JP2009010748A - Data communication system, data communication method, data transmission terminal, and data transmission method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a data communication system capable of drastically shortening a period of time required for encrypting the data while keeping security in data encryption processing when encrypting and transmitting data. <P>SOLUTION: In the data communication system wherein a transmission terminal transmitting data 30 and a reception terminal receiving the data 30 are connected, a transmission terminal 3 comprises: an encryption means for dividing the data 30 into a plurality of divided data items 31 and encrypting a part of these divided data 31, for the unit basis thereof, using an encryption key 33; and a transmission means for transmitting encrypted data 30A to a reception terminal 4. The reception terminal 4 comprises: a reception means for receiving the encrypted data 30A; and a decryption means for decrypting the encrypted data 30A using a decryption key 35 that pairs with the encryption key 33. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention relates to a data communication system, a data communication method, a data transmission terminal, and a data transmission method for encrypting only a part of data when data is encrypted or when data is encrypted and transmitted.

  In recent years, with the development of communication networks, a function for transmitting and receiving data via a communication line has been increasingly used. At the same time, when sending / receiving data, to prevent data being sent and received from a third party on the communication line and data leaking, the data is encrypted and sent. It has become to.

  However, the capacity of data transmitted / received via a communication line increases, and there is a problem that it takes a lot of time to encrypt data to be transmitted. Therefore, it is desirable to shorten the time required for encrypting data by encrypting a part of the data, not the entire data.

Patent Document 1 describes a digital video scramble apparatus that encrypts and transmits a part of an image data portion of video content, and that the receiving side acquires an encryption key from an authentication server and decrypts the encrypted portion. This digital video scramble apparatus is for permitting an unspecified number of people to partially view video content by not encrypting a part of the image data portion.
JP 2004-138933 A

  Encrypting only a part of the data can reduce the time required for the encryption process, but there is a problem that the security of the encryption process may be reduced.

  The present invention has been made in view of the above problems, and when encrypting data or transmitting data after encrypting, the time required for the data encryption process while maintaining the security of the data encryption process An object of the present invention is to provide a data communication system, a data communication method, a data transmission terminal, and a data transmission method that can significantly reduce the time.

  In order to solve the above-mentioned problem, a data communication system according to the present invention is a data communication system including a transmission terminal that transmits data and a reception terminal that receives data transmitted by the transmission terminal. Encrypts the data into a plurality of divided data and encrypts a part of these divided data using an encryption key, and the encrypted data encrypted by the encryption means Transmitting means for transmitting to the receiving terminal, the receiving terminal receiving the encrypted data transmitted by the transmitting terminal, and decryption paired with the encrypted data received by the receiving means. A decryption unit for decrypting using a key is provided.

  Further, the data communication method according to the present invention is a data communication method of a data communication system configured by a transmission terminal that transmits data and a reception terminal that receives data transmitted by the transmission terminal. A step of dividing the data into a plurality of divided data, encrypting a part of the divided data in units of the divided data using an encryption key, and transmitting the encrypted encrypted data; and the receiving terminal Receives the encrypted data transmitted in the transmitting step, and performs a receiving step of decrypting the received data using a decryption key paired with the encryption key used for the encryption. It is characterized by that.

  Further, the data transmission terminal according to the present invention, a dividing means for dividing the data into a plurality of divided data, an encryption means for encrypting a part of the divided data units divided by the dividing means, And transmitting means for transmitting the encrypted data encrypted by the encrypting means.

  Further, the data transmission method according to the present invention includes a dividing step of dividing data into a plurality of divided data, and an encryption step of encrypting a part of the divided data units divided in the dividing step, And a transmission step of transmitting the encrypted data encrypted in the encryption step.

  According to the data communication system, the data communication method, the data transmission terminal, and the data transmission method according to the present invention, when transmitting data, the data is divided into a plurality of divided data, and a part of the divided data units. By encrypting only the divided data, the processing time required for data encryption and re-transmission is greatly reduced compared to the case where the entire data is encrypted while maintaining the security of the data encryption process. Is possible.

  Embodiments of a data communication system, a data communication method, a data transmission terminal, and a data transmission method according to the present invention will be described with reference to the accompanying drawings. When data is transmitted and received in the data communication system 1, the data to be transmitted is divided into a plurality of divided data, part of which is encrypted in divided data units, and using a decryption key after reception Decrypted and recombined.

