JP2011229174A - Data processing device, data processing system and data processing method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To improve an encryption technology used in a data processing device to further diminish the possibility of communication decoding by a third party.SOLUTION: The data processing device makes encrypted data by encrypting processing object data and records the encrypted data in a predetermined record medium. The data processing device also decodes the recorded encrypted data in the record medium to make the encrypted data turn back to the processing object data. When the processing object data is encrypted, an algorithm and a key used for encryption are generated using the sequentially-generated keys by assigning a past solution to a solution generation algorithm. The solution is deleted when there is no need for assigning it to the solution generation algorithm thereafter.

Description

  The present invention relates to a data processing apparatus capable of encrypting processing target data that is plain text and recording it as encrypted data on a predetermined recording medium, and decrypting the encrypted data read from the recording medium, and its application About.

  Now that the importance of information security is increasing, data that is not preferred to be known by a third party (in this specification, this is called “data to be processed”) is encrypted and recorded on a recording medium. The demand for such a data processing apparatus as described above is very large. Various encryption techniques have been proposed and put into practical use for concealing data to be processed, but it is difficult to completely prevent the decryption of the encryption.

In general, encryption of processing target data and recording on a predetermined recording medium are performed by cutting the processing target data into a predetermined number of bits, and encrypting data obtained by encrypting each of the cut data. It is performed by recording on a predetermined recording medium.
When encrypting each piece of data obtained by cutting the data to be processed, a predetermined algorithm and key are generally used. This algorithm is very complex to prevent the decryption of the code, and the key is strictly controlled so that it is not known outside. However, no matter how complicated the algorithm is, or even if the key is changed, once the algorithm and key are known, the decryption of the data encrypted using the algorithm and key is relatively Easy.

On the other hand, the inventor of the present application has repeatedly researched on encryption technology, and has first developed a data processing device including means for continuously generating at least one of an algorithm and a key for performing encryption and decryption. .
In this technique, at least one of an algorithm and a key for performing encryption and decryption is continuously generated. Even if the algorithm or key is known once, the algorithm or key or Since both are changing, its strength is much higher than conventional encryption technology.
However, even with this technique, if some past algorithms or keys are known, there is a risk of predicting how the algorithms and / or keys will change in the future. The possibility of being decrypted by a third party cannot be said to be zero.

  The present invention is to improve a data processing apparatus that encrypts processing target data that is plaintext and records the data as encrypted data on a predetermined recording medium so as to reduce the possibility of decryption of communication by a third party. Let it be an issue.

  In order to solve this problem, the present inventor proposes a first invention, a second invention, and a third invention described below.

The first invention of the present application is as follows.
According to a first aspect of the present invention, there is provided encryption means for encrypting processing target data, which is plain text, using a predetermined algorithm and a predetermined key to obtain encrypted data, recording means for recording the encrypted data, and recording means A data processing apparatus comprising decryption means for decrypting read encrypted data using the algorithm and key used for encrypting the encrypted data to make the data to be processed, a past solution A solution generation means for sequentially generating new solutions at a predetermined timing by substituting past solutions for a predetermined solution generation algorithm capable of generating a new solution by substituting at least one of An algorithm generating means for sequentially generating a new algorithm at a predetermined timing using the obtained solution, and a previous one used when the processing target data is encrypted Specific information recording means for recording specific information for specifying an algorithm in association with the encrypted data in a predetermined recording means, and the solution generation means includes at least one of past solutions. This is a data processing apparatus that holds the past solution and erases the past solution when it is no longer necessary to newly substitute.
The algorithm generation means in the data processing apparatus is configured to generate the algorithm at a predetermined timing, for example, every time the processing target data is encrypted or the encrypted data is decrypted. Further, the solution generation means in the data processing device uses a predetermined solution obtained by substituting at least one past solution into the solution generation algorithm when generating the solution, and The past solution is deleted when it is no longer necessary to assign a new one.
That is, in this data processing apparatus, the algorithm used for encryption and decryption is continuously generated by the algorithm generation means, but the algorithm generation means uses the “solution” when generating the algorithm. It is like that. As described above, this solution is generated using a past solution. Moreover, this solution is erased after it is no longer needed to generate a new solution.
Therefore, in this data processing apparatus, since past solutions are deleted one after another, even if the solution at the present time can be compared, the third party can know how it was generated. Can not.
For the above reasons, the encrypted communication by this data processing apparatus is less likely to be decrypted by a third party.
The above solution may result in a pseudo-random number.

The data processing apparatus according to the first aspect described above changes the algorithm, but may change the key. This also provides the same effect as described above.
For example, an encryption unit that encrypts plain data to be processed using a predetermined algorithm and a predetermined key to obtain encrypted data, a recording unit that records the encrypted data, and an encryption read from the recording unit A data processing apparatus comprising: decryption means for decrypting encrypted data using the algorithm and key used to encrypt the encrypted data to make the data to be processed, at least one of past solutions A solution generating means for sequentially generating new solutions at a predetermined timing by substituting past solutions into a predetermined algorithm for generating a solution that can generate a new solution by substituting A key generation means for sequentially generating new keys at a predetermined timing using a key, and a specification for specifying the key used when the processing target data is encrypted Specific information recording means for recording information on the predetermined recording means in association with the encrypted data, and the solution generation means holds at least one of the past solutions, and An example is a data processing device that erases the past solution when it is no longer necessary to substitute for.

  The data processing apparatus according to the first aspect of the present invention is capable of cutting the processing target data into a plurality of plaintext cut data by cutting each predetermined bit number, and when the encrypted data is encrypted. And cutting means that can cut into the same number of encrypted cut data by cutting the same number of bits, and the encryption means cuts the data to be processed by the cutting means. The plaintext cut data is encrypted to be encrypted cut data, and the decryption means decrypts the encrypted data for each encrypted cut data to obtain plaintext cut data. And a plurality of the encrypted cut data encrypted by the encryption means are connected to form a series of encrypted data and decrypted by the decryption means. Comprising comprising a connecting means for a series of processed data by connecting a plurality of the divisional plaintext data, or may be.

The data processing apparatus according to the first invention provided with the algorithm generating means may generate the algorithm at any timing.
For example, the algorithm generation unit may generate the algorithm every time the processing target data is encrypted. In this way, a different algorithm is generated each time the data to be processed is encrypted, making it difficult for a third party to analogize the algorithm.
The algorithm generation means may generate the algorithm each time the plaintext cut data is encrypted. This increases the frequency of algorithm generation, making it more difficult for a third party to guess the algorithm.

The data processing apparatus according to the first invention provided with the key generation means may generate the key at any timing.
For example, the key generation unit may generate the key every time the processing target data is encrypted. In this way, a different key is generated each time the data to be processed is encrypted, making it difficult for a third party to infer the key.
The key generation means may generate the key every time the plaintext cut data is encrypted. This increases the frequency of key generation, making it more difficult for a third party to infer the key.

  The solution generation means generates a new solution from past solutions, but the solution may be obtained by substituting a plurality of past solutions into the solution generation algorithm. That is, one or more past solutions may be substituted into the solution generation algorithm to generate a new solution.

  The solution generation means may hold an initial solution that is first substituted into the solution generation algorithm when the solution is first generated.

The identification information used in the data processing apparatus according to the first invention provided with the algorithm generation means is any information as long as it can identify the algorithm used when the processing target data is encrypted. It doesn't matter.
For example, the specific information may be the algorithm itself, or may be the solution used by the algorithm generation unit when generating the algorithm, and the algorithm may be used when generating the algorithm. It may be information indicating what number the generated solution is used by the generating means.

The identification information used in the data processing apparatus according to the first invention provided with the key generation means is any information as long as the key used when the processing target data is encrypted can be specified. It doesn't matter.
For example, the specific information may be the key itself, or may be the solution used by the key generation unit when generating the key, and the key may be generated when generating the key. It may be information indicating what number the generated solution is used by the generating means.

Effects similar to those of the data processing apparatus according to the first invention provided with the algorithm generating means can be obtained by, for example, the following method.
This method includes a process of encrypting data to be processed, which is plain text, using a predetermined algorithm and a predetermined key to obtain encrypted data, a process of recording the encrypted data in a predetermined recording unit, This is a method executed by a data processing apparatus that executes a process of decrypting encrypted data read from the data using the algorithm and key used when encrypting the encrypted data into processing target data.
Then, the data processing device substitutes the past solution into a predetermined solution generation algorithm capable of generating a new solution by substituting at least one of the past solutions, thereby sequentially renewing at a predetermined timing. A process for generating a simple solution, a process for generating a new algorithm sequentially at a predetermined timing using the generated solution, and a specification for specifying the algorithm used when the processing target data is encrypted A process of recording information in a predetermined recording means in association with the encrypted data, and the data processing device holds at least one of the past solutions and needs to be newly substituted When it is gone, erase the previous solution.

Effects similar to those of the data processing apparatus according to the first invention provided with the key generation means can be obtained by, for example, the following method.
This method includes a process of encrypting data to be processed, which is plain text, using a predetermined algorithm and a predetermined key to obtain encrypted data, a process of recording the encrypted data in a predetermined recording unit, This is a method executed by a data processing apparatus that executes a process of decrypting encrypted data read from the data using the algorithm and key used when encrypting the encrypted data into processing target data.
Then, the data processing device substitutes the past solution into a predetermined solution generation algorithm capable of generating a new solution by substituting at least one of the past solutions, thereby sequentially renewing at a predetermined timing. A process for generating a new solution, a process for generating a new key sequentially at a predetermined timing using the generated solution, and a specification for specifying the key used when the processing target data is encrypted A process of recording information in a predetermined recording means in association with the encrypted data, and the data processing device holds at least one of the past solutions and needs to be newly substituted When it is gone, erase the previous solution.

The second invention of the present application is as follows.
According to a second aspect of the present invention, there is provided an encryption means for encrypting processing target data, which is plain text, using a predetermined algorithm and a predetermined key to obtain encrypted data, a recording means for recording the encrypted data, and the recording And decrypting means to decrypt the encrypted data read from the means using the algorithm and key used to encrypt the encrypted data to make the data to be processed. And a plurality of the encrypted data are decrypted in the same order as they are encrypted, and at least one of past solutions is obtained. By substituting a past solution into a predetermined solution generation algorithm that can generate a new solution by substituting, each time the data to be processed is encrypted, a new solution is sequentially added. Solution generating means for generating a simple solution, first algorithm generating means for sequentially generating a new algorithm each time the data to be processed is encrypted using the generated solution, and using the generated solution, Second algorithm generation means for generating the same new algorithm that is sequentially generated by the first algorithm generation means each time the encrypted data is decrypted, and the solution generation means, This is a data processing apparatus that holds at least one past solution and erases the past solution when it is no longer necessary to newly substitute.
In the second invention described above, the algorithm is changed. However, as in the case of the first invention, the key may be changed.
In this case, the second invention is an encryption unit that encrypts processing target data that is plaintext using a predetermined algorithm and a predetermined key to form encrypted data, a recording unit that records the encrypted data, And decrypting means for decrypting the encrypted data read from the recording means using the algorithm and key used when encrypting the encrypted data to make the data to be processed. A data processing apparatus that encrypts data into encrypted data, and decrypts the plurality of encrypted data in the same order as they were encrypted, and includes at least one of past solutions By substituting past solutions into a predetermined solution generation algorithm that can generate new solutions by substituting Using a solution generation means for generating a new solution, a first key generation means for sequentially generating a new key each time the processing target data is encrypted using the generated solution, and using the generated solution Second key generating means for generating the same new key as that generated by the first key generating means each time the encrypted data is decrypted, and the solution generating means The data processing apparatus holds at least one of the past solutions and deletes the past solution when it is no longer necessary to newly substitute.

The data processing device in the second invention is similar to the data processing device in the first invention, but does not use the algorithm used when encrypting the data to be processed or the specific information for specifying the key. ing. This is because the data processing apparatus according to the second invention encrypts a plurality of data to be processed into encrypted data, and decrypts the plurality of encrypted data in the same order as they are encrypted. It is related to what is being done.
Each of the algorithm generation means and the key generation means in the data processing apparatus according to the second aspect of the invention generates an algorithm or a key each time the data to be processed is encrypted. In addition, the data processing apparatus according to the second aspect of the invention generates the same algorithm and key used for encryption when performing decryption.
Accordingly, in the data processing device according to the second aspect of the invention, the same algorithm or key as the algorithm or key generated in the past is sequentially generated, so that a plurality of the encrypted data are the same as those encrypted. As long as decoding is performed in order, it is not necessary to use the specific information as described above.

