JP2013247442A - Data transmission device, notification method, and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide means for securing necessary data security at the time of data transmission without causing the user to feel it troublesome.SOLUTION: In a data transmission device 11, when data is transmitted to an external device, an encryption method used for the data transmission is determined by an encryption method determination unit 1171 and the danger degree of the encryption method is determined by a danger degree determination unit 1172. Furthermore, in the data transmission device 11, the secrecy degree of data to be transmitted is determined by a secrecy degree determination unit 1173 and the danger degree of the encryption method and the secrecy degree of data are compared by a comparison unit 1174 to determine whether the danger degree of the encryption method used for transmission is sufficient low in light of the secrecy degree of data to be transmitted. Before transmitting data, the data transmission device 11 displays the result of determination by the comparison unit 1174 on a display section 1121 to notify the user. Thus, this enables the user to confirm whether sufficient security is secured in data transmission.

Description

  The present invention relates to a technique for preventing leakage of highly confidential data during data transmission.

  In data transmission via a network, a technique for encrypting data to be transmitted in order to prevent leakage of highly confidential data has become widespread. Furthermore, when transmitting highly confidential data, a technique that gives the sender a sense of security by notifying the sender that the data is encrypted and transmitted is also widespread.

  For example, Patent Document 1 determines whether a data security level in a communication path is high or low when transmitting data, and when the data security level is low, data with high confidentiality such as a credit card number or a password is about to be transmitted. There have been proposed techniques for displaying warnings at the time and limiting their transmission.

JP 2007-116509 A

  Encryption without reducing the amount of information is used to prevent data leakage. In that case, if the encryption strength is insufficient, the encrypted data is wiretapped and decrypted by an unintended third party, resulting in data leakage. Also, encryption accompanied by a decrease in the amount of information (generation of a message digest using a hash function) is used to prevent data tampering. In this case, if the encryption strength is insufficient, so-called impersonation is permitted, data is transmitted to an unintended third party, and data leakage occurs.

  The strength of encryption varies depending on the encryption method used, that is, the algorithm used for encryption, the size of the key used for encryption, the protocol used for key exchange, and the like. Furthermore, the strength of encryption generally decreases gradually as the computing capability of a computer increases. In addition, the strength of encryption may suddenly decrease due to the discovery of a decryption method. Such a decrease in encryption strength over time is called “compromised”. Hereinafter, in the present application, the strength of an encryption method that takes into account the degree of compromise is referred to as “danger degree”. Note that “encryption scheme is high” means that the encryption scheme is low, and “encryption scheme is low” means that the encryption scheme is high. To do.

  As described above, while the degree of compromise of encryption schemes varies, the degree of confidentiality of transmitted data (hereinafter referred to as “confidentiality” in the present application) also varies. Among information called personal information, there are a variety of information from extremely high confidentiality such as a personal identification number of a deposit account to relatively low confidentiality such as position information indicating the current location. Therefore, when transmitting personal information, encryption with a low risk level is not always required.

  Therefore, it is desirable that matching between the confidentiality of transmitted data and the encryption scheme is correctly performed. In other words, when data with high confidentiality is transmitted, it needs to be encrypted with an encryption method with low risk, but when data with low confidentiality is transmitted with encryption with a high risk of encryption, There is no problem. However, according to the conventional technology, even when transmitting personal information that is not very confidential, once it is determined to be personal information, data transmission via a less secure communication path is restricted or unnecessary. There was an inconvenience that a warning was displayed. Those unnecessary restrictions and warnings are inconvenient for the user, and use of those security functions is reduced, and as a result, ensuring of data security is hindered.

  In view of the above circumstances, an object of the present invention is to provide a means for ensuring necessary data security without causing a user to feel unnecessary trouble when transmitting data.

  In order to solve the above-described problem, the present invention stores a risk data indicating a criterion for specifying the risk of encryption and a secret data indicating a criterion for specifying the confidentiality of the data. Means, transmission means for transmitting data to an external device, encryption means for encrypting data transmitted by the transmission means, and encryption used when data is transmitted to one external device by the transmission means An encryption method specifying means for specifying the encryption method; a risk specifying means for specifying the risk of the encryption method specified by the encryption method specifying means based on the risk data stored in the storage means; A secrecy level specifying unit for specifying a secrecy level of data transmitted from the transmission unit to the one external device based on secrecy level data stored in the storage unit; A data transmitting apparatus comprising: comparing means for comparing the confidentiality specified by the means with the degree of danger specified by the danger specifying means; and notifying means for notifying a user according to the comparison result by the comparing means Propose.

  According to such a data transmission device, for example, when there is a mismatch between the confidentiality of the transmitted data and the compromise of the encryption method used at the time of transmission, the user is notified of this. Data security can be ensured without causing unnecessary inconvenience.

