JP2007233796A - Data protection system and data protection method for data protection system - Google Patents

Data protection system and data protection method for data protection system Download PDF

Info

Publication number
JP2007233796A
JP2007233796A JP2006055832A JP2006055832A JP2007233796A JP 2007233796 A JP2007233796 A JP 2007233796A JP 2006055832 A JP2006055832 A JP 2006055832A JP 2006055832 A JP2006055832 A JP 2006055832A JP 2007233796 A JP2007233796 A JP 2007233796A
Authority
JP
Japan
Prior art keywords
data
storage means
fragmented
divided
protection system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
JP2006055832A
Other languages
Japanese (ja)
Inventor
Hiroyuki Asahi
Hitomi Fujisaki
裕之 朝日
仁美 藤崎
Original Assignee
Matsushita Electric Ind Co Ltd
松下電器産業株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Matsushita Electric Ind Co Ltd, 松下電器産業株式会社 filed Critical Matsushita Electric Ind Co Ltd
Priority to JP2006055832A priority Critical patent/JP2007233796A/en
Publication of JP2007233796A publication Critical patent/JP2007233796A/en
Pending legal-status Critical Current

Links

Images

Abstract

When an information processing apparatus storing data is stolen, the data in the information processing apparatus may be leaked.
An information processing apparatus storing data by dividing one digital data into two or more fragmented data and further dividing the fragmented data into a plurality of storage means for storage. Provide a data protection system that can prevent data leakage even if the user is stolen.
[Selection] Figure 1

Description

  The present invention divides one digital data into two or more fragmented data, and further divides the fragmented data into a plurality of storage means and stores the information, so that even if the information processing apparatus is stolen, The present invention relates to a data protection system capable of preventing data stored in a processing apparatus from being leaked and further preventing voyeurism by a camera.

  In recent years, as information processing devices become lighter and smaller, not only mobile phones and PDAs (Personal Digital Assistants), but also notebook computers, especially small and light, are called mobile computers, and are often taken out outdoors. It came to be done.

  On the other hand, taking the information processing device outdoors always involves a risk of leakage of personal information and confidential information stored in the information processing device due to theft of the information processing device. For this reason, companies generally require information processing devices to be taken outdoors to operate various security functions such as a password at startup and a hard disk lock function in order to prevent leakage of personal information and confidential information due to theft. It is the target. However, the more the security function is strengthened, the more the security is strengthened. However, the operability is lowered and the maintenance cost tends to increase.

  The simplest and most common security is a password identification function, but if the user's security awareness is low, a combination of easily guessed characters can be used as a password, or a memo with a password can be stored on a computer. Cases that are pasted are not uncommon, and companies are forced to spend expensive expenses on security education every year. However, the security function using a combination of a finite number of characters, such as a password, is always canceled if time is required, and there is no time limit for the leakage of confidential information without the password being decrypted. In rare cases, social credibility will be greatly reduced for both individuals and corporations. Therefore, biometric authentication functions such as fingerprint authentication, iris authentication, and vein authentication have come to be expected as security functions that can be used instead of password input because they can identify themselves with simple operations.

In recent years, high-performance camera functions have also been implemented in mobile phones and PDAs owned by individuals. By voyeurism in camera shooting prohibited areas such as bookstores, event venues, and corporate research and development facilities, Infringement of copyright and portrait rights, and leakage of confidential information are also becoming problems. However, temporarily storing a mobile phone with a camera function, which is a personal property, at the entrance of a bookstore or event venue infringes on the rights of the individual, and on the other hand, it is a heavy burden from the operational cost, and security by bio-authentication Functions are not effective means of data protection, and at present, effective means can only be found by entrusting them to individual morals.
JP 2004-40622 A JP 2006-11789 A

  As a first problem, in order to protect data stored in an information processing apparatus that is an individual property, a security function by bio-authentication is effective, but in order to realize this, biometric information is read. It is necessary to mount expensive devices such as scanners in the product. This increases the size and cost of the product and creates a new risk that the device itself, such as a scanner, may fail.

  According to the present invention, one digital data is divided into two or more fragmented data, and the fragmented data is further divided into a plurality of storage means and stored, so that the information processing apparatus should be stolen. Even in this case, it is a first object to provide a data protection system in which there is no risk of data stored in the information processing apparatus being leaked to a third party.

  As a second problem, the security function based on bio-authentication is not an effective means to protect copyright, portrait rights, and confidential information from camera sneak shots of cameras and information processing devices with camera functions. Can be given.

