JP2010262347A - Password information concealment system of application form - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a password information concealment system of an application form by encrypting and encoding a password using information on an application form. <P>SOLUTION: The system includes: a means (210 and 220) to add an application form number and a date and time of the application form to application form information; a means (220) to encrypt a password based on an encryption key corresponding to the application form number, and an encryption logic corresponding to the date and time of the application form; and a means (210) to encode an encrypted password and generate a code to transmit a preprint application form including the code to a computer. In addition, the system includes: a means (320) to decrypt the encrypted password based on a decryption key corresponding to the application form number, and a decryption logic corresponding to the date and time of the application form to carry out inverse conversion to an actual password; and a means (310) to store the password which is subjected to inverse conversion in a database without displaying it entirely. Thereby the registration of the actual password of the application form becomes possible while keeping it secret. <P>COPYRIGHT: (C)2011,JPO&INPIT

Description

  The present invention relates to a password information concealment system for an application form, and more particularly to a system for concealing password information for an application form by encrypting and encoding a password using the information of the application form.

  Conventionally, in the application process for Internet banking, the customer, via the Internet, for example, from the application form creation screen on the homepage of a financial institution, the items necessary for application (for example, customer name, address, password, etc.) You can enter and create an application form. The customer can print the created application form at the customer terminal (in this way, creating and printing the application form using electronic data is hereinafter referred to as “pre-printing”). The customer then sends or takes a pre-printed application to the financial institution, which receives the application, processes the information on the application, and registers it. Internet banking application procedures for customers are made.

JP 2006-285592 A

  However, since the pre-printed application form displays the necessary items entered by the customer as well as the password that is important customer information, the password is given to third parties such as customers, delivery companies, and financial institutions. There is a problem that there is a risk of leakage.

  In order to deal with such a risk, there is a method using a password film seal as an example. For example, a password coat seal is handed along with the application form, and the customer himself / herself covers the password display portion of the application form with the seal so that the password is not exposed to a third party. With this measure, the password is not directly touched by third parties and the risk of leakage can be reduced.

  However, the password is still displayed under the password cover seal, and the risk of leakage needs to be further reduced. Furthermore, in Internet banking, when an application form is created from a homepage and sent to a financial institution, there is a problem that a password film seal must be obtained in advance.

  In another example, when processing an application form within a financial institution to reduce the risk of leakage within the financial institution, the password processing and other necessary items are performed separately. Measures are also taken. For example, by separating the part where the password is displayed on the application form and the part where other necessary items are displayed, each employee will be processed separately to reduce the risk of leakage inside the financial institution. .

  However, with this countermeasure, since it is necessary to process the password and other necessary items separately, there is a problem that it is very troublesome, takes a lot of time, and further costs.

  As another example, there is a method in which each character of a password is replaced with another character by a simple rule and displayed.

  In this case, the actual password is not displayed, but the actual password may be guessed by a malicious third party from the replaced character, and the replaced character may be mistaken for a password. is there.

  As another example, a countermeasure may be considered in which a password entered when a customer creates an application form on a homepage is separately stored in a database or the like, and the entered password is not displayed on the application form.

  In this case, the risk of leakage due to the password being displayed on the application form is reduced, but there is a possibility that another risk may be generated by storing the password, which is important customer information, in the database. .

  The present invention has been made in view of such a problem, and an object of the present invention is to encrypt a password using the information on the application form and encode it, thereby encoding the password information concealment system for the application form. Is to provide.

  In order to achieve the above object, according to the present invention, a password information concealment system (100) according to the first aspect of the present invention is a preprint application creation system (100) connected to a first computer (400). 200) and a contract registration system (300) connected to the second computer (500).

  When the preprint application creation system (200) receives application form information including at least a password from the first computer (400), the preprint application form creation system (200) is different from the first data and the first data for each piece of application form information. Means for adding two data (210, 220). The pre-print application creating system (200) also sets the password to the first value based on the encryption key associated with the first data and the encryption logic associated with the second data. It includes encryption means (220) for conversion. The preprint application creation system (200) further includes means (210) for encoding the first value into a first code and transmitting a preprint application including the first code to the first computer.