In the two data processing devices according to the second invention, the first algorithm generating means and the second algorithm generating means, or one solution generating means common to the first key generating means and the second key generating means is provided. However, it is also possible to provide two solution generation means corresponding to each of the first algorithm generation means and the second algorithm generation means, or each of the first key generation means and the second key generation means.
As an example of the former, an encryption unit that encrypts processing target data that is plaintext using a predetermined algorithm and a predetermined key to obtain encrypted data, a recording unit that records the encrypted data, and a recording unit Decryption means for decrypting the read encrypted data using the algorithm and key used when encrypting the encrypted data to make the data to be processed, and encrypting a plurality of data to be processed A data processing device configured to decrypt a plurality of the encrypted data in the same order as they are encrypted, and to substitute at least one of past solutions. By substituting a past solution into a predetermined solution generation algorithm that can generate a new solution, each time the data to be processed is encrypted, a new solution is sequentially added. First solution generating means for generating a solution; first algorithm generating means for sequentially generating a new algorithm each time the data to be processed is encrypted using the solution generated by the first solution generating means; By substituting the past solution into a predetermined algorithm for generating a solution that can generate a new solution by substituting at least one of the past solutions, the encrypted data is sequentially decoded each time the encrypted data is decrypted. A second solution generating unit that generates the same new solution as that generated by the one solution generating unit, and a second time each time the encrypted data is decrypted using the solution generated by the second solution generating unit. Second algorithm generation means for generating the same new algorithm as that generated by one algorithm generation means, and the first solution generation means and the second solution generation means Small With holding the one Kutomo, so as to erase the past solutions when the new assignment must be is exhausted, it can be mentioned data processing apparatus.
As an example of the latter, an encryption unit that encrypts processing target data that is plaintext using a predetermined algorithm and a predetermined key to obtain encrypted data, a recording unit that records the encrypted data, and a recording unit Decryption means for decrypting the read encrypted data using the algorithm and key used when encrypting the encrypted data to make the data to be processed, and encrypting a plurality of data to be processed A data processing device configured to decrypt a plurality of the encrypted data in the same order as they are encrypted, and to substitute at least one of past solutions. By substituting a past solution into a predetermined solution generation algorithm that can generate a new solution, each time the data to be processed is encrypted, a new solution is sequentially added. First solution generating means for generating a solution; first key generating means for sequentially generating a new key each time the processing target data is encrypted using the solution generated by the first solution generating means; By substituting the past solution into a predetermined algorithm for generating a solution that can generate a new solution by substituting at least one of the past solutions, the encrypted data is sequentially decoded each time the encrypted data is decrypted. A second solution generating unit that generates the same new solution as that generated by the one solution generating unit, and each time the encrypted data is decrypted using the solution generated by the second solution generating unit Second key generation means for generating the same new key as that generated by the first key generation means, and the first solution generation means and the second solution generation means Hold at least one of the solutions and Is adapted to erase the past solutions when they are no longer needed to enter, it can be mentioned data processing apparatus.

  In the data processing device according to the second aspect of the present invention, the processing target data can be cut into a plurality of plaintext cut data by cutting every predetermined number of bits, and the encrypted data is encrypted. A cutting unit that can cut into the same number of encrypted cut data by cutting the same number of bits as the one that was cut, and the encryption unit cuts the data to be processed by the cutting unit The plaintext cut data is encrypted to be encrypted cut data, and the decryption means decrypts the encrypted data for each encrypted cut data to obtain plaintext cut data. And a plurality of the encrypted cut data encrypted by the encryption means are connected to form a series of encrypted data and decrypted by the decryption means. Comprising comprising a connecting means for a series of processed data by connecting a plurality of the divisional plaintext data may be a thing.

The second invention can also be realized by the following method.
The first example of the second invention is a process of encrypting processing target data, which is plain text, using a predetermined algorithm and a predetermined key to form encrypted data, and recording the encrypted data in a predetermined recording means And a process for decrypting the encrypted data read from the recording means using the algorithm and key used to encrypt the encrypted data to obtain data to be processed. This is the method that is executed. In this method, the data processing device substitutes the past solution into a predetermined solution generation algorithm that can generate a new solution by substituting at least one of the past solutions, thereby processing the data to be processed. A process for generating a new solution sequentially each time encryption is performed, a first algorithm generating process for generating a new algorithm sequentially each time the data to be processed is encrypted using the generated solution, and generation A second algorithm generation step of generating the same new algorithm as that generated in the first algorithm generation step each time the encrypted data is decrypted using the solution obtained, and The data processing device holds at least one of the past solutions and deletes the past solution when it is no longer necessary to newly substitute, and A plurality of processing target data with the encrypted data by encrypting, decrypting a plurality of the encrypted data in the same order as they are encrypted.
The second example is a process of encrypting processing target data that is plaintext using a predetermined algorithm and a predetermined key to obtain encrypted data, a process of recording the encrypted data in a predetermined recording unit, The encrypted data read from the recording means is decrypted using the algorithm and key used to encrypt the encrypted data to be processed data, and is executed by a data processing device that executes the process Is the method. In this method, the data processing device substitutes the past solution into a predetermined solution generation algorithm that can generate a new solution by substituting at least one of the past solutions. A process of sequentially generating a new solution each time the target data is encrypted, and a first key generating process of sequentially generating a new key each time the processing target data is encrypted using the generated solution Performing a second key generation step for generating the same new key as that generated in the first key generation step each time the encrypted data is decrypted using the generated solution. The data processing device holds at least one of the past solutions, erases the past solution when it is no longer necessary to newly substitute, and encrypts a plurality of data to be processed. B With the data, decoding a plurality of the encrypted data in the same order as they are encrypted.
The third example is a process of encrypting processing target data that is plaintext using a predetermined algorithm and a predetermined key to obtain encrypted data, a process of recording the encrypted data in a predetermined recording unit, The encrypted data read from the recording means is decrypted using the algorithm and key used to encrypt the encrypted data to be processed data, and is executed by a data processing device that executes the process Is the method. In this method, the data processing device substitutes the past solution into a predetermined solution generation algorithm that can generate a new solution by substituting at least one of the past solutions. A first solution generation process that sequentially generates a new solution each time the target data is encrypted, and a new solution each time the processing target data is encrypted using the solution generated in the first solution generation process A first algorithm generating process for generating a simple algorithm, and substituting the past solution into a predetermined solution generating algorithm capable of generating a new solution by substituting at least one of the past solutions. A second solution generation process for generating the same new solution as that generated in the first solution generation process and the solution generated in the second solution generation process each time the encrypted data is decoded. A second algorithm generating step for generating the same new algorithm that is sequentially generated in the first algorithm generating step each time the encrypted data is decrypted, and the data processing device comprises: Holds at least one of the past solutions, deletes the past solution when it is no longer necessary to newly substitute, encrypts a plurality of processing target data into encrypted data, and Are decrypted in the same order as they were encrypted.
A fourth method includes a process of encrypting processing target data that is plaintext using a predetermined algorithm and a predetermined key to form encrypted data, a process of recording the encrypted data in a predetermined recording unit, The encrypted data read from the recording means is decrypted using the algorithm and key used to encrypt the encrypted data to be processed data, and is executed by a data processing device that executes the process In the method, the data processing device substitutes a past solution into a predetermined solution generation algorithm that can generate a new solution by substituting at least one of the past solutions. A first solution generation process that sequentially generates a new solution every time data is encrypted, and the processing target data is encrypted using the solution generated in the first solution generation process. By substituting the past solution into a predetermined solution generating algorithm that can generate a new solution by substituting at least one of the past solutions, and a first key generation process for sequentially generating new keys , Each time the encrypted data is decrypted, a second solution generation step for generating the same new solution as that generated in the first solution generation step, and a solution generated in the second solution generation step A second key generation process for generating the same new key as that generated in the first key generation process each time the encrypted data is decrypted using the data processing apparatus; , Holding at least one of the past solutions, deleting the past solution when it is no longer necessary to substitute, and encrypting a plurality of data to be processed into encrypted data, Multiple said encryptions The chromatography data they decoded in the same order as encrypted.

The inventor of the present application also proposes the following third invention.
According to a third aspect of the present invention, there are provided a plurality of first data processing devices, the same number of second data processing devices as the first data processing devices paired with each of the plurality of first data processing devices, and third data processing. Communication is performed between the first data processing device and the second data processing device using encrypted data obtained by encrypting processing target data that is plaintext, and the second data processing device. The third data processing apparatus is a data processing system in which communication by processing target data is performed.
The first data processing device and the second data processing device both cut the processing target data into a plurality of plaintext cut data by cutting each predetermined bit number, and convert the encrypted data into the encrypted data. Cutting means that cuts into the plurality of encrypted cut data by the same number of bits that were cut when the data was encrypted, the pair of the first data processing device and the second data processing device Based on the solution received from the solution generator, the solution generator that sequentially generates different solutions different from those of the other first data processor and the second data processor. The generated encrypted data is encrypted by an algorithm common to the first data processing device and the second data processing device, and the encrypted disconnected data is encrypted. Encryption / decryption means for decrypting the cut data into the plaintext cut data by the algorithm used when encrypting the cut data, connection means for connecting the decrypted plaintext cut data to the processing target data, A transmission / reception means for transmitting / receiving encrypted data, and the third data processing device is one of the data processing devices described in the first and second inventions, and the second data processing device is configured as described above. The processing target data generated by decrypting the encrypted data encrypted by the first data processing apparatus is encrypted, the encrypted data is recorded in the recording means, and the encrypted data read from the recording means is decrypted The data processing system is configured to be sent to the second data processing device.

The figure which shows the whole structure of the data processing system in 1st Embodiment. The figure which shows the hardware constitutions of the 1st data processing apparatus contained in the data processing system shown in FIG. The block diagram which shows the structure of the communication apparatus contained in the 1st data processing apparatus shown in FIG. The block diagram which shows the structure of the encryption apparatus contained in the 1st data processing apparatus shown in FIG. The figure which shows the hardware constitutions of the 2nd data processing apparatus contained in the data processing system shown in FIG. The block diagram which shows the structure of the encryption apparatus contained in the 2nd data processing apparatus shown in FIG. The block diagram which shows the structure of the other encryption apparatus contained in the 2nd data processing apparatus shown in FIG. The block diagram which shows the structure of the communication apparatus contained in the 2nd data processing apparatus shown in FIG. 2 is a flowchart showing a flow of processing executed in the data processing system shown in FIG. 1. 10 is a flowchart showing the flow of processing executed in S110 shown in FIG. 10 is a flowchart showing the flow of processing executed in S130 shown in FIG. 10 is a flowchart showing the flow of processing executed in S140 shown in FIG. 10 is a flowchart showing the flow of processing executed in S150 shown in FIG. The figure which shows the hardware constitutions of the encryption apparatus contained in the data processor in 2nd Embodiment. The flowchart which shows the flow of the encryption process performed with the data processor in 2nd Embodiment. The flowchart which shows the flow of the decoding process performed with the data processor in 2nd Embodiment. The figure which shows the hardware constitutions of the encryption apparatus contained in the modification of the data processor by 2nd Embodiment.

  Hereinafter, preferred first and second embodiments of the present invention will be described in detail with reference to the drawings. In the description of the first embodiment and the second embodiment, common reference numerals are used in common portions, and redundant descriptions are omitted.

<< First Embodiment >>
The data processing system according to this embodiment is schematically configured as shown in FIG.
The data processing system includes a plurality of first data processing devices 11 and one second data processing device 12 connected to each other via a network 13. In this embodiment, the network 13 is a LAN (Local Area Network).
The plurality of first data processing devices 11 and the second data processing device 12 perform encrypted communication with each other.
The network 13 may have other configurations as long as data exchange between the first data processing device 11 and the second data processing device 12 is possible.

  The configurations of the first data processing device 11 and the second data processing device 12 will be described. First, the configuration of the first data processing apparatus 11 will be described.

