JP5678150B2 - User terminal, key management system, and program - Google Patents

Description

  The present invention relates to a technique for storing encrypted data in a user terminal, and particularly relates to a technique for generating and managing an encryption key for encrypting data.

  With the spread of smartphones and tablet terminals, cases of using private terminals for business are increasing. When using a private terminal for business, it is required to separate public and private and secure security for the business part. Generally, it is conceivable to encrypt data using an encryption key. However, holding the encryption key in the terminal has a high risk of information leakage when the terminal is lost. Therefore, a technique for requesting an encryption key from a server or the like instead of holding the encryption key in the terminal is conventionally known.

JP 2009-17294 A

  In the above prior art, in order to reduce the risk of information leakage and increase security, it is conceivable that the used key is immediately deleted at the user terminal. Convenience is bad. On the other hand, leaving the key in the terminal without deleting the key still leaves the risk of information leakage when the terminal is lost.

  The present invention has been made in view of the above points, and provides a technique for reducing the risk of information leakage when the terminal is lost and improving security while maintaining the convenience of the user using the terminal. Objective.

In order to solve the above problems, the present invention is a user terminal connected to a key generation management device via a network,
Temporarily receiving the encryption key from the key generation management device that transmits the encryption key when the authentication of the user terminal based on the authentication information transmitted from the user terminal is successful, and temporarily storing the encryption key Data storage means;
Specific data storage means for storing only data of a specific application encrypted with the encryption key as application data;
General data storage means for storing data of applications other than the specific application;
And a means for decrypting the data of the specific application using the encryption key.

The present invention is also a key generation management device connected to a user terminal via a network,
Storage means for storing the encryption key and authentication information in association with each other;
Based on authentication information transmitted from the user terminal, the user terminal is authenticated, and when the authentication is successful, an encryption key transmitting means for transmitting the encryption key corresponding to the authentication information to the user terminal; With
The specific data storage means in the user terminal stores only the data of the specific application encrypted with the encryption key as application data, and the general data storage means in the user terminal stores application data other than the specific application. You may comprise as a key production | generation management apparatus characterized by storing data.

  According to the present invention, since the encryption key is temporarily stored in the user terminal, the risk of information leakage when the terminal is lost is reduced and the security is enhanced while maintaining the convenience of the user using the terminal. Is possible.

1 is an overall configuration diagram of a system according to an embodiment of the present invention. It is a functional lineblock diagram of key generation management device 1 in a 1st embodiment. It is a functional lineblock diagram of user terminal 3 in a 1st embodiment. It is a figure for demonstrating the operation | movement at the time of initial setting. It is a figure for demonstrating the operation | movement at the time of login. It is a figure for demonstrating the data deletion of a temporary data storage part. It is a function block diagram of the key generation management apparatus 1 in 2nd Embodiment. It is a functional block diagram (1st example) of the user terminal 3 in 2nd Embodiment. It is a function block diagram (2nd example) of the user terminal 3 in 2nd Embodiment. It is a function block diagram of the key generation management apparatus 1 in 3rd Embodiment. It is a functional block diagram of the user terminal 3 in 3rd Embodiment. It is a figure for demonstrating the operation | movement at the time of login. It is a function block diagram of the key generation management apparatus 1 in 4th Embodiment. It is a functional block diagram of the user terminal 3 in 4th Embodiment. It is a figure for demonstrating the flow of operation | movement.

  Embodiments of the present invention will be described below with reference to the drawings. The embodiment described below is only an example, and the embodiment to which the present invention is applied is not limited to the following embodiment.

[First Embodiment]
(System configuration)
FIG. 1 shows an overall configuration of a key management system according to the first embodiment of the present invention. As shown in FIG. 1, the key management system according to the present embodiment has a configuration in which a key generation management device 1 and a user terminal 3 are connected via a network 2.

  The key generation management device 1 generates and stores a secret key (hereinafter referred to as a key) based on an initial setting operation from the user terminal 3, and stores the key in the user terminal 3 based on a request from the user terminal 3. Is a device that performs processing such as providing In the present embodiment, the user terminal 3 is assumed to be a mobile terminal such as a smartphone. However, in the present invention, the user terminal 3 is not limited to a specific type of terminal, and may be a PC or the like.

<Key generation management device 1>
FIG. 2 shows a functional configuration diagram of the key generation management device 1. As illustrated in FIG. 2, the key generation management device 1 includes a control unit 11, a user authentication unit 12, a key providing authentication unit 13, a key generation unit 14, a client identification ID generation unit 15, and a data storage unit 16. Hereinafter, an outline of each functional unit will be described. More detailed matters will be described later in the explanation of the operation.

  The control unit 11 is a functional unit that controls data input / output and processing flow. The user authentication unit 12 is a functional unit that performs user authentication based on the user ID and password received from the user terminal 3 at the time of initial setting. The key providing authentication unit 13 is a functional unit that performs authentication based on login information received from the user terminal 3 and provides a key to the user terminal 3 when the authentication is successful.

  The key generation unit 14 is a functional unit that generates a key corresponding to the user and stores the key in the data storage unit 16 when the authentication by the user authentication unit 12 is successful. The client identification ID generation unit 15 is a functional unit that generates a client identification ID (terminal identification code) corresponding to the user terminal 3 and stores it in the data storage unit 16 when the authentication by the user authentication unit 12 is successful. The data storage unit 16 is a functional unit constituting a database composed of a plurality of tables, and is physically realized by a nonvolatile memory, a hard disk, or the like.

  The key generation management device 1 in the present embodiment, the second, third, and fourth embodiments has a program that describes the processing contents described in the embodiment in one or a plurality of computers (servers). This can be realized by executing. That is, the function of each unit of the information key generation management device 1 is performed by the processing performed in each unit using hardware resources such as a CPU, a memory, and a hard disk built in the computer constituting the key generation management device 1. It can be realized by executing the corresponding program. Further, the program can be recorded on a computer-readable recording medium (portable memory or the like), stored, or distributed. It is also possible to provide the program through a network such as the Internet or electronic mail.

