JP3516591B2 - Data storage method and system and data storage processing recording medium - Google Patents

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a computer system including a computer that executes processing according to an application program and a storage device connected to the computer, and stores data processed by the application program in the storage device. BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a data storage method and system for writing and storing data, and a data storage processing recording medium, and particularly to a computer when an application program operating on the computer requests data read / write from / to a storage device. A data storage method and system for obtaining an encryption key of a user operating an application program from a key management computer connected via a network, and encrypting write data and decrypting read data using the encryption key. Arm and to a data storage process for the recording medium.

[0002]

2. Description of the Related Art Conventionally, in a computer system provided with a storage device such as a magnetic disk device, data processed by an application program operating inside the computer is stored in the storage device as it is. Therefore, the data stored on the storage device can be viewed and rewritten by the computer used to create the data, or by a computer on the network when the storage device is connected to the network. , There was a risk of confidentiality leakage and data modification.

Therefore, an operating system that manages a storage device is provided with an access control function of which user can read or rewrite data stored in the storage device,
There is a scheme that does not allow access from users who do not have access rights. However, since the storage device can be directly accessed without going through the operating system, the access control function cannot completely prevent snooping and alteration of data. Therefore, measures have been taken to prevent these fraudulent acts by encrypting the data stored in the storage device and attaching an electronic signature to detect that the data has been altered.

When encrypting or decrypting data, the data is divided into basic units of 8 bits or 64 bits and then encrypted / decrypted. However, as it is, the basic unit of the same content is encrypted into the same ciphertext, which becomes a clue to decipher the ciphertext.
Therefore, when encrypting the basic unit at a certain position in the data, some processing (for example, exclusive OR) is performed using the already-encrypted basic unit at the previous position, and then the encryption is performed. Turn into. By performing the chain processing of such basic units, it is possible to eliminate the clue of the decoding. In addition, when encrypting the basic unit at the beginning of the data, a chaining process is performed using separately prepared initialization data. The above cipher chaining process is described in, for example, "Cipher and Data Security" (written by DER Denning, translated by Tadahiro Uezono et al., Published by Baifukan).

[0005]

However, when the data is encrypted and stored, the data is temporarily stored in the storage device or the user explicitly specifies the data stored in the storage device. I was doing encryption. Similarly,
Even when decrypting encrypted data, the user explicitly designated decryption to decrypt the original data. Therefore, the user has to issue an instruction for data encryption / decryption one by one, and there is a problem that the operation is troublesome. In particular,
If you perform operations such as decrypting encrypted data once, modifying it, and then encrypting it again, you may forget the re-encryption operation.If you forget the re-encryption operation, Had a problem that it could not counter the snooping and alteration of the data in the storage device. Therefore, when data encryption / decryption is required, there is a need for a mechanism capable of performing encryption / decryption without a direct instruction from the user.

On the other hand, nowadays, computers as portable small terminals are widely used, and the situation where data processing is performed by operating the portable computer at any place is increasing. Therefore, for example, there is a situation in which confidential information is stored in a storage device attached to a portable computer in a company and the information is accessed outside the company. However, if such a portable computer is misplaced or stolen, there is a risk of leakage of confidential information. Therefore, if the data is encrypted and stored, the original data cannot be retrieved immediately. However, the encryption key used to encrypt the data is usually encrypted with a password entered by the user and stored in the same storage device as the encrypted data. The key can be taken out and the encrypted data can be decrypted. That is, even though the encryption key is encrypted in some form, storing the encrypted data and the encryption key in the same storage device poses a problem in protecting confidential data.

The present invention has been made to solve these problems, and a first object thereof is to save data from an application program without a direct instruction of encryption / decryption by a user. When a write request is made, the data is automatically encrypted and saved in the storage device, and when a data read request is made, the encrypted data saved in the storage device is automatically decrypted and the application program By passing it to the user, it is possible to prevent the data in the storage device from being intercepted and modified without any troublesome operation by the user, and the encrypted key necessary for encrypting / decrypting the data is stored in the encrypted data. Protecting encrypted data more strongly by retrieving from a key management computer different from the computer to which the storage device is connected To provide a data storage method and system, as well as preservation recording medium possible.

Further, in the case of automatically encrypting / decrypting in response to a write request and a read request from the application program as described above, the following problems occur.

The application program reads / writes data from an arbitrary position in the file. If a chain process of cipher basic units is performed when performing an automatic encryption method, when data is overwritten at a certain position in the file, the process of re-encrypting all the cipher basic units after that position will be performed. It becomes necessary and the time until the overwriting process ends becomes long.

In order to reduce the portion requiring such re-encryption processing, a method may be considered in which the file is separated by a record of a fixed length larger than the basic encryption unit and the initialization data is prepared for each record. There is. In this method, when data is overwritten at a certain position in the file, re-encryption processing is performed only up to the end of the overwritten record. By doing this,
The part that requires re-encryption can be limited.

However, by dividing the file into records of a fixed length, it is possible to reduce the re-encryption processing at the time of data overwriting, but it is not possible to easily determine how much the record length is good.

If the record length is long, the length of re-encryption processing required when the application program overwrites the data becomes large.

When the record length is short, the application program often accesses over a plurality of records when reading and writing data, and the initialization data of each record increases in number of times, resulting in processing time. Instead, it becomes an overhead.

