JP2023087010A - Secret sharing management system, secret sharing management device, and program - Google Patents

Abstract

To provide a technique that allows legitimate users to use confidential information safely even if a storage medium of n distributed keys cannot be carried in secret sharing management by a (k, n) threshold method.SOLUTION: A server device includes a storage unit, a share receiving unit, a table updating unit, and a share transmitting unit. The share receiving unit receives secret sharing information and information specifying its version transmitted from a secret sharing management device that performs secret sharing management by a secret sharing method connected via a network. The table updating unit stores the secret sharing information and the information specifying the version in the storage unit, in association with each other. The share transmitting unit transmits the secret sharing information associated with new information of the version in the secret sharing information from the storage unit to the secret sharing management device.SELECTED DRAWING: Figure 1

Description

The present invention relates to a server device, a secret sharing management system, and a secret sharing management device.

In various information systems, the protection of confidential information is required, but strict management of confidential information is troublesome when using it, and the loss or forgetting of information necessary for its use can lead to a loss of access to confidential information. There are many things. For example, by utilizing n distributed keys (shares) generated based on the (k, n) threshold method (k is a natural number, n is a natural number greater than k), up to (nk) distributed keys However, the user must carry storage media for n distributed keys, which is not very convenient.

Patent Document 1 discloses a personal information management device that limits the use of personal information to a specific user who owns the device. distributed key storage means for storing one distributed key out of n distributed keys generated based on the (k, n) threshold secret sharing method using the decryption key used for decrypting the personal information obtained; , the reaching distance of radio waves is limited to a predetermined distance, wireless communication is performed, and (n- 1) link confirmation means for confirming whether or not a link can be established with each of the (n-1) distributed key storage devices that store any of the distributed keys without duplication; obtaining means for obtaining a distributed key from each of (k-1) distributed key storage devices with which links have been established when links have been established with at least one distributed key storage device; and the (k−1) distributed keys, the decryption key is restored based on the (k, n) threshold secret sharing method, and the links with the (k−1) distributed key storage devices can be established. a decryption key generation means for holding a decryption key only while the decryption key is stored; decrypting and holding encrypted personal information using the held decryption key; and (k−1) distributed key storage devices; A personal information management device is described which includes decryption means for discarding decrypted personal information when a link cannot be established.

Japanese Patent No. 4771942

The above technology can restore up to (n−k) distributed keys (shares) even if they are lost, but if more than (n−k) shares are lost, information cannot be restored. Can not.

An object of the present invention is to enable safe use of secret information by legitimate users when more than (nk) shares are lost in secret sharing management by the (k, n) threshold method. It is to provide technology.

The present application includes a plurality of means for solving at least part of the above problems, and examples thereof are as follows. A server device according to an aspect of the present invention includes a storage unit, a share reception unit, a table update unit, and a share transmission unit. The table updating unit receives the secret sharing information and information specifying its version transmitted from a secret sharing management apparatus that performs secret sharing management, and associates the secret sharing information and the information specifying the version, and stores the information in the storage unit. and the share transmission unit transmits the secret sharing information associated with the information having a newer version among the secret sharing information from the storage unit to the secret sharing management device.

Further, in the above server device, the table updating unit stores information indicating the validity of the secret sharing information in association with each of the secret sharing information, and the share transmitting unit updates the secret sharing information to the above and a share provision determination unit that determines whether or not to transmit the secret sharing information according to information indicating the validity of the secret sharing information when transmitting to the secret sharing management device. .

Further, in the above server device, when the share transmission unit transmits the secret sharing information to the secret sharing management device, the share provision determination unit determines whether the secret sharing information is not valid and a predetermined If the request is from a privileged user, the secret sharing information may be transmitted.

A secret sharing management system according to another aspect of the present invention is a secret sharing management system including a server device and a secret sharing management device connected to the server device via a network, wherein the server device comprises a storage unit, a share reception unit, a table update unit, and a share transmission unit, and the share reception unit receives information specifying the share and its version transmitted from the secret sharing management device. , the table update unit associates information specifying the share and the version and stores the information in the storage unit; and the share transmission unit stores information from the storage unit in which the version of the share is associated with the new information. is sent to the secret sharing management device, and the secret sharing management device divides the data set into a plurality of shares using the secret sharing method, generates information specifying the version, and each of the shares is a different management unit. A share generation unit for storing in a storage area, a share transmission unit for transmitting a copy of the share to the server device connected via a network, and acquiring the stored share from the storage area or the server device. It is characterized by comprising a share collection unit and a share combining unit that performs processing of decoding the data set using the shares acquired by the share collection unit.

Further, in the above secret sharing management system, in the server device, the table updating unit stores information indicating the validity of the secret sharing information in association with each of the secret sharing information, and the share transmitting unit a share provision determination unit that determines whether or not to transmit the secret sharing information to the secret sharing management device according to information indicating the validity of the secret sharing information. can be anything.

Further, in the secret sharing management system, in the server device, the share provision determination unit determines that the secret sharing information is The secret sharing information may be transmitted when it is not valid and the request is from a predetermined privileged user.

A secret sharing management device according to another aspect of the present invention divides a data set into a plurality of shares using a secret sharing method, and stores each of the shares in storage areas of different management units. a share transmission unit for transmitting copies of the shares to a plurality of predetermined backup servers connected via a network; a share collection unit for acquiring shares stored in the storage area or the backup server; and a share combiner that decodes the data set using the shares acquired by the share collector.

