JP2006311383A - Data managing method, data management system and data managing device - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a data managing method, data management system and data managing device capable of securely storing data in which confidentiality of information is high with small H/W resources. <P>SOLUTION: A data storage system 100 has a distribution data generating means 11, a key encrypting means 12, a storing part 13 and an interface part 14. A data storing method by the system is a method to perform encryption using a Secret Sharing Schemes, uses the Secret Sharing Schemes to generate distribution data Preg (1) to Preg (n - 1) and distribution data P (min) from original data, uses a common key to encrypt the distribution data P (min), generates key encrypted distribution data, and stores the key encrypted distribution data, the distribution data Preg (1) to Preg (n - 1) and common key encrypted data obtained by encrypting the common key by the key encrypting means 12 in the storing part 13. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to a data management method, a data management system, and a data management apparatus.

  An encryption method using key encryption is known (for example, see Patent Document 1). This key encryption has the disadvantages of complicated key management (key update etc.) and vulnerability to long-term storage, and incomplete security (confidentiality).

  The secret sharing method is known as a method for covering the complexity and vulnerability of key encryption, but if there is only one place to store the distributed data (file), each distributed data can be easily collected and Therefore, it is necessary to divide a plurality of physical media or casings at the storage locations of each distributed data. For this reason, there has been a problem that a large amount of investment is required for H / W (hardware).

Japanese Patent Laid-Open No. 10-123949

  An object of the present invention is to provide a data management method, a data management system, and a data management device capable of safely storing data with high confidentiality of information with a small amount of H / W resources.

Such an object is achieved by the present inventions (1) to (28) below.
(1) A data management method for performing encryption using a secret sharing method,
Generating a plurality of shared data from the original data using the secret sharing method;
Encrypting one shared data of the plurality of distributed data using a common key to generate key-encrypted distributed data;
A data management method comprising: storing the key encryption distributed data and the distributed data other than the key encryption distributed data in a storage unit.

(2) decrypting the shared data from the key-encrypted shared data using the common key;
The data management method according to (1), further including a step of restoring the original data from the distributed data other than the key-encrypted distributed data and the decrypted distributed data.

  (3) The data management method according to (1) or (2), further including a step of encrypting the common key with a predetermined public key.

  (4) The data management method according to (3), further including a step of decrypting the common key from the common key encrypted with the public key using a secret key corresponding to the public key.

  (5) The data management method according to any one of (1) to (4), wherein the secret sharing method is based on an AONT (All Or Nothing Transform) method.

(6) The step of generating the plurality of distributed data includes:
Obtaining an exclusive OR X of the original data and a hash value obtained by performing a hash function G on the random number data;
Obtaining an exclusive OR Y of the hash value obtained by processing the hash function H on X and the random number data;
The data management method according to any one of (1) to (5), wherein the X and the Y are combined to obtain encrypted data, and a plurality of distributed data is generated from the encrypted data.

(7) The step of generating the plurality of distributed data includes:
Obtaining an exclusive OR X of the original data and pseudorandom data obtained by performing pseudorandom processing on the random data;
Obtaining an exclusive OR Y of the function data obtained by processing a predetermined function on X and the random number data;
The data management method according to any one of (1) to (5), wherein the X and the Y are combined to obtain encrypted data, and a plurality of distributed data is generated from the encrypted data.

  (8) The data management method according to any one of (5) to (7), wherein the distributed data encrypted using the common key has a preset data amount.

  (9) The distributed data encrypted using the common key has a data amount of a predetermined ratio less than 1 with respect to the data amount of the original data, according to any one of (5) to (8) above Data management method.

  (10) The data management according to any one of (5) to (9), wherein a data amount of the distributed data encrypted using the common key is smaller than a total data amount of the other distributed data. Method.

  (11) Any of the above (5) to (10), wherein the amount of distributed data encrypted using the common key is less than or equal to the amount of distributed data having the largest data amount among the other distributed data The data management method described in Crab.

  (12) Any one of the above (5) to (10), wherein the amount of distributed data encrypted using the common key is equal to or less than the amount of distributed data having the smallest data amount among the other distributed data The data management method described in Crab.

(13) A data management system for performing encryption using a secret sharing method,
Distributed data generation means for generating a plurality of distributed data from the original data using the secret sharing method;
A key encryption unit that encrypts one shared data among the plurality of distributed data using a common key, and generates key-encrypted distributed data;
A first storage unit that stores the distributed data other than the key-encrypted distributed data and the key-encrypted distributed data;
A first electronic device having transfer means for transferring the distributed data other than the key encryption distributed data and the key encryption distributed data;
Receiving means for receiving the distributed data other than the key-encrypted distributed data and the key-encrypted distributed data;
Distributed data decrypting means for decrypting distributed data from the key encryption distributed data using the common key;
A second restoration unit that restores the original data from the shared data other than the key-encrypted shared data and the decrypted distributed data; and a second storage unit that stores the restored original data. A data management system comprising: an electronic device.

(14) The second electronic device has key generation means for generating or inputting at least one of a public key and a secret key that constitute an RSA key pair,
The first electronic device includes a common key encryption unit that performs encryption using the public key and generates common key encrypted data from the common key,
The data management system according to (13), wherein the second electronic device includes a common key decryption unit that decrypts the common key from the common key encrypted data using the secret key.

