JP4925345B2 - Secret sharing apparatus and program - Google Patents

Description

  The present invention relates to a secret sharing device and a program for all or part of document data. For example, even when there are a plurality of confidential parts of document data or when each viewer who has different authority browses, the key management is performed. The present invention relates to a secret sharing apparatus and a program that can be easily operated.

Conventionally, when a part of certain document data is to be kept secret, a method of encrypting the part to be kept secret with an encryption key and controlling access to the encryption key is used. As this type of scheme, for example, XML element encryption is known (for example, see Non-Patent Document 1).
Yonemo Yonemochi, 1 other person, "Basics and Practice of XML Encryption-Part 1 XML Encryption, Normalization, and Digital Signature 1. Differences between Use of SSL and XML Encryption, ..., □ XML Element Encryption", [online] , April 2, 2002, atmarkit: @it, [November 9, 2007 search], Internet <URL: http://atmarkit.co.jp/fxml/tanpatsu/16xmlsecurity/xmlsecurity01 .html>

  However, according to the inventor's study, the above-described method makes the key management complicated when there are a plurality of concealed parts, or when a plurality of viewers having different authorities read from each other, There is an inconvenience that efficient operation may not be possible.

  The present invention has been made in consideration of the above situation, and even when there are a plurality of confidential parts of document data or when each viewer who has different authority browses, the complication of key management is prevented, It is an object to provide a secret sharing apparatus and a program that can be easily operated.

  The first aspect of the present invention is a secret sharing scheme capable of communicating with a plurality of viewer devices and distributed data storage devices, and capable of executing a threshold type secret sharing scheme based on a predetermined threshold value and the number of distributions. A host name storage unit that stores a host name that individually indicates each of the distributed data storage devices, and a viewer that stores viewer information including address information of the viewer device for each of the viewer devices Information storage means, document data including a document ID of a specific document and plain text data in the document, distributed location information indicating plain text selection partial data selected as a location to be secretly shared from the plain text data, and the distributed location Using the distribution instruction information including at least the threshold value and the number of distributions associated with the information, a threshold type secret distribution method based on the threshold value and the number of distributions is executed to execute a plurality of secret distribution data. Secret sharing data creating means for creating a secret sharing ID, and for each of the created secret sharing data, a secret sharing ID creating means for creating a secret sharing ID consisting of order information indicating the order of the secret sharing and the sharing location information; Distributed information creating means for creating shared information including the document ID and the secret shared data for each secret shared ID, file name including the document ID and secret shared ID in each shared information, and host name storage means A reference information creating means for creating reference information for referring to each shared information based on the host name in the document, the document ID, the secret shared ID, A secret including the threshold, the number of shares, the reference information, the secret shared data, and the remaining plaintext non-selected partial data obtained by removing the plaintext selected partial data from the plaintext data. A secret shared document creating means for creating distributed document data, a shared information transmitting means for sending each piece of shared information to each distributed data storage device based on a host name in the host name storage device, and each secret shared document A secret sharing apparatus comprising secret sharing document distribution means for distributing data to each of the viewer apparatuses based on the viewer information in the browser information storage means.

  In the first aspect of the present invention, one device is expressed as “device”. However, the present invention is not limited to this, and a collection of devices may be expressed as a system, or a collection of devices or Each device may be expressed as a method, a program, a computer-readable storage medium storing the program, and the like.

(Function)
According to the first aspect of the present invention, the distributed data management device secretly distributes the plaintext selection partial data selected as a location where secret sharing is performed from the plaintext data in the document data based on the document data and the distribution instruction information. To do. As described above, since the part to be concealed is not encrypted but is concealed by secret sharing, an encryption key is not used unlike the conventional case.

  Therefore, even when there are a plurality of confidential parts of the document data, or when each viewer who has different authority browses, it is possible to easily operate with the key management complicated.

  As described above, according to the present invention, even when there are a plurality of concealed portions of document data or when each viewer who has different authority browses, the management of the key is prevented and the operation is simplified. it can.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings.

(First embodiment)
FIG. 1 is a schematic diagram showing the configuration of a secret sharing system according to the first embodiment of the present invention. This secret sharing system includes a document creator device 100, a distributed data management device 200, n distributed data storage devices (# 1 to #n) 300-1 to 300-n, and four viewer devices 400a to 400d. Communication with each other via the Internet 500 is possible.

  Here, as illustrated in FIG. 2, the document creator device 100 includes a document storage unit 101, an input unit 102, a document creation unit 103, a distribution instruction unit 104, a display unit 105, and a communication unit 106. Yes.