Further, the above-described secret sharing management device includes a biometric information acquisition unit that acquires biometric information of a user, and a biometric matching unit that performs biometric authentication using the biometric information, and the share coupling unit includes: The data set may be decrypted when authentication by the biometric matching unit is successful.

Further, in the secret sharing management device described above, the share generation unit may use a storage device of a connected predetermined smartphone as one of the storage areas.

Further, in the secret sharing management device, the share generation unit assigns version information to each of the shares, and the share combining unit uses the version information to identify shares with matching versions, and It may be characterized by decoding the data set.

According to the present invention, in the secret sharing management by the (k, n) threshold method, if more than (n−k) shares are lost, the secret information can be safely used by authorized users.

Problems, configurations, and effects other than those described above will be clarified by the following description of the embodiments.

1 is a block diagram of a secret sharing management system according to an embodiment; FIG. 2 is a block diagram of a share backup server device; FIG. It is a figure which shows the data structure stored in a first share table. It is a figure which shows the data structure stored in a 2nd share table. It is a figure which shows the hardware structural example of a secret-sharing management apparatus. It is a figure which shows the hardware structural example of a biometric information reader. It is a figure which shows the hardware configuration example of a share backup server apparatus. FIG. 10 is a diagram illustrating an example of a flow of share generation processing; FIG. 10 is a diagram illustrating an example of a flow of share table update processing; FIG. 10 is a diagram showing an example of the flow of data set restoration processing;

A business system 1 employing a secret sharing management system to which an embodiment according to one aspect of the present invention is applied will be described below with reference to the drawings. For the sake of convenience, the following embodiments are divided into a plurality of sections or embodiments when necessary, but unless otherwise specified, they are not independent of each other, and one There is a relationship of part or all of the modification, details, supplementary explanation, etc.

In addition, in the following embodiments, when referring to the number of elements (including the number, numerical value, amount, range, etc.), when it is particularly specified, when it is clearly limited to a specific number in principle, etc. Except, it is not limited to the specific number, and may be more or less than the specific number.

Furthermore, in the following embodiments, the constituent elements (including element steps, etc.) are not necessarily essential, unless otherwise specified or clearly considered essential in principle. Needless to say.

Similarly, in the following embodiments, when referring to the shape, positional relationship, etc. of components, etc., unless otherwise explicitly stated or in principle, it is considered that the shape is substantially the same. It shall include things that are similar or similar to, etc. This also applies to the above numerical values and ranges.

In addition, in all the drawings for explaining the embodiments, the same members are basically given the same reference numerals, and repeated description thereof will be omitted.

FIG. 1 is a block diagram of a business system 1 equipped with a secret sharing management system according to this embodiment. The business system 1 includes a secret sharing management device 200 used by a user 100, an external storage medium 300 connected to the secret sharing management device 200, a biometric information reading device 400 connected to the secret sharing management device 200, a secret A first share backup server device 500 that can communicate with the distributed management device 200 via the network 150, a second share backup server device 600 that can communicate with the secret sharing management device 200 via the network 150, A privileged user terminal 700 capable of communicating with share backup server device 500 and second share backup server device 600 via network 150 is included.

The network 150 is a LAN (Local Area Network), a WAN (Wide Area Network), the Internet, a mobile phone network, etc., or a communication network combining these. Note that the network 150 may be a VPN (Virtual Private Network) or the like on a wireless communication network such as a mobile phone communication network.

In the business system 1, the user performs an input/output operation using the secret sharing management device 200, and a data set including created files (even if it is data in the entire storage area used by the user of the storage unit 220) (or in units of files) are stored in the state of shares (fragments of secret information) distributed in the storage unit 220 of the secret sharing management device 200 and the external storage medium 300 . Also, the shares distributed to the storage unit 220 of the secret sharing management device 200 and the external storage medium 300 are stored in the first share backup server device 500 and the second share backup server device 600, respectively.

When the data set is restored from the shares, the secret sharing management device 200 uses the shares stored in the external storage medium 300 and the storage unit 220 to perform decryption processing. At that time, if the external storage medium 300 is lost, or if the user does not carry it with him/her when using it, the conventional technology cannot decrypt it, and the second share can be obtained from the external storage medium 300. Can not. However, secret sharing management device 200 can acquire a second share from second share backup server device 600 via network 150 . Therefore, in secret sharing management by the (k, n) threshold method, confidential information can be used safely even if the storage medium for n distributed keys cannot be carried, or more than (nk) distributed keys are lost. It can be said that it is possible.

Examples of application of the business system 1 include a business system involving the handling of personal information such as customer information, a business system involving the use of confidential information related to business activities and management resources, and the like.

At that time, the user operates the secret sharing management device 200 to operate the document file containing confidential information and the spreadsheet file containing information related to accounting (these are data sets). ) is created and saved. The secret sharing management device 200 creates a plurality of shares using the secret sharing method in the storage processing of secret information including such document files, spreadsheet files, etc., It is distributed to and managed by the storage unit 310 of the external storage medium 300 . By storing the share backup in the first share backup server device 500 and the second share backup server device 600 connected via the network 150, loss of the external storage medium 300 or the secret sharing management device 200 can be prevented. can be restored in time.