  (15) The data management system according to (14), wherein the common key encrypted data is stored in the first storage unit.

  (16) The distributed data encrypted using the common key has a preset data amount, or has a data amount with a predetermined ratio less than 1 with respect to the data amount of the original data. The data management system according to any one of (13) to (15) above.

(17) The distributed data generation means includes:
An original data input section for inputting original data;
A random number data generation unit for generating random number data R;
A first function data generation unit that generates a first function data by executing a predetermined function on the random number data R;
A first calculation unit that calculates the exclusive OR of the output of the first function data generation unit and the original data;
A second function data generation unit that generates a second function data by executing a predetermined function on the output X of the first calculation unit;
A second operation unit that calculates an exclusive OR of the output of the second function data generation unit and the random number data R;
A data combining unit that generates encrypted data by combining the output X and the output Y of the second arithmetic unit;
(13) to (13) including a dividing unit that divides the encrypted data into a plurality of distributed data including one distributed data that is encrypted using the common key and one or more other distributed data. The data management system according to any one of (16).

(18) The distributed data generation means includes:
An original data input section for inputting original data;
A random number data generation unit for generating random number data R;
A pseudo-random number generator that generates pseudo-random data by performing pseudo-random processing on the random number data R;
A first calculation unit that calculates the exclusive OR of the output of the pseudorandom number generation unit and the original data;
A function data generation unit that generates a function data by executing a predetermined function on the output X of the first calculation unit;
A second operation unit that calculates an exclusive OR of the output of the function data generation unit and the random number data R;
A data combining unit that generates encrypted data by combining the output X and the output Y of the second arithmetic unit;
(13) to (13) including a dividing unit that divides the encrypted data into a plurality of distributed data including one distributed data that is encrypted using the common key and one or more other distributed data. The data management system according to any one of (16).

  (19) The data management system according to (17) or (18), wherein the predetermined function is a hash function.

(20) A data management device that performs encryption using a secret sharing method,
Distributed data generation means for generating a plurality of distributed data from the original data using the secret sharing method;
A key encryption unit that encrypts one shared data among the plurality of distributed data using a common key, and generates key-encrypted distributed data;
A data management apparatus comprising: a storage unit that stores the distributed data other than the key encryption distributed data and the key encryption distributed data.

  (21) The data management apparatus according to (20), further including a common key encryption unit that generates common key encrypted data from the common key using a predetermined public key.

(22) having a secret key corresponding to the public key;
The data management apparatus according to (21), further including a common key decryption unit that decrypts the common key from the common key encrypted data using the secret key.

(23) distributed data decrypting means for decrypting the distributed data from the key-encrypted distributed data using the common key;
The data management device according to any one of (20) to (22), further including data restoration means for restoring the original data from the shared data other than the key-encrypted shared data and the decrypted shared data.

  (24) The distributed data encrypted using the common key has a data amount set in advance, or has a data amount with a predetermined ratio less than 1 with respect to the data amount of the original data. The data management device according to any one of the above (20) to (23).

  (25) The data management device according to any one of (20) to (24), further including means for generating or inputting at least one of a public key and a secret key that constitute an RSA key pair.

(26) The distributed data generation means includes:
An original data input section for inputting original data;
A random number data generation unit for generating random number data R;
A first function data generation unit that generates a first function data by executing a predetermined function on the random number data R;
A first calculation unit that calculates the exclusive OR of the output of the first function data generation unit and the original data;
A second function data generation unit that generates a second function data by executing a predetermined function on the output X of the first calculation unit;
A second operation unit that calculates an exclusive OR of the output of the second function data generation unit and the random number data R;
A data combining unit that generates encrypted data by combining the output X and the output Y of the second arithmetic unit;
(20) to (20) having a dividing unit that divides the encrypted data into a plurality of distributed data including one distributed data that is encrypted using the common key and one or more other distributed data. (25) The data management device according to any one of (25).

(27) The distributed data generation means includes:
An original data input section for inputting original data;
A random number data generation unit for generating random number data R;
A pseudo-random number generator that generates pseudo-random data by performing pseudo-random processing on the random number data R;
A first calculation unit that calculates the exclusive OR of the output of the pseudorandom number generation unit and the original data;
A function data generation unit that generates a function data by executing a predetermined function on the output X of the first calculation unit;
A second operation unit that calculates an exclusive OR of the output of the function data generation unit and the random number data R;
A data combining unit that generates encrypted data by combining the output X and the output Y of the second arithmetic unit;
(20) to (20) having a dividing unit that divides the encrypted data into a plurality of distributed data including one distributed data that is encrypted using the common key and one or more other distributed data. (25) The data management device according to any one of (25).

  (28) The data management device according to (26) or (27), wherein the predetermined function is a hash function.

According to the present invention, distributed data and key-encrypted distributed data are generated and stored in one storage unit, so that highly confidential data can be safely stored with less H / W resources. In addition, since only one distributed data among a plurality of distributed data is encrypted using a common key, the amount of data to be encrypted is small, and thus processing can be performed at a high speed without degrading security. Can be

  Also, by using the AONT (All Or Nothing Transform) method among secret sharing methods, the amount of distributed data to be encrypted can be set as desired, and in particular, it can be set to a relatively small amount of data. And the effects described above are more remarkably exhibited. Furthermore, in AONT, it is possible to increase the processing speed by using pseudo random number processing.

