to the other device without waiting for generation of the other encrypted data. A transmission control step.
 また、一実施形態に係るコンピュータプログラムは、データを圧縮及び暗号化し他の装置に送信するデータ送信処理をコンピュータに実行させるためのコンピュータプログラムであって、コンピュータに前記データを分割して、複数の分割データを生成するデータ分割ステップと、前記複数の分割データそれぞれを可逆圧縮することにより複数の圧縮データを生成するデータ圧縮ステップと、前記複数の圧縮データを、複数次元データとして複数次元データ暗号化アルゴリズムを用いて暗号化することにより暗号データを生成するデータ暗号化ステップと、前記複数の暗号データの内、一の暗号データが生成されると他の暗号データの生成を待たずに前記一の暗号データを前記他の装置に送信する送信制御ステップと、を実行させるためのコンピュータプログラムである。 A computer program according to an embodiment is a computer program for causing a computer to execute a data transmission process of compressing and encrypting data and transmitting the data to another device. The computer program divides the data into a plurality of data. A data division step for generating divided data, a data compression step for generating a plurality of compressed data by reversibly compressing each of the plurality of divided data, and multi-dimensional data encryption of the plurality of compressed data as multi-dimensional data A data encryption step for generating encrypted data by encrypting using an algorithm, and when one encrypted data among the plurality of encrypted data is generated, the one of the encrypted data is not waited for to be generated. A transmission control step of transmitting encrypted data to the other device; Is a computer program.
 また、一実施形態に係るデータサーバは、データを圧縮及び暗号化しバックアップサーバに送信するデータサーバであって、前記データを分割して、複数の分割データを生成するデータ分割部と、前記複数の分割データそれぞれを可逆圧縮することにより複数の圧縮データを生成するデータ圧縮部と、前記複数の圧縮データを、複数次元データとして複数次元データ暗号化アルゴリズムを用いて暗号化することにより暗号データを生成するデータ暗号化部と、前記複数の暗号データの内、一の暗号データが生成されると他の暗号データの生成を待たずに前記一の暗号データを前記他の装置に送信する送信制御部と、を備えている。 The data server according to an embodiment is a data server that compresses and encrypts data and transmits the data to a backup server, and divides the data to generate a plurality of divided data, and the plurality of data A data compression unit for generating a plurality of compressed data by reversibly compressing each of the divided data, and generating the encrypted data by encrypting the plurality of compressed data as a plurality of data using a multidimensional data encryption algorithm And a transmission control unit that transmits the one encrypted data to the other device without waiting for the generation of the other encrypted data when one of the plurality of encrypted data is generated. And.
 上記構成のデータ送信方法、コンピュータプログラム、及びデータサーバによれば、データを圧縮し送信する処理に要する時間の短縮を図ることができる。 According to the data transmission method, the computer program, and the data server configured as described above, it is possible to reduce the time required for processing to compress and transmit data.
 1 データサーバ
 2 端末
 3 バックアップ用サーバ
 4 インターネット
 11 制御装置
 12 記憶装置
 13 通信装置
 15 データ制御部
 16 暗号化処理部
 20 データ分割部
 21 データ圧縮部
 22 データ暗号化部
 22a、22d、22e、22f 暗号化演算部
 22b 暗号化用乱数発生部
 22c 記憶部
 23 データ復号部
 23a 復号演算部
 23b 復号用乱数発生部
 24 データ展開部
 25 データ結合部
 26 秘密鍵保持部
 31 初期値生成部
 32 第1記憶部
 33 第2記憶部
 34 第1計算部
 35 第2計算部
 36 出力部
 37 第1更新部
 38 第2更新部 DESCRIPTION OF SYMBOLS 1 Data server 2 Terminal 3 Backup server 4 Internet 11 Control apparatus 12 Storage apparatus 13 Communication apparatus 15 Data control part 16 Encryption process part 20 Data division part 21 Data compression part 22 Data encryption part 22a, 22d, 22e, 22f Encryption Encoding operation unit 22b Encryption random number generation unit 22c Storage unit 23 Data decryption unit 23a Decryption operation unit 23b Decryption random number generation unit 24 Data expansion unit 25 Data combining unit 26 Secret key holding unit 31 Initial value generation unit 32 First storage unit 33 Second storage unit 34 First calculation unit 35 Second calculation unit 36 Output unit 37 First update unit 38 Second update unit

Claims (9)

