JP2002281022A - Method and system for enciphering/deciphering information - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a security system capable of enciphering information such as characters, images, or voices without making a user consider it, and deciphering the enciphered information, and reproducing original information without making the user consider it in a digital computer system which stores a large amount of information requiring high level privacy through the Internet or information transmitter/receiver such as a portable telephone assuming a digital computer. SOLUTION: The identification number of a user, for example, the user address, name, birth date, telephone number, ID number, password, e-mail address, or identification information uniquely decided by the user are independently or multiply combined so that a keyword can be prepared, and an encipher table is automatically generated by using this keyword. Thus, the information owned by the user can be automatically enciphered, and that the enciphered information can be automatically deciphered. Therefore, the leakage of the individual information or enterprise/organization information can be reduced by this security enhancement method and device.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a method for encrypting digital data, and more specifically, to an information communication device such as the Internet or a mobile phone, or a digital computer system for storing a large amount of information. The present invention relates to an encryption method for enhancing the security of information by reducing the possibility of leakage of personal information and company / organization information, a method for decrypting the encrypted information, and a system for implementing these methods. Things.

[0002]

2. Description of the Related Art In a digital computer system that stores a large amount of information and information communication through the Internet, a mobile phone, and the like, personal information and company / organization information are appropriately protected. It is essential to ensure the confidentiality of One method for solving this type of security problem is an encryption method.

However, information encrypted by a computer can basically be decrypted by the computer. In this sense, there is no complete encryption information. Therefore, information that requires a high degree of confidentiality cannot be transmitted using a communication infrastructure such as the Internet or a mobile phone. In addition, digital computers that store information that requires a high degree of confidentiality are either not connected to the network, or are connected to the network through a security system called a firewall, ensuring security against unauthorized persons reading or modifying data. are doing. However, since the firewall is also a system constructed with a digital computer, it is inevitable that the firewall is breached by using the digital computer, that is, hacking is performed.

For example, when using a shared digital computer or a network, subsequent access rights can be obtained only by correctly inputting a user's own password. In this case, the password is used as a role of a decryption key possessed by each user. It is responsible for. Further, what information a specific user can access on a digital computer or a network depends on the authority given to the user. This is to secure security by introducing a hierarchical structure of access authority in a digital computer system that stores highly confidential information and information communication such as the Internet and mobile phones that assume a digital computer. is there.

[0005] However, apart from the problems of computers and networks, it is necessary to hierarchize access rights to data, which is originally determined from the viewpoint of what information a specific person should have access rights to, and to manage networks and the like. The requirements for hierarchies arising from gender are not necessarily the same. For example, a network administrator usually has access authority to all data in order to prevent problems that may occur on a network beforehand and to solve problems that have occurred. , Which means that network and computer experts, not necessarily the company's chief executive, have access to all information, including new product development, human resources, and tax, and there is a problem from a data security perspective as well. .

In view of the above situation, in a digital computer that stores information with high secrecy and information communication such as the Internet and a mobile phone on the premise of a digital computer, complete communication with a third party including a network administrator is not possible. The challenge is to ensure security. On the other hand, within an organization, a hierarchical security system is also required according to the department to which it belongs and the position.

[0007] The above security problem is improved by individually encrypting all information owned by each user. In addition, individual users independently encrypting all information owned by the user enhances security against unauthorized users. However, when all users convert all information possessed by the user with their own encryption, there is a problem in that each user is forced to perform a task of intentionally encrypting the information. In addition, in an organization where hierarchies are required, a hierarchical security system is also required according to the departments and positions to which the hierarchies belong.

Here, hierarchical means that not only data belonging to the same layer including users belonging to a certain layer can be accessed, but also all data belonging to a lower layer can be accessed. It means a security configuration that does not allow access to the data to which it belongs. However, in this specification, many variations of this configuration will also be referred to as hierarchical. For example,
When focusing on a specific user, the user may not have access authority to data of another user belonging to the same hierarchy, and may have access authority to data of a directly lower-level user. However, it may be configured such that lower-level users belonging to other users belonging to the same hierarchy have no access authority.

[0009]

SUMMARY OF THE INVENTION The present invention automatically encrypts all information owned by an individual user based on the personal information of the user and data arbitrarily set by the user, and And a method and apparatus for realizing a strong security system. In other words, all information owned by the user is encrypted for each user, and it is impossible to determine which encrypted information is highly confidential until the encrypted information is decrypted, thereby enhancing security. This is a method for realizing a fair security environment.

