JP2008028695A - Information leakage prevention method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To prevent information from leaking even when tapping and hacking occur, and suppress processing load therefor. <P>SOLUTION: A client acquires the same number of numeric values as a character number n (n is an integer of 2 or more) of leakage prevention object information based on a first code group inherent to a user and in accordance with a predetermined rule. The client generates a worm-eaten dummy code group consisted of n blanks disposed at positions obtained respectively from the acquired n numeric values and of dummy codes disposed at positions other than the blanks. The client further generates encrypted information consisted of the worm-eaten dummy code group and n character leakage prevention object information put in the former group by putting n character leakage prevention object information in the n blanks, and transmits the encrypted information to the server system. The server system receives the encrypted information from the client and registers the encrypted information in a predetermined memory device. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to a technique for preventing leakage of information.

  As a technique for preventing information leakage, for example, a technique disclosed in Patent Document 1 is known. In Patent Document 1, information that is subject to leakage prevention is a password. In Patent Document 1, for example, the following processing is performed by a so-called client server system.

  At the time of initial registration, the server receives the color arrangement and password input from the user from the client, and registers the received color arrangement (for example, “blue / yellow / red”) and the password (for example, “12345”). The color array represents the password input order. Specifically, blue means the first digit, yellow means the second digit, and red means the third digit.

  During password authentication, the server randomly rearranges the color array “blue / red / yellow”, and if the number of colors constituting the color array is less than the number of digits of the password, the rearranged color array (for example, “ "Yellow / Red / Blue") is continuous so that it is longer than the number of digits of the password, and a continuous color arrangement (for example, "Yellow / Red / Blue" is repeated to create "Yellow / Red / Blue / Yellow / “Red / Blue” indicates that the number of colors is 5 or more password digits). The user sorts the regular passwords based on the displayed color arrangement group “yellow / red / blue / yellow / red / blue” and the order of “blue / yellow / red” entered at the time of initial registration. Enter the data. In this example, if passwords rearranged according to the displayed color arrangement group “yellow / red / blue / yellow / red / blue” are correctly entered, “2315 □ 4” is obtained (□ means blank). . The rearranged password is transmitted from the client to the server, and the server uses the rearranged password “2315 □ 4” based on the color arrangement “blue / yellow / red” registered at the time of initial registration. The password “12345” is obtained.

JP 2004-185074 A (particularly paragraphs 25-33)

  For example, a server system that deposits a credit card number (hereinafter simply referred to as “card number”) from a user and outputs the deposited card number to another computer system (for example, a computer system for performing payment) instead of the user. (Hereinafter, acting as a proxy server) can be considered. With this proxy server, after depositing the card number, the user can exercise the card number (for example, pay with a credit card) without entering the card number at various sites.

In the client server system using the proxy server and the client, the following two cases can be considered as cases where the card number may be leaked (the card number may be known by an unauthorized third party).
(1) A case where the card number is wiretapped while the card number is being transmitted from the client to the proxy server.
(2) A case where storage for storing card numbers is hacked.

  According to Patent Document 1 described above, in the password authentication after the initial registration, the rearranged password is input to the user and transmitted from the client to the server. Therefore, even if the case (1) occurs, the password is leaked. However, in the initial registration, a regular password that has not been rearranged is transmitted from the client to the server. Therefore, if the above case (1) occurs, the password may be leaked. Further, Patent Document 1 described above does not include a description assuming the case (2).

  From the above, it is desired to realize an information leakage prevention technique in which the card number does not leak even if the above two cases occur.

  Moreover, it is desirable that the usability of the user is not reduced as much as possible when realizing the information leakage prevention technology. One reason for this is that, for example, it is considered that proxy servers are often used in so-called BtoC, and if the user is forced to perform complicated operations, mistakes such as erroneous operations are likely to occur. According to the technique of Patent Document 1, when the password authentication is performed, the user cannot manage or store the color arrangement input at the time of initial registration. It's not good.

  In the proxy server, it is conceivable to store card numbers from many users and output the card numbers of the many users. Further, considering that one user owns a plurality of credit cards and registers the card numbers of the plurality of credit cards per user, it is considered that the number of card numbers to be kept and the number of processing cases are enormous. Considering these, it is desirable to reduce the processing burden for preventing information leakage as much as possible in realizing the information leakage prevention technology.