The hardware configuration of the first data processing device 11 is shown in FIG.
In this embodiment, the first data processing device 11 includes a central processing unit (CPU) 21, a read only memory (ROM) 22, a hard disk drive (HDD) 23, a random access memory (RAM) 24, an input device 25, a display. The apparatus 26, the encryption apparatus 27, the communication apparatus 28, and the bus 29 are included. The CPU 21, ROM 22, HDD 23, RAM 24, input device 25, display device 26, encryption device 27, and communication device 28 can exchange data via a bus 29.
The ROM 22 or the HDD 23 may include a predetermined program and predetermined data (this may include data to be processed, which is the case in the present embodiment. Includes data necessary for executing the above program). The CPU 21 controls the entire first data processing apparatus 11, and executes processes to be described later based on programs and data stored in the ROM 22 or the HDD 23. The RAM 24 is used as a working storage area when the CPU 21 performs processing.
The input device 25 includes a keyboard and a mouse, and is used for inputting commands and data. The display device 26 includes an LCD (liquid crystal display), a CRT (cathode ray tube), and the like, and is used to display commands, input data, processing status to be described later, and the like.
The encryption device 27 performs encryption of processing target data and decryption of encrypted data, which will be described later.
The communication device 28 performs communication with the second data processing device 12 via the network 13. Note that the communication device 28 of the second data processing device 12 performs communication with the first data processing device 11 via the network 13.

Next, the configuration of the communication device 28 will be described. FIG. 3 shows a block configuration diagram of the communication device 28.
The communication device 28 includes an interface unit 281, an authentication data generation unit 282, and a communication unit 283.
The interface unit 281 exchanges data between the bus 29 and the communication device 28. The interface unit 281 sends the encrypted data received from the bus 29 to the authentication data generation unit 282, and sends the encrypted data received from the communication unit 283 to the bus 29.
The authentication data generation unit 282 adds authentication data to, for example, a header of encrypted data to be transmitted when transmission of encrypted data to be described later to the second data processing device 12 is performed. The authentication data identifies the first data processing apparatus 11 that transmits the encrypted data. The authentication data is assigned to each first data processing device 11 by an administrator of the second data processing device 12 and is recorded in the ROM 22 or the HDD 23, for example. The authentication data generation unit 282 adds authentication data read from the ROM 22 or the HDD 23 to the encrypted data. As will be described later, the second data processing device 12 can grasp from which first data processing device 11 the encrypted data is sent based on the authentication data added to the received encrypted data. The authentication data generation unit 282 is configured to send encrypted data to which the authentication data is added to the communication unit 283. The communication unit 283 is configured to send the received encrypted data to the second data processing device 12.

Next, the configuration of the encryption device 27 will be described. FIG. 4 shows a block configuration diagram of the encryption device 27.
The encryption device 27 includes an interface unit 271, a preprocessing unit 272, an encryption / decryption unit 273, a solution generation unit 274, an algorithm generation unit 275, a key generation unit 276, and a connection unit 277.

The interface unit 271 exchanges data between the bus 29 and the communication device 28.
The interface unit 271 receives the processing target data from the HDDHH 23 via the bus 29 and the encrypted data from the communication unit 28 via the bus 29. The received processing target data or encrypted data is received from the communication unit 28 via the bus 29. Is sent to the pre-processing unit 272. Further, when the interface unit 271 receives the data to be processed or the encrypted data, the interface unit 271 sends data indicating that to the solution generation unit 274.
On the other hand, the interface unit 271 receives processing target data or encrypted data from the connection unit 277 and sends the received processing target data or encrypted data to the bus 29 as described later. Yes.

  The pre-processing unit 272 cuts the processing target data or encrypted data received from the bus 29 via the interface unit 271 for each predetermined number of bits, and generates plain text cut data or encrypted cut data. Is sent to the encryption / decryption unit 273. How to cut the data to be processed or the encrypted data will be described later. In this embodiment, the pre-processing unit 272 has a function of including dummy data, which is data unrelated to the processing target data, in the processing target data by a method described later.

  The encryption / decryption unit 273 receives the plaintext cut data or the encrypted cut data from the preprocessing unit 272, encrypts the plaintext cut data when it is received, and encrypts the cut data when it is received. Has a function of decrypting. Note that the encryption / decryption unit 273 in this embodiment has a fixed reference bit number as a processing unit when performing encryption and decryption processing. The reference bit number in this embodiment is 8 bits, although not limited thereto. Details of the encryption and decryption processing will be described later.

  The solution generation unit 274 sequentially generates solutions. The solution generated by the solution generation unit 274 of the first data processing device 11 is the same as the solution generated by the solution generation unit 274A of the second data processing device 12, which will be described later, in the same order. Has been. The solution in this embodiment is a pseudorandom number. The generated solution is sent to the preprocessing unit 272, the algorithm generation unit 275, and the key generation unit 276.

  The algorithm generation unit 275 generates an algorithm based on the solution received from the solution generation unit 274. This algorithm is used when the encryption / decryption unit 273 performs encryption processing and decryption processing.

  The key generation unit 276 generates a key based on the solution received from the solution generation unit 274. The key is used when the encryption / decryption unit 273 performs encryption processing and decryption processing.

  The connection unit 277 has a function of connecting plain text cut data generated by decrypting the encrypted cut data by the encryption / decryption unit 273 in the original order to make a set of data to be processed. Yes. The data to be processed is sent to the interface unit 271 and is sent to the HDD 23 or the CPU 21 via the bus 29 as necessary. The connection unit 277 also has a function of connecting encrypted cut data generated by encrypting the plaintext cut data by the encryption / decryption unit 273 to form a set of encrypted data. The encrypted data is sent to the interface unit 271, from there, sent to the communication unit 283 of the communication device 28 via the bus 29, and further sent from the communication unit 283 to the second data processing device 12. It has become. Note that the connecting unit 277 may not have a function of connecting encrypted cut data generated by encrypting plaintext cut data by the encryption / decryption unit 273. In this case, the encrypted cut data is sequentially sent to the counterpart communication device in the order of encryption. When the connection unit 277 is such, the encrypted cut data can be directly sent to the communication unit 283 without passing through the connection unit 277.

Next, the configuration of the second data processing device 12 will be described.
The hardware configuration of the second data processing device 12 is as shown in FIG.
The hardware configuration of the second data processing device 12 is basically the same as that of the first data processing device 11, but there are two types of encryption devices 27 that were one in the first data processing device 11, It differs from the first data processing device 11 in that an encryption device 27A and an encryption device 27B are provided instead of the encryption device 27.
The CPU 21, ROM 22, HDD 23, RAM 24, input device 25, display device 26, and bus 29 in the second data processing device 12 are the same as those in the first data processing device 11.

  Similar to the encryption device 27 in the first data processing device 11, the encryption device 27A and the encryption device 27B have functions of encrypting data to be processed and decrypting the encrypted data. Hereinafter, both configurations will be described in order.

The number of encryption devices 27 </ b> A is the same as the number of first data processing devices 11, and each of them is associated with one of the first data processing devices 11. That is, the encryption device 27A and the first data processing device 11 associated with each other can decrypt the encrypted data generated by the other party encrypting the processing target data. On the contrary, the encryption device 27A and the first data processing device 11 that are not associated with each other cannot decrypt the encrypted data generated by the other party encrypting the processing target data.
The encryption device 27A is configured as shown in FIG.
The encryption device 27A includes an interface unit 271A, a preprocessing unit 272A, an encryption / decryption unit 273A, a solution generation unit 274A, an algorithm generation unit 275A, a key generation unit 276A, and a connection unit 277A.
The interface unit 271A receives processing target data from the encryption device 27B via the bus 29 and encrypted data from the communication unit 28 via the bus 29. The encrypted data is sent to the preprocessing unit 272A. Further, when the interface unit 271A receives the processing target data or the encrypted data, the interface unit 271A sends data indicating that to the solution generation unit 274A.
On the other hand, as will be described later, the interface unit 271A receives processing target data or encrypted data from the connection unit 277A, and sends the received processing target data or encrypted data to the bus 29. Yes.
The pre-processing unit 272A cuts the processing target data or encrypted data received from the bus 29 via the interface unit 271A for each predetermined number of bits, and generates plain text cut data or encrypted cut data. Is sent to the encryption / decryption unit 273A. In this embodiment, the preprocessing unit 272A has a function of including dummy data, which is data unrelated to the processing target data, in the processing target data by a method described later.
The encryption / decryption unit 273A receives the plaintext cut data or the encrypted cut data from the preprocessing unit 272A, encrypts the plaintext cut data when it is received, and encrypts the cut data when it is received. Has a function of decrypting. In this embodiment, the encryption / decryption unit 273A has a fixed number of reference bits, which is a processing unit when performing encryption and decryption processing. The reference bit number in this embodiment is 8 bits, although not limited thereto. Details of the encryption and decryption processing will be described later.
The solution generation unit 274A sequentially generates solutions. The solution generated by the solution generator 274A is the same as the solution generated by the solution generator 274 of the first data processing device 11 and the solution generated in the same order. The generated solution is sent to the preprocessing unit 272A, the algorithm generation unit 275A, and the key generation unit 276A.
The algorithm generation unit 275A generates an algorithm based on the solution received from the solution generation unit 274A. This algorithm is used when the encryption / decryption unit 273A performs encryption processing and decryption processing. The algorithm generated by the algorithm generation unit 275A in the second data processing device 12 is the same as the algorithm generated in the same order by the algorithm generation unit 275 in the first data processing device 11.
Key generation unit 276A generates a key based on the solution received from solution generation unit 274A. The key is used when the encryption / decryption unit 273A performs encryption processing and decryption processing. The key generated by the key generation unit 276A in the second data processing device 12 is the same as the key generated in the same order by the key generation unit 276 in the first data processing device 11.
The function of the connection unit 277A in the second data processing device 12 is the same as that of the first data processing device 11. The connecting unit 277A generates processing target data by combining the plaintext cut data generated by the encryption / decryption unit 273A decrypting the encrypted cut data. This processing target data is sent to the encryption device 27B via the bus 29. The connection unit 277A also generates encrypted data by combining the encrypted cut data generated by the encryption / decryption unit 273A encrypting the plain text cut data. This encrypted data is sent to the first data processing device 11 via the communication device 28.

There is only one encryption device 27B.
The encryption device 27B has a function of re-encrypting the processing target data generated by the encryption device 27A decrypting the encrypted data generated by the first data processing device 11 by encrypting the processing target data. have. The encryption device 27B is configured to record the generated encrypted data in the HDD 23 in the second data processing device 12. The encryption device 27B has a function of decrypting the encrypted data read from the HDD 23.
The encryption device 27B is configured as shown in FIG.
The encryption device 27B includes an interface unit 271B, a preprocessing unit 272B, an encryption / decryption unit 273B, a solution generation unit 274B, an algorithm generation unit 275B, a key generation unit 276B, a connection unit 277B, and a specific information generation unit 278B. Composed.
The interface unit 271B of the encryption device 27B receives the data to be processed from the encryption device 27A via the bus 29 and the encrypted data from the HDD 23 in the second data processing device 12 via the bus 29. The received processing target data or encrypted data is sent to the preprocessing unit 272B. Further, when the interface unit 271B receives the data to be processed or the encrypted data, the interface unit 271B sends data indicating that to the solution generation unit 274B.
On the other hand, as will be described later, the interface unit 271B receives processing target data from the connection unit 277B in the encryption device 27B, and receives encrypted data from the specific information generation unit 278B. Data or encrypted data is sent to the bus 29.
The pre-processing unit 272B cuts the processing target data or encrypted data received from the bus 29 via the interface unit 271B for each predetermined number of bits, and generates plain text cut data or encrypted cut data. Is sent to the encryption / decryption unit 273B. In this embodiment, the preprocessing unit 272B has a function of including dummy data, which is data unrelated to the processing target data, in the processing target data by a method described later.
The encryption / decryption unit 273B receives the plaintext cut data or the encrypted cut data from the preprocessing unit 272B, encrypts the plaintext cut data when it is received, and encrypts the cut data when it is received. Has a function of decrypting. In this embodiment, the encryption / decryption unit 273B has a fixed number of reference bits, which is a processing unit when performing encryption and decryption processing. The reference bit number in this embodiment is 8 bits, although not limited thereto. Details of the encryption and decryption processing will be described later. Note that the encryption / decryption unit 273B performs decryption by using an algorithm and a key specified based on specific information to be described later.
The solution generator 274B sequentially generates solutions. The solution generated by the solution generator 274B is a pseudo random number. The generated solution is sent to the algorithm generation unit 275B and the key generation unit 276B, and is also sent to the preprocessing unit 272B in this embodiment.
The algorithm generation unit 275B generates an algorithm based on the solution received from the solution generation unit 274B. This algorithm is used when the encryption / decryption unit 273B performs encryption processing and decryption processing.
The key generation unit 276B generates a key based on the solution received from the solution generation unit 274B. The key is used when the encryption / decryption unit 273B performs encryption processing and decryption processing. The key generated by the key generation unit 276B in the second data processing device 12 is the same as the key generated in the same order by the key generation unit 276 in the first data processing device 11.
The connecting unit 277B in the second data processing device 12 has a function of generating processing target data by connecting plaintext cut data generated by the encryption / decryption unit 273B decrypting the encrypted cut data. This processing target data is sent to the encryption device 27A. The connection unit 277B also generates encrypted data by combining the encrypted cut data generated by the encryption / decryption unit 273B encrypting the plain text cut data. This encrypted data is recorded in the HDD 23 in the second data processing device 12.