Further, since the unit lengths for reading and writing are different for each application program, the optimum record length for one application program is not necessarily optimum for other application programs.

The present invention has been made to solve the above problems, and a second object thereof is to record the length of reading and writing and the position at which reading and writing are started for each application program, and this recording is performed. By using, to obtain the record size that minimizes the overhead time of re-encryption processing and preparation of initialization data at the time of overwriting, the data saving method that can shorten the processing time at the time of data overwriting and It is to provide a system and a recording medium for storage processing.

[0016]

In order to achieve the above object, the data storage method of the present invention intercepts a data read / write request to a storage device issued from an application program to an operating system, and when a write request is made, Obtains an encryption key for encrypting data from a key management computer connected to the network, encrypts the data with this encryption key and saves it in a storage device, and when a read request is made, it is encrypted from the storage device. It is characterized in that the encrypted data is read out, the key for decrypting the encrypted data is obtained from the key management computer, and the original data obtained by decrypting the encrypted data with this encryption key is passed to the application program. To do. Before issuing a request to the key management computer to send the encryption key, the user operating the application program is prompted to enter information for identifying the user, and the correctness of this information is checked by the user. After confirming on the computer where is operated, the user's key is sent from the key management computer, or the identification information entered by the user is sent to the key management computer, and the key management computer confirms the correctness of the received identification information. The feature is that the key management for each user is performed by sending back the encryption key of the user. Also, by specifying the file or directory that the user wants to automatically encrypt when saving the file in advance,
The feature is that encryption or decryption is performed only for a specified file or a file under a specified directory. When the operating system receives a data read / write request from an application program, it records the position of the data in the file and the data length, and after recording a sufficient number of data, rewrites each application program. The feature is that the record length that minimizes the overhead of the encryption process and the initialization data process is calculated, and the calculated record length is used in the subsequent encryption / decryption.

By such means, the data stored in the storage device can be automatically encrypted and decrypted automatically when the data is read, without the user explicitly instructing the encryption or decryption. Users are not forced to perform troublesome operations. Further, since the data to be stored in the storage device is automatically stored, the problem that the user forgets to encrypt the data does not occur. Further, since a directory representing a storage medium such as a floppy disk can be designated as the encrypted storage location, important information can be prevented from being copied and taken out. In addition, since the encrypted data and the encryption key are stored in a storage device that is physically separate from each other, even if the portable terminal that stores the encrypted confidential data is stolen, the risk of decryption is reduced. Is smaller than that when the data is stored in the same storage device. For example, if you store encrypted data in a mobile terminal, connect to the in-house LAN when you want to access the data in-house, and access the in-house network remotely from outside, use this mobile terminal. A user who illegally obtains is required to perform not only analogy of user identification information but also user authentication work at the time of remote access, so that the security is further enhanced. Also,
For each application program, the length of re-encryption in one overwrite request and the record length that minimizes the overhead of the initialization data generation process can be calculated, so the processing time for data overwrite can be calculated. The speed can be increased for each application program.

Further, the mechanism for intercepting the data read / write request from the application to the operating system does not require rewriting the existing application program or operating system when the operating system provides, It is possible to increase the security of data at a minimum cost without having to replace the hardware.

[0019]

BEST MODE FOR CARRYING OUT THE INVENTION Hereinafter, a detailed description will be given based on an embodiment of the present invention. FIG. 1 is a system configuration diagram showing an embodiment of the present invention. In the present embodiment, a case where data created by a user with an application program running on a terminal is encrypted with his / her own key received from a key management server (key management computer) and stored in a storage device connected to the terminal In this case, the encrypted data read out from the storage device is decrypted with its own key sent from the key management server and the plaintext data is passed to the application.

The system shown in FIG. 1 is roughly classified into a terminal 101 operated by a user 123, a storage device 111 connected to this terminal 101, and a key management server (key management server for managing keys for data encryption). Key management computer) 112
And a key database 121 storing keys for encryption.
And a network 122 connecting the terminal 101 and the key management server 112.

The terminal 101 is composed of a stationary or portable computer, and inside thereof,
User input unit 102, password encryption key generation unit 103,
File encryption key generation unit 104, encryption key / decryption unit 10
5, application program 106, file access hook unit 107, operating system 10
8, a storage device interface 109, a communication interface 110, a record size storage unit 124, and an access information storage unit 125, and the user 123 saves or reads the data file created by the application program 106 in the storage device 111. be able to.

The user input unit 102 is for allowing the user 123 to input a user name and a password according to an instruction from the file access hook unit 107. The password encryption key generation unit 103 is for generating an encryption key from the password input by the user 123.
The password encryption key is used to encrypt the authentication information of the user 123 and the encryption key used in the entire system and store the encrypted encryption key in the storage device 111. The file encryption key generation unit 104 randomly generates an encryption key used to encrypt a file stored in the storage device 111. Encryption / decryption unit 10
Reference numeral 5 is for actually encrypting / decrypting a file. The application program 106 for the user 123 to create a data file is software such as a word processor or a spreadsheet.