  The contract registration system (300) uses the second computer (500) to identify the first value read from the first code of the pre-print application form, and the first data and the second data. , Based on the decryption key corresponding to the encryption key associated with the first data and the decryption logic corresponding to the encryption logic associated with the second data, Cryptographic means (320) is included for reversely converting the first value into a password. The contract registration system (300) also includes means (310) for storing the reversely converted password in the database (330) in the contract registration system (300) together with the first data.

  The encryption key can be any random number used as a variable in the encryption logic that is different for each first data, and / or the encryption logic can be any function that varies depending on the second data. It can be. The first data can be the number of the application form, and the second data can be the date and time of the application form. Alternatively, the first data may be the date and time of the application form, and the second data may be the application number.

  The information for identifying the first data and the second data received by the decryption means (320) may be a second code obtained by encoding the first data and the second data. .

  Here, the first code and the second code can be, for example, a barcode other than a character string or a two-dimensional code.

  As described above, according to the present invention, the password of the application form is encrypted using a different encryption key for each application form and different encryption logic according to the date and time of the application form. By encoding the value, the risk of password leakage can be reduced. In addition, when passwords are registered, encrypted and encoded values can be stored in the database without being displayed on the registration screen, which further reduces the risk of password leakage and provides application information. It is also possible to improve the efficiency of the work of registering.

  Further, according to the present invention, since the password on the pre-print application form is encoded, the password is inferred by a malicious third party that may occur, for example, when the password is simply replaced with another character. And the possibility of misrecognizing another replaced character as a password can be reduced.

It is a figure which shows the whole password information concealment system concerning one Embodiment of this invention. It is a figure which shows the detailed structure of the password information concealment system concerning one Embodiment of this invention. It is a figure which shows the structure of the encryption system concerning one Embodiment of this invention. It is a figure which shows the structure of the decryption system concerning one Embodiment of this invention. It is a flowchart which shows the process which encrypts and codes a password in the pre-print application form creation system concerning one Embodiment of this invention. It is a flowchart which shows the process which reverse-converts and encrypts the encrypted password in the contract registration system concerning one Embodiment of this invention. It is a figure which shows the detailed structure of the password information concealment system concerning another embodiment of this invention. It is a flowchart which shows the process which encrypts and codes a password in the pre-print application form preparation system concerning another embodiment of this invention. It is a flowchart which shows the process which reverse-converts and encrypts the encrypted password in the contract registration system concerning another embodiment of this invention.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.

  FIG. 1 is a diagram showing an entire password information concealment system 100 according to the present invention.

  The password information concealment system 100 is a system for concealing important information such as an application form password and a personal identification number installed in a financial institution, and includes a pre-print application form creation system 200 and a contract registration system 300. Yes.

  The pre-print application form creation system 200 is a system for converting (encrypting) information such as a password of an application form, and includes a Web server 210 and an encryption system 220. The pre-print application creation system 200 is connected to the customer terminal 400 via a communication network such as the Internet. The customer terminal 400 may be, for example, a customer personal computer (PC) that can be connected to an output device 410 such as a printer.

  The contract registration system 300 is a system for reversely converting (decrypting) information such as a password converted (encrypted) by the pre-print application creating system 200 and registering password information in a database storing contract information. is there. The contract registration system 300 includes a registration system 310, a decryption system 320, and a contract database (DB) 330. The contract registration system 300 is connected to the registration terminal 500 via an in-house network such as an intranet. The registration terminal 500 can be a terminal for inputting application form information installed at a registration center of a financial institution, for example.

  In one embodiment, the encryption system 220 and the decryption system 320 are shown and described as separate, but in other embodiments, the encryption system and the decryption system are pre-print application creation system 200. Can be shared by the contract registration system 300.

(First embodiment)
Next, a process for converting (encrypting) information such as an application form password in the pre-print application form creation system 200 according to the first embodiment of the present invention will be described with reference to FIGS.

  FIG. 2 is a diagram showing a detailed configuration of the password information concealment system 100 including the pre-print application form creation system 200 and the contract registration system 300 according to the first embodiment of the present invention.

  FIG. 5 is a flowchart showing a process for encrypting and encoding the password in the pre-print application creating system 200 according to the first embodiment of the present invention.

  The web server 210 of the pre-print application form creation system 200 includes a transmission / reception unit 211, a time stamp unit 212, a numbering unit 213, and a processing unit 214, and functions as a web server connected to the customer terminal 400 via a network. . The transmission / reception unit 211 has a function of transmitting / receiving information to / from the customer terminal 400 or the encryption system 200. The time stamp unit 212 holds and manages date information, and can add date information to input information received from the customer terminal 400, for example. The numbering unit 213 can assign a unique application form number to each application form and has a function of managing the application form number. The processing unit 214 can generate a code by performing a process of encoding information, and can also generate an image of a pre-print application form.

