JP4684714B2 - File management system and program - Google Patents

File management system and program Download PDF

Info

Publication number
JP4684714B2
JP4684714B2 JP2005105472A JP2005105472A JP4684714B2 JP 4684714 B2 JP4684714 B2 JP 4684714B2 JP 2005105472 A JP2005105472 A JP 2005105472A JP 2005105472 A JP2005105472 A JP 2005105472A JP 4684714 B2 JP4684714 B2 JP 4684714B2
Authority
JP
Japan
Prior art keywords
file
decryption key
key
encryption
decryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
JP2005105472A
Other languages
Japanese (ja)
Other versions
JP2006285697A (en
Inventor
聡 伊藤
Original Assignee
エヌ・ティ・ティ・ソフトウェア株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by エヌ・ティ・ティ・ソフトウェア株式会社 filed Critical エヌ・ティ・ティ・ソフトウェア株式会社
Priority to JP2005105472A priority Critical patent/JP4684714B2/en
Publication of JP2006285697A publication Critical patent/JP2006285697A/en
Application granted granted Critical
Publication of JP4684714B2 publication Critical patent/JP4684714B2/en
Application status is Active legal-status Critical
Anticipated expiration legal-status Critical

Links

Images

Description

  The present invention relates to a technique for managing keys used for encryption and decryption of electronic files.

  As an example of the prior art for managing keys used for encryption and decryption of electronic files, the key is stored in a recording medium called a USB (Universal Serial Bus) key, and the USB key is extracted to a user terminal such as a personal computer. There is a technique for encrypting / decrypting an electronic file of a user terminal by inserting (see Non-Patent Document 1).

In the above prior art, the key is generated at the administrator terminal, recorded on the USB key, and the USB key on which the key is recorded is distributed to the user. In the administrator terminal, each key is managed in association with each user, and the administrator performs operations such as new key issuance and reissue in response to a request from the user. A user inserts a USB key into his / her user terminal and inputs a password for using the key, so that an encryption / decryption program operating on the user terminal uses the key to encrypt / decrypt an electronic file. .
Search on March 17, 2005, Internet http://c4t.jp/products/package/c4u/

  In the above prior art, it is necessary to input a password in order to use a key for decrypting an encrypted file. Therefore, when using a plurality of keys properly, it is necessary to use a plurality of passwords corresponding to each key. However, since the number of passwords that humans can remember and use is limited, the number of keys that can be used is limited. Therefore, there are a plurality of encrypted files that can be decrypted with the same key, and there is a risk that a plurality of encrypted files are decrypted due to leakage of one key. Another problem is that if the password is forgotten, the encrypted file cannot be decrypted.

  The present invention has been made in view of the above points, and even if one key leaks, the number of encrypted files that can be decrypted with the key can be suppressed to only one, and the encrypted file is decrypted. It is an object of the present invention to provide a file management technique capable of automatically selecting and decrypting an appropriate decryption key without relying on a password.

