JP2009239846A - Data encryption decoding method, data encryption decoding system, data encryption apparatus, and data decoding apparatus - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a data encryption decoding system capable of specifying a decoding key to be used for decoding of a ciphertext though a file ID for directly designating the decoding key does not pass to a decoding apparatus side. <P>SOLUTION: An image processing device 10 produces an encryption key authentication code from inputted original data in accordance with a predetermined algorithm by using data encryption key 104 which is used when a frame of a compressed image is encrypted. An image reproducing device 20 decodes the ciphertext of the frame of the compressed image by selecting a data decoding key 203 for making verification of combination of the encryption key authentication code which is produced when the frame of the compressed image is encrypted and the original data which are used for producing the encryption key authentication code succeed from among a plurality of the data decoding keys 203. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to a technique capable of decrypting a ciphertext on the decryption device side without specifying a decryption key of the ciphertext when decrypting the ciphertext encrypted by the encryption device.

  With the advent of the digital society, data encryption technology is used in various fields such as authentication and data transmission. When data is encrypted and used, an encryption device for encrypting data and a decryption device for decrypting data are often installed independently, and are input to the decryption device by a network or a data storage medium. When decrypting a ciphertext, it is necessary to transmit data directly specifying a decryption key for decrypting the ciphertext to the decryption apparatus side.

  For example, in an IC card system using an IC card on which a semiconductor integrated circuit is mounted, as described in Non-Patent Document 1, a data file stored in an IC card is stored as data for storing data other than an encryption key. A file (WEF) is distinguished from a data file (IEF) storing an encryption key, and a file ID is assigned to each data file, and decryption used for decrypting ciphertext from the terminal device by the IEF file ID The key is specified directly.

However, if the data that directly specifies the decryption key used for decrypting the ciphertext, for example, the file ID is leaked, it is used for decrypting the ciphertext from the decryption keys stored in the data decryption device. Since the decryption key to be identified can be specified, there is a possibility that the decryption key may receive various encryption key decryption attacks including DPA attacks.
JICSAP IC Card Specification V2.0 Part 3 Common Commands (P12)

  Therefore, the present invention can select from among the decryption keys stored in the data decryption device without passing the data (for example, file ID) directly specifying the decryption key used for data decryption to the decryption device. An object of the present invention is to provide a data encryption / decryption method, a data encryption / decryption system, a data encryption device, and a data decryption device that can specify a decryption key used for decrypting a ciphertext.

  According to a first invention for solving the above-described problem, a data encryption device uses a data encryption key used when encrypting a data object, and uses an encryption key authentication code from specified raw data according to a predetermined encryption algorithm. And a data encryption step in which step a1 is generated, and the data decryption device uses the data decryption key stored in the data decryption device according to a predetermined verification algorithm to generate the encryption key from the raw data. Data in which step b1 for verifying whether an authentication code can be generated, step b2 for decrypting the ciphertext of the data object using one data decryption key that has been successfully verified for the encryption key authentication code A data encryption / decryption method comprising: a decryption step.

  Furthermore, the second invention is the data encryption / decryption method according to the first invention, wherein in the data encryption step, the data encryption device stores a plurality of the data encryption keys, and the step a1 Before the data encryption device, the data encryption key used for encryption of the data object and generation of the encryption key authentication code is randomly selected from the plurality of data encryption keys stored in the data encryption device The data encryption / decryption method is characterized in that step a0 is executed.

  Furthermore, a third invention uses a data encryption means for encrypting a data object using a data encryption key, and uses the data encryption key for encrypting the data object, and specifies a specified element according to a predetermined encryption algorithm. An encryption key authentication code generating means for generating an encryption key authentication code from the data, storing a plurality of data decryption keys, and using each of the data decryption keys according to a predetermined verification algorithm, Verify whether the encryption key authentication code can be generated from the raw data, and select a data decryption key selection unit that selects one data decryption key that has been successfully verified, and the data decryption key selected by the data decryption key selection unit And a data decryption device comprising: a data decryption means for decrypting a ciphertext of the input data object. It is also configured data encryption decryption system.