  The encryption system 220 of the pre-print application form creation system 200 includes a transmission / reception unit 221, a table 222, and an encryption processing unit 223, and can perform processing for encrypting important information such as a password.

  In order to apply for Internet banking, the customer must first use the customer terminal 400 via the Internet to create an application form (input screen) on the financial institution's website, such as password, name, address, phone number, and other personal information. Enter the necessary items for banking application. Next, input information (including password, name, address, telephone number, and other personal information) of the application form is sent from the customer terminal 400 to the Web server by an action for confirming the input content, for example, by pressing an input confirm button. The data is transmitted to the transmission / reception unit 211 of 210 (step S101).

  In step S <b> 102, the transmission / reception unit 211 transmits the password included in the received input information to the transmission / reception unit 221 of the encryption system 220.

  In addition, the Web server 210 can also send the date and time information of the application form, which is given and managed for each application form by the time stamp unit 212, to the encryption system 220. For example, when the input information of a certain application form is transmitted from the customer terminal 400 to the Web server 210, the time stamp unit 212 represents the date and time when the input contents of the application form are confirmed with respect to the input information of the application form. An application form confirmation date can be added. In the following, the date and time information of the application form will be described as an application form confirmation date and time, but the application form date and time can be other date and time information related to the application form, such as the application form input date and time.

  Furthermore, the Web server 210 can also transmit to the encryption system 220 an application form number assigned to each application form by the numbering unit 213. The application form number is a number for identifying the application form, and is a number that is uniquely assigned to each application form by the numbering unit 213 and managed.

  In an alternative embodiment, the encryption system 200 may include a time stamp portion and a numbering portion (not shown). In this alternative embodiment, the application date and time and the application number are assigned and managed by the time stamp part and numbering part of the encryption system 200, respectively. Therefore, in this case, the encryption system 220 receives only the password from the Web server 210, and the time stamp part and the numbering part of the encryption system 220 add the application form date and time and the application form number.

  The encryption system 220 encrypts the password received from the Web server 210 and converts it into a certain value (hereinafter referred to as “value α”) according to the encryption logic described below with reference to FIG. The encryption system 200 can also convert the application form confirmation date and time and the application form number into another value (hereinafter referred to as “value β”).

  Here, with reference to FIG. 3, a process of converting the password, the application form confirmation date and time, and the application form number into the value α and the value β, respectively, in the encryption system will be described.

  FIG. 3 is a diagram illustrating the configuration of the table 222 of the encryption system 220.

  The table 222 includes a table X in which the application form number and the encryption key are associated with each other, and a table Y in which the application form confirmation date and time are associated with the encryption logic.

  In Table X, the application form number is associated with one encryption key that is different for each application form number. Therefore, a different encryption key is assigned to each application form. The encryption key can be a random number of arbitrary digits used as a variable of the encryption logic.

  In the table Y, the application form confirmation date and time and the encryption logic that differs depending on the application form confirmation date and time are associated with each other. The encryption logic is a logic for encrypting the password and converting it into the value α, and can be an arbitrary function using the encryption key as a variable. Therefore, the password is converted into the value α by using different encryption logics depending on the application form confirmation date and time, using different encryption keys for each application form as variables. That is, the value α can be expressed as α = fｆ (password, encryption key).

  Referring to FIG. 5 again, in step S103, the encryption processing unit 223 identifies the encryption key assigned to the received application form number in the table X, and assigns the received application form confirmation date and time in the table Y. Identify the encryption logic that was hit.

  Next, in step S104, the encryption processing unit 222 converts the received password into a value α using the specified encryption key and encryption logic (fｆ (password, encryption key)) ( α = f o (password, encryption key)).

  In the table Y of FIG. 3, as an exemplary embodiment, different encryption logic (that is, separate encryption logic for each date) is assigned to the application form confirmation date and time for each date of the application form confirmation date and time. In this case, only passwords with the same application form confirmation date will be converted using the same encryption logic, and passwords with different application form confirmation dates will use different encryption logic. Converted.