  Further, the above-described data transmitting device includes receiving means for receiving the risk data indicating a criterion for specifying the risk of the encryption method from an external device, and the storage means is received by the receiving means. A configuration may be employed in which the danger level data stored according to the danger level data is updated.

  According to such a data transmitting apparatus, since the degree of danger that changes with the passage of time is reflected in the notification by means of the degree of danger data received from the external apparatus, more complete data security can be ensured.

  Further, in the data transmission device described above, the confidentiality specifying unit may determine the confidentiality of the partial data with respect to each of the plurality of partial data included in the data transmitted to the one external device by the transmission unit. The configuration may be adopted in which the notification means performs the notification regarding at least one partial data of the plurality of partial data.

  According to such a data transmission device, for example, it is notified which part of the data has a high degree of secrecy in light of the degree of compromise of the encryption method, so that the user can easily determine whether data transmission is possible.

  In the data transmission device described above, the data transmission device further includes an input unit that receives input of data from the user by generating predetermined data in accordance with the operation of the user, and the notification unit relates to the at least one partial data In the notification, the user is prompted to determine whether the confidentiality level specified by the confidentiality level specifying unit is correct, and the storage unit is input to the input unit by the user in response to the determination by the notification unit. A configuration may be adopted in which the confidentiality data is updated based on the data.

  According to such a data transmission device, for example, when the user performs an input to that effect regarding data for which the confidentiality level is specified incorrectly, the accuracy of specifying the confidentiality level is increased.

  In the data transmission apparatus described above, the data transmission device further includes an input unit that receives input of data from the user by generating predetermined data according to the user's operation, and the confidentiality specifying unit is A configuration may be adopted in which a degree of secrecy is specified for a portion of data input to the input unit by the user among data transmitted to one external device.

  According to such a data transmission apparatus, for example, when data with high confidentiality is input and transmitted in an input form included in a Web page, data with low confidentiality such as a telephone number of a shop included in the input form is transmitted. Is inadvertently specified as highly confidential data.

  Further, the present invention provides a data transmission device having a transmission means for transmitting data to an external device, for specifying the risk data indicating the criteria for specifying the encryption method and the confidentiality of the data. A storage step for storing confidentiality data indicating a reference, and an encryption method specification for specifying an encryption method used when the data transmission device transmits the data prior to transmission of data to one external device Prior to transmission of data to the one external device, the data transmission device includes the risk of the encryption method specified in the encryption method specification step in the risk data stored in the storage step. A step of identifying the degree of risk based on the data transmission level, and the data transmission device sets the confidentiality level of the data prior to transmission of the data to the one external device. A secrecy level specifying step based on the secrecy level data stored in the storing step, and the secrecy level specified in the secrecy level specifying step before the data transmission device transmits data to the one external device; The comparison step for comparing the degree of risk identified in the risk degree identifying step, and the data transmission according to the comparison result in the comparison step before the data transmission device transmits the data to the one external device. A notification method is provided that includes a notification step for performing notification to a user of the apparatus.

  Even with such a notification method, for example, if there is a mismatch between the confidentiality of the transmitted data and the compromise of the encryption method used at the time of transmission, this is notified to the user, which is unnecessary for the user. Data security can be ensured without inconvenience.

  In addition, the present invention also provides a process for storing risk data indicating a criterion for specifying the risk of encryption in a computer equipped with a transmission means for transmitting data to an external device, and specifies the confidentiality of the data. A process of storing confidentiality data indicating a reference for performing the process, a process of specifying an encryption method used at the time of transmission of the data prior to transmission of data to the one external device by the transmission means, Prior to the transmission of data to an external device, a process for identifying the degree of risk of the specified encryption method based on the stored risk data, and prior to the transmission of data to the one external device, Prior to transmission of data to the one external device, a process for identifying data confidentiality based on the stored confidentiality data, and the specified confidentiality and the specified A process of comparing the compromise degree of, prior to transmission of data to the one of an external device, proposes a program for executing a process of notifying to the user of the computer in response to the result of the comparison.

  According to such a program, the above-described data transmission apparatus is realized using a general computer.

  According to the present invention, when there is a mismatch between the confidentiality of the data to be transmitted and the compromise of the encryption method used at the time of transmission, this is notified to the user, which is unnecessary for the user. Data security can be ensured without giving

It is the figure which showed the structure of the data communication system concerning one Embodiment of this invention. It is the figure which showed the outline | summary of the hardware constitutions of the data transmitter concerning one Embodiment of this invention. It is the figure which showed the function structure of the data transmitter concerning one Embodiment of this invention. It is the figure which showed typically the data structural example of the risk degree data concerning one Embodiment of this invention. It is the figure which showed typically the data structural example of the secrecy data concerning one Embodiment of this invention. It is the figure which showed the corresponding | compatible table of the classification of the data utilized in one Embodiment of this invention, and a secrecy degree. It is the figure which showed typically the example of the determination result screen displayed in the data transmitter concerning one Embodiment of this invention. It is the figure which showed the flow of the process which the data transmitter concerning one Embodiment of this invention performs.