  The present invention divides one digital data into two or more fragmented data when a communication device incorporated in an information processing apparatus detects a radio wave of a specific frequency or a network access point, and at least one A data protection system that prevents valuable information from being voyeurized without infringing on individual rights by storing fragmented data in a storage means managed by a person with copyright, portrait rights, or confidential information Is a second object.

  In order to solve the above-mentioned problems, in the data protection system of the present invention, a data dividing unit that divides one digital data into two or more fragmented data, and a fragmented data divided by the data dividing unit. A second storage means for storing one or more fragmented data; and a first storage means for storing fragmented data not stored in the second storage means; By dividing and storing the information, the copyright, portrait right, and confidential information can be protected from voyeurism of the information processing apparatus with a camera function, which is the personal property, without infringing the rights of the individual. Note that “individual rights” here refers to the right to possess an information processing apparatus with a camera function and the right to shoot with a camera. It also indicates the right to request the return of fragmented data managed by a person with copyright, portrait rights, or confidential information.

  Also, data encryption means for encrypting one digital data, data dividing means for dividing the digital data encrypted by the encryption means into two or more fragmented data, and fragments divided by the data dividing means A second storage means for storing one or more fragmented data out of the fragmented data and a first storage means for storing the fragmented data not stored in the second storage means; By dividing the data into multiple storage means and storing it, even if the information processing device is stolen, there is no danger of the data stored in the information processing device leaking to a third party be able to.

  Further, data dividing means for dividing one digital data into two or more fragmented data, data encryption means for encrypting the fragmented data divided by the data dividing means, and dividing by the data dividing means A second storage means for storing one or more fragmented data from the fragmented data, and a first storage means for storing the fragmented data that is not stored in the second storage means. By dividing the stored digital data into a plurality of storage means, the time required for the encryption process can be shortened.

  Furthermore, it has data division setting means for setting any one of the maximum size of fragmented data, the total number of fragmented data, and the storage location of the fragmented data. By dividing and storing the data in a plurality of storage means, the processing speed, security strength, and operation cost of the data protection system can be freely adjusted.

  Furthermore, it has a data decrypting means for decrypting the encrypted fragmented data, and decrypts the fragmented data stored in the first storage means and the second storage means into one digital data. The reversibility of the encrypted digital data can be guaranteed.

  Furthermore, it has a data communication means for transmitting or receiving digital data, and the fragmented data is transmitted to or received from the second storage means located in a completely different place from the first storage means, The security strength and operability of the data protection system are improved.

  Further, when the data communication means detects a radio wave of a specific frequency or an access point of the network, the digital data is divided and stored in a plurality of storage means, so that the data is transmitted from the access point and access point such as a wireless LAN. It is possible to easily construct a camera shooting prohibited area by using the radio wave to be transmitted.

  According to the data protection system of the present invention, by dividing one digital data into two or more fragmented data and further dividing the fragmented data into a plurality of storage means and storing them, Even if the device is stolen, there is no danger of data stored in the information processing device being leaked to a third party.

  Further, when a communication device incorporated in the information processing apparatus detects a radio wave having a specific frequency or a network access point, one digital data is divided into two or more fragmented data, and at least one fragment is obtained. By storing the digitized data in a storage means managed by a person having copyright, portrait rights, or confidential information, it is possible to prevent valuable information from being stolen.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings.

(Embodiment 1)
FIG. 1 is a conceptual configuration diagram of a data protection system according to a first embodiment of the present invention.

  In FIG. 1, 1 is a data dividing unit that divides one digital data into two or more fragmented data, and 2 stores one or more fragmented data from the fragmented data divided by the data dividing unit. The second storage means, 3 is the first storage means for storing the fragmented data not stored in the second storage means, 4 is the data encryption means for encrypting the digital data, 5 is the maximum size of the fragmented data, Data division setting means for setting either the total number of fragmented data or the storage destination of the fragmented data, 6 a data decrypting means for decrypting the encrypted fragmented data, and 7 data for transmitting or receiving digital data It is a communication means.

  FIG. 2 is an explanatory diagram showing data division and data encryption processing of digital data according to the first embodiment of the present invention.

  In the system (digital camera data protection system) that protects valuable information by preventing voyeurism by the camera in the present embodiment, data division and data encryption processing as shown in FIG. 2 (2A) are performed. Image data 201 captured by a digital camera is divided into a data block 202, a data block 203, and a data block 204. The data block 203 occupying the central part of the image is stored and managed in a storage device different from the storage device storing the other data blocks 202 and 204. The data block 203 is optimally stored in a flash memory built in the main body, and the data block 202 and the data block 204 are optimally stored in a removable external memory. If necessary, the data block 203 is encrypted to generate encrypted data 206. When combined with the data block 202 and the data block 204 as the data block 205, the data block 205 is naturally displayed in a different state from the original data block 203, but the encrypted data is reversible, so the encrypted data If 206 is decoded and combined with the data block 202 and the data block 204 as the data block 205, it can be returned to the image data 201.

