JP2007300157A - System, apparatus and program for secret distribution - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a secret distribution system, and an apparatus and program thereof, which prevent leakage of secret information, even if a storage medium storing the secret information in restoration is lost or stolen. <P>SOLUTION: In a (k, n) type secret distribution system, a client device stores one item of distributed information and the other (n-1) items of distributed information are individually distributed to an external storage medium and each of information storage devices. In this system, a data deleting section 16 executes data deleting processing including a plurality of times of overwriting processing for the external storage medium 20 storing the secret information S in restoration, before distribution of distributed data D(1). Thus, the leakage of the secret information is prevented. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to a secret sharing system, apparatus, and program in which an external storage medium for transportation is used in part. For example, even if a storage medium storing secret information at the time of restoration is lost or stolen, the secret information The present invention relates to a secret sharing system, apparatus, and program that can prevent leakage of information.

  In general, it is effective to make a copy of secret information in advance as a countermeasure when secret information such as an encryption key is lost. However, when a copy of secret information is created, there is a problem that the risk of theft increases. As a technique for solving such a problem, Shamir proposed a secret sharing method called (k, n) threshold secret sharing method in 1979 (see, for example, Non-Patent Document 1).

  In the (k, n) threshold secret sharing method, the secret information is divided into n pieces of shared information, and the original secret information can be restored by collecting arbitrary k pieces from the n pieces of shared information. However, no information about the original secret information can be obtained from k−1 pieces of shared information, which is one less than k pieces. That is, the (k, n) threshold value secret sharing method has a secret information restoration characteristic with the threshold value k as a boundary (where 1 <k <n).

  Therefore, according to the (k, n) threshold secret sharing scheme, the original secret information is safe even if k−1 pieces of shared information are leaked, and no more than n−k pieces of shared information are lost. However, it is possible to realize such management that the original secret information can be restored.

  Therefore, such secret sharing method and general encryption technology are often used as a safe transport method and storage method of secret information. However, if the secret information is restored from the shared information, it will be difficult to safely erase the secret information when the secret information is restored even if the secret information is shared again.

For example, a USB memory having a volatile area (such as Secure EasyDisk (registered trademark) manufactured by IO Data Equipment Co., Ltd.) employs a method of automatically deleting data at the next startup. Therefore, the secret information restored in the USB memory is not leaked because it is deleted from the USB memory at the next startup.
A. Shamir: “How to share a secret”, Communications of the ACM, 22, 11, pp.612-613 (1979)

  However, in the method of deleting data at the next startup, the secret information physically remains in the USB memory until the next startup. For this reason, when a USB memory is lost or stolen, it cannot be denied that a malicious third party accesses the acquired USB memory without activating it, and acquires the remaining original data.

  That is, in the secret sharing method, if the storage device storing the secret information at the time of restoration is lost or stolen, such as an external storage medium for transport, the secret information remaining in the storage device may be leaked. is there.

  The present invention has been made in consideration of the above circumstances, and provides a secret sharing system, apparatus, and program capable of preventing leakage of secret information even if a storage medium storing the secret information is lost or stolen at the time of restoration The purpose is to do.

  The first invention is a client device capable of individually distributing and collecting n pieces of shared information in which secret information is distributed, and is detachably held in the client device and can be read / written from the client device One external storage medium and n-2 information storage devices that can be transmitted and received from the client device, wherein the client device holds one piece of shared information, and the remaining n-1 pieces of shared information are (K, n) type that can restore the secret information in the external storage medium from k pieces of distributed information among the n pieces of distributed information when distributed individually to the external storage medium and each information storage device The secret sharing system according to claim 1, wherein the client device includes a shared information storage means for storing distributed shared information, and n based on the secret information based on the (k, n) type secret sharing scheme. Distributed information generating means for generating shared information, data erasing means for executing data erasure processing including multiple overwrite processing on the external storage medium before the distribution, and after execution of the data erasure processing, A secret sharing system including distribution means for individually distributing the generated n pieces of shared information to the shared information storage means, the external storage medium, and the information storage devices.

  The second invention is a client device capable of individually distributing and collecting n pieces of shared information in which secret information is distributed, and is detachably held in the client device and can be read / written from the client device One external storage medium and n-2 information storage devices that can be transmitted and received from the client device, wherein the client device holds one piece of shared information, and the remaining n-1 pieces of shared information are A (k, n) type secret sharing system capable of restoring the secret information from k pieces of distributed information of n pieces of distributed information when distributed individually to the external storage medium and each information storage device The client device includes: a distributed information storage unit for storing distributed distributed information; a secret information storage unit for storing restored secret information; and the distributed information distributed Among them, the collecting means for collecting k pieces of shared information including one piece of shared information distributed to the external storage medium, and the collected k pieces based on the (k, n) type secret sharing scheme Based on the (k, n) type secret sharing scheme, a restoring means for restoring secret information from the shared information, a secret information writing means for writing the restored secret information only in the secret information storage means, Shared information generating means for generating n pieces of shared information from the secret information in the secret information storage means, and the generated n pieces of shared information as the shared information storage means, the external storage medium, and the information storage devices And a data erasure unit for executing a data erasure process including a plurality of overwrite processes on the secret information storage unit after the distribution by the distribution unit.

  In the first and second inventions, a collection of devices is expressed as a “system”. However, the present invention is not limited to this, and a collection of devices or a single device is represented as “device”, “method”, “program”. Or “computer-readable storage medium”.

(Function)
According to the first invention, since the data erasure process including a plurality of overwrite processes is executed on the external storage medium in which the secret information is stored at the time of restoration before the distributed information is distributed, the secret information is stored at the time of restoration. Even if the storage medium to be stored is lost or stolen, leakage of confidential information can be prevented.