  Furthermore, a fourth invention is the data encryption / decryption system according to the third invention, wherein the data encryption device stores a plurality of the data encryption keys, and further stores a plurality of the stored data encryption keys. Data encryption characterized by comprising data encryption key selection means for randomly selecting the data encryption key used for encryption of the data object and generation of the encryption key authentication code from among the data encryption keys Decoding system.

  Further, the fifth invention uses a data encryption means for encrypting a specified data object using a data encryption key, and uses the data encryption key for encrypting the data object to specify according to a predetermined encryption algorithm. And a cryptographic key authentication code generating means for generating a cryptographic key authentication code from the raw data.

  Furthermore, a sixth invention is the data encryption device according to the fifth invention, wherein the data encryption device stores a plurality of the data encryption keys, and further stores a plurality of the stored data encryption keys. A data encryption apparatus comprising data encryption key selection means for randomly selecting the data encryption key used for encryption of the data object and generation of the encryption key authentication code.

  Further, the seventh invention stores a plurality of data decryption keys, verifies whether the encryption key authentication code can be generated from the raw data according to a predetermined verification algorithm using each of the data decryption keys, and verifies A data decryption key selection means for selecting one of the data decryption keys that has succeeded, and a data decryption for decrypting the ciphertext of the input data object using the data decryption key selected by the data decryption key selection means And a data decoding device.

  According to the above-described present invention, the encryption key authentication code generated by the data encryption device is generated from the raw data using the data encryption key used for encrypting the data object, and therefore stored in the data composite device. Each data composite key is used to verify whether an encryption key authentication code can be generated from the raw data. The data decryption key that has been successfully verified is used as the data decryption key that is paired with the data encryption key that was used to encrypt the data object. Therefore, even if data (for example, a file ID) directly specifying a data decryption key used for decrypting a data object is not passed to the data decryption device, the data decryption device has a plurality of data decryption keys. Thus, one data decryption key can be selected.

  In addition, by randomly selecting and using one data encryption key from a plurality of data encryption keys stored in the data encryption device, the data encryption key for encrypting the data object is uniquely determined. This eliminates the possibility of decrypting the encrypted data object.

  The data encryption / decryption method, data encryption / decryption system, data encryption apparatus, data decryption apparatus, and computer program according to the present invention will be described in detail with reference to the drawings.

  FIG. 1 is a diagram for explaining a camera video recording system 1 to which a data encryption / decryption system according to the present invention is applied. The camera video recording system 1 in FIG. 1 includes a CCD camera 30 such as a surveillance camera and an in-vehicle camera. The video processing apparatus 10 functioning as the data encryption apparatus according to the present invention, the network attached storage 40 (NAS: Network-Attached Storage) in which the video file encrypted by the video processing apparatus 10 is stored, and the present invention And at least a video playback device 20 functioning as a data decoding device.

  The video processing device 10 is a device for storing the compressed / encrypted video file in the NAS 40 by compressing / encrypting the video frame included in the video transmitted from the CCD camera 30. At the time of encryption, the data encryption process of the data encryption / decryption method according to the present invention is executed inside the video processing apparatus 10.

  The video playback device 20 has a function of decrypting and playing back a compressed / encrypted video file stored in the NAS 40. When the encrypted video file is decrypted, the video playback device 20 includes the present invention within the video playback device 20. The data decryption step of the data encryption / decryption method according to the above is executed.

  First, a description will be given of a video processing apparatus 10 that constitutes the camera video recording system of FIG. 1 and functions as a data encryption apparatus according to the present invention. FIG. 2 is a hardware block diagram of the video processing apparatus 10, and FIG. 3 is a functional block diagram of the video processing apparatus 10.

