WO2022137779A1 - Data processing system - Google Patents

Data processing system Download PDF

Info

Publication number
WO2022137779A1
WO2022137779A1 PCT/JP2021/039389 JP2021039389W WO2022137779A1 WO 2022137779 A1 WO2022137779 A1 WO 2022137779A1 JP 2021039389 W JP2021039389 W JP 2021039389W WO 2022137779 A1 WO2022137779 A1 WO 2022137779A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
user terminal
common key
processing unit
data processing
Prior art date
Application number
PCT/JP2021/039389
Other languages
French (fr)
Japanese (ja)
Inventor
崇文 月森
敦義 赤尾
悠祐 田中
Original Assignee
株式会社電通
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 株式会社電通 filed Critical 株式会社電通
Publication of WO2022137779A1 publication Critical patent/WO2022137779A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Definitions

  • the present invention relates to a data processing system in which encrypted data is stored in a data processing unit and the user terminal performs predetermined data processing using the data, and in particular, the data is prevented from being tampered with by using a distributed network. Regarding the technology to do.
  • An object of the present invention is to falsify data by using a distributed processing network in a data processing system in which encrypted data is stored in a data processing unit and predetermined data processing is performed by a user terminal using the data. It is possible to prevent the above and to ensure high security.
  • One embodiment of the present invention includes a user terminal, a data processing unit connected to the user terminal so as to be capable of data communication, and a distributed network system to be connected to the user terminal and the data processing unit so as to be capable of data communication.
  • It is a system device, and in this data processing system device, the user terminal has an input unit in which predetermined data is input, encrypts the data using an encryption key, and transmits the encrypted data to the data processing unit.
  • the encryption unit is provided with an encryption unit and a user authentication unit that performs user authentication of the user terminal using predetermined authentication data and notifies the data processing unit of the success / failure result of the user authentication.
  • the data processing unit is a user terminal.
  • a second encryption unit that encrypts duplicated data using a common key, and a common key transmission processing unit that deletes the common key after transmitting the common key to the user terminal.
  • the third encryption unit that deletes the common key and the encrypted common key are transmitted to the distributed network system and recorded as the first transaction.
  • Data processing is provided with one transaction recording processing unit and a second decryption unit that decrypts the encrypted common key with the private key of the user terminal and transmits the common key obtained by the decryption to the data processing unit.
  • the unit has a third decryption unit that decodes the encrypted duplicate data using a common key, and a duplicate that sends the duplicate data obtained by the decryption to the user terminal to perform predetermined data processing. It includes a data transmission processing unit and a second transaction recording processing unit that transmits the hash value of the duplicated data obtained by decryption to the distributed network system and records it as a second transaction.
  • Another aspect of the present invention is data processing comprising a user terminal, a data processing unit connected to the user terminal in a data communicable manner, and a distributed network system connected to the user terminal and the data processing unit in a data communicable manner.
  • This method is a method executed in the system, and as a step executed in the user terminal, an input step in which predetermined data is input and data are encrypted using an encryption key, and the encrypted data is converted into data.
  • Data including a first encryption step to be transmitted to the processing unit and a user authentication step to perform user authentication of the user terminal using predetermined authentication data and notify the data processing unit of the success / failure result of the user authentication.
  • a data storage step of storing the encrypted data transmitted from the user terminal in the data storage unit and a decryption key corresponding to the encryption key based on the notification of the success of the user authentication are used.
  • a common key generation step that randomly generates a common key for a processing unit, a second encryption step that encrypts duplicate data using the common key, and a common key is deleted after being transmitted to the user terminal.
  • the duplicated data transmission step of transmitting the duplicated data obtained by Includes a second transaction recording step, which is to be recorded as a transaction of.
  • FIG. 1 is a block diagram showing a configuration of a data processing system according to an embodiment of the present invention.
  • FIG. 2 is a sequence diagram illustrating the operation of the data processing system according to the embodiment of the present invention.
  • FIG. 3 is a block diagram showing a configuration of a data processing system according to another embodiment.
  • FIG. 4 is a sequence diagram illustrating the operation of the data processing system according to still another embodiment.
  • the data processing system of the present invention includes a user terminal, a data processing unit connected to the user terminal so as to be capable of data communication, and a distributed network system to be connected to the user terminal and the data processing unit so as to be capable of data communication.
  • the user terminal has an input unit in which predetermined data is input, a first encryption unit that encrypts the data using an encryption key and transmits the encrypted data to the data processing unit, and a predetermined authentication.
  • the data processing unit is provided with a user authentication unit that authenticates the user of the user terminal using the data and notifies the data processing unit of the result of the success or failure of the user authentication, and the data processing unit is encrypted data transmitted from the user terminal.
  • the first decryption unit that decrypts the encrypted data stored in the data storage unit using the data storage unit that stores the data and the decryption key corresponding to the encryption key based on the notification of the success of the user authentication.
  • the duplication processing unit that duplicates the data obtained by decryption and generates the duplication data
  • the common key generation unit that randomly generates the common key of the user terminal and the data processing unit, and the duplication using the common key. It is equipped with a second encryption unit that encrypts data and a common key transmission processing unit that deletes the common key after transmitting the common key to the user terminal.
  • the user terminal uses the public key of the user terminal as the common key.
  • a third encryption unit that deletes the common key after encryption, a first transaction recording processing unit that sends the encrypted common key to the distributed network system and records it as the first transaction, and encryption. It is provided with a second decryption unit that decrypts the decrypted common key with the private key of the user terminal and transmits the common key obtained by the decryption to the data processing unit, and the data processing unit uses the common key.
  • a third decryption unit that decrypts the encrypted duplicate data, a duplicate data transmission processing unit that transmits the duplicate data obtained by decryption to the user terminal and performs predetermined data processing, and a decryption process. It includes a second transaction recording processing unit that transmits the hash value of the obtained duplicate data to the distributed network system and records it as a second transaction.
  • encrypted data (for example, personal information) is stored in the data storage unit of the data processing unit.
  • user authentication is performed on the user terminal.
  • the data processing unit decodes the data stored in the data storage unit (encrypted data), and duplicates the data obtained by the decryption to generate duplicate data. ..
  • a common key is randomly generated, and the duplicated data is encrypted with the common key.
  • the common key is transmitted from the data processing unit to the user terminal and is encrypted with the public key of the user terminal. After that, the common key is deleted in the data processing unit.
  • the encrypted common key is transmitted to the distributed network system and recorded as the first transaction.
  • the common key is deleted on the user terminal.
  • the encrypted common key is decrypted by the private key of the user terminal, and the common key obtained by the decryption is transmitted to the data processing unit.
  • the encrypted duplicate data is decrypted using the common key, the duplicate data obtained by the decryption is transmitted to the user terminal, and predetermined data processing is performed. Then, the hash value of the duplicated data obtained by the decryption is transmitted from the data processing unit to the distributed network system and recorded as a second transaction.
  • the encrypted common key is recorded as the first transaction, it is possible to confirm whether or not the common key has been tampered with. Further, since the hash value of the duplicated data is recorded as the second transaction, it is possible to confirm whether or not the duplicated data has been tampered with. As a result, it is possible to prevent falsification of the common key and data, and high security is ensured.
  • the first encryption unit encrypts the data using the common key of the user terminal and the data processing unit, and the first decryption unit decodes the data using the common key. You may.
  • data can be encrypted / decrypted using the common key of the user terminal and the data processing unit.
  • This method is suitable when the data processing unit is provided inside the user terminal (for example, when the data processing unit is the operation system of the user terminal).
  • the first encryption unit encrypts the data using the private key of the user terminal, and the first decryption unit decodes the data using the public key of the user terminal. May be good.
  • data can be encrypted / decrypted using the private key / public key of the user terminal.
  • This method is suitable when the data processing unit is provided outside the user terminal (for example, when the data processing unit is an external server).
  • the data processing unit may be an external server connected to the user terminal via a network.
  • encrypted data for example, personal information
  • data storage unit of the external server stores encrypted data (for example, personal information)
  • batch management of data can be easily realized.
  • the data processing unit may be an operation system of a user terminal.
  • encrypted data for example, personal information
  • data storage unit of the user terminal stores encrypted data (for example, personal information)
  • distributed management of data can be easily realized.
  • the method of the present invention is in a data processing system including a user terminal, a data processing unit connected to the user terminal so as to be capable of data communication, and a distributed network system to be connected to the user terminal and the data processing unit so as to be capable of data communication. It is a method to be executed, and as a step to be executed in the user terminal, an input step in which predetermined data is input, data is encrypted using an encryption key, and the encrypted data is transmitted to a data processing unit. It is executed in the data processing unit, including a first encryption step and a user authentication step of performing user authentication of the user terminal using predetermined authentication data and notifying the data processing unit of the success / failure result of the user authentication.
  • a common key generation step that randomly generates a common key
  • an encryption key transmission step that deletes the common key after transmitting the common key to the user terminal.
  • a third encryption step of encrypting the common key with the public key of the user terminal and then deleting the common key, and a distributed network of the encrypted common key is transmitted to the data processing unit.
  • a third decryption step of decrypting encrypted duplicate data using a common key and a duplicate obtained by the decryption are performed.
  • the duplicate data transmission step of transmitting data to the user terminal to perform predetermined data processing and the hash value of the duplicate data obtained by decryption are transmitted to the distributed network system and recorded as a second transaction. Includes a second transaction recording step.
  • the data is falsified by using a distributed processing network. Can be prevented and high security can be ensured.
  • FIG. 1 is a block diagram showing a configuration of a data processing system according to the present embodiment.
  • the data processing system 1 includes a user terminal 2, a server device 3 connected to the user terminal 2 via a network N so as to be capable of data communication, and a user terminal 2, a server device 3, and a network N.
  • It includes a distributed network system 4 that is connected to enable data communication via the system.
  • the user terminal 2 is, for example, a smartphone
  • the server device 3 is, for example, a cloud server.
  • the distributed network system 4 is, for example, a blockchain system.
  • the user terminal 2 includes an input unit 5 and a control unit 6.
  • the input unit 5 is composed of an input interface
  • the control unit 6 is composed of a dedicated application (for example, a recommendation application) installed in the user terminal 2.
  • a dedicated application for example, a recommendation application
  • From the input unit 5 predetermined data required for data processing in the control unit 6 (for example, personal information required for recommendation processing) is input.
  • the control unit 6 has a first encryption unit 60, a user authentication unit 61, a third encryption unit 62, and a first transaction recording processing unit 63 as functional blocks for performing data processing (for example, recommendation processing).
  • a second decoding unit 64 and a recommendation processing unit 65 are provided.
  • the first encryption unit 60 generates a common key (common key A) for the user terminal 2 and the server device 3, encrypts the data input from the input unit 5 using the common key A, and encrypts the data. Is provided to the server device 3.
  • the generated common key A is transmitted to the server device 3.
  • the user authentication unit 61 has a function of performing user authentication of the user terminal 2 using the authentication data and notifying the server device 3 of the result of the success or failure of the user authentication.
  • the authentication data for example, an authentication code such as a PIN code or biometric authentication information is used.
  • the third encryption unit 62 has a function of encrypting the common key (common key B) generated by the server device 3 described later with the public key of the user terminal 2 and then deleting the common key B.
  • the first transaction recording processing unit 63 has a function of transmitting the encrypted common key B to the distributed network system 4 and recording it as the first transaction.
  • the second decryption unit 64 has a function of decrypting the encrypted common key B with the private key of the user terminal 2 and transmitting the common key B obtained by the decryption to the server device 3.
  • the recommendation unit has a function of making a predetermined recommendation to the user by using the data (replica data decoded by the common key B) transmitted from the server device 3 described later.
  • the server device 3 includes a data storage unit 7 and a control unit 8.
  • the data storage unit 7 is composed of a large-capacity memory, an HDD, or the like
  • the control unit 8 is composed of a program or the like installed in the server device 3.
  • the data storage unit 7 stores encrypted data (for example, personal information required for recommendation processing and the like) transmitted from the user terminal 2.
  • the control unit 8 has a first decryption unit 80, a duplication processing unit 81, a common key generation unit 82, a second encryption unit 83, and a common key as functional blocks for performing each processing of the data processing unit. It includes a transmission processing unit 84, a third decoding unit 85, a duplicate data transmission processing unit 86, and a second transaction recording processing unit 87.
  • the first decryption unit 80 uses the common key A transmitted from the user terminal 2 to store the encrypted data stored in the data storage unit 7. It has a function to decrypt. It can be said that the notification of success of user authentication is a notification permitting the use of data (personal information, etc.).
  • the duplication processing unit 81 has a function of duplicating the data obtained by decoding and generating duplicated data.
  • the common key generation unit 82 has a function of randomly generating a common key B between the user terminal 2 and the server device 3. This common key B is a common key different from the common key A, and is a one-time common key that is deleted immediately after use.
  • the second encryption unit 83 has a function of encrypting the duplicated data by using the common key B.
  • the encrypted duplicate data is stored in the data storage unit 7.
  • the common key transmission processing unit 84 has a function of transmitting the common key B to the user terminal 2 and a function of deleting the common key B after transmission to the user terminal 2.
  • the third decryption unit 85 encrypts using the common key B transmitted from the user terminal 2 (common key B obtained by decrypting the encrypted common key B with the private key of the user terminal 2). It has a function of decrypting the duplicated data (stored in the data storage unit 7).
  • the duplicated data transmission processing unit 86 has a function of transmitting the duplicated data obtained by decoding to the user terminal 2 to perform predetermined data processing (recommendation processing).
  • the second transaction recording processing unit 87 has a function of transmitting the hash value of the duplicated data obtained by decryption to the distributed network system 4 and recording it as a second transaction.
  • predetermined data is input to the user terminal 2 (S1).
  • a common key (common key A) between the user terminal 2 and the server device 3 is generated (S2), and the generated common key A is transmitted from the user terminal 2 to the server device 3 (S3).
  • the data (personal information and the like) input from the input unit 5 is encrypted using the common key A (S4), and the encrypted data is transmitted to the server device 3 (S5).
  • the server device 3 the data (encrypted data) received from the user terminal 2 is stored in the data storage unit 7 (S6).
  • the authentication data for example, an authentication code such as a PIN code or biometric authentication information
  • S7 user authentication using the authentication data
  • S8 user authentication using the authentication data
  • the result user
  • Notification of authentication success / failure is notified to the server device 3 (S9).
  • the server device 3 receives the notification of the success of the user authentication from the user terminal 2
  • the encrypted data stored in the data storage unit 7 is decrypted by using the common key A transmitted from the user terminal 2.
  • the data (personal information, etc.) obtained by the decryption is duplicated to generate the duplicated data (S11).
  • the common key B of the user terminal 2 and the server device 3 is randomly generated (S12), and the duplicated data is encrypted using the common key B (S13).
  • the encrypted duplicate data is stored in the data storage unit 7 of the server device 3.
  • the common key B is transmitted to the user terminal 2 (S14), and is deleted from the server device 3 after being transmitted to the user terminal 2 (S15).
  • the private key K1 and the public key K2 are generated (S16), and the common key B transmitted from the server device 3 is encrypted with the public key K2 of the user terminal 2 (S17). After that, the common key B (unencrypted common key B) is deleted from the user terminal 2 (S18). On the other hand, the encrypted common key B is transmitted to the distributed network system 4 (S19) and recorded as the first transaction (S20).
  • the encrypted common key B is decrypted with the private key of the user terminal 2 (S21), and the common key B obtained by the decryption is transmitted to the server device 3 (S22).
  • the server device 3 is encrypted using a common key B transmitted from the user terminal 2 (a common key B obtained by decrypting the encrypted common key B with the private key of the user terminal 2).
  • the duplicated data (stored in the data storage unit 7) is decoded (S23).
  • the duplicated data obtained by decryption is transmitted from the server device 3 to the user terminal 2 (S24), and the user terminal 2 uses the data transmitted from the server device 3 (duplicate data obtained by decryption). , Recommendations are made to the user (S25).
  • the hash value of the duplicated data obtained by the decryption is transmitted from the server device 3 to the distributed network system 4 (S26) and recorded as a second transaction (S27).
  • encrypted data for example, personal information
  • the data storage unit 7 of the server device 3 When the user terminal 2 performs predetermined data processing using this data, the user authentication is performed on the user terminal 2. If the user authentication is successful, the server device 3 decodes the data (encrypted data) stored in the data storage unit 7, and duplicates the data obtained by the decryption to generate duplicate data. To.
  • a common key is randomly generated, and the duplicated data is encrypted with the common key.
  • the common key is transmitted from the server device 3 to the user terminal 2 and is encrypted with the public key of the user terminal 2. After that, the common key is deleted in the server device 3.
  • the encrypted common key is transmitted to the distributed network system 4 and recorded as the first transaction. After that, the common key is deleted on the user terminal 2.
  • the encrypted common key is decrypted by the private key of the user terminal 2, and the common key obtained by the decryption is transmitted to the server device 3.
  • the encrypted duplicate data is decrypted using the common key, the duplicate data obtained by the decryption is transmitted to the user terminal 2, and predetermined data processing is performed.
  • the hash value of the duplicated data obtained by the decryption is transmitted from the server device 3 to the distributed network system 4 and recorded as a second transaction.
  • the encrypted common key is recorded as the first transaction, it is possible to confirm whether or not the common key has been tampered with. Further, since the hash value of the duplicated data is recorded as the second transaction, it is possible to confirm whether or not the duplicated data has been tampered with. As a result, it is possible to prevent falsification of the common key and data, and high security is ensured.
  • data can be encrypted / decrypted by using the common key of the user terminal 2 and the server device 3.
  • This method is suitable when the server device 3 is provided inside the user terminal 2 (for example, when the server device 3 is an operating system of the user terminal 2).
  • encrypted data (for example, personal information) is stored in the data storage unit 7 of the external server.
  • batch management of data can be easily realized.
  • the data processing unit of the present invention is configured by the server device 3 external to the user terminal 2
  • the scope of the present invention is not limited to this.
  • the data processing unit of the present invention may be configured by the operation system 9 of the user terminal 2.
  • encrypted data for example, personal information
  • the data storage unit 10 of the user terminal 2 is stored in the data storage unit 10 of the user terminal 2.
  • data can be encrypted / decrypted using the private key / public key of the user terminal 2.
  • This method is suitable when the data processing unit is provided outside the user terminal 2 (for example, when the data processing unit is a server device 3 outside the user terminal 2).
  • the data processing system according to the present invention has the effect of preventing data falsification and ensuring high security by using the distributed processing network, and is a blockchain. It is useful as a recommendation system using.
  • Data processing system 2 User terminal 3 Server device (data processing unit) 4 Distributed network system 5 Input unit 6
  • Control unit 60 1st encryption unit 61
  • User authentication unit 62 3rd encryption unit 63 1st transaction recording processing unit 64
  • 2nd decryption unit 65
  • Recommendation processing unit 7
  • Data storage unit 8 Control Unit 80 1st Decryption Unit 81
  • Duplicate Processing Unit 82
  • Common Key Generation Unit 83
  • Common Key Transmission Processing Unit 85
  • 3rd Decryption Unit 86
  • Duplicate Data Transmission Processing Unit 87 2nd Transaction Recording Processing Unit 9
  • Operation System (Data processing unit) 10
  • N Network