[Embodiment]
Embodiments of the present invention will be described below with reference to the drawings. FIG. 1 is a diagram showing a configuration of a data communication system 1 according to the present embodiment. The data communication system 1 includes a data transmission device 11 that transmits data input by a user to an external device, and a server device 12 that receives data transmitted from the data transmission device 11. The data communication system 1 and the data transmission device 11 transmit / receive various data to / from each other via the network 9.

  In FIG. 1, only one data transmission device 11 and one server device 12 are shown for simplification of the drawing, but the number of data transmission devices 11 depends on the number of users using the data communication system 1. It changes arbitrarily, and the number of the server apparatuses 12 also changes arbitrarily according to the number and the scale of the providers which provide the service in the data communication system 1.

  The server device 12 may be any device that receives data from the data transmission device 11. However, in the following description, as an example, it is assumed that the server device 12 is a Web server device that distributes Web pages. Since the configuration and operation of the server device 12 are the same as those of a general Web server device, description thereof is omitted.

  The data transmission device 11 may be any device as long as it can transmit data input from the user to the server device 12. Accordingly, for example, mobile phones, smartphones, notebook PCs (Personal Computers), touch pad PCs, desktop PCs, PDAs (Personal Digital Assistants), game terminals with communication functions, televisions with communication functions, and the like Any of these may be used. However, in the following description, as an example, it is assumed that the data transmission device 11 is a smartphone that includes a touch display as a user interface and can install and execute various application programs. The data transmission device 11 can execute a Web browser, interprets Web page data distributed from the server device 12, and displays the Web page or data input to the Web page by the user with respect to the server device 12. Processing such as transmission can be performed.

  FIG. 2 is a diagram showing an outline of the hardware configuration of the data transmission device 11. The data transmission device 11 has various types according to a basic input / output system (BIOS) stored in a read only memory (ROM) 102, an operating system (OS) stored in a solid state drive (SSD) 104, application programs, and the like. A CPU (Central Processing Unit) 101 that performs calculations and controls other components, a ROM 102 that stores BIOS, a RAM (Random Access Memory) 103 that is mainly used as a working area in which the CPU 101 temporarily stores data, an OS And application programs, SSD 104 for storing various data handled by these programs, communication module 105 for data communication with server device 12 and other devices via network 9, display 106 for displaying images, display 106 Display of And a touch sensor 107 detects a touch operation of a user and generates data indicating its position with respect to.

  The data transmission device 11 operates as a device having the functional configuration shown in FIG. 3 by performing processing according to the application program according to the present invention stored in the SSD 104. The data transmission device 11 includes a communication unit 111 that performs various data communications with the server device 12 as a functional component. The communication unit 111 includes a reception unit 1111 that receives data transmitted from the server device 12 and a transmission unit 1112 that transmits data to the server device 12.

  Further, the data transmission device 11 includes a user I / F (interface) 112 for the user to operate the data transmission device 11. The user I / F 112 includes a display unit 1121 that displays an image to the user, and an input unit 1122 that is operated by the user and receives data input by the user by generating data corresponding to the operation.

  Further, the data transmission device 11 generates data to be transmitted to the server device 12 according to the data input by the user to the input unit 1122, and the data generated by the data generation unit 113 is predetermined. An encryption unit 114 that performs encryption by the encryption method is provided. The data encrypted by the encryption unit 114 is transmitted from the transmission unit 1112 to the server device 12.

  The data transmission device 11 includes a storage unit 115 that stores various data. The storage unit 115 is transmitted to the server device 12 and the risk level data 1151 which is data indicating a criterion for specifying the level of the encryption method used for encryption performed by the encryption unit 114 at the time of data transmission. Concealment level data 1152, which is data indicating a standard for specifying the secrecy level of data scheduled to be stored, is stored.

  FIG. 4 is a diagram schematically showing a data configuration example of the danger degree data 1151. The risk data 1151 is a collection of data records for each of various encryption methods, and each data record has “encryption method”, “type”, and “danger level” as data fields. The data field “encryption method” stores data indicating the encryption method used for data encryption. The data field “type” stores data indicating whether the encryption method is a common key encryption method, a public key encryption method, or a hash function. In the data field “danger degree”, any natural number of 1 to 3 indicating the danger degree of the encryption method is stored. The smaller the numerical value, the higher the risk level (ie, the strength is weak), and the higher the value, the lower the risk level (ie, the strength).

