JP4645302B2 - Customer management device and program - Google Patents

Description

The present invention relates to a customer management apparatus and program for encrypting and electronically using an electronic file in which customer information is described.

  Conventionally, the encryption key length used for protecting a file describing customer information is generally set in advance by a system, a security policy, or the like. For example, when browsing customer information using the International version of Microsoft Internet Explorer 4.x, three types of RSA ciphers of 512, 768, and 1024 bits are used as public key ciphers.

In addition, since the protection level required by the copyright holder differs depending on the data or the copyright holder, data protection was performed at the protection level requested by the copyright holder for the data or each data copyright holder. A technique for distributing content data has been proposed (see Patent Document 1).
JP 2003-78751 A

  However, the above-described method causes a problem when a strength of 1024 bits or more is required, for example, when a large number of credit card numbers are included in a file describing customer information. In addition, even when the protection is relatively low and simple customer information management is sufficient, the processing time cannot be shortened by performing encryption easier than 512 bits. Furthermore, since the above method uses a fixed key length for every 256 bits, excessive protection and underprotection are applied to the file describing the customer information, and a decryption time longer than necessary for decryption of the encrypted file is required. In other words, there arises a problem such as difficulty in browsing the encrypted file using a low-capacity device such as a PDA (Personal Digital Assistant).

Therefore, the present invention has been made in view of the above problems, and an object of the present invention is to provide a customer management apparatus and program capable of reducing the calculation cost required for encryption / decryption processing.

In order to solve the above-mentioned problems, the customer management device of the present invention is defined by a security means and storage means for storing an electronic file in which a plurality of records are recorded for customer information composed of one or more items. Value storage means for storing the estimated value for each item of the customer information, and referring to the contents of the value storage means, based on the type of information held in each item of the customer information A calculation means for calculating the value of the electronic file by adding the estimated value and multiplying the number of customers determined by the number of customer records included in the electronic file, and the electronic file calculated by the calculation means It was calculated based on the value, determining the length of the encryption key used to encrypt the electronic file, as a protective strength to be applied to the electronic file Determining means. According to the present invention, based on the number of customer records in the file describing the customer information and the type of information described in the customer record, the value of the customer information is accurately estimated, so that the electronic information describing the customer information Set the file protection strength appropriately and optimize the calculation time and amount required for encryption and decryption. Thereby, it is possible to delete the calculation cost required for the encryption / decryption processing performed for keeping confidential customer information. Therefore, it is possible to provide a user-friendly customer information use environment with a protection function.

The customer information includes at least one of a customer's name, date of birth, address, telephone number, purchase information by the customer, payment status, and credit card number owned by the customer.

  The determination means includes at least one of an electronic file protection period, electronic file distribution route information, device information of an information terminal using the electronic file, profile information of a user using the electronic file, and a combination thereof. Is reflected in the determination of the protection strength applied to the electronic file. Thereby, the protection strength applied to the electronic file can be determined according to the value of the file.

The customer management apparatus according to the present invention further includes a generating unit that generates an electronic ticket for the terminal that receives the electronic file. Thereby, the security applied to the electronic file can be realized by using the electronic ticket method.

  The customer management apparatus according to the present invention is characterized by using a tamper resistant technology in order to realize a protection strength applied to the electronic file. Thereby, the security applied to the electronic file can be realized. The customer management apparatus according to the present invention further includes a certifying unit that proves the user's qualification for using customer information by using at least one of an electronic certificate, a smart card, and an IC card. Thereby, the user's customer information use qualification can be proved. The customer management device according to the present invention further includes a restricting means for restricting a use range of the customer information in the electronic file based on a qualification possessed by the user.

The program of the present invention stores the value of an electronic file in which a plurality of records are written for customer information composed of one or more items, and the estimated value for each item of the customer information defined by security guidelines Referring to the contents of the value storage means, the estimated value of the customer information is added based on the type of information held in each item of the customer information, and determined by the number of customer records included in the electronic file by multiplying the number of customers to be a calculating step of calculating for was calculated based on the value of the electronic file, the length of the encryption key used to encrypt the electronic file, performed on the electronic file protection A determination step of determining the intensity ; According to the present invention, based on the number of customer records in the file describing the customer information and the type of information described in the customer record, the value of the customer information is accurately estimated, so that the electronic information describing the customer information Set the file protection strength appropriately and optimize the calculation time and amount required for encryption and decryption. Thereby, the calculation cost required for the encryption / decryption processing performed for keeping confidential customer information can be reduced. Therefore, it is possible to provide a user-friendly customer information use environment with a protection function.