  As shown in FIG. 2, the video processing apparatus 10 is a hardware, as an input / output interface, a video interface 121 that is an input terminal for an NTSC composite signal of an image captured by the CCD camera 30, and a physical for connecting to a LAN. The video processing apparatus 10 further includes an NTSC decoder 120 for digitally converting an NTSC composite signal input from the video interface 121, a CPU 110a, a RAM 110b, a flash memory 110c, and an MPEG4 encoder 110d. A video processing module 110, which is a computer board equipped with an image processing module, and a module independent of the video processing module 110, functioning as a data encryption device according to the present invention, and CP A cryptographic operation module 100 (for example, a SIM) including a U100a, a RAM 100b, an EEPROM 100c, and a cryptographic operation coprocessor 100d is provided.

  Also, as shown in FIG. 3, the video processing module 110 of the video processing apparatus 10 functions as a video compression that compresses the video captured by the CCD camera 30 by compressing the video frame digitally converted by the NTSC encoder. Means 111 and an encryption key authentication code generating means 112 for causing the arithmetic processing module to generate an encryption key authentication code used for confirming the encryption key obtained by encrypting the video, as the video compression means 111 and the encryption key authentication code generating means 112 A computer program for causing the video processing module 110 to function is stored in the flash memory 110 c of the video processing module 110.

  Furthermore, the cryptographic operation module 100 of the video processing apparatus 10 stores a plurality of data encryption keys 104 (three in this case) used for encrypting a video frame in the EEPROM 100c, and the cryptographic operation module 100 functions as a function. The data encryption unit 101 for encrypting data transmitted from the video processing module 110 using the cryptographic operation coprocessor 100d, here, the compressed video frame, and the data encryption used by the data encryption unit 101 A data encryption key selection means 103 for selecting the key 104; and an encryption key authentication code calculation means 102 for calculating an encryption key authentication code from the raw data transmitted from the video processing module 110. The data encryption means 101, the data encryption Cryptographic calculation as key selection means 103 and cryptographic key authentication code calculation means 102 Computer program for causing a Joule 100 is recorded in EEPROM100c cryptographic operation module 100.

  The video compression means 111 provided in the video processing module 110 of the video processing apparatus 10 temporarily stores the video frame transmitted from the NTSC decoder 120 in the RAM 110b, and stores it in the RAM 110b using the MPEG4 encoder 110d. Compresses the video frame.

  The video processing module 110 of the video processing apparatus 10 encrypts the compressed video frame using the cryptographic operation module 100 and transmits the compressed / encrypted video frame to the NAS 40 via the LAN. To store the compressed and encrypted video file. Note that before the cryptographic operation module 100 encrypts the compressed video frame, the video processing module 110 transmits a message requesting the selection of the data encryption key 104 to the cryptographic operation module 100, and the cryptographic operation module 100 receives the data. The encryption key 104 is selected.

  The encryption key authentication code generation unit 112 provided in the video processing module 110 of the video processing apparatus 10 is a unit that operates after encrypting the video transmitted from the CCD camera 30. The encryption key authentication code generation unit 112 Generate raw data that is a prime of an encryption key authentication code used to confirm the data encryption key 104 used by the arithmetic module 100, and encrypt a message that includes the generated raw data and requests generation of an encryption key authentication code By transmitting to the arithmetic module 100, the cryptographic key authentication code is generated in the cryptographic module 100.

  Then, when the encryption key authentication code generating unit 112 provided in the video processing module 110 of the video processing device 10 acquires the encryption key authentication code from the cryptographic operation module 100, it transmits the raw data and the encryption key authentication code to the NAS 40, The generated raw data and the encryption key authentication code received from the cryptographic operation module 100 are stored in association with the compressed / encrypted video file.

  The data encryption key selection means 103 provided in the cryptographic operation module 100 of the video processing apparatus 10 receives the received data, in this case, compressed from the plurality of data encryption keys 104 stored in the cryptographic operation module 100. When a message requesting selection of the data encryption key 104 is received from the video processing module 110 by means of selecting one data encryption key 104 for encrypting a video frame, a random number is generated inside the cryptographic operation module 100, Randomly select one data encryption key 104 to be used to encrypt a compressed video frame from a plurality of data encryption keys 104 stored in the cryptographic operation module 100 using the generated random number To do.