  1.  データを圧縮及び暗号化し他の装置に送信するデータ処理装置であって、
     前記データを分割して、複数の分割データを生成するデータ分割部と、
     前記複数の分割データそれぞれを可逆圧縮することにより複数の圧縮データを生成するデータ圧縮部と、
     複数の暗号対象データそれぞれを要素とする複数次元データを暗号化する複数次元データ暗号化アルゴリズムを用いて暗号化するデータ暗号化部と、
     前記複数の暗号データを前記他の装置に送信する送信制御部と、
    を備え、
     前記データ暗号化部は、
      前記複数の圧縮データが、前記複数次元データの要素として与えられ、前記複数の圧縮データを、前記複数次元データ暗号化アルゴリズムを用いて暗号化することにより複数の暗号データを生成するとともに、
      前記複数の暗号データの内、一の暗号データを生成するための期間と、前記一の暗号データ以外の他の暗号データを生成するための期間とが、互いに重複するように、前記複数の暗号データを生成し、
     前記送信制御部は、
      前記複数の暗号データそれぞれが生成されるごとに、生成された暗号データを前記他の装置に送信する
    データ処理装置。     A data processing apparatus that compresses and encrypts data and transmits the data to another apparatus,
    A data dividing unit that divides the data to generate a plurality of divided data;
    A data compression unit that generates a plurality of compressed data by reversibly compressing each of the plurality of divided data;
    A data encryption unit that encrypts data using a multi-dimensional data encryption algorithm that encrypts multi-dimensional data each having a plurality of encryption target data elements;
    A transmission control unit for transmitting the plurality of encrypted data to the other device;
    With
    The data encryption unit
    The plurality of compressed data is given as an element of the multi-dimensional data, and the plurality of compressed data is encrypted using the multi-dimensional data encryption algorithm to generate a plurality of encrypted data.
    Among the plurality of encryption data, the plurality of ciphers are set such that a period for generating one encryption data and a period for generating other encryption data other than the one encryption data overlap each other. Generate data,
    The transmission control unit
    A data processing device that transmits the generated encrypted data to the other device each time the plurality of encrypted data is generated.
  2.  前記データ暗号化部は、
      前記複数の圧縮データを、順次暗号化することにより複数の暗号データを生成するとともに、
      前記複数の暗号データの生成を順次遅れたタイミングで開始させ、前記複数の暗号データそれぞれの生成の期間が、生成される順番が隣り合う暗号データ間において互いに重複するように、前記複数の暗号データを生成し、
     前記送信制御部は、
      前記複数の暗号データのそれぞれにおいて、生成される順番が隣り合って前後する暗号データ間で、前の暗号データの生成が終了すると後の暗号データの生成の終了を待たずに前記前の暗号データが前記他の装置に送信されるように、前記複数の暗号データの送信をする
    請求項1に記載のデータ処理装置。     The data encryption unit
    A plurality of encrypted data is generated by sequentially encrypting the plurality of compressed data, and
    The generation of the plurality of encryption data is started at a sequentially delayed timing, and the generation period of each of the plurality of encryption data is such that the generation order overlaps between the encryption data adjacent to each other in the generation order. Produces
    The transmission control unit
    In each of the plurality of encrypted data, when the generation of the previous encrypted data is completed between the encrypted data adjacent to each other in the order of generation, the previous encrypted data is not waited until the generation of the subsequent encrypted data is completed. The data processing apparatus according to claim 1, wherein the plurality of pieces of encrypted data are transmitted such that the encrypted data is transmitted to the other apparatus.
  3.  前記データ暗号化部は、前記複数の圧縮データそれぞれの暗号化に用いる複数の乱数データを生成する乱数データ生成部を備え、
     前記乱数データ生成部は、複数の前記乱数データの内、一の前記乱数データに基づいて次の前記乱数データを生成し、
     前記データ暗号化部は、前記乱数データ生成部が前記乱数データを生成するごとに前記複数の暗号データを順次生成し、
     前記後の暗号データの生成を開始するタイミングは、前記前の暗号データの生成を開始するタイミングから、前記乱数データを生成するために必要な期間をおいたタイミングとされている
    請求項2に記載のデータ処理装置。     The data encryption unit includes a random number data generation unit that generates a plurality of random number data used for encryption of each of the plurality of compressed data,
    The random number data generation unit generates the next random number data based on one random number data among the plurality of random number data,