In order to solve the above problems, the present invention comprises a file storage device that stores an encrypted file obtained by encrypting a confidential file, and a key management device that stores a decryption key for decrypting the encrypted file. A file management system for reading a decryption key corresponding to a designated confidential file from the key management device and decrypting the encrypted file with the read decryption key, wherein the file storage device uses the decryption key Encrypted file storage means for encrypting the confidential file with a corresponding encryption key and storing the encrypted encrypted file in a pair with a file identification information for identifying the confidential file and a generated random number; A decryption key correspondence information generating means for generating decryption key correspondence information using the file identification information and the random number by a one-way function; When reading a file, the random number corresponding to the file identification information is read from the encrypted file storage means, and the file identification information corresponding to the read random number and the file identification information is transmitted to the key management device as a pair Information transmitting means, and encrypted file decrypting means for decrypting the encrypted file with a decryption key received from the key management apparatus, wherein the key management apparatus receives the decryption key correspondence information received from the file storage apparatus. And a decryption key storage means for storing the decryption key in pairs, and when reading the confidential file in the file storage device, the random number received from the file storage device and the file identification information are obtained by the one-way function. Decryption key correspondence information calculating means for converting and obtaining the decryption key correspondence information, and corresponding to the obtained decryption key correspondence information Reads the decryption key from the decryption key storage unit configured as a file management system characterized by having a decryption key transmission means for transmitting to said file storage device.
The present invention comprises a file storage device for storing an encrypted file obtained by encrypting a confidential file, and a key management device for storing a decryption key for decrypting the encrypted file. A program for causing a computer to function as the file storage device in a file management system that reads a corresponding decryption key from the key management device and decrypts an encrypted file with the read decryption key, File encryption means for encrypting the confidential file with an encryption key corresponding to a decryption key, and storing the encrypted encrypted file in the encrypted file storage means in a pair of file identification information for identifying the confidential file and a random number A decryption key from the file identification information and the random number by a one-way function specified in advance. Decryption key correspondence information generation means for generating response information, and the key management device stores the decryption key correspondence information and the decryption key in order to store the decryption key correspondence information and the decryption key in pairs in the decryption key storage means. A decryption key correspondence information transmitting means for transmitting a key to the key management device; when reading the confidential file, a random number corresponding to the file identification information is read from the encrypted file storage means, and the read random number and A file identification information transmitting means for transmitting the corresponding file identification information as a pair to the key management apparatus, and in the key management apparatus, from the random number and the file identification information transmitted by the file identification information transmission means, The decryption key corresponding to the decryption key correspondence information calculated by the direction function is read from the decryption key storage means, and the read decryption key is Received from Kikagi management apparatus, the encrypted file decryption means for decrypting the encrypted file by the decryption key received may be configured as a program for functioning as a.

  According to the present invention, since a different decryption key can be associated with each encrypted file, even if one decryption key leaks, only the encrypted file corresponding to the decryption key can be decrypted, and other encryption It is possible to prevent the file from being decoded. In the key management device, the decryption key is managed in association with the decryption key correspondence information. Since the decryption key correspondence information is a random number generated by a one-way function, even if the information in the key management device is leaked. However, since it is impossible to determine which decryption key corresponds to which encrypted file, it is possible to prevent the encrypted file in the file storage device from being specified.

  Furthermore, it is not necessary to input a password when decrypting the encrypted file, and an appropriate decryption key can be automatically selected and decrypted without depending on the password. In addition, the problem that the encrypted file cannot be decrypted due to forgotten password can be solved. Further, by using a portable terminal or the like held by the user as the key management device, it is possible to eliminate the work on the administrator terminal by the administrator, which has been conventionally required.

  Embodiments of the present invention will be described below with reference to the drawings. In this embodiment, a key used for encrypting / decrypting a file stored in a user terminal such as a personal computer (hereinafter referred to as an encryption / decryption key) is encrypted on a mobile terminal such as a mobile phone owned by the user. Stored in association with a file to be encrypted / decrypted. However, the encryption / decryption key is not associated with the file name, but is associated with the identification information that is associated with the file but cannot be identified with which file as it is.

(System configuration)
First, the system configuration of the present embodiment will be described with reference to FIG. As shown in FIG. 1, the system according to the present embodiment includes a user terminal 1 and a mobile terminal 2. The user terminal 1 has a data storage for storing an encryption / decryption application 10 having an encryption function 11, a decryption function 12, and a communication function 13, and an encryption target file 21 and an encryption file 22 (= decryption target file). Part 20. The encryption function 11 has an encryption / decryption key generation function 14 and a file encryption function 15, and the decryption function 12 has an encryption / decryption key request function 16 and a file decryption function 17.

  The portable terminal 2 is a data storage that stores a key management application 30 having a user authentication function 31, an encryption / decryption key management function 32, and a communication function 33, and a management table 41 that manages the management ID and the encryption / decryption key in association with each other Part 40. The encryption / decryption key management function 32 has an encryption / decryption key registration function 34 and an encryption / decryption key search function 35.

  In FIG. 2, the hardware structural example of the user terminal 1 and the portable terminal 2 is shown. As shown in FIG. 2, the user terminal 1 has a general computer configuration including an input device 51, a communication device 52, a display device 53, a CPU 54, a RAM 55, and a data storage device 56 such as a hard disk. The mobile terminal 2 includes an input device 61, a communication device 62, a display device 63, a CPU 64, a volatile memory 65, and a nonvolatile memory 66, and the management table 41 is stored in the nonvolatile memory 66. .

