JP2009258973A - Information processor - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an information processor for protecting a database for personal information or the like, and for simplifying processing for the access. <P>SOLUTION: In a server 200, an encryption processing part 202 converts data corresponding to predetermined items among accepted data into binary data. Then, a bit inversion processing part 203 performs bit inversion, and an arithmetic processing part 204 adds a prescribed value to the data subjected to the bit inversion, to encrypt the data corresponding to the item. A database management application 201 causes a database 300 to store the encrypted data and the other input data in association with each other. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to an information processing apparatus that encrypts data.

In recent years, handling of personal information has become severe, and it is prohibited to use personal information outside its original purpose. Therefore, it is considered that personal information is not leaked. For example, Patent Document 1 describes that a predetermined area in a database describing personal information is encrypted and the encrypted data is stored.
JP 2005-309846 A

  However, if the entire database or a predetermined area is encrypted, it is necessary to decrypt the encrypted database every time personal information is accessed, and the processing load on the access terminal is large. In addition, if the entire database is encrypted, there is a problem that simple processing such as sorting cannot be performed in the database.

  Accordingly, an object of the present invention is to provide an information processing apparatus that can protect a database of personal information and the like, and can simplify processing for the access.

  In order to solve the above-described problem, the present invention provides an input unit that receives an input of data divided into items according to a predetermined format from an operator, and a predetermined one of the data received by the input unit Encrypting means for encrypting data corresponding to the item by converting data for the item into binary data, performing bit inversion processing, and adding a predetermined value to the bit-inverted data; And storage means for storing the encrypted data encrypted by the encryption means in association with the other data input by the input means.

  According to the present invention, input of data divided into items according to a predetermined format is received from an operator, data for a predetermined item among the received data is converted into binary data, and bit inversion processing is performed. The data corresponding to the item is encrypted by adding a predetermined value to the bit-inverted data, and the encrypted encrypted data is stored in association with other input data can do. Thereby, encryption can be performed on an item-by-item basis, and the processing load when encrypting and decrypting during browsing can be reduced. Further, by performing encryption in item units, performing bit inversion processing, and predetermined value addition processing, sorting processing can be performed on the encrypted data, which can be easily used.

  Moreover, it is preferable that the encryption means in the information processing apparatus of the present invention performs encryption processing only for a predetermined one byte when the character input by the input means is a 2-byte character string. .

  According to the present invention, when the input character is a 2-byte character string (for example, kanji), the security can be improved by performing the encryption process for only a predetermined one byte. . That is, since encryption is not performed for all, it is difficult to predict the encryption rule, and thus security can be improved.

  Moreover, it is preferable that the encryption means in the information processing apparatus of the present invention changes a predetermined value to be added according to the character type input by the input means.

  According to the present invention, it is possible to improve security by changing the predetermined value to be added according to the input character type.

  ADVANTAGE OF THE INVENTION According to this invention, it can encrypt by an item unit and can reduce the process burden at the time of the process at the time of encryption, and the decoding at the time of browsing. Further, by performing encryption in item units, performing bit inversion processing, and predetermined value addition processing, sorting processing can be performed on the encrypted data, which can be easily used.

  Embodiments of the present invention will be described with reference to the accompanying drawings. Where possible, the same parts are denoted by the same reference numerals, and redundant description is omitted.

  FIG. 1 is a conceptual diagram showing a processing concept using a PC 100 that is an input terminal of the present embodiment. As shown in FIG. 1, the PC 100 includes a keyboard that is an input unit and a display that is an output unit. The PC 100 is configured to be accessible to a server 200 including a database management application 201 and an encryption processing unit 202.

  The user U operates the database management application 201 stored in the server 200 arranged on the network by operating the PC 100, so that the name, reading, alphabet, Enter information such as date of birth, company information A, company information B, etc. On the other hand, the encryption processing unit 202 encrypts data input via the database management application 201. The encryption processing unit 202 encrypts names, readings, and alphabets, and encrypts encrypted data in a sortable form. Then, the database management application 201 stores the encrypted data in association with other data such as the date of birth and company information A in the database 300 arranged on the network.

  On the other hand, the user U can browse the database from the database 300 using the PC 100 and the database management application 201. In this case, database processing such as sort processing can be executed as it is without encrypting the encrypted data.

  The PC 100 and the server 200 for realizing such processing will be described. FIG. 2 is a block diagram illustrating functions of the PC 100 and the server 200 according to the present embodiment. As shown in FIG. 2, the PC 100 includes an input unit 101 (input means) and an output unit 102, and the server 200 is an information processing apparatus, and includes a database management application 201 and an encryption processing unit 202 (bit inversion processing). Unit 203, arithmetic processing unit 204: encryption means). The server 200 is further configured to access a database 300 (storage means). Hereinafter, each component will be described.

  The input unit 101 is a part that is operated by a user such as a keyboard and receives input of various types of information. In the present embodiment, the input unit 101 receives input of name, reading, alphabet, date of birth, in-house information A, in-house information B, and the like, which are information as employee information, by a user operation. That is, the input unit 101 receives an input of data divided into items according to a predetermined format from an operator.