  The data encryption unit 101 provided in the cryptographic operation module 100 of the video processing device 10 selects one data encryption key 104 used for encrypting a compressed video frame at random, and then compresses the data. When a message for encrypting a video frame is received from the video processing module 110, the compressed video frame is encrypted using the data encryption key 104 selected by the data encryption key selection unit 103, and the compressed video frame Is sent back to the video processing module 110.

  The encryption key authentication code calculation means 102 provided in the cryptographic operation module 100 of the video processing device 10 is transmitted from the video processing module 110 according to a specific algorithm using the data encryption key 104 selected by the data encryption key selection means 103. An encryption key authentication code is generated from the raw data, and the generated encryption key authentication code is returned to the video processing module 110.

  From here, the procedure performed inside the video processing apparatus 10 will be described. FIG. 4 is a flowchart showing a procedure executed inside the video processing apparatus 10, and this flowchart is also a diagram for explaining a procedure of a data encryption process included in the data encryption / decryption method.

  When the video processing apparatus 10 starts to receive video data from the CCD camera 30, the video processing module 110 of the video processing apparatus 10 starts to temporarily store the video frames converted into digital by the NTSC decoder 120 in the RAM 110b and encrypts them. A message requesting selection of the data encryption key 104 is transmitted to the arithmetic module 100 (S1).

  The message requesting the selection of the data encryption key 104 may be a dedicated message requesting the selection of the data encryption key 104 or may be the first message requesting the encryption operation module 100 to perform encryption. .

  When the cryptographic operation module 100 of the video processing apparatus 10 receives the message requesting the selection of the data encryption key 104, the cryptographic operation module 100 operates the data encryption key selection unit 103. , Refer to the generated random number, select one data encryption key 104 from the plurality of data encryption keys 104, and send a message indicating that the data encryption key 104 has been selected to the video processing module 110 (S2).

  When receiving the message indicating that the data encryption key 104 has been selected, the video processing module 110 of the video processing device 10 uses the MPEG4 encoder 110d to compress the video frame stored in the RAM 110b (S3). A message requesting encryption of the compressed video frame is transmitted to the cryptographic operation module 100 (S4).

  When the cryptographic operation module 100 receives a message requesting encryption of a compressed video frame from the video processing module 110, the data encryption means 101 provided in the cryptographic operation module 100 operates, and the data encryption means 101 Using the selected data encryption key 104, the data received from the video processing module 110 (here, the compressed video frame) is encrypted, and the data ciphertext (here, the compressed video frame encryption) is encrypted. Sentence) is returned to the video processing module 110 (S5).

  When the video processing module 110 receives the ciphertext of the compressed video frame from the cryptographic operation module 100, the video processing module 110 transmits the ciphertext of the compressed video frame to the NAS 40, and the ciphertext of the received compressed video frame. Is stored to generate a compressed / encrypted video file (S6).

  When the received encrypted video frame ciphertext is sent to the NAS 40 and the received compressed video frame ciphertext is stored, the video processing module 110 compresses and encrypts all video frames. (S7), if there is a video frame that has not been compressed / encrypted in the RAM, the process returns to S4, where the video frame is compressed / encrypted and added to the video file on the NAS 40.

  When all the video frames are compressed / encrypted, the encryption key authentication code generation means 112 of the video processing module 110 is activated, and the encryption key authentication code generation means 112 of the video processing module 110 generates the generated random number and the time at this time. Is sent to the cryptographic operation module 100 as a raw data, and includes the raw data and requests generation of the encryption key authentication code (S8).

  When the cryptographic operation module 100 receives a message requesting generation of an encryption key authentication code, the encryption key authentication code calculation unit 102 of the cryptographic operation module 100 operates, and the encryption key authentication code calculation unit 102 selects the selected data encryption key 104. Is used to calculate the encryption key authentication code from the received raw data and transmit the calculated encryption key authentication code to the video processing module 110 (S9).

  The algorithm for generating the encryption key authentication code from the raw data depends on the type of the data encryption key 104. For example, if the data encryption key 104 is a common encryption encryption key, the MAC (MAC: Message Authentication) of the raw data is used. Code) can be used as the encryption key authentication code, and if the data encryption key 104 is a public encryption method encryption key, the digital signature of the raw data can be used as the encryption key authentication code.

