JP2006040186A - Method and device for preventing leak of secret information - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To technically prevent leak of secret information by an unauthorized person without relying on people's moral. <P>SOLUTION: A device 21A having a transformation table to transform a secret character code into a temporal character code, an inverse transformation table which is opposite of the transformation table (40) and a decoding part which takes out corresponding glyph data from a font ROM 211b based on an address mapping table RAM 211a and rasterizes it in a bitmap development part 211r is coupled to a communication path between a server and a client, (a) the secret character code from the server is transformed into the temporal character code based on the transformation table, transmitted to the client, (b) the temporal character code from the client 11 is transformed into the secret character code based on the inverse transformation table, transformed into a glyph image by the decoding part, transmitted to the client 11 and (c) the transformation table and the inverse transformation table are updated at predetermined timing. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to a method and apparatus for preventing confidential information from leaking outside from a computer connected to a network.

  Advances in technology such as encryption, authentication, and firewalls have increased information security in network communications.

  However, since information is accessed by humans, it is a social problem that information managers and employees who are given passwords can illegally take out confidential information such as personal information and transaction information. .

  This problem is that a large amount of secret information can be transmitted and received in a short time or stored in a small hard disk or IC memory card by increasing the speed of the processor, increasing the capacity of the storage device, and data compression technology. Is even larger.

  On the other hand, it is planned to build an e-government by using a computer network to improve not only operational efficiency but also administrative services and transparency.

  For this reason, it is required to technically prevent leakage of confidential information without depending on human morals.

  In the following Patent Document 1, the font is stored in the memory, the presence / absence of a control command from the user to the document data processing system is monitored by a timer, and the font arrangement is shifted when the control command is not set, A method is disclosed in which the readability of document content to a third party is lowered and the document content is made readable by performing a reverse shift by authentication of a password by a user.

  In Patent Document 2 below, column item data used for search is encrypted using a common column key, and a unique row key is used for each row for other column item data. Thus, a method for improving security by encrypting is disclosed.

  However, any of these methods is a password method, and if the password is input, the encryption is decrypted, so that it is not possible to prevent leakage of secret information by an unauthorized person.

In addition, if a copyrighted work can be browsed on the Internet by converting a copyrighted work such as an encyclopedia, novel, cartoon, or periodicals into an electronic file, it is convenient for the user and an increase in use can be expected. However, publishers have to give up because there is a risk that copies will be available even if paid viewing is possible.
JP 2001-22739 A JP 2001-101055 A

  In view of the above problems, an object of the present invention is to provide a secret information leakage prevention method and apparatus capable of technically preventing secret information leakage by an unauthorized person without depending on human morals.

According to a first aspect of the secret information leakage preventing method of the present invention, in the secret information leakage preventing method for preventing leakage of data received by a client from a server by an unauthorized person, a display device is coupled to the client (FIG. 1). ),
A secret character code decoding device comprising a font storage unit and a decoding unit for retrieving the corresponding glyph data from the font storage unit in response to the secret character code;
(A) Perform mutual authentication between the secret character code decryption device and the client and between the client and the server, and if the result is valid,
(B) In response to the request from the client, the server transmits data including a secret character code;
(C) The client sends the secret character code to the secret character code decryption device to request decryption;
(D) The secret character code decryption apparatus has a step of retrieving glyph data corresponding to the secret character code from the font storage unit via the decryption unit in response to the decryption request and transmitting the glyph data to the client.

In the second aspect of the secret information leakage prevention method according to the present invention (FIG. 12), a conversion unit comprising a conversion table for converting a character code (ordinary character code or secret character code, the same shall apply hereinafter) into a temporal character code; Both an inverse conversion unit having an inverse conversion table for inversely converting a temporal character code into a character code, and a decoding unit for extracting glyph data corresponding to the character code from the font storage unit based on the first address mapping table, It is coupled to a communication path that couples the server and the client, or prepared in the server,
(A) The character code from the server or the character code at the server is converted into a temporal character code based on the conversion table and transmitted to the client;
(B) In response to a request from the client, a temporal character code is converted into a character code based on the inverse conversion table, the character code is decoded based on the first address mapping table, and glyph data is obtained. To the client,
(C) Updating the conversion table and the reverse conversion table at a predetermined timing In the third aspect of the secret information leakage prevention method according to the present invention (FIGS. 20 and 21), a character code is converted into a temporal character code. A conversion unit having a conversion table, an inverse conversion unit having an inverse conversion table for inversely converting a temporal character code into a character code, and for extracting corresponding glyph data from the client-side font storage unit based on the character code Any of the first address mapping table storage unit including the first address mapping table is coupled to the communication path that couples the server and the client, or is prepared in the server.
A table update process, a character code conversion process, and a decryption process;
In the table update process,
(A) Updating the conversion table and the reverse conversion table at a predetermined timing, and based on the first address mapping table and the updated reverse conversion table, glyph data corresponding to a temporal character code is converted into the font Updating the second address mapping table for retrieval from the storage unit;
(B) Each time the second address mapping table is updated, this is sent to the client,
In the character code conversion process,
(C) The character code from the server or the character code at the server is converted into a temporal character code based on the conversion table and transmitted to the client;
In the decryption process,
(D) In the client, glyph data corresponding to the temporal character code is acquired from the font storage unit based on the second address mapping table.

In a fourth aspect of the secret information leakage prevention method according to the present invention, in the second or third aspect, the conversion unit includes a plurality of different conversion tables (FIG. 22).
The inverse conversion unit includes a plurality of the inverse conversion tables corresponding to the plurality of conversion tables (FIG. 23),
In the step (a), one of the plurality of conversion tables is selected according to the column position of the character code string included in the record from the server,
In the client, the column position is associated with the character display area,
In step (b), a temporal character code string from the client is selected from one of the plurality of inverse conversion tables according to the character display area.

In a fifth aspect of the secret information leakage prevention method according to the present invention, mutual authentication is performed between a device having the first address mapping table and the client and between the client and the server, and the result is valid. If not, the first address mapping table is rewritten or deleted (FIG. 4, SB).

In one aspect of the server according to the present invention,
The server itself where the data is stored,
A code conversion unit (FIG. 34, 401A) having a conversion table for converting a code into a secret code;
A control unit (301A) that receives a character code or binary code from the server body, supplies the character code or binary code to the code conversion unit, obtains a secret character code or secret binary code, and transmits the secret character code or client to the client.

  Note that “receive from client” means to receive directly or indirectly from the client. The same applies to “from server” and transmission. “Indirect” refers to a case of transmitting via an authentication server as described in the eleventh embodiment, for example.

  According to the configuration of the first aspect, since the correspondence between the secret character code and the ordinary character code is unknown in the client, even if a file including the secret character code remains in the storage device of the client, there is no readability. In addition, since the decryption process is performed by the secret character code decryption device only when the mutual authentication results between the secret character code decryption device and the client and between the client and the server are valid, the leakage of secret information by an unauthorized person is prevented. It can be technically prevented.

  According to the configuration of the second aspect, since the secret character code changes temporarily, there is no readability even if a file containing this character code is taken out, and the secret information leakage by unauthorized persons is technically and more reliably prevented. It becomes possible.

  According to the configuration of the third aspect, since the contents of the first address mapping table cannot be known from the contents of the second address mapping table and the second address mapping table is temporarily updated, the secret character Even if the content of the file containing the code is viewed later, it cannot be analyzed and the meaning becomes unknown, and it is possible to technically prevent leakage of confidential information by an unauthorized person.

  In addition, since the client has the second address mapping table and the font storage unit, it is possible to draw characters faster than in the first and second embodiments.

  According to the configuration of the fourth aspect, since the secret character code changes temporarily not only on the time axis but also on the space axis, security can be further improved.

  According to the configuration of the fifth aspect, since an attempt to decipher the contents of the first address mapping table by an unauthorized person is prevented, security can be further improved.

  According to the server of the above aspect, it is possible to apparently convert the data stored in the server body into a secret code with a simple configuration. Moreover, since the secret character code or the secret binary code is temporarily changed by changing the conversion table temporarily, secrecy can be more reliably performed with a simple configuration.

  Other objects, configurations and effects of the present invention will become apparent from the following description.

  Embodiments of the present invention will be described below with reference to the drawings. In the drawings, the same or similar elements are denoted by the same or similar reference numerals.

  The “glyph data” in the present specification and claims may be either vector data before bitmap development or image data developed by bitmap.

  “Client” means a client computer or an application program executed on the client computer. The same applies to “server”.

  The secret information means information that is restricted from being disclosed, and includes personal information, in-house information, in-group information, transaction information, paid information, and the like. Whether it is confidential information depends on the combination of information. For example, only the name is not confidential information, but becomes secret information when the name, address, age, hobby, etc. are combined.

  “Secret character code” means a unique character code different from ordinary character codes such as JIS code and Unicode. The “temporal character code” means a unique character code that is temporarily used, and is a kind of secret character code.

  In addition, simply saying “application program” means an application program that is permitted to be used in the present system using a secret character code. The phrase “execution of ~ in an application program” includes the case of execution in an external module such as a DLL used in the application program.

  FIG. 1 is a schematic block diagram showing a computer network system according to the first embodiment of the present invention.

  The server 10 and the N clients 11 to 1N are network-coupled, and the secret character code decrypting devices 21 to 2N are coupled to the clients 11 to 1N, respectively. This network is a LAN or the Internet.

  The server 10 is a database server, a web application server (an application server that also functions as a web server), a combination of a database server and a web application server, or a combination of a database server and a web server using a CGI program, In order to be used by authorized users, all or part of the secret information is stored using a secret character code.

  The server 10 includes information on the client computer permitted to acquire the confidential information (computer authentication password, mac address, MPU, etc.) and information on the application program permitted to operate on the client computer (program name, version and serial number). Number) and authentication information (ID and password) of the authorized user are registered as verification data.

  The clients 11 to 1N store collation data for confirming the secret character code decryption devices 21 to 2N and collation data for confirming the server 10, respectively. The authentication between the secret character code decryption devices 21 to 2N and the server 10 can be performed when the clients 11 to 1N have collation data for confirming the secret character code decryption devices 21 to 2N.

  Similarly, the secret character code decrypting devices 21 to 2N store collation data for confirming the clients 11 to 1N that are permitted to use the secret character code decrypting devices 21 to 2N, respectively.

  FIG. 2 is a block diagram showing a schematic hardware configuration of the client 11 and the secret character code decrypting device 21 in FIG.

  The client 11 is an ordinary computer system, and a video RAM 111, an input interface 112, a communication interface 113, a storage device 114, and a communication interface 115 are coupled to the MPU 110 by a bus. In FIG. 2, only one type of bus is shown for simplicity. A display device 117 is coupled to the video RAM 111 via a video controller 116, and an input device 118 and the server 10 are coupled to the input interface 112 and the communication interface 115, respectively.

  The storage device 114 includes a RAM, a ROM, and an external storage device, and an OS (operating system) and application programs are stored in the external storage device.

  On the other hand, in the secret character code decryption device 21, a storage device 211, a communication interface 212, and an IC memory card adapter 213 are coupled to the MPU 210 via a bus. The communication interfaces 212 and 113 are connected by a communication path. The storage device 211 includes a ROM and a RAM.

  FIG. 3 is a functional block diagram of the secret character code decrypting device 21 of FIG.