  The output unit 102 is a part such as a display that displays employee information stored in the database 300 so as to be viewable.

  The database management application 201 is a part that receives employee information such as name, reading, alphabet, date of birth, in-house information A, and in-house information B from the T input unit 101 and performs database management processing. The database management application 201 also performs input item determination processing to determine whether double-byte characters, single-byte characters, and half-width characters, half-width kana, half-width English characters, and half-width numbers. Judgment is made and the processing category of the item is managed. Using this, the encryption processing unit 202 can perform encryption processing according to the processing classification.

  The encryption processing unit 202 is a part that encrypts a name and the like input via the database management application 201. In this embodiment, names and the like are all handled as binary character codes, and the bit reversal processing unit 203 performs bit reversal processing on the binary character codes, that is, 0 if 1 and 0. If there is, processing for conversion to 1 is performed, this is converted into hexadecimal data, and further converted into decimal data so that the arithmetic processing unit 204 does not cause a processing violation in the SQL statement for decimal data. A process of adding a predetermined number is performed. The encrypted characters thus encrypted are registered in the database 300.

  The database 300 is a part that stores the data encrypted by the encryption processing unit 202 and the unencrypted data in association with each other. Among these pieces of information, the name, reading, and alphabet are encrypted by the encryption processing unit 202, and the encrypted information is stored. FIG. 3 shows a specific example of employee information stored in the database 300. As shown in FIG. 3, the name, reading (half-width), name alphabet, date of birth, in-house information A, and in-house information B are stored in association with each other. Encrypted information such as “salmon” is stored for the name, “IV” for the reading, and “.A03-” for the name alphabet. Details of the encryption processing here will be described later.

  In this embodiment, the server 200 includes the database management application 201 and the encryption processing unit 202. However, the present invention is not limited to this, and the PC 100 includes the application 201 and the encryption processing unit 202 between the databases R. You may do it.

  Next, the operation of the server 200 of this embodiment will be described. FIG. 4 is a flowchart showing the operation of the server 200.

  The database management application 201 checks an argument (processing category) in various information input from the PC 100 (S101), and whether the argument is one of double-byte kanji, single-byte alphabet, single-byte kana, or single-byte numeric, It is judged by the database management application 201 whether or not it is an inputable character (S102). If it is determined that the character is not an inputable character, “abnormal end” is set as a return value, and the process ends.

  Next, the database management application 201 secures a processing area on a memory (not shown) (S103). If there is no free area in the memory and the area cannot be secured (S104), "abnormal end" is set as the return value, and the process ends.

  When the processing area is secured, it is determined whether or not the processing for all character strings has been completed (S105). In the first case, this determination process is determined to be NO. Then, it is determined whether or not the inputted character is a full-width character such as a Chinese character, and if it is a full-width character, whether or not it is an odd-numbered character code (S106). Here, since the character type is determined such that the input target character at the time of input is full-width or half-width, it is determined based on the character type. S105 to S110 are processed byte by byte. Therefore, in S105, double-byte characters are divided into the first half and the second half of the character code. That is, a double-byte character is composed of 2 bytes. Here, the portion of the second byte is referred to as an “odd number”, and processing is performed by distinguishing between the odd number and the even number (usually, numbers from 0 to 0). Because it is). For example, when there is a character code “0000 0000 1111 1111”, “1111 1111” of the 9th to 16th digits is set to an odd number, and the encryption processing is skipped as described later.

  If it is determined that the part to be processed is an odd-numbered character (S107: NG), the process returns to S105 without performing encryption processing such as bit inversion processing on the part, and the next character code is processed. Proceed with the process.

  In S107, when it is determined that the character is a full-width character and an even-numbered character or a half-width character (S107: OK), the encryption processing unit 202 (bit inversion processing unit 203) uses an argument. The passed binary data is subjected to bit inversion processing (S108). Here, if it is a half-width character, the bit inversion process is performed for all characters, and if it is a full-width character, the bit inversion process is performed only on the even-numbered portion of the character code as described above. Then, the arithmetic processing unit 204 converts the binary number data subjected to the bit inversion processing into a hexadecimal number (S111). Then, the arithmetic processing unit 204 converts the hexadecimal data into a decimal number, and adds a predetermined value to the converted value (S112). This is a process for avoiding a process violation in the SQL statement. For example, in an SQL sentence, a character such as a single-byte “!” Is not recognized as an input target, and an error occurs. For this reason, by adding a predetermined value, the predetermined value is added so that it is not encrypted to a character defined in a predetermined area of the character code. Then, returning to S105, when processing has been performed for all characters, normal termination is set as the return value (S111), the termination processing of the encryption processing is performed (S112), and the encrypted data is stored in the database. It is stored in 300 (S113).

  Here, the transition of data in the processing of S108 to S109 will be described with reference to FIG. FIG. 5A shows a data transition when a half-width character is input, and FIG. 5B shows a data transition when a full-width character (kanji) is input.