<User terminal 3>
FIG. 3 shows a functional configuration diagram of the user terminal 3. The user terminal 3 in this example includes a key management application unit 31, a specific data storage unit 32, a temporary data storage unit 33, a specific application unit 34, a general application unit 35, a general data storage unit 36, a display / operation unit 37, data A transmission / reception unit 38 is provided. Hereinafter, an outline of each functional unit will be described. More detailed matters will be described later in the explanation of the operation.

  The key management application unit 31 is a functional unit that performs key management according to the present invention, and is realized by executing a key management application. The specific data storage unit 32 is a storage unit that stores data encrypted by the key management application unit 31, and includes, for example, a hard disk, a nonvolatile memory, and the like. The specific application unit 34 stores the encrypted data in the specific data storage unit 32 and passes the data to the encryption / decryption processing unit 44 to perform a decryption process (in this embodiment, the specific application and Is a functional part. The “application” is a program executed in the user terminal 3 having a computer function, and may be referred to as “application”.

  The general application unit 35 is a functional unit based on a general application that is not a specific application, and cannot use the specific data storage unit 32 but can use the general data storage unit 36.

  The temporary data storage unit 33 is a storage unit that temporarily stores data used for processing related to the key management application unit 31, and corresponds to a memory area in a RAM or the like.

  The display / operation unit 37 is a functional unit that performs display and operation, and a touch screen is assumed in the present embodiment. The data transmission / reception unit 38 has a communication function and a function of performing data communication with the key generation management device 1 via the network 2.

  In FIG. 3, the specific application unit 34 and the general application unit 35 are shown one by one, but this is an example, and a plurality of these may be provided. Further, the specific application unit 34 and the general application unit 35 may be omitted.

  As shown in FIG. 3, the key management application unit 31 includes an initial setting processing unit 41, a login processing unit 42, a temporary data deletion unit 43, an encryption / decryption processing unit 44, and a wipe processing unit 45 as main functional units. Have.

  The initial setting processing unit 41 transmits initial setting operation information by the user to the key generation management device 1, receives a key and a client identification ID from the key generation management device 1, stores the key in the temporary data storage unit 33, and stores the client This is a functional unit that performs processing such as encrypting the identification ID and storing it in the specific data storage unit 32.

  The login processing unit 42 is a functional unit that performs login processing when the initial setting is completed and the user is in the logout state. The login number (specified at the time of initial setting, hereinafter referred to as PIN) PIN is a kind of authentication code) and the client identification ID that is held is transmitted to the key generation management device 1, the key is received from the key generation management device 1, and the key is stored in the temporary data storage unit 33. It is a functional part stored in.

  The temporary data deletion unit 43 is a functional unit that deletes data stored in the temporary data storage unit 33 based on predetermined conditions set in advance. The encryption / decryption processing unit 44 encrypts the user ID and password with a key and stores the encrypted data in the specific data storage unit 32, reads out the decrypted data from the specific data storage unit 32, The data from 34 is encrypted with a key and stored in the specific data storage unit 32, and the encrypted data is read from the specific data storage unit 32 and decrypted.

  The key management application unit 31 may include a functional unit corresponding to a general application such as a camera, for example, and the functional unit encrypts and specifies data via the encryption / decryption processing unit 44. The data can be stored in the data storage unit 32, and the encrypted data can be read from the specific data storage unit 32 and decrypted to obtain the decrypted data.

  The wipe processing unit 45 has a function of deleting all data stored in the specific data storage unit 32 when, for example, a predetermined command is received from the outside. The predetermined command may be input from the display / operation unit 37, or may be received from the remote device via the network 2 via the data transmission / reception unit 38.

  The key management application unit 31 in the user terminal 3 in the present embodiment, the second, third, and fourth embodiments is a key management described in the embodiment in a computer (including a mobile terminal such as a smartphone). This can be realized by executing an application program describing the processing contents of the application unit 31. That is, the function of each unit of the key management application unit 31 in the user terminal 3 is a process performed by each unit of the key management application unit 31 using hardware resources such as a CPU, memory, and hard disk built in the computer. This can be realized by executing a program corresponding to the above. Further, the program can be recorded on a computer-readable recording medium (portable memory or the like), stored, or distributed. It is also possible to provide the program through a network such as the Internet or electronic mail.

(System operation)
The operation of the key management system according to this embodiment having the above configuration will be described below.

<Initial setting>
First, the operation at the time of initial setting will be described with reference to the sequence diagram of FIG. FIG. 4 shows the data stored in the specific data storage unit 32 and the temporary data storage unit 33 and the input data in the user terminal 3 in the state of each sequence. The data storage unit 16 in the key generation management device 1 is shown in FIG. The data stored in is shown.

  From the input screen displayed by the initial setting processing unit 41 of the user terminal 3 (key management application unit 31), the user inputs the user ID, password, and PIN (step 1). The user ID and password here are data registered in advance on the system side. The PIN is data determined by the user himself.

  The initial setting processing unit 41 acquires terminal unique identification information that is unique to the user terminal 3 from within the user terminal 3, and together with the input data, the key generation management device 1 via the data transmission / reception unit 38. (Step 2). In the user terminal 3, the user ID and password among the input data are stored in the temporary data storage unit 33.

  The terminal unique identification information is, for example, an ID incorporated in the OS (operating system) of the user terminal 3, but is not limited thereto.

  In the key generation management device 1 that has received the user ID, password, PIN, and terminal unique identification information, the user authentication unit 12 performs authentication with the user ID and password (step 3). Authentication is performed by the key generation management device 1 holding a user ID and password registered in advance, and collating the held user ID and password with the received user ID and password. Alternatively, the user ID and password registered in advance may exist in an external device, and the user authentication unit 12 may perform authentication by inquiring of the external device. Note that the user ID and password in the present embodiment are data used also when a service on the network is used by a specific application (specific application unit 34). Further, when the key management application unit 31 includes an application function, the data is also used when the function uses a service on the network.