Abstract

A user terminal (2) encrypts and transmits data to a data processing unit (3). In the data processing unit (3), decrypted data is replicated. The replicated data is encrypted by a common key (B) and transmitted to the user terminal (2). The encrypted common key (B) is transmitted to a distributed network system (4) and recorded as a first transaction. When the common key (B) obtained by decrypting the encrypted common key (B) is transmitted to the data processing unit (3), the encrypted replicated data is decrypted using the common key (B), the obtained replicated data is transmitted to the user terminal (2), and prescribed data processing is performed. The hash value of the replicated data is transmitted to the distributed network system (4) and recorded as a second transaction.

Description

データ処理システムData processing system
 本発明は、データ処理ユニットに暗号化されたデータが記憶され、そのデータを用いてユーザ端末で所定のデータ処理を行うデータ処理システムに関し、特に、分散型ネットワークを利用してデータの改竄を防止する技術に関する。 The present invention relates to a data processing system in which encrypted data is stored in a data processing unit and the user terminal performs predetermined data processing using the data, and in particular, the data is prevented from being tampered with by using a distributed network. Regarding the technology to do.
 従来から、個人情報などのデータを取り扱うシステムが、種々提案されている。例えば、個人情報を個人情報として秘匿したまま、顧客が自社のデータベースに登録されているか否かの判別を行うシステムなどが提案されている(例えば特許文献1参照)。 Conventionally, various systems for handling data such as personal information have been proposed. For example, a system has been proposed in which it is determined whether or not a customer is registered in a company's database while keeping personal information confidential as personal information (see, for example, Patent Document 1).
 しかしながら、従来のシステムにおいては、データ処理ユニットに暗号化されたデータが記憶され、そのデータを用いてユーザ端末で所定のデータ処理を行うことについては、何ら考慮されていなかった。 However, in the conventional system, encrypted data is stored in the data processing unit, and no consideration is given to performing predetermined data processing on the user terminal using the data.
特開2019-101392号公報Japanese Unexamined Patent Publication No. 2019-101392
 本発明は、上記背景の下でなされたものである。本発明の目的は、データ処理ユニットに暗号化されたデータが記憶され、そのデータを用いてユーザ端末で所定のデータ処理を行うデータ処理システムにおいて、分散処理ネットワークを利用することによって、データの改竄を防止することができ、高いセキュリティ性を担保することにある。 The present invention was made under the above background. An object of the present invention is to falsify data by using a distributed processing network in a data processing system in which encrypted data is stored in a data processing unit and predetermined data processing is performed by a user terminal using the data. It is possible to prevent the above and to ensure high security.
 本発明の一の態様は、ユーザ端末と、ユーザ端末とデータ通信可能に接続されるデータ処理ユニットと、ユーザ端末およびデータ処理ユニットとデータ通信可能に接続される分散型ネットワークシステムとを備えるデータ処理システム装置であり、このデータ処理システム装置では、ユーザ端末は、所定のデータが入力される入力部と、データを暗号鍵を用いて暗号化し、暗号化されたデータをデータ処理ユニットに送信する第1暗号化部と、所定の認証用データを用いてユーザ端末のユーザ認証を行い、ユーザ認証の成否の結果をデータ処理ユニットに通知するユーザ認証部と、を備え、データ処理ユニットは、ユーザ端末から送信された暗号化されたデータを記憶するデータ記憶部と、ユーザ認証の成功の通知に基づいて、暗号鍵に対応する復号鍵を用いて、データ記憶部に記憶された暗号化されたデータを復号化する第1復号化部と、復号化により得られたデータを複製し、複製データを生成する複製処理部と、ユーザ端末とデータ処理ユニットの共通鍵をランダムに生成する共通鍵生成部と、共通鍵を用いて、複製データを暗号化する第2暗号化部と、共通鍵をユーザ端末に送信した後、共通鍵を削除する共通鍵送信処理部と、を備え、ユーザ端末は、共通鍵をユーザ端末の公開鍵で暗号化した後、共通鍵を削除する第3暗号化部と、暗号化された共通鍵を、分散型ネットワークシステムに送信し、第1のトランザクションとして記録させる第1トランザクション記録処理部と、暗号化された共通鍵をユーザ端末の秘密鍵で復号化し、復号化により得られた共通鍵をデータ処理ユニットに送信する第2復号化部と、を備え、データ処理ユニットは、共通鍵を用いて、暗号化された複製データを復号化する第3復号化部と、復号化により得られた複製データをユーザ端末に送信して、所定のデータ処理を行わせる複製データ送信処理部と、復号化により得られた複製データのハッシュ値を、分散型ネットワークシステムに送信し、第2のトランザクションとして記録させる第2トランザクション記録処理部と、を備えている。 One embodiment of the present invention includes a user terminal, a data processing unit connected to the user terminal so as to be capable of data communication, and a distributed network system to be connected to the user terminal and the data processing unit so as to be capable of data communication. It is a system device, and in this data processing system device, the user terminal has an input unit in which predetermined data is input, encrypts the data using an encryption key, and transmits the encrypted data to the data processing unit. 1 The encryption unit is provided with an encryption unit and a user authentication unit that performs user authentication of the user terminal using predetermined authentication data and notifies the data processing unit of the success / failure result of the user authentication. The data processing unit is a user terminal. Encrypted data stored in the data storage unit using the data storage unit that stores the encrypted data transmitted from and the decryption key corresponding to the encryption key based on the notification of the success of user authentication. A first decryption unit that decodes the data, a replication processing unit that duplicates the data obtained by decryption and generates duplicate data, and a common key generation unit that randomly generates a common key for the user terminal and the data processing unit. A second encryption unit that encrypts duplicated data using a common key, and a common key transmission processing unit that deletes the common key after transmitting the common key to the user terminal. After encrypting the common key with the public key of the user terminal, the third encryption unit that deletes the common key and the encrypted common key are transmitted to the distributed network system and recorded as the first transaction. Data processing is provided with one transaction recording processing unit and a second decryption unit that decrypts the encrypted common key with the private key of the user terminal and transmits the common key obtained by the decryption to the data processing unit. The unit has a third decryption unit that decodes the encrypted duplicate data using a common key, and a duplicate that sends the duplicate data obtained by the decryption to the user terminal to perform predetermined data processing. It includes a data transmission processing unit and a second transaction recording processing unit that transmits the hash value of the duplicated data obtained by decryption to the distributed network system and records it as a second transaction.
 本発明の別の態様は、ユーザ端末と、ユーザ端末とデータ通信可能に接続されるデータ処理ユニットと、ユーザ端末およびデータ処理ユニットとデータ通信可能に接続される分散型ネットワークシステムとを備えるデータ処理システムにおいて実行される方法であり、この方法は、ユーザ端末において実行されるステップとして、所定のデータが入力される入力ステップと、データを暗号鍵を用いて暗号化し、暗号化されたデータをデータ処理ユニットに送信する第1暗号化ステップと、所定の認証用データを用いてユーザ端末のユーザ認証を行い、ユーザ認証の成否の結果をデータ処理ユニットに通知するユーザ認証ステップと、を含み、データ処理ユニットにおいて実行されるステップとして、ユーザ端末から送信された暗号化されたデータをデータ記憶部に記憶するデータ記憶ステップと、ユーザ認証の成功の通知に基づいて、暗号鍵に対応する復号鍵を用いて、データ記憶部に記憶された暗号化されたデータを復号化する第1復号化ステップと、復号化により得られたデータを複製し、複製データを生成する複製ステップと、ユーザ端末とデータ処理ユニットの共通鍵をランダムに生成する共通鍵生成ステップと、共通鍵を用いて、複製データを暗号化する第2暗号化ステップと、共通鍵をユーザ端末に送信した後、共通鍵を削除する暗号鍵送信ステップと、を含み、ユーザ端末において実行されるステップとして、共通鍵をユーザ端末の公開鍵で暗号化した後、共通鍵を削除する第3暗号化ステップと、暗号化された共通鍵を、分散型ネットワークシステムに送信し、第1のトランザクションとして記録させる第1トランザクション記録ステップと、暗号化された共通鍵をユーザ端末の秘密鍵で復号化し、復号化により得られた共通鍵をデータ処理ユニットに送信する第2復号化ステップと、を含み、データ処理ユニットにおいて実行されるステップとして、共通鍵を用いて、暗号化された複製データを復号化する第3復号化ステップと、復号化により得られた複製データをユーザ端末に送信して、所定のデータ処理を行わせる複製データ送信ステップと、復号化により得られた複製データのハッシュ値を、分散型ネットワークシステムに送信し、第2のトランザクションとして記録させる第2トランザクション記録ステップと、を含む。 Another aspect of the present invention is data processing comprising a user terminal, a data processing unit connected to the user terminal in a data communicable manner, and a distributed network system connected to the user terminal and the data processing unit in a data communicable manner. This method is a method executed in the system, and as a step executed in the user terminal, an input step in which predetermined data is input and data are encrypted using an encryption key, and the encrypted data is converted into data. Data including a first encryption step to be transmitted to the processing unit and a user authentication step to perform user authentication of the user terminal using predetermined authentication data and notify the data processing unit of the success / failure result of the user authentication. As a step executed in the processing unit, a data storage step of storing the encrypted data transmitted from the user terminal in the data storage unit and a decryption key corresponding to the encryption key based on the notification of the success of the user authentication are used. The first decryption step of decrypting the encrypted data stored in the data storage unit, the duplication step of duplicating the data obtained by the decryption, and the duplication step of generating the duplicated data, and the user terminal and data. A common key generation step that randomly generates a common key for a processing unit, a second encryption step that encrypts duplicate data using the common key, and a common key is deleted after being transmitted to the user terminal. As a step executed on the user terminal including an encryption key transmission step, a third encryption step of encrypting the common key with the public key of the user terminal and then deleting the common key, and an encrypted common key Is transmitted to the distributed network system and recorded as the first transaction, and the encrypted common key is decrypted with the private key of the user terminal, and the common key obtained by the decryption is used as data. A third decryption step of decrypting encrypted duplicate data using a common key and a decryption as steps executed in the data processing unit, including a second decryption step of transmitting to the processing unit. The duplicated data transmission step of transmitting the duplicated data obtained by Includes a second transaction recording step, which is to be recorded as a transaction of.