  According to this embodiment, as described above, since the variables (encryption keys) used in the encryption logic are all different for each application number (that is, for each application form), the date of application form confirmation date is the same. Even in this case, the same encryption process is not performed, and all different encryption processes are performed. Therefore, according to the present embodiment, even if a malicious third party attempts to decrypt, it is very difficult to specify both the encryption key that is a random number and the encryption logic that differs depending on the application form confirmation date and time. Due to the difficulty, the possibility of the encrypted password (ie value α) being decrypted is significantly reduced.

  The above-described assignment of the encryption logic by the date unit is an example, and the assignment of the encryption logic is not limited to such a date unit, and may be an arbitrary unit such as a week unit or a time unit.

  In step S105, the encryption processing unit 223 arbitrarily converts the application form number and the application form confirmation date and time into a value β. Unlike the value α, the value β does not need to be encrypted, and may be a value obtained by combining the application form number and the application form confirmation date and time.

  In step S <b> 106, the transmission / reception unit 221 transmits the value α and the value β to the web server 210.

  In step S <b> 107, the processing unit 214 of the Web server 210 performs processing for encoding the value α and the value β transmitted from the encryption system 220, and generates code A and code B. The codes A and B are preferably two-dimensional codes. By using a two-dimensional code, it is possible to increase the amount of information of the values α and β compared to the barcode, and there is an advantage that it is difficult to decode.

  In step S108, the processing unit 214 generates an image of a preprint application form in which necessary items are displayed in a predetermined field, and the generated image of the preprint application form is transmitted to the customer terminal 400 by the transmission / reception unit 211. And displayed on the screen of the customer terminal 400. The image of the pre-print application form can be, for example, a PDF file.

  Here, an application form generally requires a “primary” and “secondary” to be submitted to a financial institution, and a “deduction” to be kept at hand by a customer. The application for “deduction” is kept by the customer himself / herself. For example, the password, the application confirmation date and time, and the application number are displayed in codes A and B ( Alternatively, it is preferable that the actual values are displayed as they are, not as the values α and β). On the other hand, in the “primary” and “secondary” application forms submitted to the financial institution, the password needs to be kept secret, so the password, the application form confirmation date and time, and the application form number are displayed as codes A and B, respectively. Alternatively, the codes A and B can be displayed instead of the codes A and B. However, the codes A and B are preferably displayed from the viewpoint of preventing misidentification and improving the efficiency of the registration work.

  The customer can print the displayed application form image using an output device such as a printer connected to the customer terminal 400 to create a pre-print application form. The financial institution receives from the customer a “primary” “secondary” pre-print application (stamped if necessary).

  Next, with reference to FIG. 2 and FIG. 6, a description will be given of processing for decrypting the encoded value α and inputting or registering application form information in the contract registration system of the financial institution.

  FIG. 6 is a flowchart showing a process of reversely converting and decrypting an encrypted and encoded password in the contract registration system 300 according to the first embodiment of the present invention.

  The contract registration system 300 includes a registration system 310, a decryption system 320, and a contract DB 330, and is connected to the registration terminal 500 via an in-house network such as an intranet. Information on the pre-print application form received by the financial institution is registered (or input) from the registration screen of the registration terminal 500, and finally stored in the contract DB 330 through the registration system 310. The contract DB 330 is a very secure database in which contract information is stored in a financial institution.

  The registration system 310 includes a transmission / reception unit 311 that can transmit and receive information between the registration terminal 500, the decryption system 320, and the contract DB 330, and an information storage that can store date and time information and application number information of the application form. Unit 312 and a control unit 313 that controls the entire registration system 310.

  The decryption system 320 includes a transmission / reception unit 321, a table 322, and a decryption processing unit 323, and has a function of decrypting an encrypted password. The decryption system 320 has the same configuration as the encryption system 220 in the pre-print application form creation system 200 described with reference to FIG.

  In the pre-print application form received by the financial institution, the password, the application form confirmation date and time, and the application form number are displayed as codes A and B, respectively. When registering them, the codes A and B need only be read by a reading device such as a reader connected to the registration terminal 500, for example. The values α and β are acquired by reading the codes A and B by the reading device (step S109).

  In step S110, the read code A and code B, that is, the value α and the value β are transmitted from the registration terminal 500 connected to the reading device to the transmission / reception unit 311 of the registration system 310 via an in-house network such as an intranet. Is done.