  If the authentication in step 3 fails, the subsequent processing is not performed. In this example, it is assumed that authentication is successful. Subsequently, the key generation unit 13 generates a key (indicated as “Key” in FIG. 4, hereinafter referred to as “Key”) based on the user ID, and the client identification ID generation unit 15 determines the client identification ID ( In FIG. 4, CL-ID and display (hereinafter referred to as CL-ID) are generated and stored in the data storage unit 16 (step 4). The user ID and PIN received from the user terminal 3 are also stored in the data storage unit 16. These data are stored in association with each other as records in the table. The encryption key method in the present invention is not limited to a specific method, but, for example, a common key encryption method or a public key encryption method can be used.

  As described above, the key is generated from the user ID by, for example, a hash function, and uniquely corresponds to the user ID. Therefore, for example, when a user having the user ID uses a plurality of terminals, the same key is used in the plurality of terminals. Thereby, for example, when data encrypted by a certain terminal is stored in a server, the encrypted data can be decrypted from another terminal.

  Further, the CL-ID is generated from the terminal unique identification information by, for example, a hash function, and is unique to the terminal, that is, different information for each terminal.

  The key generation management device 1 transmits the key and the CL-ID to the user terminal 3 by the control unit 11 (step 5). In this embodiment and the second embodiment, when data such as Key is sent from the key generation management device 1 to the user terminal 3, it may be sent encrypted using, for example, SSL.

  In the user terminal 3 that has received the Key and CL-ID, the received Key is stored in the temporary data storage unit 33 and the encryption / decryption processing unit 44 under the control of the initial setting processing unit 41 of the key management application unit 31. However, the user ID and password stored in the temporary data storage unit 33 are encrypted with the received key and stored in the specific data storage unit 32. Further, the received CL-ID is encrypted with another key held by the user terminal 3 and stored in the specific data storage unit 32. After this, the login state is entered. When storing the key in the temporary data storage unit 33, the key may be distributed and stored on the memory constituting the temporary data storage unit 33. As a result, the effect of preventing memory leak can be enhanced and security can be enhanced.

<Login process>
Next, with reference to FIG. 5, processing at the time of login will be described. The processing shown in FIG. 5 is based on the premise that after initial setting or after login, the user is in a logout state by a logout operation or the like and no data is stored in the temporary data storage unit 33.

  First, the user performs a login operation to input the same PIN as that input at the initial setting from the screen displayed by the login processing unit 42 of the key management application unit 31 (step 11). In this way, at the time of login, it is only necessary to input the PIN, which is highly convenient for the user.

  Upon receiving the login operation, the login processing unit 42 decrypts the encrypted CL-ID stored in the specific data storage unit 32 and stores the decrypted CL-ID in the temporary data storage unit 33 (step 12). The PIN is transmitted to the key generation management device 1 (step 13). After transmission, the CL-ID stored in the temporary data storage unit 33 is deleted.

  In the key generation management device 1 that has received the CL-ID and PIN, the key providing authentication unit 13 checks whether the CL-ID and PIN that are the same as the received CL-ID and PIN are stored in the data storage unit 16. Thus, authentication is performed (step 14). The key providing authentication unit 13 determines that the authentication is successful when the same client ID and PIN as the received CL-ID and PIN are stored in the data storage unit 16. If the authentication fails, for example, an authentication error is returned to the user terminal 3, and the user terminal 3 performs the PIN input again. Here, when the key management application unit 31 of the user terminal 3 detects that the authentication has failed a predetermined number of times, all the data stored in the specific data storage unit 32 may be deleted. Thereby, for example, when the user terminal 3 is stolen and login is attempted illegally, it is possible to prevent important data from being disclosed.

  When the authentication is successful, the key stored in association with the CL-ID and PIN is read from the data storage unit 16 and transmitted to the user terminal 3 (step 15).

  In the user terminal 3 that has received the key, the encryption / decryption processing unit 44 controls the encrypted user ID and password stored in the specific data storage unit 32 under the control of the login processing unit 41 of the key management application unit 31. Is decrypted using the received key, and the decrypted user ID, password, and key are stored in the temporary data storage unit 32 (step 16).

  The user terminal 3 decrypts various data encrypted with the key stored in the specific data storage unit 32 by using the key stored in the temporary data storage unit 32. In some cases, data encrypted with the key is obtained from an external server and decrypted.

<Operation of specific application after login>
As described above, after logging in (or after initial setting), the key, the user ID, and the password are stored in the temporary data storage unit 33, and these can be used by the specific application unit 34 and the key management application unit 31. it can. The specific application unit 34 accesses the key management application unit 31 to use the encryption / decryption processing unit 44 to encrypt the data with the key and store the encrypted data in the specific data storage unit 32. Can be obtained by being decrypted by the encryption / decryption processing unit 44.

  In addition, the specific application unit 34 acquires the user ID and password stored in the temporary data storage unit 33 via the key management application unit 31, and uses these, for example, authentication with the user ID and password is necessary. Can use services on various networks.

  Further, only the specific application (specific application unit) can access the specific data storage unit 32 of the key management application unit 31. In order to do so, the key management application unit 31 is provided with an access determination means. In this example, the identifier of the specific application is registered in advance in storage means such as a memory accessible by the access determination means. The access determination means permits access if the identifier from the accessing application is a registered identifier, and does not allow access unless the identifier is a registered identifier. Since the identifier is included in the access from the specific application unit 34, the access is permitted and the data can be encrypted and stored in the specific data storage unit 32.

  That is, the access right of the application is set by the identifier in the key management application unit 31, and when the data is encrypted or decrypted, the application is confirmed to check whether or not there is an access right.