  Hereinafter, a data management method (data storage method), a data management system (data storage system), and a data management device (data storage device) according to the present invention will be described in detail with reference to the accompanying drawings.

FIG. 1 is a block diagram illustrating an embodiment of a data management (storage) system.
As illustrated in FIG. 1, the data storage system 100 performs data communication via an open network 30 such as an Internet line, and includes a server 10 and a client 20.

  The server 10 performs encryption processing on the original data (data to be encrypted) to create encrypted data and stores it in a predetermined location, and the client 20 performs the above-described encryption as necessary. The obtained data is taken out from a predetermined place and the original data is decoded.

Hereinafter, each of these components will be described sequentially.
The server 10 includes a distributed data generation unit 11, an encryption unit 12, a storage unit 13, and an interface unit 14.

  The distributed data generation means 11 generates a total of n (where n is an integer of 2 or more) distributed data using Secret Sharing Schemes for the input original data (secret information D). . In this case, the distributed data includes (n−1) pieces of distributed data Preg (1) to Preg (n−1) and one piece of distributed data P (min).

  The data amount V (min) of the shared data P (min) varies depending on the type of secret sharing method described later. In the case of AONT, which will be described later, the data amount V (min) is less than the data amount of the original data, and in particular, a relatively small amount (for example, ½ or less (less than) the original data amount). Can do. For example, as a first case, the data amount V (min) of the distributed data P (min) is smaller than the total data amount of the other distributed data Preg (1) to Preg (n−1) (for example, 1/2 Or less (less than, 1/3 or less) can be set (set), and as a second case, the data amount V (min) is distributed data Preg (1) to Preg (n-1). The data amount V (min) can be set (or set) below (less than) the data amount of the distributed data having the largest data amount among them. As a third case, the data amount V (min) is distributed data Preg (1) to Preg (n -1) can be set (set) below (less than) the data amount of the distributed data with the smallest data amount. When the data amount V (min) of the distributed data P (min) is set in this way, the shared data P (min) is encrypted using a common key (key encryption distributed data is generated) and the key encryption When the distributed data is decrypted to obtain the distributed data P (min), the processing can be performed more quickly and in a short time, and as a result, the entire processing time can be greatly shortened.

  Here, the secret sharing method is a method of managing one secret information (secret) by distributing it to a plurality of shared information (shares), and is a method capable of improving the security of the secret information. This secret sharing method includes the so-called Shamir secret sharing method and the AONT (All Or Nothing Transform) method using a distributed algorithm with a variable amount of data (reference: V. Boyko, “On the security properties of OAEP as an all-or-nothing transform, “Advances in Cryptology-CRYPTO '99, Lecture Notes in Computer Science, vol. 1666, pp. 503-518, 1999.)

  In the former, the secret information is distributedly encoded into n pieces (where n is an integer of 2 or more) of shared information (share) and k pieces of arbitrary pieces of shared information can be collected to restore the original secret information. Even if k-1 or less pieces of shared information are collected, the original secret information cannot be restored. In addition, partial information of the secret information is not known even when looking at each of the plurality of shared information (shares).

At this time, the shared information w _i (i = 1, 2,..., N) uses the secret information D, the prime number p, and the random number data R _j (j = 1, 2,..., K−1). The k-1 order polynomial (1) can be expressed as the following equation (2). At this time x _i does not contain the same value.
w _i = f (x _i ) (i = 1, 2,..., n) (1)
f (x) = S + r ₁ x + r ₂ x ² +... + r _k−1 x ^k−1 (mod p) (2)
Here, mod indicates a remainder.

The principle of the secret sharing method is explained using these equations as follows.
In the expression (1), when y = f (x), the secret information D indicates the y-axis intercept. Since equation (1) is a k−1 order polynomial, when k pieces of distributed information w _i (i = 1, 2,..., N) are gathered, the polynomial y = f (x ) Is uniquely determined. However, if only k−1 pieces of distributed information are collected, only k−1 coordinate points are known, and a polynomial cannot be obtained uniquely. Therefore, there is a possibility of passing through all y-axis intercepts. Therefore, the secret information D cannot be decrypted.

  By using the above secret sharing method, partial information leakage due to each of the divided shared information can be effectively prevented.

  The latter (AONT) is executed by the method (distributed data generating means) shown in FIG. As shown in FIG. 8, the distributed data generation unit 11 includes an original data input unit 50 that inputs secret information (original data to be concealed) D, a random number data generation unit 51 that generates random number data R, and a hash function G. (Here, the hash function is a function for summarizing a sequence of character strings such as documents and numbers into fixed-length (fixed-length) data) and generates a hash value (function data) A first hash value generation unit (first function data generation unit) 52, a first calculation unit 53 that calculates exclusive OR [Q +], and a hash function H are executed to generate a hash value (function data). A second hash value generation unit (second function data generation unit: function data generation unit) 54, a second calculation unit 55 that calculates an exclusive OR [Q +], an output X and a second value of the first calculation unit 53 The output Y of the calculation unit 55 is determined by a predetermined method. And a data combining unit 56 for generating encrypted data by combining them.

And the outputs X and Y are
X = G (R) [Q +] D
Y = H (X) [Q +] R = H (G (R) [Q +] D) [Q +] R
It is represented by

  The X and Y are combined by a predetermined method to create encrypted data for transfer. This makes it possible to create encrypted data that cannot be easily decrypted by a third party.