FIG. 5 is a diagram schematically illustrating a data configuration example of the confidentiality data 1152. The confidentiality data 1152 includes a confidential data format table and a confidential data table. The secret data format table stores a large amount of data for extracting a portion of data that is considered to be confidential from the data to be transmitted to the server device 12 (hereinafter referred to as “partial data” in the present application). The table includes “content”, “type”, and “confidentiality” as data fields. In the data field “content”, data indicating the format of data suspected of confidentiality is stored. For example, the following data is an example of data stored in the data field “content”, and indicates the format of GPS (Global Positioning System) positioning data.
"$ GPGGA, hhmmss, ddmm.mmm, N, dddmm.mmm, E, n, m, hh, + zzzz, M, + zzz, M, ss, bbbb * cc"

  The above format is in accordance with the NMEA0183 standard. For example, “hhmmss” indicates positioning time, “ddmm.mmm, N” indicates north latitude, and “dddmm.mmm, E” indicates east longitude.

  The data field “type” of the secret data format table stores data indicating the type of data according to the format indicated in the data field “content”. For example, when the above-described positioning data format is stored in the data field “content”, for example, “position” is stored in the data field “type”.

  In the data field “confidentiality” of the confidential data format table, any natural number of 1 to 4 indicating the confidentiality of data according to the data format is stored. The smaller the numerical value, the lower the confidentiality level (that is, the smaller the damage even if it is leaked), and the higher the numerical value, the higher the confidentiality level (that is, the greater the damage if temporarily leaked).

  In the secret data format table, data stored in the data field “confidentiality” is uniquely determined with respect to data stored in the data field “type”. FIG. 6 is a diagram showing the correspondence table. In the table of FIG. 6, data having a confidentiality level of 1 (position, presence, etc.) is data indicating a dynamic attribute with a short update interval, and is data that does not cause much damage even if leaked. Data with a confidentiality level of 2 (name, address, etc.) are data indicating static attributes with a long update period and are not desirable to be leaked, but are data that can be understood by other people's research. This data does not seem to cause damage. Data with a confidentiality level of 3 (credit card information, authentication information, etc.) is data that can cause great damage if leaked. Data with a confidentiality level of 4 (secret key, identification information of portable terminal device, etc.) is data that is generally not transmitted to the outside.

  Returning to FIG. 5, the secret data table will be described. The secret data table is a table that stores partial data that is extracted according to the secret data format table and is considered to be confidential, together with data indicating the confidentiality of the partial data. The secret data table also stores data extracted in the past according to the secret data format table.

  Similarly to the secret data format table, the secret data table also has “content”, “type”, and “secret level” as data fields. In the data field “content” of the secret data table, specific data is stored instead of data indicating the data format. The meaning of the data stored in the data fields “type” and “secret level” of the secret data table is the same as that of the secret data format table. However, since the data of the confidential data table reflects the correction of the confidentiality according to the user's judgment, the type and confidentiality in the confidential data table do not necessarily follow the correspondence table shown in FIG.

  Returning to FIG. 3, the description of the functional configuration of the data transmission device 11 is continued. The data transmission device 11 includes an update unit 116 that updates the degree of danger data 1151 and the confidentiality data 1152 stored in the storage unit 115. The update unit 116 updates the risk data 1151 stored in the storage unit 115 according to the risk data indicating the latest risk related to the encryption method received by the reception unit 1111 from the external server device (not shown). Update the confidential data table stored in the storage unit 115 according to the instruction to change the confidentiality input by the user when the confidentiality displayed to the user by the display data updating unit 1161 and the display unit 1121 is incorrect A confidentiality data update unit 1162 is provided.

  In addition, the data transmission device 11 includes a determination unit 117 that determines whether the security of data that is input by the user and is about to be transmitted to the server device 12 is sufficiently secured. The determination unit 117 reads out the encryption method specifying unit 1171 that specifies the encryption method used in the transmission of data to the server device 12, reads the risk data 1151 from the storage unit 115, and uses the encryption method based on the risk data 1151. A risk degree specifying unit 1172 is provided that specifies the degree of risk of the encryption method specified by the specifying unit 1171.

  A method for specifying the degree of danger by the danger degree specifying unit 1172 will be described using a specific example. Now, it is assumed that the data transmission device 11 is connected to the Internet via a wireless LAN (Local Area Network) and performs data communication with the server device 12. It is assumed that AES of the common key encryption method is used in the wireless LAN section. Further, it is assumed that the server device 12 adopts RSA (key length 1024 bits) of a public key encryption method in data communication with the data transmission device 11. Further, it is assumed that the hash function used by the server device 12 for generating a digital certificate indicating the validity of the site is MD5.