  According to the second aspect of the invention, the secret information storage means for storing the secret information at the time of restoration performs the data erasure process including a plurality of overwrite processes after the distributed information is distributed, so that the secret information is stored at the time of restoration. Even if the storage medium (secret information storage means) is lost or stolen, leakage of secret information can be prevented.

  As described above, according to the present invention, it is possible to prevent leakage of secret information even if a storage medium storing secret information at the time of restoration is lost or stolen.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings. Each of the following devices can be implemented for each device with either a hardware configuration or a combined configuration of hardware resources and software. As the software of the combined configuration, a program that is installed in advance on a computer of a corresponding device from a network or a storage medium and that realizes the function of the corresponding device is used.

(First embodiment)
FIG. 1 is a schematic diagram showing the configuration of a secret sharing system according to the first embodiment of the present invention.
In the present embodiment, when the external storage medium 20 configured by one drive is used, the secret information is restored on the external storage medium 20, and the secret information in the external storage medium 20 is deleted after the use of the secret information. It is.

  Specifically, in the secret sharing system shown in FIG. 1, one client apparatus 10 holds one external storage medium in a detachable manner. Further, the client device 10 can transmit / receive to / from n-2 storage server devices 30,..., N0 that are arranged apart from each other, and for example, the storage server devices 30,..., N0 via a network NW such as the Internet. Connected with.

  These n devices 10, 20, 30,..., N0 correspond to n members in the (k, n) threshold secret sharing scheme. In particular, n storage units 11, 21,..., N1 that n devices 10, 20,..., N0 individually correspond to n storage devices that n members individually have.

  Here, the client device 10 individually distributes n pieces (where n ≧ 2) of distributed information in which secret information is distributed, collects k pieces of shared information among the pieces of distributed information, and collects the secret information. A (k, n) type secret sharing scheme that can be restored in an external storage medium is used. The (k, n) type secret sharing scheme is not limited to the scheme described in Non-Patent Document 1, and any scheme can be applied. Further, the client device 10 may arbitrarily set the number of distributions and the threshold value within a range that can be set by the secret sharing method used.

  Specifically, the client device 10 includes a storage unit 11, a temporary storage unit 12, an input unit 13, a shared information generation unit 14, an original data restoration unit 15, a data deletion unit 16, a control unit 17, an output unit 18, and a communication. The parts 19 are connected to each other via a bus.

  The storage unit 11 is a storage device as a hardware resource that can be read / written from the control unit 19, and before the distributed information D (0) to D (n-1) described later is distributed, the secret information S Is temporarily stored and the shared information D (0) to D (n-1) is created, the shared information creation information is stored, and after the distributed information is distributed, the shared information D (0) is stored. At the same time, the secret information S is erased. When the client device 10 is taken out to an unsafe place, it is preferable that the secret information S is completely erased also on the client device 10 side by a data erasure process described later.

  Here, the shared information creation information is information in which the identification information j of the shared information D (j) and the distribution destination identification information (device ID, device address information, etc.) of the shared information D (j) are associated with each other. is there. The distribution destination identification information is stored in the storage unit 11 in advance. Further, the storage unit 11 stores not only the shared information and the secret information but also a log file described later. For example, an HDD (Hard Disk Drive) can be used as the storage unit 11.

  The temporary saving storage unit 12 is a storage device as a hardware resource that can be read / written from the control unit 19, and the distributed information D (1) distributed to the external storage medium 20 is temporarily stored therein. After the data in the storage medium 20 is deleted, the shared information D (1) is read out. For example, a RAM (Random Access Memory) can be used as the temporary saving storage unit 12.

  The input unit 13 is a normal input device such as a keyboard or a mouse, and has a function of inputting a command such as start of distributed processing or decryption processing and information such as secret information S into the client device 10 by an operation of the operator. Have

  The shared information generation unit 14 generates n pieces of shared information D (0) to D (n−1) based on the secret information S controlled by the control unit 17 and temporarily stored in the storage unit 11. Has function.

  The original data restoration unit 15 is controlled by the control unit 17, and among the n pieces of distributed information D (0) to D (n-1) distributed to the n devices 10, ..., n0, the external storage medium 20 A function of collecting k pieces of shared information including one piece of shared information D (1) distributed to the network, and (k, n) type secret sharing scheme from the collected k pieces of shared information D (1),. And a secret information restoring function for restoring the secret information S.

  The data erasure unit 16 is controlled by the control unit 17 and executes a data erasure process including a plurality of overwrite processes on the storage unit 21 of the external storage medium 20 before the distribution information is distributed. For example, Gutman method or US Department of Defense (DoD) compliant method (US DoD 5220.22-M (8-306./E, C and E)) A safe data erasure algorithm such as can be used.

  Note that the data erasure process here is a process including a plurality of overwrite processes, unlike the normal erasure process. Supplementally, the normal erasure process adds information “deleted” to the data management information. Since the data body remains, the data body can be restored by data restoration software or the like. Yes. However, unlike the normal erasure process, the data erasure process used in each embodiment cannot be restored by data restoration software or the like by performing multiple overwrite processes on the data body. It is processing to.

  The control unit 17 has a function of controlling the units 11 to 16, 18, and 19 based on a command input from the input unit 13 and based on flowcharts of FIGS.

  The output unit 18 is a normal output device such as a display device or a printer device, and is controlled by the control unit 18 and has a function of outputting an input screen for commands and the like, an output screen for secret information S after restoration, and the like. .

  The communication unit 19 is controlled by the control unit 17, and after the execution of the data erasure process by the data erasure unit 16, the n distributions generated by the shared information generation unit 14 based on the shared information creation information in the storage unit 11. Information is individually distributed to the storage unit 11, the external storage medium 20, and each storage server device 30,..., N 0, a communication function between the client device 10 and the external storage medium 20, and the client device 10 And a communication function with the network NW.