  This encrypted data can be divided into a plurality of distributed data (distributed information) by a predetermined dividing means (not shown). That is, a plurality of distributed data is generated.

  For example, when the total amount of encrypted data is 10,000 bytes, the encrypted data is divided (generated a plurality of distributed data) from the first byte to the a byte, from the a + 1 byte to the b byte, .... From the z-th byte to the 10000th byte (however, 1 <a <b <... <Z <10000), a method that simply divides the data into two or three or more is employed. be able to. Of course, other methods may be adopted.

  In AONT, the number of distributed data and the size (data amount) of each distributed data can be freely set, and the total data amount of all the distributed data is almost equal to the data amount of the original data (secret information D). It has the feature of becoming. Because of this feature, in the present invention, it is preferable to use the secret sharing method by AONT. This is because the data amount V (min) of the distributed data P (min) can be easily set as described above.

  The data amount V (min) of the distributed data P (min) can be set by the following method, for example.

[1] The data amount V (min) is set to a constant value. In this case, the set value of the data amount V (min) is set to a sufficiently small value (for example, ½ or less) as compared with the lower limit value AS (min) of the assumed range of the data amount AS of the original data. Is less than or equal to 1/3 of the lower limit value AS (min), more preferably about 1/10000 to 1/5. For example, when the data amount AS of the original data is assumed to be about 20 kbytes to 100 Mbytes, the data amount V (min) is set to a value of 10 kbytes or less.

  When [1] is adopted, the data amount data amount V (min) of the distributed data P (min) is always fixed to a constant value (and a relatively small value) regardless of the data amount AS of the original data. be able to. Thereby, there is an advantage that the processing speed (processing time) of encryption and decryption of the distributed data P (min) can be made constant and the processing can be performed in a short time.

[2] The data amount V (min) is a value corresponding to the data amount AS of the original data. In this case, the data amount AS is grasped by some method, for example, a data amount detection means (not shown), and the data amount V (min) is set to a predetermined ratio (however, less than 1) with respect to the data amount AS. For example, the data amount V (min) = the data amount AS × k (where k = 0.0001 to 0.5 (or less than 0.5)). In this case, k may be a fixed value or a value that varies depending on various conditions (for example, the magnitude of AS or the magnitude of n).

  When [2] is adopted, even when the data amount AS of the original data is relatively small, there is an advantage that the processing speed of the encryption and decryption of the distributed data P (min) can be increased accordingly. is there.

[3] A combination of the above [1] and [2]. For example, when the data amount AS is detected and the value is equal to or greater than a predetermined threshold (for example, 10 kbytes), the above [1] is adopted, and when the value is less than the threshold, the above [2] Is adopted.

  When [3] is adopted, the advantages of [1] and [2] can be obtained.

  In the distributed data generation unit 11 shown in FIG. 8, the first hash value generation unit 52 and the second hash value generation unit 54 perform processing using a hash function, but the present invention is not limited to this. Other functions can be used.

  Further, in the distributed data generation unit 11 shown in FIG. 8, the first hash value generation unit 52 can be replaced with a pseudo random number data generation unit 57 that performs pseudo random number processing. The pseudo random number data generation unit 57 performs pseudo random number processing on the random number data R to generate and output pseudo-random number data. Thereafter, the same processing as described above is performed, encrypted data is generated from the outputs X and Y, and a plurality of distributed data is generated in the same manner as described above. Here, the data amount of the output Y can be the same as the data amount of the random number data R.

  The details of the configuration using this pseudo-random number processing are disclosed in the specification and claims of the PCT / JP2005 / 006903 application filed by the applicant of the present application, and the contents of the PCT application are applied to the present invention. can do.

  Here, “pseudo-random number processing” refers to a process in which a polynomial calculation computer (CPU 101 described later in the present embodiment) outputs a sequence that cannot be distinguished from random numbers, and the number contained in this sequence is represented by (cryptographic) ) Pseudorandom number. More specifically, the “pseudo random number” refers to a number included in a number sequence obtained by deterministic calculation. The pseudo random number process is a distributed algorithm with a variable data amount, and the number and size of the pseudo random number data to be generated can be arbitrarily set.

  Thus, instead of the first hash value generation unit 52, the pseudo random number data generation unit 57 performs the pseudo random number processing, so that the hash value is obtained using the hash function as follows. There are advantages.

  That is, when the hash function (first hash value generation unit 52) is used, the hash value output in one process has a fixed length. If the data is 0.1 Mbytes and the hash function is 160 bits, it is necessary to perform hash processing of 650 times or more). On the other hand, when performing the pseudo random number process, the pseudo random number data can be generated from the random number data R by a single calculation process.

  Therefore, when the pseudo random number data generation unit 52 is configured to perform the pseudo random number process, it is possible to generate pseudo random number data with high safety (which cannot be identified by a third party) with a small number of calculations. Thereby, since the processing of the server 10 can be speeded up without reducing the safety, the burden of the arithmetic processing of the server 10 can be reduced. As a result, the data processing speed of the data archiving system 100 and the data transmission / reception speed are remarkably increased, and it is advantageous to cope with the higher speed. In particular, according to the present invention, for example, in the case of a large amount of data such as still image data or moving image data, the advantage of such high speed is large and advantageous.