  The above points can be applied not only to the case where the information targeted for leakage prevention is a card number, but also to the prevention of leakage of other types of information.

  Accordingly, a first object of the present invention is to prevent leakage of information to be registered even if the information to be registered is intercepted during transmission from the first computer system to the second computer system.

  The second object of the present invention is to prevent leakage of information even if the information is stolen from the storage device.

  A third object of the present invention is to prevent usability from being lowered when realizing an information leakage prevention technique.

  A fourth object of the present invention is to suppress the processing burden for preventing information leakage.

  A computer program according to the present invention is characterized by causing a computer to execute a code conversion step, a numerical value acquisition step, and a generation step. In the code conversion step, the first code group unique to the user is converted into the second code group according to a predetermined rule. In the numerical value acquisition step, the same number of numerical values as the number of characters n (n is an integer of 2 or more) of the leakage prevention target information is obtained from the second code group. In the generation step, a worm-eaten dummy code group is generated, which includes n blanks arranged at positions obtained from the obtained n numerical values and dummy codes arranged at other positions. The worm-eaten dummy code group includes the n-blank dummy code group and the n-character leak prevention target information included in the n-blank dummy code group by inserting the n-letter leak prevention target information. Generating the configured encryption information, and identifying from the encryption information, n character leakage prevention target information present at a position corresponding to each of the n blanks of the generated worm-eaten dummy code group Thus, the data is used for decoding the leakage prevention target information of n characters.

  Since the burden required to execute this computer program is small, the processing burden for preventing information leakage can be suppressed.

  In the first embodiment, in the code conversion step, a code group input for the purpose of obtaining permission for the user to receive a desired service (for example, login) and stored in a predetermined storage resource (hereinafter referred to as permission application). Code group) is acquired from the storage resource, and the code group is converted into the second code group. That is, the first code group is not a code group input mainly for the purpose of generating the worm-eaten dummy code group but a permission application code group input and stored at a certain past time. For this reason, it is possible to make it difficult for a third party to specify what the first code group that is the basis of the generation of the worm-eaten dummy code group is, and thus it can further contribute to prevention of information leakage. it can. In the first embodiment, since the permission application code group is used as the first code group, the user does not need to input the first code group separately. For this reason, a user's usability can be improved.

  In the second embodiment, the first code group is a character string. In the code conversion step, a plurality of characters constituting the character string are converted into a plurality of character codes respectively according to a predetermined code system. In the numerical value acquisition step, each character code element constituting each character code is regarded as a numerical value in P-adic (P is an integer of 2 or more), and the n numerical values are obtained from a character code group including the plurality of character codes. get.

  According to the second embodiment, as a rule for code conversion, a character code and character conversion rule according to a predetermined code system is used. Therefore, it is not necessary to provide a dedicated rule for code conversion.

  In the third embodiment, in the numerical value obtaining step, the plurality of elements in the second code group are regarded as P-adic numbers, respectively, and four arithmetic operations using the plurality of P-adic numbers respectively are performed, Get n numbers.

  According to the third embodiment, the position is not the position obtained from the numerical value of each P-adic number, but the position obtained from the numerical value obtained by performing the four arithmetic operations. For this reason, it is possible to further reduce the possibility that a third party will specify where in the encrypted information the position where the information leakage prevention target character is located.

  In a fourth embodiment, in the third embodiment, in the numerical value acquisition step, the four arithmetic operations using a numerical value of each P-adic number and a variable are performed, and the numerical value of the plurality of P-adic numbers is added to the variable. Substitute the predetermined number of them.

  The first code group is a code group unique to the user. Therefore, the numerical value of each P-adic number obtained from the second code group is also a value unique to the user. If a variable is used in the four arithmetic operations and a numerical value of a P-adic number specific to the user is substituted for the variable, the algorithm according to this computer program is also specific to the user as a result. That is, according to the fourth embodiment, an algorithm that is substantially different for each user can be realized by a single computer program (algorithm) common to a plurality of users.

  In the fifth embodiment, by inserting leakage prevention target information consisting of the n characters into the n blanks, respectively, the worm-eaten dummy code group and the leakage prevention target information of the n characters inserted therein Further causing the computer to execute the step of generating the encryption information to be configured.

  In a sixth embodiment, by specifying n character leakage prevention target information existing at positions corresponding to n spaces of the generated worm-eaten dummy code group from the encrypted information, the n characters The computer further executes a step of decoding the leakage prevention target information.