  The encryption / decryption application program shown in FIG. 1 is executed on the user terminal having the hardware configuration shown in FIG. 2, thereby realizing each means in the file storage device of the present invention. Moreover, each means in the key management apparatus of this invention is implement | achieved by running the program of the key management application shown in FIG. 1 on the portable terminal which has the hardware constitutions shown in FIG.

  In the present specification and claims, the “portable terminal” means a portable device that can execute the processing according to the present invention, and examples thereof include a small personal computer, a mobile phone, and a PDA. However, it is not limited to these. These “portable terminals” are all types of computers.

(Outline of processing)
Hereinafter, a processing sequence in the system having the above-described configuration will be described with reference to sequence charts of FIGS. First, a process for encrypting a file will be described with reference to FIG.

  When the user of the mobile terminal 2 inputs a password (alphanumeric characters) to the mobile terminal 2 (step 1), the mobile terminal 2 establishes a communication path with the user terminal 1 (step 2). Subsequently, when the user designates an encryption target file on the user terminal 1 (step 3), the user terminal 1 reads the encryption target file name (for example, file1.doc) from the data storage unit 20 (step 4). . In addition, the user terminal 1 generates an encryption / decryption key (for example, FC69ZAZ9rz...) And a management ID random number (for example, pSRhTpkKDt...) (Step 5). CBE725C88A... (This is used as a management ID) is generated (step 6). Then, the user terminal 1 transmits the generated encryption / decryption key and management ID to the portable terminal 2 (step 7).

  The portable terminal 2 registers the received encryption / decryption key and management ID in the management table as shown in FIG. 3, and notifies the registration result to the user terminal 1 (steps 8 and 9).

  The user terminal 1 newly creates an encrypted file (file1.doc.cmk) (step 10), and writes a management ID random number at the head of the encrypted file (step 11). Further, the hash function type used when generating the management ID and the encryption algorithm type for encrypting the contents of the encryption target file are written after the management ID random number (step 12). Then, the content of the encryption target file encrypted using the encryption algorithm is written after the encryption algorithm type (steps 13 and 14). The configuration of the encrypted file created in this way is as shown in FIG. The user terminal 1 stores the encrypted file in the data storage unit 20 and deletes the encryption target file (steps 15 and 16).

  Next, the decoding process will be described with reference to FIG.

  As in the case of encryption, when the user inputs a password (alphanumeric characters) to the mobile terminal 2, a communication path is established between the mobile terminal 2 and the user terminal 1 (steps 21 and 22). Subsequently, when the user designates a decryption target file in the user terminal 1 (step 23), the user terminal 1 decrypts the pre-encryption file name, random number for management ID, hash function type, and encryption algorithm type from the data storage unit 20. The file to be encrypted is read, and the file name before encryption, the random number for management ID, and the hash function type are transmitted to the portable terminal 2 (steps 24 and 25).

  The portable terminal 2 generates a hash value (management ID) from the random number for management ID and the file name before encryption using the hash function indicated by the hash function type received from the user terminal 1 (step 26). The portable terminal 2 reads out the encryption / decryption key corresponding to the management ID from the management table 41 using the management ID as a key, and transmits the encryption / decryption key to the user terminal 1 (steps 27 and 28).

  Receiving the encryption / decryption key, the user terminal 1 creates a new decryption file having the pre-encryption file name (file1.doc) (step 29), and the contents (encryption) of the decryption target file (file1.doc.cmk) Text) is read from the data storage unit 20 (step 30), and the content (ciphertext) of the decryption target file is stored in the decryption target file using the encryption / decryption key received in step 28. The data is decrypted by the encryption algorithm indicated by (1) and written into the newly created decrypted file (file1.doc) (step 31). This completes the decoding.

(Process details)
Next, processing executed in each device will be described in detail with reference to flowcharts in accordance with the sequences shown in FIGS. First, the encryption process will be described.