  In step S <b> 111, the transmission / reception unit 311 transmits the value α and the value β received from the registration terminal 500 to the transmission / reception unit 321 of the decryption system 320.

  Here, referring to FIG. 4, FIG. 4 is a diagram illustrating the configuration of the table 322 of the decryption system 320. The table 322 of the decryption system 320 has a configuration corresponding to each of the tables X and Y of the table 222 of the encryption system 220, and includes a table X ′ and a table Y ′ holding corresponding data. In table X ′, the application form number is associated with the decryption key corresponding to the encryption key. In table Y ′, the application form confirmation date and time is associated with the decryption logic corresponding to the encryption logic. It is attached. Alternatively, the encryption system 220 and the decryption system 320 may have a single configuration shared by the preprint application creation system 200 and the contract registration system 300.

  Referring to FIG. 6 again, in step S112, the decryption processing unit 323 first reverse-converts the value β received from the registration system 310, and specifies the application form confirmation date and the application form number.

  In step S113, the decryption processing unit 323 specifies the decryption key corresponding to the encryption key assigned to the application form number in the table X ′, and the encryption assigned to the application form confirmation date and time in the table Y ′. The decryption logic corresponding to the encryption logic is specified.

  Since the decryption key is a variable used in the decryption logic, the decryption system 320 decrypts the value α based on the specified decryption logic and the decryption key in step S114, and actually (That is, password = f ′ ○ (value α, decryption key)).

  In step S115, the transmission / reception unit 321 of the decryption system 320 transmits the password, the application form number, and the application form confirmation date / time to the transmission / reception unit 311 of the registration system 310.

  In step S116, the transmission / reception unit 311 transmits the received password, application form number, and application form confirmation date / time to the contract DB 330, which are stored in the contract DB 330. However, the application form confirmation date and time is not necessarily transmitted to the contract DB 330 and need not be stored.

  Input information other than the password is input from the input screen of the registration terminal 500 and stored in the contract DB 330 through the contract registration system 310 as indicated by a broken line in FIG.

  Here, the registration system 310 can receive the specified application form number from the decryption system 320 in step S112 and accept input of input information other than the password from the registration terminal 500. Alternatively, the application form number is received in step S115, and input of input information other than the password from the registration terminal 500 can be accepted. For example, when registering input information other than a password, when the code B is read by the registration terminal 500 and input information other than the password is input, the value β and the input information other than the password are transmitted from the registration terminal 500 to the registration system 310. The The information storage unit 312 of the registration system 310 can temporarily store input information other than the password. The value β is transmitted to the decryption system 320, converted back to the application form number and the application form confirmation date and time, and returned to the registration system 310. Since it is possible to specify which application form the input information is based on the application form number, the registration system 310 temporarily stores it in the information storage unit 312 based on the application form number. Input information other than the password can be transmitted to the contract DB 330 together with the application form number and stored. The same applies when a password and input information other than the password are to be registered at the same time.

  Alternatively, the Web server 210 can transmit input information other than the password included in the input information received in step S101 to the registration system 310 together with the application form number. Next, the registration system 310 can transmit the input information other than the received password to the contract DB 330 together with the application form number and store it.

  In this embodiment, the application form number and the application form confirmation date / time are combined and converted into the value β to generate the code B. However, in an alternative embodiment, the code B is not converted into the value β in step S105. The code B can also be generated directly from the application form number and the application form confirmation date and time. In this alternative embodiment, when the generated code B is read by the reading device, in step S109, the application form number and the application form confirmation date and time are obtained instead of the value β. For example, when the bank side inputs input information other than the password at the registration terminal 500 and reads the code B, the application form number of the input information and the application form confirmation date and time can be acquired from the code B. Therefore, even when the password and the input information other than the password are to be registered at different timings, the application number obtained by reading the code B and the application number stored in the contract DB Based on this, input information other than the password can be appropriately stored in the contract DB.

  What is important in the present invention is that in the pre-print application received by the financial institution, the actual password is concealed and is transmitted to the registration system 310 as the code A (value α) without being disclosed, and the contract DB 330 It is stored in. For example, even if there is some trouble when a customer sends an application form to a financial institution by mail, the password is only displayed as a code and the actual password is not obtained illegally. Also, even inside financial institutions, the actual password is not displayed on the application form, and it is not displayed on the input screen when registering, and it is not touched by the bank's eyes. There will be no risk and reliability will increase, and customers will feel more secure.