  As shown in FIG. 5A, when a half-width “Y” is input, the computer recognizes “1101 0100” in order to treat it as binary data. Then, bit inversion processing is performed and converted to “0010 1011”. Thereafter, it is converted to a hexadecimal number to obtain “2B”, and further converted to a decimal number to obtain “43”. Further, a predetermined value is added in order to avoid processing violation of the SQL sentence. Here, α is an arbitrary number, but it is desirable that the number be large enough to avoid the above-described processing violation. In FIG. 5, for example, α = 10, and the character “S” having the character code (JIS code X 0208) of 53 is obtained. In the database 300, this character S is stored as an encrypted “ya”.

  In FIG. 5B, when “mountain” is input, it is recognized as “0011 1011 0011 0011”. As described above, “0011 1011” is treated as 0th (even numbered version), and “0011 0011” is treated as 1st (odd number). If it is a double-byte character, it is converted to “0110 1110 0110 0110” in order to invert only the even number in the character code as in the processing in S106 and S107. In the present embodiment, since processing is performed in units of character codes corresponding to single-byte characters, processing is divided into “0110 1110” and “0110 0110”. Then, the data is converted into “C4” and “66” which are hexadecimal data, respectively, and then converted into “196” and “102” which are decimal data. Further, a predetermined value is added, and a character corresponding to the character code based on the added value is registered in the database 300. The predetermined value added here can be changed according to the character type (kanji, full-width kana, half-width kana, etc.), thereby enabling encryption processing with improved security.

  By performing such encryption processing, encrypted characters are stored on the database. When sorting is performed, sorting processing can be performed according to the encrypted characters.

  Next, a process when an access process is performed on a database that stores data encrypted in this way will be described. FIG. 6 is a flowchart when the decoding process is performed.

  As shown in the figure, the user performs an access process on the database 300 using the database management application 201 (S201). When a browsing instruction is issued using the database management application 201, predetermined data is read from the database 300 (S202). Then, when read by the database management application 201, the encrypted item is decrypted (S203). The decryption process is the reverse of the above-described encryption process. After the predetermined number is subtracted, it is converted into a hexadecimal number and further converted into a binary number. Then, bit conversion is performed and characters are displayed according to the converted binary number. For full-width characters, only odd-numbered bits are inverted when encrypted, and therefore, even-numbered portions are bit-inverted when decrypted. Then, the decrypted character is displayed on a display unit (not shown) (S204).

  By performing such processing, when the database 300 is illegally accessed from an application that does not have a decryption function, the above-described decryption processing cannot be performed. I can't do it.

  Next, operational effects of the server 200 of the present embodiment will be described. In PC 100, input of data divided for each item according to a predetermined format is received from an operator, and server 200 receives the data input from PC 100. In the server 200, the encryption processing unit 202 converts data for a predetermined item among the received data into binary data. Then, the bit inversion processing unit 203 performs bit inversion processing, and the arithmetic processing unit 204 encrypts the data corresponding to the item by adding a predetermined value to the data subjected to the bit inversion processing. The database management application 201 stores the encrypted data in the database 300 in association with the other input data. Thereby, encryption can be performed on an item-by-item basis, and the processing load when encrypting and decrypting during browsing can be reduced. Further, by performing encryption in item units, performing bit inversion processing, and predetermined value addition processing, sorting processing can be performed on the encrypted data, which can be easily used.

  In the server 200, the encryption processing unit 202 performs the encryption process only for a predetermined one byte when the input character is a 2-byte character string, for example, a kanji or a double-byte kana. Security can be improved. That is, since encryption is not performed for all, it is difficult to predict the encryption rule, and thus security can be improved.

  Further, in the server 200, the encryption processing unit 202 improves the security by changing the predetermined value to be added according to the input character type, for example, kanji, full-width kana, half-width kana, etc. Can do.

It is a conceptual diagram which shows the processing concept using PC100 and the server 200 of this embodiment. It is a block diagram which shows the function of PC100 and the server 200 of this embodiment. 5 is a diagram showing a specific example of employee information stored in a database 300. FIG. It is a flowchart which shows operation | movement of the server 200 when performing an encryption process. It is a figure which shows each data transition when a half-width character and a full-width character are input. It is a flowchart which shows operation | movement of the server 200 when performing a decoding process.

Explanation of symbols

DESCRIPTION OF SYMBOLS 100 ... Information processing apparatus 101 ... Input part 102 ... Output part 200 ... Server 201 ... Database management application 202 ... Encryption processing part 203 ... Bit inversion processing part 204 ... Arithmetic processing part 300 ... Database

Claims (3)

An input means for accepting input of data divided into items according to a predetermined format from an operator;
The data for a predetermined item among the data received by the input means is converted into binary data, bit-reversed, and a predetermined value is added to the bit-reversed data. Encryption means for encrypting data corresponding to
A database for storing the encrypted data encrypted by the encryption unit in association with other data input by the input unit;
An information processing apparatus comprising: The encryption means includes
2. The information processing apparatus according to claim 1, wherein when the character input by the input means is a 2-byte character string, encryption processing is performed only for a predetermined one byte. The encryption means includes
The information processing apparatus according to claim 1, wherein a predetermined value to be added is changed according to a character type input by the input unit.

Images