  On the other hand, the external storage medium 20 is a portable storage device that is detachably held in the client device 10, and is a USB memory configured with one drive in the present embodiment. Specifically, the external storage medium 20 includes a storage unit 21 and a communication unit 22.

  The storage unit 21 is a storage device as a hardware resource that can be read / written from the communication unit 22, and the distributed information D (1) distributed from the client device 10 and the secret information restored by the client device 10 are stored in the storage unit 21. Remembered.

  The communication unit 22 has a function of writing the distributed information D (1) or deletion information distributed from the client device 10 in the storage unit 21, and a storage unit storing the distributed information D (1) or secret information requested from the client device 10. 21 and a function for returning to the client device 10.

On the other hand, each of the storage server devices 30 to n0 will be described.
Each of the storage server devices 30 to n0 has the same configuration except that the distributed information D (2) to D (n-1) to be stored is different from each other. Therefore, the storage server device 30 will be described as a representative example here.

  The storage server device 30 includes a storage unit 31 and a communication unit 32.

  The storage unit 31 is a storage device as a hardware resource that can be read / written from the communication unit 32, and stores the distributed information D (2) distributed from the client device 10.

  The communication unit 32 has a function of writing the shared information D (2) distributed from the client device 10 to the storage unit 21, and reads out the shared information D (2) requested from the client device 10 from the storage unit 21. A function of returning D (2) to the client device 10;

  Note that the communication unit 22 may have an authentication function of the client device 10 from the viewpoint of preventing the shared information D (2) from leaking. In this case, after authentication of the client device 10, the shared information D (2) Is provided as a configuration for replying.

  Each of the storage server devices 30,..., N 0 may hold functions such as the distributed information generation unit 14, the original data restoration unit 15, and the data deletion unit 16, as with the client device 10. In addition, each storage server device 30,..., N0 has a storage device capable of storing distributed information, such as a USB memory or a mobile phone, and is a device capable of wired communication or wireless communication with the client device 10. For example, an arbitrary device may be replaced. As described above, the storage devices 30,..., N0 may have the same function as the client device 10, and the storage devices 30,..., N0 may be replaced with other devices. The same applies to the embodiment.

  Next, the operation of the secret sharing system configured as described above will be described with reference to the flowcharts of FIGS. In the following description, secret information is distributed, secret information is restored, and secret information is redistributed in this order.

(Distribution of confidential information)
In the client device 10, it is assumed that secret information is temporarily stored in the storage unit 11 before the distributed information D (0) to D (n-1) is distributed. At this time, in the client device 10, it is assumed that a distributed processing start command is input from the input unit 13 by the operation of the operator.

  The client device 10 starts distributed processing based on this start command. First, the data erasure unit 16 is controlled by the control unit 17 to execute data erasure processing including multiple overwriting processes in the storage unit 21 of the external storage medium 20 as shown in FIG. The data inside is completely erased (ST11). For this data erasure process, for example, a safe data erasure algorithm such as Gutman method or US Department of Defense compliant method is used.

  The shared information control unit 14 is controlled by the control unit 17 and generates n pieces of shared information from the secret information based on the (k, n) type secret sharing scheme (ST12). For example, in the case of using the (k, n) type secret sharing scheme described in Non-Patent Document 1, the threshold value k is set to k = 2 and the number of distributions n is set to n = 5. In this case, the (k, n) type secret sharing scheme is the (2, 5) type because k = 2 and n = 5. Similarly, the storage server device n0 becomes the storage server device 50 because n = 5.

  Subsequently, the shared information control unit 14 generates the first order polynomial f (x) = ax + S (mod p) for the number of distributions 5, where S is the original data as the secret information. However, mod p represents the number of remainders divided by p, and is larger than the original data S and the random number value a.

f (1) = a + S mod p
f (2) = 2a + S mod p
f (3) = 3a + S mod p
f (4) = 4a + S mod p
f (5) = 5a + S mod p
Thereafter, the obtained first order polynomials f (1),..., F (5) are assumed to be distributed information D (0),. At this time, the shared information D (0) becomes f (1), D (1) becomes f (2), D (2) becomes f (3), D (3) becomes f (4), and D (4) becomes f (5).

  The communication unit 19 individually distributes the generated five pieces of shared information D (0),..., D (4) to the storage unit 11, the external storage medium 20, and the storage server devices 30,. ). For example, the distributed information D (0) is distributed to the client device 10, and the distributed information D (1) is distributed to the external storage medium 20. Further, the distributed information D (2), D (3), D (4) is individually distributed to the storage server devices 30,.

(Restoring confidential information)
In the client device 10, the control unit 17 activates the original data restoration unit 15 by the operation of the operator. The original data restoration unit 15 is controlled by the control unit 17, and as shown in FIG. 3, 1 of the distributed 5 pieces of distributed information D (0) to D (4) distributed to the external storage medium 20. Two pieces of shared information including the pieces of shared information D (1) are collected (ST21).

  Subsequently, the original data restoration unit 15 restores the original data as the secret information S from the two pieces of shared information D (1),... Based on the (2, 5) type secret sharing scheme used at the time of distribution. (ST22).

  For example, it is assumed that the original data restoration unit 15 uses the shared information D (1) collected from the external storage medium 20 and the shared information D (0) collected from the storage unit 11 of the client device 10 as the shared information.

D (0) = f (1) = a + S mod p
D (1) = f (2) = 2a + S mod p
The original data restoration unit 15 restores the secret information S by solving two simultaneous equations represented by the shared information D (0) and D (1).

  Thereafter, the original data restoration unit 15 writes the restored original data in the storage unit 21 of the external storage medium 20 (ST23).