The encryption device 27B includes a specific information generation unit 278B.
The specific information generation unit 278B adds specific information to the encrypted data generated by the connection unit 277B. This specific information is information for specifying the algorithm and key used when encrypting the encrypted data to which the specific information is added. Specifically, the algorithm itself used when encrypting the encrypted data, the key itself used when encrypting the encrypted data, and the algorithm or key used when encrypting the encrypted data Or the information used to indicate the order of the generated solution. In this embodiment, since both the algorithm and the key are changed, the specifying information specifies both the algorithm and the key, or the solution used to generate the algorithm and the key. Or the order in which the solutions were generated must be specified, but if only one of the algorithm and the solution changes, the specific information can only identify the algorithm and the solution that changes If it is.
In this embodiment, the specific information generation unit 278B adds the specific information to the encrypted data. However, the specific information is associated with the encrypted data in a place different from the encrypted data. It may be stored after being performed.

The configuration of the communication device 28 in the second data processing device 12 is substantially the same as the configuration of the communication device 28 in the first data processing device 11. The functions of the interface unit 281 and the communication unit 283 are the same as those in the communication device 28 of the first data processing device 11. The communication device 28 of the second data processing device 12 is different from the communication device 28 of the first data processing device 11 in that an authentication unit 284 is provided instead of the authentication data generation unit 282 in the first data processing device 11. .
The authentication unit 284 reads the authentication data included in the header in this embodiment of the encrypted data received from the first data processing device 11, and from which first data processing device 11 the encrypted data comes from. It is to judge whether there is. The encrypted data is sent via the interface unit 281 to the encryption device 27A associated with the first data processing device 11 that is the transmission source.

Next, the flow of processing performed in this data processing system will be described.
If it demonstrates roughly using FIG. 9, the flow of the process performed with this data processing system is as follows.
First, the encryption device 27 of the first data processing device 11 among the plurality of first data processing devices 11 encrypts the processing target data to generate encrypted data (S110).
Next, the first data processing device 11 sends the encrypted data to the second data processing device 12 (S120).
Next, among the plurality of encryption devices 27A in the second data processing device 12 that has received the encrypted data, the one associated with the first data processing device 11 that has sent the encrypted data is the encryption device. The encrypted data is decrypted and returned to the processing target data (S130).
Next, the decrypted data to be processed is encrypted by the encryption device 27B and recorded in the HDD 23 in the second data processing device 12 (S140).
Next, for example, in response to a request from the first data processing device 11, the encryption device 27B decrypts the encrypted data in the HDD 23 and returns it to the processing target data (S150).
Next, the processing target data is encrypted by the encryption device 27A into encrypted data (S160).
Next, the second data processing device 12 sends the encrypted data to the first data processing device (S170).
Next, the encrypted data is decrypted by the encryption device 27 in the first data processing device 11 and returned to the original data to be processed (S180).

  First, FIG. 10 illustrates the process of S110 described above in which the encryption device 27 of one first data processing device 11 among a plurality of first data processing devices 11 encrypts the processing target data to generate the encrypted data. The details will be described with reference to FIG.

First, processing target data is read (S1101). The processing target data may be any data that needs to be transmitted from the first data processing device 11 to the second data processing device 12. In this embodiment, it is assumed that the processing target data is recorded in the HDD 23. Data read into the first data processing device 11 from another recording medium such as an external recording medium may be the processing target data.
For example, when a command indicating that processing target data can be sent from the input device 25 to the second data processing device 12 is input, the CPU 21 reads the processing target data from the HDD 23 and temporarily records it in, for example, the RAM 24. This processing target data is sent from the HDD 23 to the encryption device 27 via the bus 29. More specifically, the processing target data is sent to the preprocessing unit 272 via the interface unit 271.

  In the preprocessing unit 272, the processing target data is cut into a plain text cut data every predetermined number of bits (S1102). The preprocessing unit 272 includes dummy data in the plain text cut data as necessary.

There may be one method for generating the plaintext cut data from the processing target data, but in this embodiment, the plaintext cut data is generated from the processing target data by any of the following three methods. ing.
A) The data to be processed is cut into a plaintext cut data by cutting it into a constant bit number shorter than the reference bit number, and all of the plaintext cut data whose bit number is shorter than the reference bit number When dummy data is included in the position B) The data to be processed is cut into a fixed number of bits shorter than the reference number of bits to obtain plain text cut data, and all of them are shortened in number of bits than the reference number of bits. C) When the dummy data is included at different positions of the plaintext cut data, the data to be processed is cut into the number of bits equal to or shorter than the reference bit number to obtain the plaintext cut data, and the data is less than the reference bit number. When dummy data is included in each plaintext cut data with a short bit number

  Which of the three methods described above generates plaintext cut data from the processing target data is determined by the solution generated by the solution generation unit 274.

Therefore, how the solution generation unit 274 generates a solution will be described first.
When the interface unit 271 receives the processing target data from the bus 29, the solution generation unit 274 receives the information from the interface unit 271.
In response to this, the solution generation unit 274 starts generating the solution. In this embodiment, the solution generation unit 274 generates a solution each time processing target data is received by the interface unit 271. Although not limited to this, the solution in this embodiment is an 8 × 8 matrix (X).

The solution generation unit 274 does not necessarily have to be so, but in this embodiment, the solution is generated continuously as if it is a nonlinear transition. This solution results in a pseudorandom number.
In order to continuously generate solutions so as to make a non-linear transition, for example, (1) a solution generation process includes a power operation of a past solution, and (2) a solution generation process includes the past 2 It is conceivable to include a method of multiplying two or more solutions or combining (1) and (2).

In this embodiment, the solution generator 274 has the 01st solution (X ₀₁ ) and the 02nd solution (X ₀₂ ) as predetermined initial matrices (for example, the 01st solution and the 02nd solution). Is recorded in a predetermined memory such as the HDD 23 or the ROM 22). The initial matrices of the first data processing devices 11 are different from each other. Therefore, the solutions generated in the first data processing devices 11 are different from each other.
Each of the plurality of encryption devices 27A in the second data processing device 12 has the same initial matrix as that of the first data processing device 11 associated with each encryption device 27A.

The solution generation unit 274 generates the first solution (X ₁ ) as follows by substituting this initial matrix into the solution generation algorithm.
First solution (X ₁ ) = X ₀₂ X ₀₁ + α (α = 8 × 8 matrix)
This is the first solution generated.
Next, when the interface unit 271 receives the processing target data from the bus 29, the solution generation unit 274 generates the second solution (X ₂ ) as follows.
Second solution (X ₂ ) = X ₁ X ₀₂ + α
Similarly, every time the interface unit 271 receives processing target data from the bus 29, the solution generation unit 274 generates the third solution, the fourth solution,..., The Nth solution as follows.
Third solution (X ₃ ) = X ₂ X ₁ + α
Fourth solution (X ₄ ) = X ₃ X ₂ + α
:
Nth solution (X _N ) = X _N−1 X _N−2 + α
The solution generated in this way is sent to the preprocessing unit 272, the algorithm generation unit 275, and the key generation unit 276 and is held by the solution generation unit 274. In this embodiment, in order to generate the Nth solution ( _XN ), the N-1th solution ( _XN-1 ) and the N-2th solution ( _XN-2 ) are generated immediately before that. Two other solutions are used. Therefore, when generating a new solution, the solution generation unit 274 must hold the last two solutions generated in the past (or any other person who is not the solution generation unit 274 needs to obtain these two solutions. Must be retained). Conversely, solutions older than the last two solutions generated in the past are not used in the future to generate new solutions. Therefore, in this embodiment, the two previous solutions are always held in the solution generation unit 274. However, the second solution up to that point, which has become the third most recent solution when a new solution is generated, is used. The solution that has been is deleted from a predetermined memory or the like in which the solution is recorded.
It should be noted that the solution generated in this way is chaotic with a non-linear transition and becomes a pseudo-random number.

In order to cause a nonlinear transition, the Nth solution (X _N ) = X _N−1 X _N−2 + α described above is obtained when the Nth solution is obtained.
In addition to using the following formula, it is conceivable to use the following formula.
For example,
(A) Nth solution (X _N ) = (X _N−1 ) ^P
(B) Nth solution (X _N ) = (X _N-1 ) ^P (X _N-2 ) ^Q (X _N-3 ) ^R (X _N-4 ) ^S
(C) Nth solution (X _N ) = (X _N−1 ) ^P + (X _N−2 ) ^Q
Etc.
P, Q, R, and S are predetermined constants. In addition, the solution generation unit 274 has two initial matrices when using the equation (a) or (c) and four initial matrices when using the equation (b).
Moreover, although α mentioned above was a constant, it can also be used as specific changing environment information. This environmental information is information that occurs naturally one after another and can be obtained in common at distant locations. For example, information that is determined based on weather in a specific region, is broadcast at a specific time. Information determined based on the contents of a television broadcast of a certain TV station, information determined based on the result of a specific sport, and the like.
If the above-mentioned α is created one after another from such environmental information and common information is generated, the confidentiality of communication can be further enhanced.
Of course, it is possible to add α (this may be generated from the environment information) to the right side of the mathematical expressions (a) to (c).

As described above, the preprocessing unit 272 that has received the solution (that is, the above-described solution) determines whether to generate the plain text cut data according to any of the above-described methods A), B), and C). . In this embodiment, the present invention is not limited to this, but the sum of the numbers constituting the 8-by-8 matrix that is the solution is divided by 3, and when the remainder is 0, the method of A) Plain text cut data is generated by the method B) when the remainder is 1, and by the method C) when the remainder is 2, respectively.
When the plain text cut data is generated by the method A), the preprocessing unit 272 sequentially processes the data to be processed received from the interface unit 271 from the top, and has a certain number of bits shorter than the reference number of bits (this embodiment) In this case, plain text cut data is generated by cutting at 7 bits). Further, the preprocessing unit 272 embeds dummy data at a fixed position of the plain text cut data. Note that the position in the plain text cut data in which the dummy data is embedded may be changed or may be fixed. In the latter case, the position where the dummy data is embedded can be, for example, the beginning or end of the plaintext cut data, or a predetermined intermediate position such as the second bit or the third bit. The dummy data may be any data as long as it is irrelevant to the processing target data. For example, a process of always embedding data of 0, embedding data of 1, or embedding data of 1 and 0 alternately is conceivable. As yet another example, it is possible to determine what dummy data is to be embedded based on the above solution. For example, the sum of the numbers that make up the 8-by-8 matrix, which is the solution, is divided by 9, and when the remainder is 0, 0, 0, 0, 0. In the case of 0, 1, 0, 1 ... every other 1 is inserted, and when the remainder is 2, 0, 0, 1, 0, 0, 1 ... every other 1 is inserted, Similarly, when the remainder is 3, every third is inserted, when the remainder is 4, every fourth,...
When the plain text cut data is generated by the method B), the preprocessing unit 272 cuts the processing target data into a fixed number of bits (for example, 7 bits) shorter than the reference number of bits and cuts the plain text. In addition to data, dummy data is included at different positions of the plaintext cut data, all of which are shorter than the reference number of bits. In this case, the position where the dummy data is embedded may be fixed, or for each of the plaintext cut data, the first bit, the second bit, the third bit, the eighth bit, the first bit, the second bit, the eighth bit. , May be changed regularly, or may be changed randomly. When the position where the dummy data is embedded changes randomly, for example, the position where the dummy data is embedded may be determined based on the solution.
As a method of determining the position where dummy data is to be embedded by the solution, for example, the sum of the numbers constituting the 8-by-8 matrix that is the solution is divided by 8, and when the remainder is 0, the plaintext Dummy data is alternately embedded at the beginning and end of every other cut data. When the remainder is 1, plain text cut data with dummy data embedded at the top and plain text cut data with dummy data embedded at the end are 2 When the remainder is 2, make sure that every third plaintext cut data with dummy data embedded at the beginning and every third plaintext cut data with dummy data embedded at the end, ... When the remainder is 7, processing is performed so that every 8 plaintext cut data with dummy data embedded at the beginning and every other plaintext cut data with dummy data embedded at the end. It can be so. It is also possible to move the position further without fixing the position where the dummy data is embedded, such as the beginning and the end.
When the plain text cut data is generated by the method C), the data to be processed is cut to the number of bits equal to or shorter than the reference number of bits. This cutting can be performed by cutting the data to be processed into a random length shorter than 8 bits. For example, the sum of the numbers constituting the matrix of 8 rows and 8 columns as a solution is 8 When the remainder is 0, the head portion of the data to be processed at that time is cut by 8 bits, and when the remainder is 1, the head portion of the data to be processed at that time is cut by 1 bit. When the remainder is 2, the head portion of the processing target data at that point is cut by 2 bits, and when the remainder is 7, the head portion of the processing target data at that point is cut by 7 bits. it can. Also, the preprocessing unit 272 embeds dummy data in each of the plaintext cut data having a bit number shorter than the reference bit number among the plaintext cut data generated thereby. In this case, the dummy data embedding position may be a specific position such as the beginning or the end, or may be a predetermined position that changes depending on the solution.
In any case, the plaintext cut data generated in this way is sent to the encryption / decryption unit 273 in a stream in the order of generation.