<About data deletion>
First, the deletion of data stored in the temporary data storage unit 33 will be described with reference to FIG. The temporary data deletion unit 43 in the present embodiment displays a screen for setting conditions for deleting data stored in the temporary data storage unit 33, stores the input conditions in the storage means, and the conditions Accordingly, the key, the user ID, and the password, which are data stored in the temporary data storage unit 33, are deleted from the temporary data storage unit 33.

  In the present embodiment, as the above condition, a logout operation of the specific application unit 34 or the key management application unit 31 (a kind of specific application) is performed, and an operation by the user on the specific application unit 34 or the key management application unit 31 is performed. For example, it can be set that a predetermined time has passed since the operation was not performed. The predetermined time can be set to a desired time such as 5 minutes or 10 minutes.

  In the example of FIG. 6, for example, when the setting is made to delete the data stored in the temporary data storage unit 33 when there is no operation of the specific application unit 34 and the key management application unit 31 for 5 minutes. In step 21, the temporary data deletion unit 43 detects that the condition is satisfied, and deletes the data stored in the temporary data storage unit 33. Thereafter, the user is logged out, and in order to use the specific application unit 34 again, the login operation described with reference to FIG. 5 is performed.

  Further, as a condition other than the above, the user terminal 3 monitors a session generated during the login process between the user terminal 3 and the key generation management device 1, and detects that when the session expires, and the temporary data The data stored in the storage unit 33 may be deleted.

  When the wipe processing unit 45 receives a wipe command, the wipe processing unit 45 deletes all data stored in the specific data storage unit 32. Note that the data stored in the general data storage unit 36 is not deleted by the wipe processing unit 45.

[Second Embodiment]
In the first embodiment described above, the key that is the data stored in the temporary data storage unit 33 of the user terminal 3 is deleted from the temporary data storage unit 33 according to a predetermined condition. Even if lost, Key is unlikely to leak to a third party. However, although the possibility is low, if the user terminal 3 is lost while the key is stored in the temporary data storage unit 33, the key may be leaked to a third party. In addition, when unauthorized access or the like is performed in the key generation management device 1, the Key stored in the data storage unit 16 may be stolen.

  In the second embodiment, in order to solve the above-described key leakage problem, the key is encrypted by a public key cryptosystem. Specific processing contents will be described below. Below, a different part from 1st Embodiment is demonstrated.

  FIG. 7 shows a functional configuration diagram of the key generation management device 1 in the present embodiment. As shown in FIG. 7, the point provided with the encryption part 17 differs from the key generation management apparatus 1 in 1st Embodiment. The encryption unit 17 obtains a public key issued for each user, encrypts the key generated by the key generation unit 14 with the public key, and encrypts the key (described as “encrypted key”). Store in the data storage unit 16.

  That is, in this embodiment, after the key is generated based on the user ID in step 4 of the operation at the time of initial setting shown in FIG. 4, before the key is stored in the data storage unit 16, the encryption unit 17 The key is encrypted with the public key corresponding to the user ID, and the encrypted key is stored in the data storage unit 16. In the present embodiment, the key in FIG. 4 is replaced with “encryption key”. However, in step 6 of FIG. 4, the encryption key is decrypted by the decryption unit 46 described later, and the user ID and password are encrypted using the key obtained by decryption. Further, the key stored in the temporary data storage unit 16 is an encryption key.

  For example, the public key may be stored in advance in the storage unit of the key generation management device 1 in association with the user ID, read out from the storage unit during encryption, and used for key encryption. The encryption unit 17 may acquire a public key corresponding to the user ID from an external server or the like and use it for Key encryption.

  In this way, by encrypting and storing the key in the key generation management device 1, even if the encrypted key leaks due to unauthorized access, the key is not known unless the secret key paired with the public key is known. Will not be known to third parties.

  FIG. 8 shows a functional configuration diagram of the user terminal 3 in the present embodiment. As shown in FIG. 8, the point provided with the decoding part 46 and the external storage medium connection part 47 differs from the user terminal 3 in 1st Embodiment.

  The external storage medium connection unit 47 connects (sets) an external storage medium (eg, an IC card, an SD card, a USB memory, etc.) that stores a secret key corresponding to the public key obtained by encrypting the key, and the decryption unit 46 This is a functional unit that enables the secret key stored in the external storage medium 48 to be read.

  When the key management application unit 31 or the specific application unit 34 uses the key, the decryption unit 46 reads the encrypted key stored in the temporary data storage unit 33 and uses the secret key read from the external storage medium 48. The encrypted key is decrypted, and the key obtained by the decryption is stored in a storage means such as a memory (this may be the temporary data storage unit 33). The key stored in the storage means is read by a functional unit (for example, encryption / decryption processing unit 44) that uses the key, and is used for decrypting the data encrypted by the key. In the present embodiment, the key is immediately deleted from the memory when the decryption processing of the data encrypted by the key is completed. This deletion process may be performed by the decoding unit 46 or a functional unit using the key.

  In the operation shown in FIGS. 5 and 6, in the present embodiment, Key is replaced with “encryption key”. In particular, in step 16 of FIG. 5, in the user terminal 3 that has received the encrypted key, the decryption unit 46 decrypts the encrypted key using the secret key under the control of the login processing unit 41 of the key management application unit 31. The decryption / decryption processing unit 44 decrypts the encrypted user ID and password stored in the specific data storage unit 32 by using the decrypted Key, and the decrypted user ID and password and the encrypted Key are obtained. Stored in the temporary data storage unit 32. As described above, the decrypted key is immediately deleted.

  The user of the user terminal 3 shown in FIG. 8 sets the external storage medium 48 in the external storage medium connection unit 47 only when decryption with the key is required, and when the decryption with the key is completed, the user of the external storage medium 48 is externally connected. It is assumed that the storage medium connection unit 47 is removed. As a result, the user usually carries the user terminal 3 in which the external storage medium 48 is not set. Even if the user terminal 3 is lost, the key is not known to a third party.