  The distributed data management device (secret sharing device) 200 is a device that can execute a threshold-type secret sharing scheme based on a predetermined threshold and the number of sharing, and includes a storage device information storage unit 201 and a viewer information storage. Unit 202, shared information transmission destination storage unit 203, secret shared document creation unit 204, shared information transmission unit 205, secret shared document distribution unit 206, restoration request reception unit 207, shared information owner confirmation unit 208, restoration unit 209, and communication The unit 210 is provided.

  Since each of the distributed data storage devices (# 1 to #n) 300-1 to 300-n has the same hardware configuration, the distributed data storage device (# 1) 300-1 is taken as a representative example here. I will explain.

  The distributed data storage device (# 1) 300-1 includes a distributed information storage unit 301-1, a distributed information management unit 302-1 and a communication unit 303-1.

  Since each of the browser devices 400a to 400d has the same hardware configuration, the browser device 400a will be described as a representative example here.

  The browser device 400a includes a secret sharing structured document storage unit 401, an input unit 402, a document management unit 403, a restoration request unit 404, a display unit 405, and a communication unit 406.

  Each of the above devices can be implemented for each device with either a hardware configuration or a combined configuration of hardware resources and software. The same applies to the following embodiments. As the software of the combination configuration, the CPU (not shown) of each device executes a program that is installed in advance on a computer of the corresponding device from a network or a storage medium and that realizes the function of each unit in the corresponding device. It is realized by.

  For example, in the case of the document creator apparatus 100, the document creation unit 103 and the distribution instruction unit 104 are executed by a CPU (not shown) of the document creator apparatus 100 by executing a program for realizing the functions of the units 103 and 104. Realized. The document storage unit 101, the input unit 102, the display unit 105, and the communication unit 106 are realized by hardware resources such as a storage device, an input device, a display device, and a communication interface device.

  In the case of the distributed data management device 200, the secret shared document creation unit 204, the shared information transmission unit 205, the secret shared document distribution unit 206, the restoration request reception unit 207, the shared information owner confirmation unit 208, and the restoration unit 209 include the respective units 204. A program for realizing the functions of .about.209 is executed by a CPU (not shown) of the distributed data management apparatus 200. The storage units 201 to 203 and the communication unit 210 are realized by hardware resources such as a storage device and a communication interface device.

  Similarly, in the case of the distributed data storage device 300-1, the distributed information management unit 302-1 has a program for realizing the functions of the management unit 302-1 as a CPU (not shown) of the distributed data storage device 300-1. ) And executed. The distributed information storage unit 301-1 and the communication unit 303-1 are realized by hardware resources such as a storage device and a communication interface device.

  Similarly, in the case of the browser device 400a, the document management unit 403 and the restoration request unit 404 are executed by a CPU (not shown) of the viewer device 400a by executing a program for realizing the functions of the units 403 and 404. Realized. The secret sharing structured document storage unit 401, the input unit 402, the display unit 405, and the communication unit 406 are realized by hardware resources such as a storage device, an input device, a display device, and a communication interface device.

  Next, the operation of the secret sharing system configured as described above will be described with reference to FIGS.

(Preparation)
In the distributed data management apparatus 200, host names individually indicating the distributed data storage apparatuses 300-1 to 300 n are written in the storage apparatus information storage unit 201 in advance from the document creator apparatus 100.

  Similarly, in the distributed data management apparatus 200, as shown in FIG. 5, the e-mail address of the viewer apparatus, the viewer apparatus, and the like for each of the reader apparatuses 400 a, 400 b, 400 c, and 400 d in advance from the document creator apparatus 100. The viewer information including the confidential level, organization name, and title of the viewer who operates is written in the viewer information storage unit 202. Here, four types of managers such as a department manager, a section manager, a section manager, and a person in charge are used as the titles of the viewers. Also, the position information is not essential and may be omitted.

(Secret sharing processing: FIGS. 3 to 9)
In the document creator device 100, the document creator 103 creates document data including the document ID of the specific document, the document creator name, and plain text data in the document by the operation of the input unit 102 by the document creator ( ST1). The document data being created is sent from the document creation unit 103 and displayed on the display unit 105. The document creator name is used in FIG. 6 described later, but is not essential and may be omitted.

  After the creation of the document data is completed, the document creator apparatus 100 displays the distribution location information indicating the plaintext selection partial data selected as the location where the secret is shared from the plaintext data by the operation of the input unit 102 by the document creator. It is input to 104 (ST2). For example, when a portion to be secretly shared is selected with a mouse, a touch panel or the like (input unit 102) for document data created by a word processor application of a computer, information indicating the selected range is input. For example, when the x1 page y1 line z1 digit to the x2 page y2 line z2 digit is selected, information including the selection start position x1y1z1 and the selection end position x2y2z2 can be used as the distribution location information.