  The encryption method specifying unit 1171 specifies that AES is used in the wireless LAN from the OS of the data transmission device 11. The encryption method specifying unit 1171 uses RSA (key length 1024 bits) and MD5 in data communication with the server device 12 based on data indicating the encryption method received from the server device 12 via the receiving unit 1111. Is identified. The encryption method specifying unit 1171 transmits the information to the risk specifying unit 1172.

Of the information received from the encryption method specifying unit 1171, the risk specifying unit 1172 does not consider the section of the wireless LAN in specifying the degree of risk. In this case, the section of the wireless LAN does not cover the entire communication path between the data transmission apparatus 11 and the server apparatus 12, and the compromise of the encryption method in the wireless LAN affects the data security in data transmission to the server apparatus 12. It is because it does not. That is, the risk level identification unit 1172 sets the RSA (key length 1024 bits) and MD5 risk levels used in data communication with the server device 12 based on the risk level data 1151 read from the storage unit 115 as follows. Identify.
RSA (key length 1024 bits): degree of danger “2”
MD5: Danger degree “1”

  The risk level identifying unit 1172 sets a smaller “1” (that is, a numerical value indicating that the risk is more advanced and the strength is weaker) out of the identified risk levels in the overall data transmission to the server device 12. Identified as a serious risk. The above is the description of the method of identifying the degree of danger by the degree of danger identifying unit 1172.

  Returning to FIG. 3, the description of the functional configuration of the data transmission device 11 is continued. The determination unit 117 includes a confidentiality specifying unit 1173 that extracts partial data that is considered to be confidential from the data that is to be transmitted to the server device 12 and specifies the confidentiality of the partial data. Yes. The method of specifying the level of secrecy by the level of secrecy specifying unit 1173 is as follows.

  The confidentiality specifying unit 1173 first acquires data to be transmitted to the server device 12 from the data generation unit 113. Subsequently, the confidentiality specifying unit 1173 reads the confidential data format table from the storage unit 115, and extracts partial data that seems to be confidential from the data acquired from the data generation unit 113. The confidentiality specifying unit 1173 temporarily stores the extracted partial data in the RAM 103 as a list associated with data indicating the type and confidentiality according to the format used for extracting the partial data. Hereinafter, the list of partial data temporarily stored in the RAM 103 is referred to as a “temporary save list”.

  The secrecy level identification unit 1173 reads the secrecy data table from the storage unit 115 and searches for a data record including the partial data in the data field “content” for each partial data included in the temporary storage list. When the confidentiality specifying unit 1173 fails in the search (that is, when the extracted partial data is newly extracted), a new data record is added to the confidential data table, and the partial data, its type and confidentiality are added. Store the degree. On the other hand, when the confidentiality specifying unit 1173 succeeds in the search (that is, when the extracted partial data is already registered in the confidential data table), the confidentiality specifying unit 1173 stores the data in the data field “confidentiality” of the data record obtained by the search. The confidentiality of the temporary save list is overwritten with the stored data. This completes the identification of the degree of secrecy for each piece of partial data that is considered to have secrecy contained in the data to be transmitted to the server device 12. The above is the description of the method for specifying the level of secrecy by the level of secrecy specifying unit 1173.

The determination unit 117 further includes a comparison unit 1174. The comparison unit 1174 compares the degree of encryption encryption specified by the degree-of-compliance specifying unit 1172 with the level of confidentiality of each partial data specified by the level of confidentiality specifying unit 1173 (the level of confidentiality indicated by the temporary storage list). The risk of each partial data accompanying transmission is determined. In the present embodiment, as an example, it is assumed that the comparison unit 1174 determines the risk regarding each partial data according to the following criteria.
(1) Concealment <Danger → “No danger”
(2) Concealment level = risk level → “Caution”
(3) Concealment level> Risk level → “Warning”

  For example, when the degree of danger identified by the degree of danger identification unit 1172 is “2”, the comparison unit 1174 indicates “no risk” for the partial data of the temporary save list with the confidentiality level “1”. A security level of “2” is determined as “caution”, and a security level of “3” or “4” is determined as “warning”.

  The comparison unit 1174 generates instruction data for instructing display of the determination result screen indicating the result of the determination performed as described above, and delivers the instruction data to the display unit 1121. The display unit 1121 pops up a determination result screen as shown in FIG. 7 according to the instruction data delivered from the comparison unit 1174. On the determination result screen, first, the degree of danger specified by the degree of danger specifying unit 1172 is displayed. In addition, the determination result screen displays a list of partial data included in the temporary save list, the determination result of the comparison unit 1174 being “caution” or “warning”. The list includes “alert” indicating the determination result by the comparison unit 1174, “personal information” indicating the content of each partial data, and “confidentiality” indicating the confidentiality specified by the confidentiality specifying unit 1173 for each partial data. Is displayed. If there is no judgment result of “Caution” or “Warning”, only the degree of danger is displayed on the judgment result screen, and it is notified that there is no problem in transmission of the data.