  FIG. 1 is a system configuration diagram of a data communication system 1 according to the present invention. The data communication system 1 includes a network 2. The network 2 is an arbitrary wired or wireless network such as a WAN (Wide Area Network), the Internet, and a LAN (Local Area Network). In the data communication system 1, a data transmission terminal 3 for transmitting data, a data reception terminal 4 for receiving data transmitted by the data transmission terminal 3, and an encryption key for encrypting data transmitted by the data transmission terminal 3 33, and a key generation server 5 that generates a decryption key 35 for decrypting data received by the data receiving terminal 4, and an approval terminal 6 that approves that the data receiving terminal 4 is an official data transmission destination. Are connected to each other via the network 2 so that they can communicate with each other.

  FIG. 2 shows a system configuration diagram of the data transmission terminal 3, the data reception terminal 4, and the approval terminal 6. As shown in FIG. 2, the data transmission terminal 3, the data reception terminal 4, and the approval terminal 6 are each temporarily processed as a CPU 11 that performs various arithmetic processes and control processes, and a work area when the CPU 11 performs the processes. A RAM 12 that stores necessary data, a ROM 13 that stores processing programs for the CPU 11 to perform processing and data necessary for processing, and a hard disk 17 that stores programs and data necessary for the CPU 11 to execute various application programs. Data input through the hard disk drive 14 for reading and writing, the display interface 15 displayed on the display device 18 such as a liquid crystal display, and the input device 19 such as a keyboard and a mouse are transmitted to the CPU 11 under the control of the CPU 11. Input interface 16 and network Communication interface 10 for performing data communication through, are communicably connected to each other via a bus 20.

  FIG. 3 shows a system configuration diagram of the key generation server 5. As shown in FIG. 3, the key generation server 5 includes a CPU 21 that performs various arithmetic processes and control processes, and a RAM 22 that temporarily stores data necessary for processing as a work area when the CPU 21 performs processes. ROM 23 for storing a processing program for performing the processing and data necessary for the processing, a hard disk drive 24 for reading and writing with respect to a hard disk 26 for storing the programs and data necessary for the CPU 21 to execute various application programs, and A communication interface 25 that performs data communication via the network 2 is connected to be communicable with each other via a bus 27.

  Note that the data transmission terminal 3, the data reception terminal 4, and the approval terminal 6 are each collectively controlled by the CPU 11 when performing processing. Further, the key generation server 5 is comprehensively controlled by the CPU 21 when performing processing.

  Here, data communication processing performed in the data communication system 1 will be roughly described based on the schematic diagram shown in FIG. In the following description, it is assumed that the data transmitting terminal 3 transmits data and the data receiving terminal 4 receives the transmitted data.

(1) First, when the data transmission terminal 3 transmits, for example, the data 30 stored in the hard disk 17, the data 30 is divided into a plurality of divided data 31.
(2) The data transmission terminal 3 selects a part of the plurality of divided data 31, for example, one divided data 31, and encrypts the selected divided data 31 as an encryption target. Data 32 is assumed.
(3) The data transmission terminal 3 requests the key generation server 5 to generate the encryption key 33 and the decryption key 35 in order to encrypt the encryption target data 32. In response to this request, the key generation server 5 generates an encryption key 33 and a decryption key 35 paired with the encryption key 33, and transmits the encryption key 33 to the data transmission server 3.

(4) The data transmission terminal 3 encrypts the encryption target divided data 32 in the divided data 31 using the encryption key 33 and converts it into the encrypted divided data 34.
(5) The data transmitting terminal 3 transmits to the data receiving terminal 4 the encrypted data 30A in which a part (encrypted divided data 34) of the data 30 to be transmitted is encrypted.
(6) The data transmission terminal 3 is a data reception terminal that is an official transmission destination when the data reception terminal 4 receives and decrypts the encrypted data 30A transmitted in (5) with respect to the approval terminal 6. 4 is permitted to decrypt the encrypted data 30A, and a third party other than the data receiving terminal 4 is requested not to permit the decryption of the encrypted data 30A.