In parallel with the generation of the plaintext cut data, the algorithm generation unit 275 generates an algorithm used when encrypting the plaintext cut data.
The algorithm generation unit 275 in this embodiment generates an algorithm based on the solution.
In this embodiment, the algorithm generation unit 275 generates an algorithm as follows.
The algorithm in this embodiment is as follows: “When plaintext cut data that is 8-bit data is a matrix Y of 1 row and 8 columns, the matrix X of 8 rows and 8 columns that is the solution is raised to a power, and then clockwise. The matrix obtained by multiplying the matrix rotated by n × 90 ° by Y is defined.
Here, a may be a predetermined constant, but in this embodiment, a is a number that changes based on the solution. That is, the algorithm in this embodiment changes based on the solution. For example, a is a remainder when a number obtained by adding all the numbers of matrix elements included in a solution that is a matrix of 8 rows and 8 columns is divided by 5 (however, if the remainder is 0, a = 1)).
Further, the above-mentioned n is a predetermined number determined by the key. If the key is a fixed number, n is fixed, but the key changes based on the solution as described below. That is, in this embodiment, this n also changes based on the solution.
However, the algorithm can be determined as another one.
In this embodiment, the algorithm generation unit 275 generates an algorithm each time a solution is received from the solution generation unit 274 and sends it to the encryption / decryption unit 273.

In parallel with the generation of the plaintext cut data, the key generation unit 276 generates a key used when encrypting the plaintext cut data.
The key generation unit 276 generates a key based on the solution.
In this embodiment, the key generation unit 276 generates a key as follows.
The key in this embodiment is a number obtained by adding all the numbers that are the elements of the matrix included in the solution that is a matrix of 8 rows and 8 columns. Thus, the key changes based on the solution in this embodiment.
Note that the key can be determined as another one.
In this embodiment, the key generation unit 276 generates a key each time a solution is received from the solution generation unit 274 and sends it to the encryption / decryption unit 273.

The encryption / decryption unit 273 encrypts the plaintext cut data received from the preprocessing unit 272 based on the algorithm received from the algorithm generation unit 275 and the key received from the key generation unit 276 (S1103).
As described above, when the plaintext cut data, which is 8-bit data, is set to a matrix Y of 1 row and 8 columns, the algorithm uses the matrix X of 8 rows and 8 columns, which is the solution, to the a power, and then rotates clockwise. Is obtained by multiplying the matrix rotated by n × 90 ° by Y ”, and the key n is the number as described above.
For example, when a is 3 and n is 6, 8 obtained by rotating an 8 × 8 matrix obtained by raising X to the third power clockwise by 6 × 90 ° = 540 °. Encryption is performed by multiplying the matrix of 8 rows by the plaintext cut data.
Data generated in this way is encrypted cut data.

  The encrypted cut data is sent to the connection unit 277. The connection unit 277 connects the encrypted cut data together to generate encrypted data (S1104). The arrangement order of the encrypted cut data at this time corresponds to the arrangement order of the original plaintext cut data.

  As described above, first, the process of S110 in which the first data processing apparatus 11 encrypts the processing target data and generates the encrypted data ends.

The encrypted data generated in this way is sent to the communication device 28 in the first data processing device 11 via the bus 29. The encrypted data is received by the interface 281 in the communication apparatus and sent to the authentication data generation unit 282. The authentication data generation unit 282 sends the encrypted data to the communication unit 283 after adding the authentication data to the header of the encrypted data.
The communication unit 283 sends the encrypted data to the second data processing device 12 via the network 13. Thereby, the process of S120 mentioned above is performed.

In the second data processing device 12 that has received the encrypted data, the process of S130 is executed to decrypt the encrypted data and return it to the data to be processed.
Hereinafter, this decoding process will be described in detail with reference to FIG.

The encrypted data sent to the second data processing device 12 is received by the communication unit 283 in the communication device 28 of the second data processing device 12 (S1201).
The communication unit 283 sends the encrypted data to the authentication unit 284. The authentication unit 284 determines which first data processing device 11 the encrypted data has come from based on the authentication data added to the encrypted data (S1202).
After the determination by the authentication unit 284, the encrypted data is sent to the interface unit 281. The interface unit 281 sends the encrypted data to the encryption device 27A associated with the first data processing device 11 determined by the authentication unit 284 as the transmission source of the encrypted data.

The preprocessing unit 272A in the encryption device 27A receives this encrypted data via the interface unit 271A.
The preprocessing unit 272A cuts the received encrypted data every predetermined number of bits to generate encrypted cut data (S1203).
When the encrypted data is generated by cutting the encrypted data, the preprocessing unit 272A performs a process reverse to that performed by the connection unit 277 of the first data processing apparatus 11. That is, the encrypted data is cut every 8 bits from the head and divided into a plurality of encrypted cut data.

Next, the encrypted cut data is sent to the encryption / decryption unit 273A, where it is decrypted and converted into plaintext cut data (S1204).
Decryption is executed as a process reverse to that performed by the encryption / decryption unit 273 in the first data processing apparatus 11. Therefore, the second data processing device 12 requires an algorithm and a key that are necessary when the first data processing device 11 performs encryption.

The algorithm and key used for decryption are generated in the encryption device 27A. The mechanism will be explained.
Information that the interface unit 271A of the encryption device 27A has received the encrypted data is sent to the solution generation unit 274A. The solution generation unit 274A generates a solution every time this information is received, triggered by the reception of this information.
The solution generation performed by the solution generation unit 274A in the encryption device 27A of the second data processing device 12 is performed through the same process as that performed by the solution generation unit 274 of the first data processing device 11. As described above, the solution generation unit 274A has the same initial value as the solution generation unit 274 of the first data processing apparatus 11 associated with the encryption device 27A including the solution generation unit 274A. It has a matrix and an algorithm for solution generation. Therefore, a solution generated in the encryption device 27A of the second data processing device 12 is generated in the encryption device 27 of the corresponding first data processing device 11 if the generated sequences are compared with each other. It is the same as the solution to be done.
The generated solution is sent from the solution generation unit 274A to the preprocessing unit 272A, the algorithm generation unit 275A, and the key generation unit 276A.
The algorithm generation unit 275A generates an algorithm every time a solution is received based on the received solution. The process of generating an algorithm by the algorithm generation unit 275A of the second data processing device 12 is the same as the process of generating the algorithm by the algorithm generation unit 275 of the first data processing device 11. The generated algorithm is sent from the algorithm generation unit 275A to the encryption / decryption unit 273A.
On the other hand, the key generation unit 276A generates a key each time a solution is received based on the received solution. The process of generating the key by the key generation unit 276A of the second data processing device 12 is the same as the process of generating the key by the key generation unit 276 of the first data processing device 11. The generated key is sent from the key generation unit 276A to the encryption / decryption unit 273A.
By the way, in this data processing system, every time encryption is performed by the first data processing device 11, a new solution is generated by the first data processing device 11, and the encrypted data generated by the first data processing device 11 is generated. Is decrypted by the second data processing device 12, a new solution is generated by the second data processing device 12. Further, as described above, the solutions generated by the encryption device 27A of the second data processing device 12 are encrypted in the corresponding first data processing device 11 if the generated sequences are compared with each other. This is the same as the solution generated by the device 27. Therefore, the solution generated when encrypting the data to be processed, which is the first data processing device 11, and the algorithm and key generated based on the solution are all the algorithm and key generated using the solution. When the encrypted data generated by the first data processing device 11 is decrypted using, the solution generated by the encryption device 27A of the second data processing device 12 and the algorithm generated based on the solution And will always match the key. This situation is the same when the second data processing device 12 performs encryption and the first data processing device 11 performs decryption.

  In the encryption / decryption unit 273A, as described above, the decryption process is performed using the algorithm received from the algorithm generation unit 275A. More specifically, the encryption / decryption unit 273A uses the algorithm received from the algorithm generation unit 275A (“8 when the plaintext cut data, which is 8-bit data, is a matrix Y with 1 row and 8 columns, 8 Based on the definition of “the encrypted cut data is obtained by multiplying a matrix X rotated by n × 90 ° clockwise after multiplying the matrix X of row 8 columns by a power” with Y), An algorithm for performing the decryption process (“If the encrypted cut data is viewed as a 1-by-8 matrix Z, the 8 × 8 matrix X as a solution is raised to a power, and then n × clockwise. By multiplying the inverse matrix of the matrix rotated by 90 ° by Y and defining it as plaintext cut data ”, and performing an operation according to the above definition using a key, Decryption processing is performed. In this way, the encryption / decryption unit 273A sequentially decrypts the encrypted cut data supplied in a stream from the preprocessing unit 272A to generate plaintext cut data.

Next, the encryption / decryption unit 273A removes the dummy data from the plaintext cut data as necessary (S1205). As described above, the solution generated by the solution generation unit 274A is sent to the preprocessing unit 272A. This solution is used when the preprocessing unit 272 of the first data processing apparatus 11 determines how the dummy data is embedded in the plain text cut data. In other words, the solution that the pre-processing unit 272A of the encryption device 27A has at that time has been decrypted (or decrypted) by the encryption / decryption unit 273A of the second data processing device 12. Or it shows how the dummy data is embedded in the encrypted cut data (more precisely, the plaintext cut data before the encrypted cut data is encrypted) is there.
The preprocessing unit 272A sends information about where the dummy data is embedded in the plaintext cut data decrypted by the encryption / decryption unit 273A to the encryption / decryption unit 273A.
Using this, the encryption / decryption unit 273A removes the dummy data from the plaintext cut data.

The plain text cut data generated in this way is sent to the connection unit 277A. The connection unit 277A connects the received plaintext cut data as a whole, and returns the data to be processed in the original state before being encrypted by the first data processing device 11 (S1206).
In this way, the process of S130 in which the second data processing device 12 decrypts the encrypted data and returns it to the processing target data ends.

  The generated processing target data is sent from the connection unit 277A to the interface unit 271A, and is sent to the encryption device 27B via the bus 29.

Here, the encryption device 27B performs the process of S140 described above to encrypt the decrypted data to be processed again into encrypted data.
The encryption process in the encryption device 27B is performed in a flow substantially similar to that in the first data processing device 11 (FIG. 12).

The processing target data sent to the encryption device 27B is received by the interface unit 271B (S1301).
The interface unit 271B sends this to the preprocessing unit 272B.
The preprocessing unit 272B cuts the received processing target data every predetermined number of bits to generate plaintext cut data (S1302). In this case, the method of cutting the data to be processed does not have to be the same as that of the encryption device 27 and the encryption device 27A, but in this embodiment, the same method as that described for the encryption device 27 and the encryption device 27A is used. By performing the processing, the processing target data is disconnected. In addition, the preprocessing unit 272B performs the same processing as that described in the encryption device 27, and includes dummy data as necessary in the plaintext cut data.