 以下に説明するように、本発明には他の態様が存在する。したがって、この発明の開示は、本発明の一部の態様の提供を意図しており、ここで記述され請求される発明の範囲を制限することは意図していない。 As described below, there are other aspects of the present invention. Therefore, the disclosure of this invention is intended to provide some aspects of the invention and is not intended to limit the scope of the invention described and claimed herein.
図1は、本発明の実施の形態におけるデータ処理システムの構成を示すブロック図である。FIG. 1 is a block diagram showing a configuration of a data processing system according to an embodiment of the present invention. 図2は、本発明の実施の形態におけるデータ処理システムの動作を説明するシーケンス図である。FIG. 2 is a sequence diagram illustrating the operation of the data processing system according to the embodiment of the present invention. 図3は、他の実施の形態におけるデータ処理システムの構成を示すブロック図である。FIG. 3 is a block diagram showing a configuration of a data processing system according to another embodiment. 図4は、更に他の実施の形態におけるデータ処理システムの動作を説明するシーケンス図である。FIG. 4 is a sequence diagram illustrating the operation of the data processing system according to still another embodiment.
 以下に本発明の詳細な説明を述べる。ただし、以下の詳細な説明と添付の図面は発明を限定するものではない。 The detailed description of the present invention will be described below. However, the following detailed description and accompanying drawings do not limit the invention.
 本発明のデータ処理システムは、ユーザ端末と、ユーザ端末とデータ通信可能に接続されるデータ処理ユニットと、ユーザ端末およびデータ処理ユニットとデータ通信可能に接続される分散型ネットワークシステムとを備えるデータ処理システムにおいて、ユーザ端末は、所定のデータが入力される入力部と、データを暗号鍵を用いて暗号化し、暗号化されたデータをデータ処理ユニットに送信する第1暗号化部と、所定の認証用データを用いてユーザ端末のユーザ認証を行い、ユーザ認証の成否の結果をデータ処理ユニットに通知するユーザ認証部と、を備え、データ処理ユニットは、ユーザ端末から送信された暗号化されたデータを記憶するデータ記憶部と、ユーザ認証の成功の通知に基づいて、暗号鍵に対応する復号鍵を用いて、データ記憶部に記憶された暗号化されたデータを復号化する第1復号化部と、復号化により得られたデータを複製し、複製データを生成する複製処理部と、ユーザ端末とデータ処理ユニットの共通鍵をランダムに生成する共通鍵生成部と、共通鍵を用いて、複製データを暗号化する第2暗号化部と、共通鍵をユーザ端末に送信した後、共通鍵を削除する共通鍵送信処理部と、を備え、ユーザ端末は、共通鍵をユーザ端末の公開鍵で暗号化した後、共通鍵を削除する第3暗号化部と、暗号化された共通鍵を、分散型ネットワークシステムに送信し、第1のトランザクションとして記録させる第1トランザクション記録処理部と、暗号化された共通鍵をユーザ端末の秘密鍵で復号化し、復号化により得られた共通鍵をデータ処理ユニットに送信する第2復号化部と、を備え、データ処理ユニットは、共通鍵を用いて、暗号化された複製データを復号化する第3復号化部と、復号化により得られた複製データをユーザ端末に送信して、所定のデータ処理を行わせる複製データ送信処理部と、復号化により得られた複製データのハッシュ値を、分散型ネットワークシステムに送信し、第2のトランザクションとして記録させる第2トランザクション記録処理部と、を備えている。 The data processing system of the present invention includes a user terminal, a data processing unit connected to the user terminal so as to be capable of data communication, and a distributed network system to be connected to the user terminal and the data processing unit so as to be capable of data communication. In the system, the user terminal has an input unit in which predetermined data is input, a first encryption unit that encrypts the data using an encryption key and transmits the encrypted data to the data processing unit, and a predetermined authentication. The data processing unit is provided with a user authentication unit that authenticates the user of the user terminal using the data and notifies the data processing unit of the result of the success or failure of the user authentication, and the data processing unit is encrypted data transmitted from the user terminal. The first decryption unit that decrypts the encrypted data stored in the data storage unit using the data storage unit that stores the data and the decryption key corresponding to the encryption key based on the notification of the success of the user authentication. And, the duplication processing unit that duplicates the data obtained by decryption and generates the duplication data, the common key generation unit that randomly generates the common key of the user terminal and the data processing unit, and the duplication using the common key. It is equipped with a second encryption unit that encrypts data and a common key transmission processing unit that deletes the common key after transmitting the common key to the user terminal. The user terminal uses the public key of the user terminal as the common key. A third encryption unit that deletes the common key after encryption, a first transaction recording processing unit that sends the encrypted common key to the distributed network system and records it as the first transaction, and encryption. It is provided with a second decryption unit that decrypts the decrypted common key with the private key of the user terminal and transmits the common key obtained by the decryption to the data processing unit, and the data processing unit uses the common key. A third decryption unit that decrypts the encrypted duplicate data, a duplicate data transmission processing unit that transmits the duplicate data obtained by decryption to the user terminal and performs predetermined data processing, and a decryption process. It includes a second transaction recording processing unit that transmits the hash value of the obtained duplicate data to the distributed network system and records it as a second transaction.
 この構成によれば、データ処理ユニットのデータ記憶部に、暗号化されたデータ(例えば個人情報など)が記憶される。ユーザ端末で、このデータを用いて所定のデータ処理を行う場合には、ユーザ端末でユーザ認証が行われる。ユーザ認証に成功すると、データ処理ユニットでは、データ記憶部に記憶されたデータ(暗号化されたデータ)が復号化され、復号化により得られたデータを複製することにより、複製データが生成される。
 つぎに、データ処理ユニットでは、共通鍵がランダムに生成され、その共通鍵で複製データが暗号化される。共通鍵は、データ処理ユニットからユーザ端末に送信され、ユーザ端末の公開鍵で暗号化される。その後、データ処理ユニットでは、共通鍵が削除される。
 つづいて、ユーザ端末では、暗号化された共通鍵が、分散型ネットワークシステムに送信され、第1のトランザクションとして記録される。その後、ユーザ端末では、共通鍵が削除される。
 さらに、ユーザ端末では、暗号化された共通鍵がユーザ端末の秘密鍵で復号化され、復号化により得られた共通鍵がデータ処理ユニットに送信される。データ処理ユニットでは、その共通鍵を用いて、暗号化された複製データが復号化され、復号化により得られた複製データがユーザ端末に送信され、所定のデータ処理が行われる。
 そして、復号化により得られた複製データのハッシュ値が、データ処理ユニットから分散型ネットワークシステムに送信され、第2のトランザクションとして記録される。
 この場合、暗号化された共通鍵が第1のトランザクションとして記録されるので、共通鍵の改竄が行われているか否かを確認することができる。また、複製データのハッシュ値が第2のトランザクションとして記録されるので、複製データの改竄が行われているか否かを確認することができる。これにより、共通鍵やデータの改竄を防止することができ、高いセキュリティ性が担保される。 According to this configuration, encrypted data (for example, personal information) is stored in the data storage unit of the data processing unit. When a predetermined data process is performed using this data on the user terminal, user authentication is performed on the user terminal. When the user authentication is successful, the data processing unit decodes the data stored in the data storage unit (encrypted data), and duplicates the data obtained by the decryption to generate duplicate data. ..
Next, in the data processing unit, a common key is randomly generated, and the duplicated data is encrypted with the common key. The common key is transmitted from the data processing unit to the user terminal and is encrypted with the public key of the user terminal. After that, the common key is deleted in the data processing unit.
Subsequently, at the user terminal, the encrypted common key is transmitted to the distributed network system and recorded as the first transaction. After that, the common key is deleted on the user terminal.
Further, in the user terminal, the encrypted common key is decrypted by the private key of the user terminal, and the common key obtained by the decryption is transmitted to the data processing unit. In the data processing unit, the encrypted duplicate data is decrypted using the common key, the duplicate data obtained by the decryption is transmitted to the user terminal, and predetermined data processing is performed.
Then, the hash value of the duplicated data obtained by the decryption is transmitted from the data processing unit to the distributed network system and recorded as a second transaction.
In this case, since the encrypted common key is recorded as the first transaction, it is possible to confirm whether or not the common key has been tampered with. Further, since the hash value of the duplicated data is recorded as the second transaction, it is possible to confirm whether or not the duplicated data has been tampered with. As a result, it is possible to prevent falsification of the common key and data, and high security is ensured.
 また、本発明のデータ処理システムでは、第1暗号化部は、ユーザ端末とデータ処理ユニットの共通鍵を用いてデータを暗号化し、第1復号化部は、共通鍵を用いてデータを復号化してもよい。 Further, in the data processing system of the present invention, the first encryption unit encrypts the data using the common key of the user terminal and the data processing unit, and the first decryption unit decodes the data using the common key. You may.
 この構成によれば、ユーザ端末とデータ処理ユニットの共通鍵を用いて、データの暗号化・復号化を行うことができる。この方式は、データ処理ユニットがユーザ端末の内部に設けられいる場合(例えば、データ処理ユニットがユーザ端末のオペレーションシステムである場合など)に適している。 According to this configuration, data can be encrypted / decrypted using the common key of the user terminal and the data processing unit. This method is suitable when the data processing unit is provided inside the user terminal (for example, when the data processing unit is the operation system of the user terminal).
 また、本発明のデータ処理システムでは、第1暗号化部は、ユーザ端末の秘密鍵を用いてデータを暗号化し、第1復号化部は、ユーザ端末の公開鍵を用いてデータを復号化してもよい。 Further, in the data processing system of the present invention, the first encryption unit encrypts the data using the private key of the user terminal, and the first decryption unit decodes the data using the public key of the user terminal. May be good.