  The distributed data generation means 11 as described above outputs the distributed data Preg (1) to Preg (n-1) among the generated distributed data to the storage unit 13, and encrypts the distributed data P (min). Output to means 12.

FIG. 2 is a block diagram illustrating a configuration example of the key encryption unit.
The key encryption unit 12 includes a common key generation unit 121, a distributed data encryption unit 122, and a common key encryption unit 123.

  The common key generation unit 121 generates a common key that uses the same key for encryption and decryption. The common key generated here is input to the distributed data encryption unit 122 and the common key encryption unit 123, respectively.

  The distributed data encryption unit 122 encrypts the distributed data P (min) using a common key, and generates key encryption distributed data.

  The common key encryption unit 123 encrypts the common key using a public key generated by the key generation unit 22 described later, and generates common key encrypted data.

Returning again to FIG.
The storage unit 13 stores the distributed data Preg (1) to Preg (n−1) output from the distributed data generation unit 11 and the key encryption shared data and the common key encrypted data generated by the key encryption unit 12. Store.

  The interface unit 14 communicates with the client 20 via the open network 30 (but not limited to open ones), distributed data Preg (1) to Preg (n-1), key encryption distributed data, common key encryption. Various data such as digitized data is transmitted and received.

  The client 20 includes an interface unit 21, a key generation unit 22, a key decryption unit 23, a data restoration unit 24, and a storage unit 25.

  The interface unit 21 transmits and receives various data such as distributed data Preg (1) to Preg (n-1), key encryption distributed data, and common key encrypted data to and from the server 10 via the open network 30.

  The key generation unit 22 generates a public key and a secret key using an RSA (Rivest Shamir Adleman) key encryption method, outputs the public key to the server 10, and outputs the secret key to the key decryption unit 23.

FIG. 3 is a block diagram showing a configuration example of the key decryption means.
The key decryption unit 23 includes a common key decryption unit 231 and a distributed data decryption unit 232.

  The common key decryption unit 231 uses the secret key generated and input by the key generation unit 22 and extracts (decrypts) the common key from the common key encrypted data received from the server 10 and stored in the storage unit 25. .

  When the key encryption distributed data is input, the distributed data decryption unit 232 decrypts the distributed data P (min) using the common key decrypted by the common key decryption unit 231.

Returning again to FIG.
The data restoration unit 24 restores the original data from the decrypted distributed data P (min) and Preg (1) to Preg (n−1), and outputs the original data to the storage unit 25.
The storage unit 25 stores the restored original data.

Next, a hardware configuration example of the server 10 is shown.
FIG. 4 is a diagram illustrating a hardware configuration example of the server embodiment.

  The server 10 includes a central processing unit (CPU) 101, a read only memory (ROM) 102, a random access memory (RAM) 103, a hard disk drive (HDD) 104, an interface (I / F) 105, a graphic device 106, and an input device. 107, a bus 108, and a monitor (display device) 111.

  Here, the CPU 101 executes various arithmetic processes according to a program stored in the HDD 104 and controls each unit of the server 10.

The ROM 102 stores basic programs executed by the CPU 101.
The RAM 103 temporarily stores at least part of an OS (Operating System) program and application programs to be executed by the CPU 101. The RAM 103 stores various data necessary for processing by the CPU 101. The HDD 104 stores an OS and application programs.

  The I / F 105 changes the expression format of the data input from the input device 107 and inputs it, and transmits / receives data to / from the open network 30 according to a predetermined protocol.

  A monitor 111 is connected to the graphic device 106. The graphic device 106 displays an image on the screen of the monitor 111 in accordance with a command from the CPU 101.

  The input device 107 includes, for example, a keyboard and a mouse, and generates and outputs data corresponding to a user operation.

  With the hardware configuration as described above, the processing functions of the present embodiment can be realized. Although FIG. 4 shows an example of the hardware configuration of the server 10, the client 20 can also be realized with the same hardware configuration.

Next, a data storage method using the data storage system 100 will be described.
FIG. 5 is a flowchart for explaining preprocessing of the data management (storage) system.

  In the following, a case where a total of two pieces of shared data, that is, one shared data Preg (1) (when n = 1) and the shared data P (min) are generated will be described.

  First, the key generation means 22 of the client 20 generates an RSA key pair, that is, a public key and a secret key using an RSA key encryption method (step S11).

  Next, the client 20 transfers the generated public key to the server 10 and stores the secret key in the storage unit 25 (step S12).

On the other hand, the server 10 stores the public key transferred from the client 20 in the storage unit 13 (step S13).
Thus, the preprocessing is completed.

Next, the encryption process of the data storage system 100 will be described.
FIG. 6 is a flowchart for explaining the encryption processing of the data management (storage) system.

  When performing encryption, first, the distributed data generation means 11 reads the original data stored in the storage unit 13 (step S21).

  Next, the data amount of the original data is detected by a data amount detection unit (not shown), and the distributed data generation unit 11 determines the distributed data Preg (1) and the distributed data P (min) according to the detected data amount of the original data. ) Is generated (step S22).