[0010] Further, the present invention is a method for enabling a hierarchical security system to be configured according to the department to which it belongs and the position in an organization that needs to be hierarchized. That is, the present invention makes it possible not only to improve security and realize a fair security environment, but also to maintain a hierarchical security system environment.

According to one aspect of the present invention, a keyword is created by combining information unique to a user and at least one selected from identification information arbitrarily set by the user, and at least a keyword is created using the keyword. A data encryption method for encrypting digital data by setting a cryptographic conversion matrix that is an appropriate matrix (well posed matrix) having one inverse matrix and integrating the digital data and the cryptographic conversion matrix is proposed. Is done.

According to another aspect of the present invention, the user-specific information includes at least one of a user's address, name, date of birth, telephone number, ID number, password, and e-mail address. An encryption method is proposed that includes:

[0013] According to still another aspect of the present invention, the keyword can select an arbitrary combination uniquely determined by a user.

According to still another aspect of the present invention, an encryption matrix can be automatically generated using a keyword without the user's awareness, and information owned by the user can be automatically encrypted. .

According to still another aspect of the present invention, the cryptographic transformation matrix is automatically generated by combining a single or a plurality of modal matrices generated from eigenvectors of a single or a plurality of appropriate matrices. It encrypts the data automatically.

According to still another aspect of the present invention, the encryption transformation matrix automatically generates an encryption matrix using a single keyword or a plurality of wavelet transformation matrices having different basis functions, Automatically encrypt user-owned information.

According to yet another aspect of the present invention, the cryptographic transformation matrix is created using one or more modal matrices generated from eigenvectors of one or more suitable matrices and keywords. , Or a combination of a plurality of wavelet transform matrices having different basis functions.

According to still another aspect of the present invention, an encryption conversion matrix is set for each layer, and data is superimposed using the encryption conversion matrix of the layer and the conversion matrices of all layers below the layer. By the conversion, the user belonging to the upper layer can read the encrypted data of the layer and the lower layer, but cannot read the encrypted data of the upper layer.

According to still another aspect of the present invention, a keyword is created by combining information unique to a user and at least one selected from identification information arbitrarily set by the user, and using the keyword. To obtain an inverse matrix of a cryptographic transformation matrix that is a suitable matrix (well posed matrix) having at least one inverse matrix, and integrate the encrypted digital data and the inverse matrix of the cryptographic transformation matrix to obtain an encrypted matrix. A method for decrypting digital data is provided.

According to another aspect of the present invention, a keyword creating unit is formed by combining information unique to a user and at least one selected from identification information arbitrarily set by the user, Setting a cryptographic conversion matrix, which is a suitable matrix (well posed matrix) having at least one inverse matrix, and encrypts the digital data by multiplying the digital data and the cryptographic conversion matrix. Data encryption means, an inverse matrix calculation unit for calculating an inverse matrix of the appropriate matrix, and a data decryption unit that decrypts the encrypted digital data by integrating the encrypted digital data and the inverse matrix. A data encryption / decryption system having decryption means is provided.

The work of automatically encrypting all information owned by each user and decrypting the encrypted information by the individual user not only imposes a burden on the user on the encryption and decryption work but also requires software and hardware. Also takes a heavy burden.

According to the present invention, a desired encryption table is automatically generated when a user starts a session using a keyword set by the user, for example, a password, and the user is transferred to the encryption information owned by the user. At the time of access, information encrypted by the inner product operation between the encryption table (matrix) and the encrypted information (vector) is automatically decrypted and presented to the user. Further, at the time when the user ends the session, the encrypted information is automatically generated and stored by the inner product operation between the encryption table column (row) and the information (vector), so that the user can perform the encryption / decryption work. There is no need to be aware of

There are roughly two methods for carrying out the encryption and decryption operations in the present invention. One is a method in which the encryption and decryption operations are performed by an interpreter (sequential) method. In this method, a user always needs an encryption table while using the system. The other is a batch method in which an encryption table is automatically generated when a user accesses the system, and all encrypted information owned by the user is decrypted and presented. In this scheme, the encryption table is only needed at the beginning and end of the session, and there is no need to make the encryption table resident.