  FIG. 5 is a flowchart of the authentication process (step 1 in FIG. 3) in the mobile terminal 2. When the key management application 30 is activated in the portable terminal 2, the key management application 30 displays a screen prompting the user to input an alphanumeric password on the display device 63 of the portable terminal 2 (step 101). Is input by the input device 62 (step 102). The password is used to authenticate the user of the mobile terminal 2 and is registered in the mobile terminal 2 in advance. FIG. 6 shows an example of a password input screen displayed on the mobile terminal 2.

  The key management application 30 determines whether or not the password input by the user matches that registered in advance (step 103). If the password input by the user matches that registered in advance, the key management application 30 establishes a communication path between the mobile terminal 2 and the user terminal 1 (step 104). Any communication path such as infrared, Bluetooth, or wired connection that can be controlled by the key management application 30 may be used. If the password does not match the registered password, the key management application 30 ends the process.

  Next, the encryption / decryption key generation process (steps 3 to 7 in FIG. 3) in the user terminal 1 will be described with reference to FIG. First, the encryption / decryption application 10 is activated by an activation command from the user (step 105). The activated encryption / decryption application 10 displays a screen prompting the user to specify a file to be encrypted or decrypted on the display device 53 of the user terminal 1, and accepts a file specification from the user (step 106). ).

  The encryption / decryption application 10 determines whether the file is an encryption target file or a decryption target file based on the extension of the file designated by the user (step 107). In the present embodiment, if the extension is “.cmk”, the file is determined to be a decryption target file, and otherwise, the file is determined to be an encryption target file.

  If the file specified by the user is an encryption target file, the encryption / decryption application 10 reads the encryption target file name and accepts an encryption command from the user (step 108). FIG. 8A shows an example of a screen for selecting a file, and FIG. 8B shows an example of a screen for specifying encryption.

  Upon receiving the encryption command, the encryption / decryption application 10 generates an encryption / decryption key and a management ID random number (step 109). The encryption / decryption key and the management ID random number are different from each other, and a different one is generated for each designated file. The random number generation algorithm may be an existing one. The encryption / decryption key is used to encrypt and decrypt a file, and the management ID random number is used to generate a management ID used to uniquely identify the file to be encrypted / decrypted. is there.

  The encryption / decryption application 10 converts the encryption / decryption key into a format to be passed to the key management application 30 of the portable terminal 2 as necessary. This is, for example, conversion for unifying the encryption / decryption key format (eg, TLV format) depending on the encryption algorithm into binary data whose length is known in advance.

  Subsequently, the encryption / decryption application 10 inputs the management ID random number generated in Step 109 and the file name to be encrypted into the hash function, and generates a hash value (Step 110). The hash function may be an existing one. This hash value is used as a management ID. Then, the encryption / decryption application 10 transmits the encryption / decryption key and the management ID generated in step 110 to the key management application 30 of the portable terminal 2 via the communication path established in step 104 (step 111).

  FIG. 9 is a flowchart of the encryption / decryption key registration process (steps 8 to 9 in FIG. 3) in the mobile terminal 2. The key management application 30 of the portable terminal 2 receives the encryption / decryption key and management ID transmitted from the encryption / decryption application 10 of the user terminal 1 via the communication path (step 112), and receives the received encryption / decryption key and management ID. Is registered in the management table 41 on the nonvolatile memory 66 of the portable terminal 2 (step 113). And a registration result is transmitted to the user terminal 1 via a communication path (step 114). The registration result is information indicating whether or not the registration is successful.

  FIG. 10 is a flowchart of the file encryption process (steps 10 to 16 in FIG. 3) in the user terminal 1.

  The encryption / decryption application 10 of the user terminal 1 receives the registration result from the key management application 30 of the portable terminal 2 via the communication path (step 115). The encryption / decryption application 10 determines whether the received registration result is successful or unsuccessful (step 116). If the registration result is successful, the extension “.cmk” is added to the file name of the encryption target file designated by the user. A new encrypted file is created with the file name as the file name (step 117).

  Subsequently, the encryption / decryption application 10 writes the management ID random number generated in step 109 to the head of the encrypted file newly created in step 117 (step 118).