 この構成によれば、ユーザ端末の秘密鍵・公開鍵を用いて、データの暗号化・復号化を行うことができる。この方式は、データ処理ユニットがユーザ端末の外部に設けられいる場合(例えば、データ処理ユニットが外部サーバである場合など)に適している。 According to this configuration, data can be encrypted / decrypted using the private key / public key of the user terminal. This method is suitable when the data processing unit is provided outside the user terminal (for example, when the data processing unit is an external server).
 また、本発明のデータ処理システムでは、データ処理ユニットは、ユーザ端末とネットワークを介して接続される外部サーバであってもよい。 Further, in the data processing system of the present invention, the data processing unit may be an external server connected to the user terminal via a network.
 この構成によれば、外部サーバのデータ記憶部に、暗号化されたデータ(例えば個人情報など)が記憶される。これにより、データの一括管理を容易に実現することができる。 According to this configuration, encrypted data (for example, personal information) is stored in the data storage unit of the external server. As a result, batch management of data can be easily realized.
 また、本発明のデータ処理システムでは、データ処理ユニットは、ユーザ端末のオペレーションシステムであってもよい。 Further, in the data processing system of the present invention, the data processing unit may be an operation system of a user terminal.
 この構成によれば、ユーザ端末のデータ記憶部に、暗号化されたデータ(例えば個人情報など)が記憶される。これにより、データの分散管理を容易に実現することができる。 According to this configuration, encrypted data (for example, personal information) is stored in the data storage unit of the user terminal. As a result, distributed management of data can be easily realized.
 本発明の方法は、ユーザ端末と、ユーザ端末とデータ通信可能に接続されるデータ処理ユニットと、ユーザ端末およびデータ処理ユニットとデータ通信可能に接続される分散型ネットワークシステムとを備えるデータ処理システムにおいて実行される方法であって、ユーザ端末において実行されるステップとして、所定のデータが入力される入力ステップと、データを暗号鍵を用いて暗号化し、暗号化されたデータをデータ処理ユニットに送信する第1暗号化ステップと、所定の認証用データを用いてユーザ端末のユーザ認証を行い、ユーザ認証の成否の結果をデータ処理ユニットに通知するユーザ認証ステップと、を含み、データ処理ユニットにおいて実行されるステップとして、ユーザ端末から送信された暗号化されたデータをデータ記憶部に記憶するデータ記憶ステップと、ユーザ認証の成功の通知に基づいて、暗号鍵に対応する復号鍵を用いて、データ記憶部に記憶された暗号化されたデータを復号化する第1復号化ステップと、復号化により得られたデータを複製し、複製データを生成する複製ステップと、ユーザ端末とデータ処理ユニットの共通鍵をランダムに生成する共通鍵生成ステップと、共通鍵を用いて、複製データを暗号化する第2暗号化ステップと、共通鍵をユーザ端末に送信した後、共通鍵を削除する暗号鍵送信ステップと、を含み、ユーザ端末において実行されるステップとして、共通鍵をユーザ端末の公開鍵で暗号化した後、共通鍵を削除する第3暗号化ステップと、暗号化された共通鍵を、分散型ネットワークシステムに送信し、第1のトランザクションとして記録させる第1トランザクション記録ステップと、暗号化された共通鍵をユーザ端末の秘密鍵で復号化し、復号化により得られた共通鍵をデータ処理ユニットに送信する第2復号化ステップと、を含み、データ処理ユニットにおいて実行されるステップとして、共通鍵を用いて、暗号化された複製データを復号化する第3復号化ステップと、復号化により得られた複製データをユーザ端末に送信して、所定のデータ処理を行わせる複製データ送信ステップと、復号化により得られた複製データのハッシュ値を、分散型ネットワークシステムに送信し、第2のトランザクションとして記録させる第2トランザクション記録ステップと、を含んでいる。 The method of the present invention is in a data processing system including a user terminal, a data processing unit connected to the user terminal so as to be capable of data communication, and a distributed network system to be connected to the user terminal and the data processing unit so as to be capable of data communication. It is a method to be executed, and as a step to be executed in the user terminal, an input step in which predetermined data is input, data is encrypted using an encryption key, and the encrypted data is transmitted to a data processing unit. It is executed in the data processing unit, including a first encryption step and a user authentication step of performing user authentication of the user terminal using predetermined authentication data and notifying the data processing unit of the success / failure result of the user authentication. As a step, a data storage step of storing encrypted data transmitted from a user terminal in a data storage unit and data storage using a decryption key corresponding to an encryption key based on a notification of success of user authentication. The first decryption step of decrypting the encrypted data stored in the unit, the duplication step of duplicating the data obtained by the decryption and generating the duplicated data, and the common key of the user terminal and the data processing unit. A common key generation step that randomly generates a common key, a second encryption step that encrypts duplicate data using the common key, and an encryption key transmission step that deletes the common key after transmitting the common key to the user terminal. , And, as a step executed in the user terminal, a third encryption step of encrypting the common key with the public key of the user terminal and then deleting the common key, and a distributed network of the encrypted common key. The first transaction recording step, which is transmitted to the system and recorded as the first transaction, the encrypted common key is decrypted with the private key of the user terminal, and the common key obtained by the decryption is transmitted to the data processing unit. As a step executed in the data processing unit including a second decryption step, a third decryption step of decrypting encrypted duplicate data using a common key and a duplicate obtained by the decryption are performed. The duplicate data transmission step of transmitting data to the user terminal to perform predetermined data processing and the hash value of the duplicate data obtained by decryption are transmitted to the distributed network system and recorded as a second transaction. Includes a second transaction recording step.
 この方法によっても、上記のシステムと同様に、暗号化された共通鍵が第1のトランザクションとして記録されるので、共通鍵の改竄が行われているか否かを確認することができる。また、複製データのハッシュ値が第2のトランザクションとして記録されるので、複製データの改竄が行われているか否かを確認することができる。これにより、共通鍵やデータの改竄を防止することができ、高いセキュリティ性が担保される。 Also with this method, since the encrypted common key is recorded as the first transaction as in the above system, it is possible to confirm whether or not the common key has been tampered with. Further, since the hash value of the duplicated data is recorded as the second transaction, it is possible to confirm whether or not the duplicated data has been tampered with. As a result, it is possible to prevent falsification of the common key and data, and high security is ensured.
 本発明によれば、データ処理ユニットに暗号化されたデータが記憶され、そのデータを用いてユーザ端末で所定のデータ処理を行うデータ処理システムにおいて、分散処理ネットワークを利用することによって、データの改竄を防止することができ、高いセキュリティ性を担保することができる。 According to the present invention, in a data processing system in which encrypted data is stored in a data processing unit and predetermined data processing is performed by a user terminal using the data, the data is falsified by using a distributed processing network. Can be prevented and high security can be ensured.
(実施の形態)
 以下、本発明の実施の形態のデータ処理システムについて、図面を用いて説明する。本実施の形態では、ブロックチェーンを利用したレコメンドシステム等に用いられるデータ処理システムの場合を例示する。 (Embodiment)
Hereinafter, the data processing system according to the embodiment of the present invention will be described with reference to the drawings. In this embodiment, the case of a data processing system used for a recommendation system or the like using a blockchain is illustrated.
 本発明の実施の形態のデータ処理システムの構成を、図面を参照して説明する。図1は、本実施の形態のデータ処理システムの構成を示すブロック図である。図1に示すように、データ処理システム1は、ユーザ端末2と、ユーザ端末2とネットワークNを介してデータ通信可能に接続されるサーバ装置3と、ユーザ端末2およびサーバ装置3とネットワークNを介してデータ通信可能に接続される分散型ネットワークシステム4とを備える。ユーザ端末2は、例えばスマートフォンなどであり、サーバ装置3は、例えばクラウドサーバなどである。また、分散型ネットワークシステム4は、例えばブロックチェーンシステムである。 The configuration of the data processing system according to the embodiment of the present invention will be described with reference to the drawings. FIG. 1 is a block diagram showing a configuration of a data processing system according to the present embodiment. As shown in FIG. 1, the data processing system 1 includes a user terminal 2, a server device 3 connected to the user terminal 2 via a network N so as to be capable of data communication, and a user terminal 2, a server device 3, and a network N. It includes a distributed network system 4 that is connected to enable data communication via the system. The user terminal 2 is, for example, a smartphone, and the server device 3 is, for example, a cloud server. Further, the distributed network system 4 is, for example, a blockchain system.
 図1に示すように、ユーザ端末2は、入力部5と、制御部6を備えている。例えば、入力部5は、入力インターフェースで構成され、制御部6は、ユーザ端末2にインストールされた専用アプリケーション(例えば、レコメンドアプリ)などで構成される。入力部5からは、制御部6でのデータ処理に必要とされる所定のデータ(例えば、レコメンド処理に必要とされる個人情報など)が入力される。制御部6は、データ処理(例えば、レコメンド処理)を行うための機能ブロックとして、第1暗号化部60と、ユーザ認証部61と、第3暗号化部62と、第1トランザクション記録処理部63と、第2復号化部64と、レコメンド処理部65を備えている。 As shown in FIG. 1, the user terminal 2 includes an input unit 5 and a control unit 6. For example, the input unit 5 is composed of an input interface, and the control unit 6 is composed of a dedicated application (for example, a recommendation application) installed in the user terminal 2. From the input unit 5, predetermined data required for data processing in the control unit 6 (for example, personal information required for recommendation processing) is input. The control unit 6 has a first encryption unit 60, a user authentication unit 61, a third encryption unit 62, and a first transaction recording processing unit 63 as functional blocks for performing data processing (for example, recommendation processing). A second decoding unit 64 and a recommendation processing unit 65 are provided.