  As described above, since one digital data is divided into two or more data blocks and an arbitrary data block is encrypted, the original data cannot be restored unless the decryption process is performed. This is effective as data division and data encryption processing of a system that protects valuable information by preventing sneak shots. In this embodiment, the data encryption processing target is the data block 203 in the center of the image. However, the block to be encrypted may be selected at random, and the data protection is performed with a larger number of blocks to be divided and encrypted. Needless to say, the strength is improved.

  Further, the data protection system for a personal computer in this embodiment can also perform data division and data encryption processing as shown in FIG. 2 (2B). The document data 210 created by the Japanese word processor program built in the personal computer is divided into a data block 211, a data block 212, and a data block 213 when the document data is stored. The document data 210 is encrypted as necessary, but the data encryption may be executed simultaneously with the dividing process or may be executed for each data block after the dividing is completed. The data encryption of the data protection system shown in FIG. 2 (2B) is performed simultaneously with the division process, and the characters of the document data 210 are sequentially distributed from the top to the data block 211, the data block 212, and the data block 213. Is shown. Or "_" and "_ your company more and more ..." is to data block 211, "noble" is to data block 212, "the company" is sequentially repeated the allocation process say to the data block 213. The data block 211, the data block 212, and the data block 213 generated in this way are no longer meaningful data even if the data storage format is a text format. Needless to say, if data encryption processing is performed on each generated data block, the security strength is further improved.

  If the data block 211 and the data block 213 are stored in a hard disk built in the main body and the data block 212 is stored in a removable external memory and managed by different storage means, even if the personal computer is stolen, The data file stored in will not be decrypted. Further, if the data block 212 is stored in a mail server or WEB server via the Internet instead of an external memory from which data can be taken out, the security strength is further improved. Note that even if a third party illegally browses the transmission contents while transmitting the data block 212 to the mail server or WEB server, the data block 212 alone is meaningless data. It doesn't matter at all. Further, if the data block 212 is deleted from the mail server or the WEB server when the personal computer is stolen, it is impossible to restore the document data 210 even if the data block 211 and the data block 213 are analogized.

  In this way, one digital data is encrypted and divided into two or more data blocks, or one digital data is divided into two or more data blocks and an arbitrary data block is encrypted. Thus, even if each data block is transferred to the external storage device via the network, it cannot be decrypted into the original data with only one data block, so that it is effective as data division and data encryption processing of the data protection system of the personal computer.

  FIG. 3 is an explanatory diagram showing a setting screen for data division and data encryption processing of digital data according to the first embodiment of the present invention.

  As the “division method” of the original data, there are a method of “setting the maximum number of blocks” and a method of “setting the maximum size of the divided blocks”. When the radio button 304 is selected, the original data is set to the number of divisions set in the list box 308. Is divided. This method is effective when the storage capacity of the divided data block, that is, the capacity of the storage device designated in the “storage destination of the specific data block” list box 313 is large. When the radio button 303 is selected, the original data is divided so that the size of one data block does not exceed the size set in the list box 309. This method is effective when the storage capacity of the divided data block, that is, the capacity of the storage device designated in the list box 313 of “specific data block storage destination” is small.

  In addition, as an “encryption method” of a data block, there are “encrypt” and “not encrypt”. When the radio button 302 is selected, the setting of “specific data block designation (encryption)” is valid, and when the radio button 301 is selected, the setting of “specific data block designation” is valid. “Specific data block designation (encryption)” designates a data block to be encrypted. When the radio button 305 is selected, only one of the data blocks generated by the system is automatically encrypted. This method is effective when the camera owner or manufacturer does not want the operator to specify data blocks that are intentionally encrypted. For example, in order to prevent unauthorized use of a camera rented at an event venue or the like, in FIG. 2 (2A), if only the data block 203 is encrypted at any time, an operator who is attempting to illegally use (voyeurize) the camera. Is likely to attempt voyeurism using the area of the data block 202 or the data block 204, but by changing the data block to be randomly encrypted, the possibility of attempting voyeurism can be expected to be reduced. . When the radio button 306 is selected, all generated data blocks are encrypted. This method improves the security strength of data protection, but increases the load required for the encryption process. When the load increases, a problem arises in that the driving time is shortened in a mobile phone or a digital camera that is premised on battery driving. Therefore, this mode is optimal when used in AC driving. When the radio button 307 is selected, only the data block designated in the list box 310 is encrypted. In this method, the security strength of data protection is reduced, but the load required for the encryption process is reduced. Therefore, this mode is optimum when used in DC driving.