  (7) When the approval terminal 6 is requested to perform approval, the approval terminal 6 transmits approval information including information indicating the data receiving terminal 4 as an official transmission destination to the key generation server 5. The key generation server 5 that has received this approval information sets an approval flag 36 indicating that the data receiving terminal 4 is approved in the decryption key 35.

(8) Upon receiving the encrypted data 30A, the data receiving terminal 4 acquires the decryption key 35 from the key generation server 5. When obtaining the decryption key 35, it is necessary that the approval terminal 6 approves and the decryption key 35 has an approval flag 36 set.
(9) The data receiving terminal 4 decrypts the encrypted data 30 </ b> A using the decryption key 35 and restores the plurality of divided data 31.
(10) The data receiving terminal 4 acquires the data 30 by combining the plurality of divided data 31.

  In this way, the data communication process is performed in the data communication system 1. When the data transmission terminal 3 selects the encryption target data 32 to be encrypted from the plurality of divided data 31 generated by dividing the data 30 ((2) shown in FIG. 4), the data transmission terminal 3 This is performed using the stored reference information 40.

  The reference information 40 is information including information indicating the processing date and time and information indicating the data attribute of the data 30, and as shown in FIG. 5, item information indicating items relative to item number information 41 indicating item numbers. 42, information associated with item value information 43 indicating the item value. For example, the item “sender ID” and the item value “XXXXXXX” are associated with the item number “1”. This sender ID is information that is preset and stored in the hard disk 17 in order to transmit and receive data by the sender (user). The item “sender password” and the item value “YYYYYYYY” are associated with the item number “2”. The sender password is also information that is preset and stored in the hard disk 17 in order to transmit and receive data by the sender (user).

  The item number “3” is associated with the item “system start date and time” and the item value “2007/06/30 20:00:01”. This system activation date and time is the date and time recorded when the data transmission terminal 3 is activated. The item number “4” is associated with the item “start date and time of division processing” and the item value “2007/06/30 20:12:12”. The start date and time of the division process is the date and time recorded when the process of dividing the data 30 into a plurality of divided data 31 is started in the step (1) shown in FIG.

  The item number “5” is associated with the item “end date and time of division processing” and the item value “2007/06/30 20:13:00”. The end date / time of the division process is the date / time recorded when the process of dividing the data 30 into a plurality of divided data 31 is completed in the step (1) shown in FIG. The item “6” is associated with the item “start date and time of encryption processing” and the item value “2007/06/30 20:14:30”. The start date and time of the encryption process is the date and time recorded when the process of selecting and encrypting one of the plurality of divided data 31 is started in the step (2) shown in FIG.

  The item “data capacity” and the item value “50000” are associated with the item number “7”. This data capacity is the data capacity of the data 30 to be transmitted to the data receiving terminal 4 and is expressed, for example, in units of bytes, and is set when data to be transmitted is selected by the user. The item “data type” and the item value “document” are associated with the item number “8”. This type of data is the type of data 30 to be transmitted to the data receiving terminal 4, and is set when data to be transmitted is selected by the user. The item “9” is associated with the item “number of divisions” and the item value “20”. This number of divisions is the number of divided data 31 when the data 30 to be transmitted to the data receiving terminal 4 is divided into a plurality of divided data 31, and is placed in the step (1) shown in FIG. It is set when the process of dividing the data 30 into a plurality of divided data 31 is performed.

  In the data transmission terminal 3, an item value is randomly selected from the reference information 40 and digitized, and the encryption target divided data 32 to be encrypted is selected from the plurality of divided data 31 based on the digitization. As a result, the degree of difficulty in decryption is increased, and the encryption security is improved.

  Here, the procedure of the data communication processing in the data communication system 1 according to the present invention will be described in detail based on the flowcharts shown in FIGS. First, the data transmission terminal 3 performs data transmission processing for transmitting data 30 to the data reception terminal 4. FIG. 6 is a flowchart showing the procedure of this data transmission process. Note that the processing by the data transmission terminal 3 is controlled by the CPU 11 of the data transmission terminal 3. Hereinafter, for example, “step S101” will be described by omitting the word “step” such as “S101”.