  The encryption / decryption application 10 writes the hash function type and the encryption algorithm type after the management ID random number written in step 118 (step 119). The encryption algorithm type is used to determine which algorithm should be used for decryption. Note that the encryption algorithm type is not required when the encryption / decryption application 10 uses only a specific encryption algorithm. The hash function type is used for the key management application 30 to determine which hash function should be used to generate the management ID. When only a specific hash function is used, the hash function type is not necessary.

  Subsequently, the encryption / decryption application 10 uses the encryption / decryption key generated in step 109 by using the encryption algorithm represented by the encryption algorithm type written in the encrypted file for the content (plain text) of the encryption target file specified by the user. Encryption is performed (step 120). Then, the encrypted ciphertext is written after the hash function type and encryption algorithm type (step 121).

  The encryption / decryption application 10 stores the encrypted file created in step 121 in a predetermined file storage location in the data storage unit 20 (step 122), and deletes the encryption target file (step 123).

  If the registration result is unsuccessful in step 116, the encryption / decryption application 10 displays on the display device 53 that the registration of the encryption / decryption key has failed (step 124) and ends.

  Next, the decoding process will be described.

  In the case of decryption, the user selects a decryption target file in step 106 of FIG. When the encryption / decryption application 10 detects that the decryption target file is designated in steps 106 and 107 in FIG. 7, the file name before encryption is obtained by removing the extension “.cmk” from the designated file name. Then, the management ID random number written at the head, the hash function type and the encryption algorithm type written next are read out from the decryption target file (step 125 in FIG. 11). The encryption / decryption application 10 transmits the pre-encryption file name, the management ID random number, and the hash function type to the key management application 30 of the portable terminal 2 via the communication path (step 126).

  FIG. 12 is a flowchart of the encryption / decryption key search process (steps 26 to 28 in FIG. 4) in the mobile terminal 2. The key management application 30 of the portable terminal 2 receives the pre-encryption file name, the management ID random number, and the hash function type from the user terminal 1 (step 127). Then, the key management application 30 inputs the received pre-encryption file name and the management ID random number into the hash function corresponding to the received hash function type, and generates a hash value serving as the management ID (step 128). .

  Then, the key management application 30 searches the encryption / decryption key registered in association with the management ID from the management table 41 on the nonvolatile memory 66 of the portable terminal 2 using the management ID generated in step 128 as a key. (Step 129). If the search of the encryption / decryption key is successful in step 130, the key management application 30 transmits the searched encryption / decryption key together with information indicating successful search results to the user terminal 1 via the communication path (step 131). . In step 130, when the search fails because the encryption / decryption key does not exist in the management table 41, the key management application 30 transmits information indicating the search result failure to the user terminal 1 via the communication path (step 132). .

  If the search is successful in step 130, the encryption / decryption application 10 of the user terminal 1 receives information indicating the search result success and the encryption / decryption key obtained by the search from the key management application 30 of the portable terminal 2 via the communication path ( Step 133 in FIG. Note that when the encryption / decryption application 10 converts the encryption / decryption key in Step 109, the encryption / decryption application 10 performs conversion opposite to the conversion performed in Step 109 on the received encryption / decryption key.

  Subsequently, the encryption / decryption application 10 creates a new file having the file name before encryption (step 134), and reads the ciphertext from the file to be decrypted designated in step 107 (step 135). The encryption / decryption application 10 uses the encryption / decryption key received in step 133 to decrypt the ciphertext read in step 135 using the encryption algorithm corresponding to the encryption algorithm type read in step 125 (step 136). The contents are written in the new file created in step 134 (step 137). If the search fails in step 130, information to that effect is received (step 138) and a message indicating that the search for the encryption / decryption key has failed is displayed (step 139).

  As described above, according to the system according to the present embodiment, the encryption / decryption key is managed in association with the file on the mobile terminal side, but it is associated with information that cannot be identified as it is as it is. Because the encryption / decryption key is managed, it is impossible to determine which encryption / decryption key corresponds to which file even if the contents of the management table are leaked. . Further, since encryption / decryption is performed using a different encryption / decryption key for each file, even if it is known that one encryption / decryption key corresponds to a specific file, another encryption / decryption key is used. It is possible to prevent the encrypted file from being decrypted.