  Further, in the document creator device 100, the threshold value, the number of distributions, and the confidential level associated with the distribution location information are input to the distribution instruction unit 104 by the operation of the input unit 102 of the document creator (ST3 to ST3). ST4). For example, while selecting the location where secret sharing is desired with the mouse or touch panel (input unit 102), a menu is opened by right-clicking to select which security level viewers can view, and the threshold value and the number of sharing are set. It is possible to input. However, the confidential level is not essential and may be omitted.

  Thereafter, in the document creator apparatus 100, the distribution instruction unit 104 transmits the document data and distribution instruction information to the distributed data management unit 200 via the communication unit 106 (ST5). The distribution instruction information is information including at least the distribution location information, the threshold value and the number of distributions associated with the distribution location information, and further includes a confidential level in this example.

  In the distributed data management apparatus 200, the secret shared document creation unit 204 receives the document data and the distribution instruction information through the communication unit 210.

  The secret sharing document creation unit 204 uses the received document data and the distribution instruction information, executes a threshold type secret sharing method based on the threshold value and the number of distributions in the distribution instruction information, and selects plain text in the document data. A plurality of secret sharing data, which is the same number as the number of sharing, is created from the partial data (ST6).

  The secret sharing document creation unit 204 creates a secret sharing ID composed of order information indicating the order of secret sharing and sharing location information for each created secret sharing data.

  The secret sharing document creation unit 204 creates sharing information including the document ID and secret sharing data for each secret sharing ID.

  The secret shared document creation unit 204 refers to each shared information based on the file name including the document ID and the secret shared ID in each shared information and the host name in the storage device information storage unit 201. For example, URL (Uniform Resource Locator) information is created as information. Here, the configuration of “protocol name: // host name / file name” is used as the URL information. However, the configuration of the URL information is not limited to this, and / directory name / may be described between the host name and the file name. In this case, the document creator device 100 may write the directory name in the storage device information storage unit 201 in advance in association with the host name. The reference information is not limited to URL information, and any information can be used as long as each piece of distributed information can be referred to.

  Further, the secret sharing document creation unit 204, for each order information of the secret sharing ID, as shown in FIGS. 6 to 8, the document ID, the document creator name, the secret sharing ID, the threshold value, the number of sharing, the URL Secret sharing structured document data including information, secret sharing data, and the remaining plaintext non-selection partial data obtained by removing the plaintext selection partial data from the plaintext data is created (ST7). However, the name of the document creator may be omitted because it may be described in the body text (plaintext non-selected partial data) that anyone can refer to. The secret sharing structured document data may be referred to as secret sharing document data.

  Here, FIG. 6 shows a configuration example of the secret sharing structured document, and FIG. 7 shows a configuration example when the secret sharing structured document is structured in XML (Extensible Markup Language) format. FIG. 8 shows the relationship among the secret sharing ID, secret level, secret sharing data, and NULL data in the secret sharing structured document. In FIG. 8, the secret sharing structured document is a secret sharing document in place of secret sharing data when the security level in the sharing instruction information and the security level in the sharing instruction information is higher than the reader's security level. The NULL data inserted by the creation unit 204 is included. For example, when the confidential level in the distributed instruction information is “3”, since it is higher than the confidential levels 2, 1 and 0 of the section manager, the section chief, and the person in charge, the secret structure for the section manager, the section chief, and the person in charge is structured. In the document data, NULL data is inserted in place of the secret sharing data of the confidential level 3. As a result, even if the section manager, the section chief, and the person in charge collide with each other, the original data cannot be restored from the secret sharing data area of the secret level 3.

  Thereafter, the secret sharing document creation unit 204 sends each piece of shared information to the sharing information sending unit 205 and sends each secret sharing structured document data to the secret sharing document distribution unit 206.

  The shared information transmitting unit 205 uses the communication unit 210 to transmit each shared information to each distributed data storage device 300-1 to 300-n based on the host name in the storage device information storage device 201 (ST8). Further, the shared information transmission unit 205 writes the document ID, the secret sharing ID, and the host name in the shared information transmission destination storage unit 203 for each shared information that has been transmitted.

  In each of the distributed data storage devices 300-1 to 300-n, the distributed information management units 302-1 to 302-n receive the shared information received by the communication units 303-1 to 303-n as shown in FIG. Stored in the shared information storage units 301-1 to 301-n (ST9).