  When transmitting the data 30 using the data transmission terminal 3, the user instructs the data transmission terminal 3 to transmit the data 30 by selecting the data 30 to be transmitted using the input device 19, for example. . The data transmission terminal 3 determines whether or not the user has selected the data 30 and instructed the transmission of the data 30 (S101). When the transmission of the data 30 is not instructed (No in S101), the data transmission terminal 3 stands by as it is.

  When the transmission of the data 30 is instructed (Yes in S101), the data transmission terminal 3 acquires the data 30 selected in S101 from the hard disk 17 and loads it onto the RAM 12 (S103). The data transmission terminal 3 divides the data 30 loaded on the RAM 12 in S105 and creates a plurality of divided data 31 (S105). At this time, for example, the upper limit of the size of the divided data 31 is determined in advance, and the data 30 loaded in S103 is divided based on this upper limit. In this case, the number of divisions is determined depending on the data capacity of the data 30 to be transmitted. The division method of the data 30 is not limited to this, and an arbitrary method is used.

  In addition, even when the session is interrupted during transmission by dividing the data 30 into a plurality of divided data 31 when transmitting the data 30, it is only necessary to retransmit only the divided data 31 that failed to be transmitted. There is an advantage that it is not necessary to retransmit the entire data 30.

  Next, the data transmission terminal 3 is stored in the hard disk 17 in order to select one divided data 31 (encryption target divided data 32) to be encrypted from the plurality of divided data 31 divided in S105. The reference information 40 is acquired (S107).

  The data transmission terminal 3 selects any one of the item numbers included in the item number information 41 of the reference information 40 acquired in S107 using a random number (S109). The random number is created using an arbitrary function for generating a random number such as a natural random number or a uniform random number, and an item number corresponding to the generated random number is selected. When generating this random number, it may be generated by a method in which only the number included in the item number is generated, or after the random number is generated, the random number may be processed to become one of the item numbers.

  The data transmission terminal 3 acquires the item value associated with the item number selected in S109 from the reference information 40, and digitizes this item value (S111). Based on the numerical value calculated in S111, the data transmission terminal 3 determines the divided data 31 to be encrypted among the divided data 31 divided in S105, that is, the encryption target divided data 32 (S113). ). At this time, for example, the remainder obtained by dividing the numerical value calculated in S111 by the number of divisions is used as the division target number, and the divided data 31 at the position of the division target number in the divided data 31 is the encryption target divided data 32. And

  In this way, by randomly determining the encryption target divided data 32 using the reference information 40, when a malicious third party attempts to obtain and decrypt the encrypted data 30A illegally, which of the encrypted data 30A Since it becomes difficult to decipher whether the portion is encrypted, the security of the encryption process can be improved.

  When the data transmission terminal 3 determines the encryption target divided data 32, the encryption key 33 and the decryption key for encrypting and decrypting only the encryption target divided data 32 of the divided data 31 are transmitted to the key generation server 5. In order to request to generate the key 35, information indicating that the encryption key 33 and the decryption key 35 are requested is transmitted (S115).

  The data transmission terminal 3 determines whether an encryption key has been received from the key generation server 5 (S117). If the encryption key 33 has not been received (No in S117), the data transmission terminal 3 waits until the encryption key 33 is received. When the encryption key 33 is received (Yes in S117), the data transmission terminal 3 encrypts the encryption target divided data 32 determined in S113 based on the encryption key 33, and performs encryption target division. Data 32 is converted into encrypted divided data 34 (S119).

  In S119, the data transmitting terminal 3 transmits the encrypted data 30A obtained by encrypting a part of the data 30 (encrypted divided data 34) to the data receiving terminal 4 (S121). At the same time, the data transmitting terminal 3 requests the approval terminal 6 to perform approval before decrypting the encrypted data 30A so that only the data receiving terminal 4 can decrypt the encrypted data 30A. Approval request information is transmitted (S123). The approval request information includes information indicating an information processing terminal (data receiving terminal 4) that is a transmission destination.

  Thus, when the data transmitting terminal 3 transmits the data 30 to the data receiving terminal 4, the data 30 is not transmitted as it is, but the data 30 is divided into a plurality of divided data 31 and a part thereof is divided. The encrypted encrypted data 30A is transmitted.