In addition, when the user operates the secret sharing management device 200 to access the document file or the spreadsheet file that is subject to distributed management as described above, the secret sharing management device 200 is distributed and managed. Shares of the same version can be collected and decrypted to restore the dataset.

It should be noted that biometric authentication of the user can be performed by collating the biometric information during such a data set restoration process. The secret sharing management device 200 completes the restoration process when it is confirmed by biometric authentication that the user is valid or the login by the privileged user is confirmed.

In addition, in the business system 1 equipped with a secret sharing management system, compared to the use of secret sharing software for personal computers alone, electronic files are backed up via a network, so the shared storage medium may be lost or the secret may be lost. The advantage is that the electronic files can be restored even if the distributed management device 200 is infected with malware. In addition, the number of shares to be carried is small compared to the number of shares that can restore the original electronic file even if the share is lost (for example, even if up to one share is leaked, the original electronic file can be prevented from being leaked). (k>1), the (1,2) threshold method is sufficient to restore the original electronic file even if up to two shares are lost, and the user carries two media. only). In addition, since shares are stored in a plurality of server devices, even if one of the backup communication paths is wiretapped, the original electronic file will not be leaked. Therefore, the communication path used for backup does not need to be strongly protected by a VPN (Virtual Private Network) or the like, and the system can be operated at low cost. In addition, the original electronic file can be seamlessly restored by automatically downloading the shares from the backup server device when the shares are not joined or the shares are lost.

The external storage medium 300 is, for example, a USB (Universal Serial Bus) memory, a storage medium such as an SD card, an electronic device having a storage area including a smartphone, or other electronic storage medium. The connection between the external storage medium 300 and the secret sharing management device 200 is, for example, USB connection, Bluetooth (registered trademark) connection, NFC (Near Field Communication) connection, 2.54 GHz band wireless LAN (Local Area Network), or the like. Various connections are possible.

The biometric information reader 400 is a device that reads the biometric information of the user 100 . For example, the biometric information reader 400 reads biometric information such as a fingerprint, voiceprint, iris, or vein of the user 100 and transfers it to the secret sharing management device 200 . Further, the connection between the biometric information reading device 400 and the secret sharing management device 200 is, for example, USB connection, Bluetooth (registered trademark) connection, NFC (Near Field Communication) connection, 2.54 GHz band wireless LAN (Local Area Network), or the like. Various connections are possible.

The first share backup server device 500 is an information processing device such as a so-called server device. Connected. The same applies to the second share backup server device 600 as well.

The privileged user terminal 700 is an information processing device such as a so-called personal computer, and is connected to the secret sharing management device 200, the first share backup server device 500, and the second share backup server device 600 via the network 150. be done.

The secret sharing management device 200 is an information processing device that can authenticate users of the business system 1 . Secret sharing management apparatus 200 includes control unit 210 , storage unit 220 , communication unit 230 , input unit 240 and output unit 250 . Control unit 210 includes share generating unit 211 , share combining unit 212 , share transmitting unit 213 , share collecting unit 214 , and biometric information matching unit 215 .

The share generator 211 divides the data set into a plurality of shares using secret sharing. Specifically, the share generation unit 211 generates a share (secret sharing information) for a predetermined storage area (data set) of the storage unit 220 using the (k, n) threshold method. At that time, the share generation unit 211 gives version information to each share. In addition, the share generation unit 211 associates version information with the generated shares, and stores storage areas of different management units for each share (for example, the storage unit 220 of the secret sharing management device 200 that does not affect the operation of each other, ) of the external storage medium 300.

The share combiner 212 uses the shares acquired by the share collector 214 to perform a process of decoding the data set. More specifically, the share combining unit 212 combines shares with matching versions acquired by the share collection unit 214, performs decryption processing, and restores the data set. Also, the data set is developed as a virtual area in a predetermined area of the storage unit 220 or memory.

Share transmission unit 213 transmits copies of shares to first share backup server device 500 connected via network 150 and second share backup server device 600 connected via network 150 . Specifically, share transmission unit 213 transmits a first share to first share backup server device 500 and a second share to second share backup server device 600 . These shares and share backup server devices to which the shares are transmitted are associated in advance.

The share collection unit 214 acquires shares stored in each of the storage unit 220 of the secret sharing management device 200 and the storage unit 310 of the external storage medium 300, or from the share backup server device.

The biometric information matching unit 215 performs predetermined biometric authentication processing when restoring the secret-sharing data set, confirms that the user is valid, and determines whether the user is a privileged user.

The biometric information matching unit 215 uses the biometric information of the user stored in advance in the biometric information template 221 of the storage unit 220 and the biometric information of the user 100 received when the authentication is requested. The matching of the biometric information is performed by the algorithm of (1), and if the degree of matching is equal to or higher than a predetermined value, it is determined that the authentication is successful, and if not, it is determined that the authentication is failed. However, biometric authentication processing is not limited to this.

The storage unit 220 stores a biometric information template 221 and a first share 222 . The biometric information template 221 is information used for identifying a user by matching biometric information by the biometric information matching unit 215 and determining whether or not the user is a privileged user. The first share 222 stores a partial fragment of the shares generated from the data set developed in the storage unit 220 or memory.

Communication unit 230 communicates with first share backup server device 500 , second share backup server device 600 and privileged user terminal 700 , which are other devices, via network 150 .