    The data encryption unit sequentially generates the plurality of encrypted data every time the random number data generation unit generates the random number data,
    The timing for starting generation of the subsequent encrypted data is set to a timing after a period necessary for generating the random number data from the timing for starting generation of the previous encrypted data. Data processing equipment.
  4.  前記データ暗号化部は、
      前記複数の圧縮データを、順次暗号化することにより複数の暗号データを生成するとともに、
      前記複数の暗号データの生成を順次遅れたタイミングで開始させ、前記複数の暗号データの内、最初に生成される暗号データを生成する期間の間に、最後に生成される暗号データの生成を開始するように、前記複数の暗号データを生成する
    請求項1から請求項3のいずれか一項に記載のデータ処理装置。     The data encryption unit
    A plurality of encrypted data is generated by sequentially encrypting the plurality of compressed data, and
    The generation of the plurality of encrypted data is started at a sequentially delayed timing, and the generation of the last generated encrypted data is started during the period of generating the first generated encrypted data among the plurality of encrypted data. The data processing apparatus according to any one of claims 1 to 3, wherein the plurality of encrypted data is generated.
  5.  前記データ暗号化部は、前記複数の圧縮データそれぞれの暗号化に用いる複数の乱数データを生成する乱数データ生成部と、前記乱数データ生成部が生成した前記複数の乱数データを記憶する記憶部と、を備え、
     前記データ暗号化部は、前記記憶部に記憶された前記複数の乱数データを用いて前記複数の暗号データを生成する
    請求項1に記載のデータ処理装置。     The data encryption unit includes: a random number data generation unit that generates a plurality of random number data used for encryption of each of the plurality of compressed data; and a storage unit that stores the plurality of random number data generated by the random number data generation unit; With
    The data processing apparatus according to claim 1, wherein the data encryption unit generates the plurality of encrypted data using the plurality of random number data stored in the storage unit.
  6.  データを圧縮及び暗号化し他の装置に送信するデータ処理装置であって、
     前記データを分割して、複数の分割データを生成するデータ分割部と、
     前記複数の分割データそれぞれを可逆圧縮することにより複数の圧縮データを生成するデータ圧縮部と、
     前記複数の圧縮データを、複数次元データとして複数次元データ暗号化アルゴリズムを用いて暗号化することにより複数の暗号データを生成するデータ暗号化部と、
     前記複数の暗号データの内、一の暗号データが生成されると他の暗号データの生成を待たずに前記一の暗号データを前記他の装置に送信する送信制御部と、
    を備えているデータ処理装置。     A data processing apparatus that compresses and encrypts data and transmits the data to another apparatus,
    A data dividing unit that divides the data to generate a plurality of divided data;
    A data compression unit that generates a plurality of compressed data by reversibly compressing each of the plurality of divided data;
    A data encryption unit that generates a plurality of encrypted data by encrypting the plurality of compressed data as a plurality of dimensional data using a multi-dimensional data encryption algorithm;
    A transmission control unit that transmits the one encrypted data to the other device without waiting for the generation of the other encrypted data when one encrypted data is generated among the plurality of encrypted data;
    A data processing apparatus comprising:
  7.  データを圧縮及び暗号化し他の装置に送信するデータ送信方法であって、
     前記データを分割して、複数の分割データを生成するデータ分割ステップと、
     前記複数の分割データそれぞれを可逆圧縮することにより複数の圧縮データを生成するデータ圧縮ステップと、
     複数の暗号対象データそれぞれを要素とする複数次元データを暗号化する複数次元データ暗号化アルゴリズムを用いて暗号化するデータ暗号化ステップと、
     前記複数の暗号データを前記他の装置に送信する送信制御ステップと、
    を含み、
     前記データ暗号化ステップは、
      前記複数次元データの要素として与えられる、前記複数の圧縮データを、前記複数次元データ暗号化アルゴリズムを用いて暗号化することにより複数の暗号データを生成するとともに、
      前記複数の暗号データの内、一の暗号データを生成するための期間と、前記一の暗号データ以外の他の暗号データを生成するための期間とが、互いに重複するように、前記複数の暗号データを生成し、
     前記送信制御ステップは、
      前記複数の暗号データそれぞれが生成されるごとに、生成された暗号データを前記他の装置に送信する
    データ送信方法。     A data transmission method for compressing and encrypting data and transmitting the data to another device,
    A data dividing step of dividing the data to generate a plurality of divided data;
    A data compression step of generating a plurality of compressed data by reversibly compressing each of the plurality of divided data;