Next, the plain text cut data is sent to the encryption / decryption unit 273B, where it is encrypted and becomes encrypted cut data (S1303).
Here, as in the case of the encryption device 27, an algorithm and a key used for encryption are generated. The solution is generated prior to this, as in the case of the encryption device 27. The flow from solution generation to algorithm and key generation will be described below.

When the interface unit 271B receives the processing target data from the bus 29, the solution generation unit 274B receives the information from the interface unit 271B. The solution generation unit 274B only needs to be able to generate a solution at an appropriate timing, but the solution generation unit 274B in this embodiment receives information from the interface unit 271B that the processing target data has been received. In response to this, a solution is generated. The details of the solution generation are the same as those described in the encryption device 27.
The generated solution is sent to the algorithm generation unit 275B and the key generation unit 276B.

  The algorithm generation unit 275B and the key generation unit 276B perform the same processing as that executed by the algorithm generation unit 275 and the key generation unit 276 in the encryption device 27 to generate an algorithm and a key. The generated algorithm and key are sent from the algorithm generation unit 275B or the key generation unit 276B to the encryption / decryption unit 273B.

The encryption / decryption unit 273B receives the algorithm from the algorithm generation unit 275B and the key from the key generation unit 276B, and sequentially encrypts the plaintext cut data received from the preprocessing unit 272B based on the algorithm (S1303).
Details of the encryption are the same as those described for the encryption device 27.
The generated encrypted cut data is sequentially sent to the connection unit 277B.

  The connection unit 277B collects the encrypted cut data as encrypted data (S1304). This encrypted data is sent to the specific information generation unit 278B.

The specific information generation unit 278B adds the specific information as described above to, for example, the header of the received encrypted data (S1305).
The encrypted data to which the specific information is added is sent to the bus 29 via the interface unit 271B, and is recorded on the HDD 23 in the second data processing device 12.

  Next, for example, when the first data processing apparatus 11 gives an instruction to return the encrypted data recorded in the HDD 23 in the second data processing apparatus 12 to the first data processing apparatus 11, the second data The processing device 12 executes the following processing.

First, the process of S150 described above is executed in which the encryption device 27B reads the encrypted data from the HDD 23, decrypts the encrypted data, and returns it to the process target data. Details of this processing will be described with reference to FIG.
Specifically, the interface unit 271B in the encryption device 27B of the second data processing device 12 reads the encrypted data from the HDD 23 via the bus 29 (S1401).
The interface unit 271B sends this encrypted data to the preprocessing unit 272B. The preprocessing unit 272B cuts the received encrypted data every predetermined number of bits to generate encrypted cut data (S1402).
When the encrypted data is cut to generate the encrypted cut data, the preprocessing unit 272B performs the same process as the above-described process performed by the preprocessing unit 272A of the encryption device 27A when performing the decryption. That is, the encrypted data is cut every 8 bits from the head and divided into a plurality of encrypted cut data.

Next, the encrypted cut data is sequentially sent to the encryption / decryption unit 273B, where it is decrypted and converted into plaintext cut data (S1403).
Decryption is executed as processing similar to the processing described above performed by the encryption / decryption unit 273A of the encryption device 27A when performing decryption. In order to perform such decryption, the second data processing device 12 requires an algorithm and a key.

The algorithm and key are generated as follows.
The interface unit 271B in this embodiment can read specific information added to encrypted data. This specific information is information for specifying the algorithm and key used when encrypting the encrypted data to which the specific information is added.
For example, when the specific information is the algorithm and key itself used when encrypting the encrypted data, the interface 217B reads the algorithm and key from the encrypted data, and for example, reads them through the preprocessing unit 272B. The data is sent to the encryption / decryption unit 273B. The encryption / decryption unit 273B decrypts the encrypted cut data based on the algorithm and the key.
Further, when the specific information is the algorithm used when encrypting the encrypted data and the solution used when generating the key, the interface 217B reads this solution from the encrypted data, The data is sent to the generation unit 275B and the key generation unit 276B. In this case, the algorithm generation unit 275B and the key generation unit 276B generate an algorithm and a key based on the accepted solution, respectively. This algorithm and key are used when encrypting encrypted data to which the solution is added. It matches each algorithm and key used. The algorithm generation unit 275B and the key generation unit 276B send the generated algorithm and key to the encryption / decryption unit 273B. The encryption / decryption unit 273B decrypts the encrypted cut data based on the algorithm and the key.
Also, if the specific information is information indicating the algorithm used when encrypting the encrypted data and the solution used when generating the key is the generated solution, the interface 217B reads this information from the encrypted data and sends it to the solution generator 274B. The solution generator 274B that has received this information generates solutions up to the indicated order. This solution coincides with the solution used when encrypting the encrypted data to which the above-described information is added. In this case, only the initial matrix is held without being erased so that the solutions generated in the same order are always the same. The solution generation unit 274B sends the generated solution to the algorithm generation unit 275B and the key generation unit 276B. The algorithm generation unit 275B and the key generation unit 276B generate an algorithm and a key based on the accepted solution. The algorithm and the key are the algorithms used when encrypting the encrypted data to which the solution was added. And key respectively. The algorithm generation unit 275B and the key generation unit 276B send the generated algorithm and key to the encryption / decryption unit 273B. The encryption / decryption unit 273B decrypts the encrypted cut data based on the algorithm and the key.
As described above, the encrypted cut data is returned to the plain text cut data.

Next, the encryption / decryption unit 273B removes the dummy data from the plaintext cut data as necessary (S1404).
Here, if the dummy data included in the plaintext cut data is included in an appropriate position based on the solution, the encryption / decryption unit 273B determines that the plaintext cut data when removing the dummy data. Requires the solution used when was encrypted last time. If the specific information is the solution used when the plaintext cut data was previously encrypted, the interface 217B sends this solution to the encryption / decryption unit 273B. In addition, when the specific information is information indicating the number of solutions generated when the plaintext cut data was previously encrypted, the solution generator 274B generates the generated solution. Is sent to the encryption / decryption unit 273B. Using this solution, the encryption / decryption unit 273B removes dummy data included in an appropriate position based on the solution.
When dummy data included in the plaintext cut data is included at an appropriate position based on the solution, the specific information may be the algorithm and key itself used to encrypt the encrypted data. It is not preferable. This is because the encryption / decryption unit 273B cannot obtain the solution, and thus the dummy data cannot be removed.

  The plain text cut data from which the dummy data is removed is sent to the connection unit 277B. The plain text cut data is connected together at the connection unit 277B and returned to the processing target data (S1405).

This plaintext cut data is sent to the bus 29 via the interface unit 271B, and the cipher associated with the first data processing apparatus 11 that has requested transmission of the encrypted data that was the source of this plaintext cut data. Sent to the composing apparatus 27A.
Receiving this, the encryption device 27A executes the process of S160 described above, which encrypts the processing target data into encrypted data.

  The encryption device 27A executes this processing as the same processing as that described in S110 performed by the encryption device 27 of the first data processing device 11 when the processing target data is encrypted data.

  The encrypted data generated by the encryption device 27A is sent to the communication device 28 in the second data processing device 12 via the bus 29, and from there, the transmission of encrypted data is requested via the network 13. The data is sent to the communication unit 28 of the first data processing device 11. This corresponds to the processing of S170 described above.

  This encrypted data is decrypted by the encryption device 27 in the first data processing device 11. This is the process of S180 described above. The encryption device 27 assumes that this processing is the same as the processing described in S130 performed by the encryption device 27A of the second data processing device 12 when decrypting the encrypted data into the processing target data. Execute.

  In short, the encryption device 27 incorporated in each of the first data processing devices 11 in this embodiment, and the second data processing device 12 associated with the first data processing device 11 incorporating the encryption device 27. The encryption device 27A can decrypt the encrypted data encrypted by the other party.

  The processing target data generated by being decrypted by the encryption device 27 in the first data processing device 11 is the same as that in the HDD 23 in the first data processing device 11 before the processing of S110 is performed. . This processing target data is recorded in, for example, the HDD 23 in the first data processing device 11. The first data processing apparatus 11 can appropriately use it.

<< Second Embodiment >>
In the second embodiment, there is only one data processing device.
The hardware configuration of the data processing device in the second embodiment is the same as that of the first data processing device 11 in the first embodiment. However, the data processing device according to the second embodiment does not need communication, and thus does not have the communication device 28 included in the first data processing device 11.
That is, the data processing device in the second embodiment includes a CPU 21, ROM 22, HDD 23, RAM 24, input device 25, display device 26, encryption device 27, and bus 29. These functions basically match the functions of the CPU 21, ROM 22, HDD 23, RAM 24, input device 25, display device 26, encryption device 27, and bus 29 in the first data processing device 11.
However, the configuration of the encryption device 27 in the data processing device in the second embodiment is the same as the configuration of the encryption device 27 built in the first data processing device 11 in the first embodiment (the one shown in FIG. 4). The algorithm generation unit 275 is replaced with the first algorithm generation unit 275X and the second algorithm generation unit 275Y, and the key generation unit 276 is replaced with the first key generation unit 276X and the second key generation unit 276Y. This is different from the encryption device 27 of the first embodiment (FIG. 14).

In the data processing apparatus of the second embodiment, as will be described later, the processing target data recorded in the HDD 23 is encrypted by the encryption apparatus 27, the encrypted data generated by the encryption is recorded in the HDD 23, and the HDD 23 is recorded. Each process of decrypting the encrypted data recorded in the encryption device 27 and recording the processing target data generated by the decryption to the HDD 23 is performed in the second embodiment. There are a plurality of encrypted data, and the order in which the encrypted data is decrypted matches the order in which the encrypted data is encrypted from the data to be processed.
The difference between the encryption device 27 in the data processing device in the second embodiment and the encryption device 27 incorporated in the first data processing device 11 in the first embodiment is related to this point. Yes.

As described above, the encryption device 27 in the data processing device according to the second embodiment has a structure as shown in FIG.
The interface unit 271, the preprocessing unit 272, the encryption / decryption unit 273, the solution generation unit 274, and the connection unit 277 included in the encryption device 27 in the data processing apparatus according to the second embodiment are basically the first. The same functions as those in the encryption device 27 of the first data processing device 11 of the embodiment are provided. The interface unit 271 exchanges data between the bus 29 and the communication device 28.
The pre-processing unit 272 cuts the processing target data or encrypted data received from the bus 29 via the interface unit 271 for each predetermined number of bits, and generates plain text cut data or encrypted cut data. Is sent to the encryption / decryption unit 273. The preprocessing unit 272 may include dummy data in the plain text cut data.
The encryption / decryption unit 273 receives the plaintext cut data or the encrypted cut data from the preprocessing unit 272, encrypts the plaintext cut data when it is received, and encrypts the cut data when it is received. Is decrypted. In the encryption / decryption unit 273, the reference bit number, which is a processing unit when performing encryption and decryption processing, is fixed to 8 bits in this embodiment.
The solution generator 274 sequentially generates solutions. In this embodiment, the solution is generated every time the preprocessing unit 272 receives the processing target data. The solution is a pseudo-random number.
The connection unit 277 has a function of connecting plain text cut data generated by decrypting the encrypted cut data by the encryption / decryption unit 273 in the original order to make a set of data to be processed. Yes. The connection unit 277 also has a function of connecting encrypted cut data generated by encrypting the plaintext cut data by the encryption / decryption unit 273 to form a set of encrypted data.

The first algorithm generation unit 275X generates an algorithm based on the solution received from the solution generation unit 274. This algorithm is used when performing encryption. Second algorithm generation unit 275Y generates an algorithm based on the solution received from solution generation unit 274. This algorithm is used when performing decoding. In addition, the 1st algorithm production | generation part 275X and the 2nd algorithm production | generation part 275Y are made to produce | generate the same algorithm, when producing | generating an algorithm using the same solution.
The first key generation unit 276X generates a key based on the solution received from the solution generation unit 274. This key is used when encryption is performed. The second key generation unit 276Y generates a key based on the solution received from the solution generation unit 274. This key is used when performing decryption. The first key generation unit 276X and the second key generation unit 276Y are configured to generate the same key when generating a key using the same solution.
In this embodiment, the first algorithm generation unit 275X and the first key generation unit 276X generate an algorithm and a key each time the preprocessing unit 272 receives processing target data. The second algorithm generation unit 275Y and the second key generation unit 276Y generate an algorithm and a key each time the preprocessing unit 272 receives encrypted data.