The input unit 240 receives input from the user 100 to the secret sharing management device 200 . For example, the input unit 240 receives various types of input such as typing, touch, and flick input, voice input, and line-of-sight input.

The output unit 250 outputs from the secret sharing management device 200 to the user 100 . The information to be output is various kinds of output information such as screens and forms.

The external storage medium 300 has a storage section 310 . A second share 315 is stored in the storage unit 310 . The second share 315 stores a partial fragment of the share generated from the data set developed in the storage unit 220 or memory of the secret sharing management device 200 .

The biometric information reader 400 includes a biometric information acquisition unit 410 . Upon receiving the instruction, the biometric information acquisition unit 410 reads predetermined biometric information and transfers the read biometric information to the secret sharing management device 200 .

FIG. 2 is a block diagram of a share backup server device. In this embodiment, as share backup server devices, a first share backup server device 500 and a second share backup server device 600 are provided. It is sufficient if one or more share backup server devices are provided.

The first share backup server device 500 includes a storage section 510 and a control section 520 . Storage unit 510 includes first share table 515 . The control unit 520 includes a share reception unit 521 , a share synchronization confirmation unit 522 , a table update unit 523 , a share transmission unit 524 , a share provision determination unit 525 and an expiration processing unit 526 .

FIG. 3 is a diagram showing the data structure stored in the first share table. The first share table 515 stores shares of a plurality of secret sharing management devices 200 for each secret sharing management device 200 and version. First share table 515 stores terminal ID 515A, expiration 515B, share version 515C, update date and time 515D, and share binary data 515E in association with each other. Terminal ID 515A is information that identifies secret sharing management device 200 . Revocation 515B is information specifying whether or not the terminal has been revoked, that is, access from secret sharing management device 200 specified by terminal DI 515A is prohibited. The share version 515C is information specifying the share version. The update date/time 515D is information specifying the date/time when the share was stored. The share binary data 515E is share binary data.

The share reception unit 521 receives shares from the secret sharing management device 200 . The share synchronization confirmation unit 522 confirms whether or not the received share is synchronized with another share backup server device. Specifically, when the first share table 515 is updated by the table update unit 523, the share synchronization confirmation unit 522 transmits the terminal ID and the version information to the other share backup server devices, and confirms that they match. confirm. If they do not match, the share synchronization confirmation unit 522 causes the table update unit 523 to cancel the update. Alternatively, when the terminal ID and version information are transmitted from another share backup server device, the share synchronization confirmation unit 522 confirms that they match the received terminal ID and version information of the share. If they do not match, it is notified to other share backup server devices.

The table updating unit 523 updates the first share table 515 using the shares received by the share receiving unit 521 . Since it is preferable to perform version management, the table updating unit 523 updates the first share table 515 by adding a record, but is not limited to this. may be stored.

The share transmission unit 524 reads the latest version or the specified version of the share for each secret sharing management device 200 identified by the terminal ID among the shares stored in the first share table 515, and performs the secret sharing management. Send to device 200 .

When the share transmission unit 524 transmits the share, the share provision determination unit 525 determines whether or not to transmit according to the information indicating the validity of the share. The information indicating the validity of the share is specified by the revocation 515B, access terminal ID and user ID. The share provision determination unit 525 does not transmit a share in response to a share request from the secret sharing management device 200 for which the revocation 515B of any version of the share is set to "1". However, if the privileged user requests using the privileged user terminal 700 , this is not the case and the latest share is sent to the privileged user terminal 700 .

The revocation processing unit 526 performs processing to prevent the share from being acquired by a transferee (third party), such as when the secret sharing management device 200 or the external storage medium 300 is lost. Specifically, the revocation processing unit 526 receives the terminal ID to be revoked in response to access by the privileged user from the privileged user terminal 700, and the share of all versions of the terminal ID is stored in the first share table. The revocation 515B of 515 and the revocation 615B of the second share table 615 are set to "1" which means that they are not valid. Conversely, when the loss is resolved, the invalidation processing unit 526 accepts the terminal ID to be validated according to the privileged user's access from the privileged user terminal 700, and sends the terminal ID from the second share backup server device 600. Get the latest version share and restore the dataset. Then, the revocation processing unit 526 divides the data set into multiple shares using the same secret sharing method as the share generation unit 211 . At that time, the invalidation processing unit 526 generates a different share using a random number or the like so as not to match the share with the old version. In addition, the revocation processing unit 526 stores the share in each share backup server device as information that has not been revoked. Then, the revocation processing unit 526 passes all shares to the privileged user terminal 700 .

The second share backup server device 600 includes a storage section 610 and a control section 620 . Storage unit 610 includes second share table 615 . The control unit 620 includes a share reception unit 621 , a share synchronization confirmation unit 622 , a table update unit 623 , a share transmission unit 624 , a share provision determination unit 625 and an expiration processing unit 626 .

FIG. 4 is a diagram showing the data structure stored in the second share table. The second share table 615 stores shares of a plurality of secret sharing management devices 200 for each secret sharing management device 200 and version. Second share table 615 stores terminal ID 615A, expiration 615B, share version 615C, update date and time 615D, and share binary data 615E in association with each other. Terminal ID 615A is information that identifies secret sharing management device 200 . Revocation 615B is information specifying whether or not the terminal has been revoked, that is, access from secret sharing management apparatus 200 specified by terminal ID 615A is prohibited. The share version 615C is information specifying the share version. The update date/time 615D is information specifying the date/time when the share was stored. The share binary data 615E is share binary data.