  Thereby, the client device 10 can use the original data in the external storage medium 20. When the client device 10 does not update the original data in the external storage medium 20, the client device 10 may perform the above-described data erasure process and completely erase the original data in the external storage medium 20. Alternatively, the collected information D (1) may be written to the storage unit 21 of the external storage medium 20 after executing the data erasure process to completely erase the storage contents of the storage unit 21 of the external storage medium 20 . Alternatively, as described below, the newly generated shared information may be redistributed in the same manner as when the original data is updated.

(Redistribution of confidential information)
In the client device 10, it is assumed that a redistribution processing start command is input from the input unit 13 by an operation of the operator.

  The client device 10 starts redistribution processing based on this start command. First, the shared information control unit 14 is controlled by the control unit 17, and generates n pieces of shared information from the secret information based on the (k, n) type secret sharing scheme as shown in FIG. ST31).

  For example, the distributed information control unit 14 generates a first-order polynomial f (x) = a′x + S (mod p) as described above. The random value a ′ is a value different from the value a used in the above-described distributed processing. mod p is a number larger than the original data S and the random value a ′.

f ′ (1) = a ′ + S mod p
f ′ (2) = 2a ′ + S mod p
f ′ (3) = 3a ′ + S mod p
f ′ (4) = 4a ′ + S mod p
f ′ (5) = 5a ′ + S mod p
Similarly, the obtained first order polynomials f ′ (1),..., F ′ (5) are assumed to be distributed information D (0),. At this time, the shared information D (0) becomes f ′ (1), D (1) becomes f ′ (2), D (2) becomes f ′ (3), and D (3) becomes f ′ (4). ) And D (4) becomes f ′ (5).

  Subsequently, the control unit 17 temporarily saves (writes) the shared information D (1) to be written to the external storage medium 20 in the temporary save storage unit 12 of the client device 10 (ST32).

  Thereafter, the data erasure unit 16 is controlled by the control unit 17 to execute the data erasure process including a plurality of overwrite processes on the storage unit 21 of the external storage medium 20 to completely erase the data in the external storage medium 20. (ST33). Here, if the storage capacity of the storage unit 21 of the external storage medium 20 is limited in accordance with a presumed original data size, the time for erasing data can be shortened.

  The communication unit 19 individually distributes the generated five pieces of shared information D (0),..., D (4) to the storage unit 11, the external storage medium 20, and the storage server devices 30,. ).

  The control unit 17 clears (deletes) the stored contents of the temporary saving storage unit 12 of the client device 10 (ST35).

  For example, as illustrated in FIG. 5, the control unit 17 stores a log file containing the fact that the external storage medium 20 has been completely erased and what information has been written to the external storage medium. (ST36).

  For example, when the shared information generating unit 14 generates shared information, the control unit 17 sends a secret sharing scheme name (Shamir formula (2,5) secret sharing method) and the secret included in the secret information S from the shared information generating unit 14. Acquires information name (file A.doc) and date / time information (Apr 10 2006 20:52:30) generated by a clock device (not shown), and secret sharing log composed of these secret information name and date / time information Generate information. Thereafter, the control unit 17 writes the secret sharing log information in the log file in the storage unit 11.

  When the data erasure unit 16 executes the data erasure process, the control unit 17 deletes the data erasure processing method name (Gutman method) and the erasure destination information (external storage medium) indicating the execution destination of the data erasure process from the data erasure unit 16 20) and date / time information (Apr 10 2006 20:53:00) generated by the clock device is acquired, and data erasure log information including the data erasure processing method name, erasure destination information, and date / time information is obtained. Generate. Thereafter, the control unit 17 writes the data erasure log information in the log file in the storage unit 11.

In addition, when the communication unit 19 distributes the distributed information, the control unit 17 distributes the distribution destination information (client device 10) indicating the distribution information distribution destination from the communication unit 19 and the distributed information name (distributed information D) included in the distributed information. (0)) and date / time information (Apr 10 2006 20:53:05) generated by the clock device is acquired, and distribution log information including these distribution destination information, distributed information name and date / time information is generated. To do. Thereafter, the control unit 17 writes the distribution log information in the log file in the storage unit 11. Similarly, the control unit 17 generates distribution log information for the distributed information D (1) to D (4) and writes the distribution log information in the log file.
Thus, the control part 17 performs the process of step ST36.

  As described above, according to the present embodiment, the data erasure process including a plurality of overwrite processes is executed on the external storage medium 20 in which the secret information S is stored at the time of restoration before the distributed information D (1) is distributed. Therefore, even if the storage medium storing the secret information at the time of restoration is lost or stolen, leakage of the secret information can be prevented.

  Further, since the data erasure process is executed before distribution of the shared information D (0) and then only the shared information D (1) is written to the external storage medium 20, it is stored in the log file. The anxiety that the confidential information remains in can be resolved. Furthermore, the external storage medium 20 can always be safely transported and managed, and a list of distributed information written in the external storage medium 20 can be created.

(Second Embodiment)
FIG. 6 is a schematic diagram showing the configuration of the secret sharing system according to the second embodiment of the present invention. The same parts as those in FIG. Mainly stated. In the following embodiments, the same description is omitted.

  That is, in the present embodiment, when the external storage medium 20 configured by two drives is used, the secret information is restored on the restoration data creation storage unit 23 in the external storage medium 20, and after the use of the secret information, the secret information is restored. The secret information in the restoration data creation storage unit 23 is deleted.

  Specifically, in addition to the functions described above, the external storage medium 20 includes a storage unit 21 as a first storage device in which shared information is stored, and a storage for creating restored data as a second storage device in which secret information is stored. 2 drives provided with a unit 23. The two storage units 21 and 23 constituting the two drives are physically constituted by two other storage devices.