  The above computer program is executed by the first computer system of a computer system group composed of a first computer system and a second computer system, thereby realizing one information leakage prevention method. .

Specifically, the first computer system stores a first code group unique to the user in a first storage resource of the first computer system, and the first computer system includes the first computer system. A step of converting one code group into a second code group according to a predetermined rule, and the first computer system determines from the second code group the number n of characters of leakage prevention target information (n is 2 or more). And obtaining the same number of numerical values), and the first computer system is arranged at n blanks arranged at positions obtained from the obtained n numerical values and at other positions. Generating a worm-eaten dummy code group composed of dummy codes, and the first computer system leaking each of the n characters into the n spaces. Generating the encryption information composed of the worm-eaten dummy code group and the n-letter leakage prevention target information inserted therein by inserting the stop target information; and Sending the encrypted information to a second computer system, the second computer system receiving the encrypted information from the first computer system, and the second computer system receiving the received An information leakage prevention method including the step of registering encrypted information in a predetermined storage device can be realized.

  According to this information leakage prevention method, even if the information to be registered is intercepted while being transmitted from the first computer system to the second computer system, the information leaks because the information is encrypted information. Can be prevented.

  Further, according to this information leakage prevention method, since the encrypted information is registered in the storage device, it is possible to prevent the information from leaking even if the storage device is hacked.

  Hereinafter, an embodiment of the present invention will be described with reference to the drawings.

  FIG. 1 shows a configuration example of a client server system according to an embodiment of the present invention.

  In the present embodiment, the information that is subject to leakage prevention is a credit card number (card number). A client 101 and a server system 500 are connected to a communication network 151, and the server system 500 is a system that outputs a card number of a credit card owned by a user to another computer system.

  The client 101 is a kind of computer, and includes a CPU 103, an input device 105 (for example, a keyboard), a display device 106, and a storage resource 107. The storage resource 107 can be composed of one or a plurality of storage devices (for example, a memory or a hard disk). The storage resource 107 stores a computer program executed by the CPU 103, and a Web browser 109 is one of the computer programs.

  The server system 500 can be composed of one or a plurality of server machines. In this embodiment, a Web server 201 connected to the communication network 151, an application server 301 connected to the Web server 201 and the database (DB) server 401, and a DB (hereinafter referred to as a user DB) 403 composed of user-related data. It can be configured with the stored DB server 401.

  The user DB 403 includes, for example, a login ID, a password, and one or more card numbers for each user. At least one of the login ID and the password (for example, a password) is encrypted (for example, a hash value). The card number stored in the user DB 403 is an encrypted card number as will be described later.

  FIG. 1 representatively shows the configuration of the application server 301 among the plurality of servers 201, 301, and 401. The application server 301 includes a CPU 303 and a storage resource 307. The storage resource 307 stores computer programs to be executed by the CPU 303, and examples of the computer programs include a pattern generation program 309, an encryption program 311, and a decryption program 313. Various computer programs will be described later.

  Hereinafter, the flow of processing performed in the client server system will be described.

  FIG. 2 shows an example of a processing flow for registering a card number.

  When the Web browser 109 accesses the Web server 201, a predetermined login request screen is displayed on the display device 106 by the Web browser 109. The login ID and password input on the login request screen are stored in the storage resource 107 and transmitted from the client 101 to the Web server 201 (step S1). The application server 301 searches the user DB 403 for a login ID and password that match the login ID and password received by the Web server 201, and if found, the login ID and password are authenticated (S2).

  When the login ID and password are authenticated in S2, the application server 301 transmits the pattern generation program 309 and the encryption program 311 to the Web server 201 (S3). The Web server 201 deletes the pattern generation program 309 and the encryption program 311 from the application server 301, a registration screen for accepting input of a card number, and predetermined information stored in the client 101. The erasure control information to be executed by the computer program is transmitted to the client 101 (S4). In the client 101, a registration screen is displayed on the display device 106 by the Web browser 109, and the pattern generation program 309, the encryption program 311 and the erasure control information are stored in the storage resource 107 (for example, memory).