The share reception unit 621 receives shares from the secret sharing management device 200 . A share synchronization confirmation unit 622 confirms whether or not the received share is synchronized with another share backup server device. Specifically, when the second share table 615 is updated by the table update unit 623, the share synchronization confirmation unit 622 transmits the terminal ID and the version information to the other share backup server devices, and confirms that they match. confirm. If they do not match, the share synchronization confirmation unit 622 causes the table update unit 523 to cancel the update. Alternatively, when the terminal ID and version information are transmitted from another share backup server device, the share synchronization confirmation unit 622 confirms that they match the received terminal ID and version information of the share. If they do not match, it is notified to other share backup server devices.

The table updating unit 623 updates the second share table 615 using the shares received by the share receiving unit 621 . Since it is preferable to perform version management, the table updating unit 623 updates the second share table 615 by adding a record, but it is not limited to this. may be stored.

The share transmission unit 624 reads the latest version or the specified version of the share for each secret sharing management device 200 identified by the terminal ID among the shares stored in the second share table 615, and performs the secret sharing management. Send to device 200 .

When the share transmission unit 624 transmits the share, the share provision determination unit 625 determines whether or not to transmit according to the information indicating the validity of the share. The information indicating the validity of the share is specified by the revocation 615B, access terminal ID and user ID. The share provision determining unit 625 does not transmit a share in response to a share request from the secret sharing management device 200 for which the revocation 615B is set to "1" for any version of the share. However, if the privileged user requests using the privileged user terminal 700 , this is not the case and the latest share is sent to the privileged user terminal 700 .

The revocation processing unit 626 performs processing to prevent the share from being acquired by a transferee (third party), such as when the secret sharing management device 200 or the external storage medium 300 is lost. Specifically, the revocation processing unit 626 receives the terminal ID to be revoked in response to access by the privileged user from the privileged user terminal 700, and stores the share of the latest version of the terminal ID in the second share table 615. is set to "1", which means that it is not valid. Conversely, when the loss is resolved, the invalidation processing unit 626 accepts the terminal ID to be validated according to access by the privileged user from the privileged user terminal 700, and shares all versions of the terminal ID. , the invalidity 615B of the second share table 615 is set to "0" which means valid.

Returning to the description of FIG. The privileged user terminal 700 is a terminal used by a user who has privileges to manage shares. For example, when the share of the secret sharing management device 200 or the external storage medium 300 is lost, the user 100 contacts the user 100 to limit the use of the share, or starts using a new secret sharing management device 200. It is a terminal for acquiring and providing (data recovery) the share of the immediately preceding version. Privileged user terminal 700 has the same configuration as other secret sharing management device 200 .

FIG. 5 is a diagram showing a hardware configuration example of a secret sharing management device. The secret sharing management apparatus 200 has a hardware configuration realized by a housing of a so-called personal computer or tablet terminal. The secret sharing management device 200 connects the arithmetic device 201, the main storage device 202, the auxiliary storage device 203, the communication device 204, the external storage medium connection device 205, the biometric information reader connection device 206, and each device. a bus 207; In addition, the secret sharing management device 200 includes input/output devices such as a touch panel, keyboard, microphone, and display.

The computing device 201 is, for example, a computing device such as a CPU (Central Processing Unit).

The main memory device 202 is, for example, a memory device such as a RAM (Random Access Memory).

Auxiliary storage device 203 is a non-volatile storage device such as a so-called hard disk drive, solid state drive (SSD), or flash memory that can store digital information.

The communication device 204 is a device such as a network card that establishes a communication path with other devices such as the first share backup server device 500 and the second share backup server device 600 via the network 150 or the like, and transmits and receives information. is.

The external storage medium connection device 205 has a USB interface for connecting with a USB memory or a smartphone. The biometric information reader connection device 206 has a USB interface.

Input/output devices include various input/output devices such as keyboards, mice, touch panels, displays, microphones, and speakers.

The input/output device, the arithmetic device 201, the main memory device 202, the auxiliary memory device 203, the communication device 204, the external storage medium connection device 205, and the biometric information reader connection device 206 are connected by a bus 207 or the like. They are connected to each other by conductors.

Share generating unit 211, share combining unit 212, share transmitting unit 213, share collecting unit 214, and biometric information matching unit 215 of secret sharing management device 200 described above are executed by a program that causes computing device 201 to perform processing. Realized. This program is stored in the main storage device 202, the auxiliary storage device 203, or a ROM device (not shown), loaded onto the main storage device 202 for execution, and executed by the arithmetic unit 201. FIG.

Also, the storage unit 220 of the secret sharing management device 200 is implemented by the main storage device 202 and the auxiliary storage device 203 . Also, the communication unit 230 of the secret sharing management device 200 is realized by the communication device 204 . The input unit 240 and the output unit 250 are implemented by input/output devices. The hardware configuration example of the secret sharing management device 200 has been described above.

FIG. 6 is a diagram illustrating a hardware configuration example of a biometric information reader. The biometric information reader 400 includes a biometric information acquisition device 401, an arithmetic device 402, a main storage device 403, an external connection device 404, and a bus 405 connecting each device.

A biometric information acquisition device 401 is a unit for acquiring biometric information such as fingerprints, vein patterns, irises, and voiceprints, and is equipped with various input devices such as an infrared reader, a camera, and a microphone according to the acquired information.