  The data block encrypted by “specific data block designation (encryption)” or the data block set in the list box 311 in “specific data block designation” is stored in the “specific data block storage destination”. The data is stored in the storage device designated by the list box 313. As a storage device that can be specified in the list box 313, a mail server, a built-in memory and a hard disk, a removable memory and a hard disk can be set in addition to the WEB server. Which is appropriate to select depends on the configuration of the product equipped with this data protection system and the purpose of use of the user. For example, for digital cameras and mobile phones with a small internal storage device capacity, the number of storable images can be increased if the “specific data block storage destination” is the internal memory or hard disk. For a large-capacity personal computer or the like, if the “specific data block storage destination” is a WEB server, mail server, removable memory or hard disk, the communication charge and transfer time for data transfer can be reduced. The other data blocks are stored in the storage device designated in the “general data block storage destination” list box 312.

  It is also possible to set an upper limit for storing data in the “maximum number of saved” list box 314. This is used when you want to change the number of photos that can be taken, such as a disposable digital camera or rental camera, depending on the fee structure. When one image is photographed, the value in the list box 314 decreases by 1, and when one photographed image is deleted, the value in the list box 314 increases by one. When the list box 314 is “0”, “shooting is impossible”. In the case of a disposable digital camera or rental camera, it goes without saying that the contents of the setting screen cannot be viewed or changed by a general operator.

  FIG. 4 is a flowchart showing a procedure for performing data encryption after data division of digital data according to the first embodiment of the present invention.

  When the system is started, first, in P400, the data division method of the image data 201 in FIG. 2 is determined. The data division method is designated by the radio button 303 or the radio button 304 in the “division method” of FIG. 3, and when the radio button 304 is on, the maximum number of blocks is a numerical value designated by the list box 308 of FIG. Is specified. On the other hand, when the radio button 303 is on, the maximum block size is specified in P402 as the numerical value specified in the list box 309 in FIG. 3, and in P403, the maximum number of blocks is determined from the maximum block size and the data size of the image data 201. Is calculated. Note that the maximum block size referred to in P402 indicates a block size before the data block is encrypted in P412. Next, in P404, the division management variable N for managing the data block to be divided and encrypted is initialized with zero. In P405, the data block indicated by the division management variable N is created (divided) from the image data 201. In P406, it is determined whether or not the created data block is the specific data block designated by the “encryption method” in FIG. judge. When the radio box 301 in FIG. 3 is on, if the division management variable N is not a numerical value designated in the list box 311 in FIG. 3, the data block is stored in the storage means designated in the list box 312 in FIG. save. When the radio box 302 in FIG. 3 is on, the division management variable N is not the numerical value specified in the list box 310 in FIG. 3, but the encryption target specified in the radio box 305 and the radio box 306 in FIG. Even if it is not the data block to be, P414 is executed. In other cases, the data block indicated by the division management variable N is determined to be a specific data block, and the encryption method specified in P407 is determined. When the radio button 301 is on, “Do not encrypt” at P408, when the radio button 305 is on, “determine a data block to be randomly encrypted” at P409, and when the radio button 306 is on, P410 Select “Encrypt all data blocks”. If radio button 307 is on, select “Encrypt blocks specified in list box 311” in P411, and specify in P412 by the partition management variable N. Encrypt the data block. In P413, the data block is stored in the storage means designated in the list box 313 of FIG. Next, 1 is added to the division management variable N in order to process the next data block at P415. In P416, it is determined whether all data blocks have been processed. If all data blocks have not been processed, the process returns to P405.

  FIG. 5 is a flowchart showing a procedure for performing data division after data encryption of digital data according to the first embodiment of the present invention.