  At this time, the data amount V (min) of the distributed data P (min) may be set according to any of the methods [1] to [3]. However, in the present embodiment, the above [3] is adopted. Further, among the first to third cases, a third case is adopted. That is, for example, when the data amount AS of the original data is less than 10 kbytes, the data amount V (min) = data amount AS × 0.2 is set, and when the data amount AS is 10 kbytes or more, the data The amount V (min) is set (fixed) to 2 kbytes. According to this method, regardless of the value of the data amount AS, the relationship of data amount AS> data amount of distributed data Preg (1)> data amount V (min) is satisfied.

  Next, the distributed data encryption unit 122 encrypts the distributed data P (min) generated by the distributed data generation unit 11 using the common key input from the common key generation unit 121, and the key Cryptographic distributed data is generated (step S23).

  Next, the common key encryption unit 123 encrypts the common key input from the common key generation unit 121 using the public key stored in the storage unit 13, and generates common key encrypted data (step). S24).

Next, the distributed data Preg (1), the key encryption shared data, and the common key encrypted data are stored in the storage unit 13 (step S25).
The original data encryption process is thus completed.

  In this embodiment, after generating the key encryption distributed data, the common key encrypted data is generated. However, after generating the common key encrypted data, the key encryption distributed data may be generated, or the key encryption data may be generated. The common key encrypted data may be generated simultaneously with the generation of the distributed data.

Next, the decryption process of the data storage system 100 will be described.
FIG. 7 is a flowchart for explaining the decryption process of the data management (storage) system.

  When restoring the original data, first, the client 20 acquires the distributed data Preg (1), the key encryption distributed data, and the common key encrypted data stored in the storage unit 13 (step S31). .

  Next, the common key decryption unit 231 extracts the common key from the common key encrypted data using the secret key (step S32).

  Next, when the key encryption shared data is input, the distributed data decryption unit 232 decrypts the distributed data P (min) using the common key decrypted by the common key decryption unit 231 (step S33). .

Next, the data restoration unit 24 restores the original data from the decrypted distributed data P (min) and the distributed data Preg (1), and outputs and stores the original data to the storage unit 25 (step S34).
This is the end of the original data decoding process.

  As described above, according to the data storage system 100, the distributed data Preg (1) to Preg (n-1), the key encryption distributed data (encrypted distributed data P (min)), the common key By generating encrypted data (encrypted key data), the confidentiality of information can be improved. In addition, these data cannot be restored from individual data unless proper processing is performed. Therefore, safety (security) is maintained even if these data are stored in the same resource, particularly the same personal computer. Furthermore, even if these data are stored in one place, that is, in the same storage unit (storage unit 13), safety is similarly secured. As a result, the capacity of the storage unit 13 can be reduced, that is, data can be safely stored with a small amount of H / W (hardware) resources, and the storage of original data and storage of original data Can be quickly restored.

  Further, since the generated distributed data Preg (1) to Preg (n-1) and the distributed data P (min) itself maintain high security, data transfer can be easily performed.

  Further, by generating the shared data P (min) during the secret sharing process of the original data and encrypting only the distributed data P (min) with the common key, all the distributed data P (n) is encrypted with the common key. The processing speed of encryption and decryption can be remarkably improved without degrading safety as compared with the case of making it. Then, by setting the data amount of the distributed data P (min) as desired, that is, by setting the data amount to be relatively small, the processing speed of encryption and decryption can be further improved. Processing time can be shortened.

  Further, the data amount of the distributed data P (min) can be set without being affected by the size of the original data, and in particular, the data amount can be fixed to a constant value. The time required for conversion and decoding can be made constant. As a result, fluctuations in the overall processing time can be suppressed.

  When the pseudo-random number processing as described above is used in the generation of the distributed data, the speed of the distributed data creation processing by the method and the speed of the processing in the encryption of the distributed data P (min) are increased. As a result, the overall processing time can be greatly shortened.

  The data management method (data storage method), data management system (data storage system), and data management device (data storage device) of the present invention have been described based on the illustrated embodiment, but the present invention is not limited to this. However, the configuration of each part can be replaced with any configuration having the same function, and any other configuration may be added.

  In addition, the data management method of the present invention includes the distributed data Preg (1) to Preg (n−1) generated by the server 10 without going through the open network 30, the key encrypted shared data, the common key encrypted data, However, the present invention can also be applied when it is stored in a computer-readable recording medium (storage medium) and input to the client 20.

  Examples of the computer-readable recording medium include a magnetic recording device, an optical disk, a magneto-optical recording medium, and a semiconductor memory. Examples of the magnetic recording device include a hard disk device (HDD), a flexible disk (FD), and a magnetic tape. Examples of the optical disc include a DVD (Digital Versatile Disc), a DVD-RAM (Random Access Memory), a CD-ROM (Compact Disc Read Only Memory), and a CD-R (Recordable) / RW (ReWritable). Magneto-optical recording media include MO (Magneto-Optical disk).

  In this embodiment, the distributed data P (reg), the key encryption distributed data, and the common key encrypted data are transferred from the server 10 to the client 20, but the present invention is not limited to this. For example, the client 20 The data may be transferred to the server 10.

  In the present invention, a plurality of server devices may be provided, or a plurality of client devices may be provided.

  Moreover, in the said embodiment, although the common key which the common key production | generation means 121 produced | generated was used, you may use not only this but the common key produced | generated outside. In this case, a common key input unit is provided instead of the common key generation unit 121.