    A data encryption step for encrypting using a multi-dimensional data encryption algorithm for encrypting multi-dimensional data with each of a plurality of data to be encrypted as elements;
    A transmission control step of transmitting the plurality of encrypted data to the other device;
    Including
    The data encryption step includes
    Generating a plurality of encrypted data by encrypting the plurality of compressed data given as elements of the multi-dimensional data using the multi-dimensional data encryption algorithm;
    Among the plurality of encryption data, the plurality of ciphers are set such that a period for generating one encryption data and a period for generating other encryption data other than the one encryption data overlap each other. Generate data,
    The transmission control step includes
    A data transmission method for transmitting the generated encrypted data to the other device each time the plurality of encrypted data is generated.
  8.  データを圧縮及び暗号化し他の装置に送信するデータ送信処理をコンピュータに実行させるためのコンピュータプログラムであって、
     コンピュータに
     前記データを分割して、複数の分割データを生成するデータ分割ステップと、
     前記複数の分割データそれぞれを可逆圧縮することにより複数の圧縮データを生成するデータ圧縮ステップと、
     複数の暗号対象データそれぞれを要素とする複数次元データを暗号化する複数次元データ暗号化アルゴリズムを用いて暗号化するデータ暗号化ステップと、
     前記複数の暗号データを前記他の装置に送信する送信制御ステップと、
    を実行させるためのコンピュータプログラムであり、
     前記データ暗号化ステップは、
      前記複数次元データの要素として与えられる、前記複数の圧縮データを、前記複数次元データ暗号化アルゴリズムを用いて暗号化することにより複数の暗号データを生成するとともに、
      前記複数の暗号データの内、一の暗号データを生成するための期間と、前記一の暗号データ以外の他の暗号データを生成するための期間とが、互いに重複するように、前記複数の暗号データを生成し、
     前記送信制御ステップは、
      前記複数の暗号データそれぞれが生成されるごとに、生成された暗号データを前記他の装置に送信する
    コンピュータプログラム。     A computer program for causing a computer to execute data transmission processing for compressing and encrypting data and transmitting the data to another device,
    A data dividing step of dividing the data into a computer and generating a plurality of divided data;
    A data compression step of generating a plurality of compressed data by reversibly compressing each of the plurality of divided data;
    A data encryption step for encrypting using a multi-dimensional data encryption algorithm for encrypting multi-dimensional data with each of a plurality of data to be encrypted as elements;
    A transmission control step of transmitting the plurality of encrypted data to the other device;
    Is a computer program for executing
    The data encryption step includes
    Generating a plurality of encrypted data by encrypting the plurality of compressed data given as elements of the multi-dimensional data using the multi-dimensional data encryption algorithm;
    Among the plurality of encryption data, the plurality of ciphers are set such that a period for generating one encryption data and a period for generating other encryption data other than the one encryption data overlap each other. Generate data,
    The transmission control step includes
    A computer program that transmits the generated encrypted data to the other device each time the plurality of encrypted data is generated.
  9.  前記データ暗号化ステップにおいて前記複数の圧縮データを暗号化して複数の暗号データを生成する処理を、前記複数の圧縮データごとに並列実行させるための命令をさらに含む
    請求項8に記載のコンピュータプログラム。     The computer program according to claim 8, further comprising an instruction for executing, in parallel for each of the plurality of compressed data, a process of generating the plurality of encrypted data by encrypting the plurality of compressed data in the data encryption step.
PCT/JP2016/067062 2015-06-08 2016-06-08 Data processing device, data transmission method, and computer program WO2016199812A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2015115603A JP2017005412A (en) 2015-06-08 2015-06-08 Data processing device, data transmission method, computer program and data server
JP2015-115603 2015-06-08