 第1暗号化部60は、ユーザ端末2とサーバ装置3の共通鍵(共通鍵A)を生成し、入力部5から入力されたデータを共通鍵Aを用いて暗号化し、暗号化されたデータをサーバ装置3に送信する機能を備えている。生成された共通鍵Aは、サーバ装置3に送信される。ユーザ認証部61は、認証用データを用いてユーザ端末2のユーザ認証を行い、ユーザ認証の成否の結果をサーバ装置3に通知する機能を備えている。認証用データとしては、例えば、PINコードや生体認証情報などの認証コードが利用される。 The first encryption unit 60 generates a common key (common key A) for the user terminal 2 and the server device 3, encrypts the data input from the input unit 5 using the common key A, and encrypts the data. Is provided to the server device 3. The generated common key A is transmitted to the server device 3. The user authentication unit 61 has a function of performing user authentication of the user terminal 2 using the authentication data and notifying the server device 3 of the result of the success or failure of the user authentication. As the authentication data, for example, an authentication code such as a PIN code or biometric authentication information is used.
 第3暗号化部62は、後述するサーバ装置3によって生成される共通鍵(共通鍵B)を、ユーザ端末2の公開鍵で暗号化した後、共通鍵Bを削除する機能を備えている。第1トランザクション記録処理部63は、暗号化された共通鍵Bを、分散型ネットワークシステム4に送信し、第1のトランザクションとして記録させる機能を備えている。第2復号化部64は、暗号化された共通鍵Bをユーザ端末2の秘密鍵で復号化し、復号化により得られた共通鍵Bをサーバ装置3に送信する機能を備えている。レコメンド部は、後述するサーバ装置3から送信されるデータ(共通鍵Bで復号化された複製データ)を用いて、ユーザに対して所定のレコメンドを行う機能を備えている。 The third encryption unit 62 has a function of encrypting the common key (common key B) generated by the server device 3 described later with the public key of the user terminal 2 and then deleting the common key B. The first transaction recording processing unit 63 has a function of transmitting the encrypted common key B to the distributed network system 4 and recording it as the first transaction. The second decryption unit 64 has a function of decrypting the encrypted common key B with the private key of the user terminal 2 and transmitting the common key B obtained by the decryption to the server device 3. The recommendation unit has a function of making a predetermined recommendation to the user by using the data (replica data decoded by the common key B) transmitted from the server device 3 described later.
 サーバ装置3は、データ記憶部7と、制御部8を備えている。例えば、データ記憶部7は、大容量メモリやHDDなどで構成され、制御部8は、サーバ装置3にインストールされたプログラムなどで構成される。データ記憶部7には、ユーザ端末2から送信された暗号化されたデータ(例えばレコメンド処理などに必要とされる個人情報など)が記憶される。制御部8は、データ処理ユニットの各処理を行うための機能ブロックとして、第1復号化部80と、複製処理部81と、共通鍵生成部82と、第2暗号化部83と、共通鍵送信処理部84と、第3復号化部85と、複製データ送信処理部86と、第2トランザクション記録処理部87を備えている。 The server device 3 includes a data storage unit 7 and a control unit 8. For example, the data storage unit 7 is composed of a large-capacity memory, an HDD, or the like, and the control unit 8 is composed of a program or the like installed in the server device 3. The data storage unit 7 stores encrypted data (for example, personal information required for recommendation processing and the like) transmitted from the user terminal 2. The control unit 8 has a first decryption unit 80, a duplication processing unit 81, a common key generation unit 82, a second encryption unit 83, and a common key as functional blocks for performing each processing of the data processing unit. It includes a transmission processing unit 84, a third decoding unit 85, a duplicate data transmission processing unit 86, and a second transaction recording processing unit 87.
 第1復号化部80は、ユーザ端末2からユーザ認証の成功の通知を受信すると、ユーザ端末2から送信された共通鍵Aを用いて、データ記憶部7に記憶された暗号化されたデータを復号化する機能を備えている。ユーザ認証の成功の通知は、データ(個人情報など)の使用を許可する通知であるともいえる。複製処理部81は、復号化により得られたデータを複製し、複製データを生成する機能を備えている。共通鍵生成部82は、ユーザ端末2とサーバ装置3の共通鍵Bをランダムに生成する機能を備えている。この共通鍵Bは、共通鍵Aとは異なる共通鍵であり、使用後にはすぐに削除されるワンタイムの共通鍵である。第2暗号化部83は、共通鍵Bを用いて、複製データを暗号化する機能を備えている。暗号化された複製データは、データ記憶部7に記憶される。共通鍵送信処理部84は、共通鍵Bをユーザ端末2に送信する機能と、ユーザ端末2への送信後に共通鍵Bを削除する機能を備えている。 When the first decryption unit 80 receives the notification of the success of the user authentication from the user terminal 2, the first decryption unit 80 uses the common key A transmitted from the user terminal 2 to store the encrypted data stored in the data storage unit 7. It has a function to decrypt. It can be said that the notification of success of user authentication is a notification permitting the use of data (personal information, etc.). The duplication processing unit 81 has a function of duplicating the data obtained by decoding and generating duplicated data. The common key generation unit 82 has a function of randomly generating a common key B between the user terminal 2 and the server device 3. This common key B is a common key different from the common key A, and is a one-time common key that is deleted immediately after use. The second encryption unit 83 has a function of encrypting the duplicated data by using the common key B. The encrypted duplicate data is stored in the data storage unit 7. The common key transmission processing unit 84 has a function of transmitting the common key B to the user terminal 2 and a function of deleting the common key B after transmission to the user terminal 2.
 第3復号化部85は、ユーザ端末2から送信される共通鍵B(暗号化された共通鍵Bをユーザ端末2の秘密鍵で復号化することにより得られる共通鍵B)を用いて、暗号化された複製データ(データ記憶部7に記憶されている)を復号化する機能を備えている。複製データ送信処理部86は、復号化により得られた複製データをユーザ端末2に送信して、所定のデータ処理(レコメンド処理)を行わせる機能を備えている。第2トランザクション記録処理部87は、復号化により得られた複製データのハッシュ値を、分散型ネットワークシステム4に送信し、第2のトランザクションとして記録させる機能を備えている。 The third decryption unit 85 encrypts using the common key B transmitted from the user terminal 2 (common key B obtained by decrypting the encrypted common key B with the private key of the user terminal 2). It has a function of decrypting the duplicated data (stored in the data storage unit 7). The duplicated data transmission processing unit 86 has a function of transmitting the duplicated data obtained by decoding to the user terminal 2 to perform predetermined data processing (recommendation processing). The second transaction recording processing unit 87 has a function of transmitting the hash value of the duplicated data obtained by decryption to the distributed network system 4 and recording it as a second transaction.
 以上のように構成されたデータ処理システム1について、図2のシーケンス図を参照してその動作を説明する。 The operation of the data processing system 1 configured as described above will be described with reference to the sequence diagram of FIG.
 図2に示すように、本実施の形態のデータ処理システム1では、まず、ユーザ端末2で、所定のデータ(レコメンド処理に必要とされる必要な個人情報など)が入力される(S1)。ユーザ端末2では、ユーザ端末2とサーバ装置3の共通鍵(共通鍵A)が生成され(S2)、生成された共通鍵Aは、ユーザ端末2からサーバ装置3に送信される(S3)。つぎに、ユーザ端末2では、入力部5から入力されたデータ(個人情報など)が共通鍵Aを用いて暗号化され(S4)、暗号化されたデータがサーバ装置3に送信される(S5)。サーバ装置3では、ユーザ端末2から受信したデータ(暗号化されたデータ)がデータ記憶部7に記憶される(S6)。 As shown in FIG. 2, in the data processing system 1 of the present embodiment, first, predetermined data (necessary personal information required for recommendation processing, etc.) is input to the user terminal 2 (S1). In the user terminal 2, a common key (common key A) between the user terminal 2 and the server device 3 is generated (S2), and the generated common key A is transmitted from the user terminal 2 to the server device 3 (S3). Next, in the user terminal 2, the data (personal information and the like) input from the input unit 5 is encrypted using the common key A (S4), and the encrypted data is transmitted to the server device 3 (S5). ). In the server device 3, the data (encrypted data) received from the user terminal 2 is stored in the data storage unit 7 (S6).
 ユーザ端末2では、認証用データ(例えば、PINコードや生体認証情報などの認証コード)が入力されると(S7)、認証用データを用いたユーザ認証が行われ(S8)、その結果(ユーザ認証の成功/失敗の通知)がサーバ装置3に通知される(S9)。サーバ装置3では、ユーザ端末2からユーザ認証の成功の通知を受信すると、ユーザ端末2から送信された共通鍵Aを用いて、データ記憶部7に記憶された暗号化されたデータが復号化され(S10)、復号化により得られたデータ(個人情報など)を複製して、複製データが生成される(S11)。 When the authentication data (for example, an authentication code such as a PIN code or biometric authentication information) is input to the user terminal 2 (S7), user authentication using the authentication data is performed (S8), and the result (user). Notification of authentication success / failure) is notified to the server device 3 (S9). When the server device 3 receives the notification of the success of the user authentication from the user terminal 2, the encrypted data stored in the data storage unit 7 is decrypted by using the common key A transmitted from the user terminal 2. (S10), the data (personal information, etc.) obtained by the decryption is duplicated to generate the duplicated data (S11).
 つぎに、サーバ装置3では、ユーザ端末2とサーバ装置3の共通鍵Bがランダムに生成され(S12)、共通鍵Bを用いて複製データが暗号化される(S13)。暗号化された複製データは、サーバ装置3のデータ記憶部7に記憶される。共通鍵Bは、ユーザ端末2に送信され(S14)、ユーザ端末2への送信後にサーバ装置3から削除される(S15)。 Next, in the server device 3, the common key B of the user terminal 2 and the server device 3 is randomly generated (S12), and the duplicated data is encrypted using the common key B (S13). The encrypted duplicate data is stored in the data storage unit 7 of the server device 3. The common key B is transmitted to the user terminal 2 (S14), and is deleted from the server device 3 after being transmitted to the user terminal 2 (S15).
 ユーザ端末2では、秘密鍵K1と公開鍵K2が生成され(S16)、サーバ装置3から送信された共通鍵Bがユーザ端末2の公開鍵K2で暗号化される(S17)。その後、共通鍵B(暗号化されていない共通鍵B)は、ユーザ端末2から削除される(S18)。一方、暗号化された共通鍵Bは、分散型ネットワークシステム4に送信され(S19)、第1のトランザクションとして記録される(S20)。 In the user terminal 2, the private key K1 and the public key K2 are generated (S16), and the common key B transmitted from the server device 3 is encrypted with the public key K2 of the user terminal 2 (S17). After that, the common key B (unencrypted common key B) is deleted from the user terminal 2 (S18). On the other hand, the encrypted common key B is transmitted to the distributed network system 4 (S19) and recorded as the first transaction (S20).
