JP2011130425A - System and method for decrypting encrypted data utilizing mobile phone - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To prevent the risk that, when a decryption key is stolen and delivered to a third person, data are decrypted while the administrator (or an owner) of the data is unaware. <P>SOLUTION: When decrypting encrypted data, the mobile phone of a person in charge of the data is automatically called by an administrative server and a decryption key is input from the mobile phone, thereby preventing the data from being decrypted before the person in charge of the data notices it. In the case of scrambled contents, only an authorized viewer, who has properly acquired a descrambling key, is also enabled to view the contents by inputting and transmitting the descrambling key from the viewer's own mobile phone called from the administrative server. <P>COPYRIGHT: (C)2011,JPO&INPIT

Description

The present invention relates to a technique for improving security when decrypting encrypted data.

In the portable terminal and the data decryption system having the decryption function of the encrypted data, the invention described in Patent Literature 1 receives the decryption instruction signal instructing the decryption process of the encrypted data from the portable terminal. The confidential level data given to the encrypted data to be decrypted is acquired from the data, and the obtained trust level data, security level data, evaluation value data generated based on the confidential level data, and whether or not decryption is possible in advance Compared with the threshold data set as a reference, if the evaluation value is smaller than the threshold, it is determined that decoding is possible, the decoding process is executed, and if it is larger, it is determined that decoding is impossible, and the decoding process is stopped. Therefore, it is possible to prevent the encrypted data from being decrypted only by the user information by a malicious person who has obtained the user information including the personal identification number. Therefore, it is possible to reduce the possibility that the malicious data can easily decrypt the encrypted data and leak the decrypted data to the outside.

On the other hand, the invention described in Patent Document 2 establishes wireless communication with a mobile terminal device by the Bluetooth communication unit and the NFC communication unit that communicate with the mobile terminal device by wireless communication, and transmits data to be processed. The encrypted encrypted data is received from the portable terminal device, wireless communication with the portable terminal device is established by the NFC communication unit, and the password used for the decryption processing of the encrypted data is received from the portable terminal device, and the NFC communication unit The encrypted data received by the Bluetooth communication unit is decrypted using the password received in step (3) to extract the data.

JP2007-150466A JP2009-55581A

However, since the description in Patent Document 1 is based on software judgment as a judgment criterion, there is a risk that the software or judgment numerical value may be altered or forged. On the other hand, the present invention makes it possible to avoid alteration or forgery by making it impossible to input a decryption key or password if there is no hardware such as a mobile phone held by the person in charge of data management. Is.
In addition, since the invention described in Patent Document 2 is a transmission / reception of a fixed relationship between the A machine and the B machine, there is a problem that it cannot cope with other services related to decryption of encrypted data owned by individual persons. is there.

The technical problem of the present invention is to make it possible to prevent the encrypted data from being arbitrarily decrypted by a third party other than a legitimate user by paying attention to such a problem. In other words, in the technology that increases security when decrypting encrypted data, when decrypting conventional encrypted data, the computer reads the encrypted data and, at the same time, manually inputs the decryption key of the data into the computer. And then decrypted. As a result, the decryption key consisting of letters and numbers is relatively easy for human propagation, so there is a possibility that the decryption key can reach the hands of a third party. The manager (or owner) is unaware of that. Therefore, even if it is encrypted, it is unavoidable to manage the encrypted data and the decryption key.
Therefore, according to the present invention, when the encrypted data is decrypted, the cellular phone of the data manager (hereinafter referred to as “data manager”) is automatically called, and the decryption key is input from the cellular phone of the data manager. By making it impossible to decrypt unless otherwise, it is possible to prevent unauthorized decryption of encrypted data.

In the present invention, when the encrypted data is decrypted, the data server can be decrypted only by the management server calling the cellular phone of the data manager and receiving the decryption key from the cellular phone. Its purpose is to prevent it from being deciphered before long.
In order to easily understand the overall structure of the present invention, the relationship between each invention and its embodiments and explanatory diagrams is shown in FIG. That is, the first invention and the second invention are strong security using the management server, the third invention and the fourth invention are simple configurations not using the management server, and the fifth invention The invention, the sixth invention, is a configuration for transmitting user information to the cellular phone of the person in charge of data as an additional function to the configuration from the first invention to the fourth invention , the seventh invention, the eighth invention Is a strong security that uses the management server when the encrypted data is scrambled content. The ninth and tenth aspects of the invention provide a management server when the encrypted data is scrambled content. It is a simple configuration that is not used. The eleventh aspect of the invention is a method for determining whether the encryption file has a file structure and a decryption key. The twelfth aspect of the invention relates to a system for decrypting encrypted data using the mobile phone of the present invention and This is applied to a decoding method. The first invention relates to claims 1 and 2. The second invention relates to claim 3. The third invention relates to claim 4. The fourth invention relates to claim 5. The fifth invention relates to claim 6. The sixth invention relates to claim 7. The seventh invention relates to claims 8 and 9. The eighth invention relates to claim 10. The ninth invention relates to claims 11 and 12. The tenth invention relates to claim 13. A twelfth invention relates to claims 14 to 17.

1st invention is the structure of the decoding system of encryption data, and consists of the following structures 1-7.
Configuration 1.
The encrypted data body to be decrypted is handled with additional information including at least the identification information of the person in charge of the data (or the data owner) and the address of the management server, and this encrypted data. A pair of the main body and additional information is an encrypted file. In addition to this, information necessary for determination when the data manager allows decryption, such as the name, importance, and confidentiality of the encrypted data, can be recorded in the additional information. Further, necessary application programs can be incorporated into the additional information. This encrypted file exists as a storage means in the user's computer, a removable medium such as an optical disk or a portable memory outside the computer, and data to be transferred. Here, the address of the management server refers to information necessary for connecting to the management server, such as an address and a telephone number when the management server used by the data manager is designated and connected via a communication line.

Configuration 2.
It is a user's computer for reading the encrypted file and decrypting the encrypted data therein. It is assumed that necessary software such as a program necessary for decryption is installed in the user's computer in advance, and details thereof are not particularly described. Here, the user is not necessarily a third party, and includes the case where the data manager decrypts the encrypted file himself and uses the data.

Configuration 3.
Communication line connection means for connecting the user's computer to a communication line connected to the management server. This refers to a means for connecting a computer to a communication line, such as a modem and accompanying software and its settings. The communication line connection means may be built in the computer. The communication line connected by this communication line connection means is generally assumed to use the Internet, but of course, a fixed telephone line, a dedicated line, and a LAN (same local area communication network) connection line can also be used. The form is not particularly limited.

Configuration 4.
At least a management server with storage means for storing a mobile phone number verification file as a list file indicating the correspondence between the identification information of the person in charge of the data and the mobile phone number. And information for billing can be recorded. The management side of this management server is an administrator who manages and operates this decryption system, and the communication line connects the mobile phone of the data file manager responsible for the encrypted file handled by this system and the computer of the user trying to decrypt the encrypted file. It exists as a bridge that connects with (communication networks including the Internet and mobile phone communications), and it is assumed that operators specializing in this, Internet service providers and mobile phone carriers, etc. It is possible to construct the management server, and it is also possible to give the function of the management server to the user computer or the data manager computer in a simple manner.

Configuration 5.
When the mobile phone number of the person in charge of data is retrieved and read from the management server, the mobile phone communication means receives the mobile phone number data, calls the mobile phone based on this data, and executes communication.

Configuration 6.
A cellular phone possessed by the data manager who is called by the cellular phone communication means and has the data manager input and transmit the decryption key. Here, it is expressed as “mobile phone”, but it may be any mobile communication means, and thus includes a PHS, a personal digital assistant (PDA) having a communication function, and the like.

Configuration 7.
This is a decryption key that is input / transmitted by the data manager and returns the encrypted data to the state before encryption. More specifically, this is a decryption key corresponding to the encryption of the encrypted data body obtained by encrypting the data using the encryption key. This decryption key can be composed of only numbers so that it can be easily input from a mobile phone, but in order to enhance security, characters other than numbers can also be used.
1st invention consists of the above structures 1-7, The decryption system of the encryption data characterized by the above-mentioned.