  Accordingly, the data erasure unit 16 of the client device 10 also performs the data erasure process on the restored data creation storage unit 23 in the above-described function. It should be noted that the data erasure process may be executed at least on the restoration data creation storage unit 23 and not necessarily executed on the storage unit 21. However, it is assumed that data erasure processing is executed on the two storage units 21 and 23 at the time of the first distribution.

  Next, the operation of the secret sharing system configured as described above will be described with reference to the flowcharts of FIGS.

(Distribution of confidential information)
In the client device 10, it is assumed that secret information is temporarily stored in the storage unit 11 before the distributed information D (0) to D (n-1) is distributed. At this time, in the client device 10, it is assumed that a distributed processing start command is input from the input unit 13 by the operation of the operator.

  The client device 10 starts distributed processing based on this start command. First, the data erasure unit 16 is controlled by the control unit 17, and, as shown in FIG. 7, the data erasure process including a plurality of overwrite processes is performed by the storage unit 21 of the external storage medium 20 and the storage unit 23 for creating restored data. To completely erase the data in the external storage medium 20 (ST11a).

  Subsequently, the shared information control unit 14 is controlled by the control unit 17 as described above, and generates five pieces of shared information from the secret information based on, for example, the (2, 5) type secret sharing method (ST12).

  Thereafter, the communication unit 19 stores the generated five pieces of shared information D (0),..., D (4) in the storage unit 11, the storage unit 21 in the external storage medium 20, and each storage server device 30,. (ST13a).

(Restoring confidential information)
In the client device, as shown in FIG. 8, steps ST21 and ST22 are executed as described above, and the original data restoring unit 15 includes one piece of shared information D (1) distributed to the external storage medium 20. The pieces of shared information D (1) and D (0) are collected, and the original data as the secret information S is restored from the two pieces of shared information D (1) and D (0).

  Thereafter, the original data restoration unit 15 writes the restored original data into the restoration data creation storage unit 23 of the external storage medium 20 (ST23a).

  Thereby, the client device 10 can use the original data in the external storage medium 20. When the client device 10 does not update the original data in the external storage medium 20, the client device 10 may perform the above-described data erasure process and completely erase the original data in the external storage medium 20. Alternatively, after the data erasure process is executed to completely erase the storage content of the restoration data creation storage unit 23 of the external storage medium 20, the collected distributed information D (1) is stored in the storage unit 21 of the external storage medium 20. You may write to. Alternatively, as described below, the newly generated shared information may be redistributed in the same manner as when the original data is updated.

(Redistribution of confidential information)
As shown in FIG. 9, the client device 10 executes step ST31 as described above, and generates five pieces of shared information from the secret information based on the (2,5) type secret sharing scheme.

  Subsequently, the data erasure unit 16 is controlled by the control unit 17 to execute the data erasure process including a plurality of overwriting processes in the restoration data creation storage unit 23 of the external storage medium 20, and the data in the external storage medium 20 Is completely erased (ST33a). Here, if the storage capacity of the restoration data creation storage unit 23 of the external storage medium 20 is limited according to the presumed original data size, the time for erasing data can be shortened.

  The communication unit 19 includes four pieces of shared information D (0), D (2), D (3), and D (4) among the generated five pieces of shared information D (0), ..., D (4). ) Are individually distributed to the storage unit 11 and the storage server devices 30,..., 50 (ST34-1). Further, the communication unit 19 distributes the remaining one piece of shared information D (1) among the generated five pieces of shared information D (0),..., D (4) to the storage unit 21 of the external storage medium 20. (ST34-2).

  Thereafter, as shown in FIG. 5, the control unit 17 sends a log file containing the fact that the external storage medium 20 has been completely erased and what information has been written to the external storage medium as shown in FIG. 10 is stored in the storage unit 11 (ST36).

  As described above, according to the present embodiment, even if the external storage medium 20 is configured by two drives, the same operational effects as those of the first embodiment can be obtained.

(Third embodiment)
FIG. 10 is a schematic diagram showing a configuration of a secret sharing system according to the third exemplary embodiment of the present invention.

  This embodiment is a modification of the first embodiment. When an external storage medium 20 composed of one drive is used, the secret information is restored on the restoration data creation storage unit 12 ′ in the client device 10. After the use of the secret information, the secret information in the restored data creation storage unit 12 ′ is deleted.

  Accordingly, the client device 10 includes a restored data creation saving unit 12 ′ for storing the restored secret information in place of the temporary saving saving unit 12 described above. Here, the restoration data creation storage unit 12 ′ may be composed of either a RAM (Random Access Memory) or an HDD.

  Further, the original data restoration unit 15 writes the restored secret information only in the restoration data creation saving unit 12 ′ of the client device 10, not the saving unit 21 of the external storage medium 20 in the above-described function. That is, the storage area in which the secret information S is written is limited only to the restored data creation storage unit 12 ′ in the client device 10. This limitation can be realized by, for example, setting address information of the storage unit 12 'for restoring data creation in a program (not shown) of the control unit 17 in advance.

  Similarly, the data erasure unit 16 is controlled by the control unit 17 to execute a data erasure process including a plurality of overwrite processes on the restored data creation storage unit 12 ′ of the client device 10 after the distribution information is distributed. It has become.

  Next, the operation of the secret sharing system configured as described above will be described with reference to the flowcharts of FIGS.

(Distribution of confidential information)
The secret information distribution process is performed as shown in FIG. 2 as described above.

(Restoring confidential information)
In the client device, as shown in FIG. 11, steps ST21 and ST22 are executed as described above, and the original data restoring unit 15 includes one piece of distributed information D (1) distributed to the external storage medium 20. The pieces of shared information D (1) and D (0) are collected, and the original data as the secret information S is restored from the two pieces of shared information D (1) and D (0).