  In the above embodiment, the public key and the secret key generated by the key generation unit 22 are used. However, the present invention is not limited to this, and at least one of the public key and the secret key may be an externally generated key. Good. In this case, a key input unit is provided together with or instead of the key generation unit 22. The server 10 side may have this key input means. For example, one or both of the interface units 14 and 21 may constitute a key input unit.

  Further, a part of the distributed data Preg (1) to Preg (n-1) and the distributed data P (min) (or key encryption distributed data) is transferred via the open network 30 or the like, and the storage unit 13 or 25 may be stored.

  The present invention can also be applied to other uses other than the open network 30 (for example, a closed network (private line)).

  The present invention can also be applied when, for example, secret data stored in a storage medium in a computer is stored in another storage medium in the computer, for example.

1 is a block diagram illustrating an embodiment of a data management (storage) system. It is a block diagram which shows a key encryption means. It is a block diagram which shows a key decryption means. It is a figure which shows the hardware structural example of the server of embodiment. It is a flowchart explaining the pre-processing of a data management (storage) system. It is a flowchart explaining the encryption process of a data management (storage) system. It is a flowchart explaining the decoding process of a data management (storage) system. It is a figure which shows the structural example of the distributed data production | generation means in this invention, and is a block diagram which shows the encryption method (encryption system) by the AONT (All Or Nothing Transform) method in detail.

Explanation of symbols

DESCRIPTION OF SYMBOLS 10 ... Server 11 ... Distributed data generation means 12 ... Key encryption means 13 ... Storage part 14 ... Interface part 20 ... Client 21 ... Interface part 22 ... Key generation Means 23: Key decryption means 24 ... Data restoration means 25 ... Storage unit 30 ... Open network 50 ... Original data input unit 51 ... Random number data generation unit 52 ... First Hash value generation unit 53... First calculation unit 54... Second hash value generation unit 55... Second calculation unit 56. Data storage system 101 ... CPU
102 ... ROM
103 ... RAM
104 ... HDD
105 ... I / F
106 ... Graphic device 107 ... Input device 108 ... Bus 111 ... Monitor 121 ... Common key generation means 122 ... Distributed data encryption means 123 ... Common key encryption means 231 ··· Common key decryption means 232 ··· Distributed data decryption means S11 to S13 ··· Step S21 to S25 ··· Step S31 to S34 ··· Step Preg (1) to Preg (n-1) ··· -Distributed data P (min)-Distributed data D-Secret information (original data to be kept secret)
R ... Random number data G, H ... Hash function
[Q +] ... Exclusive OR X, Y ... Output

Claims (28)