The file access hook unit 107 generally handles file interception of a file access request from the application program 106 to the storage device 111 and requesting a user key from the key management server 112. Is to manage. The operating system 108 operating on the terminal 101 includes a storage device interface 109, a communication interface 110, and a record size storage unit 12.
4. The storage device 1 manages the access information storage unit 125.
11 provides the application program 106 and the file access hook unit 107 with operating environments such as access to the network 11 and communication via the network 122.

The record size storage unit 124 is used to store the record size at the time of encryption / decryption for each application program.

The access information storage unit 125 is for storing a plurality of read / write start positions in the file and a plurality of read / write data lengths for each application program, and performs encryption / decryption. Used to calculate the record size at the time.

The storage device 111 has a user 123.
In addition to the file created by, the authentication token used for confirmation when the user 123 inputs the password and the system key used for encrypting the data by the system are encrypted and stored.

On the other hand, the key management server 112 includes a key management application program 113, a user input section 114,
Password encryption key generation unit 115, user key generation unit 11
6, an encryption / decryption unit 117, an operating system 118, a communication interface 119, and a storage device interface 120 are provided, and a user 123 of the terminal 101 generates information for using the present system and a user key. Has the function of managing.

Key management application program 113
Generates information to be distributed to the user 123 and the terminal 101.
Manages the entire cryptographic processing in the key management server 112, such as the processing of the user key request message from. The user input unit 114 is for causing the user 123 to input a user name and password according to an instruction from the key management application program 113 when the user 123 first generates a user key. The password encryption key generation unit 115 is for generating an encryption key from the password input by the user 123. User key generation unit 116
Is for randomly generating an encryption key for the user 123. The encryption / decryption unit 117 is used by the user 12
3 for encrypting the information to be distributed to 3 and for encrypting or decrypting the electronic message exchanged when the user 123 requests the user key.

The operating system 118 operating on the key management server 112 is the communication interface 11
9. The storage device interface 120 is managed, and an environment such as communication using the network 122 and access to the key database 121 is provided to the key management application program 113.

The key database 121 stores a system key for encrypting communication data exchanged between the terminal 101 and the key management server 112 using the network 122, and a key information record of the user 123. The key information record is, as shown in FIG.
1 and a user key 202.

(Creation of User Distribution Information) FIG. 3 is a flowchart showing a procedure for creating data to be distributed to the user 123 on the key management server 112 in order to use this system. First, a user name and password are input from the user input unit 114 (step 301). Next, the password encryption key generation unit 115 processes the password of the user 123 to generate a password encryption key. As the processing method, for example, a one-way function such as the MD5 algorithm is used (step 302). Then, the user key generation unit 116 randomly generates a user key (step 303). From the user key and user name obtained here, a key information record as shown in FIG. 2 is created and stored in the key database 121 (step 304). Note that FIG. 2 is an example of the key information record of the user A whose user name is “A”.

Next, an authentication token for verifying the correctness of the password entered by the user 123 is created (step 305). This is because the password input by the user is stored as data as it is because it is dangerous in terms of security, so the password is stored using cryptographic processing. In UNIX, for example, the data of "all 0" is encrypted and stored with the password of the user 123 as a key, and the same process is performed when the user 123 inputs the password later to perform the authentication work. In the present embodiment, all 6-byte data of "0" is encrypted with the password encryption key to generate the authentication token as shown in FIG. In FIG. 4, 401 is a user name (here, user A) indicating the owner of this authentication token, and 402 is a data value after encryption processing.

Next, in this system, the network 122
The system key used to encrypt the data flowing above is also encrypted with the password encryption key (step 3).
06). By using the password encryption key, the user 123
Only someone who knows the password can get the correct system key. The system key is created in the key management server 112 at the start of system operation. Finally, the authentication token and the encrypted system key are copied to a floppy disk or the like, and the user 123
(Step 307). The user 123 copies the received information to the storage device 111 connected to the terminal 101 operated by the user 123 and uses it.

(File Encryption) FIG.
3 is a flowchart showing a procedure for encrypting data created on the terminal 101 by the user 3 (here, user A) and storing the encrypted data in the storage device 111. This procedure starts when the user A tries to save the data created by the application program 106 in the storage device 111. First, when the application program 106 issues a file save request to the operating system 108, before the operating system 108 processes the request,
The file saving request is sent to the file access hook unit 10
7 receives (step 501).

Subsequently, in order to encrypt and save the file requested to be saved, the management server 11 operates as follows.
Get the user key from 2. First, the user name and password of the user A who was operating the application program 106 is input to the user A from the user input unit 102 (step 502) . Next, the password encryption key generation unit 103 generates a password encryption key from the input password (step 503).

The terminal 101 performs the same processing as the generation of the authentication token in the management server 112 to verify whether the input password is correct, and verifies whether it matches the authentication token read from the storage device 111 (step 504). If they do not match, the user name and password are repeated. If they match, proceed to the next step.

Next, the encrypted system key is read from the storage device 111, and the system key is decrypted using the password encryption key (steps 505 and 506). In addition,
The authentication token and the encrypted system key read from the storage device 111 are generated in the key management server 112 in advance.

Next, a message is exchanged with the key management server 112 and the user key is obtained. Note that the terminal 101
The format of the message exchanged between the key management server 112 and the key management server 112 is as shown in FIG. In FIG. 6, reference numeral 601 denotes a header portion for distinguishing messages, and if it is “0”, the terminal 101 indicates the key management server 1
12 is a user key request message requesting a user key, and "1" is a user key reply message indicating a reply from the key management server 112. Reference numeral 602 denotes a data body included in the message, the content of which differs depending on the type of the message. 603 is
It is an electronic signature of the header part 601 and the data part 602 using the system key.