  Secret sharing document distribution unit 206 uses communication unit 201 to distribute each secret sharing structured document data to each of viewer devices 400a to 400d based on the viewer information in browser information storage unit 202 (ST10). . Supplementally, the secret sharing document distribution unit 206 sets the organization name and the secret level based on the organization name in the distribution instruction information, the secret level in each secret sharing structured document data, and the secret sharing data or NULL data. Based on the address information in the corresponding viewer information, the distribution in step ST10 is executed.

  In each of the viewer apparatuses 400a to 400d, the document management unit 403 stores the secret sharing structured document data received by the communication unit 406 in the secret sharing structured document storage unit 401 (ST11).

(Restoration processing: FIGS. 3, 10 to 11)
First, as one of the browser devices among the browser devices 400a to 400d, for example, the browser device 400a will be described as an example.

  In the browser device 400 a, the document management unit 403 reads the secret sharing structured document data 401 in the secret sharing structured document storage unit 401 and sends it to the display unit 405 by the operation of the input unit 402 by the viewer. The display unit 405 displays the secret sharing structured document data 401 (ST21).

  Subsequently, in the browser device 400a, when a secret sharing location is selected by the operation of the input unit 402 by the viewer (ST22), the restoration request unit 404 uses the secret sharing structured document data based on the selection result. A restoration request including a secret sharing ID, secret sharing data, and URL information is created. Thereafter, the restoration request unit 404 transmits this restoration request from the communication unit 406 to the distributed data management apparatus 200 (ST23). The restoration request may not include URL information.

  In the distributed data management device 200, when the restoration request receiving unit 207 receives this restoration request from the communication unit 210, the hash value of the secret sharing data is calculated (ST24), and the hash value and the secret sharing ID are URL Based on the information, the communication unit 210 transmits the data to the distributed data storage device 300-1 (ST25). When the restoration request does not include URL information, the restoration request receiving unit 207 determines the hash value and the secret sharing ID based on the host name corresponding to the secret sharing ID in the shared information transmission destination storage unit 203. The communication unit 210 may transmit to the distributed data storage device 300-1.

  In the shared data storage device 300-1, when the shared information management unit 302-1 receives the hash value and the secret sharing ID from the communication unit 303-1, the shared information storage unit 301-1 is based on the secret sharing ID. Read secret sharing data from.

  Subsequently, the shared information management unit 302-1 calculates a hash value of the read secret shared data (ST26), and collates the calculated hash value with the hash value received from the distributed data management device 200 (ST27). ), The collation result is returned from the communication unit 303-1 to the distributed data management apparatus 200 (ST28).

  In the distributed data management device 200, when the shared information owner confirmation unit 208 receives the collation result from the distributed data storage device 300-1 by the communication unit 210, when the collation result indicates a match, the storage device information storage unit 201. , The shared information transmission request is transmitted to the other distributed data storage devices 300-2,... (ST30), returned, and the shared information is acquired from the other distributed data storage devices 300-2,. The shared information owner confirmation unit 208 may transmit the shared information transmission request with reference to the shared information transmission destination storage unit 203. Further, when acquiring the threshold number of pieces of shared information, an arbitrary distributed data storage device 300-i,... (I is a shared data storage device 300j that is a transmission source of the collation result (j = 1 in the example of ST28). A distributed information transmission request can be transmitted to any other value. That is, it is not always necessary to transmit the distributed information transmission request to the distributed data storage devices 300-2,. In any case, the shared information owner confirmation unit 208 sends the secret shared data in the acquired shared information and the secret shared data in the restoration request to the restoration unit 209.

  Based on these secret sharing data, the restoration unit 209 executes a threshold-type secret sharing scheme to restore the original plaintext selection partial data (ST32), and restores the restored plaintext selection partial data to the source of the restoration request From the communication unit 210 to the browsing apparatus 400a (ST33).

  In the browsing device 400a, when the restored plaintext selection partial data is received by the communication unit 406, the plaintext selection partial data is displayed by the display unit 405 (ST34).

  Note that the browsing device 400a is not limited to the restoration via the distributed data management device 200 as in steps ST21 to ST34, but as shown in FIG. 11, the secret sharing structure possessed by another browsing device (for section manager) 400b. It is possible to restore and browse the parts (B1 to B2, C1 to C2) that can be browsed by the section manager and below using the document. That is, if the position is different, restoration is performed according to the lower secret level, and if the secret sharing structured document is owned by the same position, the secret sharing part up to the position can be restored.