  In addition, since the password of the application form is displayed as a code, it is only necessary to read this code with a reader or the like in the registration / input work, and the efficiency of the work of inputting / registering the application form information is greatly improved. become.

(Second Embodiment)
In the first embodiment, the password is converted to code A, and the application form confirmation date and time and the application form number are converted to code B. However, a method in which the application form confirmation date and application form number are not encoded is also conceivable. In the following, a method for encoding only the password will be described with reference to FIGS.

  FIG. 7 is a diagram showing a detailed configuration of the pre-print application creation system 200 and the contract registration system 300 according to the second embodiment of the present invention.

  FIG. 8 is a flowchart showing a process for encrypting and encoding a password according to the second embodiment of the present invention.

  FIG. 9 is a flowchart showing a process of inversely transforming and decrypting an encrypted and encoded password according to the second embodiment of the present invention.

  In step S <b> 201, the transmission / reception unit 211 of the Web server 210 receives input information including a password from the customer terminal 400.

  Next, in step S202, the transmission / reception unit 211 transmits the password, the application form confirmation date and time attached by the time stamp unit 212, and the application form number attached by the numbering unit to the encryption system 220. As described above, alternatively, the encryption system 220 can add the application form confirmation date and time and the application form number.

  In step S203, the encryption processing unit 223 of the encryption system 220 specifies the encryption key corresponding to the application form number and the encryption logic corresponding to the application form date and time in the table X and the table Y of the table 222, respectively. .

  Next, in step S204, the encryption processing unit 223 uses the specified encryption key and encryption logic to convert the password to a value α (α = f ○ (password, encryption key)).

  In step S <b> 205, the transmission / reception unit 221 returns the value α, the application form date and time, and the application form number to the Web server 210.

  In step S206, the processing unit 214 of the web server 210 encodes the received value α to generate code A.

  In step S207, the processing unit 214 generates an image of the pre-print application form. The generated image of the pre-print application form is transmitted to the customer terminal 400 by the transmission / reception unit 211 and displayed on the screen of the customer terminal 400. In the image of the pre-print application form, the code “A” is displayed in the password field for “Correct” and “Sub”, and the actual date and time of the application form and the application form number are displayed in the prescribed fields instead of the codes. ing. As described above, the actual information is displayed in the “reduction”.

  Here, in the pre-print application form in the present embodiment, the actual application date and time and the application number are displayed, but the encryption key corresponding to the application date and time is a random number and / or the application number. Since the corresponding encryption logic can be different depending on the application date and time, it is unlikely that both the encryption key and the encryption logic are specified from the application date and time and the application number.

  Next, a process of decrypting an encrypted password will be described with reference to FIG.

  In step S208, the value α is obtained by reading the code A with a reader connected to the registration terminal 500.

  When the application form confirmation date and the application form number are input, the customer terminal 400 registers the value α acquired in step S208, the input application confirmation date and time, and the input application number in step S209. To system 310.

  In step S <b> 210, the transmission / reception unit 311 transmits the received value α, the application form confirmation date and time, and the application form number to the decryption system 320.

  In step S211, the decryption processing unit 323 identifies the decryption key corresponding to the encryption key associated with the application form number in the table X ′, and associates it with the application form confirmation date and time in the table Y ′. The decryption logic corresponding to the encryption logic is specified.

  In step S212, the decryption processing unit 323 decrypts the value α based on the specified decryption logic and decryption key, and reversely converts the value α into an actual password (password = f ′ ○ (value α, Decryption key)).

  In step S213, the transmission / reception unit 321 transmits the password, the application form confirmation date and time, and the application form number to the transmission / reception unit 311 of the registration system 310.

  In step S <b> 214, the transmission / reception unit 311 transmits the password, the application form number, and the application form confirmation date and time to the contract DB 330, and these are stored in the contract DB 330. However, the application form confirmation date and time is not necessarily transmitted to the contract DB 330 and need not be stored.