  The public key cryptosystem used for encryption and decryption of the key in this embodiment is not limited to a specific scheme, and various public key cryptosystems can be used. For example, a method called a cloud key management type encryption method may be used. In the cloud key management type encryption method, the private key is not stored on the user side. When the user terminal requests an external server (hereinafter referred to as a cloud key server) to decrypt the encrypted data encrypted with the public key of the cloud key management encryption method, the encrypted data is decrypted at the user terminal. Can get the data. In the cloud key management type encryption method, the secret key and the decrypted data never come out when decrypting the encrypted data.

  The functional configuration and operation of the key generation management device 1 when the cloud key management type encryption method is used are the same as those described with reference to FIG.

  FIG. 9 shows a functional configuration of the user terminal 3 when the cloud key management type encryption method is used. As shown in FIG. 9, the point provided with the cloud decoding part 49 differs from the user terminal 3 in 1st Embodiment. Further, since it is not necessary for the user to have a secret key, unlike the example shown in FIG. 8, there is no means for storing the secret key such as the external storage medium 48.

  When the key management application unit 31, the specific application unit 34, or the like uses the key, the cloud decryption unit 49 reads the encrypted key stored in the temporary data storage unit 33, and sends it to the cloud key server 50 via the network. By requesting the decryption of the encrypted key, the encrypted key is decrypted, and the key obtained by decrypting is stored in a storage means such as a memory (this may be the temporary data storage unit 33). As described above, the key stored in the storage unit is read by a functional unit (for example, the encryption / decryption processing unit 44) that uses the key, and is used for decrypting the data encrypted by the key. In the present embodiment, the key is immediately deleted from the memory when the decryption processing of the data encrypted by the key is completed. This deletion process may be performed by the cloud decryption unit 49 or may be performed by a functional unit using Key.

  In the case of using the cloud key management type encryption method, the key is replaced with “encryption key” in the operations shown in FIGS. In particular, in step 16 of FIG. 5, in the user terminal 3 that has received the encryption key, the cloud decryption unit 49 uses the cloud key server 50 to decrypt the encryption key under the control of the login processing unit 41 of the key management application unit 31. Then, the encryption / decryption processing unit 44 decrypts the encrypted user ID and password stored in the specific data storage unit 32 using the decrypted key, and decrypts the decrypted user ID and password, and the encryption The key is stored in the temporary data storage unit 32. The decrypted key is immediately deleted.

  In the cloud key management type encryption method, there is no need to use a secret key for decrypting the encryption key on the user side, so there is no need to use an external storage medium like the example shown in FIG. Convenience improves more than the example shown.

  As a public key cryptosystem, an IBE (Identity Based Encryption) scheme, an intelligent cryptosystem, or the like may be used in addition to the above-described cloud key management cryptosystem.

[Third Embodiment]
Next, a third embodiment will be described. The third embodiment is a form in which functions are added to the first embodiment, and the added functions will be mainly described below.

  It is assumed that the specific app in the first embodiment (the same applies to the second embodiment) is a business app used in business, and the general app is a private app used privately. As described in the first embodiment, the general application unit 35 corresponding to the general application stores data in the general data storage unit 36, and the specific application unit 34 corresponding to the specific application stores data in the specific data storage unit 32. In the first embodiment, separation of data storage destinations is realized. That is, public / private separation of data storage destinations is realized. Further, the specific data storage unit 32 provides a file system independent of the file system of the OS itself in the user terminal 3. That is, a plurality of specific applications can share one file system in the user terminal 3.

  The general application and the specific application are managed by the OS of the user terminal 3, and are displayed on the display / operation unit 37 and activated by a selection operation by the user, such as an application list displayed on the smartphone. . That is, in the first embodiment, the general application and the specific application are displayed together, and public / private separation from the viewpoint of the user interface is not realized.

  In the third embodiment, for example, in a business use scene, only a specific application (business application) is displayed, and only the specific application can be activated. That is, in the third embodiment, public / private separation from the viewpoint of the user interface is realized by adding the functions described below to the functions described in the first embodiment. Hereinafter, a state in which the user terminal 3 is logged in to the key generation management device 1 is referred to as a business mode.

  FIG. 10 shows a functional configuration diagram of the key generation management device 1 in the present embodiment. As shown in FIG. 10, the point provided with the white list management unit 18 is different from the key generation management device 1 in the first embodiment.

  In the present embodiment, in addition to the user ID, key, CL-ID, and PIN, information of one or more specific applications (specifically, business applications) is stored in the data storage unit 16 as the user ID and the like. Stored in association. The information on the specific application may be any information as long as it is information that can identify the specific application. For example, the name of the application, an icon image, version information, and the like may be included. A set (list) of information on a specific application is called a white list.

  Based on the request from the user terminal 3 received from the control unit 11, the white list management unit 18 registers information on a specific application in the data storage unit 16, or when the login from the user terminal 3 is successful, A function of transmitting the white list to the user terminal 3 by reading the corresponding white list from the data storage unit 16 and passing it to the control unit 11 is included. The whitelist registration may be performed from the user terminal 3 as described above, or may be performed on the system side (service providing side).

  FIG. 11 shows a functional configuration diagram of the user terminal 3 in the present embodiment. As shown in FIG. 11, the point provided with the application display control part 51 and the application call control part 52 differs from the user terminal 3 in 1st Embodiment.

  The application display control unit 51 has a function of referring to the white list stored in the temporary data storage unit 33 and displaying the icon (group) of a specific application included in the white list on the display / operation unit 37 so as to be selectable. Including. The displayed application does not include a general application. The entity (program) of the specific application has been installed in the user terminal 3, for example, and is stored in a storage area managed by the OS. By selecting one specific application from one or a plurality of specific applications displayed on the display / operation unit 37, the specific application is activated under the control of the application display control unit 51. For example, FIG. 11 functions as the specific application unit 34 shown in FIG.

  Further, for example, when the selected specific application is not installed in the user terminal 3, the application display control unit 51 accesses the application providing site, displays the sales screen of the specific application on the providing site, You may enable it to purchase a specific application.