In order to perform the encryption and decryption operations according to the present invention, it is necessary to generate an encryption table according to a keyword set by the user. In order to completely restore the original information from the encrypted information, the encryption table must be an appropriate matrix having an inverse matrix. Since the inverse matrix calculation is the basis of the matrix operation, many algorithms that enable high-speed inverse matrix operation have been proposed. However, an increase in calculation load cannot be denied. A modal matrix whose inverse matrix is obtained by a simple transpose operation or a discrete-value orthogonal wavelet transform matrix substantially eliminates the need for the inverse matrix operation,
The computational load, both software and hardware, is minimized, and the only operations required for encryption and decryption operations are the generation of the encryption table and the inner product operation.

Also, a plurality of encryption tables are generated according to a keyword set in advance by the user.
9, 10, 11), write in the non-volatile memory, and when the user starts the session, call the plurality of encryption tables from the non-volatile memory and generate the encryption table that is actually used in the inner product operation between the matrices if,
The calculation load is reduced. Furthermore, a processor dedicated to inner product calculation, for example, a DSP chip (Digital Signal Processor)
If the hardware such as is installed (claim 12), the burden on the information processing / information communication device body is reduced, and the user does not need to be conscious of the encryption and decryption work.

FIG. 1 shows a procedure for generating an encryption table from a keyword, and FIG. 2 shows a procedure for encrypting original information. FIG. 3 shows a procedure for decrypting the encrypted information.
If the size of the information (order of the matrix) is larger than that of the encryption table, the size of the information (order of the vector) is divided according to the size of the encryption table. When the size of the information (the degree of the matrix) is smaller than that of the encryption table, it goes without saying that blanks and zero elements are appropriately added to the information vector to match the size of the encryption table.

[0027]

BEST MODE FOR CARRYING OUT THE INVENTION

FIG. 4 shows an example of color sample image information. FIG. 5 is an encryption table generated using the Debyssey second, fourth, and eighth order basis functions. FIG. 6 shows red, green, and blue component information of a color image encrypted by applying the encryption table of FIG. 5 to the color image information of FIG. FIG. 7 shows an example in which an attempt to decrypt the encrypted color image information of FIG. 6 using the encryption table generated by using the Debyssey secondary basis function has failed. FIG. 8 shows an encryption table generated by using the Debyssey 2, 4, and 8 order basis functions.
In this example, the attempt to decrypt the encrypted color image information failed, but the order of the inner product of the wavelet transform matrices was incorrectly set. FIG. 9 shows an example in which the encrypted color image information of FIG. 6 has been successfully decrypted using an accurate encryption table generated using the Debyssey second, fourth and eighth order basis functions.

[0028]

[Embodiment 2] FIG. 10 is an example of sample text information of half-width alphabets. FIG. 11 is an ASCII code display of the text written in the half-width alphabet of FIG. FIG. 12 is an encryption table generated from a modal matrix of a system matrix obtained by discretizing the second-order partial differential equation using a three-point finite difference formula. FIG. 13 is an example in which the text information shown in FIG. 10 is encrypted using the encryption table of FIG.

[0029]

Embodiment 3 FIG. 14 shows sample text information in Japanese double-byte. FIG. 15 shows an example in which the sample text information of FIG. 14 is encrypted using the encryption table of FIG.
FIG. 16 shows an example of decrypting the encrypted text information shown in FIG.

[0030]

As is clear from the first embodiment, the sample color image information shown in FIG. 4 is obtained by linear conversion using an encryption table (conversion matrix) obtained by combining a plurality of wavelet conversion matrices shown in FIG. Can be converted into the encrypted color image information shown in FIG. In addition, as shown in FIGS. 7 and 8, the encrypted color image information cannot be decrypted unless an encryption table determined by the keyword is used. As shown in the second and third embodiments, encryption can be performed for half-width characters or full-width characters. The encrypted character information cannot be decrypted without using an encryption table determined by the keyword. Accordingly, the present invention provides a method and apparatus for individually and automatically encrypting all information owned by a user, thereby realizing a fair and robust security system. It is needless to say that a hierarchical encryption system can be constructed by limiting the combinations of the modal matrix and the wavelet transform matrix for generating the encryption table.

[Brief description of the drawings]

FIG. 1 shows a cryptographic table generation procedure using a keyword.

FIG. 2 is a procedure for generating encrypted information using an encryption table.

FIG. 3 is a procedure for decrypting encrypted information.

FIG. 4 is an example of color sample image information.