Publications (1)

Publication Number Publication Date
WO2016199812A1 true WO2016199812A1 (en) 2016-12-15

Family

ID=57504051

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2016/067062 WO2016199812A1 (en) 2015-06-08 2016-06-08 Data processing device, data transmission method, and computer program

Country Status (2)

Country Link
JP (1) JP2017005412A (en)
WO (1) WO2016199812A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111597521A (en) * 2020-05-20 2020-08-28 贵州电网有限责任公司 Transformer substation mobile terminal data security processing method and system

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102559290B1 (en) * 2020-01-06 2023-07-26 주식회사 아미크 Method and system for hybrid cloud-based real-time data archiving

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002082715A1 (en) * 2001-04-03 2002-10-17 Mitsubishi Denki Kabushiki Kaisha Encrypting device
JP2004286788A (en) * 2003-03-19 2004-10-14 National Institute Of Information & Communication Technology Random number sequence generating device, enciphering and deciphering device, random number sequence generating method, enciphering and deciphering method, and program
US20090154454A1 (en) * 2007-12-14 2009-06-18 Thomas Michael Wittenschlaeger Secure Communication Through a Network Fabric
US7995759B1 (en) * 2006-09-28 2011-08-09 Netapp, Inc. System and method for parallel compression of a single data stream
US20140317060A1 (en) * 2013-04-18 2014-10-23 Intronis, Inc. Remote backup of large files

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP3455748B2 (en) * 1999-12-21 2003-10-14 独立行政法人通信総合研究所 Vector string output device, output method, and information recording medium
JP3030341B1 (en) * 1999-03-29 2000-04-10 郵政省通信総合研究所長 Random vector sequence output device, output method, and information recording medium
JP4254758B2 (en) * 2005-07-25 2009-04-15 ソニー株式会社 Stream encryption device, stream encryption method, stream decryption device, and stream decryption method
CN101894030A (en) * 2010-06-29 2010-11-24 福建新大陆通信科技股份有限公司 Television set top box USB interface-based data anti-theft updating method
JP5845824B2 (en) * 2011-11-04 2016-01-20 富士通株式会社 Encryption program, decryption program, encryption method, decryption method, system, content generation method, and content decryption method
JP2015114771A (en) * 2013-12-10 2015-06-22 パテネット株式会社 Data encryption device, data restoration device, data encryption method, data restoration method, data encryption program, and data restoration program

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002082715A1 (en) * 2001-04-03 2002-10-17 Mitsubishi Denki Kabushiki Kaisha Encrypting device
JP2004286788A (en) * 2003-03-19 2004-10-14 National Institute Of Information & Communication Technology Random number sequence generating device, enciphering and deciphering device, random number sequence generating method, enciphering and deciphering method, and program
US7995759B1 (en) * 2006-09-28 2011-08-09 Netapp, Inc. System and method for parallel compression of a single data stream
US20090154454A1 (en) * 2007-12-14 2009-06-18 Thomas Michael Wittenschlaeger Secure Communication Through a Network Fabric
US20140317060A1 (en) * 2013-04-18 2014-10-23 Intronis, Inc. Remote backup of large files

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111597521A (en) * 2020-05-20 2020-08-28 贵州电网有限责任公司 Transformer substation mobile terminal data security processing method and system
CN111597521B (en) * 2020-05-20 2023-12-01 贵州电网有限责任公司 Method and system for safely processing data of mobile terminal of transformer substation

Also Published As

Publication number Publication date
JP2017005412A (en) 2017-01-05

Similar Documents

Publication Publication Date Title
TWI698767B (en) Blockchain-based transaction consensus processing method and device, and electronic equipment
CN109150499B (en) Method and device for dynamically encrypting data, computer equipment and storage medium
US11290252B2 (en) Compression and homomorphic encryption in secure query and analytics
US8533456B2 (en) Accelerating stream cipher operations using single and grid systems
US8645713B2 (en) Encrypting method, recording medium of encrypting program, decrypting method, and recording medium of decrypting program
US8958547B2 (en) Generation of relative prime numbers for use in cryptography
CN110287041B (en) Service data sending method, device, equipment and storage medium
WO2016056473A1 (en) Secret calculation system and relay device, and method, program, and storage medium thereof
US9418245B2 (en) Encryption processing device, encryption processing method, and program
JP5985884B2 (en) Information processing apparatus, information processing method, and information processing system
US20080192924A1 (en) Data encryption without padding
WO2016199812A1 (en) Data processing device, data transmission method, and computer program
CN108874584A (en) Data back up method, data restoration method, device, equipment and storage medium
JP2015114771A (en) Data encryption device, data restoration device, data encryption method, data restoration method, data encryption program, and data restoration program
JPWO2003084077A1 (en) Variable length / fixed length data conversion method and apparatus
CN112202555B (en) Information processing method, device and equipment for generating random number based on information attribute
CN111552938B (en) File encryption method and device
JP5964460B2 (en) Data encryption storage system
JP2017005682A (en) Data processing device, data transmission method, computer program and data server
US10116439B2 (en) Encrypted data computation system, device, and program
US20070263876A1 (en) In-memory compression and encryption
US10880083B2 (en) Information processing apparatus and method
US20230327847A1 (en) Compression of homomorphic ciphertexts
JP5530025B2 (en) Data division apparatus and data division program
US20200228310A1 (en) Circuit concealing apparatus, calculation apparatus, and program

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16807518

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16807518

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: JP