The second invention is a method for decrypting encrypted data by the decryption system for encrypted data described in the first invention . The target encrypted data body is handled with additional information including at least the identification information of the data manager (or the data owner) and the address of the management server added. A pair of is an encrypted file. In addition to this, information necessary for determination when the data manager allows decryption, such as the name, importance, and confidentiality of the encrypted data, can be recorded in the additional information. Further, necessary application programs can be incorporated into the additional information.

Procedure 1. When decrypting the encrypted data, when the encrypted file is read into the user's computer, it is first connected to the address of the management server recorded in the additional information via a communication line using the communication line connection means, and then connected to the management server. The identification information of the data manager is transmitted. However, the encrypted data body is not transmitted. Or there is no need to send.

Procedure 2. The management server that has received the identification information of the data manager retrieves and reads out the cellular phone number of the data manager based on this identification information, and transmits this cellular phone number data to the cellular phone communication means.

Procedure 3. The mobile phone of the data manager is called by the mobile phone communication means.

Procedure 4. When an incoming call is received at the mobile phone of the data manager, if the decryption is permitted at the judgment of the data manager, the decryption key is input from the mobile phone and transmitted to the management server via the mobile phone communication means. If the information required by the data manager to determine whether to permit decryption, such as the name, importance, and confidentiality of the encrypted data, is recorded in the additional information, this is displayed on the display of the mobile phone. It is displayed and the contents of the display are used to determine whether to permit decryption. Alternatively, it is possible to use a human means such as contacting the decryption permission by telephone from the user in advance.

Procedure 5. The decryption key transmitted from the cellular phone communication means to the management server is transmitted to the user's computer via the communication line connection means.

Procedure 6. The user's computer receives the decryption key and starts decrypting the encrypted data based on the decryption key.
This is a method for decrypting encrypted data, characterized by comprising the above procedure.

The third invention has a minimum system configuration in which the management server is omitted from the configuration of the first invention . In particular, it can be expected to be utilized in the system configuration when building a decryption system for encrypted data at the individual level. For example, it is easy to encrypt important data in a personal computer that you carry around and use it after decrypting it. Type decryption system for encrypted data. It is also suitable for a case where a limited number of users share encrypted data.
The configuration will be described below.

Configuration 1.
An encrypted file, which is composed of at least three elements: an encrypted data body, additional information including at least the mobile phone number of the person in charge of the data, and an application program (hereinafter referred to as an application) for calling the mobile phone. The Among them, the application for calling the mobile phone is composed of a program and data necessary for connection to the mobile phone communication means and for calling the mobile phone. It may be installed in advance on the user's computer instead of in the encrypted file. By doing so, since there is no application for calling the mobile phone necessary for decryption in the encrypted file, it becomes impossible for the third party who obtained the encrypted file to decrypt.

Configuration 2.
It is a user's computer for reading the encrypted file and decrypting the encrypted data therein.

Configuration 3.
Communication line connection means for connecting a user's computer to a communication line connected to the mobile phone communication means.

Configuration 4.
This is a mobile phone communication means for calling a data manager's mobile phone and executing communication.

Configuration 5.
It is a mobile phone possessed by the data manager who is called from the mobile phone communication means and has the data manager input and transmit the decryption key.

Configuration 6.
This is a decryption key that is input / transmitted by the data manager and returns the encrypted data to the state before encryption. More specifically, this is a decryption key corresponding to the encryption of the encrypted data body obtained by encrypting the data using the encryption key. This decryption key can be composed of only numbers so that it can be easily input from a mobile phone, but in order to enhance security, characters other than numbers can also be used.
A third invention is a decryption system for encrypted data, characterized by comprising the above configurations 1-6.

A fourth invention is a method for decrypting encrypted data by the decryption system for encrypted data described in the third invention . The target encrypted data body is configured as an encrypted file together with additional information including at least the mobile phone number of the data manager and an application for calling the mobile phone.

Procedure 1. When decrypting the encrypted data, the encrypted file is read into the user's computer.

Procedure 2. The application for calling the mobile phone is executed, and the mobile phone number of the data manager recorded in the additional information is read out.

Procedure 3. The communication line connection means is connected to the mobile phone communication means, and the mobile phone number data of the data manager is transmitted.

Procedure 4. The mobile phone of the data manager is called by the mobile phone communication means.

Procedure 5. When an incoming call arrives at the cellular phone of the data manager, the data manager inputs a decryption key when decryption is permitted at the discretion of the data manager.

Procedure 6. The inputted decryption key is transmitted to the user's computer via the mobile phone communication means and the communication line connection means.

Step 7. When the decryption key arrives at the user's computer and is read as the decryption key, decryption is started.
This is a method for decrypting encrypted data, characterized by comprising the above procedure.

According to a fifth aspect of the invention , in the user's computer, the encrypted data decryption system according to the first aspect or the third aspect , comprising user information input means and screen display means for prompting input of user information. It is. The user information input means may be a fingerprint sensor or other biological information sensor in addition to a keyboard or numeric keypad.

  The means of screen display to prompt the user information input is to the user, “Please enter your employee code. ”Etc. and display and software for displaying an input frame for entering codes.

Of these, the case of having a biological information sensor differs between the first invention and the third invention .

When applied to the first invention , the user's computer has a biometric information sensor as a user information input means, and a guidance screen that prompts the user to input user information, such as “Place your finger on the fingerprint sensor” 1st invention description characterized by having a display means, and also having a biometric information collation file as a list file indicating correspondence between template data of biometric information and user information in the storage means of the management server. This is a decryption system for encrypted data.
When applied to the third invention , the user's computer has a biometric information sensor as a user information input means and a biometric authentication means for authenticating whether the user is the person, and the user's computer is used in a plurality of ways. In the case of using by a user, a biometric information collation file is also required as a list file indicating correspondence between template data of biometric information and user information for specifying who the user is. In addition, the encrypted data decryption system according to the third aspect of the invention is characterized by having a screen display means for prompting user information.

The sixth invention is a method for decrypting encrypted data by the decryption system for encrypted data of the fifth invention . After the encrypted file is input, the user's computer displays a guidance or input field prompting the user information to be entered on the screen by means of screen display, and the user identifies user information, particularly name and employee code, etc. accordingly. The information is input from the user information input means, or the biometric information is read from the biometric information sensor according to the guidance screen display such as “Place your finger on the fingerprint sensor”, and the user information is the second invention or According to the second invention or the fourth invention , the data is transmitted to the mobile phone of the person in charge of data through the respective predetermined communication paths described in the fourth invention and displayed on the display of the mobile phone. This is a method for decrypting encrypted data.

Among these, when the biological information sensor is provided, the second invention and the fourth invention are slightly different.

When applied to the second invention , the following procedure is added in addition to the procedure of the second invention . In other words, the biometric information of the user is transmitted to the management server together with the identification information of the data manager, and the template data and use of the biometric information stored in the storage means of the management server based on the biometric information at the management server. It is identified by searching who this user is from the biometric information collation file, which is a list file indicating correspondence of user information, and the person responsible for data is identified as this user information. The data of the mobile phone number retrieved based on the information is transmitted to the mobile phone of the person in charge of the data, and the user information is displayed on the display of the mobile phone.

When applied to the fourth invention , the following procedure is added in addition to the procedure of the fourth invention . That is, when the user's computer's biometric authentication means uses the confirmed information that the user is a legitimate user as user information, or when the user's computer is used by multiple users, it is stored in the user's computer. This person is identified as a user information by collation with a certain biometric information collation file, and this is transmitted to the cellular phone communication means together with the cellular phone number of the data manager, Further, the user information is transmitted to the cellular phone of the person in charge of the data, and the encrypted data decrypting method described in the fourth invention is displayed on the display of the cellular phone.

  As described above, the person in charge of data knows who is trying to decrypt the encrypted data.

The seventh invention is a configuration of a decryption system for encrypted data that distributes content such as scrambled video and music, decrypts the content by a content playback device, and provides it to the viewer. It consists of eight.