  Thereafter, the original data restoration unit 15 writes the restored original data only in the restoration data creation storage unit 12 'of the client device 10 (ST23b).

  As a result, the client device 10 can use the original data in the restoration data creation storage unit 12 '. If the client device 10 does not update the original data in the restored data creation storage unit 12 ′, the client device 10 executes the data erasure process in the same manner as described above to completely erase the original data in the restored data creation storage unit 12 ′. Good. Alternatively, as described below, the newly generated shared information may be redistributed in the same manner as when the original data is updated.

(Redistribution of confidential information)
As shown in FIG. 12, in the client device 10, as described above, by executing steps ST31, ST33, and ST34, five pieces of shared information are generated from the secret information, and the data in the external storage medium 20 is completely erased. The distributed information D (0),..., D (4) is individually distributed to the storage unit 11, the external storage medium 20, and the storage server devices 30,. However, in this embodiment, since the original data S has never been stored in the external storage medium 20, step ST33 for completely erasing the data in the external storage medium 20 may be omitted.

  Subsequently, the data erasure unit 16 is controlled by the control unit 17 and executes a data erasure process including a plurality of overwriting processes on the restoration data creation storage unit 12 ′ of the client device 10 to restore the restoration data creation storage unit 12. The data in 'are completely erased (ST35b). Here, if the storage capacity of the restoration data creation storage unit 12 ′ is limited according to the presumed original data size, the time for erasing data can be shortened.

  For example, as shown in FIG. 13, the control unit 17 has a log file containing the fact that the restoration data creation storage unit 12 ′ of the client device 10 has been completely erased once and what information has been written to the external storage medium. Is stored in the storage unit 11 of the client device 10 (ST36b).

  For example, as described above, the control unit 17 controls the secret sharing method name (Shamir formula (2,5) secret sharing method), the secret information name (file A.doc), and date / time information (Apr 10 2006 20:52:30). ) And the secret sharing log information is written to the log file in the storage unit 11.

  Further, when the data erasure unit 16 executes the data erasure process, the control unit 17 deletes the data erasure processing method name (Gutman method) from the data erasure unit 16 and erasure destination information (client device 10) indicating the execution destination of the data erasure process. ) And date / time information (Apr 10 2006 20:53:00) generated by the clock device, and data erasure log information consisting of the data erasure processing method name, erasure destination information, and date / time information is generated. To do. Thereafter, the control unit 17 writes the data erasure log information in the log file in the storage unit 11.

Further, as described above, the control unit 17 receives distribution log information including distribution destination information (client device 10), shared information name (shared information D (0)), and date / time information (Apr 10 2006 20:53:05). Generate and write the distribution log information to the log file in the storage unit 11. Similarly, the control unit 17 generates distribution log information for the distributed information D (1) to D (4) and writes the distribution log information in the log file.
Thus, the control part 17 performs the process of step ST36.

  As described above, according to the present embodiment, even if the restored original data S is stored in the client device 10, the shared data is stored in the restored data creation storage unit 12 ′ in which the secret information is stored at the time of restoration. Since the data deletion process including a plurality of overwrite processes is executed after the distribution of the client device 10, even if the client device 10 including the restoration data creation storage unit 12 ′ in which the secret information is stored at the time of restoration is lost or stolen, It is possible to prevent leakage of confidential information.

  Note that the method described in the above embodiment includes a magnetic disk (floppy (registered trademark) disk, hard disk, etc.), an optical disk (CD-ROM, DVD, etc.), a magneto-optical disk (MO) as programs that can be executed by a computer. ), And can be distributed in a storage medium such as a semiconductor memory.

  In addition, as long as the storage medium can store a program and can be read by a computer, the storage format may be any form.

  In addition, an OS (operating system) running on a computer based on an instruction of a program installed in the computer from a storage medium, MW (middleware) such as database management software, network software, and the like realize the above-described embodiment. A part of each process may be executed.

  Further, the storage medium in the present invention is not limited to a medium independent of a computer, but also includes a storage medium in which a program transmitted via a LAN, the Internet, or the like is downloaded and stored or temporarily stored.

  Further, the number of storage media is not limited to one, and the case where the processing in the above embodiment is executed from a plurality of media is also included in the storage media in the present invention, and the media configuration may be any configuration.

  The computer according to the present invention executes each process in the above-described embodiment based on a program stored in a storage medium, and is a single device such as a personal computer or a system in which a plurality of devices are connected to a network. Any configuration may be used.

  In addition, the computer in the present invention is not limited to a personal computer, but includes an arithmetic processing device, a microcomputer, and the like included in an information processing device, and is a generic term for devices and devices that can realize the functions of the present invention by a program. .

  Note that the present invention is not limited to the above-described embodiment as it is, and can be embodied by modifying the constituent elements without departing from the scope of the invention in the implementation stage. In addition, various inventions can be formed by appropriately combining a plurality of components disclosed in the embodiment. For example, some components may be deleted from all the components shown in the embodiment. Furthermore, constituent elements over different embodiments may be appropriately combined.