  The system control unit 30, authentication unit FIG. 35, and timer FIG. 35 are configured by the MPU 210, the storage device 211, the program stored in the ROM of the storage device 211, and the work area of the RAM. The address mapping table RAM 211a, font ROM 211b, ordinary character code conversion table RAM 211c, and collation data ROM 211d are included in the storage device 211 of FIG. The IC memory card 33 is attached to the IC memory card adapter 213 when data is written to the address mapping table RAM 211a and the ordinary character code conversion table RAM 211c as described later. When this writing is completed, the IC memory card 33 is removed from the IC memory card adapter 213. Is done.

  FIG. 4 is a schematic flowchart showing processing when an application program is started on the client computer.

  (S0) First, a user authentication input screen is displayed.

  (S1) In response to this, the user inputs the user ID and password.

  (S2, S3) If the ID and password are not permitted to use the application program, the process returns to step S0 to prompt the user to input again, and if not, the process proceeds to step S4.

  (S4) A hash value is calculated based on the collation data including the user authentication data, the application program information, and the client computer information input in step S1.

  (S5) Mutual authentication is performed with the server according to a security protocol, for example, IKE (Internet Key Exchange) protocol.

  (S6) If valid, go to step S7, otherwise go to step SA.

  (S7) In accordance with the IKE protocol, mutual authentication is similarly performed with the secret character code decrypting device 21.

  (S8) If valid, proceed to step S9, otherwise proceed to step SB.

  (S9) A request such as a query is made to the server, and information supplied from the server is acquired in response to the request. In this process, the authentication in step S5 is performed at the start of each session in which data is transmitted to or received from the server.

  (SA) An e-mail notifying that an abnormal situation has occurred is sent to the system administrator, and the application program is terminated.

  (SB) To prevent data theft by an unauthorized person, the contents of the table RAMs 211a and 211c are rewritten or erased, and then the power of the secret character code decrypting device 21 is forcibly turned off or the process is terminated. That is, in order to prevent the contents of the table RAMs 211a and 211c from being decrypted by an unauthorized person, the secret character code decrypting device 21 has a self-destructing function relating to the contents of the RAM.

  FIG. 5 is a search screen displayed by the client application program in step S9 of FIG. This program is a browser when the server 10 includes the above-described Web server (or Web application server, the same applies hereinafter), and when the server 10 is a database server, a database is stored via the database management system (DBMS). (A browser is one of these programs).

  In either case, the ordinary character code decoded by the glyph drawing program in the OS library and the font incorporated in the OS and the secret character code decoded by the secret character code decoding device 21 are used.

  For example, the secret character code is used only in the text boxes TB1 to TB3 for displaying the input of the search keyword, and the normal character code is used for the other text box and the character of the object such as the label. These objects have a flag indicating that they are ordinary character codes or secret character codes as attributes (variables used in the program). For example, the flag of the text boxes TB1 to TB3 is “1”, and the others are “0”. The object attributes include the position and size of the text box and the like, the name and size of the font, and the like as in the past. Details of these conventional processing relating to attributes will be omitted.

  In FIG. 5, when a search button on the screen (window) is pressed, a query including data on the input screen, for example, a select statement in SQL language, is transmitted to the server 10. At this time, in the first embodiment, it is not necessary to add the secret character string start code and the secret character string end code to the secret character code string. That is, since the query text excluding the search keyword is expressed using the ordinary character code, the server 10 does not need to distinguish between the ordinary character code and the secret character code, and uses the existing program as it is. be able to. However, the database on the server side converts the ordinary character code into the secret character code for the predetermined secret information column.

  The byte lengths of the ordinary character code and the secret character code may be different, but the same length is used so that the existing database need not be changed as much as possible and high-speed processing can be performed while avoiding an increase in the amount of data.

  When the subset table as a search result is transmitted from the server 10 to the client 11 (sent to the client application program), the processing described later is performed, and the search result as shown in FIG. The That is, the number of hits and the current record number in the subset table are displayed, and the record data of this number is displayed in a card format. In FIG. 6, for example, only the text boxes TB4 to TB9 and TBa to TBe are provided with a character field of a secret character code.

  When the application program is a browser, an attribute (secret attribute) indicating whether it is a normal character code or a secret character code is defined for the font tag used in the HTML file (or XML file) Set attributes. As will be described later, the application program displays (decodes) characters on the screen using the OS or the glyph drawing program of the secret character code decoding device 21 according to the secret attribute. When the application program is a browser, this process may be realized by a plug-in module for the browser.

  When the search result is received from the server 10, the application program tries to insert the data of each field of the record into the corresponding text box. At this time, execution of a PRINT subroutine for drawing characters on the screen is started by the application program, and the processing shown in FIG. 7 is performed. The PRINT subroutine is, for example, a program in a DLL (Dynamic Link Library).

  (S10) If the flag of the secret attribute of the display field is “0”, the process proceeds to step S11, and if it is “1”, the process proceeds to step S13.

  (S11) A normal PRINT process is requested to the character drawing program in the OS library. By this program, corresponding glyph data is acquired, and if this is vector font data, further bitmap development (rasterization) is performed.

  More specifically, in this request, the size of the rectangle to be drawn, font name (font ID), font size, line spacing, etc. are passed to the OS program as arguments. The OS returns the glyph image drawn in accordance with the size of the rectangle and the width of each character to the application program. The width for each character is used by the application program to correctly display the cursor position at a predetermined position. In the case of a proportional font, the character width differs depending on the character and font type.

  (S12) The address corresponding to the display position coordinates, which are the attributes of the object, is designated, bitmap data is written into the video RAM 111, and the PRINT subroutine is terminated.

  (S13) The application program adds the secret character string start code and the secret character string end code to the secret character code string, and transmits it to the communication interface 212 (S13-1).

  When this start code is added, the system control unit 30 sequentially supplies the next secret character code to the address input terminal of the address mapping table RAM 211a. As a result, an address for acquiring the corresponding glyph data is supplied from the table RAM 211a to the font ROM 211b, and the glyph data is read from the font ROM 211b. When the font is a vector font, this glyph data is bitmap-developed by the bitmap developing unit 211r, and when the font is a bitmap font, it passes through the bitmap developing unit 211r. The system control unit 30 transmits the glyph image to the client 11 via the communication interface 212.

  Upon receiving this (S13-2), the application program of the client 11 performs the process of step S12.

  It should be noted that since the processes of step S10 in FIG. 7 and steps S13-1 and S13-2 of step S13 are performed without changing the main body of the existing application program, these processes are performed through a dedicated module. preferable. When the application program is a browser, these processes are performed by the plug-in module as described above. In step S13, since the secret character code string is transmitted as a unit, by transmitting a decryption request start signal to one or a plurality of secret character code strings, the reception side starts the secret character string start code for each secret character code string. The secret character string end code may be added, or the secret character string may be determined and decrypted without adding them.

  The format of the glyph data may be the same as that of the font that the OS has.

  In FIG. 6, when the keyboard is operated to enter characters in the text box, a key input interrupt occurs, and when the front end processor (FEP) is on, the confirmation process is performed by pressing the character confirmation key. When a character is drawn and FEP is off, the character is determined by only key input and the character is drawn. In response to the end of character drawing, the application program checks the secret attribute of the corresponding text box, and if this is ‘1’, transmits a code conversion request to the device 21 together with the determined ordinary character code. Since the device 21 can regard reception of one character code as a code conversion request, the code conversion request is not essential.

  In response to this, the system control unit 30 supplies this ordinary character code to the address input terminal of the conversion table RAM 211c, reads out the secret character code, and transmits it to the client 11. The application program replaces the corresponding ordinary character code in the text box with this secret character code.

  In FIG. 6, after entering a character string in a text box, when a registration button or an update button on the screen is pressed, a query corresponding to this is described in, for example, the SQL language and transmitted to the server 10.

  In the first embodiment, the correspondence between the secret character code and the ordinary character code is unknown in the client, and only when the client and the application program are authenticated by the secret character code decryption device 21, Since the decryption process is performed, even if a file containing the secret character code remains in the client storage device, the character corresponding to the secret character code has no meaning if viewed by another application program. As a result, it is possible to technically prevent leakage of confidential information by unauthorized persons.

  The PRINT subroutine can be similarly applied to a printer. In this case, printing permission / prohibition is preset for each user ID, and printing is permitted / prohibited based on this.

  When the contents of the address mapping table RAM 211a and the ordinary character code conversion table RAM 211c are rewritten or erased by the self-destruction function described above, the contents need to be written again. If the person who writes the contents reads the contents of the table RAMs 211a and 211c, the security is not ensured. In addition, it is preferable in terms of business execution that the contents can be easily and quickly written into the table RAM 211a.

  Therefore, when the secret character code decoding device 21 is powered on, the system control unit 30 performs the process shown in FIG. At this time, the authentication function and key input function of the client 11 are used.

  (S20) Timer FIG. 35 is activated. Timer The time-up time in FIG. 35 is set in advance.

  (S21) The same processing as steps S0 to S7 in FIG. 4 is performed to perform mutual authentication with the client 11, and to cause the client to perform mutual authentication between the client 11 and the server 10, and the result Wait for.

  (S22) If this result is valid, the process proceeds to step 23; otherwise, the process proceeds to step S26.

  (S23) The input device 118 of the client 11 is operated to input a password for determining a random number sequence. When the result is transmitted to the communication interface 212 and received by the system control unit 30, the process proceeds to step S25, and if not, the process proceeds to step S24.

  (S24) If it is not timed out, the process returns to step S23; otherwise, the process proceeds to step S26.

  (S25) The system control unit 30 performs random writing from the IC memory card 33 to the address mapping table RAM 211a by the processing shown in FIG. 9, and similarly, from the IC memory card 33 to the ordinary character code conversion table RAM 211c. Random writing is performed, and the process proceeds to step S9 in FIG. If the timer expires during writing, the process proceeds to step S26.

  (S26) The contents of the RAMs 211a and 211c are rewritten or erased in order to prevent data theft by unauthorized persons.

  (S27) The system control unit 30 turns off its own power or ends the process.

  Next, with reference to FIG. 9 and FIG. 10, the writing process to the address mapping table RAM 211a in step S25 will be described in detail.

  (S30) A random number generation sequence is determined by determining the value of the parameter p of the random number generation function based on the password received in step 23. For example, the password q is substituted into a predetermined function F (q) to obtain the parameter value p = F (q), thereby determining a random number generation sequence.

  (S31) The initial value 0 is substituted into the variable i when the write address of the address mapping table RAM 211a is 8000 + i. It is assumed that the write address range of the address mapping table RAM 211a is 8000 to 8000 + imax.

  (S32) Using the random number generation function RND, a random number j = Int (imax · RND) in the range of 0 to imax is obtained. Here, Int () is a function that converts the value in parentheses into an integer. RND is a floating point number ranging from 0 to 1.0.

  The value of the random number j is stored, and if j is the same value as the random number generated so far, the random number is generated until it becomes a different value to determine j. Although such a method is used for simplification of explanation, this method requires a long time. In practice, for example, the method shown in FIG.

  (S33) The contents of the address j of the IC memory card 33 (denoted as (j)) are written in the address 8000 + i of the address mapping table RAM 211a.

  (S34) Increment i by 1.

  (S35) If i is less than or equal to the maximum value imax, the process returns to step S32; otherwise, the process ends.