Configuration 1. It is a content distribution server.
It is a server that distributes content in response to a viewer's distribution request. At the time of distribution, the content is not distributed as it is, but is scrambled and provided to the viewer as a content file with additional information added.

Configuration 2. It is a content file.
The content file includes an encrypted data body and additional information. More specifically, the content file is composed of an encrypted data body that is scrambled with an encryption key for the content at the time of distribution, and additional information including at least the viewer identification information and the management server address. This content file can be copied to a removable medium, and can be reproduced from other content reproduction apparatuses at other locations if the viewer has his / her mobile phone.

Configuration 3. It is a content playback device.
This is a content playback device for the viewer for reading the content file, decrypting the encrypted data body in the content file, and playing it back as the original content. In implementation, a dedicated playback device may be used, but a personal computer can also be used.

Configuration 4. It is a communication line connection means.
Communication line connection means for connecting the content reproduction apparatus to a communication line connected to the management server.

Configuration 5. It is a management server.
At least a management server with storage means for storing a mobile phone number verification file as a list file indicating the correspondence between viewer identification information and mobile phone numbers. This storage means also includes customer information and billing You can also record information for the purpose.

Configuration 6. Mobile phone communication means.
Mobile phone communication means for calling a viewer's mobile phone based on the viewer's mobile phone number data obtained from the management server and executing communication.

Configuration 7. It is a mobile phone.
It is a mobile phone possessed by a viewer who is called by the mobile phone communication means and has the viewer input and transmit a descrambling key.

Configuration 8. A scramble release key.
This is a descrambling key corresponding to the encryption of the encrypted data body scrambled with the encryption key for the content, that is, a key for returning the encrypted data to the state before encryption. The descrambling key is preferably different for each viewer, and is notified to the viewer by some means, for example, telephone or e-mail when distributing the content or in advance. If the viewer is a member, the member's own key, Or it is good also as a different key for every content. Although the descrambling key has been described as the decryption key from the first invention to the sixth invention, it is herein referred to as a “scramble releasing key” corresponding to the “scramble process”. Currently, “scramble”, which allows simpler processing than “encryption” of data, is generally used for content, but if the performance of the playback device and computer improves, “encryption” will become more advanced than scramble. ”May become common. Therefore, here, scramble is also regarded as an encryption method, and is in the same meaning category.

  A decoding system using a mobile phone for scrambled content, characterized in that it is configured as described above.

An eighth aspect of the invention is a method for decrypting encrypted data according to the seventh aspect of the invention , which is performed by a decryption system for encrypted data targeted for content.

Procedure 1. A viewer makes a distribution request to the content distribution server.

Procedure 2. The content distribution server scrambles the target content into encrypted data, and adds additional information including at least the viewer identification information and the management server address to the encrypted data body. Is a content file.

Procedure 3. This content file is transmitted to the viewer's content reproduction device and stored once.

Procedure 4. When the viewer tries to reproduce the content, the content reproduction device reads the content file.

Procedure 5. Based on the address information of the management-side server in the additional information, the connection to the management-side server is made by communication line connection means for connecting to the communication line connected to the management-side server.

Procedure 6. The viewer identification information recorded in the additional information is transmitted to the management server.

Step 7. The management server searches and reads the viewer's mobile phone number based on the viewer's identification information.

Procedure 8. The viewer's mobile phone is called by the mobile phone communication means based on the viewer's mobile phone number data obtained from the management server.

Procedure 9. The viewer inputs and transmits a descrambling key from the mobile phone possessed by the viewer called by the mobile phone communication means.

Procedure 10. This is read into the content reproduction device via the mobile phone communication means, the management server, and the communication line connection means.

Procedure 11. The encrypted data is decrypted as the original content based on the descrambling key, and the viewer can view it.
A decoding method using a mobile phone for scrambled content, characterized by comprising the above procedure.

Ninth invention of the seventh invention, wherein, with a simple system configuration of minimum omitting the managing server comprises the following structure 1-7.

Configuration 1. A content distribution server that provides content as a content file.

Configuration 2. It is a content file. It is a content file that includes an encrypted data body that is scrambled with an encryption key for content at the time of distribution, additional information including at least the viewer's mobile phone number, and an application for calling the mobile phone. Of these, the application for calling the mobile phone may be installed in advance in the content reproduction apparatus instead of in the content file. However, if the application for calling this mobile phone is in the content file, copy this content file to removable media and if the viewer has his / her mobile phone, It can also be played back from the content playback device.

Configuration 3. It is a content playback device. This is a content playback device for the viewer for reading the content file, decrypting the encrypted data body in the content file, and playing it back as the original content. In implementation, a dedicated playback device may be used, but a personal computer can also be used.

Configuration 4. It is a communication line connection means. Communication line connection means for connecting the content reproduction apparatus to a communication line connected to mobile phone communication means.

Configuration 5. Mobile phone communication means for calling a viewer's mobile phone and executing communication.

Configuration 6. It is a mobile phone. It is a mobile phone possessed by a viewer who is called by the mobile phone communication means and has the viewer input and transmit a descrambling key.

Configuration 7. A scramble release key. This is a descrambling key corresponding to the encryption of the encrypted data body scrambled with the encryption key for the content, that is, a key for returning the encrypted data to the state before encryption.

A simple decoding system using a mobile phone for scrambled content, characterized in that it is configured as described above.

A tenth aspect of the invention is a method for decrypting encrypted data according to the ninth aspect of the present invention , wherein the decryption system for encrypted data targets content. It is assumed that the descrambling key is notified to the viewer at the time of content distribution or in advance.

Procedure 1. It is a distribution request, and the viewer makes a distribution request to the content distribution server.

Procedure 2. The content distribution server scrambles the content and adds additional information and an application, and the content distribution server scrambles the target content using an encryption key to obtain encrypted data, and the encrypted data body includes at least a viewer. The additional information including the mobile phone number and the application for calling the mobile phone are added to form a content file.

Procedure 3. In the transmission operation to the content reproduction device, the content file is transmitted from the content distribution server to the viewer's content reproduction device.

Procedure 4. Reading content files. When it is stored once in the content reproduction device and an arbitrary viewer wants to reproduce the content, the content reproduction device reads the content file, and an application for calling a mobile phone is first read and executed.

Procedure 5. Send to mobile phone communication means. The mobile phone number of the viewer recorded in the additional information is transmitted to the mobile phone communication means by the communication line connection means.

Procedure 6. Mobile phone call. The cellular phone of the viewer is called by the cellular phone communication means.

Step 7. Enter and send descramble key. The viewer inputs and transmits a descrambling key from a mobile phone possessed by the viewer called by the mobile phone communication means.

Procedure 8. Incoming call to content playback device. The descrambling key is read into the content reproduction device via the mobile phone communication means and the communication line connection means.

Procedure 9. The encrypted data is decrypted and the content is restored. That is, based on the incoming descrambling key, the encrypted data is decrypted as the original content, and the viewer can view it.
This is a simple decoding method using the mobile phone for scrambled content, which is configured by the above procedure.

The eleventh aspect of the invention is a file structure of an encrypted file and a method for determining whether the decryption key is correct or not, which can determine whether the input decryption key is a normal decryption key prior to decryption of the encrypted data body. . Here, the regular decryption key means a decryption key corresponding to the encryption and suitable for decryption when decrypting the encrypted data, and the encrypted data is converted into the original data by the regular decryption key. Can be decrypted.
Similarly, in the case of the scramble release key, a regular scramble release key is used.

The encrypted file is composed of an encrypted data body and additional information, and the additional information is composed of at least the following three elements.
1. Reference data. This reference data may be relatively small-scale data, and is composed of, for example, an arbitrary character string. This character string is not necessarily a meaningful character string, and may be a randomly generated character string. It is possible to secure stronger security if the reference data is different for each encrypted file.
2. Test data. The reference data is data obtained by encrypting the reference data with the same encryption key used for encrypting the encrypted data body, and this is test data.
3. Judgment application. The determination application is for comparing and determining whether or not the test data can be decrypted to the original reference data when decrypted with the same decryption key used for decrypting the encrypted data body. This determination application may be installed not in the encryption file but in the decrypting computer. The additional information is composed of at least the above three elements, but other necessary data and application programs can also be incorporated.