  When the card number is input to the displayed registration screen and a predetermined operation is performed (for example, when a predetermined button on the registration screen is pressed) (S5), the storage resource 107 is stored. The stored pattern generation program 309 is executed by the CPU 103 (S6). The pattern generation program 309 generates a secret pattern by using a password stored in the storage resource 107 as an input value and executing a pattern generation algorithm described later using the password. The concealment pattern is a pattern for concealing the card number. Specifically, the number is the same as the number of digits n of the card number (n is an integer of 2 or more, and n = 16 in the present embodiment). A numerical group having a blank. The number Z of numerical values constituting this numerical group is larger than the number n of blanks (Z is a number including the number of blanks n, and Z> n). The generated secret pattern is developed in the storage resource 107.

  When the secret pattern is generated, the encryption program 311 stored in the storage resource 107 is executed by the CPU 103 (S7). The encryption program 311 puts each numerical value constituting the card number in each blank in the secret pattern. As a result, an encrypted card number is generated. That is, the encrypted card number is a set of a secret pattern and a card number incorporated therein.

  The client 101 transmits the encrypted card number on the storage resource 107 to the Web server 201 (S8). The Web server 201 transmits the encrypted card number from the client 101 to the application server 301, and the application server 301 stores the encrypted card number in the user DB 403 (S9). The encrypted card number is associated with the login ID and password in S2.

  In the client 101, information (password, card number, secret pattern, etc.) temporarily stored in the storage resource 107 is executed by executing a predetermined computer program at a predetermined timing based on the erasure control information stored in the storage resource 107. The pattern generation program 309 and the encryption program 311) are deleted (S10).

  According to the above flow, when registering the card number, the encrypted card number is transmitted from the client 101 to the Web server 201, and the unencrypted card number (hereinafter referred to as “raw card number”). Is not sent). For this reason, even if the information being transmitted is eavesdropped, what is obtained is the encrypted card number, and therefore it is possible to prevent leakage of the raw card number.

  Further, according to the above flow, this encrypted card number is stored in the user DB 403, and the raw card number is not stored in the user DB 403. Therefore, even if the storage device storing the user DB 403 is hacked, It is possible to prevent the raw card number from leaking.

  Further, according to the above flow, the secret pattern creation seed (a group of codes based on the secret pattern creation) is not explicitly exchanged as a key between the client 101 and the server system 500. This is a password that is not originally intended for encryption. For this reason, it is possible to make it difficult for a third party to specify what the seed for creating the concealment pattern is, so that it is possible to contribute to prevention of leakage of the card number.

  Also, according to the above flow, the client 101 erases the highly confidential information temporarily stored from the storage resource 107 at a predetermined timing. As a result, it is possible to prevent such highly confidential information from remaining in the storage resource 107 indefinitely, so that security is improved. Note that the predetermined timing includes various timings such as the timing when the Web browser 109 is closed, or the timing when a certain time elapses from a certain predetermined time after S1 (for example, when the encrypted card number is transmitted). The timing can be adopted.

  In this embodiment, as described above, an encrypted card number is transmitted and stored instead of a raw card number, but pattern generation is executed as a preparation process for encrypting the raw card number. The algorithm is one of the major features.

  FIG. 3 is an explanatory diagram of a pattern generation algorithm and card number encryption.

  The pattern generation algorithm is composed of first to third steps, and card number encryption is composed of the fourth step. The first to third steps correspond to S6 in FIG. 2, and the fourth step corresponds to S7 in FIG. Hereinafter, each step will be described.

<First step>
The first step is a process of converting a password (for example, “PASSWORD”) into an ASCII code group and dividing it into 16 equal parts. In the example shown in the figure, the password character string is composed of 8 characters. Therefore, when converted into an ASCII code group, 8 ASCII codes composed of 2 codes per character are obtained. 16 codes can be obtained by separately distributing. The reason for dividing into 16 is that the card number is 16 digits in this embodiment. In the following description, one character constituting the password is referred to as “password character”, and two codes constituting one ASCII code are referred to as “ASCII code element”.

<Second step>
The second step is a process of regarding the 16 ASCII code elements as numerical values and obtaining a surplus by mod4. Hereinafter, the surplus obtained by mod4 is referred to as “mod4 value”.