  When the system is started, first, data encryption of the image data 201 in FIG. 2 is executed in P500. Next, the data division method of the image data encrypted in P501 is determined. The data division method is designated by the radio button 303 or the radio button 304 in the “division method” of FIG. 3. When the radio button 304 is on, the maximum number of blocks is designated by the list box 308 of FIG. Is specified. On the other hand, if the radio button 303 is on, the maximum block size is specified in P503 as the numerical value specified in the list box 309 in FIG. 3, and the maximum block size and the data size of the image data encrypted in P500 are specified in P504. The maximum number of blocks is calculated from The maximum block size referred to in P503 indicates a size for creating (dividing) a data block in P506. Next, in P505, the division management variable N for managing the data block to be divided is initialized to zero. In P506, the data block indicated by the division management variable N is created (divided) from the image data encrypted in P500. In P507, the created data block is the specific data block designated by the “encryption method” in FIG. It is determined whether or not. When the radio box 301 in FIG. 3 is ON, if the division management variable N is not a numerical value designated in the list box 311 in FIG. 3, the data block is stored in the storage means designated in the list box 312 in FIG. Save. When the radio box 302 in FIG. 3 is on, the division management variable N is not the numerical value specified in the list box 310 in FIG. 3 but the encryption target specified in the radio box 305 and the radio box 306 in FIG. If it is not a data block, P509 is executed. In other cases, the data block indicated by the division management variable N is determined to be a specific data block, and the data block is stored in the storage means designated in the list box 313 of FIG. 3 in P508. Next, in P510, 1 is added to the division management variable N in order to process the next data block. In P511, it is determined whether all data blocks have been processed. If all data blocks have not been processed, the process returns to P506.

(Embodiment 2)
FIG. 6 is an explanatory diagram of a data protection system for a personal computer with a communication function according to the second embodiment of the present invention.

  Since the personal computer 612 having a communication function is frequently taken out of the area of the high security area 611 such as a corporate facility, that is, frequently taken outside, even if the personal computer is stolen, It is necessary to implement a function for preventing leakage of confidential information stored in the storage means to a third party.

  In the personal computer data protection system according to the present embodiment, as a first data protection method, when the personal computer body is taken out of the area 611 where high security is ensured, the data 607 taken together with the main body is divided and encrypted. Then, only the specific data block 604 designated on the setting screen of FIG. 3 is transferred to the administrator WEB server 600 via the access point 608 and managed as the data block 602. The data 614 stored in the storage means built in the main body is stored in a state where at least a part of the data is missing.

  As a second data protection method, when taking the personal computer body out of the area 611 where high security is ensured, the data 607 taken together with the main body is divided and encrypted and designated on the setting screen of FIG. Only the specific data block 609 is mailed to the manager mail server 601 via the public communication network 606 and managed as a data block 603. The data 614 stored in the storage means built in the main body is stored in a state where at least a part of the data is missing.

  As a third data protection method, when taking the personal computer body out of the area 611 where high security is ensured, the data 607 taken together with the main body is divided and encrypted and designated on the setting screen of FIG. Only the specific data block 617 is stored and managed in the SD card 605 which is a storage medium that can be taken out from the main body. The data 614 stored in the storage means built in the main body is stored in a state where at least a part of the data is missing.

  The data block 602 managed by the administrator WEB server 600 can be transmitted via the public communication line network 606 if there is a download instruction from the personal computer 613 with a communication function brought out of the area 611 where high security is ensured. Sent by. Since the data block 610 transmitted through the public communication network 606 is fragment data and is encrypted, data analysis is impossible even if the data block 610 is illegally viewed in the network, and a third party. Information leakage to The personal computer 613 with the communication function decrypts the encrypted data block 610 and combines it with the data 615 to create data 616 on the memory of the personal computer body. The data block 603 managed by the administrator mail server 601 can also be transmitted through the administrator WEB server 600.

  Further, if the data block 617 managed by the SD card 605 which is a storage medium that can be taken out from the main body is inserted into the SD slot of the personal computer 613, the encrypted data block 618 is decrypted and combined with the data 615. Data 616 is created on the memory of the personal computer body.

  This data 616 is created only in the memory of the personal computer, and when the file is stored, the data is divided and encrypted again, and a part of the data block is the administrator WEB server 600 or the administrator mail server. 601 or SD card 605 is transferred and managed.

  In this way, one digital data is encrypted and divided into two or more data blocks, or one digital data is divided and encrypted into two or more data blocks, and an arbitrary data block is transferred to an external storage device ( Data transfer system (including via network) can eliminate the risk of data stored in the PC leaking to a third party even if the PC itself is stolen. As effective.

(Embodiment 3)
FIG. 7 is an explanatory diagram of a system (digital camera data protection system) that protects valuable information by preventing voyeurism by a camera with a communication function according to a third embodiment of the present invention.

  The camera 712 having a communication function can photograph the subject 707 with a digital camera, but the subject 707 has a portrait right, and the camera 712 takes a picture in the photographing prohibited area 711 without obtaining the consent of the person having the portrait right. It is prohibited to do.