When decrypting an encrypted file with the above additional information added,
1. When the decryption key is inserted,
2. Prior to the decryption of the encrypted data body, first, the determination application is operated, and the test data in the additional information is decrypted with the decryption key to be decrypted test data,
3. Compare this decryption test data with the reference data,
4). If both are the same, it is determined that the decryption key is a normal decryption key,
5). If they are different, it is determined that they are not legitimate decryption keys.
This is a method for determining the correctness of the decryption key according to the above procedure. This determination result is displayed on a display or the like, and can be presented to the user whether the decryption key is valid.
In the eleventh aspect of the present invention, as the file structure of the encrypted file for determining whether or not the decryption key is a regular decryption key and the method for determining whether the decryption key is correct, The present invention can also be implemented in a conventional encrypted data decryption method that does not depend on the “decryption system and decryption method of encrypted data”.

A twelfth invention is the first invention according to the file structure of the encrypted file and the method for determining whether the decryption key is correct . Second invention. Third invention. Fourth invention. Seventh invention. Eighth invention. Ninth invention. This is an additional function added to the encrypted data decryption system and encrypted data decryption method using the mobile phone according to any one of the tenth invention .

The encrypted file is composed of an encrypted data body and additional information, and the additional information is composed of at least the following three elements.
1. Reference data. This reference data may be relatively small-scale data, and is composed of, for example, an arbitrary character string. This character string is not necessarily a meaningful character string, and may be a randomly generated character string. It is possible to secure stronger security if the reference data is different for each encrypted file.
2. Test data. The reference data is data obtained by encrypting the reference data with the same encryption key used for encrypting the encrypted data body, and this is test data.
3. Judgment application. The determination application is for comparing and determining whether or not the test data can be decrypted to the original reference data when decrypted with the same decryption key used for decrypting the encrypted data body. This determination application may be installed not in the encryption file but in the decrypting computer. The additional information is composed of at least the above three elements, but other necessary data and application programs can also be incorporated.

When decrypting an encrypted file with the above additional information added,
1. Enter the decryption key. 1st invention. Second invention. Third invention. In the case of the fourth invention , a decryption key is input from the cellular phone of the data manager, and this is received and input to the user's computer via a predetermined communication path. Seventh invention. Eighth invention. Ninth invention. In the case of the tenth invention , a decryption key is input from the viewer's mobile phone, and this is received and inserted into the content reproduction apparatus via a predetermined communication path.
2. Prior to the decryption of the encrypted data body, first, the determination application is activated, and the test data in the additional information is decrypted with this decryption key to be decrypted test data,
3. Compare this decryption test data with the reference data,
4). If both are the same, it is determined that the decryption key is a normal decryption key,
5). It is not the very regular decryption key Different both persons.
This is a method for determining the correctness of the decryption key according to the above procedure. This determination result is displayed on a display or the like, and can be presented to the user whether the decryption key is valid.
In particular, when the encrypted data is a huge amount of data, the user can be presented with a determination result of the correctness of the decryption key prior to decryption of the encrypted data body, so that the user can perform unnecessary decryption with the wrong decryption key. I will not wait for you.

According to the decryption system and the decryption method for encrypted data of the present invention, when the encrypted data is decrypted, the cellular phone of the data manager is automatically called, and the decryption key is transmitted from the called cellular phone of the data manager. Since it is not decrypted unless it is inserted, it is safe without being decrypted by a third party without knowing it.
In the case of the first invention and the second invention , the management server is interposed between the data manager and the user, the mobile phone number is specified by the management server, and the mobile phone of the data manager from the mobile phone communication means. Therefore, it is possible to secure stronger security without intervening illegal means, and the third and fourth inventions can construct a minimum system with few resources when used at the individual level. In the fifth and sixth inventions, when decrypting the encrypted data, the user information is displayed on the cell phone display of the data manager, so the data manager knows who is trying to decrypt the encrypted data. Therefore, it becomes a judgment material for permission of decryption. In the seventh and eighth inventions , only a legitimate viewer who has obtained the descrambling key legally inputs and transmits the descrambling key from his / her mobile phone designated and called by the management server. You can view the content and copy this content file to removable media, and if the viewer has his / her mobile phone, it can also be played from other content playback devices at other locations. . In this case, even if an illegal number of copies of this content file is illegally leaked, it cannot be restored and viewed by a third party who does not have a legitimate viewer's mobile phone. The ninth and tenth aspects of the present invention can provide a minimal content file decryption system and decryption method that omits the management server. In the case of the eleventh invention and the twelfth invention , in order to determine whether the decryption key is authentic prior to decryption of the encrypted data body, particularly when the encrypted data is a huge amount of data, The user is not waited for useless decryption with the wrong decryption key.

It is a file structure figure explaining 1st invention and Example 1.3. It is a file structure figure explaining 3rd invention , Example 2. FIG. It is a conceptual diagram explaining 1st invention , Example 1.3. It is a flowchart explaining 2nd invention , Example 1.3. It is a conceptual diagram explaining 3rd invention , Example 2. FIG. It is a flowchart explaining 4th invention , Example 2. FIG. It is a conceptual diagram explaining 5th invention , Example 3. FIG. It is a conceptual diagram explaining 5th invention , Example 3. FIG. It is a conceptual diagram explaining 5th invention , Example 3. FIG. It is a file structure figure explaining 7th invention , Example 4. FIG. It is a file structure figure explaining 9th invention , Example 5. FIG. It is a conceptual diagram explaining 7th invention , Example 4. FIG. It is a flowchart explaining 8th invention , Example 4. FIG. It is a conceptual diagram explaining 9th invention , Example 5. FIG. It is a flowchart explaining 10th invention , Example 5. FIG. It is a file structure figure explaining 11th invention , 12th invention , Example 10, and Example 11. FIG. It is a flowchart explaining 11th invention , 12th invention , Example 10, and Example 11. FIG. It is an arrangement | sequence diagram which shows the relationship between each invention of this invention, its Example, and explanatory drawing.

Next, an embodiment of how the decryption system and the decryption method of encrypted data using the mobile phone according to the present invention are practically described will be described.

A case in which the decryption method of the second invention is implemented using the decryption system for encrypted data of the first invention will be described as Example 1 based on FIG. 1, FIG. 3, and FIG. The decryption system for encrypted data described in the first invention comprises the following configurations 1 to 7.

In the configuration 1, the encrypted file F1 is handled in a state where the additional information D2 is added to the encrypted data body D1 to be decrypted, and the additional information further includes at least the data manager (or the data owner). ) Identification information D2-1 and management server address D2-2. In addition to this, information necessary for determination when the data manager allows decryption, such as the name, importance, and confidentiality of the encrypted data, can be recorded in the additional information. Further, necessary application programs can be incorporated into the additional information. The encrypted file F1 exists as a storage means in the user's computer 2, or a removable medium 1 such as an optical disk or a portable memory outside the computer, and data to be transferred (not shown). Here, the address of the management server refers to information necessary for connection to the management server, such as an address and a telephone number for specifying the management server 4 used by the data manager and connecting to the communication line.

Configuration 2 is a user's computer 2 for reading the encrypted file and decrypting the encrypted data in the encrypted file. Here, the user is not necessarily a third party, This includes the case where the encrypted file is decrypted and the data is used. In practice, this method is often implemented as an embodiment in order to protect the data.

Configuration 3 is communication line connection means 3 for connecting the user's computer to a communication line connected to the management server, which connects the computer to the communication line, such as a modem, software associated therewith, and settings thereof, for example. Means for. The communication line connection means may be built in the computer. The communication line connected by this communication line connection means is generally assumed to use the Internet, but of course, a fixed telephone line, a dedicated line, and a LAN (same local area communication network) connection line can also be used. The form is not particularly limited.