<Third step>
The third step is processing for creating a secret pattern based on the mod4 value. The secret pattern created here is composed of 16 sub-number groups corresponding to 16 ASCII code elements. One sub-number group consists of four elements, and among them, the element (position) corresponding to the mod4 value of the ASCII code element corresponding to the sub-number group is blank, and the other three The element is a number. All of the three numerical values are dummy numerical values (for example, numerical values determined randomly). The reason why the sub-number group is composed of four elements is because the value X of modX is 4.

<Fourth step>
The fourth step is processing for concealing the card number based on the concealment pattern. Specifically, each numerical value constituting the card number is entered in the blank of each sub numerical value group constituting the concealment pattern. Thereby, the encrypted card number illustrated in FIG. 3 is obtained.

  The above is the description of the pattern generation algorithm and card number encryption. It should be noted that the pattern generation algorithm, in other words, the configuration of the secret pattern is not limited to that described above, and various other types can be employed.

  For example, in the first step, the password used as a seed for the secret pattern may be an encrypted password such as a hash value or a raw password that is not encrypted. Needless to say, the same kind of password is used as a seed for encryption and decryption. That is, in this embodiment, the raw password is not used as a seed on the one hand, and the encrypted password is not used as a seed on the other hand.

  In the first step, another type of fixed code group (for example, login ID) unique to the user may be used instead of the password. The fixed code group is a code group composed of one or more codes that are not irregularly converted. Each fixed code constituting the fixed code group may be a character, a sign, or a numerical value.

  Further, in the algorithm of the above example, the password is converted into an ASCII code group, the ASCII code group is divided into 16 equal parts, and division is performed using each ASCII code element. However, instead of conversion to the ASCII code group, conversion using other types of conversion rules may be performed. Specifically, for example, a plurality of characters constituting a character string (characters here may include characters such as alphanumeric characters and symbols) are each set in a predetermined code system (for example, JIS code, Convert to a plurality of character codes according to Shift JIS code or Unicode), and treat each character code element constituting each of the plurality of character codes as a numerical value in P-adic (P is an integer of 2 or more), and perform four arithmetic operations You can go. Note that if the characters that make up the string contain characters that are not supported by the code system used for conversion (for example, if the code system used for conversion is ASCII code, When a Chinese character is included in the character string), the character code element corresponding to the character may be set to a predetermined value. That is, it is only necessary that the same secret pattern is generated by executing the pattern generation program 309 using the same character string in each of the client and server systems.

  Further, for example, as a conversion rule for obtaining a numerical value from a fixed code group, a rule other than a rule for converting to a character code according to a predetermined code system may be adopted. For example, a dedicated conversion table that defines what value each fixed code is converted to may be prepared, and each value corresponding to each fixed code may be obtained using the dedicated conversion table. In this case, the dedicated conversion table can be downloaded from the server system 500 to the client 101 in the same session as the download of the pattern generation program 309, the encryption program 311 or the like or in another session.

  In the first step, when the number of ASCII code elements constituting the ASCII code group k (k is an integer of 1 or more) is smaller than the number of digits n of the card number, a dummy code is (n− k) As a result, n ASCII code elements can be generated. The reason for this is to prepare at least as many sub-number groups as the number n of digits of the card number in the concealment pattern. On the other hand, when k is larger than the number n of digits of the card number, only the n ASCII code elements of the k ASCII code elements are divided by 4 in the second step. can do. However, the n ASCII code elements employed are ASCII code elements at predetermined positions. This is because even when a secret pattern is generated for decoding, decoding is not successful unless the same ASCII code element is employed. For the same reason, the (n−k) dummy codes to be added are codes according to a predetermined rule (for example, a code calculated according to a predetermined rule or a code set in advance), and ( The (n−k) dummy codes are added to a predetermined position, and a randomly determined code is not added or added to a randomly determined position.

  In the second step, the value X of modX is not limited to 4, and other values can be adopted. The larger the value of X, the lower the possibility that a raw card number will be specified from the encrypted card number. The value assigned to X may be a predetermined value, but if it is a variable value based on a predetermined assignment rule (that is, if X is a variable), it is considered that security can be further improved. . As a predetermined substitution rule, for example, X is a numerical value of one or more predetermined positions of a first numerical value group (for example, 16 ASCII code elements) obtained by converting a fixed code group according to a predetermined conversion rule. Substitution rules are possible. According to this substitution rule, the configuration of the concealment pattern varies depending on the fixed code group unique to the user, so that the concealment pattern configuration can be varied for each user.