  In the list of FIG. 7, up and down arrows are displayed to the right of the display of “confidentiality”. The user can correct the confidentiality specified by the confidentiality specifying unit 1173 by touching these arrows as necessary. In response to the touch operation by the user, the input unit 1122 generates instruction data indicating a confidentiality correction instruction, and delivers the instruction data to the confidentiality data update unit 1162. The instruction data includes, for example, data indicating the content of partial data to be corrected and the confidentiality after correction. The confidentiality data update unit 1162 updates the confidential data table stored in the storage unit 115 according to the instruction data received from the input unit 1122.

  For example, when a partial data with no confidentiality such as a shop address is erroneously displayed in the list on the determination result screen, the user corrects the confidentiality to “0” to thereby display the partial data from the list. The alert about can be turned off. Moreover, since the confidentiality level corrected by the user is stored in the confidential data table and used for subsequent determination, an erroneous alert is not displayed for the same partial data each time. Further, for example, the user may not receive unnecessary alerts frequently by reducing the confidentiality level from “2” to “1” as a default value for an unsolicited e-mail address. It can also be done.

  The functional configuration of the data transmission device 11 has been described above. Next, a flow of processing performed when the data transmission device 11 transmits data input by the user to the server device 12 will be described with reference to FIG.

  When the user operates the data transmission device 11 to display the screen of the Web browser and inputs a URL (Uniform Resource Locator) to request the server device 12 to transmit a Web page, the server device 12 responds to the request. Web page data for instructing the display of the Web page is transmitted to the data transmitting apparatus 11. The data transmission device 11 displays a web page according to the web page data (S101). Here, it is assumed that the Web page displayed in step S101 is a Web page that requests the user to input personal information and transmit it to the server device 12, such as a member information registration page.

  When the Web page data is received by the receiving unit 1111 along with the display of the Web page in step S101, the encryption method specifying unit 1171 is based on the data indicating the encryption method transmitted from the server device 12, and the server device 12 The encryption method used in the data transmission for is specified (S102). The encryption method specifying unit 1171 passes data indicating the specified encryption method to the risk specifying unit 1172.

  The risk level identification unit 1172 reads the risk level data 1151 from the storage unit 115, and identifies the security level of the encryption method indicated in the data delivered from the encryption method specification unit 1171 (S103). When a plurality of encryption methods are used, the risk level indicating that the strength is the lowest among the risk levels specified for each of them (that is, the lowest numerical value) is transmitted to the server device 12. Specified as the degree of compromise of the encryption method.

  In parallel with steps S102 and S103, the user operates the input unit 1122 to input various data such as name and address on the Web page displayed on the display unit 1121 (S104). The data generation unit 113 generates data to be transmitted to the server device 12 in response to a user data input operation on the input unit 1122. When the user finishes inputting necessary data and performs an operation to instruct the input unit 1122 to transmit the data (S105), the data generation unit 113 delivers the generated data to be transmitted to the confidentiality specifying unit 1173. .

  When the confidentiality specifying unit 1173 receives data from the data generation unit 113, the confidentiality specification unit 1173 reads the confidential data format table and the confidential data table from the storage unit 115, extracts partial data that seems to be confidential according to the confidential data format table, The degree of secrecy of each of the extracted partial data is specified according to the secrecy data table (S106).

  The danger level identification unit 1172 delivers data indicating the danger level identified in step S103, and the confidentiality level identification unit 1173 delivers data indicating the confidentiality level specified for each of the partial data in step S106 to the comparison unit 1174.

  The comparison unit 1174 compares the data delivered from the risk level identification unit 1172 and the confidentiality level specification unit 1173, and determines whether or not the risk level is sufficiently low with respect to the security level for each of the partial data (S107). ). The comparison unit 1174 generates instruction data for instructing display of the determination result screen indicating the determination result in step S <b> 107 and delivers the instruction data to the display unit 1121. The display unit 1121 pops up a determination result screen as shown in FIG. 7 according to the instruction data delivered from the comparison unit 1174 (S108).

  When the user determines that the transmission of the data should be stopped based on the content of the determination result screen, the user can stop the data transmission by touching “Do not transmit” displayed on the determination result screen. In that case (S109; “1”), the data transmitting apparatus 11 returns the process to step S104 and displays the Web page again. For example, after deleting data that the user does not want to transmit on the Web page, the user may give a transmission instruction again, or may operate the Web browser to close the Web page itself and stop data transmission. .