  When the video processing module 110 receives the encryption key authentication code calculated by the cryptographic operation module 100, the video processing module 110 transmits the generated raw data and the encryption key authentication code received from the cryptographic operation module 100 to the NAS 40, and the NAS 40 The raw data and the encryption key authentication code are stored in the NAS 40 in association with the video file stored in (S10), and the procedure of FIG.

  Here, storing in association with a video file on the NAS 40 means, for example, storing raw data and an encryption key authentication code at the end of the video file, or storing data in a data file having the same file name and different attribute as the video file. Means storing data and encryption key authentication code.

  Next, the video playback device 20 that functions as the data decoding device according to the present invention will be described. FIG. 5 is a hardware block diagram of the video playback device 20, and FIG. 6 is a functional block diagram of the video playback device 20.

  As shown in FIG. 5, the video playback device 20 is connected as a hardware, as an input / output interface, as a video interface 221 that is an output terminal of an NTSC composite signal of video played back by the video playback device 20, and to a LAN. The video playback apparatus 20 includes a video playback module 210 that is a computer board including a CPU 210 a, a RAM 210 b, a flash memory 210 c, and an MPEG4 decoder 210 d, and a video playback module 210. The NTSC encoder 220 that converts the output video into an NTSC composite signal and the video playback module 210 are independent modules, and function as a data decoding device according to the present invention. a, RAM 200b, the decoding calculation module 200 that includes a EEPROM200c and cryptographic coprocessor 200d (e.g., SIM) and a.

  As shown in FIG. 6, the video playback module 210 of the video playback device 20 functions as a video decompression unit 211 for decompressing a compressed video frame, and an NTSC encoder 220 for decompressing a video frame according to a frame rate. And a computer program for causing the video playback module 210 to function as the video decompression means 211 and the video playback means 212 is stored in the flash memory 210c of the video playback module 210. ing.

  The decryption operation module 200 of the video reproduction apparatus 20 includes a data decryption unit 201 that decrypts the ciphertext of the compressed video frame, a data decryption key selection unit 203 that selects the data encryption key 104 used by the data decryption unit 201, and A plurality of data decryption keys 203 (here, five) used when decrypting the ciphertext of the compressed video frame are stored, and the decryption operation module 200 serves as the data decryption means 201 and the data decryption key selection means 203. Is recorded in the EEPROM 200c of the decoding operation module 200.

  The number of data decryption keys 203 stored in the decryption operation module 200 of the video reproduction device 20 is larger than the number of data encryption keys 104 stored in the encryption operation module 100 of the video processing device 10. This is because the video reproduction device 20 stores the data encryption key 104 stored in the video processing device 10. If the video playback device 20 stores the data encryption key 104 stored in all the video processing devices 10, the video playback device 20 can play back the video files stored in all the video processing devices 10. Become.

  When the data decrypting means 201 provided in the video playback module 210 of the video playback device 20 acquires a compressed / encrypted video frame from the video file stored in the NAS 40, the video decoding module 201 uses the decryption calculation module 200 to generate the video. After decrypting the ciphertext of this frame, it is decompressed using an MPEG4 decoder, and the decompressed video frame is stored in the RAM 210b.

  Before the decryption module 200 encrypts the compressed video frame, the video playback module 210 acquires the raw data and the encryption key authentication code associated with the video file to be played back from the NAS 40 and plays back the video file. A message requesting the selection of the data encryption key 104 is transmitted to the decryption operation module 200, and the decryption operation module 200 selects the data decryption key.

  The video playback means 212 provided in the video playback module 210 of the video playback device 20 transmits the frames stored in the RAM 210b of the video playback module 210 to the NTSC encoder 220 at a predetermined frame rate (for example, 30 fps). By doing so, it is means for reproducing the video file.

  The data decryption key selection means 203 provided in the decryption operation module 200 of the video reproduction device 20 receives a message requesting selection of a data decryption key, including raw data and an encryption key authentication code associated with the video file to be reproduced. The data decryption key 203 that is activated when the data decryption key 203 (in this case, five) stored in the decryption operation module 200 is verified and the combination of the raw data and the encryption key authentication code is verified. Is selected as the data decryption key 203 for decrypting the data.