  In the second step, not only division but also other types of four arithmetic operations may be used. Specifically, for example, as illustrated in FIG. 4, each ASCII code element (numerical value) may be multiplied by 4 instead of being divided by 4. In this case, in the third step, a secret pattern may be created based on each product. Specifically, for example, one sub-number group is configured by the same number as the maximum value of a plurality of products, and the positions of blanks in the sub-number group are shown in FIG. A position corresponding to the product of the ASCII code element corresponding to the numerical value group and 4 is set.

  In the third step, the number K of sub-number groups that are components of the concealment pattern may be made larger than the number n of digits of the card number. That is, one or more dummy sub-number groups composed only of dummy numbers may be included. The dummy sub-number group may be included in any position of the secret pattern. However, the configuration and position of the dummy sub numerical value group are the configuration and position according to a predetermined rule (that is, not the configuration and position determined at random). This is because even when a secret pattern is generated for decryption, the same secret pattern as the secret pattern for encryption cannot be obtained unless a dummy sub-number group having the same configuration is generated and placed in the same position. .

  In the present embodiment, since the leakage prevention target information is a card number composed only of numerical values, in the third step, all the dummy codes included in the concealment pattern are numerical values. In the case where other types of codes are included instead of or in addition to numerical values, the dummy code included in the confidential pattern can be replaced with or in addition to numerical values. .

  Further, the concealment pattern may not be a square as illustrated in FIG. 3 or FIG. For example, it may be composed of one horizontal row or one vertical column. In addition, for example, a plurality of sub-number groups may be arranged according to a predetermined rule or the column may be revised.

  As described above, the pattern generation algorithm described with reference to FIG. 3 is only an example, and various modifications of the pattern generation algorithm can be considered. Regardless of the pattern generation algorithm, basically, the first code group unique to the user as a seed for creating the secret pattern is converted into the second code group according to a predetermined rule, From the code group, obtain the same number of characters as the number of characters n of the leakage prevention target information, n blanks arranged at positions obtained from the obtained n numerical values, and dummy codes arranged at other positions, (Concealment pattern) consisting of In encryption, each character constituting the leakage prevention target information is inserted in each blank in the secret pattern. In the decryption, raw information (that is, leakage prevention target information) is obtained from each character positioned in the blank by comparing the encrypted information with the secret pattern. Such a process is a process with a small burden on the CPU.

  In the present embodiment, after the encrypted card number is registered in the above-described flow, for example, the card number is exercised, the password is changed, and the pattern generation program is changed. Hereinafter, an example of a processing flow executed in each case will be described.

  FIG. 5 is an example of a processing flow for exercising the card number.

  Authentication of the login ID and password input to the client 101 is performed (S21, S22). The authenticated password (password entered by the user) is stored in the storage resource 307.

  Thereafter, the application server 301 receives an instruction for exercising the card number from the client 101 via the Web server 201 (S23). As a result, the application server 301 executes the pattern generation program 309 (S24). That is, the above-described pattern generation algorithm is executed using the password authenticated in S22 (password stored in the storage resource 307), so that a secret pattern is generated and stored in the storage resource 307.

  When the secret pattern is generated, the decryption program 313 is executed (S25). That is, the decryption program 313 acquires the encrypted card number corresponding to the authenticated login ID and password from the user DB 403, and obtains the encrypted card number and the secret pattern generated in S24. By comparison, each numerical value corresponding to the blank position of the secret pattern is specified from the encrypted card number. Each specified numerical value is a numerical value constituting a raw card number. That is, in S25, the encrypted card number is decrypted into a raw card number. The raw card number is temporarily stored in the storage resource 307.

  The application server 301 exercises the decrypted raw card number (S26). Specifically, for example, the raw card number is transmitted to the computer system of the exercise destination. When the computer system includes the pattern generation program 309 and the decryption program 313, an encrypted card number may be transmitted instead of a raw card number. Alternatively, the encrypted card number, the pattern generation program 309 and the decryption program 313 are transmitted to the computer system, the encrypted card number is decrypted, and the pattern generation program 309 and decryption used for the decryption are decrypted. The program 313 may be deleted.

  After S26, the application server 301 deletes the decrypted raw card number and secret pattern from the storage resource 307 (S27).

  FIG. 6 is an example of a process flow for changing a password.

  Authentication of the login ID and password input to the client 101 is performed (S31, S32).