 その後、ユーザ端末2では、暗号化された共通鍵Bがユーザ端末2の秘密鍵で復号化され(S21)、復号化により得られた共通鍵Bがサーバ装置3に送信される(S22)。サーバ装置3では、ユーザ端末2から送信される共通鍵B(暗号化された共通鍵Bをユーザ端末2の秘密鍵で復号化することにより得られる共通鍵B)を用いて、暗号化された複製データ(データ記憶部7に記憶されている)が復号化される(S23)。復号化により得られた複製データは、サーバ装置3からユーザ端末2に送信され(S24)、ユーザ端末2では、サーバ装置3から送信されたデータ(復号化により得られた複製データ)を用いて、ユーザに対するレコメンドが行われる(S25)。復号化により得られた複製データのハッシュ値は、サーバ装置3から分散型ネットワークシステム4に送信され(S26)、第2のトランザクションとして記録される(S27)。 After that, in the user terminal 2, the encrypted common key B is decrypted with the private key of the user terminal 2 (S21), and the common key B obtained by the decryption is transmitted to the server device 3 (S22). The server device 3 is encrypted using a common key B transmitted from the user terminal 2 (a common key B obtained by decrypting the encrypted common key B with the private key of the user terminal 2). The duplicated data (stored in the data storage unit 7) is decoded (S23). The duplicated data obtained by decryption is transmitted from the server device 3 to the user terminal 2 (S24), and the user terminal 2 uses the data transmitted from the server device 3 (duplicate data obtained by decryption). , Recommendations are made to the user (S25). The hash value of the duplicated data obtained by the decryption is transmitted from the server device 3 to the distributed network system 4 (S26) and recorded as a second transaction (S27).
 このような本実施の形態のデータ処理システム1によれば、サーバ装置3のデータ記憶部7に、暗号化されたデータ(例えば個人情報など)が記憶される。ユーザ端末2で、このデータを用いて所定のデータ処理を行う場合には、ユーザ端末2でユーザ認証が行われる。ユーザ認証に成功すると、サーバ装置3では、データ記憶部7に記憶されたデータ(暗号化されたデータ)が復号化され、復号化により得られたデータを複製することにより、複製データが生成される。 According to the data processing system 1 of the present embodiment as described above, encrypted data (for example, personal information) is stored in the data storage unit 7 of the server device 3. When the user terminal 2 performs predetermined data processing using this data, the user authentication is performed on the user terminal 2. If the user authentication is successful, the server device 3 decodes the data (encrypted data) stored in the data storage unit 7, and duplicates the data obtained by the decryption to generate duplicate data. To.
 つぎに、サーバ装置3では、共通鍵がランダムに生成され、その共通鍵で複製データが暗号化される。共通鍵は、サーバ装置3からユーザ端末2に送信され、ユーザ端末2の公開鍵で暗号化される。その後、サーバ装置3では、共通鍵が削除される。 Next, in the server device 3, a common key is randomly generated, and the duplicated data is encrypted with the common key. The common key is transmitted from the server device 3 to the user terminal 2 and is encrypted with the public key of the user terminal 2. After that, the common key is deleted in the server device 3.
 つづいて、ユーザ端末2では、暗号化された共通鍵が、分散型ネットワークシステム4に送信され、第1のトランザクションとして記録される。その後、ユーザ端末2では、共通鍵が削除される。 Subsequently, in the user terminal 2, the encrypted common key is transmitted to the distributed network system 4 and recorded as the first transaction. After that, the common key is deleted on the user terminal 2.
 さらに、ユーザ端末2では、暗号化された共通鍵がユーザ端末2の秘密鍵で復号化され、復号化により得られた共通鍵がサーバ装置3に送信される。サーバ装置3では、その共通鍵を用いて、暗号化された複製データが復号化され、復号化により得られた複製データがユーザ端末2に送信され、所定のデータ処理が行われる。 Further, in the user terminal 2, the encrypted common key is decrypted by the private key of the user terminal 2, and the common key obtained by the decryption is transmitted to the server device 3. In the server device 3, the encrypted duplicate data is decrypted using the common key, the duplicate data obtained by the decryption is transmitted to the user terminal 2, and predetermined data processing is performed.
 そして、復号化により得られた複製データのハッシュ値が、サーバ装置3から分散型ネットワークシステム4に送信され、第2のトランザクションとして記録される。 Then, the hash value of the duplicated data obtained by the decryption is transmitted from the server device 3 to the distributed network system 4 and recorded as a second transaction.
 この場合、暗号化された共通鍵が第1のトランザクションとして記録されるので、共通鍵の改竄が行われているか否かを確認することができる。また、複製データのハッシュ値が第2のトランザクションとして記録されるので、複製データの改竄が行われているか否かを確認することができる。これにより、共通鍵やデータの改竄を防止することができ、高いセキュリティ性が担保される。 In this case, since the encrypted common key is recorded as the first transaction, it is possible to confirm whether or not the common key has been tampered with. Further, since the hash value of the duplicated data is recorded as the second transaction, it is possible to confirm whether or not the duplicated data has been tampered with. As a result, it is possible to prevent falsification of the common key and data, and high security is ensured.
 また、本実施の形態では、ユーザ端末2とサーバ装置3の共通鍵を用いて、データの暗号化・復号化を行うことができる。この方式は、サーバ装置3がユーザ端末2の内部に設けられいる場合(例えば、サーバ装置3がユーザ端末2のオペレーションシステムである場合など)に適している。 Further, in the present embodiment, data can be encrypted / decrypted by using the common key of the user terminal 2 and the server device 3. This method is suitable when the server device 3 is provided inside the user terminal 2 (for example, when the server device 3 is an operating system of the user terminal 2).
 また、本実施の形態では、外部サーバのデータ記憶部7に、暗号化されたデータ(例えば個人情報など)が記憶される。これにより、データの一括管理を容易に実現することができる。 Further, in the present embodiment, encrypted data (for example, personal information) is stored in the data storage unit 7 of the external server. As a result, batch management of data can be easily realized.
 以上、本発明の実施の形態を例示により説明したが、本発明の範囲はこれらに限定されるものではなく、請求項に記載された範囲内において目的に応じて変更・変形することが可能である。 Although the embodiments of the present invention have been described above by way of examples, the scope of the present invention is not limited to these, and can be changed or modified according to an object within the scope described in the claims. be.
 例えば、上記の実施の形態では、本発明のデータ処理ユニットが、ユーザ端末2の外部のサーバ装置3で構成される場合について例示したが、本発明の範囲はこれに限定されない。図3に示すように、本発明のデータ処理ユニットは、ユーザ端末2のオペレーションシステム9で構成されてもよい。この場合、ユーザ端末2のデータ記憶部10に、暗号化されたデータ(例えば個人情報など)が記憶される。これにより、データの分散管理を容易に実現することができる。 For example, in the above embodiment, the case where the data processing unit of the present invention is configured by the server device 3 external to the user terminal 2 has been illustrated, but the scope of the present invention is not limited to this. As shown in FIG. 3, the data processing unit of the present invention may be configured by the operation system 9 of the user terminal 2. In this case, encrypted data (for example, personal information) is stored in the data storage unit 10 of the user terminal 2. As a result, distributed management of data can be easily realized.
 また、上記の実施の形態では、ユーザ端末2とサーバ装置3の共通鍵を用いて、データの暗号化・復号化を行う場合について例示したが、本発明の範囲はこれに限定されない。図4に示すように、ユーザ端末2の秘密鍵・公開鍵を用いて、データの暗号化・復号化を行うことができる。この方式は、データ処理ユニットがユーザ端末2の外部に設けられいる場合(例えば、データ処理ユニットが、ユーザ端末2の外部のサーバ装置3である場合など)に適している。 Further, in the above embodiment, the case where data is encrypted / decrypted using the common key of the user terminal 2 and the server device 3 is illustrated, but the scope of the present invention is not limited to this. As shown in FIG. 4, data can be encrypted / decrypted using the private key / public key of the user terminal 2. This method is suitable when the data processing unit is provided outside the user terminal 2 (for example, when the data processing unit is a server device 3 outside the user terminal 2).
 例えば、図4の例では、ユーザ端末2で、所定のデータ(レコメンド処理に必要とされる必要な個人情報など)が入力されると(S1)、秘密鍵K1と公開鍵K2が生成され(S30)、入力部5から入力されたデータ(個人情報など)が秘密鍵K1を用いて暗号化される(S31)。そして、サーバ装置3では、ユーザ端末2からユーザ認証の成功の通知を受信すると(S9)、公開鍵K2を用いて、データ記憶部7に記憶された暗号化されたデータが復号化される(S32)。 For example, in the example of FIG. 4, when predetermined data (necessary personal information required for recommendation processing, etc.) is input on the user terminal 2 (S1), a private key K1 and a public key K2 are generated (S1). S30), the data (personal information, etc.) input from the input unit 5 is encrypted using the private key K1 (S31). Then, when the server device 3 receives the notification of the success of the user authentication from the user terminal 2 (S9), the encrypted data stored in the data storage unit 7 is decrypted using the public key K2 (S9). S32).
 以上のように、本発明にかかるデータ処理システムは、分散処理ネットワークを利用することによって、データの改竄を防止することができ、高いセキュリティ性を担保することができるという効果を有し、ブロックチェーンを利用したレコメンドシステム等として有用である。 As described above, the data processing system according to the present invention has the effect of preventing data falsification and ensuring high security by using the distributed processing network, and is a blockchain. It is useful as a recommendation system using.
 1 データ処理システム
 2 ユーザ端末
 3 サーバ装置(データ処理ユニット)
 4 分散型ネットワークシステム
 5 入力部
 6 制御部
 60 第1暗号化部
 61 ユーザ認証部
 62 第3暗号化部
 63 第1トランザクション記録処理部
 64 第2復号化部
 65 レコメンド処理部
 7 データ記憶部
 8 制御部
 80 第1復号化部
 81 複製処理部
 82 共通鍵生成部
 83 第2暗号化部
 84 共通鍵送信処理部
 85 第3復号化部
 86 複製データ送信処理部
 87 第2トランザクション記録処理部
 9 オペレーションシステム(データ処理ユニット)
 10 データ記憶部
 N ネットワーク 1 Data processing system 2 User terminal 3 Server device (data processing unit)
4 Distributed network system 5 Input unit 6 Control unit 60 1st encryption unit 61 User authentication unit 62 3rd encryption unit 63 1st transaction recording processing unit 64 2nd decryption unit 65 Recommendation processing unit 7 Data storage unit 8 Control Unit 80 1st Decryption Unit 81 Duplicate Processing Unit 82 Common Key Generation Unit 83 2nd Encryption Unit 84 Common Key Transmission Processing Unit 85 3rd Decryption Unit 86 Duplicate Data Transmission Processing Unit 87 2nd Transaction Recording Processing Unit 9 Operation System (Data processing unit)
10 Data storage unit N network