  When the data transmitting terminal 3 transmits the data 30 to the data receiving terminal 4, the encrypted data 30A obtained by encrypting the data 30 is transmitted. The encrypted data 30A transmitted at this time is transmitted to the data receiving terminal 4 There is a possibility that an information processing terminal other than the terminal may eavesdrop, etc. to illegally acquire the encrypted data 30A and maliciously decrypt it. Therefore, in order to prevent this, the approval terminal 6 sets the approval flag 36 for the decryption key 35 necessary for the decryption and performs the approval.

  The procedure when the approval terminal 6 performs the approval process will be described based on the flowchart shown in FIG. Note that the processing by the approval terminal 6 is controlled by the CPU 11 of the approval terminal 6.

  First, the approval terminal 6 determines whether approval request information has been received from the data transmission terminal 3 (S201). If the approval request information is transmitted by the data transmission terminal 3 in S123, the approval terminal 6 receives this approval request information. When the approval request information has not been received (No in S201), the approval terminal 6 waits until the approval request information is received.

  When the approval request information has been received (Yes in S201), the approval terminal 6 generates and transmits approval information that means approval to the key generation server 5 (S203). This approval information is information generated based on information indicating the information processing terminal (data reception terminal 4) of the transmission destination included in the approval request information, and the encrypted data 30A transmitted by the data transmission terminal 3 is This is information indicating that only the data receiving terminal 4 is permitted to receive and decode.

  Thus, the approval terminal 6 transmits the approval information to the key generation server 5 when receiving the approval request information from the data transmission terminal 3.

  When the data transmitting terminal 3 transmits the encrypted data 30A to the data receiving terminal 4 in S121, the data receiving terminal 4 performs a data receiving process for receiving and decrypting the encrypted data 40A. A procedure when the data receiving terminal 4 performs the data receiving process will be described based on the flowchart shown in FIG. Note that the processing by the data receiving terminal 4 is controlled by the CPU 11 of the data receiving terminal 4.

  First, the data receiving terminal 4 determines whether or not the data receiving terminal 3 has received the encrypted data 30A transmitted in S121 (S301). If the encrypted data 30A has not been received (No in S301), the data receiving terminal 4 stands by as it is.

  When the encrypted data 30A is received (Yes in S301), the data receiving terminal 4 determines whether or not the data receiving terminal 4 itself has obtained approval for decrypting the encrypted data 30A from the key generation server 4. Information for confirming is transmitted (S303).

  The data receiving terminal 4 determines whether or not information indicating approval is received as a response in S303 (S305). When the data transmission terminal 3 transmits the approval request information to the approval terminal 6 in S123, and the approval terminal 6 that has received the approval request information transmits the approval information to the key generation server 5, the key The generation server 5 transmits information indicating approval to the data receiving terminal 4.

  If the information indicating approval is not received or if the information indicating approval is not received (No in S305), the data receiving terminal 4 sends error information to the display device 18 of the data receiving terminal 4, for example. Is displayed (S307), and the data receiving process is terminated. In general, except when an abnormal eavesdropping occurs during communication, the data receiving terminal 4 indicates that it has been approved in S305 when it receives the encrypted data 30A from the data transmitting terminal 3. Receive information.

  When the information indicating the approval is received (Yes in S305), the key generation server 5 is requested to transmit the decryption key 35 for decrypting the encrypted data 30A, and the decryption key 35 is set. Information indicating the request is transmitted (S309). Upon receiving this request, the key generation server 5 transmits a decryption key 35 for decrypting the encrypted data 30 </ b> A to the data receiving terminal 4.

  The data receiving terminal 4 determines whether or not the decryption key 35 has been received from the key generation server 5 (S311). When the decryption key 35 has not been received (No in S311), the data receiving terminal 4 stands by until the decryption key 35 is received.

  When receiving the decryption key 35 (Yes in S311), the data receiving terminal 4 decrypts the encrypted data 30A received in S301 by using the received decryption key 35 (S313). When the encrypted data 30A is decrypted, the encrypted data 30A is converted into a plurality of divided data 31 as shown in (9) of FIG. This divided data 31 is the divided data 31 divided by the data transmission terminal 3 in S105. The data receiving terminal 4 combines the plurality of divided data 31. This combined data is the data 30 acquired by the data transmission terminal 3 in S103.