  Next, in the client 101, the changed password (hereinafter, new password) is input by the user, and the input new password is transmitted to the application server 301 via the Web server 201 (S33).

  The application server 301 reads the old password existing in the user DB 403, stores it in the storage resource 307, and updates the old password in the user DB 403 with a new password (S34).

  Then, the application server 301 executes a process of storing, in the user DB 403, an encrypted card number with a new secret pattern using a new password as a seed instead of the existing encrypted card number.

  Specifically, first, a secret pattern using the old password as a seed is generated by executing the pattern generation program 309 using the old password (S35). Next, by executing the decryption program 313, an existing encrypted card number is obtained from the user DB 403, and the encrypted card number is compared with the secret pattern generated in S35. The encrypted card number is decrypted into a raw card number (S36). Next, a new secret pattern using the new password as a seed is generated by executing the pattern generation program 309 using the new password (S37). Next, by executing the encryption program 311, a new encrypted card number is generated by putting each value of the decrypted card number into each blank of the new secret pattern (S 38). The application server 301 updates the existing encrypted card number in the user DB 403 with the generated new encrypted card number (S39).

  FIG. 7 is an example of a processing flow for changing the pattern generation program.

  In the application server 301, when the pattern generation program 309 is changed (S41), a new secret pattern is generated by the changed pattern generation program 309 in place of the existing encrypted card number, and the card number is determined by the secret pattern. Is stored in the user DB 403.

  Specifically, first, by executing the pattern generation program 309 before the change using a password in the user DB 403 (which may be a password input in response to a request from the user). A secret pattern is generated (S42). Next, by executing the decryption program 313, an existing encrypted card number is obtained from the user DB 403, and the encrypted card number is compared with the secret pattern generated in S42. The encrypted card number is decrypted into a raw card number (S43). Next, a new secret pattern is generated by executing the changed pattern generation program 309 using the same password as that used in S42 (S44). Next, by executing the encryption program 311, a new encrypted card number is generated by putting each value of the decrypted card number into each blank of the new secret pattern (S 45). The application server 301 updates the existing encrypted card number in the user DB 403 with the generated new encrypted card number (S46).

  The embodiment of the present invention has been described above, but this is an example for explaining the present invention, and the scope of the present invention is not limited to this embodiment. The present invention can be implemented in various other forms.

  For example, the pattern generation program and the encryption program may be installed in the client 101 in advance. In that case, for example, in the registration of the card number, after S2, it is checked whether or not the pattern generation program is the same between the client 101 and the server system 500 (for example, the version information of the pattern generation program is displayed). If they are the same, S5 is performed, and if they are different, S3 may be performed.

  Further, for example, the server system 500 may store a different pattern generation program 309 for each user, and a pattern generation program corresponding to the user may be executed.

1 shows a configuration example of a client server system according to an embodiment of the present invention. An example of the processing flow for registration of a card number is shown. It is explanatory drawing of a pattern production | generation algorithm and card number encryption. It is explanatory drawing of the modification of a pattern generation algorithm. It is an example of the processing flow for exercising a card number. It is an example of the processing flow of a password change. It is an example of the processing flow of a pattern generation program change.

Explanation of symbols

DESCRIPTION OF SYMBOLS 101 ... Client 201 ... Web server 301 ... Application server 309 ... Pattern generation program 311 ... Encryption program 313 ... Decryption program 401 ... Database server 403 ... User database

Claims (10)