In order to obtain the user key from the key management server 112, the terminal 101 creates a user key request message (step 507). The information sent from the terminal 101 to the key management server 112 is a user name and challenge data. The challenge data is an integer that is randomly selected each time a user key request message is created. It is a rule that response data that has been subjected to a predetermined process (for example, 1 is added) by the key management server 112 is included in the user key reply message. By setting, the user can confirm that the reply message received is a reply to the request message issued immediately before. First, data including a user name 701 and challenge data 702 as shown in FIG. 7 is configured and encrypted with a system key. Next, as shown in FIG. 8, the header part 801 has a value "0" indicating that the message is a user key request message, and the data part 802 has a digital signature 803 of data including information obtained by encrypting the user name and challenge data. A user key request message composed of and is generated. Then, the generated user key request message is sent to the key management server 112, and a reply message is waited for. After that, the key management server 112 processes the user key request message, creates a user key reply message, and sends it back to the terminal 101 (step 50).
8) The details of this procedure will be described later with reference to FIG.

When the terminal 101 receives the returned user key reply message (step 509), first, the electronic signature included in the reply message is checked to see if there was any alteration during the transfer (step 510). .
If it is found that the message has been modified, the application program 1 that issued the file save command
06 is notified of the storage failure, and the process ends (step 52).
1). If there is no modification, proceed to the next step. Since the data part of the user key response message is encrypted with the system key, it is decrypted with the system key (step 511).

By the way, in the user key reply message,
There are two types, one containing a user key and one not containing a user key because some error occurred in the key management server 112, and the contents of the data part of the reply message are different. The contents of the data part before being encrypted are as shown in FIG. 9 or FIG. FIG. 9 shows the contents when the user key is returned, and includes a user name 901, response data 902, a value “0” 903 indicating that the user key is included, and a user key 904. Figure 10
Is the content when the user key is not returned due to some error. The user name 1001 and the response data 10
02, the value "1" indicating that some error occurred 1
003 is included. Here, 1003 may include any value other than “0” to indicate a specific type of error. The response data included in the user key response message is assumed to be the value of the challenge data included in the user key request message plus "1".

After decrypting the data part of the user key response message, the terminal 101 inspects the presence or absence of the user key (step 512). If the file does not include the user key, the file cannot be encrypted and saved, so the application program 106 is notified of the failure in saving (step 521) and the process ends. If the user key is included, the procedure actually proceeds to encrypt the file.

If writing to a new file, a file encryption key and file initialization data are randomly generated (step 519). Then, after encrypting the file encryption key with the user key, the encrypted file encryption key and the file initialization data are saved as the header of the new file (step 520), and the process proceeds to the next step. The file encryption key is used to generate an encryption key prepared for each record obtained by dividing a file. File initialization data is used to generate initialization data for each record.

If writing to an existing file,
The encrypted file encryption key and file initialization data are read from the header of the file to be written (step 514). Then, the encrypted file encryption key is decrypted with the user key to obtain the file encryption key (step 5).
15). Next, the data requested to be written is encrypted (step 516). Details of the encryption procedure will be described with reference to FIG.

The encrypted data obtained as described above is written in a position in the encrypted file corresponding to the write request of the application program 106. Then, the encrypted file encryption key is 1101, the file initialization data is 1102, the encrypted file body is 1103, and the signature generated using the user key is 1104 as shown in FIG. The encrypted file 1100 is created and stored in the storage device 111. Therefore, in the storage device 111, the encrypted file body 1103 obtained by encrypting the file generated by the application program 106, the data 1101 obtained by encrypting the file encryption key, the file initialization data 1102, and the signature 1
104 will be added and stored.

Finally, the end of saving is notified to the application program 106 that issued the file saving request (step 518), and this procedure is ended.

(Decryption of File) FIG.
Encrypted data stored in the storage device 111 by the terminal 1
12 is a flowchart showing a procedure for reading by the application program 106 operating on 01. This procedure starts when the user A tries to read the data previously encrypted and stored in the storage device 111 into the application program 106. When the application program 106 issues a file read request to the operating system 108, the file read request file access hook unit 107 receives the file read request before the operating system 108 processes the request (step 1201). File access hook unit 10
7 instructs the operating system 108 to read the file specified by the read request, and reads the encrypted file from the storage device 111 via the storage device interface 109 (step 1
202).

Next, in order to decrypt the read file, the user authentication is performed by the same procedure as when encrypting the file, and the user key is obtained from the key management server 112. Steps 1203 to 1213 corresponding to the procedure for obtaining the user key are steps 502 to 502 in FIG.
It is exactly the same as 512. At this time, the key management server 11
If the alteration of the user key reply message from 2 is detected (step 1211), or if the user key cannot be obtained (step 1213), the read file cannot be decrypted, so the reading fails. Is notified to the application program 106 (step 1219) and this procedure is ended (step 12).
18). Only when the user key can be obtained, the encrypted file is decrypted as follows. Here, the file to be read has a format as shown in FIG. 11, 1101 is a file encryption key encrypted with a user key, 1102 is file initialization data, 1103
Is an encrypted file body, and 1104 is an electronic signature by a user key of these three data 1101 to 1103.