Configuration 4 is a management-side server 4 having storage means for storing a mobile phone number collation file as a list file indicating the correspondence between the identification information of the data manager and the mobile phone number. The management side of this management server is the administrator who operates and manages this decryption system, and communicates the mobile phone of the data file manager responsible for the encrypted file and the computer of the user who is trying to decrypt the encrypted file. It exists as a bridge connecting lines (communication networks including the Internet and mobile phone communications), and it is assumed that operators who specialize in this, Internet service providers, mobile phone carriers, etc. It is also possible to construct this management server, and if it is provided with a storage means for storing the communication line connection means and the identification information of the person in charge of data and the mobile phone number, it is shown in the user's computer or conceptual diagram. However, it is possible to make the computer of the data manager have the function of the management server. It is.

Configuration 5 is a mobile phone communication means 5 that receives the mobile phone number data when the mobile phone number of the person in charge of data is retrieved from the management side server and is read out, calls the mobile phone based on this data, and executes communication. is there.

Configuration 6 is a mobile phone 6 possessed by the data manager who is called from the mobile phone communication means and has the data manager input and transmit the decryption key. Here, it is expressed as “mobile phone”, but it may be any mobile communication means, and thus includes a PHS, a personal digital assistant (PDA) having a communication function, and the like.

Configuration 7 is a decryption key corresponding to the encryption in the encrypted data body obtained by encrypting the data using the encryption key. (Not shown)
The decryption system for encrypted data according to the first embodiment is configured as described above.

Next, the procedure described in the second invention, which is a method for actually operating this system, is executed in the order described below.
Step S1-1. When decrypting the encrypted data, the encrypted file F1 is input to the user's computer.
Step S1-2. The computer reads the additional information D2.
Step S1-3. The communication line connection means connects to the address D2-2 of the management server recorded in the additional information D2 via a communication line, and the data manager identification information D2-1 is transmitted to the management server. However, the encrypted data body is not transmitted. Or there is no need to send.
Step S1-4. The management server searches the mobile phone number of the data manager based on the received identification information of the data manager.
Step S1-5. The mobile phone number data is received from the management server, and the mobile phone communication means calls the mobile phone of the data manager.
Step S1-6. If there is an incoming call to the data manager's mobile phone and decryption is permitted at the discretion of the data manager, a decryption key is entered from the mobile phone.
Step S1-7. This is transmitted to the management server via the mobile phone communication means.
Step S1-8. The decryption key transmitted to the management server is transmitted to the user's computer via the communication line connection means.
Step S1-9. The user's computer receives the decryption key and determines whether it is a regular decryption key.
Here, as a method for determining whether or not the decryption key is a regular decryption key, as will be described in detail in the tenth and eleventh embodiments, the encrypted data is encrypted with the same encryption key as additional information, as described in detail in the tenth and eleventh embodiments. It is also possible to determine whether or not encrypted data (for example, a character string) is added and can be decrypted into regular data.
Step S1-10. If the decryption key is a regular decryption key corresponding to the encryption, decryption of the encrypted data is started based on the decryption key.
Step S1-11. If this decryption key is not a regular decryption key corresponding to the encryption, decryption is stopped.
Step S1-12. “The decryption key is wrong. Cannot decrypt. ”And other necessary post-stop procedures.

A case where the decryption method of the fourth invention is implemented using the decryption system for encrypted data of the third invention will be described as a second embodiment based on FIG. 2, FIG. 5, and FIG.
The second embodiment is a minimum simple system that omits the management server from the first embodiment. In particular, it can be expected to be utilized in the system configuration when building a decryption system for encrypted data at the individual level. For example, it is easy to encrypt important data in a personal computer that you carry around and use it after decrypting it. Type decryption system for encrypted data. Further, it is also suitable when the encrypted data is shared by a limited number of users.
The decryption system for encrypted data according to the second embodiment includes the following configurations 1 to 6.

  Configuration 1 is an encrypted file F2. The encrypted file F2 includes at least three elements: an encrypted data body D1, additional information including at least the cellular phone number D2-3 of the data manager, and an application AP for calling the cellular phone. Among these, an application for calling a mobile phone may be installed in advance on a user's computer.

Configuration 2 is the user's computer 2 for reading the encrypted file and decrypting the encrypted data therein.
Configuration 3 is communication line connection means 3 for connecting a user's computer to a communication line connected to mobile phone communication means.
Configuration 4 is mobile phone communication means 5 for calling the mobile phone of the data manager and executing communication.
Configuration 5 is a mobile phone 6 possessed by the data manager who is called from the mobile phone communication means and has the data manager input and transmit the decryption key.
Configuration 6 is a decryption key corresponding to the encryption of the encrypted data body obtained by encrypting the data using the encryption key. (Not shown)
The system configured as described above is a system for decrypting encrypted data using the mobile phone according to the second embodiment.

Next, the procedure for actually operating this system is executed in the following order.
Step S2-1. When decrypting the encrypted data, the encrypted file is read into the user's computer.
Step S2-2. The application for calling the mobile phone is executed, and the mobile phone number of the data manager recorded in the additional information is read out.
Step S2-3. The communication line connection means is connected to the mobile phone communication means, and the mobile phone number data of the data manager is transmitted.
Step S2-4. The mobile phone of the data manager is called by the mobile phone communication means.
Step S2-5. When an incoming call arrives at the cellular phone of the data manager, the data manager inputs a decryption key when decryption is permitted at the discretion of the data manager.
Step S2-6. The decryption key is transmitted to the user's computer via the mobile phone communication means and the communication line connection means.
Step S2-7. The user's computer receives the decryption key and determines whether it is a regular decryption key.
Step S2-8. If the decryption key is a regular decryption key corresponding to the encryption, decryption of the encrypted data is started based on the decryption key.
Step S2-9. If this decryption key is not a regular decryption key corresponding to the encryption, decryption is stopped.
Step S2-10. “The decryption key is wrong. Cannot decrypt. ”And other necessary post-stop procedures.

The third embodiment is an example in which the decryption method described in the sixth invention is implemented using the decryption system for encrypted data described in the fifth invention, and the encryption from the first invention to the fourth invention is performed. Added a function that allows the user to input user information from the user's computer to the data decoding system and decoding method, send it to the mobile phone of the data manager, and display the user information on the display of the mobile phone Therefore, the case of implementing this will be described with reference to FIGS.
The decoding system according to the third embodiment has the following configurations 1 and 2.

Configuration 1 is user information input means in the user's computer. The user information input means may be a fingerprint sensor 9 or other biological information sensor in addition to the keyboard 7 and numeric keypad 8.
Configuration 2 is a screen display means 10 for prompting input of user information. The means of screen display to prompt the user information input is to the user, “Please enter your employee code. ] And a display and software for displaying an input frame for entering a code.
This is a decryption system for encrypted data according to the first and third inventions , to which the above configurations 1 and 2 are added.

Next, the procedure described in the sixth invention for actually operating this system is executed in the following order. This will be described with reference to FIGS. 1, 3, 4, 8, and 9.
In order to facilitate understanding here, the data manager is the principal teacher of an elementary school, and the user is the sixth grade teacher, Dr. Rokusuke.
Dr. Rokusuke brought home the disk 1 containing all the data of all 6th graders to prepare the materials. The data is encrypted in case of loss or theft, and the data is protected more safely by using the decryption system of the present invention.

Dr. Rokusuke, who brought home a data disc,
S1-1. This is put into a personal computer, that is, the user's computer 2 and is to be decrypted.
S1-2. The user's computer 2 reads the additional information D2, and the screen display means 10, that is, the message “Place your finger on the fingerprint sensor” appears on the display. Place your finger on the fingerprint sensor 9 according to the instructions. It was.
S1-3. The fingerprint information of Dr. Rokusuke and the identification information D2-1 of the data manager in the additional information are transmitted to the management server 4 managed by the company A.
S1-4. On the management server, the cellular phone number of the principal of the data, ie, the principal of the principal, is searched based on the identification information D2-1 of the principal of the data, that is, the principal of the principal in this case, and the fingerprint information which is the biological information of the teacher Based on the above, search and determine the name of Dr. Rokusuke as a system user (decryptor of encrypted file).
S1-5. The mobile phone communication means 5 (for example, the communication system of the mobile phone carrier B) received the telephone number data and the name data of Dr. Rokusuke from the management server, called the principal's mobile phone 6 and transmitted the name of Dr. Rokusuke. .
S1-6. The principal of the principal, the data manager, received an incoming call, and the name of Rokusuke-sensei was displayed as a user on the mobile phone display, so the principal entered the decryption key with peace of mind.
S1-7. This was sent to the management server.
S1-8. This decryption key is transmitted to the user's personal computer via the management server.
S1-9. Rokusuke-sensei's computer determines whether it is a valid decryption key.
S1-10. Since this is a regular decryption key, decryption of the encrypted data has started.
If the principal sends the wrong decryption key at this time,
S1-11. Rokusuke-sensei's computer could not be decrypted and was canceled.
S1-12. “The decryption key is different. It cannot be decrypted. ”Will be displayed.
As described above, since the person in charge of data knows who is trying to decrypt the encrypted data, it can be used to determine whether to permit decryption.