  Further, when the secret sharing location is restored using the secret sharing structured document acquired from the other browsing devices 400b,..., The restoration is performed from the viewpoint of confirming that each secret sharing structured document data is not updated or falsified. It is preferable to confirm the coincidence of the body data in the secret sharing structured document data before. This confirmation can be easily executed when, for example, the result of calculating the exclusive OR of two text data becomes 0. In this case, the browsing device 400a includes (1) a step of acquiring another browsing device (for section manager) 400b,... Secret sharing structured document data, and (2) a secret sharing structure in the secret sharing structured document storage unit 401. A step of confirming a match between the body data of the structured document data and the body data in the secret sharing structured document data acquired in the above (1), and (3) after confirming the matching, in each secret sharing structured document data If the steps of restoring the original data using the secret sharing data B1 to B2, C1 to C2, respectively, and (4) displaying the secret sharing structured document data reconstructed based on the restoration result are executed. Good. If the other browsing devices 400b,... Do not own the secret sharing structured document, the above-described steps ST21 to ST34 are performed.

  As described above, according to the present embodiment, the document creator device 100 transmits the document data and the distribution instruction information to the distributed data management device 200, and the distributed data management device 200 is based on the document data and the distribution instruction information. The plaintext selection partial data selected as the secret sharing location from the plaintext data in the document data is secretly shared. As described above, since the part to be concealed is not encrypted but is concealed by secret sharing, an encryption key is not used unlike the conventional case.

  Therefore, even when there are a plurality of confidential parts of the document data, or when each viewer who has different authority browses, it is possible to easily operate with the key management complicated.

  Further, even if the stored shared information and secret shared structured document data are leaked due to an illegal act such as an attack, only the individual secret shared data is leaked, and the entire information of the secret portion is not leaked. For this reason, if the leaked fact is known, the leaked information can be invalidated by secret sharing again.

(Second Embodiment)
FIG. 12 is a schematic diagram showing the configuration of the secret sharing system according to the second embodiment of the present invention. The same reference numerals are given to the same types of functional parts as those in the above-mentioned drawings, and different reference numerals are given to the different functional parts. A description will be given.

  That is, this embodiment is a modification of the first embodiment, and uses a structured document template in which a secret sharing location (secret sharing ID), the number of sharing, and a threshold value are determined in advance. As the standard document data, specifically, an electronic medical record will be described as an example. An electronic medical record structured document includes MML (Medical Markup Language), which can be applied in the same manner as the XML format described above.

  In this secret sharing system, as shown in FIG. 12, the four viewer apparatuses 400a to 400d shown in FIG. 1 are omitted.

  Here, the document creator apparatus 100 includes a document creation unit 107 and a restoration request unit 108 instead of the document creation unit 103 and the distribution instruction unit 104 illustrated in FIG.

  The distributed data management device (secret sharing device) 200 includes a template storage unit 211 and a template management unit 212 in place of the viewer information storage unit 202 shown in FIG. However, the function of the secret sharing document creation unit 204 ′ is slightly changed.

  Each of the distributed data storage devices (# 1 to #n) 300-1 to 300-n has the same function as described above.

  Next, the operation of the secret sharing system configured as described above will be described with reference to FIGS.

(Secret sharing processing: FIGS. 13 and 14)
In the document creator device 100, the document creator 107 creates an electronic medical record template including hospital management information, patient personal information, examination date, examination contents, prescription, and accounting information by the operation of the input unit 102 by the document creator. (ST41). Specifically, the hospital management information is composed of a document ID and a doctor in charge (document creator) name. The patient personal information and examination contents are composed of a secret sharing ID, a threshold value, the number of sharing, URL information, and secret sharing data. The examination date, prescription and accounting information are composed of plain text data. “Electronic medical record” is also called “structured document”.

  After the creation of the structured document template is completed, in the document creator device 100, the document creator 107 transmits the structured document template to the distributed data management unit 200 through the communication unit 106 by the operation of the input unit 102 by the document creator. (ST42).

  In the distributed data management apparatus 200, the template management unit 212 receives the structured document template by the communication unit 210 and stores it in the template storage unit 211 (ST43). This completes the registration of the structured document template.

  Subsequently, in the document creator device 100, the document creator 107 transmits a structured document template request to the distributed data management device 200 by the operation of the input unit 102 by the document creator (ST44).

  In distributed data management apparatus 200, template management section 212 returns the corresponding structured document template in template storage section 211 based on the structured document template request received by communication section 210 (ST45).

  In the document creator device 100, the document creation unit 107 receives the structured document template by the communication unit 210 and displays it on the display unit 105.