  In the present embodiment, in the non-business mode in which the user terminal 3 is not logged in to the key generation management device 1, the specific application is not displayed on the display / operation unit 37 but only the general application is displayed. It is configured.

  In the present embodiment, the OS of the user terminal 3 has a function of receiving a request (for example, an Intent request) for calling another application (program) from a certain application and calling the other application. In this case, the general application is called from the specific application, and there is a concern that the general application is activated and displayed even in the business mode.

  Therefore, in this embodiment, the application call control unit 52 is provided. The application call control unit 52 acquires an application call request issued from the specific application unit 34 in the business mode, refers to a whitelist stored in the temporary data storage unit 33, and is a target to be called by the application call request. If the application corresponds to any specific application in the white list, the call is permitted, and if the application to be called does not correspond to any specific application in the white list, the call is prohibited. Includes functionality. When the call is permitted, a call request is passed to the OS, and the application to be called is activated. If the call is prohibited, the call request is discarded.

  Next, referring to FIG. 12, the operation during login in the present embodiment will be described. The processing shown in FIG. 12 is based on the assumption that the logout state or the like has occurred due to a logout operation or the like after the initial setting or login, and no data is stored in the temporary data storage unit 33.

  First, the user performs a login operation to input the same PIN as that input at the initial setting from the screen displayed by the login processing unit 42 of the key management application unit 31 (step 311).

  Upon receiving the login operation, the login processing unit 42 decrypts the encrypted CL-ID stored in the specific data storage unit 32 and stores it in the temporary data storage unit 33 (step 312). The PIN is transmitted to the key generation management apparatus 1 (step 313). After transmission, the CL-ID stored in the temporary data storage unit 33 is deleted.

  In the key generation management device 1 that has received the CL-ID and PIN, the key providing authentication unit 13 checks whether the CL-ID and PIN that are the same as the received CL-ID and PIN are stored in the data storage unit 16. Thus, authentication is performed (step 314). The key providing authentication unit 13 determines that the authentication is successful when the same client ID and PIN as the received CL-ID and PIN are stored in the data storage unit 16. If the authentication fails, for example, an authentication error is returned to the user terminal 3, and the user terminal 3 performs the PIN input again.

  When the authentication is successful, the key providing authentication unit 13 reads the key stored in association with the CL-ID and the PIN from the data storage unit 16, transmits the key to the user terminal 3, and sends the white list management unit 18. Reads out the white list stored in association with the CL-ID and PIN from the data storage unit 16 and transmits it to the user terminal 3 (step 315).

  In the user terminal 3 that has received the key and the white list, the encryption / decryption processing unit 44 is stored in the specific data storage unit 32 under the control of the login processing unit 41 of the key management application unit 31. The ID and password are decrypted using the received key, the decrypted user ID and password, and key are stored in the temporary data storage unit 32, and the login processing unit 41 and the like further store the white list in the temporary data storage unit. 33 (step 316).

  Thereafter, the application display control unit 51 reads the white list from the temporary data storage unit 33 and displays the specific application icon included in the white list on the display / operation unit 37 so as to be selectable. Thereby, the user can start a desired specific application.

[Fourth embodiment]
Other usage scenes using the function that enables the business and private public / private separation described in the third embodiment include, for example, terminal separation for the purpose of license management, utilization to a secret mode, and the like.

  The terminal separation for the purpose of license management separates a mode in which an application using a company contract license can be used and a private mode other than the mode.

  Utilization in the secret mode is a utilization form in which an application used for private use is separated from other applications. That is, an application (for example, a finance-related application) that is worried about information leakage even if it is lost for personal use is managed separately from other applications.

  In addition, a mechanism that can delegate authority for data in secret mode (including account data) may be provided. For example, a mechanism for taking over data to a specific user may be provided when there is no login for a long time. Thereby, for example, a service for automatically taking over data after death can be realized.

  A mechanism for taking over data will be described as a fourth embodiment. The fourth embodiment is a mode in which functions are added to the first embodiment, and the added functions will be mainly described below.

  FIG. 13 shows a functional configuration diagram of the key generation management device 1 in the present embodiment. As shown in FIG. 13, the key generation management device 1 according to the first embodiment is different from the key generation management device 1 in that the data transfer unit 19 is provided.

  The data takeover unit 19 receives the data encrypted with the key (referred to as Key1) stored in the specific data storage unit 32 from the user terminal that is the takeover source via the control unit 11, and the data storage unit 16 decrypts the data with Key1 stored in 16 and encrypts the data with Key (Key2) of the takeover destination user terminal, and the encrypted data corresponds to the user ID of the takeover destination user terminal. In addition, it has a function of storing in the data storage unit 16. In addition, when the key generation management device 1 receives an access from a takeover destination user terminal, for example, by login, the data takeover unit 19 controls the encrypted data stored in the data storage unit 16. A function of transmitting (downloading) to the user terminal of the takeover destination via the unit 11;

  FIG. 14 shows a functional configuration diagram of the user terminal 3 in the present embodiment. As shown in FIG. 14, the point provided with the takeover control part 61 differs from the user terminal 3 in 1st Embodiment.

  The takeover control unit 61 counts a period during which the key generation management device 1 is not logged in. When the timer reaches a predetermined value, the takeover control unit 61 determines that the data has been transferred to a specific user, A function of transmitting encrypted data stored in the data storage unit 32 from the data transmission / reception unit 38 to the key generation management device 1 is provided. In addition, after data transmission, the takeover control unit 61 has a function of deleting data stored in the specific data storage unit 32 by instructing the wipe processing unit 45. Note that the trigger for determining that the data has been transferred to a specific user is not limited to when the period when the user is not logged in reaches a predetermined value. It may be determined that the user has taken over.

  In the present embodiment, the data encrypted by the key includes the user ID and password encrypted by the key, and the user ID and password are also inherited by the data takeover. Therefore, the takeover destination user can take over the account of the takeover source user.