In FIG. 12, when the user key is included, whether the encrypted file has not been modified or the signature 11
04 is confirmed (step 1214). If it is found that the file has been modified, the file read failure is notified to the application program 106 (step 1219), and this procedure ends.

If the file has not been modified, the encrypted file encryption key 1101 and the file initialization data 1102 are read from the encrypted file (step 121).
5).

Next, the encrypted file encryption key 1101 is decrypted using the user key obtained from the key management server 112 to obtain the original file encryption key (step 1216).

Next, the encrypted file body 1
The encrypted data corresponding to the request of the application program 106 is read from 103 and decrypted using the file encryption key obtained by decryption (step 1217) . Details of the decoding procedure will be described with reference to FIG.

Finally, the decrypted data is passed to the application program 106 (step 1218).
This procedure ends.

(Processing of Key Management Application Program) FIG. 13 is a flowchart showing a procedure when the key management application program 113 operating on the key management server 112 processes a user key request of the user A from the terminal 101. is there. This procedure starts upon receiving a user key request message from the file access hook unit 107. The user key request message received by the key management application program 113 has a format configuration as shown in FIG. Upon receiving the user key request message from the terminal 101 (step 1301), the key management application program 113 first reads the system key stored in advance in the key database 121 to check whether the message has been modified (step 1302). ), The electronic signature in the request message is confirmed (step 1303). If there is a change, the operation of extracting the user key described below from the key database 121 is not performed.

In order to retrieve the user key from the key database 121, first, the encryption / decryption unit 117 decrypts the user key request message with the system key, and retrieves the user name 701 and the challenge data 702 shown in FIG. (Step 1304). Next, the key information record including the user name obtained here is retrieved from the key database 121. If you can find the key info record as shown in Figure 2,
The user key 202 is taken out (step 1305).

After the alteration inspection of the user key request message and the retrieval of the user key are completed as described above, the terminal 1
A user key reply message for replying to 01 is created (step 1306). Here, the response data included in the reply message is a value obtained by adding "1" to the challenge data included in the request message, but the contents included in the data part of the reply message depending on whether the user key can be obtained. Will change.

[0057] When obtaining the user key, <br/> I shown in FIG. 9 urchin username 901, response data 902, a value "0" indicating that it contains user key 903, a user key 9
The data composed of 04 is encrypted by using the system key on the encryption / decryption unit 117 and is included in the data part of the user key response message. If the user key cannot be obtained, as shown in FIG.
1, the response data 1002, and the data consisting of the value "1" indicating that the user key is not included are encrypted using the system key on the encryption / decryption unit 117, and are used as the data part of the user key response message. include. The signature part of the user key reply message is a signature created by using the system key with data including the header part having the value "1" indicating the user key reply message and the data part created as described above. Include.

The user key reply message created as described above is sent to the terminal 101 (step 1307) and this procedure ends.

(Detailed Encryption Procedure) FIG. 14 is a flowchart showing a detailed procedure for encrypting the data for which a write request is issued from the application program 106. This procedure starts when the file encryption key, the file initialization data, and the write request data are prepared.

FIG. 15 shows a write request from the application. 1501 is a writing start position, and 1502
Is the length of write data, and 1503 is write data. In the write request of FIG. 15, position 1 in the file
It is requested to write 1503 write data between 800 and 2799.

In FIG. 14, first, the record length corresponding to the application program which issued the write request is read from the record size storage section (step 14).
01).

As shown in FIG. 16, the record size storage unit 124 stores a record size 1602 for each of various application programs 1601 such as a spreadsheet program and a word processing program. If the corresponding record length is not recorded, the default length recorded at the end of the record size storage unit 124 is read. Here, as the length corresponding to the application program that issued the write request, "51
2 ”is to be read.

If the record size is not recorded in the record size storage unit 124, the write request position 1501 in the file and the write data length 1502 included in the write request from the application program are set to this application. It is saved in the access information storage unit 125 for the program (step 140).
3).

As shown in FIG. 17, the access information storage unit 125 records the start position 1701 and the write data length 1702 for each application program each time there is a write or read request, and stores a plurality of them. be able to. FIG. 17 shows a state in which the write request of FIG. 15 is stored in the access information storage unit 125. The data recorded here is used to obtain the record length when encryption is performed after a certain period of time.

Next, the start position of the write request is divided by the record length, and the quotient is used as a record index value indicating which record of the file is to be written (step 1404). If it is a write that spans multiple records, calculate for all records. When the record index is obtained from the write request shown in FIG. 15, the quotient obtained by dividing the write start position “1800” by the record length “512” is 3, and the quotient obtained by dividing the write end position 2799 by 512 is 5. The index values are "3", "4", and "5".

Then, the record encryption key for the record of the writing destination is calculated using the index value of the record and the file encryption key (step 1405). if,
If it is necessary to make a write request from the beginning of the record, the initialization data for the record is obtained from the file initialization data and the record index value. As a method of calculating these, for example, a method of connecting two data and performing an operation by a hash function can be considered. In the case of the write request of FIG. 15, the record 5 starts from the middle of the record 3.
"Record 3" because it is a write request up to the middle of
Calculation of the record encryption key of, and "record 4",
The record encryption key of "5" and the initialization data are calculated.