  Thereafter, the document creation unit 107 writes information such as hospital management information, patient personal information, examination date, examination contents, and prescriptions into the structured document template by the operation of the input unit 102 by the document creator. Data is created (ST46).

  After completing the creation of the structured document data, the document creation unit 107 transmits the structured document template from the communication unit 106 to the distributed data management apparatus 200 by the operation of the input unit 102 by the document creator (ST47).

  In the distributed data management apparatus 200, the secret shared document creation unit 204 ′ receives structured document data via the communication unit 210.

  The secret sharing document creation unit 204 ′ executes a threshold type secret sharing method based on the threshold value and the number of distributions in the received structured document data to execute plain text data (for example, patient personal information and medical examination target). From the contents, a plurality of secret sharing data having the same number as the number of shares is created (ST48).

  The secret sharing document creation unit 204 ′ selects any one of the corresponding secret sharing data for each secret sharing ID, and replaces the secret sharing data with the plaintext data to be secret sharing, so that the document ID, The structured document data including the medical name, secret sharing ID, threshold value, number of sharing, URL information, secret sharing data, and plain text data is reconstructed (ST49).

  The secret sharing document creation unit 204 ′ creates sharing information including a document ID, the secret sharing ID, and secret sharing data for each secret sharing ID.

  Thereafter, the secret shared document creation unit 204 ′ sends each piece of shared information to the shared information transmission unit 205 and sends the restructured structured document data to the secret shared document distribution unit 206.

  The shared information transmission unit 205 transmits each piece of shared information to each of the distributed data storage devices 300-1 to 300-n based on the host name in the storage device information storage device 201 through the communication unit 210 (ST50). Further, the shared information transmission unit 205 writes the document ID, the secret sharing ID, and the host name in the shared information transmission destination storage unit 203 for each shared information that has been transmitted.

  In each of the distributed data storage devices 300-1 to 300-n, the distributed information management units 302-1 to 302-n store the shared information received by the communication units 303-1 to 303-n in the same manner as described above. Stored in the sections 301-1 to 301-n (ST51).

  Secret sharing document distribution section 206 distributes the restructured structured document data to document creator apparatus 100 through communication section 201 (ST53).

  In the document creator apparatus 100, the document creation unit 107 stores the structured document data received by the communication unit 106 in the document storage unit 101 (ST54).

(Restore processing: Fig. 15)
The restoration process is different in that the restoration request unit 404 of the document creation unit 100 executes the operation of the restoration request unit 404 of the viewer device 400a described above, but other operations are performed in the same manner as described above.

  As described above, according to the present embodiment, the same effect as that of the first embodiment can be obtained even when the structured document template in which the secret sharing location (secret sharing ID), the number of sharing, and the threshold value are set in advance is used. Furthermore, it is possible to save the trouble of inputting the secret sharing location (secret sharing ID), the number of sharing, and the threshold value. The security level is not used because the browsing devices 400a to 400d are omitted, but the security level may be determined in advance as well. In this case, the distributed data management apparatus 200 stores the document creator information and the confidential level in advance in association with each other and stores them in the storage device, and transmits a restoration request when receiving a restoration request from the document creator apparatus 100 ′. The restoration may be permitted when the confidential level of the document creator operating the original document creator apparatus 100 ′ is equal to or higher than the confidential level of the secret sharing location included in the restoration request.

  Note that the method described in the above embodiment includes a magnetic disk (floppy (registered trademark) disk, hard disk, etc.), an optical disk (CD-ROM, DVD, etc.), a magneto-optical disk (MO) as programs that can be executed by a computer. ), And can be distributed in a storage medium such as a semiconductor memory.

  In addition, as long as the storage medium can store a program and can be read by a computer, the storage format may be any form.

  In addition, an OS (operating system) running on a computer based on an instruction of a program installed in the computer from a storage medium, MW (middleware) such as database management software, network software, and the like realize the above-described embodiment. A part of each process may be executed.

  Furthermore, the storage medium in the present invention is not limited to a medium independent of a computer, but also includes a storage medium in which a program transmitted via a LAN or the Internet is downloaded and stored or temporarily stored.

  Further, the number of storage media is not limited to one, and the case where the processing in the above embodiment is executed from a plurality of media is also included in the storage media in the present invention, and the media configuration may be any configuration.

  The computer according to the present invention executes each process in the above-described embodiment based on a program stored in a storage medium, and is a single device such as a personal computer or a system in which a plurality of devices are connected to a network. Any configuration may be used.