  When the data decryption means 201 provided in the data decryption module of the video reproduction device 20 receives a message requesting decryption of the compressed video frame ciphertext from the video reproduction module 210 from the video reproduction module 210, the data decryption key 201 Using the data decryption key 203 selected by the selection unit 203, the ciphertext of the compressed video frame is decrypted, and the compressed video frame is returned to the video playback module 210.

  From here, the procedure performed inside the video reproduction apparatus 20 will be described. FIG. 7 is a flowchart showing a procedure executed inside the video reproduction apparatus 20, and this flowchart is also a diagram for explaining a procedure of a data decrypting step included in the data encryption / decryption method.

  When the video playback device 20 starts playback of the compressed / encrypted video file stored in the NAS 40, the video playback module 210 of the video playback device 20 stores the raw data and the encryption key stored in association with the video file to be played back. The authentication code is acquired, and the message including the raw data and the encryption key authentication code and requesting the selection of the data decryption key 203 is transmitted to the decryption operation module 200, thereby requesting the decryption operation module 200 to select the data decryption key 203. (S20).

  When the decryption operation module 200 receives a message including the raw data and the encryption key authentication code and requesting the selection of the data decryption key 203, the data decryption key selection means 203 of the decryption operation module 200 operates, and the data decryption key selection means 203 Uses a plurality of data decryption keys 203 stored in the decryption operation module 200 to verify the combination of the raw data and the encryption key authentication code, so that one data decryption key is selected from the plurality of data decryption keys 203. The key 203 is selected, and a message indicating that the data encryption key 104 has been selected is transmitted to the video reproduction module 210 (S21).

  For example, when the data decryption key 203 is a common encryption method encryption key and the encryption key authentication code is a raw data MAC, the data decryption key selection means uses the data decryption key 203 stored in the decryption operation module 200. Then, the MAC is calculated from the raw data, and the data decryption key 203 whose MAC matches the encryption key authentication code is selected.

  When the data decryption key 203 is an encryption key of a public encryption method and the encryption key authentication code is a digital signature of raw data, the data decryption key selection unit uses the data decryption key 203 stored in the decryption operation module 200. Using this, the encryption key authentication code is combined, and the data decryption key 203 in which the decrypted text of the encryption key authentication code matches the raw data is selected.

  When the video playback module 210 receives a message indicating that the data encryption key 104 has been selected, the video playback module 210 acquires a compressed / encrypted video frame from the video file stored in the NAS 40, A message requesting decryption of the frame of the encrypted video is transmitted to the decryption operation module 200 (S22).

  When the decryption operation module 200 receives a message requesting decryption of a compressed / encrypted video frame, the decryption operation module 200 uses the selected data decryption key 203 to generate a compressed / encrypted video frame. Decrypt and transmit the decrypted text to the video playback module 210 (S23).

  When the video playback module 210 receives the decrypted text, that is, the compressed video frame, from the decoding arithmetic module 200, the video playback module 210 uses the video decompression means 211 to decompress the compressed video frame, and the decompressed video frame. The video is reproduced by temporarily buffering in the RAM 210c (S24).

  After starting the video playback, the video playback module 210 checks whether all video frames included in the video file to be played back have been decoded / decompressed (S25). Returning to S22, the video frame included in the video file is decoded and decompressed by the NAS 40.

  Then, the video playback module 210 decodes and decompresses all the video frames included in the video file in the NAS 40, and ends this procedure when the video playback ends.

  In this way, the encryption key authentication code generated by the cryptographic operation module 100 of the video processing apparatus 10 that is a data encryption apparatus is generated from the raw data using the data encryption key 104 used for encrypting the compressed video frame. Therefore, the data decryption key 203 that the decryption operation module 200 of the video playback device 20 serving as the data decryption device has successfully verified the combination of the raw data and the encryption key authentication code is the data encryption key used for encryption. Since it becomes the data decryption key 203 paired with 104, one decryption key 203 can be selected from the plurality of data decryption keys 203 on the decryption operation module 200 side of the video reproduction device 20.