It is a schematic diagram which shows the structure of the secret sharing system which concerns on the 1st Embodiment of this invention. It is a flowchart for demonstrating the dispersion | distribution operation | movement in the embodiment. It is a flowchart for demonstrating the decompression | restoration operation | movement in the embodiment. It is a flowchart for demonstrating the re-distribution operation | movement in the embodiment. It is a schematic diagram for demonstrating the log file in the same embodiment. It is a schematic diagram which shows the structure of the secret sharing system which concerns on the 2nd Embodiment of this invention. It is a flowchart for demonstrating the dispersion | distribution operation | movement in the embodiment. It is a flowchart for demonstrating the decompression | restoration operation | movement in the embodiment. It is a flowchart for demonstrating the re-distribution operation | movement in the embodiment. It is a schematic diagram which shows the structure of the secret sharing system which concerns on the 3rd Embodiment of this invention. It is a flowchart for demonstrating the decompression | restoration operation | movement in the embodiment. It is a flowchart for demonstrating the re-distribution operation | movement in the embodiment. It is a schematic diagram for demonstrating the log file in the same embodiment.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 10 ... Client device, 11-n1 ... Saving part, 12 ... Temporary saving storage part, 12 ', 23 ... Restoration data creation saving part, 13 ... Input part, 14 ... Distributed information generation part, 15 ... Original data restoration part , 16 ... Data erasure unit, 17 ... Control unit, 18 ... Output unit, 19, 22 to n2 ... Communication unit, 20 ... External storage medium, 30, ..., n0 ... Storage server device, NW ... Network.

Claims (12)