  In the second embodiment, when registering input information other than a password, input information other than a password is input from the registration terminal 500 together with an application form confirmation date and time and an application form number, as indicated by a broken line in FIG. . Input information other than the password is then transmitted from the customer terminal 400 to the transmission / reception unit 311, and the transmission / reception unit 311 transmits the input information other than the password to the contract DB 330 for storage. For example, when registering a password and input information other than the password at the same time, the information storage unit 312 of the registration system 310 can temporarily store the input information other than the password. When the decrypted password, the application form confirmation date and time, and the application form number are returned to the registration system 310 in step S213, input information other than the password temporarily stored in the information storage unit 312 is obtained in step S214. , Password, and application number can be sent to the contract DB 330 for storage. Or, even when registering passwords and input information other than passwords at different timings, it is possible to specify the input information for which application form by the application form number. Based on this, input information other than the password can be appropriately stored in the contract DB 300.

  Alternatively, as described above in the first embodiment, the Web server 210 may transmit input information other than the password included in the input information received in step S201 to the registration system 310 together with the application form number. it can. Next, the registration system 310 can transmit the input information other than the received password and the application form number to the contract DB 330 for storage.

(Third embodiment)
In the first and second embodiments, the encryption / decryption key is a random number and the encryption / decryption logic is changed at a predetermined interval. Alternatively, the encryption / decryption key is changed. And either encryption / decryption logic can be fixed. For example, the encryption / decryption key can be a predetermined number that is used as a variable in the encryption / decryption logic, while the encryption / decryption logic can be varied at predetermined intervals. Alternatively, the encryption / decryption key can be a random number, while the encryption / decryption logic can be a fixed logic.

  According to the present embodiment, since one of the encryption / decryption key and the encryption / decryption logic is fixed, the tables X and Y of the encryption system 220 and the tables X ′ and Y ′ of the decryption system 330 are fixed. The synchronization management of the encryption key and the decryption key, and the encryption logic and the decryption logic becomes easy. Also, since either the encryption / decryption key or the encryption / decryption logic is fixed, but the other changes, both the encryption / decryption key and the encryption / decryption logic It is difficult to identify and the probability that an encrypted password will be decrypted is low.

  In the present specification, as an example, a method for encrypting / decrypting a password using a combination of an application form number and an encryption / decryption key, an application form confirmation date and time, and an encryption / decryption logic has been described. However, in other embodiments, these combinations may be, for example, a combination of application form confirmation date and time / encryption / decryption key, application form number and encryption / decryption logic, and the like. Alternatively, it will be appreciated that the encryption / decryption key and encryption / decryption logic can each be combined with other information associated with the application. For example, the application form confirmation date and time can be other information associated with the application form, and the application form number can be other information that can uniquely identify the application form.

  Furthermore, in this specification, passwords are encrypted and coded, but the concept of the present invention is not limited to passwords, and can be applied to encryption and coding of other important information, for example. it can. Although described in connection with Internet banking as an exemplary embodiment, the concepts of the present invention can also be used for other services that perform identity verification with an ID or password over a network. For example, the present invention can be used for registration of a PIN number of a cash card used in an ATM network, and the present invention can also be used for services other than a bank, such as an ID, a password, and a PIN number. It is particularly effective when performing input, registration, processing, etc. while keeping important information secret.

  Alternatively, using the present invention, for example, it is possible to code the entire contents of the application form. In this case, the registration of application information is much more efficient, but the customer cannot confirm the actual contents of the application because the entire contents of the application are coded. This is not a desirable method. Therefore, from the viewpoint of information security and convenience, it is best to encrypt and / or encode important information such as passwords and / or information used for decryption (eg date and time, number) it is conceivable that.

DESCRIPTION OF SYMBOLS 100 Password information concealment system 200 Pre-print application creation system 210 Web server 211 Transmission / reception part 212 Time stamp part 213 Numbering part 214 Processing part 220 Encryption system 221 Transmission / reception part 222 Table 223 Encryption processing part 300 Contract registration system 310 Registration system 311 Transmission / Reception Unit 312 Information Storage Unit 313 Control Unit 320 Decryption System 321 Transmission / Reception Unit 322 Table 323 Decryption Processing Unit 330 Contract Database 400 Customer Terminal 500 Registration Terminal

Claims (22)