  The reason why predetermined data can be written into the address mapping table RAM 211a by such a method is as follows. That is, in FIG. 10, it is assumed that the address mapping table on the right side is predetermined data. Using the same program as the random number generation program of the system control unit 30, the parameter value p defining the random number generation sequence is also the same, and the i-th random number j in step S32 is obtained. The contents of address 8000 + i in the address mapping table are written to address j of the IC memory card 33. By doing so, predetermined data can be written in the address mapping table RAM 211a by the processing shown in FIG.

  Since the function p = F (q) is used in the system control unit 30, even if the random number generation function and the password are known, the parameter value p that determines the random number generation sequence is unknown. For this reason, the contents written in the address mapping table RAM 211a and the ordinary character code conversion table RAM 211c cannot be obtained from the contents of the IC memory card 33.

  Acquisition of glyph data is performed as follows. For example, when the content 5A38 of the address 8000 is extracted from the address mapping table of FIG. 10 and the font ROM 211b is addressed, the leading data of the glyph data of the character “A” is read as shown in FIG. The address of the font ROM 211b is incremented until the END mark is output, and the glyph data of the character “A” is sequentially output.

  In the key input process, normal processing is performed regardless of the secret attribute. When the secret attribute is “1”, the unconverted flag is set to “1”, and immediately before data is transmitted to the server. The ordinary character code may be converted into the secret character code string by the table RAM 211c by adding the conversion start code and the conversion end code to the ordinary character code string and transmitting them to the secret character code decoding device 21.

  Moreover, you may couple | bond the secret character code decoding apparatuses 21-2N between the server 10 and the clients 11-1N, respectively. In this case, the conversion to the secret character code string can be performed during the transmission of data to the server. This also applies to the following embodiments.

  Further, the secret character code decoding device is housed in a strong housing, and when the housing is opened or opened after the set time of the timer is exceeded, this is detected by a sensor so that the self-destruction function is activated. Is desirable.

  Further, in order to increase the processing speed, the bitmap development processing may be performed on the server 10 side by providing the bitmap development unit 211r on the server 10 side without providing the bitmap development unit 211r in FIG.

  In this case, it is preferable to use a special font ROM 211b and a bitmap expansion unit 211r in order to increase security. That is, the glyph data is encrypted. For example, vector font glyph data obtained by converting coordinate values according to a predetermined rule or using a table is used. Then, as a pre-processing in the bitmap development unit, the coordinate values are inversely transformed (decoded), and then a normal bitmap development process is performed. Furthermore, in the firmware or subroutine that is the bitmap development unit, the process may be accepted only when the application program that requested the process is a predetermined one.

  If such special vector fonts and bitmap development units are used in word processing software, spreadsheet software, presentation software, etc. regardless of the above embodiment, files created with these software are taken out to the outside. Since the characters cannot be decrypted, it is possible to prevent leakage of secret information.

  Further, the processing in step S11 (and S12) in FIG. 7 may be processed by a unique program without requesting the OS.

  If the secret character code is fixed, the correspondence between the secret character code and the character may be known, and leakage of secret information cannot be prevented. In the first embodiment, security can be improved by rewriting the database by changing the secret character code on the server 10 side during idle time. However, frequent changes are not possible if the database utilization is high.

  Therefore, in the second embodiment of the present invention, the secret character code can be changed temporarily.

  FIG. 12 is a schematic block diagram showing a computer network system according to the second embodiment of the present invention.

  The server 10 is coupled to clients 11 to 1N via temporal character code creation / decoding devices 21A to 2NA, respectively. The same secret character code as in the first embodiment is used in the database of the server 10.

  When transmitting a character code from the server 10 to the client 11, the temporal character code creating / decoding device 21A converts the secret character code into a temporal character code, and when transmitting a character code from the client 11 to the server 10, The code creation / decryption device 21A reversely converts the temporal character code into a secret character code. In this way, the secret character code on the client 11 side can be changed temporarily without changing the secret character code of the server 10. This change is performed at a predetermined timing. For example, every time a search result (subset table) is returned from the server 10 to the client 11, it is performed by the temporal character code creating / decoding device 21A.

  The temporal character code creation / decoding devices 22A to 2NA are the same as the device 21A. The devices 21A to 2NA can have different conversion tables and reverse conversion tables, which further enhances security. Except for the contents of these tables, the devices 21A to 2NA have the same configuration.

  FIG. 13 is a block diagram showing a schematic configuration of the temporal character code creating / decoding device 21A.

  Since time-division parallel processing is possible by packet communication, this apparatus is coupled to the client 11 and the server 10 by one communication interface 212.

  In the temporal character code creation / decoding device 21A, the code conversion / inverse conversion unit 40 of FIG. 14 partially showing the function is added to the configuration of FIG. The code conversion / inverse conversion unit 40 may be composed of dedicated hardware, a computer and its software, or both.

  The code conversion unit 401 including the code conversion table RAM 41A is used during transmission of data from the server 10 to the client 11. The code reverse conversion unit 402 including the code reverse conversion table RAM 41B transmits data from the client 11 to the server 10. Used on the way.

  Since only the secret character code is converted / reversely converted, the code conversion / inverse conversion unit 40 needs to know which portion is the secret character code. Therefore, in the second embodiment, when data is transmitted from the server 10 to the code conversion / inverse conversion unit 40 and when data is transmitted from the client 11 (application program) to the code conversion / inverse conversion unit 40, the secret character code is used. A secret character code string start code and end code are added to the column. In the following, the start code and the end code of the secret code character string are represented as / S and / E, respectively.

  When the code conversion / inverse conversion unit 40 receives data from the server 10, the determination unit 42A determines whether the character code is / E, and the determination unit 43A determines whether the character code is / S. To do.

  When it is determined that / S, the flag (flip-flop) 44A is set, and the changeover switch 45A is switched to the addition / subtraction unit 46A side. As a result, the secret character code X next to / S is supplied to the adder / subtractor 46A, and from this value, a constant offset value OFV1 is subtracted (may be negative subtraction) by the adder / subtractor 46A, and the code conversion is performed. ADR = X-OFV1 is supplied to the address input terminal of the table RAM 41A.

  In response to this, a secret character code (temporal character code) Y after conversion is output from the data output terminal of the code conversion table RAM 41A in the read state. The temporal character code Y is transmitted to the client 11 via the system control unit 30X and the communication interface 42 of FIG. Such processing is performed for each character code of the secret character code string. The offset value OFV1 is a constant for adjusting the relationship between the address range of the code conversion table RAM 41A and the range of the secret character code. The offset value OFV1 can be set to 0 and the addition / subtraction unit 46A can be omitted.

  When / E is detected by the determination unit 42A, the flag 44A is reset and the changeover switch 45A is switched, and the next data of / E is not converted and is converted via the system control unit 30X and the communication interface 42 in FIG. To the client 11.

  The same applies to the flow of data from the client 11 to the server 10, and the constituent elements 41B to 46B correspond to the constituent elements 41A to 46A, respectively.

  The temporal character code string received by the client 11 is drawn as follows.

  That is, the above-described PRINT subroutine is executed, and the data of the temporal character code string to which the start and end codes are added is transmitted to the system control unit 30X. In response to this, the system control unit 30X converts the data into the code reverse code. The data is supplied to the conversion unit 402 to be converted into a secret character code string, and the secret character code is sequentially supplied to the address input terminal of the address mapping table RAM 211a. The subsequent processing is the same as in the first embodiment.

  Next, as described in the first embodiment, when a character is confirmed by performing a key input operation on the client 11, if the secret attribute is “1”, a code conversion request code is transmitted to the apparatus 21A together with the confirmed ordinary character code. Is done. In response to this, the system control unit 30X supplies this ordinary character code to the address input terminal of the table RAM 211c to read out the secret character code, and supplies it to the code conversion unit 401 to convert it into a temporal character code. To the client 11. In response to this, the client 11 performs the character code replacement described in the first embodiment.

  FIG. 15 is a flowchart showing a method for updating the contents of the code conversion table RAM 41A randomly and at high speed by the table creation unit 403.

  The range of the secret character code and the range of the temporal character code need not be the same, but are assumed to be the same range CCmin to CCmax for simplicity. Further, the range of the address ADR = X-OFV1 of the code conversion table RAM 41A is AL to AH, that is, AL = CCmin-OFV1, AH = CCmax-OFV1.

  (S40) All the contents of the code conversion table RAM 41A are cleared to zero, and the initial value CCmin is substituted for the value i stored in the code conversion table RAM 41A.

  (S41) The parameter value p that determines the random number generation sequence of the random number generation function RND is changed. The parameter value p is set to a random value based on, for example, values related to the current date and time.

  (S42) Int (AH * RND + AL) is substituted into the variable ADR.

  (S43) If the stored content (ADR) of the address ADR is 0, it is undecided, so the process proceeds to step S44. Otherwise, the process proceeds to step S47.

  (S44) The value i is stored in the address ADR.

  (S45) The value of i is incremented by 1.

  (S46) If i ≦ CCmax, the process proceeds to step S42, and if not, the process ends.

  (S47) The process may return from step S43 to step S42. However, as the value of i increases, the probability of returning from step S43 to step S42 increases and the overall processing time becomes longer. In step 2, the process proceeds to step S47 and the following processing is performed.

  If the value of i is an even number, the process proceeds to step S48, and if not, the process proceeds to step S4B.

  (S48) The value of ADR is incremented by 1.

  (S49) If ADR ≦ AH, the process returns to step S43, otherwise the process proceeds to step S4A.

  (S4A) The minimum value AL of the address range is assigned to ADR, and the process returns to step S43.

  (S4B) The value of ADR is decremented by 1.

  (S4C) If ADR ≧ AH, the process returns to step S43, otherwise, the process proceeds to step S4D.

  (S4D) The maximum value AH of the address range is assigned to ADR, and the process returns to step S43.

  In this way, the contents of the temporary code conversion table RAM 41A can be determined randomly and at high speed.

  The contents of the code reverse conversion table RAM 41B are obtained by writing the value X to the address Y-OFV2 of the code reverse conversion table RAM 41B for each Y of CCmin ≦ Y ≦ CCmax.

  Returning to FIG. 13, the temporal character code creation / decoding device 21 </ b> A does not include the timer diagram 35, the IC memory card adapter 213, and the IC memory card 33 of FIG. 3. When data is written in the address mapping table RAM 211a and the ordinary character code in the table RAM 211c, for example, after mutual authentication between the computer (not shown) of the maintenance company of the device 21A and the device 21A, the computer via the telephone line The password in step S23 of FIG. 8 and the data having the same contents as the IC memory card 33 and the ordinary character code in the table RAM 211c are transmitted to the device 21B by encrypted communication, and the encryption is decrypted by the communication interface 212. Next, data is written into the address mapping table RAM 211a and the ordinary character code conversion table RAM 211c by the system control unit 30A in the same manner as in the first embodiment. This writing may be performed from the client 11.

  In this way, data writing is facilitated, and it is not necessary to open the housing of the device 21A at the time of data writing, so that the housing cannot be easily opened.

  In the second embodiment, since the secret character code changes temporarily, there is no readability even if a file containing this character code is taken out, and it is possible to technically and reliably prevent leakage of secret information by an unauthorized person. Become.

  In FIG. 12, in order to further increase security, parameters for determining a random generation sequence so that the contents of the tables created by the table creation units 403 of the temporal character code creation / decoding devices 21A to 2NA are different from each other. You may make it vary p.

  Further, after receiving the search result from the server 10, the temporal character code creating / decoding device 21A converts each secret code of the secret character code string into a glyph image, and converts the secret character code string into a temporal character code string. The temporal character code string and the glyph image corresponding to the temporal character code string may be transmitted to the client 11 to perform character drawing at a higher speed. This also applies to the following embodiments.