The fourth embodiment is an example in which the decryption method described in the eighth invention is implemented using the decryption system of the encrypted data described in the seventh invention for video and music content. 10, FIG. 12, and FIG.

A seventh invention is a configuration of a decryption system for encrypted data that distributes content such as scrambled video and music, decrypts the content by a content playback device, and provides it to a viewer. It consists of 1-8.

  Configuration 1 is a content distribution server 17 that distributes content in response to a viewer's distribution request. In distribution, the content is not distributed as it is, but is scrambled and provided to the viewer as a content file CF1 to which additional information C2 is added.

Configuration 2 is a content file CF1, which includes an encrypted data body C1 and additional information C2.
The details include an encrypted data body C1 scrambled with an encryption key for content at the time of distribution, additional information C2 including at least the viewer identification information C2-1 and the management server address C2-2, Is a content file CF1. This content file can be copied to a removable medium, and can be reproduced from other content reproduction apparatuses at other locations if the viewer has his / her mobile phone.

Configuration 3 is a content playback device 12 that reads a content file, decrypts the encrypted data body in the content file, and plays back the content as the original content. In implementation, a dedicated playback device may be used, but a personal computer can also be used.
Configuration 4 is communication line connection means 13, which is a communication line connection means 13 for connecting the content reproduction apparatus 12 to a communication line connected to the management-side server 14.
Configuration 5 is the management-side server 14, which is at least a management-side server 14 having storage means for storing a mobile phone number collation file as a list file indicating correspondence between viewer identification information and mobile phone numbers. . In addition, customer information and information for billing can be recorded in this storage means.
Configuration 6 is the mobile phone communication means 15 that calls the viewer's mobile phone based on the viewer's mobile phone number data obtained from the management-side server and executes communication.
Configuration 7 is a mobile phone 16. This is a mobile phone 16 possessed by a viewer who is called by the mobile phone communication means 15 and has the viewer input and transmit a descrambling key.

Configuration 8 is a descrambling key, which is a descrambling key corresponding to the encryption of the encrypted data body obtained by scrambling the content using the encryption key, that is, before the encrypted data is encrypted. It is a key to return to the state of. This descrambling key is preferably different for each viewer, and is notified to the viewer by means of content distribution or in advance, for example, by telephone or e-mail. If the viewer is a member, the member's own key Alternatively, different keys may be used for each content.
Although the first invention to the sixth invention have been described as the decryption key, this descrambling key is herein referred to as a “scramble release key” corresponding to the “scramble process”. Currently, “scramble”, which allows simpler processing than “encryption” of data, is generally used for content, but if the performance of the playback device and computer improves, “encryption” will become more advanced than scramble. ”May become common. Therefore, here, scramble is also regarded as an encryption method, and is in the same meaning category.
The encrypted data decryption system using the mobile phone configured as described above is the seventh invention .

The eighth invention is a method for decrypting encrypted data by an encrypted data decryption system for content described in the seventh invention, and the procedure of the embodiment is as follows. I will explain.
Step S3-1. When a viewer makes a distribution request to the content distribution server,
Step S3-2. The content distribution server scrambles the target content into encrypted data, and adds additional information including at least the viewer identification information and the management server address to the encrypted data body. Is a content file.
Step S3-3. This content file is transmitted to the viewer's content reproduction device and temporarily stored.

Step S3-4. When the viewer tries to reproduce the content, the content reproduction device reads the content file.
Step S3-5. Based on the address of the management server in the additional information, the communication line connection means is connected to the communication line connected to the management server to connect to the management server.
Step S3-6. The viewer identification information recorded in the additional information is transmitted to the management server.
Step S3-7. The management server searches and reads the viewer's mobile phone number based on the viewer's identification information.
Step S3-8. Mobile phone number data is received from the management server, and mobile phone communication means calls the viewer's mobile phone based on this data.
Step S3-9. The viewer inputs and transmits a descrambling key from the mobile phone possessed by the viewer called by the mobile phone communication means.

Step S3-10. The descrambling key is read into the content reproduction apparatus via the cellular phone communication means, the management server, and the communication line connection means.
Step S3-11. It is determined whether the descrambling key is a regular descrambling key corresponding to the encryption.
Step S3-12. If it is a proper and correct key, decryption of the encrypted data is started based on the descrambling key, the original content is decrypted, and the viewer can view.
Step S3-13. If the descrambling key is not a regular descrambling key corresponding to the encryption, the decryption is stopped.
Step S3-14. “The descrambling key is different. Cannot decrypt. ”And other necessary post-stop procedures.
The eighth invention composed of the above procedures is a method for decrypting encrypted data using a mobile phone.

The fifth embodiment is a decoding method for executing the procedure described in the tenth invention using the decoding system described in the ninth invention, and will be described with reference to FIGS. 11, 14, and 15. FIG.
The description of the ninth invention is the minimum system configuration in which the management server is omitted from the description of the seventh invention .

Configuration 1. The content distribution server 17 is a content distribution server 17 that provides content as a content file CF2.
Configuration 2. The content file CF2. Content comprising encrypted data body C1 scrambled with an encryption key for content at the time of distribution, additional information C2-3 including at least the mobile phone number of the viewer, and application AP for calling the mobile phone File CF2. This content file is copied to a removable medium, and if the viewer has his / her mobile phone, it can be played from other content playback devices at other locations.

Configuration 3. This is a content reproduction device 12. The content playback device 12 of the viewer for reading the content file, decrypting the encrypted data body in the content file, and playing it back as the original content, which may be a dedicated playback device for implementation, You can also use a personal computer.
Configuration 4. The communication line connection means 13 is a communication line connection means 13 for connecting the content reproduction apparatus to a communication line connected to the mobile phone communication means.
Configuration 5. The mobile phone communication means 15 is a mobile phone communication means 15 for calling a viewer's mobile phone and executing communication.

Configuration 6. It is a mobile phone 16 that is called by the mobile phone communication means and is held by the viewer for receiving and inputting a descrambling key by the viewer.
Configuration 7. It is a descrambling key (not shown), and is a descrambling key corresponding to the encryption of the encrypted data body that is scrambled with the encryption key for the content.
The encryption data decryption system using the mobile phone configured as described above is the ninth invention .

A tenth aspect of the present invention is a method for decrypting encrypted data by a decryption system for encrypted data for content, as described in the ninth aspect , and the procedure of the embodiment is as follows. Refer to FIG. explain. Note that the scramble release key is notified to the viewer in advance.
Step S4-1. When a viewer makes a distribution request to the content distribution server,
Step S4-2. The content distribution server scrambles the target content into encrypted data, and adds at least additional information including the mobile phone number of the viewer and an application for calling the mobile phone to the encrypted data body. This is the content file.
Step S4-3. The content file is transmitted to the viewer's content playback device;
Step S4-4. Once stored in the content playback device and the viewer intends to play back the content, the content playback device reads the content file, and an application for calling a mobile phone is first read and executed.
Step S4-5. By executing the application, the mobile phone number of the viewer recorded in the additional information is transmitted to the mobile phone communication means by the communication line connection means.