The computing device 402 is, for example, a computing device such as a CPU.

The main memory device 403 is, for example, a memory device such as a RAM.

The external connection device 404 is a device that connects to the secret sharing management device 200 via USB.

The biometric information acquiring unit 410 of the biometric information reading device 400 described above is implemented by a program that causes the arithmetic device 402 to perform processing. This program is stored in the main storage device 403 or a ROM device (not shown), loaded onto the main storage device 403 for execution, and executed by the arithmetic unit 402 . The hardware configuration example of the biometric information reader 400 has been described above.

FIG. 7 is a diagram showing a hardware configuration example of a share backup server device. The first share backup server device 500 and the second share backup server device 600 have a hardware configuration implemented by a housing of a so-called personal computer or tablet terminal. The first share backup server device 500 comprises an arithmetic device 501, a main storage device 502, an auxiliary storage device 503, a communication device 504, and a bus 505 connecting each device. Since the second share backup server device 600 also has substantially the same hardware configuration as the first share backup server device 500, the description thereof will be omitted.

The computing device 501 is, for example, a computing device such as a CPU.

The main memory device 502 is, for example, a memory device such as a RAM.

Auxiliary storage device 503 is a non-volatile storage device such as a so-called hard disk, SSD, or flash memory capable of storing digital information.

The communication device 504 is a device such as a network card that establishes a communication path with other devices such as another shared backup server device, the privileged user terminal 700, and the secret sharing management device 200 via the network 150 or the like, and transmits and receives information. be.

Arithmetic device 501 , main memory device 502 , auxiliary memory device 503 , and communication device 504 are connected to each other by connection wires such as bus 505 .

The share reception unit 521 , the share synchronization confirmation unit 522 , the table update unit 523 , the share transmission unit 524 , and the share provision determination unit 525 of the first share backup server device 500 described above send processing to the arithmetic device 501 . It is realized by a program that makes it run. This program is stored in the main storage device 502, the auxiliary storage device 503, or a ROM device (not shown), loaded onto the main storage device 502 for execution, and executed by the arithmetic device 501. FIG.

Also, the storage unit 510 of the first share backup server device 500 is implemented by the main storage device 502 and the auxiliary storage device 503 . A communication unit (not shown) is implemented by the communication device 504 . The hardware configuration example of the first share backup server device 500 has been described above.

The configuration of each of secret sharing management device 200, first share backup server device 500, and second share backup server device 600 can also be classified into more components according to processing contents. Also, one component can be grouped to perform more processing.

In addition, each control unit (share generating unit 211, share combining unit 212, share transmitting unit 213, share collecting unit 214, biometric information matching unit 215, share receiving unit 521, share synchronization confirming unit 522, The table update unit 523, the share transmission unit 524, and the share provision determination unit 525) may be constructed by dedicated hardware (ASIC, GPU, etc.) that realizes their respective functions. Also, the processing of each control unit may be executed by one piece of hardware, or may be executed by a plurality of pieces of hardware.

Next, the operation of the business system 1 according to this embodiment will be described.

FIG. 8 is a diagram illustrating an example of the flow of share generation processing. The share generation process is activated when the secret sharing management device 200 is terminated or transitions to a dormant state such as standby.

First, the share generation unit 211 generates a share for the virtual area developed in the memory or the storage unit 220, and stores the share in a predetermined storage unit (step S200). Specifically, the share generating unit 211 generates a share using a predetermined algorithm of the conventional technology, automatically assigns a version number, and stores the share together with the version and terminal ID in the storage unit 220 and the storage unit 310 of the external storage medium 300. They store the first share 222 and the second share 315, respectively.

Then, share transmission unit 213 transmits the first share, the version, and the terminal ID to first share backup server device 500 (step S210). In addition, share transmission unit 213 transmits the second share, the version, and the terminal ID to second share backup server device 600 (step S211).

Share reception unit 521 of first share backup server device 500 receives the first share, version, and terminal ID (step S220). Also, the share receiving unit 621 of the second share backup server device 600 receives the second share, the version, and the terminal ID (step S221).

Then, the share synchronization confirmation unit 522 of the first share backup server device 500 transmits the received first share version and terminal ID to the second share backup server device 600 for synchronization confirmation. (Step S230).

Then, share synchronization confirmation unit 622 of second share backup server device 600 checks the received second share version and terminal ID, and the first share version and terminal ID received from first share backup server device 500 . ID and , and whether or not they match is sent to the first share backup server device 500 (step S231).

Then, the share synchronization confirmation unit 522 of the first share backup server device 500 determines that the reception is completed (YES) when the information indicating the match is received, and sends a retransmission request when the information does not match (NO) under secret sharing management. It is transmitted to the device 200 (step S240). When a retransmission request is made ("NO" in step S240), share transmission unit 213 of secret sharing management device 200 returns control to step S210 in order to retransmit the first share and the second share. .

If the reception is complete ("YES" in step S240), table update unit 523 of first share backup server device 500 updates first share table 515 (step S250). Specifically, the table updating unit 523 stores the received terminal ID in the terminal ID 515A, stores an initial value “0” indicating validity in the invalidation 515B, stores the received version in the share version 515C, and processes the terminal ID 515A. The date and time at the point in time are stored in the update date and time 515D, and the received share is stored in the share binary data 515E.