Next, it is checked whether the data to be written is an overwrite of the data already stored in the file (step 1406). If it is not overwritten here, the write data is copied to the encryption buffer and the process proceeds to the encryption step (step 1411).

If it is overwriting, the part required for the cipher chaining process and the part required for re-encryption at the write start position are read from the file into the encryption buffer (step 14).
07). The part necessary for the cipher chaining process is the ciphertext used in the chaining process when encrypting the data at the writing start position, and is the ciphertext immediately before the writing start position, and its length is the ciphertext of the cipher chaining process. It depends on the method. If the write start position is at the beginning of the record, the record initialization data is used as the part required for the cipher chaining process, and therefore the part immediately before the write start position need not be read from the file. Assuming that the length required for the cipher chaining process in this embodiment is "8", the part required for the cipher chaining process in the write request of FIG. 15 is the position "179" in the file.
It is a ciphertext from "2" to "1799". Further, the part requiring re-encryption is a part in which the cipher chaining process needs to be redone by overwriting data, and is from immediately after the write end position to the end of the record including the write end position. The part of the write request in FIG. 15 that needs re-encryption is from “2800” immediately after the write end position in the file to the last position “3071” of “record 5” including this write end position.
FIG. 18 shows a part necessary for cipher chaining and a part requiring re-encryption in the file.

Subsequently, the portion of the encryption buffer that needs re-encryption is decrypted using the corresponding record encryption key (step 1408). In the write request of FIG. 15, decryption is performed using the record encryption key of “record 5”. Then, the write request data is connected to the decrypted data for re-encryption and is written in the encryption buffer (step 1409).

Finally, when the data to be encrypted is prepared in the encryption buffer, the encryption key for the record corresponding to the data and the data necessary for the encryption chain processing read from the file and the initialization data are used. After encryption (step 1410), this procedure ends.

(Detailed Decoding Procedure) FIG. 19 is a flowchart showing a detailed procedure for reading and decoding the data requested to be read from the application program. This procedure starts when the file encryption key and the file initialization data are prepared.

FIG. 20 shows a read request from the application. 2001 is the read start position, 2002
Is the length of the read data.

In FIG. 19, first, similarly to the case of the write request, the record length corresponding to the application program which issued the read request is read from the record size storage section (step 1901). If there is no corresponding record length, the default value is read (step 1902), the read start position 2001 and its length 2
002 is recorded in the access information storage unit 125 for this application program (step 1903). The calculation of the record index, the encryption key for the record, and the initialization data are performed in the same manner as the write request (steps 1904, 1905).

Then, the record corresponding to the read request is read from the file, decrypted using the record encryption key and the initialization data (step 1906), and this procedure ends.

(Calculation of Record Length) FIG. 21 is a flowchart showing the detailed procedure for calculating the record length. This procedure starts when the number of pieces of access information recorded in the access information storage unit 125 exceeds a certain number (for example, 100) in a certain application program.
Here, the record length is set to a power of 2.
This is because the file access unit of the application program and the operating system, and the physical recording unit on the storage device often use a power of 2 for the sake of simplicity of processing. Before starting this procedure, the encryption speed, the decryption speed, the time required to generate the encryption key for the record, and the time required to generate the initialization data are obtained.

In FIG. 21, first, the average value of the access length recorded in the access information storage unit 125 is obtained (step 2102). Here, as the average access length, “14
Assume that 0'bytes have been obtained. Next, the smallest power of 2 that exceeds the average access length is obtained (step 2102). In this example, it is “256”.

Next, if the record length is 1, 2, 4,
, And the power of 2, the following procedure is performed to obtain the average write overhead time in each case (step 2103). The upper limit of the provisional record length is the smallest power of 2 that exceeds the average access length obtained in the previous procedure. In this example, it is "256".

The calculation performed for each temporary record length is as follows. First, the average length required for re-encryption processing at the time of writing and the average number of times the record encryption key and initialization data are calculated per access are obtained. The length required for the re-encryption processing is the portion shown in FIG. The average re-encryption processing length is
It is an average value of the values obtained by the formula shown in "Equation 1" for each access length.

[0079]

[Equation 1]

The average number of calculations is the average value of the values obtained by the formula shown in "Equation 2" for each set of access position and access length. Incidentally, the "number 1", the meaning of symbols used in the "number 2" is as shown in FIG. 22. Also, "L%
“R” means “remainder of L / R”.

[0081]

[Equation 2]

Next, the average re-encryption processing length and the average number of calculations obtained as described above, the encryption processing speed, the decryption processing speed, the time required to generate the record encryption key, and the initialization data are generated. "Number 1", "Number 2" from the time it takes
The average write overhead time when the tentative record length used in the calculation of is used can be obtained using the formula shown in "Equation 3".

[0083]

[Equation 3]

Here, the (average re-encryption processing length) / (decryption speed) in "Equation 3" is the average time taken to decrypt the portion that needs re-encryption processing read from the file. Is. Further, (average re-encryption processing length) / (encryption speed) is an average of the time required to encrypt the portion that requires re-encryption processing. Also, {...} × (average number of calculations) is the average of the time taken to calculate the record key prepared for each record and the initialization data. These 3
The sum of the two expressions gives the average write overhead time.