Step S4-6. Mobile phone call. The cellular phone of the viewer is called by the cellular phone communication means.
Step S4-7. Enter and send descramble key. The viewer inputs and transmits a descrambling key from a mobile phone possessed by the viewer called by the mobile phone communication means.
Step S4-8. The descrambling key is read into the content reproduction apparatus via the mobile phone communication means and the communication line connection means.
Step S4-9. The content reproduction apparatus determines whether the descrambling key is a regular descrambling key corresponding to the encryption.
Step S4-10. If it is a proper and correct key, decryption of the encrypted data is started based on the descrambling key, the original content is decrypted, and the viewer can view.

Step S4-11. If the descrambling key is not a regular descrambling key corresponding to the encryption, the decryption is stopped.
Step S4-12. “The descrambling key is different. Cannot decrypt. ”And other necessary post-stop procedures.
A tenth aspect of the present invention is a method for decrypting encrypted data using a mobile phone, comprising the above procedure.

This the first invention which has been described up other than the embodiments corresponding to each of the up to the tenth invention, the common embodiment to the invention of all hands herein described below as an additional function.
Dummy screen for entering decryption key and descrambling key. It looks like a normal method of decrypting encrypted data and displays a dummy screen unrelated to this system on the user's computer display to prevent decryption by a third party other than the authorized user. . Also, making the encrypted data indecipherable, such as deleting the encrypted data when an incorrect operation is performed, that is, when an input to this dummy screen or a different decryption key or descramble key is entered from the mobile phone. You can also.

The system and method according to the present invention has an incoming call on the data manager's mobile phone even if an unauthorized third party attempts to decrypt the encrypted data. Therefore, when the data manager feels that the incoming request for decryption permission is abnormal, that is, when the suspicion that the incoming call is from an unauthorized third party, the decryption key or descrambling is released from the mobile phone of the data officer. The key is transmitted by pressing a predetermined key for erasing the encrypted data instead of the key so that the encrypted data cannot be decrypted.

Add another decryption key determined by the server administrator (administration server) to the original decryption key that neither the data manager nor the user knows at the management server, and the user's computer and viewer A method of sending to a content playback device. According to this method, it is necessary to have the decryption key added from the management server, and for this purpose, decryption can only be done through the management server, which makes it difficult for an unauthorized operation by a third party and improves security. .

The additional information of the encrypted file is also encrypted in advance, and a screen requesting input of this decryption key is displayed on the user's computer and viewer's content playback device, and the decryption key is input to the user and viewer from the screen. An example with double security.

The eleventh aspect of the present invention is the "decryption system of encrypted data using a mobile phone" according to the present invention as a file structure of an encrypted file for determining whether the decryption key is a regular decryption key and a method for determining whether the decryption key is correct or not. The present invention can also be applied to a conventional method for decrypting encrypted data that does not depend on “decryption method”. This will be described with reference to FIG. The encrypted file F3 is composed of an encrypted data body D1 to be decrypted by the user and additional information D3. Of these, the additional information is composed of at least the following three elements.
1. Reference data RD.
2. Test data TD. Data obtained by encrypting the reference data with the same encryption key as that of the encrypted data body.
3. This is the determination application AP-3.
The additional information is composed of at least the above three elements, but other necessary data and application programs can also be incorporated.
A method of decrypting the encrypted file to which the additional information is added will be described with reference to FIG.
Step S5-1. When the decryption key is inserted,
Step S5-2. Prior to the decryption of the encrypted data body, first, the determination application is activated, the test data in the additional information is decrypted with this decryption key, and this is used as the decryption test data.
Step S5-3. Compare this decryption test data with the reference data,
Step S5-4. If both are the same, it is determined that the decryption key is a normal decryption key, decryption is started,
Step S5-5. If it is different, it is determined that it is not a normal decryption key, the decryption is stopped,
Step S5-6. Display a screen such as “Decryption key is wrong”.
This is a method for determining the correctness of the decryption key according to the above procedure. This determination result is displayed on a display or the like, and can be presented to the user whether the decryption key is valid.

A twelfth invention is the first invention according to the file structure of the encrypted file and the method for determining whether the decryption key is correct . Second invention. Third invention. Fourth invention. Seventh invention. Eighth invention. Ninth invention. This is an additional function added to the encrypted data decryption system and the encrypted data decryption method according to any one of the tenth inventions .
This will be described with reference to FIG. The encrypted file F3 is composed of an encrypted data body D1 to be decrypted by the user and additional information D3. Of these, the additional information is composed of at least the following three elements.
1. Reference data RD.
2. Test data TD. Data obtained by encrypting the reference data with the same encryption key as that of the encrypted data body.
3. This is the determination application AP-3.
The additional information is composed of at least the above three elements, but other necessary data and application programs can also be incorporated.
A method of decrypting the encrypted file to which the additional information is added will be described with reference to FIG.
Step S5-1. When the decryption key is inserted,
Step S5-2. Prior to the decryption of the encrypted data body, first, the determination application is activated, the test data in the additional information is decrypted with this decryption key, and this is used as the decryption test data.
Step S5-3. Compare this decryption test data with the reference data,
Step S5-4. If both are the same, it is determined that the decryption key is a normal decryption key, decryption is started,
Step S5-5. If it is different, it is determined that it is not a normal decryption key, the decryption is stopped,
Step S5-6. Display a screen such as “Decryption key is wrong”.
This is a method for determining the correctness of the decryption key according to the above procedure. This determination result is displayed on a display or the like, and can be presented to the user whether the decryption key is valid.
A method for decrypting the encrypted file to which the additional information is added will be described with reference to FIGS. 17, 4, 6, 13, and 15.
When applied to the first invention and the second invention ,
Steps S1-9 and subsequent steps in FIG. 4 are referred to as steps S5-1 to S5-6.
When applied to the third invention and the fourth invention ,
Steps S2-7 and subsequent steps in FIG. 6 are referred to as steps S5-1 to S5-6.
When applied to the seventh invention and the eighth invention ,
Steps S3-11 and subsequent steps in FIG. 13 are referred to as steps S5-1 to S5-6.
When applied to the ninth invention and the tenth invention ,
Steps S4-9 and subsequent steps in FIG. 15 are referred to as steps S5-1 to S5-6.

According to the above procedure, it is possible to present to the user whether the decryption key is authentic or prior to decryption of the encrypted data body. In particular, when the encrypted data is an enormous amount of data, the user is not waited for useless decryption with the wrong decryption key.
The eleventh invention can be applied alone to a conventional method for decrypting encrypted data. However, in the twelfth invention , this is not a single device, but a “decryption data decryption system using a mobile phone” of the present invention. And decoding method ”can be used as an additional function.

As described above, when decrypting encrypted data using the decryption method using the decryption system for encrypted data according to the present invention, the mobile phone of the data manager is automatically called and the data manager Since it is not decrypted unless a decryption key is inserted from the mobile phone, it is safe without being decrypted by a third party without knowing it.
Even in the case of scrambled content, when only a legitimate viewer who has obtained the descrambling key properly enters the descrambling key from his / her mobile phone that is specified by the management server and called from the mobile phone communication means Only you can watch the content.