ADVANTAGE OF THE INVENTION According to this invention, the customer management apparatus and program which can reduce the calculation cost required for encryption / decryption processing can be provided.

  Hereinafter, the best mode for carrying out the present invention will be described. In this embodiment, the present invention is used in a customer information management system.

  Details of the customer information management system configuration of the present embodiment will be described. FIG. 1 gives a relationship between a person, a server, etc. involved in distribution / browsing of an electronic file (confidential file) in which customer information as confidential information is described. FIG. 2 is a block diagram for realizing an embodiment according to the present invention. In this embodiment, a user B who is a sales person of company A downloads an electronic file describing customer information from a customer information management server 30 to a user terminal 20 used by user B through an in-house LAN (Local Area Network). An example of browsing this electronic file for sales activities will be described. The user terminal 20 may be a desktop PC or a PDA, for example.

  When the user terminal 20 is a desktop PC, it is installed in the office of company A, and there is no risk of information leakage due to theft of the PC. On the other hand, when the user terminal 20 is a PDA, use outside the company is assumed. For this reason, in view of the risk of theft and loss, restrictions are placed on the contents of customer information downloaded to the PDA.

  The electronic file is stored on a disk in the customer information management server 30 owned by the company A, and customer information of millions of people is described in the electronic file body in the customer information management server 30. If this customer information is leaked, there will be a situation that the social credibility of Company A will be greatly lost, and there will be a concern that a large amount of damages will be caused. For this reason, it is assumed that the electronic file body describing the customer information in the customer information management server 30 is encrypted using the RSA encryption 2048 bit key used for the highest level of security protection.

  As shown in FIG. 2, the user terminal 20 includes a user credential / device ID sending unit 21, an encrypted file / electronic ticket receiving unit 22, a confidential file decrypting unit 23, and a file display unit 24. The user credential / device ID sending means 21 authenticates the user and sends the device ID to the customer information management server 30. The encrypted file / electronic ticket receiving means 22 receives the encrypted file / electronic ticket from the customer information management server 30. The confidential file decrypting means 23 decrypts the electronic file, and converts the encrypted file into plain text.

  The file display means 24 is a viewer in which security is ensured by a software tamper resistant function reference: “Software tamper resistant technology”, information processing June 2003 issue). User B browses the encrypted file using the file display means 24. Furthermore, it is assumed that the user terminal 20 has a software tamper resistant function for preventing the plaintext and the encryption key from being leaked.

  The customer information management server 30 includes user / device authentication means 31, customer record information restriction means 33, file value calculation means 34, key length determination means 35, file encryption means 36, electronic ticket generation means 37, encrypted file / electronic Ticket sending means 38, customer information storage means 39, and customer information value storage means 310 are provided.

  The customer information storage means 39 stores customer information. The customer information includes the customer's name, date of birth, address, telephone number, customer A's product purchase information, payment status for company A, and credit card number owned by the customer. The number of customers is determined by the number of records. The customer information value storage means 310 stores the estimated value of the element of customer information. Specifically, the customer information value storage means 310 stores the customer name, date of birth, address, telephone number, purchase information of the company A by the customer, payment status for the company A, and the credit card number owned by the customer. The estimated value is stored for each element. Further, the customer information value storage unit 310 stores the protection period of the electronic file, the distribution route information of the electronic file, the device information of the information terminal that uses the electronic file, and the profile information of the user who uses the electronic file.

  The user / device authentication means 31 authenticates a user who accesses the customer information management server 30. The user device authentication means 31 certifies the user's qualification for using customer information by using, for example, an electronic certificate, smart card, or IC card. The security policy input means 32 receives security guideline information including user qualification information necessary for specifying the user's usable range and estimated customer record unit price used to determine the value of confidential information, such as a LAN. Obtained from the security server 40 using the communication network. The customer record information restriction means 33 restricts the use range of confidential information based on the qualifications possessed by the user, and restricts the number and type (credit card number, etc.) of customer records that can be used by the user.