  FIG. 16 is a block diagram showing a schematic configuration of a temporal character code creating / decoding device 21B according to the third embodiment of the present invention used in place of the device 21A of FIG.

  In the code conversion unit 401A, a code conversion table RAM 41A1, RAM 41A2, and a changeover switch 41A3 shown in FIG. 17 are used instead of the code conversion table RAM 41A of FIG.

  When the code conversion table RAM 41A1 is enabled and used, the changeover switch 41A3 is switched to the code conversion table RAM 41A1 side. In this state, the table creation unit 403A creates a code conversion table to be used next in the RAM 41A2 during the idle time. When the code conversion table RAM 41A2 is used, the changeover switch 41A3 is switched to the RAM 41A2 side.

  In this way, by alternately switching and using the code conversion table, the operation of the temporal character code creating / decoding device 21B of FIG. 16 can be further accelerated. The code reverse conversion unit 402A in FIG. 16 is the same as the code conversion unit 401A.

  Other points are the same as those of the second embodiment.

  Since the order of the secret character codes is different from that of the ordinary character codes, when the query to the server 10 includes a phrase for sorting the search results, for example, when the ORDER BY phrase of the SQL language is included, the sort desired by the user is not performed.

  If the server 10 is provided with a conversion table indicating the relationship between the ordinary character code and the secret character code, this problem can be solved. However, in order to ensure security, it is necessary to provide the above-described conversion table self-destructing function on the server 10 side. In this case, if the conversion table self-destructing function works, there is a high possibility that all users cannot use it.

  Therefore, in the fourth embodiment of the present invention, a temporal character code creating / decoding device 21C shown in FIG. 18 is used instead of the temporal character code creating / decoding device 21B shown in FIG.

  In this apparatus, an ID-added query (QID002 is a query ID) as shown in FIG. 19, for example, received by the system control unit 30B is supplied to the search preprocessing unit 405. The search pre-processing unit 405 determines whether or not the query includes a sort phrase (ORDER BY phrase). If included, the search pre-processing unit 405 divides the query into a sort phrase and other parts, and also divides the query into the sort phrase. The query ID is added. If there is no sort phrase, it is sent to the server 10 via the system control unit 30B together with the query ID. The sort phrase is supplied to the post-search processing unit 406 via the system control unit 30B.

  The server 10 executes the query with ID and assigns the ID to the result (subset table).

Upon receiving the search result from the server 10, the system control unit 30B stores it in the work memory 404 and requests the post-search processing unit 406 to perform processing. In response to this, the post-search processing unit 406 checks whether or not the same ID as the query ID given to the sort phrase is given to the search result.
(1) The secret character code included in the subset table is converted into a normal character code,
(2) executing a sort clause on the converted subset table;
(3) Convert the ordinary character code of the subset table after the execution into a secret character code;
The result is supplied to the system control unit 30B, and the ID-added sort phrase is deleted.

  The system control unit 30B supplies the result to the code conversion unit 401A to convert the secret character code into a temporal character code, and then causes the client 11 to transmit the result.

  According to the fourth embodiment, the search result can be sorted even if a temporary character code is used.

  In addition to the sort phrase, for a query including a phrase (for example, a BETWEEN phrase) for which a desired result cannot be obtained even when executed on the secret character code, the system control unit 30B represents this with a plurality of other phrases. , Each of which is transmitted to the server 10.

  Further, in order to be able to sort the subset table acquired by the client from the server with respect to an arbitrary column, the subset table is also converted into a normal character code and stored in the work memory 404 of FIG. 11 in response to the sort request from the temporal character code creating / decoding device 21C to the post-search processing unit 404, the result is transmitted to the client 11, and apparently the client 11 performs the sort. May be.

  In the second embodiment, since the character code changes temporarily without using the secret character code at the server, the normal character code can be used without using the secret character code at the server. In this case, since the sorting or the like is performed on the server side, the search preprocessing unit 405 is unnecessary. As described above, when the subset table acquired from the server by the client is sorted with respect to an arbitrary column, if the server is requested to perform this on the server side, the post-search processing unit 405 is also unnecessary. Further, a character string start code and a character string end code are used instead of the secret character string start code and secret character string end code from the server. Furthermore, the ordinary character code conversion table 211c in FIG. 18 is not necessary, and the key input confirmed character code from the client 11 may be converted into a temporal character code by the code conversion unit 401A and returned to the client 11, which speeds up the processing. .

  FIG. 20 is a schematic block diagram showing a code conversion / decoding table creation device 21D according to the fifth embodiment of the present invention, which is used instead of the temporal character code creation / decoding device 21C of FIG.

  In this apparatus, every time the contents of the code reverse conversion table RAM 41B are updated by the table creation unit 403A, the address mapping table creation unit 211g uses the address mapping table RAM (AMT) corresponding to the correspondence between the temporal character code Y and the glyph address Z. ) Is created. The components 41B and 46B of the code reverse conversion unit 402A are also used in this table creation. In FIG. 20, the same elements as the component elements 41B and 46B are also described outside the code reverse conversion unit 402A for easy understanding. ing.

  For each temporal character code Y in the range of Cmin ≦ Y ≦ Cmax, the address mapping table creation unit 211g has a temporal character code at the address input end of the address mapping table RAM (AMT) and the address input end of the code reverse conversion table RAM 41B. When Y and Y-OFV1 are supplied, the glyph address Z read from the data output end of the address mapping table RAM 211a is written into the address mapping table RAM (AMT), whereby the temporal character code Y and the glyph address Z are Create a relationship table.

  When the update of the contents of the address mapping table RAM (AMT) is completed, the system control unit 30C transmits the contents to the communication interface 115 in FIG. 21 via the communication interface 212. This content is stored in the storage device 114A as the address mapping table AMT1 or AMT2 by the MPU 110 according to the program stored in the storage device 114A of the client 11A.

  Similarly to FIG. 17, the address mapping tables AMT1 and AMT2 are used while being switched alternately, and one of them is updated during use while the other is in use. Each of the address mapping tables AMT1 and AMT2 may be a table file in which the temporal character code Y corresponds to a row of the address mapping table and the glyph address Z can be read based on the temporal character code Y. The address mapping tables AMT1 and AMT2 are overwritten at the time of update, and are deleted at the end of the application program.

  The contents of the font ROM 211b and bitmap developing unit 211r in FIG. 18 are also stored in the storage device 114A. These may be used for ordinary character codes. Also, the special vector font and bitmap development unit described in the first embodiment may be used. The bitmap development of the glyph data is executed by the MPU 110 according to the bitmap development unit (program) stored in the storage device 114A.

  Even in this case, since the contents of the address mapping table RAM 211a cannot be known from the contents of the address mapping table AMT1 or AMT2, and the address mapping tables AMT1 and AMT2 are temporarily updated, the secret character code is included. Even if the file is viewed with another application program, it cannot be analyzed and the meaning becomes unknown, and it is possible to technically prevent leakage of confidential information by an unauthorized person.

  In addition, since the address mapping table and the bitmap development unit are stored in the storage device 114A of the client 11A, it is possible to perform processing faster than in the second to fourth embodiments.

  If the above-described temporal character code that changes the secret character code on the time axis is used, the security is significantly increased. However, in the sixth embodiment of the present invention, by further changing the secret character code on the space axis, Increase security.

  FIG. 22 is a block diagram illustrating a schematic configuration of a code conversion unit 401B according to the sixth embodiment of the present invention, which is used instead of the code conversion unit 401 in FIG.

  The code conversion unit 401B uses a different conversion table for each subset table (field unit) or a plurality of column units (multiple field units) as a subset table as a search result from the server 10, and sets a secret character code as a temporal character code as described above. And is transmitted to the client 11.

  In FIG. 22, the changeover switch control unit 4243A is configured by the determination units 42A and 42B of FIG.

  In the code conversion table RAM 41C, different conversion tables 1A to 6A are created, for example, according to the procedure of FIG. The address range of the conversion table iA (i = 1 to 6) is Cmax-OFV1i to Cmin-OFV1i, and a positive or negative offset value OFV1i is determined so that the address ranges do not overlap each other for i = 1 to 6. . The offset value table 47A supplies the offset value OFVi to the adder / subtractor 46A in response to the input value i. For example, when the input data is the i-th column of the subset table, the use table determination unit 48A outputs the value i and supplies it to the offset value table 47A.

  Therefore, if the data in the i-th column of the search result record includes the secret character start code / S, the secret character code X is sequentially changed from the next secret character code to the secret character code before the secret character end code / E. The other data including the start code / S and the end code / E is converted to the temporal character code Y in the conversion table iA, and passes through the code reverse conversion unit 402 through.

For example, as shown in FIG. 24, the search result record is composed of 3 fields and includes a secret character code "/ SeYKwPZ3b / E", "/ S8JuGmw5w / E", "/ ShDK9 @ q7 ¥ / E"
, The secret character code strings of these three fields are converted by the conversion tables 1A to 3A, respectively, and records including temporal character codes “/ S6KHuO9wK / E”, “/ SJVBw; sLp / E”, “/ S * Mv0q-iS / E "is converted.

  FIG. 23 is a block diagram showing a schematic configuration of a code reverse conversion unit 402B used in place of the code reverse conversion unit 402 in FIG.

  The component 4243B, the RAMs 41D, and 46B to 48B correspond to the components 4243A, 41C, and 46A to 48A in FIG. 22, respectively. When the code reverse conversion unit 402B receives the record of the new registration card or the update registration card created by the application program from the client 11, the code reverse conversion unit 402B converts the temporal character code into the above-mentioned temporal character code using the corresponding reverse conversion table in the field unit or the multiple field unit. Thus, it is converted back to the secret character code and transmitted to the server 10.

For example, as shown in FIG. 25, a record of a new registration card or update registration card created by an application program is composed of three fields and includes a temporal character code “/ S6KHuO9wK / E”, “/ SJVBw; sLp / E”. , “/ S * Mv0q-iS / E”
In the case, the temporal character code strings of these three fields are converted by the inverse conversion tables 1B to 3B, respectively, and the records including the secret character code “/ SeYKwPZ3b / E”, “/ S8JuGmw5w / E”, “/ ShDK9 @ q7 ¥ / E ”
Is converted to

  Each text box in FIG. 6 has a column number of the subset table as an attribute. For the above-described character code conversion in key input and execution of the PRINT subroutine for the text box, this column number is added to the code conversion / decoding table. Send data to the creation device. Thereby, even if the data is not in the record format, the correct reverse conversion table in FIG. 23 can be selected.

  The secret character start code / S may be counted for each record to determine the value i, and i may be cleared to zero for each record.

  When the number of hits exceeds a predetermined number, by assigning a group ID in units of the predetermined number, it is possible to use a different conversion table for each group and a reverse conversion table corresponding thereto. In this way, even if a large amount of search results are transmitted to the client 11, it is possible to maintain high security.

  Further, for the database of the server 10, a secret character code different for each column is used, and each table RAM 211a and 211c in FIG. 16 is configured by a plurality of tables corresponding to this, and the secret character code different for each column. May be updated together with the plurality of tables in idle time.

  Furthermore, the structure which combined this Example 6 with either of Examples 3-5 may be sufficient.

  FIG. 26 is a schematic block diagram illustrating a computer network system according to the seventh embodiment of this invention.