  If the user sees the contents of the judgment result screen and there is partial data that the confidentiality level is felt to be too high or too low, the confidentiality can be determined by touching the arrow near the display of the confidentiality level for the partial data. A degree of correction can be made. In that case (S109; “2”), the instruction data for instructing the correction generated according to the operation performed by the user to the input unit 1122 is transferred from the input unit 1122 to the confidentiality data update unit 1162, and the confidentiality data The secret data table is updated by the updating unit 1162 (S110).

  If the user looks at the contents of the determination result screen and determines that there is no problem in data transmission, the user can execute data transmission by touching “Send” displayed on the determination result screen. In that case (S109; “3”), the data generation unit 113 passes the data to be transmitted to the encryption unit 114. The encryption unit 114 encrypts the data delivered from the data generation unit 113 (S111), and delivers it to the transmission unit 1112. The transmission unit 1112 transmits the encrypted data delivered from the encryption unit 114 to the server device 12 (S112).

  Of the processes in steps S101 to S112, the processes performed in accordance with the application program according to the present embodiment are steps S102, S103, and S106 to S110, and steps S101, S104, S105, S111, and S112 are performed in accordance with the Web browser. This is a process to be performed.

  As described above, according to the data communication system 1, when a user attempts to transmit data from the data transmission device 11 to the server device 12, the encryption used in the transmission of the data in light of the confidentiality of the data. It is determined whether or not the encryption method is sufficiently compromised, and the result is notified to the user, so that the user can easily secure security in data transmission even without special knowledge about the encryption method etc. can do.

  Further, in the data communication system 1, since the confidentiality is notified not with respect to the entire data to be transmitted but with respect to individual partial data included in the data, the user has a high confidentiality in light of, for example, the degree of compromise of the encryption method. It is easy to take measures such as sending data after deleting the data.

  Furthermore, in the data communication system 1, when the automatically specified confidentiality is different from the actual user's sense, once the user corrects the confidentiality, the correction content is reflected in the subsequent determination. . Therefore, unnecessary notifications are not repeatedly performed.

  Further, in the data communication system 1, since the danger level data 1151 is updated to the latest one as necessary, a correct determination is made even if the danger level changes with the passage of time.

[Modification]
The embodiment described above is an embodiment of the present invention, and can be variously modified within the scope of the technical idea of the present invention. Examples of these modifications are shown below.

  In the above-described embodiment, a configuration in which the data transmission device 11 includes the display unit 1121 and the input unit 1122 is employed. However, a configuration in which the display unit 1121 and the input unit 1122 are external devices of the data transmission device 11 is employed. May be. For example, when the data transmission device 11 is a desktop PC, the display that constitutes the display unit 1121, the keyboard and mouse that constitute the input unit 1122, and the like are not normally incorporated in the data transmission device 11.

In the above-described embodiment, the configuration in which the determination result by the comparison unit 1174 is notified to the user by the display of the determination result screen by the display unit 1121 is employed. For example, a configuration in which notification is performed by voice may be employed. In this case, the data transmission device 11 includes a sound data generation unit that generates sound data indicating a determination result, for example, and outputs the sound data to a sounding device such as a built-in or externally connected speaker, thereby providing notification. It can be carried out.
In the above-described embodiment, a configuration is adopted in which only the data input by the user among the data transmitted to the server device 12 is determined. However, data that is not input by the user is also included. It is good also considering the whole data transmitted to the server apparatus 12 included.

  In the above-described embodiment, the data transmitted from the data transmission device 11 to the server device 12 is input by the user of the data transmission device 11 to the input form provided in the form of a Web page from the server device 12. Although the data is assumed to be data, the data transmitted from the data transmission device 11 to the server device 12 may be data transmitted according to another data format or another protocol such as e-mail.

  Further, in the above-described embodiment, a configuration is adopted in which a determination result is notified for each of partial data included in transmitted data. However, a determination is made on the entire transmitted data, and the result is obtained. A configuration for notification may be adopted.

  In the above-described embodiment, a configuration is employed in which the same notification is performed without considering the type of encryption method. For example, the determination result in light of the danger of the public key encryption method and the hash A configuration may be adopted in which notification according to the type of encryption method is made, such as making the determination result in light of the risk of function different. For example, if the risk of public key cryptography is high, a notification “data may be wiretapped” is sent, and if the hash function is high, the data transmission destination is false. If the notification is configured to notify the user, the nature of the danger is accurately communicated to the user. For example, if the URL of the destination is confirmed to be correct, an unnecessary anxiety is generated. This is desirable without causing the user to hold it.