FIG. 5 is an encryption table generated by using Debyssey second-, fourth-, and eighth-order basis functions.

FIG. 6 is a diagram showing the color image information shown in FIG. 4;
Is red, green, and blue component information of a color image encrypted by applying the encryption table shown in FIG.

FIG. 7 is an example in which an attempt to decrypt the encrypted color image information of FIG. 6 using the encryption table generated using the Debyssey secondary basis function has failed.

FIG. 8 shows an attempt to decrypt the encrypted color image information of FIG. 2 (c) using an encryption table generated using Debyssey's second, fourth and eighth order basis functions. This is an example in which the order of the inner product operation of the transformation matrix is mistaken and fails.

FIG. 9 is an example in which the encrypted color image shown in FIG. 6 has been successfully decrypted using an encryption table generated using Debyssey second, fourth, and eighth order basis functions.

FIG. 10 is an example of sample text information of a half-width alphabet;

FIG. 11 is an ASCII code display of text written in half-width alphabets of FIG. 10;

FIG. 12 is an encryption table generated from a modal matrix of a system matrix obtained by discretizing a second-order partial differential equation using a three-point finite difference formula.

FIG. 13 is an example in which the text of FIG. 10 is encrypted using the encryption table of FIG.

FIG. 14 is sample text information written in Japanese two-byte characters.

FIG. 15 is an example in which the sample text information of FIG. 14 is encrypted using the encryption table of FIG.

FIG. 16 is an example in which the encrypted information in FIG. 15 is decrypted.

Claims (10)

[Claims] 1. A keyword is created by combining information unique to a user and one or more selected from identification information arbitrarily set by a user, and a keyword having at least one inverse matrix using the keyword is created. A data encryption method for encrypting digital data by setting a cryptographic conversion matrix, which is a well-posed matrix, and integrating the digital data and the cryptographic conversion matrix. 2. The information unique to the user includes a user's address, name, date of birth, telephone number, ID number, password,
2. The encryption method according to claim 1, wherein at least one of the e-mail addresses is included. 3. The keyword according to claim 1, wherein an arbitrary combination determined by the user can be selected, and the keyword can be automatically updated at an arbitrary date and time determined by the user. Or the method of any one of 2. 4. The method according to claim 1, wherein an encryption matrix is automatically generated by using a keyword without being aware of the user, and information owned by the user is automatically encrypted.
4. The method according to any one of items 1 to 3. 5. The cryptographic conversion matrix is automatically generated by combining a single or a plurality of modal matrices generated from eigenvectors of a single or a plurality of appropriate matrices. The method according to any one of claims 1 to 4, wherein the data is encrypted. 6. The encryption transformation matrix automatically generates an encryption matrix using a single keyword or a plurality of wavelet transformation matrices having different basis functions, and automatically generates information owned by a user. 5. The method according to claim 1, wherein the data is encrypted. 7. The cryptographic transformation matrix includes a single or a plurality of modal matrices generated from eigenvectors of a single or a plurality of appropriate matrices, and a single or a basis function created using a keyword. The method according to any one of claims 1 to 4, wherein the method is created by combining a plurality of different wavelet transform matrices. 8. A cryptographic conversion matrix is set for each layer, and data is superimposedly converted using the cryptographic conversion matrix of the layer and the conversion matrices of all layers below the layer. A layered encryption method in which the user belonging to the system can read the encrypted data of the layer and the lower layer, but cannot read the encrypted data of the upper layer. 9. A keyword is created by combining information unique to a user and one or more selected from identification information arbitrarily set by the user, and an appropriate matrix having at least one inverse matrix using the keyword is created. Decryption of the encrypted digital data by calculating the inverse matrix of the cryptographic transformation matrix, which is a well-posed matrix, and multiplying the encrypted digital data by the inverse matrix of the cryptographic transformation matrix. Method. 10. A keyword creation unit combining information unique to a user and at least one selected from identification information arbitrarily set by the user, and at least one inverse matrix using the keyword. Appropriate matrix (well pos
data encryption means for setting a cryptographic conversion matrix, which is an ed matrix), for encrypting the digital data by integrating the digital data and the cryptographic conversion matrix, and an inverse of the appropriate matrix. A data encryption / decryption system comprising: an inverse matrix calculation unit that calculates a matrix; and data decryption means that decrypts the encrypted digital data by integrating the encrypted digital data and the inverse matrix.