  Thus, when the data receiving terminal 4 receives the encrypted data 30A from the data transmitting terminal 3, the data receiving terminal 4 acquires the decryption key 35 from the key generation server 5 and decrypts the encrypted data 30A using the decryption key 35. Thus, the original data 30 stored in the data transmission terminal 3 is acquired.

  Next, key generation processing in which the key generation server 5 generates and transmits the encryption key 33 and the decryption key 35 paired with the encryption key 33 will be described based on the flowchart shown in FIG. Note that the processing by the key generation server 5 is controlled by the CPU 21 of the key generation server 5.

  The key generation server 5 determines whether the generation of the encryption key 33 and the decryption key 35 is requested from the data transmission server 3 (S401). If the data transmission terminal 3 transmits information for requesting generation of the encryption key 33 and the decryption key 35 in S115, and the key generation server 5 receives this information, it is determined that the request has been made. When generation of the encryption key 33 and the decryption key 35 is not requested (No in S401), the key generation server 5 stands by as it is.

  When generation of the encryption key 33 and the decryption key 35 is requested (Yes in S401), the encryption key 33 and the decryption key 35 paired with the encryption key 33 are generated (S403). Then, the key generation server 5 transmits the encryption key 33 to the data transmission terminal 3 (S405). The data transmission terminal 3 that has received the encryption key 33 encrypts the encryption target divided data 32 based on the encryption key 33 in S119.

  The key generation server 5 determines whether approval information has been received from the approval terminal 6 (S407). At this time, for example, when the approval information is not received within a predetermined time after the encryption key 33 is transmitted, it is determined that the approval information has not been received. When the approval information is received (Yes in S407), the key generation server 5 sets the approval flag 36 in the decryption key 35 generated in S403 (S409). The approval flag 36 includes information indicating a destination information processing terminal (data receiving terminal 4). The approval flag 36 transmits the decryption key 35 only to the destination information processing terminal. Indicates that is allowed.

  When the approval information is not received (No in S407), or when the approval flag 36 is set in the decryption key 35 in S409, the key generation server 5 decrypts the encrypted data 30A from the data receiving terminal 4. It is determined whether or not information for confirming whether or not approval has been received has been received (S411). In S303, information for confirming whether or not the data receiving terminal 4 has been approved is transmitted, and when the key generation server 5 receives this information, approval for decrypting the encrypted data 30A is made. It is determined that information for confirming whether or not it has been received is received. When the information for confirming whether or not the approval has been received is not received (No in S411), the key generation server 5 stands by as it is.

  When the information for confirming whether or not the approval has been received is received (Yes in S411), the key generation server 5 determines whether or not the data receiving terminal 4 is approved as an official transmission destination of the data 30. Judgment is made (S413). At this time, if the approval flag 36 including information indicating the data receiving terminal 4 is set in S409, it is determined that the approval is made, and otherwise, it is determined that the approval is not made. The If it is determined that the key is not approved (No in S413), the key generation server 5 transmits information indicating that the key is not approved to the data receiving terminal 4 (S415), and performs the key generation process. finish. Here, it is possible to return to S411 and wait until receiving information for confirming whether or not it is recognized again.

  If it is determined that the key is approved (Yes in S413), the key generation server 5 transmits information indicating that the key is approved to the data receiving terminal 4 (S417). That is, if the approval flag 36 is set in S409, the key generation server 5 transmits information indicating that the approval is made to the data receiving terminal 4, and otherwise indicates that the approval is not made. The information shown is transmitted to the data receiving terminal 45.

  The key generation server 5 determines whether or not the decryption key 35 is requested from the data receiving terminal 4 (S419). At this time, when the data receiving terminal 3 transmits information for requesting to transmit the decryption key 35 for decrypting the encrypted data 30A in S309, and the key generation server 5 receives this information, It is determined that the decryption key 35 is requested from the data receiving terminal 4. When the decryption key 35 is not requested (No in S419), the key generation server 5 stands by until the decryption key 35 is requested.

  When the decryption key 35 is requested from the data receiving terminal 4 (Yes in S419), the key generation server 5 confirms that the information processing terminal (in this case, the data receiving terminal 4) that has requested the decryption key 35 is approved. It is determined whether or not (S421). At this time, if the approval flag 36 set in the decryption key 35 includes information indicating the information processing terminal that has requested the decryption key 35, it is determined that the information is approved.