The operation of the data processing apparatus in the second embodiment will be described with reference to FIG.
First, processing target data is read (S1501). The processing target data is read from the HDD 23 in this embodiment. The processing target data is sent from the HDD 23 to the encryption device 27 via the bus 29. More specifically, the processing target data is sent to the preprocessing unit 272 via the interface unit 271.

In the preprocessing unit 272, the processing target data is cut into a plain text cut data every predetermined number of bits (S1502). The preprocessing unit 272 includes dummy data in the plain text cut data as necessary.
The method for generating the plaintext cut data from the processing target data is the same as that described in S1102 of the first embodiment.

On the other hand, the solution generation unit 274 generates a solution in response to the reception of information from the interface unit 271 that the interface unit 271 has received the processing target data. The solution may be generated each time the processing target data is disconnected by the preprocessing unit 272. In this case, the generation of the processing target data in the preprocessing unit 272 and the generation of the solution in the solution generation unit 274 are synchronized.
The solution generation method in this embodiment is the same as that performed by the solution generation unit 274 when the first data processing apparatus 11 of the first embodiment performs encryption.
The generated solution is sent to the first algorithm generation unit 275X, the second algorithm generation unit 275Y, the first key generation unit 276X, and the second key generation unit 276Y.
The first algorithm generation unit 275X and the first key generation unit 276X that have received this generate an algorithm and a key, respectively. The algorithm and key generation method in this embodiment are the same as those performed by the algorithm generation unit 275 and the key generation unit 276 when the first data processing device 11 of the first embodiment generates the algorithm and the key. .
The first algorithm generation unit 275X and the first key generation unit 276X send the generated algorithm and key to the encryption / decryption unit 273.
The encryption / decryption unit 273 encrypts the plain text cut data received from the preprocessing unit 272 based on the algorithm received from the first algorithm generation unit 275X and the key received from the first key generation unit 276X. (S1503). This process is performed as the same process as the process of S1103 described in the first embodiment.
The encrypted cut data generated in this way is sent to the connection unit 277, where it is connected together and used as encrypted data (S1504).

The encrypted data generated as described above is recorded in the HDD 23 in the data processing device via the bus 29.
Such encryption processing is performed a plurality of times in this embodiment.

In this data processing apparatus, the encrypted data recorded in the HDD 23 is decrypted.
Hereinafter, the decoding process will be described in detail with reference to FIG.
Decryption is started when the encryption device 27 reads the encrypted data recorded in the HDD 23 (S1601).
When the preprocessing unit 272 in the encryption device 27 receives encrypted data from the HDD 23 via the interface unit 271, the preprocessing unit 272 cuts the received encrypted data every predetermined number of bits, Encrypted cut data is generated (S1602).
When the encrypted data is cut to generate the encrypted cut data, the preprocessing unit 272 performs a process reverse to that performed in the above-described encryption process. That is, the encrypted data is cut every 8 bits from the head and divided into a plurality of encrypted cut data. This process is the same as the process of S1203 in the first embodiment.
Next, the encrypted cut data is sent to the encryption / decryption unit 273, where it is decrypted and converted into plain text cut data (S1603).
Decryption is executed as a process opposite to the above-described encryption process performed by the encryption / decryption unit 273. Therefore, the encryption / decryption unit 273 requires the algorithm and key used for encryption. Here, using the previously generated solution, the second algorithm generation unit 275Y generates an algorithm, and the second key generation unit 276Y generates a key. Since the order in which the encrypted data is decrypted matches the order in which the encrypted data is encrypted from the data to be processed, the second algorithm generation unit 275Y and the second key generation unit 276Y generate The algorithm and key to be generated are generated based on the solution used when the encrypted data to be decrypted is encrypted. This is because the algorithm generated by the second algorithm generation unit 275Y and the key generated by the second key generation unit 276Y are used when the encrypted data to be decrypted is encrypted. It means to match the key.
The second algorithm generation unit 275Y and the second key generation unit 276Y require the algorithm and key to be decrypted by the encryption / decryption unit 273 after the solution generation unit 274 has generated the solution. The algorithm and key may be generated at any timing until.
The algorithm generated by the second algorithm generation unit 275Y and the key generated by the second key generation unit 276Y are sent to the encryption / decryption unit 273. The encryption / decryption unit 273 sequentially decrypts the encrypted cut data using the algorithm and the key to obtain plain text cut data. This process is executed as the same process as that described in S1204 of the first embodiment.
Next, the encryption / decryption unit 273 removes dummy data from the plain text cut data as necessary (S1604). This process is executed as the same process as the process of S1205 in the first embodiment.

The plain text cut data generated in this way is sent to the connection unit 277. The connection unit 277 connects the received plain text cut data together to generate processing target data (S1605).
The generated processing target data is sent from the connection unit 277 to the interface unit 271 and recorded in the HDD 23 via the bus 29.

≪Modification≫
The data processing apparatus in the second embodiment can be modified as follows.
The data processing device in this modification is slightly different from the data processing device in the second embodiment in the configuration of the encryption device 27. The other parts are the same as those of the data processing apparatus in the second embodiment described above.
The encryption device 27 of the data processing device in the modification is configured as shown in FIG. The encryption device 27 includes two solution generation units, ie, a first solution generation unit 274X and a second solution generation unit 274Y, and the data in the second embodiment that includes only one solution generation unit 274. It differs from the encryption device 27 of the processing device.
Both the first solution generation unit 274X and the second solution generation unit 274Y generate solutions in the same manner as the solution generation unit 274 in the second embodiment.
The first solution generation unit 274X generates a solution in response to reception of information from the interface unit 271 that the interface unit 271 has received data to be processed. However, the first solution generation unit 274X may generate a solution each time the data to be processed is disconnected by the preprocessing unit 272. The solution generated by the first solution generator 274X is sent to the first algorithm generator 275X and the first key generator 276X. The first algorithm generation unit 275X and the first key generation unit 276X that have received this generate an algorithm and a key as in the second embodiment, and send them to the encryption / decryption unit 273. The encryption / decryption unit 273 performs an encryption process using the algorithm and key received from the first algorithm generation unit 275X and the first key generation unit 276X.
On the other hand, the second solution generation unit 274Y generates a solution in response to reception of information from the interface unit 271 that the interface unit 271 has received encrypted data. However, the second solution generation unit 274Y may generate a solution every time the encrypted data is disconnected by the preprocessing unit 272. The solution generated by the second solution generation unit 274Y is sent to the second algorithm generation unit 275Y and the second key generation unit 276Y. The second algorithm generation unit 275Y and the second key generation unit 276Y that have received this generate an algorithm and a key as in the case of the second embodiment, and send them to the encryption / decryption unit 273. The encryption / decryption unit 273 performs a decryption process using the algorithm and key received from the second algorithm generation unit 275Y and the second key generation unit 276Y.
The solutions generated by the second solution generation unit 274Y are the same as the solutions generated by the first solution generation unit 274X if the solutions generated in the same order are compared. This is because the solution generator 271 in the encryption device 27 built in the first data processing device 11 and the solution generation in the encryption device 27A built in the second data processing device 12 in the first embodiment. This is the same as the case where the unit 271A generates the same solution when comparing the units generated in the same order. That is, the second solution generation unit 274Y and the first solution generation unit 274X in this modification have the same solution generation algorithm and the same initial matrix.
Except for the solution generation and algorithm generation processing, the data processing device in this modification performs the same processing as the data processing device of the second embodiment.

  Note that the encryption device included in the second embodiment and the modifications thereof can be replaced with the encryption device 27B in the first embodiment.

11 First Data Processing Device 12 Second Data Processing Device 13 Network 27 Encryption Device 28 Communication Device 271 Interface Unit 272 Preprocessing Unit 273 Encryption / Decryption Unit 274 Solution Generation Unit 275 Algorithm Generation Unit 276 Key Generation Unit 277 Connection Part 278B specific information generation part

Claims (27)