  The file value calculation means 34 is stored in the customer information value storage means 310 based on at least one of the number of customers based on the number of customer records and the type of information (customer information type) described in the customer record. The value of the electronic file in which the customer information is described is calculated with reference to the estimated value of the customer information element. Thereby, the strength of the security applied to the electronic file describing the customer information can be determined depending on the sensitivity, value, etc. of the customer information. In addition, when the customer information record is composed of a plurality of items, the file value calculation means 34 adds the estimated value of the customer information depending on the type of information held in each item, Calculate the value of the electronic file that stores the information.

  The key length determining unit 35 determines the protection strength to be applied to the electronic file based on the estimated value of the electronic file obtained by the file value calculating unit 34. Specifically, the key length determination unit 35 calculates the minimum key length that realizes the set protection strength based on the estimated value of the electronic file obtained by the file value calculation unit 34, and encrypts the electronic file. Specifies the strength of protection to be applied to the electronic file using the length of the encryption key used for. At this time, the key length determination means 35 includes the protection period of the electronic file, the distribution route information of the electronic file, the device information of the information terminal that uses the electronic file, the profile information of the user who uses the electronic file, or a combination thereof. This is reflected in the determination of the strength of security applied to the electronic file. The file encryption unit 36 encrypts the file using the encryption key having the key length. This optimizes the computation time and amount required for encryption / decryption, shortens the decryption time of the encrypted file, and also makes it difficult to view the encrypted file on a low-capacity device such as a PDA. Solve problems.

  In this embodiment, it is assumed that an electronic ticket method (reference: Japanese Patent Laid-Open No. 10-164051, “User Authentication Device and Method”) is used. In the electronic ticket method assumed here, the user registers information unique to the device owned by the user in the customer information management server 30, and the electronic ticket generation means 37 generates an electronic ticket for the terminal that receives the electronic file. Yes, the difference information between the device-specific information and the encryption key used for protecting confidential information is issued to the user as an electronic ticket. The encrypted file / electronic ticket sending means 38 sends the encrypted file / electronic ticket.

  Further, the customer information management server 30 uses a tamper resistant technology in order to realize the protection strength applied to the electronic file. In the registration of the device specific information, a program protected by the tamper resistant function of the device is used for secure communication such as VPN (Virtual Private Network) for communication with the customer information management server 30 based on a user instruction. After creating a route, it is performed without leaking device-specific information to the user and a third party.

  In addition, the device-specific information, the decrypted electronic file, and the common key used for encrypting the electronic file are always protected by the software tamper resistance function. These information are prevented from being retrieved from the device. Also, in the electronic ticket method, by utilizing computational difficulty such as prime factorization or discrete logarithm problem, the user himself / herself and a third party can use the difference information for user device-specific information or electronic file protection. It is difficult to calculate the encryption key information that is present, and it is practically prevented from leaking the electronic file and the accompanying secret information.

  Next, referring to FIGS. 3 and 4, the procedure of the user and customer information management server 30 implemented when using customer information will be described. FIG. 3 is a diagram showing a procedure to be performed by a user who uses the electronic file. FIG. 4 is a diagram showing an implementation procedure of the customer information management server 30 that encrypts the electronic file and sends the electronic ticket and the encrypted electronic file to the user.

  Below, the case where the user B browses customer information using desktop PC as the user terminal 20 is demonstrated first. In step S101, the user credential / device ID sending means 21 accesses the customer information management server 30, and in step S102, the customer information management server 30 indicates that it has the qualification for using customer information using an electronic certificate or the like. Prove it. At the same time, in step S 103, the user credential / device ID sending means 21 sends a device ID for identifying a device for which the user B intends to use customer information to the customer information management server 30.

  In step S201, the user / device authentication unit 31 accesses the security server 40 in step S202 after the user authentication is completed between the user B and the customer information management server 30. Obtain security guideline information including user record estimated unit price etc. required to determine the value of user information and electronic files.