  If not approved (No in S421), the key generation server 5 ends the key generation process without transmitting the decryption key 35 to the data receiving terminal 4. If approved (Yes in S421), the key generation server 5 transmits the decryption key 35 to the data receiving terminal 4 (S423), and ends the key generation process.

  In this way, the key generation server 5 generates the encryption key 33 and the decryption key 35 paired with the encryption key 33 in response to a request from the data transmission terminal 3, and uses the encryption key 33 as the data transmission terminal. 3 to send. When the key generation server 5 receives the approval information for the decryption key 35 from the approval terminal 6, the key generation server 5 sets the approval flag 36 in the decryption key 35. When the key generation server 5 receives the decryption key 35 from the data receiving terminal 4, the key generation server 5 checks whether or not the approval flag 36 is set. If the approval flag 36 is set, the key generation server 5 receives the decryption key 35. Transmit to terminal 4.

  As an embodiment, the example in which one divided data 31 is selected when the data transmission terminal 3 selects the encryption target divided data 32 to be encrypted from the divided data 31 has been described. The divided data 31 may be selected (not all the divided data 31 may be selected). At this time, a plurality of encryption target divided data 32 are selected by selecting a plurality of items from the reference information 40. Here, although the security is improved by increasing the number of the encryption target divided data 32, it is necessary to consider that the time required for the encryption process becomes long.

  Moreover, although the example which selects the encryption object division | segmentation data 32 from the division | segmentation data 31 using the reference information 40 was demonstrated as embodiment, it is not limited to this, Information other than the reference information 40 will be used if it can be digitized. Arbitrary information can be used.

  Furthermore, although the example which the data transmission terminal 3 transmits the data 30 to the data reception terminal 4 was demonstrated as embodiment, it is not limited to this, The information processing terminal used as the transmission destination of the data 30 may be multiple. . In this case, information indicating the plurality of information processing terminals is included in the approval request information transmitted to the approval terminal 6, and the plurality of information processing terminals are also included in the approval information transmitted from the approval terminal 6 to the key generation server 5. Is included. Further, after transmitting the decryption key 35 in S423, the process returns to S411, and the decryption key is also transmitted to the information processing terminal of another transmission destination.

  According to the data communication system 1, the data transmission terminal 3, and the data transmission method according to the present invention, when the data transmission terminal 3 transmits the data 30, the data 30 is divided into a plurality of divided data 31, By encrypting only a part of the divided data 31, it is possible to significantly reduce the processing time required for data encryption and retransmission compared to the case where the entire data 30 is encrypted.

  Further, according to the data communication system 1, the data communication method, the data transmission terminal 3, and the data transmission method according to the present invention, when the data 30 is divided into a plurality of divided data 31, a part of the divided data 31 is divided data. By selecting and encrypting at random in units, it is possible to improve security compared to the case where the entire data 30 is uniquely encrypted.

  Further, according to the data communication system 1, the data communication method, the data transmission terminal 3, and the data transmission method according to the present invention, when acquiring the decryption key 35, a third party other than the data transmission terminal 3 and the data reception terminal 4 is obtained. By performing the approval process by the approval terminal 6 that is, it becomes possible to further improve the security.

  Further, according to the data communication system 1, the data communication method, the data transmission terminal, and the data transmission method according to the present invention, the approval terminal 6 performs the approval process after the data transmission terminal 3 transmits the encrypted data 30A. When 30 requires immediate transmission or when data 30 is data that takes time to transmit, it is possible to reduce the time until the data receiving terminal 4 acquires the data.

  The data transmitting terminal 3, the data receiving terminal 4, the key generation server 5, and the approval terminal 6 according to the present invention have been described in the case where the function for carrying out the invention is recorded in advance in the apparatus. The same function may be downloaded from the network 2 to the apparatus, or the same function stored in the recording medium may be installed in the apparatus.