  In addition, the computer in the present invention is not limited to a personal computer, but includes a processing unit, a microcomputer, and the like included in an information processing device, and is a generic term for devices and devices that can realize the functions of the present invention by a program. .

  Note that the present invention is not limited to the above-described embodiment as it is, and can be embodied by modifying the constituent elements without departing from the scope of the invention in the implementation stage. Moreover, various inventions can be formed by appropriately combining a plurality of constituent elements disclosed in the embodiment. For example, some components may be deleted from all the components shown in the embodiment. Furthermore, constituent elements over different embodiments may be appropriately combined.

It is a schematic diagram which shows the structure of the secret sharing system which concerns on the 1st Embodiment of this invention. It is a schematic diagram which shows the structure of each apparatus in the embodiment. It is a sequence diagram for demonstrating operation | movement of the secret sharing process in the embodiment. It is a schematic diagram for demonstrating the operation | movement in the embodiment. It is a schematic diagram for demonstrating the viewer information storage part in the embodiment. It is a schematic diagram which shows the structural example of the secret sharing structured document in the same embodiment. It is a schematic diagram which shows the structural example at the time of making the secret sharing structured document in the embodiment into a structured document in XML format. It is a schematic diagram which shows the relationship of each data in the secret sharing structured document in the same embodiment. It is a schematic diagram for demonstrating the distributed information storage part in the embodiment. It is a sequence diagram for demonstrating the operation | movement of the decompression | restoration process in the embodiment. It is a sequence diagram for demonstrating another method of the decompression | restoration process in the embodiment. It is a schematic diagram which shows the structure of the secret sharing system which concerns on the 2nd Embodiment of this invention. It is a sequence diagram for demonstrating operation | movement of the secret sharing process in the embodiment. It is a schematic diagram which shows the structural example of the electronic medical record in the embodiment. It is a sequence diagram for demonstrating the operation | movement of the decompression | restoration process in the embodiment.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 100 ... Document creator apparatus, 101 ... Document storage part, 102, 402 ... Input part, 103, 107 ... Document preparation part, 104 ... Distribution instruction | indication part, 105, 405 ... Display part, 106,210,303-1 to n , 406 ... Communication unit, 108 ... Restoration request unit, 200 ... Distributed data management device, 201 ... Storage device information storage unit, 202 ... Viewer information storage unit, 203 ... Distributed information transmission destination storage unit, 204, 204 '... Secret Distributed document creation unit, 205 ... distributed information transmission unit, 206 ... secret shared document distribution unit, 207 ... restoration request reception unit, 208 ... shared information owner confirmation unit, 209 ... restoration unit, 300-1 to 300-n ... distributed Data storage device, 301-1 to n ... shared information storage unit, 302-1 to n ... distributed information management unit, 400a to 400d ... viewer device, 401 ... secret sharing structured document storage unit, 403 ... document Processing section, 404 ... restoration request unit, 500 ... the Internet.

Claims (6)