Claims (6)

  1.  ユーザ端末と、前記ユーザ端末とデータ通信可能に接続されるデータ処理ユニットと、前記ユーザ端末および前記データ処理ユニットとデータ通信可能に接続される分散型ネットワークシステムとを備えるデータ処理システムにおいて、
     前記ユーザ端末は、
     所定のデータが入力される入力部と、
     前記データを暗号鍵を用いて暗号化し、暗号化されたデータを前記データ処理ユニットに送信する第1暗号化部と、
     所定の認証用データを用いて前記ユーザ端末のユーザ認証を行い、前記ユーザ認証の成否の結果を前記データ処理ユニットに通知するユーザ認証部と、
    を備え、
     前記データ処理ユニットは、
     前記ユーザ端末から送信された前記暗号化されたデータを記憶するデータ記憶部と、
     前記ユーザ認証の成功の通知に基づいて、前記暗号鍵に対応する復号鍵を用いて、前記データ記憶部に記憶された前記暗号化されたデータを復号化する第1復号化部と、
     前記復号化により得られた前記データを複製し、複製データを生成する複製処理部と、
     前記ユーザ端末と前記データ処理ユニットの共通鍵をランダムに生成する共通鍵生成部と、
     前記共通鍵を用いて、複製データを暗号化する第2暗号化部と、
     前記共通鍵を前記ユーザ端末に送信した後、前記共通鍵を削除する共通鍵送信処理部と、
    を備え、
     前記ユーザ端末は、
     前記共通鍵を前記ユーザ端末の公開鍵で暗号化した後、前記共通鍵を削除する第3暗号化部と、
     暗号化された共通鍵を、前記分散型ネットワークシステムに送信し、第1のトランザクションとして記録させる第1トランザクション記録処理部と、
     前記暗号化された共通鍵を前記ユーザ端末の秘密鍵で復号化し、前記復号化により得られた前記共通鍵を前記データ処理ユニットに送信する第2復号化部と、
    を備え、
     前記データ処理ユニットは、
     前記共通鍵を用いて、前記暗号化された複製データを復号化する第3復号化部と、
     前記復号化により得られた前記複製データをユーザ端末に送信して、所定のデータ処理を行わせる複製データ送信処理部と、
     前記復号化により得られた前記複製データのハッシュ値を、前記分散型ネットワークシステムに送信し、第2のトランザクションとして記録させる第2トランザクション記録処理部と、
    を備える、データ処理システム。     In a data processing system including a user terminal, a data processing unit connected to the user terminal so as to be capable of data communication, and a distributed network system to be connected to the user terminal and the data processing unit so as to be capable of data communication.
    The user terminal is
    The input section where the specified data is input and
    A first encryption unit that encrypts the data using an encryption key and transmits the encrypted data to the data processing unit.
    A user authentication unit that authenticates the user of the user terminal using predetermined authentication data and notifies the data processing unit of the success / failure result of the user authentication.
    Equipped with
    The data processing unit is
    A data storage unit that stores the encrypted data transmitted from the user terminal, and
    Based on the notification of the success of the user authentication, the first decryption unit that decrypts the encrypted data stored in the data storage unit by using the decryption key corresponding to the encryption key, and the first decryption unit.
    A duplication processing unit that duplicates the data obtained by the decoding and generates duplicated data,
    A common key generator that randomly generates a common key between the user terminal and the data processing unit,
    A second encryption unit that encrypts duplicated data using the common key,
    A common key transmission processing unit that deletes the common key after transmitting the common key to the user terminal.
    Equipped with
    The user terminal is
    A third encryption unit that deletes the common key after encrypting the common key with the public key of the user terminal.
    A first transaction recording processing unit that transmits an encrypted common key to the distributed network system and records it as a first transaction.
    A second decryption unit that decrypts the encrypted common key with the private key of the user terminal and transmits the common key obtained by the decryption to the data processing unit.
    Equipped with
    The data processing unit is
    A third decryption unit that decodes the encrypted duplicate data using the common key, and
    A duplicate data transmission processing unit that transmits the duplicated data obtained by the decryption to a user terminal to perform predetermined data processing, and a duplicated data transmission processing unit.
    A second transaction recording processing unit that transmits the hash value of the duplicated data obtained by the decoding to the distributed network system and records it as a second transaction.
    A data processing system.
  2.  前記第1暗号化部は、前記ユーザ端末と前記データ処理ユニットの共通鍵を用いて前記データを暗号化し、
     前記第1復号化部は、前記共通鍵を用いて前記データを復号化する、請求項1に記載のデータ処理システム。     The first encryption unit encrypts the data using the common key of the user terminal and the data processing unit.
    The data processing system according to claim 1, wherein the first decoding unit decodes the data using the common key.
  3.  前記第1暗号化部は、前記ユーザ端末の秘密鍵を用いて前記データを暗号化し、
     前記第1復号化部は、前記ユーザ端末の公開鍵を用いて前記データを復号化する、請求項1に記載のデータ処理システム。     The first encryption unit encrypts the data using the private key of the user terminal.
    The data processing system according to claim 1, wherein the first decoding unit decodes the data using the public key of the user terminal.
  4.  前記データ処理ユニットは、前記ユーザ端末とネットワークを介して接続される外部サーバである、請求項1~3のいずれかに記載のデータ処理システム。 The data processing system according to any one of claims 1 to 3, wherein the data processing unit is an external server connected to the user terminal via a network.
  5.  前記データ処理ユニットは、前記ユーザ端末のオペレーションシステムである、請求項1に記載のデータ処理システム。 The data processing system according to claim 1, wherein the data processing unit is an operation system of the user terminal.
  6.  ユーザ端末と、前記ユーザ端末とデータ通信可能に接続されるデータ処理ユニットと、前記ユーザ端末および前記データ処理ユニットとデータ通信可能に接続される分散型ネットワークシステムとを備えるデータ処理システムにおいて実行される方法であって、
     前記ユーザ端末において実行されるステップとして、
     所定のデータが入力される入力ステップと、
     前記データを暗号鍵を用いて暗号化し、暗号化されたデータを前記データ処理ユニットに送信する第1暗号化ステップと、
     所定の認証用データを用いて前記ユーザ端末のユーザ認証を行い、前記ユーザ認証の成否の結果を前記データ処理ユニットに通知するユーザ認証ステップと、
    を含み、
     前記データ処理ユニットにおいて実行されるステップとして、
     前記ユーザ端末から送信された前記暗号化されたデータをデータ記憶部に記憶するデータ記憶ステップと、
     前記ユーザ認証の成功の通知に基づいて、前記暗号鍵に対応する復号鍵を用いて、前記データ記憶部に記憶された前記暗号化されたデータを復号化する第1復号化ステップと、
     前記復号化により得られた前記データを複製し、複製データを生成する複製ステップと、
     前記ユーザ端末と前記データ処理ユニットの共通鍵をランダムに生成する共通鍵生成ステップと、
     前記共通鍵を用いて、複製データを暗号化する第2暗号化ステップと、
     前記共通鍵を前記ユーザ端末に送信した後、前記共通鍵を削除する暗号鍵送信ステップと、
    を含み、
     前記ユーザ端末において実行されるステップとして、
     前記共通鍵を前記ユーザ端末の公開鍵で暗号化した後、前記共通鍵を削除する第3暗号化ステップと、
     暗号化された共通鍵を、前記分散型ネットワークシステムに送信し、第1のトランザクションとして記録させる第1トランザクション記録ステップと、
     前記暗号化された共通鍵を前記ユーザ端末の秘密鍵で復号化し、前記復号化により得られた前記共通鍵を前記データ処理ユニットに送信する第2復号化ステップと、
    を含み、
     前記データ処理ユニットにおいて実行されるステップとして、
     前記共通鍵を用いて、前記暗号化された複製データを復号化する第3復号化ステップと、
     前記復号化により得られた前記複製データをユーザ端末に送信して、所定のデータ処理を行わせる複製データ送信ステップと、
     前記復号化により得られた前記複製データのハッシュ値を、前記分散型ネットワークシステムに送信し、第2のトランザクションとして記録させる第2トランザクション記録ステップと、
    を含む、方法。     It is executed in a data processing system including a user terminal, a data processing unit connected to the user terminal so as to be capable of data communication, and a distributed network system connected to the user terminal and the data processing unit so as to be capable of data communication. It ’s a method,
    As a step executed in the user terminal,
    An input step in which predetermined data is input, and
    A first encryption step in which the data is encrypted using an encryption key and the encrypted data is transmitted to the data processing unit.
    A user authentication step of performing user authentication of the user terminal using predetermined authentication data and notifying the data processing unit of the success / failure result of the user authentication.
    Including
    As a step performed in the data processing unit,
    A data storage step of storing the encrypted data transmitted from the user terminal in the data storage unit, and
    A first decryption step of decrypting the encrypted data stored in the data storage unit using the decryption key corresponding to the encryption key based on the notification of the success of the user authentication.
    The duplication step of duplicating the data obtained by the decoding and generating the duplicated data,
    A common key generation step for randomly generating a common key between the user terminal and the data processing unit,
    The second encryption step of encrypting the duplicated data using the common key,
    After transmitting the common key to the user terminal, an encryption key transmission step of deleting the common key, and
    Including
    As a step executed in the user terminal,
    After encrypting the common key with the public key of the user terminal, a third encryption step of deleting the common key, and
    A first transaction recording step in which the encrypted common key is transmitted to the distributed network system and recorded as the first transaction, and
    A second decryption step of decrypting the encrypted common key with the private key of the user terminal and transmitting the common key obtained by the decryption to the data processing unit.
    Including
    As a step performed in the data processing unit,
    A third decryption step of decrypting the encrypted duplicate data using the common key, and
    A duplicate data transmission step of transmitting the duplicated data obtained by the decryption to a user terminal to perform predetermined data processing, and
    A second transaction recording step in which the hash value of the duplicated data obtained by the decryption is transmitted to the distributed network system and recorded as a second transaction.
    Including the method.
PCT/JP2021/039389 2020-12-22 2021-10-26 Data processing system WO2022137779A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2020212100A JP7086163B1 (en) 2020-12-22 2020-12-22 Data processing system
JP2020-212100 2020-12-22