  In the above-described embodiment, the data transmission apparatus 11 is realized by causing a general computer to execute processing according to the program according to the present invention. For example, the functional configuration illustrated in FIG. The data transmission device 11 may be configured as a so-called dedicated machine realized by hardware.

DESCRIPTION OF SYMBOLS 1 ... Data communication system, 9 ... Network, 11 ... Data transmission apparatus, 12 ... Server apparatus, 101 ... CPU, 102 ... ROM, 103 ... RAM, 104 ... SSD, 105 ... Communication module, 106 ... Display, 107 ... Touch sensor , 111 ... communication unit, 112 ... user I / F, 113 ... data generation unit, 114 ... encryption unit, 115 ... storage unit, 116 ... update unit, 117 ... determination unit, 1111 ... reception unit, 1112 ... transmission unit, DESCRIPTION OF SYMBOLS 1121 ... Display part, 1122 ... Input part, 1151 ... Danger degree data, 1152 ... Confidentiality data, 1161 ... Danger degree data update part, 1162 ... Confidentiality data update part, 1171 ... Encryption method specific part, 1172 ... Danger degree Identification unit, 1173 ... Concealment level identification unit, 1174 ... Comparison unit

Claims (7)

Storage means for storing danger data indicating a criterion for specifying the risk of encryption and confidentiality data indicating a criterion for specifying the confidentiality of the data;
Transmission means for transmitting data to an external device;
Encryption means for encrypting data transmitted by the transmission means;
An encryption method specifying means for specifying an encryption method used when transmitting data to one external device by the transmission means;
A risk degree specifying means for specifying a risk degree of the encryption method specified by the encryption method specifying means based on the risk degree data stored in the storage means;
A secrecy level specifying unit for specifying a secrecy level of data transmitted from the transmission unit to the one external device based on secrecy level data stored in the storage unit;
Comparison means for comparing the confidentiality specified by the confidentiality specifying means with the danger specified by the danger specifying means;
A data transmission apparatus comprising: a notification unit configured to notify a user according to a comparison result by the comparison unit. A receiving means for receiving risk data indicating a criterion for identifying the encryption security risk from an external device;
The data transmission device according to claim 1, wherein the storage unit updates the danger level data stored by the danger level data received by the reception unit. The confidentiality specifying means specifies the confidentiality of the partial data for each of a plurality of partial data included in the data transmitted to the one external device by the transmitting means,
The data transmission device according to claim 1, wherein the notification unit performs the notification related to at least one partial data of the plurality of partial data. Comprising input means for receiving input of data from the user by generating predetermined data in response to the user's operation;
The notifying means prompts the user to determine whether the confidentiality specified by the confidentiality specifying means is correct or not in the notification related to the at least one partial data;
The data transmission device according to claim 3, wherein the storage unit updates the confidentiality data based on data input to the input unit by the user in response to a determination by the notification unit. Comprising input means for receiving input of data from the user by generating predetermined data in response to the user's operation;
5. The confidentiality specifying means specifies the confidentiality of a portion of data input to the input means by the user among data transmitted to the one external device by the transmitting means. The data transmission device according to any one of the above. A data transmission device having a transmission means for transmitting data to an external device, and a degree of confidentiality indicating a criterion for identifying the degree of risk of data and a degree of confidentiality indicating the criterion for identifying the degree of danger of the encryption method A storage step for storing data;
An encryption method specifying step for specifying an encryption method used at the time of data transmission before the data transmission device transmits data to one external device;
Prior to data transmission to the one external device, the data transmitting device specifies the risk of the encryption method specified in the encryption method specifying step based on the risk data stored in the storage step. A risk identification step;
Prior to transmission of data to the one external device, the data transmission device specifies the confidentiality of the data based on the confidentiality data stored in the storage step, and
A comparison step in which the data transmission device compares the confidentiality specified in the confidentiality specification step with the risk specified in the risk specification step prior to data transmission to the one external device;
A notification method comprising: a notification step in which the data transmission device notifies a user of the data transmission device according to a comparison result in the comparison step prior to transmission of data to the one external device. In a computer having a transmission means for transmitting data to an external device,
A process of storing risk data indicating criteria for identifying the risk of encryption;
A process of storing confidentiality data indicating a criterion for specifying the confidentiality of data;
Prior to the transmission of data to one external device by the transmission means, a process for specifying an encryption method used when transmitting the data;
Prior to transmission of data to the one external device, a process of specifying the degree of danger of the specified encryption method based on the stored degree of danger data;
Prior to transmission of data to the one external device, a process of specifying the confidentiality of the data based on the stored confidentiality data;
Prior to transmission of data to the one external device, a process of comparing the specified degree of confidentiality with the specified degree of compromise;
A program for executing a process of notifying a user of the computer according to a result of the comparison prior to transmission of data to the one external device.

Images