Encryption means for encrypting processing target data that is plaintext using a predetermined algorithm and a predetermined key to obtain encrypted data, recording means for recording the encrypted data, and encrypted data read from the recording means A data processing apparatus comprising: a decryption unit that decrypts the encrypted data into the processing target data by using the algorithm and the key used when encrypting the encrypted data;
Solution generating means for sequentially generating new solutions at a predetermined timing by substituting past solutions into a predetermined solution generating algorithm capable of generating a new solution by substituting at least one of the past solutions When,
Algorithm generating means for sequentially generating new algorithms at a predetermined timing using the generated solutions;
Specific information recording means for recording specific information for specifying the algorithm used when encrypting the processing target data in association with the encrypted data in a predetermined recording means;
With
In addition, the solution generation means holds at least one of the past solutions and deletes the past solution when it is no longer necessary to newly substitute.
Data processing device. Encryption means for encrypting processing target data that is plaintext using a predetermined algorithm and a predetermined key to obtain encrypted data, recording means for recording the encrypted data, and encrypted data read from the recording means A data processing apparatus comprising: a decryption unit that decrypts the encrypted data into the processing target data by using the algorithm and the key used when encrypting the encrypted data;
Solution generating means for sequentially generating new solutions at a predetermined timing by substituting past solutions into a predetermined solution generating algorithm capable of generating a new solution by substituting at least one of the past solutions When,
Key generation means for sequentially generating new keys at a predetermined timing using the generated solutions;
Specific information recording means for recording specific information for specifying the key used when the processing target data is encrypted in association with the encrypted data in a predetermined recording means;
With
In addition, the solution generation means holds at least one of the past solutions and deletes the past solution when it is no longer necessary to newly substitute.
Data processing device. The processing target data can be cut into a plurality of plaintext cut data by cutting every predetermined number of bits, and the encrypted data is the same number of bits that was cut when the encrypted data was encrypted It has a cutting means that can be cut into a plurality of encrypted cut data every time,
The encryption unit encrypts the processing target data for each plaintext cut data cut by the cutting unit to obtain encrypted cut data, and the decryption unit stores the encryption data. The data is decrypted for each encrypted cut data into plain text cut data, and
A plurality of the encrypted cut data encrypted by the encryption means are connected to form a series of encrypted data, and a plurality of the plaintext cut data decrypted by the decryption means are connected to form a series of encrypted data. Comprising a connection means for processing data;
The data processing apparatus according to claim 1 or 2. The algorithm generating means generates the algorithm every time the processing target data is encrypted.
The data processing apparatus according to claim 1 or 3. The algorithm generation means generates the algorithm every time the plaintext cut data is encrypted.
The data processing apparatus according to claim 3. The solution generation means is adapted to obtain the solution by substituting a plurality of past solutions into the solution generation algorithm.
The data processing apparatus according to claim 1 or 2. The solution generation means holds an initial solution that is first substituted into the solution generation algorithm when the solution is first generated.
The data processing apparatus according to claim 1 or 2. The key generation unit is configured to generate the key every time the processing target data is encrypted.
The data processing apparatus according to claim 2 or 3. The key generation means generates the key each time the plaintext cut data is encrypted.
The data processing apparatus according to claim 8. The specific information is the algorithm.
The data processing apparatus according to claim 1. The specific information is the solution used by the algorithm generation means when generating the algorithm.
The data processing apparatus according to claim 1. The specific information is information indicating what number the generated solution is used by the algorithm generation means when generating the algorithm.
The data processing apparatus according to claim 1. The specific information is the key.
The data processing apparatus according to claim 2. The specific information is the solution used by the key generation means when generating the key.
The data processing apparatus according to claim 2. The specific information is information indicating what number the solution generated by the key generation means used to generate the key is the solution.
The data processing apparatus according to claim 2. Encryption means for encrypting processing target data that is plaintext using a predetermined algorithm and a predetermined key to obtain encrypted data, recording means for recording the encrypted data, and encrypted data read from the recording means And decryption means that decrypts the encrypted data using the algorithm and key used to encrypt the encrypted data into processing target data, and encrypts the plurality of processing target data into encrypted data. And a data processing device configured to decrypt a plurality of the encrypted data in the same order as they are encrypted,
By substituting the past solution into a predetermined solution generation algorithm that can generate a new solution by substituting at least one of the past solutions, a new one is sequentially generated each time the data to be processed is encrypted. Solution generating means for generating a solution;
First algorithm generating means for sequentially generating a new algorithm each time the processing target data is encrypted using the generated solution;
Second algorithm generation means for generating the same new algorithm that is sequentially generated by the first algorithm generation means each time the encrypted data is decrypted using the generated solution;
With
In addition, the solution generation means holds at least one of the past solutions and deletes the past solution when it is no longer necessary to newly substitute.
Data processing device. Encryption means for encrypting processing target data that is plaintext using a predetermined algorithm and a predetermined key to obtain encrypted data, recording means for recording the encrypted data, and encrypted data read from the recording means And decryption means that decrypts the encrypted data using the algorithm and key used to encrypt the encrypted data into processing target data, and encrypts the plurality of processing target data into encrypted data. And a data processing device configured to decrypt a plurality of the encrypted data in the same order as they are encrypted,
By substituting the past solution into a predetermined solution generation algorithm that can generate a new solution by substituting at least one of the past solutions, a new one is sequentially generated each time the data to be processed is encrypted. First solution generating means for generating a solution;
First algorithm generation means for sequentially generating a new algorithm each time the data to be processed is encrypted using the solution generated by the first solution generation means;
By substituting the past solution into a predetermined algorithm for generating a solution that can generate a new solution by substituting at least one of the past solutions, the encrypted data is sequentially decoded each time the encrypted data is decrypted. Second solution generating means for generating the same new solution as generated by the one solution generating means;
Second algorithm generation means for generating the same new algorithm that is sequentially generated by the first algorithm generation means each time the encrypted data is decrypted using the solution generated by the second solution generation means When,
With
In addition, the first solution generation unit and the second solution generation unit hold at least one of the past solutions, and erase the past solution when it is no longer necessary to newly substitute. Has become,
Data processing device. Encryption means for encrypting processing target data that is plaintext using a predetermined algorithm and a predetermined key to obtain encrypted data, recording means for recording the encrypted data, and encrypted data read from the recording means And decryption means that decrypts the encrypted data using the algorithm and key used to encrypt the encrypted data into processing target data, and encrypts the plurality of processing target data into encrypted data. And a data processing device configured to decrypt a plurality of the encrypted data in the same order as they are encrypted,
By substituting the past solution into a predetermined solution generation algorithm that can generate a new solution by substituting at least one of the past solutions, a new one is sequentially generated each time the data to be processed is encrypted. Solution generating means for generating a solution;
First key generation means for sequentially generating a new key each time the processing target data is encrypted using the generated solution;
Second key generation means for generating the same new key as that generated by the first key generation means each time the encrypted data is decrypted using the generated solution;
With
In addition, the solution generation means holds at least one of the past solutions and deletes the past solution when it is no longer necessary to newly substitute.
Data processing device. Encryption means for encrypting processing target data that is plaintext using a predetermined algorithm and a predetermined key to obtain encrypted data, recording means for recording the encrypted data, and encrypted data read from the recording means And decryption means that decrypts the encrypted data using the algorithm and key used to encrypt the encrypted data into processing target data, and encrypts the plurality of processing target data into encrypted data. And a data processing device configured to decrypt a plurality of the encrypted data in the same order as they are encrypted,
By substituting the past solution into a predetermined solution generation algorithm that can generate a new solution by substituting at least one of the past solutions, a new one is sequentially generated each time the data to be processed is encrypted. First solution generating means for generating a solution;
First key generation means for sequentially generating a new key each time the data to be processed is encrypted using the solution generated by the first solution generation means;
By substituting the past solution into a predetermined algorithm for generating a solution that can generate a new solution by substituting at least one of the past solutions, the encrypted data is sequentially decoded each time the encrypted data is decrypted. Second solution generating means for generating the same new solution as generated by the one solution generating means;
Second key generation means for generating the same new key as that generated by the first key generation means each time the encrypted data is decrypted using the solution generated by the second solution generation means When,
With
In addition, the first solution generation unit and the second solution generation unit hold at least one of the past solutions, and erase the past solution when it is no longer necessary to newly substitute. Has become,
Data processing device. The processing target data can be cut into a plurality of plaintext cut data by cutting every predetermined number of bits, and the encrypted data is the same number of bits that was cut when the encrypted data was encrypted It has a cutting means that can be cut into a plurality of encrypted cut data every time,
The encryption unit encrypts the processing target data for each plaintext cut data cut by the cutting unit to obtain encrypted cut data, and the decryption unit stores the encryption data. The data is decrypted for each encrypted cut data into plain text cut data, and
A plurality of the encrypted cut data encrypted by the encryption means are connected to form a series of encrypted data, and a plurality of the plaintext cut data decrypted by the decryption means are connected to form a series of encrypted data. Comprising a connection means for processing data;
The data processing device according to any one of claims 16 to 19. A plurality of first data processing devices;
The same number of second data processing devices as the first data processing devices paired with each of the plurality of first data processing devices, and third data processing devices are included.
Communication between the first data processing device and the second data processing device is performed using encrypted data obtained by encrypting processing target data that is plain text, and between the second data processing device and the third data processing device. Communication between the processing target data is performed between
A data processing system,
Both the first data processing device and the second data processing device are
The processing target data is cut into a plurality of plaintext cut data by cutting at a predetermined number of bits, and the encrypted data is cut at the same number of bits that was cut when the encrypted data was encrypted. Cutting means to make a plurality of encrypted cutting data,
Solution generating means for sequentially generating solutions different from those of the other first data processing device and the second data processing device, which are common to the first data processing device and the second data processing device which are paired ,
The plain text cut data is encrypted by the algorithm common to the first data processing device and the second data processing device generated based on the solution received from the solution generating means to obtain encrypted cut data. Encryption / decryption means for decrypting the encrypted cut data by the algorithm used when encrypting the encrypted cut data into plaintext cut data;
Connection means for connecting the decrypted plaintext cut data to the processing target data;
Transmitting / receiving means for transmitting / receiving the encrypted data;
With
The third data processing device is the data processing device according to any one of claims 1 to 20, wherein the second data processing device decrypts the encrypted data encrypted by the first data processing device. The generated processing target data is encrypted, and the encrypted data is recorded in the recording unit, and the encrypted data read from the recording unit is decrypted and sent to the second data processing device.
Data processing system. A process of encrypting processing target data that is plaintext using a predetermined algorithm and a predetermined key to obtain encrypted data;
A process of recording the encrypted data in a predetermined recording means;
A method executed by a data processing apparatus that executes a process of decrypting encrypted data read from the recording means using the algorithm and key used to encrypt the encrypted data to obtain data to be processed. There,
The data processing device is
A process of sequentially generating new solutions at a predetermined timing by substituting the past solutions into a predetermined algorithm for generating a solution that can generate a new solution by substituting at least one of the past solutions;
A process of generating new algorithms sequentially at a predetermined timing using the generated solutions;
A process of recording specific information for specifying the algorithm used when encrypting the processing target data in association with the encrypted data in a predetermined recording unit;
And run
The data processing apparatus holds at least one past solution and deletes the past solution when it is no longer necessary to newly substitute.
Data processing method. A process of encrypting processing target data that is plaintext using a predetermined algorithm and a predetermined key to obtain encrypted data;
A process of recording the encrypted data in a predetermined recording means;
A method executed by a data processing apparatus that executes a process of decrypting encrypted data read from the recording means using the algorithm and key used to encrypt the encrypted data to obtain data to be processed. There,
The data processing device is
A process of sequentially generating new solutions at a predetermined timing by substituting the past solutions into a predetermined algorithm for generating a solution that can generate a new solution by substituting at least one of the past solutions;
A process of sequentially generating new keys at a predetermined timing using the generated solutions;
A process of recording specific information for specifying the key used when encrypting the processing target data in association with the encrypted data in a predetermined recording unit;
And run
The data processing apparatus holds at least one past solution and deletes the past solution when it is no longer necessary to newly substitute.
Data processing method. A process of encrypting processing target data that is plaintext using a predetermined algorithm and a predetermined key to obtain encrypted data;
A process of recording the encrypted data in a predetermined recording means;
The encrypted data read from the recording means is decrypted using the algorithm and key used to encrypt the encrypted data to be processed data, and is executed by a data processing device that executes the process A method,
The data processing device is
By substituting the past solution into a predetermined solution generation algorithm that can generate a new solution by substituting at least one of the past solutions, a new one is sequentially generated each time the data to be processed is encrypted. The process of generating the solution;
A first algorithm generation step of sequentially generating a new algorithm each time the processing target data is encrypted using the generated solution;
A second algorithm generation step of generating the same new algorithm as that generated in the first algorithm generation step each time the encrypted data is decrypted using the generated solution;
And run
The data processing device holds at least one of past solutions, erases the past solution when it is no longer necessary to newly substitute, and encrypts and encrypts a plurality of processing target data And a plurality of the encrypted data are decrypted in the same order as they are encrypted,
Data processing method. A process of encrypting processing target data that is plaintext using a predetermined algorithm and a predetermined key to obtain encrypted data;
A process of recording the encrypted data in a predetermined recording means;
The encrypted data read from the recording means is decrypted using the algorithm and key used to encrypt the encrypted data to be processed data, and is executed by a data processing device that executes the process A method,
The data processing device is
By substituting the past solution into a predetermined solution generation algorithm that can generate a new solution by substituting at least one of the past solutions, a new one is sequentially generated each time the data to be processed is encrypted. A first solution generation process for generating a solution;
A first algorithm generation step of sequentially generating a new algorithm each time the data to be processed is encrypted using the solution generated in the first solution generation step;
By substituting the past solution into a predetermined algorithm for generating a solution that can generate a new solution by substituting at least one of the past solutions, the encrypted data is sequentially decoded each time the encrypted data is decrypted. A second solution generation process for generating the same new solution as generated in the one solution generation process;
A second algorithm generation process for generating the same new algorithm as that generated in the first algorithm generation process each time the encrypted data is decrypted using the solution generated in the second solution generation process When,
And run
The data processing device holds at least one of past solutions, erases the past solution when it is no longer necessary to newly substitute, and encrypts and encrypts a plurality of processing target data And a plurality of the encrypted data are decrypted in the same order as they are encrypted,
Data processing method. A process of encrypting processing target data that is plaintext using a predetermined algorithm and a predetermined key to obtain encrypted data;
A process of recording the encrypted data in a predetermined recording means;
The encrypted data read from the recording means is decrypted using the algorithm and key used to encrypt the encrypted data to be processed data, and is executed by a data processing device that executes the process A method,
The data processing device is
By substituting the past solution into a predetermined solution generation algorithm that can generate a new solution by substituting at least one of the past solutions, a new one is sequentially generated each time the data to be processed is encrypted. The process of generating the solution;
A first key generation step of sequentially generating a new key each time the processing target data is encrypted using the generated solution;
A second key generation process for generating the same new key as that generated in the first key generation process each time the encrypted data is decrypted using the generated solution;
And run
The data processing device holds at least one of past solutions, erases the past solution when it is no longer necessary to newly substitute, and encrypts and encrypts a plurality of processing target data And a plurality of the encrypted data are decrypted in the same order as they are encrypted,
Data processing method. A process of encrypting processing target data that is plaintext using a predetermined algorithm and a predetermined key to obtain encrypted data;
A process of recording the encrypted data in a predetermined recording means;
The encrypted data read from the recording means is decrypted using the algorithm and key used to encrypt the encrypted data to be processed data, and is executed by a data processing device that executes the process A method,
The data processing device is
By substituting the past solution into a predetermined solution generation algorithm that can generate a new solution by substituting at least one of the past solutions, a new one is sequentially generated each time the data to be processed is encrypted. A first solution generation process for generating a solution;
A first key generation step of sequentially generating a new key each time the data to be processed is encrypted using the solution generated in the first solution generation step;
By substituting the past solution into a predetermined algorithm for generating a solution that can generate a new solution by substituting at least one of the past solutions, the encrypted data is sequentially decoded each time the encrypted data is decrypted. A second solution generation process for generating the same new solution as generated in the one solution generation process;
A second key generation process for generating the same new key as that generated in the first key generation process every time the encrypted data is decrypted using the solution generated in the second solution generation process. When,
And run
The data processing device holds at least one of past solutions, erases the past solution when it is no longer necessary to newly substitute, and encrypts and encrypts a plurality of processing target data And a plurality of the encrypted data are decrypted in the same order as they are encrypted,
Data processing method.

Images