  In the data protection system of the digital camera in the present embodiment, as a first data protection method, the camera 712 with a communication function is receiving a radio wave of a specific frequency transmitted from the access point 708 in the photographing prohibited area 711. When the subject 707 is photographed, the photographed image data 201 in FIG. 2 is divided and encrypted, and only the specific data block 704 designated on the setting screen in FIG. 3 is transferred to the administrator WEB server 700 via the access point 708. Transfer and manage as data block 702. The captured image data 714 is stored in the camera 712 in a state where the central portion of the image is missing.

  Further, as a second data protection method, when the camera 712 with a communication function shoots the subject 707 while receiving radio waves of a specific frequency transmitted from the access point 708 within the photographing prohibited area 711, the photographed image of FIG. The data 201 is divided and encrypted, and only the specific data block 709 designated on the setting screen of FIG. 3 is mailed to the administrator mail server 701 via the public communication line network 706 and managed as the data block 703. . The captured image data 714 is stored in the camera 712 in a state where the central portion of the image is missing.

 The data block 702 managed by the administrator WEB server 700 is transmitted via the public communication line network 706 if the owner of the camera with the communication function indicates an intention to purchase, and the camera 713 with the communication function is encrypted. The decoded data 710 is decoded and combined with the data 714 to create image data 715 on the memory of the camera body. The data block 702 managed by the administrator mail server 701 can also be transmitted through the administrator WEB server 700.

  In this way, when a communication device incorporated in a camera detects a radio wave of a specific frequency transmitted from an access point or an access point of a specific network, one digital data is divided into two or more data blocks. By encrypting and storing arbitrary data blocks in storage means managed by those who have copyright, portrait rights, or confidential information, it is possible to prevent valuable information from being voyeurized and It is effective as a system (digital camera data protection system) that prevents valuable information and protects valuable information.

  The radio wave of a specific frequency transmitted from the access point is an access that is commercially available at a low price as long as it conforms to IEEE 802.11, which is a standard group of wireless LANs established by IEEE (American Institute of Electrical and Electronics Engineers). A data protection system can be constructed with point devices. The detection of an access point in a specific network is optimally determined based on whether or not the access point device has a predetermined SSID (Service Set Identifier).

  The data protection system according to the present invention divides one digital data into two or more fragmented data, and further divides the fragmented data into a plurality of storage means and stores them. Even if the device is stolen, it is possible to eliminate the risk that data stored in the information processing device will be leaked to a third party. If a digital signal or network access point is detected, one digital data is divided into two or more pieces of fragmented data, and at least one piece of fragmented data is copyrighted, portrait rights, or confidential information By storing it in the storage means to be managed, it is possible to prevent valuable information from being stolen, and this is a data protection system that prevents leakage of confidential information and important information. It is.

The conceptual block diagram of the data protection system which concerns on the 1st Embodiment of this invention Explanatory drawing which shows the data division | segmentation and data encryption process of the digital data which concern on the 1st Embodiment of this invention Explanatory drawing which shows the setting screen of the data division | segmentation of digital data and data encryption processing which concern on the 1st Embodiment of this invention The flowchart which shows the procedure which performs data encryption after the data division | segmentation of the digital data which concerns on the 1st Embodiment of this invention The flowchart which shows the procedure which performs a data division | segmentation after the data encryption of the digital data which concerns on the 1st Embodiment of this invention Explanatory drawing of the data protection system of the personal computer with a communication function concerning the 2nd Embodiment of this invention Explanatory drawing of the system (data protection system of a digital camera) which protects valuable information by preventing the sneak shot by the camera with a communication function according to the third embodiment of the present invention

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Data division means 2 2nd memory | storage means 3 1st memory | storage means 4 Data encryption means 5 Data division | segmentation setting means 6 Data decryption means 7 Data communication means

Claims (18)