  In step S203, the customer record information restriction unit 33 determines the range of customer information available to the user B based on the user information and the device ID. Here, the target number of customer information available for user B is M. In the case of using a file on a desktop PC as the user terminal 20 installed in the office of the company A, browsing of all items of the customer record such as the customer's credit card number is permitted. For this reason, in step S204, the customer record information restricting means 33 creates an electronic file in which all items of M customer records are described for sending to the user B. Therefore, first, the customer record information restriction means 33 decrypts the encrypted and stored electronic file body using the 2048-bit key, and M users who can view the user B from the decrypted electronic file. Extract all customer record fields.

  In step S205, the file value calculation means 34 calculates the value of the electronic file based on at least one of the number of customers and the type of customer information among the customer information in the electronic file. More specifically, the file value calculation means 34 calculates the value of all items of M customer records based on the value information assigned to each item of customer information defined in the security guidelines. In step S206, the key length determination means 35 determines the strength of protection applied to the electronic file by determining a key length that matches the calculated value of the electronic file. By appropriately setting the range of information that can be browsed by the user and accurately estimating the value of the customer information used by the user, appropriately setting the protection strength to be given to the electronic file describing the customer information Is possible. In step S207, the file encryption unit 36 generates an RSA encryption private key / public key having the determined key length. The electronic ticket generation unit 37 generates an electronic ticket to be sent to the user B using the secret key generated by the file encryption unit 36 and the device specific information of the desktop PC that is the user terminal 20 owned by the user B. In the security guideline information acquired from the security server 40, the estimated value G of the calculation amount that can be purchased for 1 yen, the protection target year Y, and value information assigned to each item of the customer record are described. The file value calculation means 34 calculates the value T of the file in which all items of customer information for M people are described according to the following equation (1).

  (1) T = (NameEtc + Pay + CreditNum) × M

  Here, NameEtc is the customer's name, age, address, telephone number, 5 types of information about the company A product purchase information by the customer, Pay is the payment status for company A, CreditNum is the credit card number owned by the customer Value information corresponding to each item. Here, as an example, it is assumed that NameEtc = 15000, Pay = 100000, and CreditNum = 500000. The key length determination means 35 determines the length K of the RSA encryption key used for protection using the above equation (1) by the following equation.

  (2) K = lg {K = Min {n | C (n)> T * f (Y)}}, C (n) = v (log v), f (Y) = G * (2 ^ (Y /1.5)), v = Min {w | wΨ (x, y)> xy / log y, x = 2d (n ^ (2 / d)) (w ^ ((d + 1) / 2)), y > 0, d: positive odd number}.

  In the above, lg represents a logarithm with base 2. In the above formula, Ψ (x, y) represents a number of positive integers less than or equal to x whose prime factor does not exceed y. Refer to [1] Math. Comp., 66, p.1729-1741, 1997. [2] Math. Comp., 73, p.1013-1022, 2004 etc. for the calculation method of Ψ (x, y). I want to be. The file encryption means 36 generates a 160-bit random number, uses this as an encryption key for common key encryption used for encryption of the electronic file, and encrypts the electronic file using this encryption key. Furthermore, this common key is encrypted using the public key of the previous RSA encryption, and this is attached to the encrypted electronic file. In step S 208, the encrypted file / electronic ticket sending means 38 sends the encrypted electronic file associated with the electronic ticket and the encrypted common key to the user B.

  On the other hand, when the user B browses customer information using the PDA as the user terminal 20, the following procedure is performed. In this case, since mobile use outside the company is assumed, the customer information management server 30 indicates the types of customer records that can be browsed by the user B using the PDA as the user terminal 20, the customer name, date of birth, address, It is limited to the telephone number and the product purchase information of the company A by the customer, and viewing of the payment status for the company A and the credit card number owned by the customer is not permitted. For this reason, in the electronic file created for the user B by the customer information management server 30, only five types of information such as the name of the customer are described.

At this time, the file value calculation means 34, instead of the above equation (1),
T = NameEtc × M
It was used to calculate the value of the file that contains the customer information, the key length determining unit 35 determines the length K of the RSA encryption key by using the same equation (2). Furthermore, the electronic ticket generation means 37 creates an electronic ticket using the RSA encryption secret key and the device specific information of the PDA as the user terminal 20 as in the case of the desktop PC. After that, the encrypted file / electronic ticket sending means 38 sends to the user B an encrypted electronic file associated with this electronic ticket and a common key encrypted using the RSA encryption key.