A secret sharing device capable of communicating with a plurality of viewer devices and a distributed data storage device, and capable of executing a threshold type secret sharing scheme based on a predetermined threshold value and the number of distributions,
Host name storage means for storing a host name individually indicating each of the distributed data storage devices;
For each viewer device, a viewer information storage means for storing viewer information including address information of the viewer device;
Document data consisting of a document ID of a specific document and plain text data in the document, distributed location information indicating plain text selection partial data selected as a location to be secretly shared from the plain text data, and associated with the distributed location information Secret sharing data creating means for creating a plurality of secret sharing data by executing a threshold type secret sharing scheme based on the threshold and the number of sharing, using sharing instruction information including at least a threshold value and the number of sharing;
For each of the created secret sharing data, secret sharing ID creating means for creating a secret sharing ID composed of order information indicating the order of secret sharing and the sharing location information;
For each secret sharing ID, shared information creating means for creating shared information including the document ID and the secret sharing data;
Reference information creating means for creating reference information for referring to each shared information based on the file name including the document ID and secret shared ID in each shared information and the host name in the host name storing means; ,
For each order information of the secret sharing ID, the plain text selection partial data is excluded from the document ID, the secret sharing ID, the threshold, the number of sharing, the reference information, the secret sharing data, and the plain text data. Secret shared document creation means for creating secret shared document data including the remaining plaintext non-selected partial data;
Distributed information transmitting means for transmitting each shared information to each distributed data storage device based on a host name in the host name storage device;
Secret sharing document distribution means for distributing each secret sharing document data to each of the viewer devices based on the browsing information in the browsing information storage means;
A secret sharing apparatus comprising: The secret sharing apparatus according to claim 1,
The viewer information storage means further stores, for each viewer device, the confidential level and organization name of the viewer who operates the viewer device,
The distribution instruction information further includes a security level and an organization name associated with the distribution location information,
The secret sharing document data includes a secret level in the sharing instruction information and the secret sharing document creating means instead of the secret sharing data when the secret level in the sharing instruction information is higher than the security level of the viewer. Further including NULL data inserted by
The secret sharing document distribution means, based on the organization name in the sharing instruction information, the secret level in each secret sharing document data and the secret sharing data or NULL data, the browsing corresponding to the organization name and the secret level. A secret sharing apparatus comprising means for executing the distribution based on address information in the person information. In the secret sharing apparatus according to claim 1 or 2,
When a restoration request including a secret sharing ID, secret sharing data, and reference information is received from any viewer device, a hash value of the secret sharing data is calculated, and the hash value and the secret sharing ID are based on the reference information. Means for transmitting to the distributed data storage device;
When the collation result between the hash value obtained from the secret shared data stored in the distributed data storage device of the transmission destination and the transmitted hash value is received from the distributed data storage device of the transmission destination, the collation result is matched. Means for obtaining distributed information from other distributed data storage devices with reference to the host name storage means,
Based on the secret sharing data in the acquired shared information and the secret sharing data in the restoration request, the threshold type secret sharing scheme is executed to restore the original plaintext selection partial data;
Means for returning the restored plaintext selection partial data to a source of the restoration request;
A secret sharing apparatus comprising: In the secret sharing apparatus according to claim 1 or 2,
A shared information transmission destination storage unit that stores, for each shared information, a document ID and a secret shared ID of the shared information, and a host name of a distributed data storage device that is a transmission destination of the shared information;
Means for writing the document ID, the secret sharing ID, and the host name in the shared information transmission destination storage means for each shared information transmitted by the shared information transmission means;
When receiving a restoration request that includes a secret sharing ID and secret sharing data and does not include the reference information from any of the viewer devices, a hash value of the secret sharing data is calculated, and the hash value and the secret sharing ID are Means for transmitting to the distributed data storage device based on the host name corresponding to the secret sharing ID in the shared information transmission destination storage means;
When the collation result between the hash value obtained from the secret shared data stored in the distributed data storage device of the transmission destination and the transmitted hash value is received from the distributed data storage device of the transmission destination, the collation result is matched. Means for obtaining shared information from another distributed data storage device with reference to the shared information transmission destination storage means,
Based on the secret sharing data in the acquired shared information and the secret sharing data in the restoration request, the threshold type secret sharing scheme is executed to restore the original plaintext selection partial data;
Means for returning the restored plaintext selection partial data to a source of the restoration request;
A secret sharing apparatus comprising: The secret sharing apparatus according to any one of claims 1 to 4,
The secret sharing document creation means comprises structured document creation means for creating the secret sharing document data as an XML structured document. It is possible to communicate with a plurality of viewer devices and distributed data storage devices, and has a host name storage means and a viewer information storage means, and a threshold type secret sharing scheme based on a predetermined threshold and the number of distributions. A program used for an executable secret sharing apparatus,
The secret sharing device;
Means for writing a host name individually indicating each distributed data storage device in the host name storage means;
Means for writing, for each viewer device, viewer information including address information of the viewer device in the viewer information storage means;
Document data including a document ID of a specific document and plain text data in the document, distributed location information indicating plain text selection partial data selected as a location to be secretly shared from the plain text data, and associated with the distributed location information Secret sharing data creation means for creating a plurality of secret sharing data by executing a threshold type secret sharing scheme based on the threshold and the number of sharing, using sharing instruction information including at least a threshold value and the number of sharing;
Secret sharing ID creation means for creating a secret sharing ID composed of order information indicating the order of the secret sharing and the sharing location information for each of the created secret sharing data,
Shared information creating means for creating shared information including the document ID and the secret shared data for each secret shared ID;
Reference information creating means for creating reference information for referring to each shared information based on the file name including the document ID and secret shared ID in each shared information and the host name in the host name storing means;
For each order information of the secret sharing ID, the plain text selection partial data is excluded from the document ID, the secret sharing ID, the threshold, the number of sharing, the reference information, the secret sharing data, and the plain text data. Secret shared document creation means for creating secret shared document data including the remaining plaintext non-selected partial data,
Distributed information transmitting means for transmitting each shared information to each distributed data storage device based on a host name in the host name storage device;
Secret sharing document distribution means for distributing each secret sharing document data to each of the viewer devices based on the browsing information in the browsing information storage means;
Program to function as.

Images