AP application (application to call mobile phone)
AP-3 Determination application C1 Encrypted data body C2 Additional information C2-1 Viewer identification information C2-2 Management server address C2-3 Viewer mobile phone number CF1 Content file CF2 Content file D1 Encrypted data body D2 Additional information D2-1 Data manager identification information D2-2 Management server address D3 Additional information F1 Encryption file F2 Encryption file F3 Encryption file RD Reference data TD Test data 1 Removable media 2 User's computer 3 Communication line connection means 4 Management server 5 Mobile phone communication means 6 Cell phone of data manager 7 Keyboard 8 Numeric keypad 9 Fingerprint sensor (Biometric information sensor)
DESCRIPTION OF SYMBOLS 10 Screen display means 11 Removable media 12 Content reproduction apparatus 13 Communication line connection means 14 Management server 15 Mobile phone communication means 16 Viewer's mobile phone 17 Content distribution server

Claims (12)

An encrypted file comprising an encrypted data body and additional information including at least the identification information of the person in charge of data and the address of the management server,
A user's computer for reading the encrypted file and decrypting the encrypted data therein;
A communication line connection means for connecting the user's computer to a communication line connected to the management server;
Management server with storage means to store at least identification information and mobile phone number of data manager,
Mobile phone communication means for receiving the mobile phone number data of the data manager from the management side server, calling the mobile phone of the data manager based on the data, and executing communication
A cellular phone that is called by the cell phone communication means and possessed by the data manager for receiving and inputting a decryption key by the data manager;
A decryption key corresponding to the encryption of the encrypted data body encrypted with the encryption key for the data,
A system for decrypting encrypted data using a mobile phone, comprising: The encrypted data body and the additional information including at least the identification information of the person in charge of data and the address of the management server constitute a pair of encrypted files,
When decrypting the encrypted data, when the encrypted file is read into the user's computer, it is connected to the address of the management server recorded as additional information in the computer by a communication line connection means, and then managed. The identification information of the person in charge of the data is transmitted to the server on the side of the server, and the server on the management side that has received the information retrieves and reads out the cellular phone number of the person in charge of the data based on the identification information and The mobile phone communication means calls the mobile phone of the data manager,
When an incoming call is received by the data manager's mobile phone, the data manager inputs and transmits the decryption key, and the decryption key is input to the user's computer via the mobile phone communication means and the management server and the communication line connection means. A method for decrypting encrypted data, wherein decryption is started. An encrypted file consisting of an encrypted data body, additional information including at least the mobile phone number of the data manager, and an application for calling the mobile phone,
A user's computer for reading the encrypted file and decrypting the encrypted data therein;
A communication line connection means for connecting the user's computer to a communication line connected to the mobile phone communication means;
A mobile phone communication means for calling the data manager's mobile phone and executing communication;
A cellular phone that is called by the cell phone communication means and possessed by the data manager for receiving and inputting a decryption key by the data manager;
A decryption key corresponding to the encryption of the encrypted data body encrypted with the encryption key for the data,
A system for decrypting encrypted data using a mobile phone, characterized in that the system comprises at least: An encrypted file comprising an encrypted data body, additional information including at least the data manager's mobile phone number, and an application for calling the mobile phone,
When decrypting the encrypted data, when the encrypted file is read into the user's computer, the application for calling the mobile phone is executed, and the mobile phone number of the person responsible for data recorded in the additional information is read. The mobile phone number data is sent from the communication line connection means connected to the communication line connected to the mobile phone communication means to the mobile phone communication means, and the mobile phone communication means calls the mobile phone of the data manager,
When an incoming call is received by the data manager's mobile phone, the data manager inputs a decryption key and transmits it to the mobile phone communication means. The decryption key passes from the mobile phone communication means to the user's computer via the communication line connection means. A method for decrypting encrypted data, wherein decryption is started when an incoming call is received and read as a decryption key.   The decryption system for encrypted data according to claim 1 or 3, wherein the user's computer has user information input means and screen display means for prompting user information to be input.   After the encryption file is input, an input guidance screen is displayed on the screen of the user's computer by means of a screen display prompting the user information to be input, and the user inputs the user information from the user information input means accordingly. The user information is transmitted to the mobile phone of the person in charge of data via the respective predetermined communication paths according to claim 2 or claim 4 and displayed on the display of the mobile phone. The method for decrypting encrypted data according to claim 2 or 4. A content delivery server that provides content as content files,
A content file comprising an encrypted data body scrambled with an encryption key for content at the time of distribution, and additional information including at least the viewer identification information and the address of the management server;
A viewer's content playback device for reading the content file, decrypting the encrypted data body in the content file, and playing it back as the original content;
Communication line connection means for connecting the content reproduction apparatus to a communication line connected to the management server;
A management server having storage means for storing at least identification information and a mobile phone number of the viewer,
Mobile phone communication means for receiving viewer's mobile phone number data from the management side server, calling the viewer's mobile phone based on this data, and executing communication;
A cellular phone that is called by the cellular phone communication means and possessed by a viewer for receiving and inputting a descrambling key by the viewer;
A descrambling key corresponding to the encryption of the encrypted data body scrambled with the encryption key for the content,
A system for decrypting encrypted data using a mobile phone, comprising: When a viewer makes a distribution request to the content distribution server,
The content distribution server scrambles the target content into encrypted data, and adds additional information including at least the viewer identification information and the management server address to the encrypted data body. Is stored as a content file once it is sent to the viewer's content playback device,
When the viewer tries to play back the content, the content playback device reads the content file and connects to the communication line connected to the management server based on the address information of the management server of the additional information in the content file. To the management server, and transmits the viewer identification information recorded in the additional information to the management server. The management server determines the mobile phone number of the viewer based on the viewer identification information. Search and read, send the mobile phone number data to the mobile phone communication means, based on this mobile phone communication means call the viewer's mobile phone,
From the mobile phone held by the viewer called by the mobile phone communication means, the viewer inputs and transmits a scramble release key, and the scramble release key is connected to the mobile phone communication means, the management server, and the communication line connection means. The encryption using a cellular phone is characterized in that the encrypted data is read into the content playback device via the scrambled key, and the encrypted data is decrypted as the original content based on the descrambling key and can be viewed by the viewer. Method for decrypting data. A content delivery server that provides content as content files,
A content file comprising an encrypted data body scrambled with an encryption key for content at the time of distribution, additional information including at least a viewer's mobile phone number, and an application for calling the mobile phone;
A viewer's content playback device for reading the content file, decrypting the encrypted data body in the content file, and playing it back as the original content;
A communication line connection means for connecting the content reproduction apparatus to a communication line connected to the mobile phone communication means;
A mobile phone communication means for calling a viewer's mobile phone and executing communication;
A cellular phone that is called by the cellular phone communication means and possessed by a viewer for receiving and inputting a descrambling key by the viewer;
A descrambling key corresponding to the encryption of the encrypted data body scrambled with the encryption key for the content,
A system for decrypting encrypted data using a mobile phone, comprising: When a viewer makes a distribution request to the content distribution server,
The content distribution server scrambles the target content into encrypted data, and adds at least additional information including the mobile phone number of the viewer and an application for calling the mobile phone to the encrypted data body. This is a content file, which is transmitted to the viewer's content playback device and stored once,
When the viewer tries to play back the content, the content playback device reads the content file, and first the application for calling the mobile phone is read and executed, and the viewer's mobile phone recorded in the additional information is read. The telephone number data is transmitted to the mobile phone communication means by the communication line connection means connected to the communication line connected to the mobile phone communication means, and the viewer's mobile phone is called by the mobile phone communication means based on the mobile phone number data,
A content playback device through which a viewer inputs and transmits a descrambling key from a mobile phone possessed by a viewer called by the mobile phone communication means, which is transmitted via the mobile phone communication means and the communication line connection means. A method for decrypting encrypted data using a mobile phone, wherein the encrypted data is decrypted as original content based on the descrambling key and can be viewed by a viewer. Encryption is performed by adding reference data, test data obtained by encrypting the reference data with the same encryption key as the encrypted data, and a determination application for determining whether the decryption key is correct or not as additional information to the encrypted data body. When decrypting the encrypted file, when the decryption key is inserted into the user's computer, the test application is decrypted with the decryption key as decryption test data by the operation of the judgment application, and the decryption test data is If the decryption key is compared with the reference data and the decryption key is the same, it is determined that the decryption key is a normal decryption key. . Encryption is performed by adding reference data, test data obtained by encrypting the reference data with the same encryption key as the encrypted data, and a determination application for determining whether the decryption key is correct or not as additional information to the encrypted data body. When a decryption key is input from a mobile phone and is received and inserted into a user's computer via a predetermined communication path when the encrypted file is decrypted as a file, the test data is received by the operation of the judgment application. The decryption test data is decrypted with the decryption key, and the decryption test data is compared with the reference data. If they are the same, it is determined that the decryption key is a regular decryption key. It is characterized by adding a file structure of the encrypted file and a method of determining whether the decryption key is correct or not, which is determined to be not, and presents the determination result to the user , Claim 1. Claim 2. Claim 3. Claim 4. Claim 7. Claim 8. Claim 9. 11. A system for decrypting encrypted data and a method for decrypting encrypted data using the mobile phone according to claim 10.