  Next, browsing of the encrypted electronic file by user B will be described. As described above, the user B browses the encrypted electronic file using the viewer protected by the tamper resistant function. Therefore, in step S104 and S105, the user B registers the acquired electronic ticket and encrypted electronic file in the viewer. In step S106, the confidential file decrypting unit 23 decrypts the encrypted common key attached to the encrypted confidential file using the electronic ticket and the device specific information. Further, in step S107, the confidential file decrypting unit 23 decrypts the encrypted electronic file using the decrypted common key and displays it to the user. However, these processes are performed while keeping all confidential information in the tamper resistant area of the viewer.

  Although it is difficult for the user to know the common key or device-specific information, it is difficult in terms of calculation amount. However, once an electronic ticket is acquired, it is not possible to access the customer information management server 30 during the expiration date. Even in the environment, it is possible to browse the information in the encrypted electronic file using a dedicated viewer installed in the device used by the user.

  Now, in the above method, if the number of customer information that user B can use is M = 1500 (person), the number of years to be protected is Y = 30 (year), and the estimated amount of calculation that can be purchased for 1 yen is G = 7.88 × 10 ^ 12 (bit). Here, the value of G was calculated on the assumption that the selling price of a 1 GHz CPU and a motherboard was 20,000 yen (reference: Simson Garfinkel, “PGP: Pretty Good Privacy”, O’Reilly, 1994). At this time, when the optimum key length for the desktop PC is calculated by the above method, it becomes 904 bits, and the optimum key length for the PDA becomes 778 bits. Since a 2048-bit RSA encryption key is used on the server side, the key length of the RSA encryption key is 0.44 times in the case of a desktop PC and 0.379 times in the case of a PDA. Assuming that the decryption time of the RSA cipher is proportional to the cube of the key length, the above method can substantially increase the speed by about 12 times for a desktop PC and about 18 times for a PDA. As a result, it is possible not only to improve usability in browsing electronic files on a desktop PC, but also to realize strong copyright protection and confidential information protection using a low-speed device such as a PDA, which has been difficult in the past.

  In particular, when building a strong protection system at the highest level using the electronic ticket method, the entire file is not decrypted when the file is displayed by the viewer, and only one page displayed by the viewer is tamper resistant. It is assumed that the system configuration is such that the part that is decrypted in the encryption area and the part that is not displayed is kept encrypted. In this case, every time each page is displayed, decryption by public key cryptography is performed, and a significant speed reduction and usability reduction usually occur. For this reason, when constructing such a strong protection system at the highest level by using a low-speed device such as a PDA, the effect of the above-mentioned speed-up becomes enormous.

  In the above embodiment, the RSA encryption is used particularly for protecting the electronic file, but the same effect can be obtained by using other public key encryption such as ElGamal encryption, elliptic curve encryption, and NTRU. . In addition, when setting the number of records of a file permitted to be browsed by the user, the estimated decoding time required for decoding is presented to the user as reference information using an assumed device such as a PC so that the user can adjust the range setting. May be. Further, at the time of setting the value of the file, the reduction of the brand value accompanying the loss of trust caused by the outflow of customer information may be b yen, and the value obtained by adding this to T may be the value of the electronic file.

In addition, as a calculation formula for setting the optimum key length K,
K = lg {Min {n | C (n)> T * f (Y)}},
C (n) = Exp ((1.92 + o (1)) * ((log n) ^ (1/3)) * ((log log n) ^ (2/3))),
f (Y) = G * 2 ^ (Y / 1.5),
Or you may utilize what added correction | amendment to said formula.

  In the above, C (n) is the computational complexity of the number field sieving method that is the best attack method for public key cryptosystems that depend on difficulty of prime factorization such as RSA (reference documents: AK Lenstra, HW Lenstra (eds. ), The development of the number field sieve, Lecture Notes in Mathematics, vol. 1554, Springer-Verlag, Berlin and Heidelberg, Germany, 1993.). Furthermore, a virtual isolated network using the air gap method for managing customer information safely is constructed, and file encryption is not performed on the communication path in this network, but customer information is stored outside the network. Even when the system is configured to use the customer information management method when taking out, the same effect as described above can be obtained.