1 is a system configuration diagram of a data communication system according to the present invention. The system block diagram of a data transmission terminal, a data reception terminal, and an approval terminal. The system block diagram of a key generation server. Schematic for demonstrating the procedure at the time of performing a data communication process in the data communication system which concerns on this invention. The data block diagram of reference information. The flowchart which shows the procedure at the time of a data transmission terminal performing a data transmission process. The flowchart which shows the procedure at the time of an approval terminal performing an approval process. The flowchart which shows the procedure at the time of a data reception terminal performing a data reception process. The flowchart which shows the procedure at the time of a key generation server performing key generation processing.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 1 ... Data communication system, 2 ... Network, 3 ... Data transmission terminal, 4 ... Data reception terminal, 5 ... Key generation server, 6 ... Approval terminal, 10, 25 ... Communication interface, 11, 21 ... CPU, 12, 22 ... RAM, 13, 23 ... ROM, 14, 24 ... hard disk drive, 15 ... display interface, 16 ... input interface, 17, 36 ... hard disk, 18 ... display device, 19 ... input device, 20, 27 ... bus, 30 ... data , 30A ... encrypted data, 31 ... divided data, 32 ... encrypted divided data, 33 ... encryption key, 34 ... encrypted divided data, 35 ... decryption key, 36 ... approval flag, 40 ... reference information.

Claims (11)

In a data communication system configured by a transmitting terminal that transmits data and a receiving terminal that receives data transmitted by the transmitting terminal,
The transmitting terminal is
An encryption unit that divides the data into a plurality of divided data and encrypts a part of these divided data units using an encryption key;
Transmission means for transmitting the encrypted data encrypted by the encryption means to the receiving terminal,
The receiving terminal is
Receiving means for receiving the encrypted data transmitted by the transmitting terminal;
A data communication system, comprising: decryption means for decrypting encrypted data received by the reception means using a decryption key paired with the encryption key.   The data communication system according to claim 1, wherein the transmitting terminal determines the divided data to be encrypted regardless of the attribute of the data.   The data communication system according to claim 1, wherein the transmission terminal determines divided data to be encrypted using either processing date / time information or data attribute information. A transmission terminal that encrypts and transmits data using an encryption key; an approval terminal that approves the use of a decryption key that is paired with the encryption key; and the encryption key that receives data transmitted by the transmission terminal and In a data communication system including a receiving terminal that decrypts using a pair of decryption keys,
The transmitting terminal is
An encryption unit that divides the data into a plurality of divided data and encrypts a part of these divided data units using an encryption key;
Transmitting means for transmitting the encrypted data encrypted by the encryption means to the receiving terminal;
Approval request means for requesting the approval terminal to approve the use of a decryption key paired with the encryption key,
The approval means is
An approval unit that approves the use of a decryption key paired with the encryption key when requested by the transmission terminal to approve the encryption key;
The receiving terminal is
Receiving means for receiving the encrypted data transmitted by the transmitting terminal;
A data communication system, comprising: a decryption unit configured to decrypt the encrypted data received by the reception unit using the decryption key when the use of the decryption key is approved. In a data communication method of a data communication system configured by a transmission terminal that transmits data and a reception terminal that receives data transmitted by the transmission terminal,
The transmitting terminal divides the data into a plurality of divided data, encrypts a part of these divided data using an encryption key, and transmits the encrypted encrypted data. When,
A receiving step in which the receiving terminal receives the encrypted data transmitted in the transmitting step and decrypts the received encrypted data using a decryption key that is paired with the encryption key used for the encryption. When,
A data communication method characterized by: A dividing means for dividing the data into a plurality of divided data;
Encryption means for encrypting a part of the divided data units divided by the dividing means;
Transmitting means for transmitting encrypted data encrypted by the encrypting means;
A data transmission terminal comprising:   7. The data transmission terminal according to claim 6, wherein the encryption means determines the divided data to be encrypted regardless of the attribute of the data.   7. The data transmission terminal according to claim 6, wherein the encryption means determines divided data to be encrypted by using any of processing date / time information, data attribute information and predetermined arbitrary information. A division step of dividing the data into a plurality of divided data;
An encryption step of encrypting a part of the divided data units divided in the dividing step;
A transmission step of transmitting the encrypted data encrypted in the encryption step;
The data transmission method characterized by performing.   The data transmission method according to claim 9, wherein in the encryption step, the divided data to be encrypted is determined regardless of the attribute of the data.   The data transmission method according to claim 9, wherein in the encryption step, divided data to be encrypted is determined by using any of processing date / time information, data attribute information, and predetermined arbitrary information.

Images