  In the present embodiment, since the encryption / decryption key is managed by the portable terminal held by the user, it is possible to reduce the work of the administrator terminal by the administrator.

  In the above embodiment, it is not necessary to input a password to the user terminal at the stage of selecting the name of the encrypted file (decryption target file), but a predetermined key (password or the like) must be input. The user terminal may not be able to acquire the correct pre-encryption file name. As a result, even if the mobile terminal is transferred to a malicious third party and the password of the mobile terminal is decrypted, the user terminal cannot obtain the encrypted file name unless the above key is broken. As a result, since the portable terminal cannot transmit the encryption / decryption key corresponding to the encrypted file to the user terminal, it is possible to prevent unauthorized decryption of the file more firmly.

  This can be realized, for example, as follows. Instead of simply adding “cmk” to the encryption target file name as the encryption file name, after selecting the encryption target file at the time of encryption, enter the key (password etc.) and use that key The encrypted file name is the encrypted file name, and the encrypted file is stored in association with some identification information (information identifying the contents of the encrypted file). To select an encrypted file, input the above key, decrypt the encrypted file name, and obtain the file name to be encrypted (file name before encryption). The subsequent processing is the same as in the above embodiment.

  The present invention is not limited to the above-described embodiment, and various modifications and applications can be made within the scope of the claims.

It is a functional block diagram of the system in embodiment of this invention. It is a hardware block diagram of the system in embodiment of this invention. It is a processing sequence figure of the system in an embodiment of the invention. It is a processing sequence figure of the system in an embodiment of the invention. 4 is a flowchart of authentication processing in the mobile terminal 2. It is an example of a password input screen displayed on the portable terminal 2. 4 is a flowchart of encryption / decryption key generation processing in the user terminal 1. It is a screen example (a) for selecting a file and a screen example (b) for specifying encryption. 4 is a flowchart of encryption / decryption key registration processing in the mobile terminal 2. 4 is a flowchart of file encryption processing in the user terminal 1. 4 is a flowchart of encryption / decryption key request processing in the user terminal 1. 6 is a flowchart of encryption / decryption key search processing in the mobile terminal 2; It is a flowchart of the file decoding process in the user terminal.

Explanation of symbols

1 user terminal 2 mobile terminal 10 encryption / decryption application 11 encryption function 12 decryption function 13 communication function 14 encryption / decryption key generation function 15 file encryption function 16 encryption / decryption key request function 17 file decryption function 20 data storage unit 21 encryption Target file 22 Encrypted file 30 Key management application 31 User authentication function 32 Encryption / decryption key management function 33 Communication function 34 Encryption / decryption key registration function 35 Encryption / decryption key search function 40 Data storage unit 41 Management tables 51 and 61 Input devices 52 and 62 Communication device 53, 63 Display device 54, 64 CPU
55 RAM
56 Data Storage Device 65 Volatile Memory 66 Nonvolatile Memory

Claims (2)