  Conventionally, the strength of encryption applied to a file describing customer information according to the type, number, and content of customer records is not changed, but according to the embodiment of the present invention, the protection strength given to an electronic file can be increased. It becomes possible to set based on the number and type of customer information described in the electronic file. As a result, it is possible to protect the electronic file with an appropriate strength, and it is possible to prevent the occurrence of a large amount of processing time due to excessive protection and, conversely, leakage of confidential information due to excessive protection.

  The customer information management server 30 corresponds to the customer management device. The customer information management server 30 is realized by using, for example, a CPU (Central Processing Unit), a ROM (Read Only Memory), a RAM (Random Access Memory), etc., and installs a program from a hard disk device or the like, or a communication circuit. Each step of the customer management method is executed when the CPU executes this program. That is, the program is applied to the electronic file based on the calculation step of calculating the value of the electronic file based on at least one of the number of customers and the type of customer information among the customer information in the electronic file. The CPU, which is a computer, executes a determination step for determining the protection strength.

  Although the preferred embodiments of the present invention have been described in detail above, the present invention is not limited to the specific embodiments, and various modifications, within the scope of the gist of the present invention described in the claims, It can be changed.

It is a figure which shows the relationship between the person, server, etc. in connection with preparation / browsing / processing of the electronic file which described customer information. It is a block diagram in connection with embodiment of this invention. It is a figure which shows the procedure which a user should implement. It is a figure which shows the procedure which a customer information management server should implement.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Customer information management system 20 User terminal 21 User credential / device ID sending means 22 Encrypted file / electronic ticket receiving means 23 Confidential file decryption means 24 File display means 30 Customer information management server 31 User / device authentication means 32 Security policy Input means 33 Customer record information restriction means 34 File value calculation means 35 Key length determination means 36 File encryption means 37 Electronic ticket generation means 38 Encrypted file / electronic ticket sending means 39 Customer information storage means 310 Customer information value storage means

Claims (8)

Storage means for storing an electronic file describing a plurality of records for customer information comprising one or more items ;
Value storage means for storing an estimated value for each item of the customer information, as defined in security guidelines;
Referring to the contents of the value storage means, the estimated value of the customer information is added based on the type of information held in each item of the customer information, and determined by the number of customer records included in the electronic file Calculating means for calculating the value of the electronic file by multiplying the number of customers
Determining means for determining the length of the encryption key used for encryption of the electronic file calculated based on the value of the electronic file calculated by the calculating means as a protection strength applied to the electronic file ;
A customer management device comprising: The customer information includes at least one item of a customer's name, date of birth, address, telephone number, purchase information by the customer, payment status, and a credit card number owned by the customer. Item 2. The customer management device according to Item 1. The determination means includes at least one of an electronic file protection period, electronic file distribution route information, device information of an information terminal using the electronic file, profile information of a user using the electronic file, and a combination thereof. The customer management apparatus according to claim 1, wherein: is reflected in determination of a protection strength applied to the electronic file. Customer management apparatus according to any one of claims 1 to 3, characterized by further comprising a generating means for generating an electronic ticket for a terminal for receiving the electronic file. Wherein in order to realize the protection intensity applied to the electronic file, the customer management apparatus according to any one of claims 1 to 4, characterized in that utilizing the tamper-resistant technology. Electronic certificate, claim 1, characterized by comprising further comprising a certification means for certifying the eligibility of users of client information by using at least one of a smart card and an IC card according to claim 5 The customer management device according to any one of the above. The customer management apparatus according to any one of claims 1 to 6 , further comprising a restriction unit that restricts a use range of customer information in the electronic file based on a qualification possessed by the user. Contents of value storage means for storing the estimated value for each item of the customer information, as defined in the security guidelines, the value of the electronic file in which a plurality of records are written for the customer information composed of one or more items The estimated value of the customer information is added based on the type of information held in each item of the customer information, and the number of customers determined by the number of customer records included in the electronic file is determined. A calculation step to calculate by multiplying ;
Was calculated based on the value of the electronic file, a determination step of the length of the encryption key used to encrypt the electronic file, determining the protection intensity applied to the electronic file,
A program that causes a computer to execute.

Images