  In this system, instead of the secret character code decryption devices 21 to 2N in FIG. 1, one secret character code decryption device 20 is used, and data is packet-transferred between the secret character code decryption device 20 and the clients 11 to 1N. ing. The secret character code decrypting device 20 is the same as the secret character code decrypting device 21 in FIG. 3, and all the collation data of the clients 11 to 1N are stored in the collation data ROM 211d. It is possible to perform mutual authentication.

  FIG. 27 is a schematic block diagram showing a computer network system according to the eighth embodiment of the present invention.

  In this system, instead of the temporal character code creating / decoding devices 21A to 2NA of FIG. 12, one temporal character code creating / decoding device 20A is used, and between the temporal character code creating / decoding device 20A and the clients 11 to 1N. In addition, data is packet-transferred between the temporal character code creating / decoding device 20A and the server 10.

  The temporal character code creating / decoding device 20A is the same as the temporal character code creating / decoding device 21A of FIG. 13, and all the collation data of the clients 11 to 1N are stored in the collation data ROM 211d of FIG. Thus, mutual authentication can be performed with an arbitrary client.

  Since the timing for switching the temporal character code differs for each client, the temporal character code creating / decoding device 20A assigns an ID to the type of temporal character code, and which client uses the temporal character code of which ID. Remember. As a result, the temporal character code creation / decoding device 20A knows which conversion table / inverse conversion table should be used.

  FIG. 28 is a schematic block diagram showing a computer network system according to the ninth embodiment of this invention.

  In this system, the temporal character code creating / decoding device 20A shown in FIG. 27 is arranged in the server 10, so that the security is physically higher than in the case of FIG.

  In this case, the server 10 and the temporal character code creating / decoding device 20A may be directly connected by a bus without using a communication cable. Further, the hardware configuration of the temporal character code creating / decoding device 20A may be omitted, and the function of the temporal character code creating / decoding device 20A may be achieved by the program of the server 10.

  FIG. 29 is a schematic block diagram showing a computer network system according to the tenth embodiment of the present invention.

  In this system, the server 10 is configured separately from a web application server 10A and a database server 10B, and a temporal character code creating / decoding device 20A is arranged in the web application server 10A, or a temporal character is set by a program of the web application server 10A. The function of the code creating / decoding device 20A is achieved.

  Of course, the temporal character code creating / decoding device 20A may be arranged between the Web application server 10A and the database server 10B or in the database server 10B. Further, instead of placing the temporal character code creating / decoding device 20A in the database server 10B, the function of the temporal character code creating / decoding device 20A may be achieved by a program.

  FIG. 30 is a schematic block diagram showing a computer network system according to the eleventh embodiment of the present invention. FIG. 31 is a schematic functional block diagram of the database server, authentication server, and font server in FIG.

  In the in-house LAN 50, N clients 11 to 1N are coupled to the database server 10B, and these are coupled to the Internet 52 via the firewall 51. On the other hand, the font server 10 </ b> C and the authentication server 10 </ b> D of the management center 60 are coupled to the Internet 52 via the firewall 61. The management center 60 is managed by, for example, a maintenance company of this system.

  Data transmission / reception via the Internet 52 is performed according to a security protocol using a known encryption technique.

  In this system, the temporal character code creation / decoding device 20A shown in FIG. 28 is divided into three parts: a character code conversion / inverse conversion function, a character decoding function, and an authentication function. These functions are divided into a database server 10B, a font server 10C, and a It plays in the authentication server 10D.

  The database server 10B includes a database (not shown) and a database management system (DBMS) (not shown) coupled between the database server 10B and the system control unit 301. The system control unit 301 supplies the search result from the DBMS to the code conversion unit 401A, converts the secret character code into a temporal character code as described above, and transmits this through the communication interface 2121. The system control unit 301 supplies update data or registration data from the communication interface 2121 to the code reverse conversion unit 402A, converts the temporal character code into a secret character code as described above, and supplies this to the DBMS.

  The system control unit 301, the code conversion unit 401A, and the code reverse conversion unit 402A may be configured by hardware or software, and these may be configured as a code conversion / inverse conversion device as the communication interface 2121 and the firewall 51. You may combine between.

  In the authentication server 10D, the above-mentioned information for confirming the clients 11 to 1N, the database server 10B, and the font server C, and information on the application programs stored in the clients 11 to 1N and permitted to use the system are stored in the collation data storage. Registered in the part 211D. The request is transmitted to the other party via the authentication server 10D by specifying the request source and the request destination, whereby mutual authentication is performed. For this reason, the response to the request is made directly without going through the authentication server 10D.

  For example, when the application program of the client 11 makes a request to the database server 10B, the request source and the request destination are specified to the authentication server 10D (in the case of IPv6, the IP address can be specified), and the content of the request. Send.

  In the authentication server 10D, the system control unit 302 informs the authentication unit 31A of the request source and the request destination, and the authentication unit 31A refers to the contents of the collation data storage unit 211D and the request source and the request destination are registered. Check if it is. When the authentication unit 31A determines that the request source and the request destination are registered, the system control unit 302 transmits the content of the request to the request destination. The database server 10B performs processing according to the request and transmits the result to the requesting client.

  The same applies when the application program of the client 11 requests the font server 10C to perform character decoding or character code conversion of the key input fixed character.

  When a decryption request accompanied by a temporal character code string is transmitted from the client to the font server 10C via the authentication server, the system control unit 303 responds to this with respect to each temporal character code of the temporal character code string. Do as follows. That is, the secret character code is read from the position (table row) in the code reverse conversion table storage unit 41B1 corresponding to the temporal character code, and the glyph is read from the position in the address mapping table storage unit 211A corresponding to the secret character code. The data storage position is read, and the glyph data is read from this storage position in the font storage unit 211B. Next, the system control unit 303 transmits a glyph data string corresponding to the temporal character code string to the client that requested the decoding.

  When the application program of the client 11 requests the font server 10C to convert the character code of the key input confirmed character via the authentication server 10D, the system control unit 303 secretly starts from the position in the conversion table storage unit 211C corresponding to the normal character code. The character code is read, and the temporal character code is read from the position in the code conversion table storage unit 41A1 corresponding to the secret character code and transmitted to the client 11.

  Next, the use of the code conversion / inverse conversion table in the database server 10B and the font server 10C for a plurality of clients will be described.

  The code conversion unit 401A of the database server 10B includes a plurality of code conversion tables, and the code reverse conversion unit 402A includes a plurality of code reverse conversion tables corresponding thereto.

  In the font server 10C, the table creation unit 403A creates a pair of the code conversion table and the code reverse conversion table until the number of unused code conversion tables reaches the set maximum value in the free time. When the number of unused code conversion tables among the plurality of code conversion tables falls below a predetermined number, the system control unit 301 requests the font server 10C to transmit a table via the authentication server 10D. In response to this transmission request, the system control unit 303 acquires a copy of the set of the code conversion table and the code reverse conversion table via the table creation unit 403, and transmits the copy to the database server 10B.

  A table ID (TID) is assigned to a set of the code conversion table and the code reverse conversion table in the servers 10B and 10C. Each time the system control unit 301 starts using a set of a code conversion table and a code reverse conversion table for an application program, the system control unit 301 associates the ID (AID) of the application program with a TID. In other words, the system control unit 301 manages a table 53 that associates AIDs with TIDs.

  The system control unit 301 refers to the AID / TID table 53 to determine the reverse conversion table to be used in the update or registration request after the search request by the client.

  The font server 10 </ b> C also includes a table 63 synchronized with the AID / TID table 53. That is, every time the system control unit 301 changes the contents of the AID / TID table 53, this change is transmitted to the system control unit 303 via the authentication server 10D, and the contents of the AID / TID table 63 are also updated by the system control unit 303. It is similarly changed.

  The system control unit 303 refers to the AID / TID table 63 to determine an inverse conversion table to be used in response to a decryption request from the client.

  With this configuration, substantially the same processing as that performed in the second embodiment is performed. The use of the above-described plurality of tables is the same for the above-described embodiments of FIGS.

  According to the eleventh embodiment, since the font server 10C and the authentication server 10D are arranged in the management center 60, by combining one management center 60 with a plurality of in-house LANs 50, an address mapping table that is confidential data, The ordinary character code conversion table and the verification verification data can be efficiently and centrally monitored, and the confidential information management burden on the company using this system can be reduced.

  As an authentication method by the authentication server 10D, a known method may be used.

  When creating a code reverse conversion table using random numbers, a code value created by the font server 10C is transmitted by transmitting a parameter value defining a random number generation sequence or a value related thereto to the database server 10B from the font server 10C. The same table as the reverse conversion table may be generated by the database server 10B, and the code conversion table may be generated based on the code reverse conversion table.

  Alternatively, the code reverse conversion unit 402A may not be provided in the database server 10B, but only in the font server 10C, and registration or update may be requested to the database server 10B via the font server 10C. Conversely, a configuration may be adopted in which the font server 10C is not provided with the code reverse conversion storage unit 41B1, but a decoding request is made to the font server 10C via the code reverse conversion unit 402A of the database server 10B.

  Further, the font server 10 </ b> C and the authentication server 10 </ b> D may be arranged in the in-house management center 60 and coupled to the in-house LAN 50.

  Of course, the font server 10C and the authentication server 10D may be configured by one computer.

  The association between TID and AID may not be in the form of a table. For example, the TID and AID may be added as attributes to each conversion table. An ID for identifying the client may be used instead of the AID.

  FIG. 32 is a schematic block diagram showing a computer network system according to the twelfth embodiment of the present invention.

  In this embodiment, as the server 10 in FIG. 27, an application server 10E and a file server 10F that use ordinary character codes without using secret character codes are used. Further, both the application server 10E and the file server 10F are prohibited from directly communicating with the client, and always communicate with the client via the temporal character code creating / decoding device 20A.

  Hereinafter, two application examples of this system will be described.

(1) Source code program leakage prevention The client and server are coupled to an in-house LAN.

  The file server 10F stores a program source code file. In this source code file, the ordinary character code is converted into the temporal character code via the temporal character code creating / decoding device 20A and transmitted to the client.

  When the programmer creates or modifies the source code and sends it to the file server 10F side, the temporal character code is converted back to a normal character code by the temporal character code creating / decoding device 20A and then stored in the file server 10F.

  When the programmer creates the source code by key input, each time the character input is confirmed, the ordinary character code is converted into a secret character code (temporary character code in this embodiment) as described in the first embodiment. .

  The timing of changing the temporal character code is when the programmer starts creating the source code or reads the source code file from the file server 10F.

  A compiler and a debugger are registered in the application server 10E. The application server 10E reads and compiles or debugs the source code file in the file server 10F in response to a client request, and returns the result to the client. Since the compiled binary file is not converted by the temporal character code creation / decoding device 20A, the binary file can be executed on the client.

  According to such a system, since the temporal character code is used for the source code program, the character code changes each time the source code file is read from the file server 10F, and the source code program is effectively taken out of the company. Is prevented.

(2) Prevention of Leakage of Document Files such as Word Processor Software The client and server are coupled to the in-house LAN.

  In the application server 10E, word processor software and spreadsheet software used for office work are registered. The file server 10F stores a document file or the like using normal character codes (character codes normally used in word processing software or the like) processed by these software. The character code start code and the character code end code described above are substantially added to the character code string in the document file or the like. “Substantially” means, for example, a case where the modification start code also serves as the character code end code.