If the reception is completed ("YES" in step S240), table update unit 623 of second share backup server device 600 updates second share table 615 (step S251). Specifically, the table updating unit 623 stores the received terminal ID in the terminal ID 615A, stores an initial value “0” indicating validity in the invalidation 615B, stores the received version in the share version 615C, and processes the terminal ID 615A. The date and time at the point in time are stored in the update date and time 615D, and the received share is stored in the share binary data 615E.

Then, table update unit 523 of first share backup server device 500 and table update unit 623 of second share backup server device 600 notify secret sharing management device 200 of update completion.

The share transmission unit 213 of the secret sharing management device 200 removes the data set that is the source of share generation from the secret sharing management device 200 by deleting the virtual area developed in the memory or the storage unit 220 (step S260).

The above is the flow of share generation processing. According to the share generation process, all data sets such as secret information generated on the virtual area of the secret sharing management device 200 are divided as shares by the (k, n) threshold method, and the first shares 222 of the storage unit 220 are divided. and stored as a second share 315 in the storage unit 310 . As such, the dataset can no longer be recovered without decrypting the shares. In addition, since the backup of the shares is stored on the server device, it is possible to avoid loss of the shares, which are the original data for restoring the data set, and to make restoration impossible even when the medium is lost.

FIG. 9 is a diagram illustrating an example of the flow of share table update processing. The share table update process is performed in steps S250 and S251 of the share generation process.

First, in the first share backup server device 500, when the share receiving unit 521 completes receiving the first share (step S300), the table updating unit 523 adds the received share to the first share table 515. (Step S310). The processing at this time is as described above in step S250.

Then, the table updating unit 523 reads a predetermined deletion condition (for example, deletes the version before the third generation), and deletes the entry of the share to be deleted from the first share table 515 (step S320).

Similarly, in the second share backup server device 600, when the share receiving section 621 completes receiving the second share (step S400), the table updating section 623 adds the received share to the second share table 615. (step S410). The processing at this time is as described above in step S251.

Then, the table update unit 623 reads a predetermined deletion condition (for example, deletes versions before the third generation), and deletes the entry of the share to be deleted from the second share table 615 (step S420).

The above is the flow of share table update processing. According to the share table update process, it is possible to store the latest share in the share table and delete the share of a version older than a predetermined value to avoid the share table from becoming too large.

FIG. 10 is a diagram illustrating an example of the flow of data set restoration processing. The data set restoration process is started when the secret sharing management device 200 is activated or when it returns from hibernation.

First, the share collection unit 214 acquires the first share 222 and its version information, and the second share 315 and its version information from the storage unit 220 and the storage unit 310, respectively (step S100).

Then, the share combining unit 212 confirms the version (step S110). Specifically, the share combining unit 212 determines whether or not the version information of the first share 222 and the second share 315 acquired in step S100 match.

If the version information matches ("YES" in step S110), the biometric information matching unit 215 performs user authentication (step S120). Specifically, the biometric information matching unit 215 instructs the biometric information acquisition unit 410 of the biometric information reading device 400 to acquire biometric information, and has a degree of matching with the biometric information template 221 of the storage unit 220 that is equal to or greater than a certain level. If so, use authentication is performed, and if not, use authentication is not performed.

If usage authentication has been performed ("YES" in step S120), share combining unit 212 decrypts using the first share and second share, restores the data set, stores it in memory or It is developed in the virtual storage area of the storage unit 220 (step S130). Then, the data set restoring process is terminated.

If usage authentication has not been performed ("NO" in step S120), share combining unit 212 determines that activation has failed (step S180). The share combining unit 212 performs processing such as displaying a message to the user to inform the operation staff. Then, the data set restoring process is terminated.

If the version information does not match ("NO" in step S110), share collection unit 214 confirms the communication connection between first share backup server device 500 and second share backup server device 600. (step S140). If the communication with any of the share backup server devices fails, the share combiner 212 determines that activation has failed (step S180). The share combining unit 212 performs processing such as displaying a message to the user to inform the operation staff. Then, the data set restoring process is terminated.

Then, the share collection unit 214 requests the first share backup server device 500 or the second share backup server device 600 to download shares (step S150). Specifically, among the first share 222 and the second share 315 acquired in step S100, the share collection unit 214 first requests download of the other share of the version corresponding to the share having the new version. to the second share backup server device 500 or the second share backup server device 600 . Here, if there is a shortage of shares, the share collection unit 214 sets the version of the existing share as a new version of the share, and transmits a download request for another share that matches that version.

Then, the share provision determination unit 525 of the first share backup server device 500 or the share provision determination unit 625 of the second share backup server device 600 determines whether or not the version of the share specified in the download request exists. An inquiry is made to the first share table 515 or the second share table 615 (steps S160, S170). If there is, the share provision determination unit 525 or the share provision determination unit 625 determines whether or not the terminal ID of the secret sharing management device 200 that requested the corresponding share has been revoked. If not revoked, share transmitting section 524 or share transmitting section 624 transmits to secret sharing management device 200 . If the share does not exist, or if the terminal ID has expired, the share transmission unit 524 or the share transmission unit 624 transmits a message to that effect to the secret sharing management device 200, and performs activation failure processing (step S180). ).