Of the average write overhead time thus obtained for each temporary record length, the temporary record length giving the minimum value is selected (step 210).
4). This is the record length that minimizes the write overhead. Finally, the record size storage unit 1 is formed by combining the application program and the selected record length.
24 (step 2105).

As described above, in the present embodiment, the data read / write request to the storage device 111 issued from the application program 106 of the terminal 101 to the operating system 108 is intercepted, and the data is encrypted at the time of the write request. An encryption key for performing the operation is received from the key management server 112 connected via the network 122, the data is encrypted with this encryption key, and the storage device 11
1 and stores the data in the storage device 11 when a read request is made.
The encrypted data is read from 1, the key for decrypting this encrypted data is obtained from the key management server 112, and the original data obtained by decrypting the encrypted data with this encryption key is passed to the application program 106. Therefore, the data stored in the storage device 111 can be automatically encrypted and decrypted automatically when the data is read out without the user explicitly instructing the encryption or decryption, forcing the user to perform a troublesome operation. The effect of never happening is obtained. Further, since the data to be stored in the storage device 111 is automatically stored, there is no problem that the user forgets to encrypt the data.

Before issuing a request to the key management server 1112 to send the encryption key, the user operating the application program 106 is prompted to enter information for identifying the user, and this information After confirming the correctness on the terminal 101 operated by the user, the user's key is retrieved from the key management server 112, or the identification information input by the user is sent to the key management server 112, and the identification received by the key management server 112. Since the encryption key of the user is sent back after confirming the correctness of the information, even if the portable terminal that stores the encrypted confidential data is stolen, the risk of decryption is reduced. The data becomes smaller as compared with the case where the data is stored in the same storage device, and the confidentiality of the data can be further enhanced. For example, if you want to store encrypted data in a mobile device and want to access that data in-house,
By connecting to N and remotely accessing the company network from outside, the user who illegally obtained this mobile terminal not only guesses the identification information of the user but also the user at the time of remote access. Since it is necessary to perform certification work as well, safety is higher. In addition, you can configure your mobile device to connect to the same network as the key management server so that you can edit and browse important data.
Since the key management server does not exist outside the company, the data can be configured to be inaccessible and the security can be enhanced.

Furthermore, the application program 10
When the operating system 108 provides a mechanism for intercepting a data read / write request from the operating system 108 to the operating system 108,
It is not necessary to rewrite an existing application program or operating system, and there is no need to replace new hardware, and it is possible to enhance data security at a minimum cost.

Further, a method of recording a user-specific encryption key in the IC card and managing the encryption key by each user is conceivable. However, the loss of the IC card itself makes it impossible to decrypt the data. Since it is necessary to add a read / write mechanism for the IC card to the terminal 101, the cost is disadvantageous. However, by obtaining the encryption key from the key management server 112 as in the present embodiment, there is an advantage that even a terminal that does not have an IC card read / write mechanism can be used.

In this embodiment, when encrypting a file, the file encryption key is generated each time without using the user key as it is, but the file itself may be directly encrypted with the user key.

Also, every time a file is saved or read, the user is prompted to enter the user name and password. However, this information is temporarily saved in the memory of the terminal 101, and the next file saving, At the time of reading, the key management request is generated using the temporarily stored user name and password, so that the user's input operation can be further simplified.

Furthermore, the user key itself that has been obtained is temporarily stored in the memory and reused later,
Communication between the terminal 101 and the key management server 112 can be eliminated, communication overhead can be eliminated, processing speed can be increased, and traffic on the network 122 can be reduced.

Further, when the user saves the file in advance, the user can automatically specify the file or the directory that he wants to be encrypted, so that only the specified file or the files under the specified directory can be It can perform encryption and decryption. This allows
You can also specify a directory that represents a storage medium such as a floppy disk as the encrypted storage location.
It is also possible to prevent important information from being copied and brought out.

Furthermore, the terminal 101 and the key management server 1
Each functional part that realizes the function described in the embodiment in 12 is specifically configured by a processing program that realizes an equivalent function, and these processing programs are stored in a storage medium such as a CDROM. Or through communication media such as the Internet.

Further, in the present embodiment, the encryption key and the initialization data are calculated for each record, but the file encryption key and the file initialization data may be used as they are in order to increase the read / write speed. . In this case, the security of the encrypted file is slightly lost as compared with the present embodiment. It is also necessary to change the method of calculating the record length.

In order to determine the record length, it is possible to use not only the access length of the application, but also a cache unit for file access by the operating system and a data recording unit (for example, sector length) on the storage device.

Further, when the record length is obtained, the average write time is obtained by using both the read and write access records, but the read and write may be strictly discriminated. To this end, a column for distinguishing between reading and writing may be provided in the access information storage unit.

[0098] In addition, the record length is not only when the record length for an application program has not been determined,
For example, it may be calculated periodically, such as once a week.

If the record length is found to be different from the record length used until then, the existing file may be re-encrypted.

Further, by providing an area for storing the record length in the encrypted file, the record length when the file is encrypted can be stored and stored. In this way, when the optimum record length for the application program changes, it is possible to easily re-encrypt the existing encrypted file using the new record length value.