  Next, with reference to FIG. 15, the flow of operation in the present embodiment will be described. In this example, there is a user terminal A that is a takeover source, a user terminal B that is a takeover destination, and a key generation management device 1, and the user terminals A and B both have the configuration shown in FIG. Further, in this example, the user ID of the user terminal B indicating that the takeover destination is the user terminal B in the data storage unit 16 of the key generation management device 1 in association with the data such as the user ID of the user terminal A. Is stored in advance. The key corresponding to the user terminal A is Key-A, and the key corresponding to the user terminal B is Key-B.

  When the takeover control unit 61 of the user terminal A detects that the login has not been performed for a predetermined period of time (step 401), the data stored in the specific data storage unit 32 (encrypted by Key-A) Is transmitted to the key generation management apparatus 1 (step 402). Further, the takeover control unit 61 instructs the wipe processing unit 45 to delete the data, and the wipe processing unit 45 deletes the data stored in the specific data storage unit 32 (step 403).

  In the key generation management device 1 that has received the encrypted data from the user terminal A, the data takeover unit 19 decrypts the encrypted data with Key-A (step 404). Further, based on the data corresponding to the user terminal A stored in the data storage unit 16, it is determined that the takeover destination is the user terminal B, Key-B is acquired from the data storage area of the user terminal B, and Key- The data is encrypted by B and stored in the data storage area of the user terminal B (step 405).

  Thereafter, when access from the user terminal B to the key generation management device 1 by login or the like occurs (step 406), the data transfer unit 19 reads the data encrypted with the Key-B (step 407), and the user terminal B (Step 408). In the user terminal B, the received data is stored in the specific data storage unit 32 and is appropriately decoded and used by the Key-B.

  In the above example, information indicating the takeover destination is held in the key generation management apparatus 1, but information indicating the takeover destination is stored in advance in the user terminal A, and the data is stored in the key generation management apparatus 1. Information indicating the takeover destination may be transmitted at the time of transmission.

  In the above example, the takeover source Key-A may be used at the takeover destination. In this case, when the takeover destination user accesses the key generation management apparatus 1, it is possible to select whether to use his own (takeover destination user) Key-B or the takeover source Key-A. When the use of the takeover source Key-A is selected, the takeover data (encrypted by Key-A) and Key-A may be downloaded and used.

  Other usage scenes include public / public separation. For example, assuming the use of a user terminal by a temporary employee, the dispatcher application and the dispatch destination application are separated. You can also separate apps by task for investigation agencies and foreign affairs. In addition, for the purpose of further strengthening security, it is also possible to carry out business by separating apps for each contract company.

(Summary of the embodiment, effects)
As described above, in the present embodiment, the key generation and management device 1 performs key generation and management, and the user terminal 3 stores the key in an area where it can be temporarily stored for a certain period of time. Thus, security can be ensured while maintaining user convenience.

  For example, a business application is used as the specific application, only the encrypted business data is stored in the specific data storage unit 32, and data from the general application used for private use is stored in the general data storage unit 36. By doing so, public / private separation can be realized in the user terminal 3.

  Further, as described in the second embodiment, it is possible to further enhance security by encrypting and storing the key with the public key.

  The configuration for encryption and decryption described in the second embodiment may be applied to the third and fourth embodiments. In addition, the takeover function of the fourth embodiment may be added to the configuration of the third embodiment. Furthermore, the functions of the second, third, and fourth embodiments may be combined.