When a privileged user requests a share, the share provision determination unit 525 or the share provision determination unit 625 determines that the terminal ID of the secret sharing management device 200 that requested the share has been invalidated. Even so, the share transmission unit 524 or the share transmission unit 624 is caused to transmit the share to the secret sharing management device 200 or the privileged user terminal 700 .

The above is the flow of the data set restoration processing. According to the data set restoration process, first, shares can be obtained from the storage unit 220 of the secret sharing management device 200 and the storage unit 310 of the external storage medium to restore the data set. Even if an appropriate share cannot be obtained, the backed-up share can be obtained via network 150 to restore the data set. In addition, in the event of a loss or other incident, it is possible to restrict the download for restoring the data set. You can retrieve the shared shares and restore the dataset.

The above is the business system 1 according to the embodiment of the present invention. According to the business system 1, in the secret sharing management by the (k, n) threshold method, if more than (nk) shares are lost, the secret information can be safely used by the legitimate user. can

The invention is not restricted to the embodiments described above. Various modifications of the above embodiment are possible within the scope of the technical idea of the present invention. For example, in the above-described embodiments, an example of using predetermined biometric authentication as usage authentication is shown, but the present invention is not limited to this. For example, other password authentication such as one-time password may be used. Alternatively, an account registered in another information system such as SNS (Social Networking Service) may be used.

Also, the technical elements of the above-described embodiments may be applied singly, or may be applied after being divided into a plurality of parts such as program parts and hardware parts.

The present invention has been described above with a focus on the embodiments.

Reference Signs List 1 business system 100 user 150 network 200 secret sharing management device 210 control unit 211 share generation unit 212 share coupling Unit 213 Share transmission unit 214 Share collection unit 215 Biometric information matching unit 220 Storage unit 221 Biometric information template 222 First share , 230... communication unit, 240... input unit, 250... output unit, 300... external storage medium, 310... storage unit, 315... second share, 400... Biological information reader 410 Biological information acquisition unit 500 First share backup server device 600 Second share backup server device 700 Privileged user terminal

Claims (10)

A storage unit, a share reception unit, a table update unit, and a share transmission unit,
The share receiving unit receives secret sharing information and information specifying its version transmitted from a secret sharing management device that performs secret sharing management by a secret sharing method connected via a network,
The table update unit associates the secret sharing information and the information specifying the version and stores them in the storage unit;
The share transmission unit transmits, from the storage unit, the secret sharing information associated with information having a newer version among the secret sharing information to the secret sharing management device.
A server device characterized by: The server device according to claim 1,
The table updating unit stores information indicating the validity of the secret sharing information in association with each secret sharing information,
a share provision determination unit that determines whether or not to transmit the secret sharing information according to information indicating the validity of the secret sharing information when the share transmitting unit transmits the secret sharing information to the secret sharing management device;
A server device comprising: The server device according to claim 2,
When the share transmission unit transmits the secret sharing information to the secret sharing management device, the share provision determining unit determines whether the secret sharing information is not valid and the request is from a predetermined privileged user. transmits the secret sharing information;
A server device characterized by: A secret sharing management system including a server device and a secret sharing management device connected to the server device via a network,
The server device
A storage unit, a share reception unit, a table update unit, and a share transmission unit,
The share receiving unit receives information specifying the share and its version transmitted from the secret sharing management device,
The table updating unit associates and stores information specifying the share and the version in the storage unit;
The share transmission unit transmits from the storage unit to the secret sharing management device information associated with information of the new version among the shares,
The secret sharing management device
a share generation unit that divides a data set into a plurality of shares using a secret sharing method, generates information specifying a version, and stores each of the shares in a storage area of a different management unit;
a share transmission unit that transmits copies of the shares to the server device connected via a network;
a share collection unit that acquires shares stored in each of the storage area or the server device;
a share combining unit that performs a process of decoding the data set using the shares acquired by the share collection unit;
A secret sharing management system comprising: A secret sharing management system according to claim 4,
In the server device,
The table updating unit stores information indicating validity of the shares in association with each share,
a share provision determination unit that determines whether or not to transmit the share according to information indicating the validity of the share when the share transmission unit transmits the share to the secret sharing management device;
A secret sharing management system comprising: A secret sharing management system according to claim 5,
In the server device,
When the share transmission unit transmits the share to the secret sharing management device, if the share is not valid and the request is from a predetermined privileged user, the share provision determination unit determines that the share to send a
A secret sharing management system characterized by: a share generation unit that divides a data set into a plurality of shares using a secret sharing method and stores each of the shares in storage areas of different management units;
a share transmission unit that transmits copies of the shares to each of a plurality of predetermined backup servers connected via a network;
a share collection unit that obtains the shares stored by each from the storage area or the backup server;
a share combining unit that performs a process of decoding the data set using the shares acquired by the share collection unit;
A secret sharing management device comprising: The secret sharing management device according to claim 7,
a biometric information acquisition unit that acquires biometric information of a user;
A biometric information matching unit that performs biometric authentication using the biometric information,
The share combining unit decrypts the data set when authentication by the biometric information matching unit succeeds.
A secret sharing management device characterized by: The secret sharing management device according to claim 7,
The share generation unit uses a storage device of a connected predetermined smartphone as one of the storage areas,
A secret sharing management device characterized by: The secret sharing management device according to claim 7,
The share generation unit assigns version information to each share,
The share combiner uses the version information to identify shares with matching versions and decrypts the data set.
A secret sharing management device characterized by:

Images