[0101]

As described above, according to the present invention, data to be stored in a storage device is automatically encrypted without being explicitly instructed by the user to be encrypted or decrypted, and automatically when read. It is possible to obtain the effect that decryption is possible and the user is not forced to perform a troublesome operation. Further, since the data to be stored in the storage device is automatically stored, the problem that the user forgets to encrypt the data does not occur.

Further, since the encryption key for each user is obtained from the key management computer, even if the portable terminal storing the encrypted confidential data is stolen, the risk of decryption is The data is smaller than that stored in the same storage device, and the confidentiality of the data can be further improved.

Further, as compared with the method of recording the encryption key unique to the user in the IC card and managing the encryption key by each user himself / herself, it is possible to use even a terminal having no IC card read / write mechanism. The effect is that you can do it.

Further, since the overhead of re-encryption processing at the time of data overwriting and initialization data generation processing, which is a problem in automatic encryption / decryption, can be minimized, such optimization is not performed. The data overwrite processing can be speeded up compared to the case.

[Brief description of drawings]

FIG. 1 is a system configuration diagram showing an embodiment of a computer system to which the present invention is applied.

FIG. 2 is a configuration diagram of a key information record distributed to a user.

FIG. 3 is a flowchart showing a procedure for creating user distribution information.

FIG. 4 is a configuration diagram of an authentication token.

FIG. 5 is a flowchart showing a file encryption procedure.

FIG. 6 is a format configuration diagram of a message transmitted and received between a terminal and a key management server.

FIG. 7 is a diagram showing original contents included in a user key request message data section.

FIG. 8 is a configuration diagram of a user key request message.

FIG. 9 is a diagram showing original contents (with a user key) included in a user key response message data section.

FIG. 10 is a diagram showing original contents (without a user key) included in a user key response message data section.

FIG. 11 is a configuration diagram of an encrypted file stored in a storage device.

FIG. 12 is a flowchart showing a file decoding procedure.

FIG. 13 is a flowchart showing a processing procedure of a key management application.

FIG. 14 is a flowchart showing a detailed encryption procedure.

FIG. 15 is a configuration diagram of a write request from an application program.

FIG. 16 is a diagram illustrating a record size storage unit.

FIG. 17 is a diagram illustrating an access information storage unit.

FIG. 18 is a diagram showing a range overwritten on a file by execution of a write request and a range required for re-encryption processing.

FIG. 19 is a flowchart showing a detailed decoding procedure.

FIG. 20 is a configuration diagram of a read request from an application program.

FIG. 21 is a flowchart showing a procedure for obtaining a record length.

FIG. 22 is an explanatory diagram of symbols used in a calculation formula.

[Explanation of symbols]

101 ... Terminal, 102 ... User input section, 103 ... Password encryption key generating section, 104 ... File encryption key generating section, 1
05 ... encryption / decryption unit, 106 ... application,
107 ... File access hook unit, 108 ... Operating system, 109 ... Storage device interface, 110 ... Communication interface, 111 ... Storage device, 112 ... Key management server, 113 ... Key management application, 114 ... User input unit, 115 ... Password encryption key generation unit, 116 ... User key generation unit, 117 ... Encryption / decryption unit, 118 ... Operating system, 11
9 ... Communication interface, 120 ... Storage device interface, 121 ... Key database, 122 ... Network, 123 ... User, 124 ... Record size storage unit, 125 ... Access information storage unit.

─────────────────────────────────────────────────── ─── Continuation of the front page (72) Inventor Yoshiki Samejima 6-81, Onoue-cho, Naka-ku, Yokohama-shi, Kanagawa Hitachi Software Engineering Co., Ltd. (56) Reference JP-A-61-177479 (JP, A) Kaihei 9-179768 (JP, A) JP-A-6-348576 (JP, A) (58) Fields investigated (Int.Cl. ⁷ , DB name) G06F 12/14 G09C 1/00 H04L 9/00

Claims (2)

(57) [Claims] 1. An application comprising: a storage device; and a computer having a file hook means for intercepting a data read / write request from the application program to the storage device, the computer executing a process according to the application program. In a data storage method of writing and storing data processed by a program in the storage device, in response to a data write request from the application program, the write request is intercepted by the file hook means, and the operation of the computer is performed. Before the writing system writes the data to be written in the storage device, the encryption key is obtained from the key management computer connected to the computer via the network, and the encryption key data is generated inside the computer. Create an encrypted encrypted encryption key data by the encryption key,
Applique write target data from the application program by further said internal generation of the encryption key data
Partition into preset record lengths for each partition program
Create an encrypted encrypted data body I, by adding the encrypted encryption key data to this encryption data body written into the storage device, for the read request from the application program, the read request Is intercepted by the file hook means, and before the read data is transferred to the application program, the operating system is caused to read the encrypted data body and the encrypted encryption key data from the storage device, and then, via the network. Obtains an encryption key from the key management computer, decrypts the encrypted encryption key data with the encryption key, decrypts the encrypted data body using the decrypted encryption key data, and reads the decrypted data body Transferring to the requesting application program How to save data. 2. Access information at the time of file access by the application program is recorded, a temporary record length exceeding an average access length calculated based on the access information is set, and an overhead time is calculated for each temporary record length. 2. The data storage method according to claim 1, wherein the record length has the smallest calculation result.