  In addition, the cryptographic operation module 100 of the video processing apparatus 10 that is a data encryption apparatus selects one data encryption key 104 from a plurality of stored data encryption keys 104 at random and uses it. Since the data encryption key 104 to be encrypted is not uniquely determined, the possibility that the encrypted data is decrypted is reduced.

The figure explaining the camera video recording system to which the data encryption / decryption system was applied. The hardware block diagram of a video processing apparatus. The functional block diagram of a video processing apparatus. The flowchart which showed the procedure performed inside a video processing apparatus. The hardware block diagram of a video reproduction apparatus. The functional block diagram of a video reproduction apparatus. The flowchart which showed the procedure performed inside a video reproduction apparatus.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Camera video recording system 10 Video processing apparatus 100 Cryptographic operation module 101 Data encryption means 102 Encryption key authentication code calculation means 103 Data encryption key selection means 104 Data encryption key 110 Video processing module 111 Video compression means 112 Encryption key authentication code generation means 20 Video Playback Device 200 Decryption Operation Module 201 Data Decryption Unit 202 Data Decryption Key Selection Unit 203 Data Decryption Key 210 Video Playback Module 211 Video Decompression Unit 212 Video Playback Unit

Claims (7)

Data encryption in which step a1 is executed by the data encryption device to generate an encryption key authentication code from the specified raw data according to a predetermined encryption algorithm using the data encryption key used when encrypting the data object Process,
A step of verifying whether the data decryption device can generate the encryption key authentication code from the raw data according to a predetermined verification algorithm using each data decryption key stored in the data decryption device; And a data decryption step in which step b2 of decrypting the ciphertext of the data object is performed using the one data decryption key that has been successfully verified as an encryption key authentication code. Method.   2. The data encryption / decryption method according to claim 1, wherein in the data encryption step, the data encryption device stores a plurality of the data encryption keys, and before the step a1, the data encryption device. Step a0 of randomly selecting the data encryption key used for encryption of the data object and generation of the encryption key authentication code from among the plurality of data encryption keys stored in A data encryption / decryption method. Using a data encryption key for encrypting a data object and a data encryption key for encrypting the data object, the encryption key authentication code is generated from the specified raw data according to a predetermined encryption algorithm. A data encryption device comprising: an encryption key authentication code generating means for performing
A plurality of data decryption keys are stored, each data decryption key is used to verify whether the encryption key authentication code can be generated from the raw data according to a predetermined verification algorithm, and one data decryption that has been successfully verified A data decryption key comprising: a data decryption key selection means for selecting a key; and a data decryption means for decrypting a ciphertext of the input data object using the data decryption key selected by the data decryption key selection means. Equipment,
A data encryption / decryption system comprising at least   4. The data encryption / decryption system according to claim 3, wherein the data encryption device stores a plurality of the data encryption keys, and further selects the data from a plurality of the stored data encryption keys. A data encryption / decryption system comprising data encryption key selection means for randomly selecting the data encryption key used for object encryption and generation of the encryption key authentication code.   Data encryption means for encrypting a specified data object using a data encryption key, and using the data encryption key for encrypting the data object, encryption key authentication from specified raw data according to a predetermined encryption algorithm A data encryption device comprising: an encryption key authentication code generation means for generating a code.   6. The data encryption device according to claim 5, wherein the data encryption device stores a plurality of the data encryption keys, and further encrypts the data object from the plurality of stored data encryption keys. And a data encryption key selection means for randomly selecting the data encryption key used for generating the encryption key authentication code.   A plurality of data decryption keys are stored, each data decryption key is used to verify whether the encryption key authentication code can be generated from the raw data according to a predetermined verification algorithm, and one data decryption that has been successfully verified A data decryption key comprising: a data decryption key selection means for selecting a key; and a data decryption means for decrypting a ciphertext of the input data object using the data decryption key selected by the data decryption key selection means. apparatus.

Images