  1. Data dividing means for dividing one digital data into two or more fragmented data;
    Second storage means for storing one or more fragmented data from the fragmented data divided by the data dividing means;
    First storage means for storing fragmented data not stored in the second storage means;
    Have
    A data protection system, wherein the divided digital data is divided and stored in a plurality of storage means.
  2. Data encryption means for encrypting one digital data;
    Data dividing means for dividing the digital data encrypted by the encryption means into two or more fragmented data;
    Second storage means for storing one or more fragmented data from the fragmented data divided by the data dividing means;
    First storage means for storing fragmented data not stored in the second storage means;
    Have
    A data protection system for storing encrypted digital data divided into a plurality of storage means.
  3. Data dividing means for dividing one digital data into two or more fragmented data;
    Data encryption means for encrypting the fragmented data divided by the data dividing means;
    Second storage means for storing one or more fragmented data from the fragmented data divided by the data dividing means;
    First storage means for storing fragmented data not stored in the second storage means;
    Have
    A data protection system for storing encrypted digital data divided into a plurality of storage means.
  4. Data division setting means for setting any of the maximum size of fragmented data, the total number of fragmented data, and the storage destination of fragmented data,
    4. The data protection system according to claim 1, wherein the digital data is divided and stored in a plurality of storage means in a file format based on the setting of the data division setting means.
  5. Data decryption means for decrypting the encrypted fragmented data;
    5. The data protection system according to claim 2, wherein the fragmented data divided and stored in the first storage means and the second storage means is decoded into one digital data.
  6. Having data communication means for wirelessly transmitting or receiving digital data;
    6. The data protection system according to claim 1, wherein the fragmented data is transmitted to or received from the second storage unit.
  7. 7. The data protection system according to claim 6, wherein when the data communication means detects a radio wave of a specific frequency, the digital data is divided and stored in a plurality of storage means.
  8. 7. The data protection system according to claim 6, wherein when the data communication means detects an access point of a specific network, the digital data is divided and stored in a plurality of storage means.
  9. A control method for a data protection system comprising a first storage means and a second storage means,
    A data division procedure for dividing one digital data into two or more fragmented data;
    A second storage procedure for storing in the second storage means one or more fragmented data from the fragmented data divided by the data dividing procedure;
    A first storage procedure for storing fragmented data not stored in the second storage means in the first storage means;
    Have
    A data protection method for a data protection system, wherein the divided digital data is divided and stored in a plurality of storage means.
  10. A control method for a data protection system comprising a first storage means and a second storage means,
    A data encryption procedure for encrypting one digital data;
    A data division procedure for dividing the digital data encrypted by the encryption procedure into two or more fragmented data;
    A second storage procedure for storing in the second storage means one or more fragmented data from the fragmented data divided by the data dividing procedure;
    A first storage procedure for storing fragmented data not stored in the second storage means in the first storage means;
    Have
    A data protection method for a data protection system, wherein the encrypted digital data is divided and stored in a plurality of storage means.
  11. A control method for a data protection system comprising a first storage means and a second storage means,
    A data division procedure for dividing one digital data into two or more fragmented data;
    A data encryption procedure for encrypting the fragmented data divided by the data division procedure;
    A second storage procedure for storing in the second storage means one or more fragmented data from the fragmented data divided by the data dividing procedure;
    A first storage procedure for storing fragmented data not stored in the second storage means in the first storage means;
    Have
    A data protection method for a data protection system, wherein the encrypted digital data is divided and stored in a plurality of storage means.
  12. A data division setting procedure for setting any one of the maximum size of fragmented data, the total number of fragmented data, and the storage destination of fragmented data;
    12. The data protection method for a data protection system according to claim 9, wherein the digital data is divided and stored in a plurality of storage means in a file format based on the setting of the data division setting procedure.
  13. A data decryption procedure for decrypting the encrypted fragmented data;
    13. The data protection method for a data protection system according to claim 10, wherein the fragmented data divided and stored in the first storage means and the second storage means is decoded into one digital data.
  14. A data communication procedure for wirelessly transmitting or receiving digital data;
    14. The data protection method for a data protection system according to claim 9, wherein fragmented data is transmitted to or received from the second storage means.
  15. 15. The data protection method of a data protection system according to claim 14, wherein when the data communication procedure detects a radio wave of a specific frequency, the digital data is divided and stored in a plurality of storage means.
  16. 15. The data protection method of a data protection system according to claim 14, wherein when the data communication means detects an access point of a specific network, the digital data is divided and stored in a plurality of storage means.
  17. The recording medium which recorded the program which controls the data protection system of Claims 1-8.
  18. A communication medium for distributing a program for controlling the data protection system according to claim 1.