  1. A file storage device for storing an encrypted file obtained by encrypting a confidential file, and a key management device for storing a decryption key for decrypting the encrypted file, wherein the decryption key corresponding to the designated confidential file is A file management system that reads from a key management device and decrypts an encrypted file with the read decryption key,
    The file storage device
    Encrypted file storage means for encrypting the confidential file with an encryption key corresponding to the decryption key, and storing the encrypted encrypted file in pairs with file identification information for identifying the confidential file and the generated random number;
    Decryption key correspondence information generating means for generating decryption key correspondence information using the file identification information and the random number by a one-way function specified in advance;
    When reading the confidential file, a random number corresponding to the file identification information is read from the encrypted file storage unit, and the read random number and the file identification information corresponding to the read random number are paired and transmitted to the key management device. A file identification information transmission means;
    Encrypted file decryption means for decrypting the encrypted file with a decryption key received from the key management device;
    The key management device includes:
    Decryption key storage means for storing the decryption key correspondence information received from the file storage device in pairs with the decryption key;
    Decryption key correspondence information calculation means for obtaining the decryption key correspondence information by converting the random number received from the file storage device and the file identification information by the one-way function when reading the confidential file in the file storage device When,
    A file management system comprising: a decryption key transmission unit that reads out a decryption key corresponding to the obtained decryption key correspondence information from the decryption key storage unit and transmits the decryption key to the file storage device.
  2. A file storage device for storing an encrypted file obtained by encrypting a confidential file, and a key management device for storing a decryption key for decrypting the encrypted file, wherein the decryption key corresponding to the designated confidential file is A program for causing a computer to function as the file storage device in a file management system that reads from a key management device and decrypts an encrypted file with the read decryption key,
    File encryption that encrypts the confidential file with an encryption key corresponding to the decryption key and stores the encrypted encrypted file in the encrypted file storage means by pairing file identification information for identifying the confidential file and a random number means,
    Decryption key correspondence information generating means for generating decryption key correspondence information from the file identification information and the random number by a one-way function specified in advance;
    A decryption key for transmitting the decryption key correspondence information and the decryption key to the key management device so that the key management device stores the decryption key correspondence information and the decryption key in pairs in the decryption key storage means Correspondence information transmission means,
    When reading the confidential file, a random number corresponding to the file identification information is read from the encrypted file storage unit, and the read random number and the file identification information corresponding to the read random number are paired and transmitted to the key management device. File identification information transmission means,
    In the key management device, the decryption key corresponding to the decryption key correspondence information calculated by the one-way function from the random number transmitted by the file identification information transmission unit and the file identification information is the decryption key storage unit. Encrypted file decryption means for receiving the decryption key read from the key management device and decrypting the encrypted file with the received decryption key;
    Program to function as .
JP2005105472A 2005-03-31 2005-03-31 File management system and program Active JP4684714B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2005105472A JP4684714B2 (en) 2005-03-31 2005-03-31 File management system and program

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
JP2005105472A JP4684714B2 (en) 2005-03-31 2005-03-31 File management system and program

Publications (2)

Publication Number Publication Date
JP2006285697A JP2006285697A (en) 2006-10-19
JP4684714B2 true JP4684714B2 (en) 2011-05-18

Family

ID=37407552

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2005105472A Active JP4684714B2 (en) 2005-03-31 2005-03-31 File management system and program

Country Status (1)

Country Link
JP (1) JP4684714B2 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5136561B2 (en) 2007-11-13 2013-02-06 富士通株式会社 Archive system control program, archive system, management device, and control method
JP5259761B2 (en) * 2011-03-22 2013-08-07 株式会社東芝 Data conversion apparatus and program
KR101394369B1 (en) * 2012-11-13 2014-05-13 주식회사 파수닷컴 Apparatus and method for managing security contents using virtual folder
JP6623321B2 (en) * 2014-01-21 2019-12-25 サイエンスパーク株式会社 Method for managing electronic data for network system, program therefor, and recording medium for program
CN104506483A (en) * 2014-10-21 2015-04-08 中兴通讯股份有限公司 Method for encrypting and decrypting information and managing secret key as well as terminal and network server

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH09179768A (en) * 1995-12-21 1997-07-11 Olympus Optical Co Ltd File ciphering system and file deciphering system
JPH11265317A (en) * 1998-03-16 1999-09-28 Nippon Telegr & Teleph Corp <Ntt> Copyright protection system
JP2002312222A (en) * 2001-04-18 2002-10-25 Nippon Telegr & Teleph Corp <Ntt> Cryptic file managing device and method
JP2003005771A (en) * 2001-04-24 2003-01-08 Microsoft Corp Recognition system for audio content within digital signal
JP2003209541A (en) * 2002-01-10 2003-07-25 Matsushita Electric Ind Co Ltd Content protective storage device, terminal equipment, and content protective system
JP2006503369A (en) * 2002-10-16 2006-01-26 ヴォーメトリック インコーポレイテッド Secure file system server architecture and method