  For a document file or the like, a normal character code is converted into a temporal character code via the temporal character code creating / decoding device 20A and transmitted to the client. When an operator creates or modifies a document file or the like and transmits it to the file server 10F, the temporal character code is converted back to a normal character code by the temporal character code creating / decoding device 20A and then stored in the file server 10F. The Character input is the same as (1) above. The timing for changing the temporal character code is when the operator opens a document file or the like.

  According to such a system, since a temporal character code is used for a document file or the like, the character code changes each time the document file or the like is read from the file server 10F, so that the source code program can be taken out outside the company. Is prevented.

  FIG. 33 is a schematic block diagram showing a computer network system according to the thirteenth embodiment of the present invention. FIG. 34 is a schematic functional block diagram of the Web application server, authentication server, and font server in FIG.

  This system is intended to prevent electronic publication leakage (copyright protection).

  The clients 11 to 1N and the server of the publisher 50 </ b> A are coupled via the Internet 52. A server of a management center 60A is connected to the Internet 52, which is similar to the management center 60 of FIG.

  In the publisher 50A, the file server 10F is coupled to the web application server 10E1, and the web application server 10E1 is coupled to the Internet 52 via the firewall 51.

  The file server 10F stores copyrighted works such as encyclopedias, novels, comics, and periodicals as electronic files. Each work has a normal character code. The character code start code and the character code end code described above are substantially added to the character code string.

  The Web application server 10E1 converts the corresponding page of the copyrighted work into an HTML file or an XML file in response to a browsing request from a user client registered in advance in the authentication server 10D1 for a fee or free of charge, and sends it to the system control unit 301A. Supply. The system control unit 301A supplies the main body in this file to the code conversion unit 401A. The code conversion unit 401A converts the “>” code as a start code, the “<” code as an end code, converts a normal character code between the start code and the end code into a temporal character code, and converts the other parts. Return to the system control unit 301A. The system control unit 301A transmits this to the browser of the requesting client via the communication interface 2121.

  The temporal character code is transmitted to the font server 10C1 via the authentication server 10D1 in the same manner as in the eleventh embodiment by the plug-in function for the browser described in the first embodiment. The font server 10C1 transmits the glyph data to the client. With the plug-in function, the glyph image is drawn at a corresponding location in the browser window.

  The authentication server 10D1 performs registration of a new user, change of registered contents, and deletion of registration in the user registration / change / delete unit 64 with respect to the collation data storage unit 211D. The system control unit 302 transmits the plug-in module 65 to the new user.

  The web application server 10E1 does not need to include a code reverse conversion unit, and the font server 10C1 differs from FIG. 31 in that it does not need to include a normal character code conversion storage unit. Other points are the same as those of the eleventh embodiment.

  According to such a system, since the temporal character code is used, the character code changes every time the copyrighted work is read from the file server 10F, and even if it is a regular registered user, the electronic publication can be taken out from the outside. Is substantially prevented. This allows publishers to browse electronic publications over the Internet without hesitation.

  In the above embodiment, the character code is converted / reversely converted. Therefore, when the numerical value is kept secret, the numerical value needs to be in a character format. The estimate and invoice are numerically confidential information. If the numerical values can be kept secret without changing existing data and slightly changing existing application programs, the scope of use of the present invention will be widened.

  Therefore, in the fourteenth embodiment, information leakage is prevented by similarly converting / inverting the binary code (numerical code).

  FIG. 35 is an explanatory diagram of Embodiment 14 of the present invention, where (A) is a binary code conversion explanatory diagram and (B) is a binary code reverse conversion explanatory diagram. FIG. 36 is a schematic block diagram showing a temporal binary code creation / decoding device 21E of the fourteenth embodiment.

  Consider the case where the binary code is a 32-bit integer. When converted to a unique integer in units of 32 bits, the conversion table size becomes too large. Therefore, as shown in FIG. 35A, the integer binary code 70 is divided into 8 bits × 4 columns, and each 8 bits conversion table. In 710 to 713, it is converted into a unique numerical value to obtain a temporal binary code 72. The 8-bit conversion tables 710 to 713 constituting the conversion table 71 may be the same as or different from each other.

  In FIG. 36, the system control unit 30D supplies the binary code 70 included in the data from the server 10 to the code conversion unit 401C to make the temporal binary code 72, and the data including the temporal binary code 72 is transmitted via the communication interface 212. Send to client 11.

  When displaying the temporal binary code 72 on the client 11, the temporal binary code 72 is transmitted to the temporal binary code creating / decoding device 21E. In response to this, the system control unit 30D supplies the temporal binary code 72 to the code reverse conversion unit 402C. As shown in FIG. 35B, the code reverse conversion unit 402C includes an reverse conversion table 73 including 8-bit reverse conversion tables 730 to 783, and the temporal binary code 72 is returned to the ordinary binary code 70.

  The system control unit 30D supplies the ordinary binary code 70 to the decimal code conversion unit 211p to convert it into a decimal code. Each digit of the decimal code is sequentially supplied to the character code conversion unit 211q to be converted into a normal character code, and the normal character code is supplied to the address mapping table RAM 211a to be converted into the address of the corresponding glyph data. Based on this, the glyph data is read from the font ROM 211b, supplied to the bitmap developing unit, rasterized, and transmitted to the client 11 via the system control unit 30D.

  In response to this, the client 11 draws an integer corresponding to the temporal binary code 72.

  The same applies to floating point numbers. Other points of the present invention are the same as those of the twelfth embodiment, for example.

  36. The contents of the code reverse conversion unit 402C, decimal code conversion unit 211p, character code conversion unit 211q, and address mapping table RAM 211a in FIG. 36 are transmitted as character drawing units from the device 21 to the storage unit of the client 11, and stored. The client 11 may decode the font and the bitmap development unit belonging to the OS of the client 11 and update the character drawing unit temporally. Moreover, the structure using N number conversion parts, such as an octal code conversion part or a hexadecimal conversion part, instead of the decimal code conversion part according to a use may be sufficient.

  The present invention includes various other modifications.

  For example, combinations of the above embodiments are also included in the present invention. That is, for example, a 16-bit character code may be converted / inverted in units of 8 bits as shown in FIG. In FIG. 1, the server 10 is provided with a function other than the decoding function of the temporal character code creation / decoding device 20A of FIG. 28, and a table for decoding is transmitted to the decoding devices 21 to 2N via the clients 11 to 1N, respectively. The temporal character code may be decoded by the decoding devices 21 to 2N. Of course, the font may be stored in an external storage device such as a hard disk instead of the ROM. The same applies to the table RAM.

  In particular, when the decryption unit is provided for each client as in the first to sixth embodiments, the verification data can be rewritten, and when the authentication unit determines that it is illegal, the verification data (authentication data) is also rewritten or deleted. You may make it do.

  In the database server, after selectively retrieving data from the database in response to a request (after further reordering for normal character code columns, etc.), as described above, the character code Can be converted into a temporal code. Therefore, even if the system administrator can handle only temporal character codes, it is not necessary to use secret character codes in the database, and the configuration is simplified. In this case, it is not necessary to perform the search pre-processing and post-search processing described in the fourth embodiment.

  Further, it may be configured such that a normal character code can be used in accordance with the user's password and selection of a mode such as a hit number limit. In this configuration, in FIG. 22, the character code may be converted into the normal character code (including the case where the normal character code is converted into the normal character code) using the conversion table. In this case, it is possible to determine whether or not to convert to a normal character code in table column units. Thus, for example, an address sticker or the like can be printed with a normal printing program using ordinary character codes only for addresses, names, and postal codes, and both convenience and security can be achieved.

  Further, the configuration may be such that the restriction on the number of hits is relaxed and the table to be converted into a temporal character code is updated more frequently.

  The present invention is also applied to the case where the above-mentioned server and a specific client are configured as a client and a server, respectively, so that data of ordinary character codes is created in the client, converted into secret character codes, and stored in the server database. can do.

  As is clear from the above description, the present invention is very flexible, so its application range is wide, it can meet the demands of many users, and greatly contributes to the development of the network industry.

It is a schematic block diagram which shows the computer network system of Example 1 of this invention. It is a block diagram which shows the hardware schematic structure of the client in FIG. 1, and a secret character code decoding apparatus. It is a functional block diagram of the secret character code decoding apparatus of FIG. It is a schematic flowchart which shows a process when starting an application program with a client computer. 5 is a search screen displayed by the client application program in step S9 of FIG. It is a figure which shows the screen of a search result. It is a flowchart which shows the PRINT subroutine execution procedure for drawing a character on a screen. It is a flowchart which shows the procedure performed by the system control part at the time of power-on of the secret character code decoding apparatus of FIG. It is a flowchart which shows the random write-in procedure from the IC memory card of FIG. 3 to the address mapping table RAM. It is processing explanatory drawing of FIG. It is address map explanatory drawing of glyph data. It is a schematic block diagram which shows the computer network system of Example 2 of this invention. It is a block diagram which shows schematic structure of the temporal character code production / decoding apparatus in FIG. FIG. 14 is a schematic configuration block diagram functionally showing a part of a code conversion / inverse conversion unit in FIG. 13. It is a flowchart which shows the method for updating the content of the code conversion table RAM in FIG. 14 at random and at high speed with a table preparation part. It is a block diagram which shows schematic structure of the temporal character code creation / decoding apparatus based on Example 3 of this invention. It is a block diagram which shows the code conversion table RAM switched alternately. It is a block diagram which shows schematic structure of the temporal character code creation / decoding apparatus based on Example 4 of this invention. It is processing explanatory drawing in the search pre-processing part in FIG. 18, and a post-processing part. It is a schematic block diagram which shows the code conversion and the decoding table preparation apparatus of Example 5 of this invention. FIG. 21 is a block diagram showing a state in which the contents of the address mapping table RAM of FIG. 20 are stored twice in the storage device of the client as AMT1 and AMT2, respectively. It is a block diagram which shows schematic structure of the code conversion part of Example 6 of this invention. It is a block diagram which shows schematic structure of the code | symbol reverse conversion part of Example 6 of this invention. It is explanatory drawing of the process by the code conversion part of FIG. It is explanatory drawing of the process by the code reverse conversion part of FIG. It is a schematic block diagram which shows the computer network system of Example 7 of this invention. It is a schematic block diagram which shows the computer network system of Example 8 of this invention. It is a schematic block diagram which shows the computer network system of Example 9 of this invention. It is a schematic block diagram which shows the computer network system of Example 10 of this invention. It is a schematic block diagram which shows the computer network system of Example 11 of this invention. FIG. 31 is a schematic functional block diagram of a database server, an authentication server, and a font server in FIG. 30. It is a schematic block diagram which shows the computer network system of Example 12 of this invention. It is a schematic block diagram which shows the computer network system of Example 13 of this invention. FIG. 34 is a schematic functional block diagram of a Web application server, an authentication server, and a font server in FIG. 33. It is explanatory drawing of Example 14 of this invention, Comprising: (A) is binary code conversion explanatory drawing, (B) is binary code reverse conversion explanatory drawing. It is a schematic block diagram which shows the temporal binary code production / decoding apparatus of Example 14 of this invention.