Hereinafter, the configurations disclosed in this specification are listed as examples.
(Section 1)
A key management system comprising a user terminal and a key generation management device,
The key generation management device includes:
Storage means for storing the encryption key and authentication information in association with each other;
Based on authentication information transmitted from the user terminal, the user terminal is authenticated, and when the authentication is successful, an encryption key transmitting means for transmitting the encryption key corresponding to the authentication information to the user terminal; With
The user terminal is
Specific data storage means for storing encrypted data;
Temporary data storage means for temporarily storing the encryption key received from the key generation management device;
Means for decrypting data using the encryption key;
Temporary data deleting means for deleting the encryption key from the temporary data storage means based on a predetermined condition set in advance. A key management system comprising:
(Section 2)
The key management system according to claim 1, wherein the authentication information transmitted from the user terminal includes an authentication code input by a user and a terminal identification code held by the user terminal.
(Section 3)
The key generation management device includes:
Initial setting information including a user ID, an authentication code, and terminal unique identification information is received from the user terminal at the time of initial setting, the encryption key is generated from the user ID, and the terminal identification code is generated from the terminal unique identification information And storing the encryption key, the terminal identification code, and the authentication code in the storage unit, and transmitting the encryption key and the terminal identification code to the user terminal,
The key management system according to claim 2, wherein the user terminal includes means for encrypting data other than the terminal identification code using the encryption key and storing the encrypted data in the specific data storage means.
(Section 4)
4. The key management according to claim 3, wherein the user terminal includes means for encrypting the terminal identification code using an encryption key different from the encryption key and storing the encrypted terminal identification code in the specific data storage means. system.
(Section 5)
The user terminal comprises means for encrypting data of a specific application using an encryption key received from the key generation management device and storing the data in the specific data storage means. The key management system according to any one of the above.
(Section 6)
Among the first to fifth aspects, the user terminal includes an access determination unit that determines whether access from the application to the specific data storage unit is permitted using an identifier of the specific application stored in advance. The key management system according to any one of claims.
(Section 7)
The first to sixth aspects, wherein the predetermined condition is that a logout operation for a specific application in the user terminal has been performed or no operation has been performed for the specific application for a predetermined time. The key management system according to any one of the above.
(Section 8)
The user terminal includes a wipe processing unit that deletes all data stored in the specific data storage unit when receiving a predetermined command. The key management system according to item 1.
(Section 9)
The key management system according to any one of claims 1 to 8, wherein the encryption key is a key encrypted with a public key.
(Section 10)
The user terminal includes means for transmitting data stored in the specific data storage means to the key generation management device and deleting data stored in the specific data storage means when a predetermined condition is satisfied. Item 10. The key management system according to any one of Items 1 to 9, wherein
(Section 11)
A key management method executed by a key management system including a user terminal and a key generation management device,
The key generation management device includes storage means for storing an encryption key and authentication information in association with each other,
The key generation management device authenticates the user terminal based on the authentication information transmitted from the user terminal, and transmits the encryption key corresponding to the authentication information to the user terminal when the authentication is successful. And steps to
The user terminal temporarily storing the encryption key received from the key generation management device in a temporary data storage means;
The user terminal decrypting the data stored in the specific data storage means using the encryption key;
The user terminal deleting the encryption key from the temporary data storage means based on a predetermined condition set in advance;
A key management method comprising:
(Section 12)
A user terminal used in the key management system according to any one of Items 1 to 10.
(Section 13)
A user terminal connected to a key generation management device via a network,
Temporarily receiving the encryption key from the key generation management device that transmits the encryption key when the authentication of the user terminal based on the authentication information transmitted from the user terminal is successful, and temporarily storing the encryption key Data storage means;
Means for decrypting data using the encryption key;
Temporary data deletion means for deleting the encryption key from the temporary data storage means based on a predetermined condition set in advance;
A user terminal comprising:
(Section 14)
14. The user terminal according to claim 13, further comprising: an access determination unit that determines whether to permit access from the application to the specific data storage unit using an identifier of the specific application held in advance.
(Section 15)
An application display control means for receiving information indicating one or more specific applications from the key generation management device when the authentication is successful, and displaying the one or more specific applications in a selectable manner; Item 13. The user terminal according to item 14 or 14, which is characterized.
(Section 16)
Application call control means for receiving a call request of another application from the specific application and prohibiting the call of the other application when the other application is not included in the one or more specific applications. 16. The user terminal according to item 15, characterized in that
(Section 17)
A key generation management device used in the key management system according to any one of Items 1 to 10.
(Section 18)
A key generation management device connected to a user terminal via a network,
Storage means for storing the encryption key and authentication information in association with each other;
Based on authentication information transmitted from the user terminal, the user terminal is authenticated, and when the authentication is successful, an encryption key transmitting means for transmitting the encryption key corresponding to the authentication information to the user terminal;
A key generation management device comprising:
(Section 19)
A program for causing a computer to function as each means in the user terminal according to any one of Items 12 to 16.
(Section 20)
A program for causing a computer to function as each unit in the key generation management device according to Item 17 or 18.

  The present invention is not limited to the above-described embodiments, and various modifications and applications are possible within the scope of the claims.

DESCRIPTION OF SYMBOLS 1 Key generation management apparatus 2 Network 3 User terminal 11 Control part 12 User authentication part 13 Key provision authentication part 14 Key generation part 15 Client identification ID generation part 16 Data storage part 17 Encryption part 18 White list management part 19 Data takeover part 31 Key management application unit 32 Specific data storage unit 33 Temporary data storage unit 34 Specific application unit 35 General application unit 36 General data storage unit 37 Display / operation unit 38 Data transmission / reception unit 41 Initial setting processing unit 42 Login processing unit 43 Temporary data deletion Unit 44 encryption / decryption processing unit 45 wipe processing unit 46 decryption unit 47 external storage medium connection unit 48 external storage medium 49 cloud decryption unit 50 cloud key server 51 application display control unit 52 application call control unit 61 takeover control unit

Claims (6)

A user terminal connected to a key generation management device via a network,
Temporarily receiving the encryption key from the key generation management device that transmits the encryption key when the authentication of the user terminal based on the authentication information transmitted from the user terminal is successful, and temporarily storing the encryption key Data storage means;
Specific data storage means for storing specific application data encrypted with the encryption key as application data;
General data storage means for storing data of applications other than the specific application;
Means for decrypting the data of the specific application using the encryption key;
Application display control means for receiving information indicating one or more specific applications from the key generation management device when the authentication is successful, and displaying the one or more specific applications in a selectable manner;
When a request for calling another application is received from a specific application selected from the one or more specific applications, and the other application is not included in the one or more specific applications, the other application Application call control means for prohibiting the calling of the application,
A user terminal comprising: The user terminal according to claim 1, further comprising temporary data deleting means for deleting the encryption key from the temporary data storage means based on a predetermined condition set in advance. 3. The user terminal according to claim 1, further comprising: an access determination unit that determines whether to permit access from the application to the specific data storage unit using an identifier of the specific application held in advance. The program for functioning a computer as each means in the user terminal of any one of Claims 1 thru | or 3 . A key management system comprising a user terminal and a key generation management device connected to the user terminal via a network,
The key generation management device includes:
Storage means for storing the encryption key and authentication information in association with each other;
Based on authentication information transmitted from the user terminal, the user terminal is authenticated, and when the authentication is successful, an encryption key transmitting means for transmitting the encryption key corresponding to the authentication information to the user terminal; With
The user terminal is
Temporary data storage means for receiving the encryption key and temporarily storing the encryption key;
Specific data storage means for storing specific application data encrypted with the encryption key as application data ;
General data storage means for storing data of applications other than the specific application ;
Means for decrypting the data of the specific application using the encryption key;
Application display control means for receiving information indicating one or more specific applications from the key generation management device when the authentication is successful, and displaying the one or more specific applications in a selectable manner;
When a request for calling another application is received from a specific application selected from the one or more specific applications, and the other application is not included in the one or more specific applications, the other application the key management system comprising: a, an application calls the control means for inhibiting invocation of applications. Information indicative of the one or more specific applications are stored in the storage unit,
The encryption key sending unit, the key according to claim 5, characterized in that sending said if authentication succeeds, and the encryption key and information indicating the one or more particular applications to the user terminal Management system .

Images