A code conversion step of converting a first code group unique to the user into a second code group according to a predetermined rule;
From the second code group, a numerical value obtaining step for obtaining a numerical value equal to the number of characters n (n is an integer of 2 or more) of leakage prevention target information;
Causing the computer to execute a generating step for generating a group of worm-eaten dummy codes including n blanks arranged at positions obtained from the obtained n numerical values and dummy codes arranged at other positions. ,
The worm-eaten dummy code group includes the n-blank dummy code group and the n-character leak prevention target information included in the n-blank dummy code group by inserting the n-letter leak prevention target information. Generating the encryption information to be configured, and identifying the leakage prevention target information of n characters existing at positions corresponding to n spaces of the generated worm-eaten dummy code group from the encryption information, respectively Thus, the data is used for decrypting the leakage prevention target information of the n characters.
A computer program characterized by the above. In the code conversion step, a code group input for the purpose of obtaining permission for a user to receive a desired service and stored in a predetermined storage resource is acquired from the storage resource, and the code group is acquired from the second storage resource. To the code group
The computer program according to claim 1. The first code group is a character string,
In the code conversion step, each of a plurality of characters constituting the character string is converted into a plurality of character codes according to a predetermined code system,
In the numerical value acquisition step, each character code element constituting each character code is regarded as a numerical value in P-adic (P is an integer of 2 or more), and the n numerical values are obtained from a character code group including the plurality of character codes. get,
The computer program according to claim 1. In the numerical value acquisition step, each of the plurality of elements in the second code group is regarded as a P-adic number, and an arithmetic operation using each of the plurality of P-adic numbers is performed to obtain the n numerical values.
The computer program according to claim 1 or 3. In the numerical value acquisition step, the four arithmetic operations using a numerical value of each P-adic number and a variable are performed, and a predetermined number among the plural numerical values of the P-adic number is substituted for the variable.
The computer program according to claim 4. In the first computer system that transmits information to be registered to the second computer system,
Storage resources,
First code group storage means for storing a first code group unique to a user in the storage resource;
Based on the first code group, code conversion means for converting to the second code group according to a predetermined rule;
Numerical value acquisition means for obtaining from the second code group a numerical value equal to the number n of characters of the leakage prevention target information (n is an integer of 2 or more);
A worm-eaten dummy code group generating means for generating a worm-eaten dummy code group composed of n blanks arranged at positions obtained from the obtained n numerical values and dummy codes arranged at other positions;
Worm-eaten dummy code group generation storage means for storing the generated worm-eaten dummy code group in the storage resource;
Encrypted information composed of the worm-eaten dummy code group and the n character leakage prevention target information included in the n-blank dummy code group by putting the leakage prevention target information consisting of the n characters in the n spaces, respectively. Encryption means to generate;
A computer system comprising: transmission means for transmitting the encryption information to the second computer system. A second computer system for receiving information to be registered from the first computer system,
Storage resources,
Receiving means for receiving from the first computer system encrypted information composed of a worm-eaten dummy code group and n-letter leakage prevention target information inserted therein;
Registration means for registering the received encrypted information in a predetermined storage device;
First code group storage means for storing a first code group unique to a user in the storage resource;
Code conversion means for converting the first code group into a second code group according to a predetermined rule;
Numerical value acquisition means for obtaining from the second code group a numerical value equal to the number n of characters of the leakage prevention target information (n is an integer of 2 or more);
Worm-eaten dummy code group means for generating a worm-eaten dummy code group composed of n blanks arranged at positions obtained from the obtained n numerical values and dummy codes placed at other positions;
Worm-eaten dummy code group storage means for storing the generated worm-eaten dummy code group in the storage resource;
By identifying n character leakage prevention target information existing at positions corresponding to n blank spaces of the generated worm-eaten dummy code group from the received encrypted information, the leakage prevention target information of the n characters A computer system comprising: decoding means for decoding. The first computer system is the computer system of claim 6,
Erasing means for erasing the worm-eaten dummy code group at a predetermined timing from the storage resource of the first computer system;
The computer system according to claim 7, further comprising: Download means for storing a computer program comprising the code conversion means, the numerical value acquisition means, and the worm-eaten dummy code group generation means in the storage resource of the first computer system by downloading the computer program to the first computer system. ,
Further comprising
The erasing means also erases the computer program at the predetermined timing;
The computer system according to claim 8. A first computer system storing a first code group unique to the user in a first storage resource of the first computer system;
The first computer system converting the first code group into a second code group according to a predetermined rule;
The first computer system obtains, from the second code group, a numerical value of the same number as the number of characters n (n is an integer of 2 or more) of leakage prevention target information;
The first computer system generates a worm-eaten dummy code group consisting of n blanks arranged at positions obtained from the obtained n numerical values and dummy codes arranged at other positions. Steps,
The first computer system puts the leakage prevention target information consisting of the n characters into the n blanks, respectively, so that the worm-eaten dummy code group and the leakage prevention target information of the n characters put therein Generating encrypted information consisting of:
The first computer system transmitting the encryption information to a second computer system;
The second computer system receiving the encrypted information from the first computer system;
An information leakage prevention method comprising: the second computer system registering the received encrypted information in a predetermined storage device.

Images