Publications (1)

Publication Number Publication Date
WO2022137779A1 true WO2022137779A1 (en) 2022-06-30

Family

ID=82057340

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2021/039389 WO2022137779A1 (en) 2020-12-22 2021-10-26 Data processing system

Country Status (2)

Country Link
JP (1) JP7086163B1 (en)
WO (1) WO2022137779A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2011059749A (en) * 2009-09-07 2011-03-24 Hitachi Ltd Biometric system, portable terminal, semiconductor element, and information processing server
JP2012203802A (en) * 2011-03-28 2012-10-22 Kddi Corp Content edition device, content edition method and content edition program
JP2013037211A (en) * 2011-08-09 2013-02-21 Brother Ind Ltd Management device, karaoke system, and management method
JP2020057221A (en) * 2018-10-02 2020-04-09 株式会社ユナイテッドスマイルズ Information processing method, information processing device, and program
JP6709243B2 (en) * 2018-03-01 2020-06-10 株式会社エヌ・ティ・ティ・データ Information processing equipment

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2007006393A (en) * 2005-06-27 2007-01-11 Institute Of Physical & Chemical Research Information presentation system
KR102243324B1 (en) * 2019-05-27 2021-04-22 넷마블 주식회사 Method for saving and utilizing game data based on block chain network

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2011059749A (en) * 2009-09-07 2011-03-24 Hitachi Ltd Biometric system, portable terminal, semiconductor element, and information processing server
JP2012203802A (en) * 2011-03-28 2012-10-22 Kddi Corp Content edition device, content edition method and content edition program
JP2013037211A (en) * 2011-08-09 2013-02-21 Brother Ind Ltd Management device, karaoke system, and management method
JP6709243B2 (en) * 2018-03-01 2020-06-10 株式会社エヌ・ティ・ティ・データ Information processing equipment
JP2020057221A (en) * 2018-10-02 2020-04-09 株式会社ユナイテッドスマイルズ Information processing method, information processing device, and program

Also Published As

Publication number Publication date
JP7086163B1 (en) 2022-06-17
JP2022098615A (en) 2022-07-04

Similar Documents

Publication Publication Date Title
JP7104248B2 (en) An encrypted asset encryption key part that allows the assembly of an asset encryption key using a subset of the encrypted asset encryption key parts
KR100753932B1 (en) contents encryption method, system and method for providing contents through network using the encryption method
CN101855860B (en) Systems and methods for managing cryptographic keys
KR101371608B1 (en) Database Management System and Encrypting Method thereof
KR20190031989A (en) System and method for processing electronic contracts based on blockchain
CN105103488A (en) Policy enforcement with associated data
US20080260156A1 (en) Management Service Device, Backup Service Device, Communication Terminal Device, and Storage Medium
CN109981255B (en) Method and system for updating key pool
JPH10508438A (en) System and method for key escrow and data escrow encryption
US20070276756A1 (en) Recording/Reproducing Device, Recording Medium Processing Device, Reproducing Device, Recording Medium, Contents Recording/Reproducing System, And Contents Recording/Reproducing Method
CN101401341A (en) Secure data parser method and system
CN110352413A (en) A kind of real data files access control method and system based on strategy
US7673134B2 (en) Backup restore in a corporate infrastructure
US11252161B2 (en) Peer identity verification
US20150143107A1 (en) Data security tools for shared data
CN112671735B (en) Data encryption sharing system and method based on block chain and re-encryption
CN111586065A (en) Data authorization method based on block chain
EP0912011A2 (en) Method and apparatus for encoding and recovering keys
US8234501B2 (en) System and method of controlling access to a device
WO2022137779A1 (en) Data processing system
TWI444849B (en) System for monitoring personal data file based on server verifying and authorizing to decrypt and method thereof
JP2008147946A (en) Authentication method, authentication system, and external recording medium
CN117938546B (en) Verification and data access method of electronic account
WO2018142291A1 (en) Identity verification
CN109672522A (en) A kind of key querying method and cloud platform

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21909936

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21909936

Country of ref document: EP

Kind code of ref document: A1