Password information concealment system (100) including a preprint application creation system (200) connected to the first computer (400) and a contract registration system (300) connected to the second computer (500) Because
The pre-print application form creation system (200)
Upon receiving application form information including at least a password from the first computer (400), means for adding first data and second data different from the first data for each application form information ( 210, 220),
Encryption means (220) for converting the password into a first value based on an encryption key associated with the first data and an encryption logic associated with the second data;
Means (210) for encoding the first value into a first code and sending a pre-print application including the first code to the first computer;
The contract registration system (300)
The first value read from the first code of the pre-print application form in the second computer (500), and information for specifying the first data and the second data When received, based on a decryption key corresponding to the encryption key associated with the first data and a decryption logic corresponding to the encryption logic associated with the second data. A decryption means (320) for reversely converting the first value into the password;
Means (310) for receiving the inversely converted password and the first data from the encryption means (330) and storing them in the database (330) in the contract registration system (300). A system characterized by   The system according to claim 1, wherein the encryption key is an arbitrary random number that is different for each first data and is used as a variable of the encryption logic.   The system according to claim 1, wherein the encryption logic is an arbitrary function that differs depending on the second data.   The encryption key is an arbitrary random number used as a variable of the encryption logic, which is different for each first data, and the encryption logic is an arbitrary function that is different depending on the second data. The system according to claim 1.   The system according to claim 1, wherein the first data is an application form number, and the second data is an application form date and time.   The system according to claim 1, wherein the first data is an application form date and time, and the second data is an application form number.   2. The information for specifying the first data and the second data is a second code obtained by coding the first data and the second data. The system described.   The system of claim 1, further comprising means for displaying the pre-print application including the first code on the first computer (400).   8. The system of claim 7, further comprising means for displaying the pre-print application including the first code and the second code on the first computer (400).   The encryption means (220) has a first table in which first data and an encryption key are associated with each other, and a second table in which second data and an encryption logic are associated with each other. Identifying an encryption key associated with the first data in the first table and identifying an encryption logic associated with the second data in the second table. The system of claim 1, characterized in that:   The decryption means (320) has a first table in which first data and a decryption key are associated with each other, and a second table in which second data and a decryption logic are associated with each other. Identifying a decryption key associated with the first data in the first table, and identifying a decryption logic associated with the second data in the second table. The system of claim 1, characterized in that: A computer (100) connected to the first computer (400) and the second computer (500) and having a database (330) for storing application form information in order to conceal password information.
Upon receiving application form information including at least a password from the first computer (400), means (210,) for adding first data and second data different from the first data to the application form information 220),
Means (220) for converting the password to a first value based on an encryption key associated with the first data and an encryption logic associated with the second data;
Means (210) for encoding the first value into a first code and transmitting a pre-print application including the first code to the first computer;
The second computer (500) receives the first value read from the first code of the pre-print application form and information for specifying the first data and the second data. Then, based on a decryption key corresponding to the encryption key associated with the first data and a decryption logic corresponding to the encryption logic associated with the second data. Means (320) for inversely converting the first value into the password;
A program that receives the reversely converted password and the first data from the encryption means (330) and stores the password and the data in the database (330).   The program according to claim 12, wherein the encryption key is an arbitrary random number that is different for each first data and is used as a variable of the encryption logic.   The program according to claim 12, wherein the encryption logic is an arbitrary function that differs depending on the second data.   The encryption key is an arbitrary random number used as a variable of the encryption logic, which is different for each first data, and the encryption logic is an arbitrary function that is different depending on the second data. The program according to claim 12, wherein:   13. The program according to claim 12, wherein the first data is an application form number, and the second data is an application form date and time.   13. The program according to claim 12, wherein the first data is an application form date and time, and the second data is an application form number.   13. The information for specifying the first data and the second data is a second code obtained by coding the first data and the second data. The program described.   13. The program according to claim 12, further causing the computer (100) to further function as means for causing the first computer (400) to display the preprint application form including the first code.   19. The computer (100) further functions as means for causing the first computer (400) to display the pre-print application including the first code and the second code. The program described in. The computer (100) includes a first table in which first data and an encryption key are associated with each other, and a second table in which second data and an encryption logic are associated with each other,
The means for converting (220) identifies the encryption key associated with the first data in the first table, the computer (100), and the second table in the second table. 13. The program according to claim 12, wherein the program is a means for functioning as a means for specifying an encryption logic associated with the data. The computer (100) has a first table in which first data and a decryption key are associated with each other, and a second table in which second data and a decryption logic are associated with each other.
The means for inversely transforming (320) identifies the decryption key associated with the first data in the first table, and identifies the decryption key associated with the first data in the first table. 13. The program according to claim 12, wherein the program is a means for functioning as a means for specifying a decryption logic associated with the second data.

Images