A data management method for performing encryption using a secret sharing method,
Generating a plurality of shared data from the original data using the secret sharing method;
Encrypting one shared data of the plurality of distributed data using a common key to generate key-encrypted distributed data;
A data management method comprising: storing the key encryption distributed data and the distributed data other than the key encryption distributed data in a storage unit. Decrypting the shared data from the key-encrypted shared data using the common key;
The data management method according to claim 1, further comprising: restoring the original data from the distributed data other than the key-encrypted distributed data and the decrypted distributed data.   The data management method according to claim 1, further comprising a step of encrypting the common key with a predetermined public key.   The data management method according to claim 3, further comprising the step of decrypting the common key from the common key encrypted with the public key using a secret key corresponding to the public key.   5. The data management method according to claim 1, wherein the secret sharing method is based on an AONT (All Or Nothing Transform) method. The step of generating the plurality of distributed data includes:
Obtaining an exclusive OR X of the original data and a hash value obtained by performing a hash function G on the random number data;
Obtaining an exclusive OR Y of the hash value obtained by processing the hash function H on X and the random number data;
The data management method according to claim 1, wherein the X and the Y are combined to obtain encrypted data, and a plurality of distributed data is generated from the encrypted data. The step of generating the plurality of distributed data includes:
Obtaining an exclusive OR X of the original data and pseudorandom data obtained by performing pseudorandom processing on the random data;
Obtaining an exclusive OR Y of the function data obtained by processing a predetermined function on X and the random number data;
The data management method according to claim 1, wherein the X and the Y are combined to obtain encrypted data, and a plurality of distributed data is generated from the encrypted data.   8. The data management method according to claim 5, wherein the distributed data encrypted using the common key has a preset data amount.   The data management method according to claim 5, wherein the distributed data encrypted using the common key has a data amount with a predetermined ratio of less than 1 with respect to the data amount of the original data.   The data management method according to any one of claims 5 to 9, wherein a data amount of the distributed data encrypted using the common key is smaller than a total data amount of the other distributed data.   The data management according to any one of claims 5 to 10, wherein the amount of distributed data encrypted using the common key is equal to or less than the amount of distributed data having the largest data amount among the other distributed data. Method.   11. The data management according to claim 5, wherein the amount of distributed data encrypted using the common key is equal to or less than the amount of distributed data having the smallest data amount among the other distributed data. Method. A data management system that performs encryption using a secret sharing method,
Distributed data generation means for generating a plurality of distributed data from the original data using the secret sharing method;
A key encryption unit that encrypts one shared data among the plurality of distributed data using a common key, and generates key-encrypted distributed data;
A first storage unit that stores the distributed data other than the key-encrypted distributed data and the key-encrypted distributed data;
A first electronic device having transfer means for transferring the distributed data other than the key encryption distributed data and the key encryption distributed data;
Receiving means for receiving the distributed data other than the key-encrypted distributed data and the key-encrypted distributed data;
Distributed data decrypting means for decrypting distributed data from the key encryption distributed data using the common key;
A second restoration unit that restores the original data from the shared data other than the key-encrypted shared data and the decrypted distributed data; and a second storage unit that stores the restored original data. A data management system comprising: an electronic device. The second electronic device has key generation means for generating or inputting at least one of a public key and a private key constituting an RSA key pair,
The first electronic device includes a common key encryption unit that performs encryption using the public key and generates common key encrypted data from the common key,
The data management system according to claim 13, wherein the second electronic device has a common key decryption unit that decrypts the common key from the common key encrypted data using the secret key.   The data management system according to claim 14, wherein the common key encrypted data is stored in the first storage unit.   The distributed data encrypted using the common key has a data amount set in advance, or has a data amount with a predetermined ratio less than 1 with respect to the data amount of the original data. The data management system according to any one of claims 13 to 15. The distributed data generation means includes
An original data input section for inputting original data;
A random number data generation unit for generating random number data R;
A first function data generation unit that generates a first function data by executing a predetermined function on the random number data R;
A first calculation unit that calculates the exclusive OR of the output of the first function data generation unit and the original data;
A second function data generation unit that generates a second function data by executing a predetermined function on the output X of the first calculation unit;
A second operation unit that calculates an exclusive OR of the output of the second function data generation unit and the random number data R;
A data combining unit that generates encrypted data by combining the output X and the output Y of the second arithmetic unit;
17. A dividing unit that divides the encrypted data into a plurality of distributed data including one distributed data that is encrypted using the common key and one or more other distributed data. A data management system according to any of the above. The distributed data generation means includes
An original data input section for inputting original data;
A random number data generation unit for generating random number data R;
A pseudo-random number generator that generates pseudo-random data by performing pseudo-random processing on the random number data R;
A first calculation unit that calculates the exclusive OR of the output of the pseudorandom number generation unit and the original data;
A function data generation unit that generates a function data by executing a predetermined function on the output X of the first calculation unit;
A second operation unit that calculates an exclusive OR of the output of the function data generation unit and the random number data R;
A data combining unit that generates encrypted data by combining the output X and the output Y of the second arithmetic unit;
17. A dividing unit that divides the encrypted data into a plurality of distributed data including one distributed data that is encrypted using the common key and one or more other distributed data. A data management system according to any of the above.   The data management system according to claim 17 or 18, wherein the predetermined function is a hash function. A data management device that performs encryption using a secret sharing method,
Distributed data generation means for generating a plurality of distributed data from the original data using the secret sharing method;
A key encryption unit that encrypts one shared data among the plurality of distributed data using a common key, and generates key-encrypted distributed data;
A data management apparatus comprising: a storage unit that stores the distributed data other than the key encryption distributed data and the key encryption distributed data.   21. The data management apparatus according to claim 20, further comprising a common key encryption unit that generates common key encrypted data from the common key using a predetermined public key. Having a private key corresponding to the public key;
The data management apparatus according to claim 21, further comprising a common key decryption unit configured to decrypt the common key from the common key encrypted data using the secret key. Distributed data decrypting means for decrypting the distributed data from the key-encrypted distributed data using the common key;
The data management apparatus according to any one of claims 20 to 22, further comprising a data restoration unit that restores the original data from the shared data other than the key-encrypted shared data and the decrypted shared data.   The distributed data encrypted using the common key has a data amount set in advance, or has a data amount with a predetermined ratio less than 1 with respect to the data amount of the original data. The data management apparatus according to any one of claims 20 to 23.   The data management apparatus according to any one of claims 20 to 24, further comprising means for generating or inputting at least one of a public key and a private key constituting an RSA key pair. The distributed data generation means includes
An original data input section for inputting original data;
A random number data generation unit for generating random number data R;
A first function data generation unit that generates a first function data by executing a predetermined function on the random number data R;
A first calculation unit that calculates the exclusive OR of the output of the first function data generation unit and the original data;
A second function data generation unit that generates a second function data by executing a predetermined function on the output X of the first calculation unit;
A second operation unit that calculates an exclusive OR of the output of the second function data generation unit and the random number data R;
A data combining unit that generates encrypted data by combining the output X and the output Y of the second arithmetic unit;
26. A dividing unit that divides the encrypted data into a plurality of distributed data including one distributed data to be encrypted using the common key and one or more other distributed data. The data management apparatus in any one of. The distributed data generation means includes
An original data input section for inputting original data;
A random number data generation unit for generating random number data R;
A pseudo-random number generator that generates pseudo-random data by performing pseudo-random processing on the random number data R;
A first calculation unit that calculates the exclusive OR of the output of the pseudorandom number generation unit and the original data;
A function data generation unit that generates a function data by executing a predetermined function on the output X of the first calculation unit;
A second operation unit that calculates an exclusive OR of the output of the function data generation unit and the random number data R;
A data combining unit that generates encrypted data by combining the output X and the output Y of the second arithmetic unit;
26. A dividing unit that divides the encrypted data into a plurality of distributed data including one distributed data to be encrypted using the common key and one or more other distributed data. The data management apparatus in any one of. 28. The data management apparatus according to claim 26 or 27, wherein the predetermined function is a hash function.

Images