A client device capable of individually distributing and collecting n pieces of distributed information in which secret information is distributed;
One external storage medium held detachably on the client device and readable / writable from the client device;
N-2 information storage devices capable of transmitting and receiving from the client device,
When the client device holds one piece of shared information and the remaining n-1 pieces of shared information are individually distributed to the external storage medium and each information storage device, k of the n pieces of shared information A (k, n) type secret sharing system capable of restoring the secret information from the pieces of shared information into an external storage medium,
The client device is
Distributed information storage means for storing the distributed information distributed;
Based on the (k, n) type secret sharing scheme, shared information generating means for generating n pieces of shared information from the secret information;
Prior to the distribution, data erasure means for executing data erasure processing including multiple overwrite processing on the external storage medium;
A distribution unit that individually distributes the generated n pieces of shared information to the shared information storage unit, the external storage medium, and the information storage devices after executing the data erasure process; Secret sharing system. The secret sharing system according to claim 1,
The external storage medium includes a first storage device in which distributed information is stored, and a second storage device in which secret information is stored,
The secret data sharing system, wherein the data erasure unit executes the data erasure process on the second storage device. A client device capable of individually distributing and collecting n pieces of distributed information in which secret information is distributed;
One external storage medium held detachably on the client device and readable / writable from the client device;
N-2 information storage devices capable of transmitting and receiving from the client device,
When the client device holds one piece of shared information and the remaining n-1 pieces of shared information are individually distributed to the external storage medium and each information storage device, k of the n pieces of shared information A (k, n) type secret sharing system capable of restoring the secret information from a plurality of pieces of shared information,
The client device is
Distributed information storage means for storing the distributed information distributed;
Secret information storage means for storing the secret information to be restored;
A collecting means for collecting k pieces of shared information including one piece of shared information distributed to the external storage medium among the distributed information distributed;
Based on the (k, n) type secret sharing scheme, restoring means for restoring secret information from the collected k pieces of shared information;
Secret information writing means for writing the restored secret information only in the secret information storage means;
Based on the (k, n) type secret sharing scheme, distributed information generating means for generating n pieces of shared information from the secret information in the secret information storage means;
Distribution means for individually distributing the generated n pieces of shared information to the shared information storage means, the external storage medium, and the information storage devices;
A secret sharing system, comprising: a data erasure unit that executes a data erasure process including a plurality of overwrite processes on the secret information storage unit after the distribution by the distribution unit. In the secret sharing system according to any one of claims 1 to 3,
The client device is
Log file storage means for storing log files;
Date and time information generating means for generating date and time information;
When the shared information generating unit generates shared information, the shared information generating unit acquires a secret sharing scheme name and a secret information name included in the secret information, and date / time information generated by the date / time information generating unit Secret information name acquisition means for acquiring
First log information generating means for generating secret sharing log information consisting of a secret sharing scheme name acquired by the secret information name acquiring means, a secret information name, and date and time information;
When the data erasure unit executes the data erasure process, the data erasure unit obtains the data erasure processing method name and the erasure destination information indicating the execution destination of the data erasure process from the data erasure unit and is generated by the date / time information generation unit Deletion processing information acquisition means for acquiring date and time information;
Second log information generating means for generating data erasure log information consisting of the data erasure processing method name, erasure destination information and date / time information acquired by the erasure processing information acquisition means;
When the distribution unit distributes shared information, the distribution unit acquires distribution destination information indicating a distribution destination of the distributed information and a shared information name included in the shared information, and is generated by the date and time information generation unit. Distribution destination information acquisition means for acquiring date and time information;
Third log information generating means for generating distribution log information comprising distribution destination information, distributed information name and date / time information acquired by the distribution destination information acquiring means;
A secret sharing system comprising: log file writing means for writing the secret sharing log information, the data erasure log information, and the distribution log information to the log file, respectively. N pieces of distributed information in which secret information is distributed can be individually distributed, and k pieces of shared information among the respective pieces of shared information can be collected to restore the secret information in an external storage medium (k, n) A client device capable of transmitting and receiving data to and from one external storage medium that is detachably held and n-2 information storage devices that are arranged separately.
Distributed information storage means for storing one distributed information to be distributed;
Based on the (k, n) type secret sharing scheme, shared information generating means for generating n pieces of shared information from the secret information;
Prior to the distribution, data erasure means for executing data erasure processing including multiple overwrite processing on the external storage medium;
A distribution unit that individually distributes the generated n pieces of shared information to the shared information storage unit, the external storage medium, and the information storage devices after executing the data erasure process; Client device. The client device according to claim 5, wherein
When the external storage medium includes a first storage device that stores shared information and a second storage device that stores secret information,
The data erasure unit executes the data erasure process on the second storage device. (K, n) type secret sharing scheme that individually distributes n pieces of shared information in which secret information is distributed, collects k pieces of shared information among the pieces of shared information, and restores the secret information A client device capable of transmitting and receiving data to and from one external storage medium that is detachably held and n-2 information storage devices that are arranged separately,
Distributed information storage means for storing one distributed information to be distributed;
Secret information storage means for storing the secret information to be restored;
A collecting means for collecting k pieces of shared information including one piece of shared information distributed to the external storage medium among the distributed information distributed;
A restoring means for restoring secret information from k pieces of shared information collected by the collecting means based on the (k, n) type secret sharing scheme;
Secret information writing means for writing the restored secret information only in the secret information storage means;
Based on the (k, n) type secret sharing scheme, distributed information generating means for generating n pieces of shared information from the secret information in the secret information storage means;
Distribution means for individually distributing the generated n pieces of shared information to the shared information storage means, the external storage medium, and the information storage devices;
A client device comprising: a data erasure unit that executes a data erasure process including a plurality of overwrite processes on the secret information storage unit after distribution by the distribution unit. The client device according to any one of claims 5 to 7,
Log file storage means for storing log files;
Date and time information generating means for generating date and time information;
When the shared information generating unit generates shared information, the shared information generating unit acquires a secret sharing scheme name and a secret information name included in the secret information, and date / time information generated by the date / time information generating unit Secret information name acquisition means for acquiring
First log information generating means for generating secret distributed log information consisting of secret information name and date information acquired by the secret information name acquiring means;
When the data erasure unit executes the data erasure process, the data erasure unit obtains the data erasure processing method name and the erasure destination information indicating the execution destination of the data erasure process from the data erasure unit and is generated by the date / time information generation unit Deletion processing information acquisition means for acquiring date and time information;
Second log information generating means for generating data erasure log information consisting of the data erasure processing method name, erasure destination information and date / time information acquired by the erasure processing information acquisition means;
When the distribution unit distributes shared information, the distribution unit acquires distribution destination information indicating a distribution destination of the distributed information and a shared information name included in the shared information, and is generated by the date and time information generation unit. Distribution destination information acquisition means for acquiring date and time information;
Third log information generating means for generating distribution log information comprising distribution destination information, distributed information name and date / time information acquired by the distribution destination information acquiring means;
A client device comprising: log file writing means for writing the secret sharing log information, the data erasure log information, and the distribution log information to the log file, respectively. N pieces of distributed information in which secret information is distributed can be individually distributed, and k pieces of shared information among the respective pieces of shared information can be collected to restore the secret information in an external storage medium (k, n) A client device program that can transmit and receive data to and from one external storage medium that is detachably held and n-2 information storage devices that are arranged separately.
A computer of the client device;
Distributed information storage means for storing one distributed information to be distributed;
Based on the (k, n) type secret sharing scheme, shared information generating means for generating n shared information from the secret information;
Data erasure means for executing data erasure processing including multiple overwrite processing on the external storage medium before the distribution,
Distribution means for individually distributing the generated n pieces of shared information to the shared information storage means, the external storage medium, and the information storage devices after execution of the data erasure processing;
Program to function as. The program according to claim 9,
When the external storage medium includes a first storage device that stores shared information and a second storage device that stores secret information,
The data erasure unit executes the data erasure process on the second storage device. (K, n) type secret sharing scheme that individually distributes n pieces of shared information in which secret information is distributed, collects k pieces of shared information among the pieces of shared information, and restores the secret information A client device program capable of transmitting and receiving data to and from one external storage medium that is detachably held and n-2 information storage devices that are arranged separately,
A computer of the client device;
Distributed information storage means for storing one distributed information to be distributed;
Secret information storage means for storing the secret information to be restored;
A collecting means for collecting k pieces of distributed information including one piece of distributed information distributed to the external storage medium among the distributed information distributed;
Restoring means for restoring secret information from k pieces of shared information collected by the collecting means based on the (k, n) type secret sharing scheme;
Secret information writing means for writing the restored secret information only in the secret information storage means;
Based on the (k, n) type secret sharing scheme, shared information generating means for generating n pieces of shared information from the secret information in the secret information storage means;
Distribution means for individually distributing the generated n pieces of shared information to the shared information storage means, the external storage medium, and the information storage devices;
A data erasure unit that executes a data erasure process including a plurality of overwrite processes on the secret information storage unit after distribution by the distribution unit;
A program characterized by comprising: The program according to any one of claims 9 to 11,
Log file storage means for storing log files,
Date and time information generating means for generating date and time information,
When the shared information generating unit generates shared information, the shared information generating unit acquires a secret sharing scheme name and a secret information name included in the secret information, and date / time information generated by the date / time information generating unit Secret information name acquisition means for acquiring
First log information generating means for generating secret distributed log information composed of secret information name and date information acquired by the secret information name acquiring means;
When the data erasure unit executes the data erasure process, the data erasure unit obtains the data erasure processing method name and the erasure destination information indicating the execution destination of the data erasure process from the data erasure unit and is generated by the date / time information generation unit Deletion processing information acquisition means for acquiring date and time information,
Second log information generating means for generating data erasure log information consisting of the data erasure processing method name, erasure destination information and date / time information acquired by the erasure processing information acquisition means;
When the distribution unit distributes shared information, the distribution unit acquires distribution destination information indicating a distribution destination of the distributed information and a shared information name included in the shared information, and is generated by the date and time information generation unit. Distribution destination information acquisition means for acquiring date and time information,
Third log information generation means for generating distribution log information including distribution destination information, shared information name and date / time information acquired by the distribution destination information acquisition means;
Log file writing means for writing the secret sharing log information, the data erasure log information, and the distribution log information to the log file, respectively
A program characterized by comprising:

Images