Explanation of symbols

10 server 10A Web application server 10B database server 10C font server 10D authentication server 10E application server 10F file server 11-1N, 11A-1NA client 110, 210 MPU
111 video RAM
112 Input Interface 113, 115, 212 Communication Interface 114, 211 Storage Device 116 Video Controller 117 Display Device 118 Input Device 20-2N Secret Character Code Decoding Device 20A, 21A-21C Temporary Character Code Creation / Decoding Device 21D Code Conversion / Decoding Table Creation device 21E Temporal binary code creation / decryption device 211a, AMT address mapping table RAM
211b Font ROM
211d Verification data ROM
211g Address mapping table creation unit 211r Bitmap expansion unit 30, 30A to 30D, 30X System control unit 31 Authentication unit 32 Timer 33 IC memory card 40 Code conversion / inverse conversion unit 401, 401A, 401B Code conversion unit 402, 402A, 402B Code reverse conversion unit 403, 403A Table creation unit 404 Work memory 405 Pre-search processing unit 406 Post-processing unit 41A, 41A1, 41A2, 41C Code conversion table RAM
41A3, 45A, 45B selector switch 41B, 41D Code reverse conversion table RAM
42A, 42B, 43A, 43B Judgment unit 4243A, 4243B Changeover switch control unit 44A, 44B Flag 46A, 46B Addition / subtraction unit 47A, 47B Offset value table 48A, 48B Usage table determination unit 50 Internal LAN
51, 61 Firewall 60 Management center 70 Normal binary code 710-713 Conversion table 72 Temporal binary code 730-733 Reverse conversion table TB1-TB9, TBa-TBd Text box AMT1, AMT2 Address mapping table OFV1, OFV2, OFVi Offset value 1A- 6A conversion table 1B-6B reverse conversion table

Claims (38)