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH09179768A (en) * 1995-12-21 1997-07-11 Olympus Optical Co Ltd File ciphering system and file deciphering system
JPH11265317A (en) * 1998-03-16 1999-09-28 Nippon Telegr & Teleph Corp <Ntt> Copyright protection system
JP2002312222A (en) * 2001-04-18 2002-10-25 Nippon Telegr & Teleph Corp <Ntt> Cryptic file managing device and method
JP2003005771A (en) * 2001-04-24 2003-01-08 Microsoft Corp Recognition system for audio content within digital signal
JP2003209541A (en) * 2002-01-10 2003-07-25 Matsushita Electric Ind Co Ltd Content protective storage device, terminal equipment, and content protective system
JP2006503369A (en) * 2002-10-16 2006-01-26 ヴォーメトリック インコーポレイテッド Secure file system server architecture and method

Also Published As

Publication number Publication date
JP2006285697A (en) 2006-10-19

Similar Documents

Publication Publication Date Title
US20150227758A1 (en) Method and System for Securing Documents on a Remote Shared Storage Resource
KR101878149B1 (en) Device, system, and method of secure entry and handling of passwords
EP3195555B1 (en) Secure key management for roaming protected content
JP6571250B2 (en) How to use one device to unlock another
US8661254B1 (en) Authentication of a client using a mobile device and an optical link
EP3155754B1 (en) Methods, systems and computer program product for providing encryption on a plurality of devices
US20130254536A1 (en) Secure server side encryption for online file sharing and collaboration
CN101291224B (en) Method and system for processing data in communication system
US9148415B2 (en) Method and system for accessing e-book data
KR20170083039A (en) Roaming content wipe actions across devices
JP4866863B2 (en) Security code generation method and user device
US9191811B2 (en) Method and system for managing information on mobile devices
CN1697367B (en) A method and system for recovering password protected private data via a communication network without exposing the private data
CN101272237B (en) Method and system for automatically generating and filling login information
US8918633B2 (en) Information processing device, information processing system, and program
US7912223B2 (en) Method and apparatus for data protection
JP4755189B2 (en) Content encryption method, network content providing system and method using the same
US8239679B2 (en) Authentication method, client, server and system
US7353393B2 (en) Authentication receipt
US9749131B2 (en) System and method for implementing a one-time-password using asymmetric cryptography
EP3229397A1 (en) Method for fulfilling a cryptographic request requiring a value of a private key
JP5362114B2 (en) Secure USB storage medium generation and decoding method, and medium on which a program for generating a secure USB storage medium is recorded
US7234060B1 (en) Generation and use of digital signatures
US20070136599A1 (en) Information processing apparatus and control method thereof
US20060232826A1 (en) Method, device, and system of selectively accessing data

Legal Events

Date Code Title Description
A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20080307

A977 Report on retrieval

Free format text: JAPANESE INTERMEDIATE CODE: A971007

Effective date: 20101019

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20101026

A521 Written amendment

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20101224

TRDD Decision of grant or rejection written
A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

Effective date: 20110118

A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

A61 First payment of annual fees (during grant procedure)

Free format text: JAPANESE INTERMEDIATE CODE: A61

Effective date: 20110209

R150 Certificate of patent or registration of utility model

Ref document number: 4684714

Country of ref document: JP

Free format text: JAPANESE INTERMEDIATE CODE: R150

Free format text: JAPANESE INTERMEDIATE CODE: R150

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20140218

Year of fee payment: 3

S531 Written request for registration of change of domicile

Free format text: JAPANESE INTERMEDIATE CODE: R313531

R360 Written notification for declining of transfer of rights

Free format text: JAPANESE INTERMEDIATE CODE: R360

R370 Written measure of declining of transfer procedure

Free format text: JAPANESE INTERMEDIATE CODE: R370

S531 Written request for registration of change of domicile

Free format text: JAPANESE INTERMEDIATE CODE: R313531

R350 Written notification of registration of transfer

Free format text: JAPANESE INTERMEDIATE CODE: R350

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

S533 Written request for registration of change of name

Free format text: JAPANESE INTERMEDIATE CODE: R313533

R350 Written notification of registration of transfer

Free format text: JAPANESE INTERMEDIATE CODE: R350

S531 Written request for registration of change of domicile

Free format text: JAPANESE INTERMEDIATE CODE: R313531

R350 Written notification of registration of transfer

Free format text: JAPANESE INTERMEDIATE CODE: R350