JP2006055832A 2006-03-02 2006-03-02 Data protection system and data protection method for data protection system Pending JP2007233796A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2006055832A JP2007233796A (en) 2006-03-02 2006-03-02 Data protection system and data protection method for data protection system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
JP2006055832A JP2007233796A (en) 2006-03-02 2006-03-02 Data protection system and data protection method for data protection system

Publications (1)

Publication Number Publication Date
JP2007233796A true JP2007233796A (en) 2007-09-13

Family

ID=38554319

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2006055832A Pending JP2007233796A (en) 2006-03-02 2006-03-02 Data protection system and data protection method for data protection system

Country Status (1)

Country Link
JP (1) JP2007233796A (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2007287028A (en) * 2006-04-19 2007-11-01 Nec Infrontia Corp Security data management system and security data management method
US20120026533A1 (en) * 2010-07-30 2012-02-02 Canon Kabushiki Kaisha Image processing apparatus capable of recording user information into external recording medium, and control method and recording medium therefor
JP2012529086A (en) * 2009-05-29 2012-11-15 ビッツプレイ・コーポレーションBitspray Corporation Secure storage and transmission of information over a communication network
WO2015030225A1 (en) 2013-08-27 2015-03-05 Kabushiki Kaisha Toshiba Information processing apparatus, surveillance camera apparatus, and image reproduction apparatus
JP2015079360A (en) * 2013-10-17 2015-04-23 グローバルフレンドシップ株式会社 Information utilization system for electronic information, and information utilization terminal
JP2016520892A (en) * 2013-03-15 2016-07-14 ビデリ、インコーポレイテッドVideri Inc. System and method for decoding digital art and imaging it for display
US10332478B2 (en) 2013-03-15 2019-06-25 Videri Inc. Systems and methods for decrypting digital art and imaging for display of the same
WO2019189433A1 (en) * 2018-03-28 2019-10-03 日本電気株式会社 Processing device, system, processing method, and computer program

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2007287028A (en) * 2006-04-19 2007-11-01 Nec Infrontia Corp Security data management system and security data management method
JP2012529086A (en) * 2009-05-29 2012-11-15 ビッツプレイ・コーポレーションBitspray Corporation Secure storage and transmission of information over a communication network
US20120026533A1 (en) * 2010-07-30 2012-02-02 Canon Kabushiki Kaisha Image processing apparatus capable of recording user information into external recording medium, and control method and recording medium therefor
US8634093B2 (en) * 2010-07-30 2014-01-21 Canon Kabushiki Kaisha Image processing apparatus capable of recording user information into external recording medium, and control method and recording medium therefor
JP2016520892A (en) * 2013-03-15 2016-07-14 ビデリ、インコーポレイテッドVideri Inc. System and method for decoding digital art and imaging it for display
US10332478B2 (en) 2013-03-15 2019-06-25 Videri Inc. Systems and methods for decrypting digital art and imaging for display of the same
WO2015030225A1 (en) 2013-08-27 2015-03-05 Kabushiki Kaisha Toshiba Information processing apparatus, surveillance camera apparatus, and image reproduction apparatus
JP2015045961A (en) * 2013-08-27 2015-03-12 株式会社東芝 Information processor, monitor camera unit and image reproduction apparatus
JP2015079360A (en) * 2013-10-17 2015-04-23 グローバルフレンドシップ株式会社 Information utilization system for electronic information, and information utilization terminal
WO2019189433A1 (en) * 2018-03-28 2019-10-03 日本電気株式会社 Processing device, system, processing method, and computer program

Similar Documents

Publication Publication Date Title
US9961092B2 (en) Method and system for forensic data tracking
US9710659B2 (en) Methods and systems for enforcing, by a kernel driver, a usage restriction associated with encrypted data
CN104662870B (en) Data safety management system
US9536102B2 (en) Privacy-protective data transfer
US8508339B2 (en) Associating a biometric reference template with an identification tag
US20150288725A1 (en) Systems and Methods For Digital Forensic Triage
US8312557B2 (en) Secure storage device for transfer of data
US6587949B1 (en) Secure storage device for transfer of data via removable storage
US9071580B2 (en) Method and system for securing data of a mobile communications device
CN100533454C (en) Printing management system and printing management method
TWI446208B (en) Information management system, information management method and apparatus, and encryption method and program
US8571212B2 (en) Image encrypting device, image decrypting device and method
US10075618B2 (en) Security feature for digital imaging
JP2015181010A (en) System and method for protecting user privacy in multimedia uploaded to internet sites
US6357004B1 (en) System and method for ensuring integrity throughout post-processing
US7471796B2 (en) Apparatus for and method of controlling propagation of decryption keys
JP4021791B2 (en) File security management program
US7562385B2 (en) Systems and methods for dynamic authentication using physical keys
US7324233B2 (en) Print system and data transmitting and receiving system
US8122483B2 (en) Document file, document file generating apparatus, and document file usage method
US8077980B2 (en) Image processing apparatus
CA2709944C (en) System and method for securing data
US7606769B2 (en) System and method for embedding user authentication information in encrypted data
US20030182475A1 (en) Digital rights management printing system
US20120226823A1 (en) Document distribution system and method