A font storage unit (FIG. 3, 211b);
A collation data storage unit (211d) in which collation data including data for identifying the client is stored;
In response to the supplied secret character code, a decoding unit (211a) for extracting the corresponding glyph data from the font storage unit;
An authentication unit (31) for determining permission / prohibition for the client based on the verification data and supplied verification data;
The identification data received from the client is supplied to the authentication unit to make the determination, and when the authentication unit determines permission, the secret character code received from the client is supplied to the decryption unit and the glyph data And a controller (30) for transmitting the glyph data to the client. A code conversion unit (FIG. 18, 401A) having a conversion table for converting a character code into a temporal character code;
A code reverse conversion unit (402A) having a reverse conversion table for converting a temporal character code into a character code;
A font storage unit (211b);
A decoding unit (211a) having a first address mapping table storage unit for extracting corresponding glyph data from the font storage unit based on a character code;
A table creation unit (403A) for creating the conversion table and the reverse conversion table in order to update the conversion table and the reverse conversion table at a predetermined timing;
The character code received from the server is supplied to the code conversion unit to obtain a temporal character code, which is transmitted to the client, and the temporal character code received from the client is supplied to the code reverse conversion unit to obtain the character code. The temporal character code received from the client is converted into a character code based on the inverse conversion table, the character code is supplied to the decoding unit to obtain glyph data, and the glyph data is A temporal character code creating / decoding device, comprising: a control unit that transmits the data to the client and performs the conversion. A code conversion unit (FIG. 20, 401A) including a conversion table for converting a character code into a temporal character code;
A code reverse conversion unit (402A) having a reverse conversion table for converting a temporal character code into a character code;
A table creation unit (403A) for creating the conversion table and the reverse conversion table in order to update the conversion table and the reverse conversion table at a predetermined timing;
A first address mapping table storage unit (211a) for retrieving corresponding glyph data from the client side font storage unit based on the character code;
A second address mapping table storage unit (AMT) for retrieving corresponding glyph data from the font storage unit on the client side based on the temporal character code;
An address mapping table creation unit (211g) for defining the contents of the second address mapping table storage unit based on the contents of the reverse conversion table and the first address mapping table storage unit;
Each time the content of the second address mapping table storage unit is updated, it is transmitted to the client, and the character code received from the server is supplied to the code conversion unit to obtain the temporal character code and transmitted to the client. And a control unit that supplies the temporal character code received from the client to the code reverse conversion unit to acquire the character code, transmits the character code to the server, and performs the conversion. Decoding table creation device. The server includes a database server;
The code conversion unit includes a plurality of different conversion tables that are selectively used (FIG. 22, 41C),
The code reverse conversion unit includes the reverse conversion table corresponding to each of the plurality of conversion tables that are selectively used (FIG. 23, 41D),
Each of the data received from the server and the client is given a start code and an end code for each column of character code and temporal character code,
The control unit selects one of the plurality of conversion tables based on the position on the record of the start code received from the server (FIGS. 22, 48A, 47A and 46A), and the record of the start code received from the client One of the plurality of inverse conversion tables is selected based on the upper position (FIGS. 23, 48B, 47B, and 46B).
The apparatus according to claim 2 or 3, characterized in that The character code is a secret character code,
A work storage unit (FIGS. 19 and 404);
A pre-search processing unit (405) for dividing a query including a phrase for sorting search results into a sort phrase and a basic query obtained by removing the sort phrase from the query;
The secret character code included in the data in the work storage unit is converted into a normal character code, the data including the converted normal character code is sorted based on the sort phrase, and the normal character included in the sorted data A post-search processing unit (406) for converting the code into a secret character code;
When the data received from the client is a query to the server, the control unit (30B) causes the pre-search processing unit to perform the division and transmits the basic query to the server. Receiving search result data from the server, storing the data in the work storage unit, causing the post-search processing unit to execute processing, and transmitting the result to the client via the code conversion unit (401A). An apparatus according to any one of claims 2 to 4, characterized in that A storage unit (FIG. 20, 211d) for storing identification data of the client and application program;
An authentication unit (31) for determining permission / prohibition of the application program of the client based on the identification data and supplied identification data;
The control unit (30C) supplies the identification data received from the client to the authentication unit to perform the determination, and when the authentication unit determines permission, transmission to the client is valid. The device according to claim 2, wherein the device is a device.   7. The apparatus according to claim 6, wherein the control unit rewrites or deletes the contents of the first address mapping table storage unit when the authentication unit determines prohibition (FIG. 4, SB). . The first address mapping table storage unit is included in the volatile storage device (211a),
A non-volatile storage medium (211d) is detachably mounted, and further includes an adapter (211ad) coupled to the volatile storage device,
8. The apparatus according to claim 7, wherein the control unit determines the content of the first address mapping table storage unit by writing data corresponding to the storage content of the nonvolatile storage medium into the volatile storage device. . A code conversion unit (FIG. 18, 401A) having a conversion table for converting a character code into a temporal character code;
A code reverse conversion unit (402A) having a reverse conversion table for converting a temporal character code into a character code;
A font storage unit (211b);
A decoding unit (211a) having a first address mapping table storage unit for extracting corresponding glyph data from the font storage unit based on a character code;
A table creation unit (403A) for creating the conversion table and the reverse conversion table in order to update the conversion table and the reverse conversion table at a predetermined timing;
The character code is supplied to the code conversion unit to obtain a temporal character code, and this is transmitted to the client. The temporal character code received from the client is supplied to the code reverse conversion unit to obtain the character code and obtained. And a control unit (30B) for supplying a character code to the decoding unit to acquire glyph data, transmitting the glyph data to the client, and performing the conversion. The server itself where the data is stored,
A code conversion unit (FIG. 34, 401A) having a conversion table for converting a code into a secret code;
A control unit (301A) that receives a character code or binary code from the server body, supplies the character code or binary code to the code conversion unit, obtains a secret character code or secret binary code, and transmits it to the client A server characterized by apparently secret-coding data stored in the server body. The code conversion unit includes a plurality of conversion tables,
A storage unit (63) for storing data associating an identification code of an application program of a client using one of the plurality of conversion tables with the one conversion table
The server according to claim 10, further comprising: A code conversion unit having a conversion table for converting a code into a secret code;
A controller that receives a character code or binary code from a server, supplies the character code or binary code to the code conversion unit, obtains a secret character code or secret binary code, and transmits the secret character code or client to the client. A secret coding apparatus characterized by apparently performing secret coding on the data being stored. The code conversion unit includes a plurality of conversion tables,
13. A storage unit for storing data that associates an identification code of an application program of a client that uses one of the plurality of conversion tables with the one conversion table. Secret encoding device. A font storage unit (FIG. 34, 211B);
A code reverse conversion unit (41B1) having a reverse conversion table for converting a temporal character code into a character code;
A decoding unit (211A) including a first address mapping table storage unit for extracting corresponding glyph data from the font storage unit based on the character code;
A control unit that converts the temporal character code received from the client into a character code with respect to the inverse conversion unit, supplies the character code to the decoding unit to acquire glyph data, and transmits the glyph data to the client ( 303) and a font server. The code reverse conversion unit includes a plurality of reverse conversion tables,
A storage unit (53) for storing data associating an identification code of an application program of a client using one of the plurality of reverse conversion tables with the one reverse conversion table
The font server according to claim 14, further comprising: A code conversion unit (FIG. 20, 401A) including a conversion table for converting a character code into a temporal character code;
A code reverse conversion unit (402A) having a reverse conversion table for converting a temporal character code into a character code;
A table creation unit (403A) for creating the conversion table and the reverse conversion table in order to update the conversion table and the reverse conversion table at a predetermined timing;
A first address mapping table storage unit (211a) for retrieving corresponding glyph data from the client side font storage unit based on the character code;
A second address mapping table storage unit (AMT) for retrieving corresponding glyph data from the font storage unit on the client side based on the temporal character code;
An address mapping table creation unit (211g) for defining the contents of the second address mapping table storage unit based on the contents of the reverse conversion table and the first address mapping table storage unit;
Each time the content of the second address mapping table storage unit is updated, it is transmitted to the client, and the character code is supplied to the code conversion unit to obtain a temporal character code, which is transmitted to the client. And a control unit (30C) for obtaining a character code by supplying the temporal character code received from the code reverse conversion unit. The code conversion unit includes a plurality of different conversion tables that are selectively used (FIG. 22, 41C),
The code reverse conversion unit includes the reverse conversion table corresponding to each of the plurality of conversion tables that are selectively used (FIG. 23, 41D),
The data in the server is given a start code and an end code for each character code string, and the data received from the client is given a start code and an end code for each temporal character code string,
The control unit selects one of the plurality of conversion tables based on the start code record position on the server (FIGS. 22, 48A, 47A, and 46A), and the start code record position received from the client. One of the plurality of inverse conversion tables is selected based on (FIGS. 23, 48B, 47B, and 46B).
The device according to claim 9 or 16, characterized in that A code conversion unit (FIG. 34, 401A) having a conversion table for converting a character code into a temporal character code;
A code conversion control unit (301A) that converts a character code from a server or the character code in the server into a temporal character code based on the conversion table and transmits the converted character code to the client;
A reverse conversion table (41B1) for converting a temporal character code into a character code is provided, the temporal character code is converted into a character code based on the reverse conversion table in response to a decoding request from the client, and a first address mapping is performed. A decoding unit that decodes the character code based on the table (211A) to obtain glyph data, and transmits the glyph data to the client;
A secret information leakage prevention system comprising: a table creation unit (403A) that creates the conversion table and the reverse conversion table in order to update the conversion table and the reverse conversion table at a predetermined timing. A code conversion unit (FIG. 20, 401A) including a conversion table for converting a character code into a temporal character code;
A code conversion control unit (30C) that converts a character code from a server or the character code in the server into a temporal character code based on the conversion table and transmits the converted character code to the client;
An inverse conversion table (41B) for converting a temporal character code into a character code, a first address mapping table storage unit (211a) for retrieving corresponding glyph data from the client side font storage unit based on the character code, Based on the contents of the second address mapping table storage unit (AMT) for extracting the corresponding glyph data from the font storage unit on the client side based on the temporal character code, the inverse conversion table, and the first address mapping table storage unit A character-decoded data creation unit comprising an address mapping table creation unit (211g) for defining the contents of the second address mapping table storage unit and transmitting the contents to the client;
A secret information leakage prevention system comprising: a table creation unit (403A) that creates the conversion table and the reverse conversion table in order to update the conversion table and the reverse conversion table at a predetermined timing. A code conversion unit (FIG. 18, 401A) having a conversion table for converting a binary code into a temporal binary code;
A code reverse conversion unit (402A) having a reverse conversion table for converting temporal binary code into binary code;
A font storage unit (211b);
A decoding unit for extracting the corresponding glyph data from the font storage unit based on the binary code;
A table creation unit (403A) for creating the conversion table and the reverse conversion table in order to update the conversion table and the reverse conversion table at a predetermined timing;
The binary code received from the server is supplied to the code conversion unit to obtain the temporal binary code and transmitted to the client, and the temporal binary code received from the client is supplied to the code reverse conversion unit to obtain the binary code. The temporal binary code received from the client is converted into a binary code based on the inverse conversion table, the binary code is supplied to the decoding unit to obtain glyph data, and the glyph data is A temporal binary code creating / decoding device, comprising: (30B) transmitting the data to the client and performing the conversion (30B). A code conversion unit (FIG. 20, 401A) including a conversion table for converting a binary code into a temporal binary code;
A code reverse conversion unit (402A) having a reverse conversion table for converting temporal binary code into binary code;
A table creation unit (403A) for creating the conversion table and the reverse conversion table in order to update the conversion table and the reverse conversion table at a predetermined timing;
A binary code / character code converter for converting a binary code into an N-ary code and converting each digit of the N-code into a character code;
A first address mapping table storage unit comprising a first address mapping table for retrieving corresponding glyph data from the client side font storage unit based on the character code;
A second address mapping table storage unit (AMT) for retrieving corresponding glyph data from the font storage unit on the client side based on the temporal binary code;
An address mapping table creation unit that determines the contents of the second address mapping table storage unit based on the contents of the reverse conversion table, the first address mapping table storage unit, and the binary code / character code conversion unit;
Each time the content of the second address mapping table storage unit is updated, it is transmitted to the client, and the binary code received from the server is supplied to the code conversion unit to obtain the temporal binary code and transmitted to the client. And a control unit that supplies the temporal binary code received from the client to the code reverse conversion unit to obtain the binary code, transmits the binary code to the server, and performs the conversion. Decoding table creation device. A code conversion unit (FIG. 18, 401A) having a conversion table for converting a binary code into a temporal binary code;
A code reverse conversion unit (402A) having a reverse conversion table for converting temporal binary code into binary code;
A font storage unit (211b);
A decoding unit for extracting the corresponding glyph data from the font storage unit based on the binary code;
A table creation unit (403A) for creating the conversion table and the reverse conversion table in order to update the conversion table and the reverse conversion table at a predetermined timing;
The binary code received from the server is supplied to the code conversion unit to obtain the temporal binary code and transmitted to the client, and the temporal binary code received from the client is supplied to the code reverse conversion unit to obtain the binary code. The temporal binary code received from the client is converted into a binary code based on the inverse conversion table, the binary code is supplied to the decoding unit to obtain glyph data, and the glyph data is transmitted to the client. A server characterized by having conversion (30B). A code conversion unit (FIG. 20, 401A) including a conversion table for converting a binary code into a temporal binary code;
A code reverse conversion unit (402A) having a reverse conversion table for converting temporal binary code into binary code;
A table creation unit (403A) for creating the conversion table and the reverse conversion table in order to update the conversion table and the reverse conversion table at a predetermined timing;
A binary code / character code converter for converting a binary code into an N-ary code and converting each digit of the N-code into a character code;
A first address mapping table storage unit comprising a first address mapping table for retrieving corresponding glyph data from the client side font storage unit based on the character code;
A second address mapping table storage unit (AMT) for retrieving corresponding glyph data from the font storage unit on the client side based on the temporal binary code;
An address mapping table creation unit that determines the contents of the second address mapping table storage unit based on the contents of the reverse conversion table, the first address mapping table storage unit, and the binary code / character code conversion unit;
Each time the content of the second address mapping table storage unit is updated, it is transmitted to the client, a binary code is supplied to the code conversion unit to obtain a temporal binary code, and this is transmitted to the client. And a control unit that obtains the binary code by supplying the temporal binary code received from the code reverse conversion unit. In the confidential information leakage prevention method for preventing leakage of data received by the client from the server by an unauthorized person, a display device is coupled to the client (FIG. 1).
A secret character code decoding device comprising a font storage unit and a decoding unit for retrieving the corresponding glyph data from the font storage unit in response to the secret character code;
(A) Perform mutual authentication between the secret character code decryption device and the client and between the client and the server, and if the result is valid,
(B) In response to the request from the client, the server transmits data including a secret character code;
(C) The client sends the secret character code to the secret character code decryption device to request decryption;
(D) The secret character code decoding apparatus has a step of retrieving glyph data corresponding to the secret character code from the font storage unit via the decoding unit in response to the decoding request and transmitting the glyph data to the client A method for preventing leakage of confidential information. In the secret information leakage prevention method for preventing leakage of data received by a client from a server by an unauthorized person, a display device is coupled to the client (FIG. 12).
Based on a conversion unit having a conversion table for converting a character code into a temporal character code, an inverse conversion unit having a reverse conversion table for converting a temporal character code into a character code, and a first address mapping table Any of the decoding unit that extracts the glyph data corresponding to the character code from the font storage unit is coupled to the communication path that couples the server and the client, or is provided in the server,
(A) The character code from the server or the character code at the server is converted into a temporal character code based on the conversion table and transmitted to the client;
(B) In response to a request from the client, a temporal character code is converted into a character code based on the inverse conversion table, the character code is decoded based on the first address mapping table, and glyph data is obtained. To the client,
(C) Updating the conversion table and the inverse conversion table at a predetermined timing.   The conversion unit (FIGS. 13 and 40), the inverse conversion unit (40), and the decoding unit (211a, 211b) are provided in a device (21A), and the device is connected to a communication path between the client and the server. The secret information leakage prevention method according to claim 25, wherein the secret information leakage prevention method is combined.   26. The secret information leakage prevention method according to claim 25, wherein the conversion unit, the inverse conversion unit, and the decryption unit are provided in the server (FIG. 28).   26. The secret according to claim 25, wherein the conversion unit is provided in a server (FIG. 34, 401A), and the inverse conversion unit (41B1) and the decryption unit (211A, 211B) are provided in a font server. Information leakage prevention method. In the secret information leakage prevention method for preventing leakage of data received by the client from the server by an unauthorized person, a display device is coupled to the client (FIGS. 20 and 21).
A conversion unit having a conversion table for converting a character code into a temporal character code, a reverse conversion unit having a reverse conversion table for converting a temporal character code into a character code, and a client-side font based on the character code Any of the first address mapping table storage unit including the first address mapping table for extracting the corresponding glyph data from the storage unit is coupled to or provided in the communication path that couples the server and the client. And
A table update process, a character code conversion process, and a decryption process;
In the table update process,
(A) Updating the conversion table and the reverse conversion table at a predetermined timing, and based on the first address mapping table and the updated reverse conversion table, glyph data corresponding to a temporal character code is converted into the font Updating the second address mapping table for retrieval from the storage unit;
(B) Each time the second address mapping table is updated, this is sent to the client,
In the character code conversion process,
(C) The character code from the server or the character code at the server is converted into a temporal character code based on the conversion table, and the character code is transmitted to the client.
In the decryption process,
(D) The secret information leakage prevention method, wherein the client acquires glyph data corresponding to the temporal character code from the font storage unit based on the second address mapping table. The conversion unit includes a plurality of different conversion tables (FIG. 22),
The inverse conversion unit includes a plurality of the inverse conversion tables corresponding to the plurality of conversion tables (FIG. 23),
In the step (a), one of the plurality of conversion tables is selected according to the column position of the character code string included in the record from the server,
In the client, the column position is associated with the character display area,
The secret information leakage prevention according to claim 25, wherein in step (b), one of the plurality of inverse conversion tables is selected in accordance with the character display area from the temporal character code string from the client. Method.   The secret information leakage according to any one of claims 25 to 30, wherein in the update, a random number is generated and the conversion table or the inverse conversion table is updated based on the random number (FIG. 15). Prevention method.   Mutual authentication is performed between the device having the first address mapping table and the client and between the client and the server, and if the result is not valid, the first address mapping table is rewritten or deleted. (FIG. 4, SB) The secret information leakage prevention method according to any one of claims 25 to 31. In the confidential information leakage prevention method for preventing leakage of data received by the client from the server by an unauthorized person, the client is coupled with a display device,
A conversion unit (FIG. 32A) having a conversion table for converting binary code into temporal binary code, and an inverse conversion unit (FIG. 32A) having an inverse conversion table for converting temporal binary code back into binary code 32 (B)) and a decoding unit that extracts glyph data corresponding to the binary code from the font storage unit are coupled to a communication path that couples the server and the client, or are provided in the server,
(A) converting the binary code from the server or the binary code in the server into a temporal binary code based on the conversion table and sending it to the client;
(B) In response to a request from the client, a temporal binary code is converted into a binary code based on the inverse conversion table, and the decoding unit decodes the binary code to obtain glyph data. Send
(C) Updating the conversion table and the inverse conversion table at a predetermined timing. In the confidential information leakage prevention method for preventing leakage of data received by the client from the server by an unauthorized person, the client is coupled with a display device,
A conversion unit having a conversion table for converting a binary code into a temporal binary code, an inverse conversion unit having an inverse conversion table for converting a temporal binary code into a binary code, and converting the binary code into an N-digit code Address mapping provided with a binary code / character code conversion unit for converting and converting each digit of the N-ary code into a character code, and an address mapping table for extracting corresponding glyph data from the client side font storage unit based on the character code Either of the table storage unit is coupled to a communication path for coupling the server and the client, or is provided in the server,
A table update process, a binary code conversion process and a decryption process;
In the table update process,
(A) Updating the conversion table and the reverse conversion table at a predetermined timing, and based on the address mapping table and the updated reverse conversion table, glyph data corresponding to a temporal binary code is stored in the font storage unit. Update the character drawing section to extract from
(B) Each time the character drawing unit is updated, this is sent to the client,
In the binary code conversion process,
(C) converting the binary code from the server or the binary code at the server into a temporal binary code based on the conversion table and sending it to the client;
In the decryption process,
(D) The secret information leakage prevention method characterized in that the client acquires glyph data corresponding to the temporal binary code from the character drawing unit. An attribute is defined to indicate whether the text character code is a normal character code or a secret character code,
If it is determined that the attribute indicates that it is a normal character code, the operating system or the user's glyph drawing program decrypts the normal character code, and if it is determined that the attribute indicates that it is a secret character code, the external device An application program characterized by having a program for decrypting a secret character code.   The application program is a browser, and the attribute is defined for a font tag used in an HTML file or an XML file.   37. The browser according to claim 35 or 36, wherein the program is a plug-in module. In an application program comprising a program for causing the operating system to decode the ordinary character code in response to the confirmation of the ordinary character code by key input,
An application program comprising: a program for causing an external device to convert the ordinary character code into a secret character code and replacing the ordinary character code with the secret code in response to the end of the decryption.