JP6636301B2 - Data transmission system and data transmission method - Google Patents

Description

  The present invention relates to cryptography.

  Technologies for realizing anonymous communication in a network have been developed. For example, Patent Literature 1 discloses a technology capable of transmitting and receiving a message without the other party knowing the mail address.

JP 2001-53787 A

  Generally, in communication via a network, a data packet to which an address (for example, an IP (Internet Protocol) address or the like) specifying a transmission destination or a transmission source is transmitted and received. Even if the technology disclosed in Patent Document 1 is used, such network addresses cannot be concealed.

  The present invention has been made in view of the above problems. An object of the present invention is to provide a technique for improving anonymity of communication performed via a network.

A first data transmission system according to the present invention is a data transmission system having a transmitting device and a receiving device.
The transmission device includes: 1) a disclosure permission information adding unit that adds disclosure permission information, which is information indicating a reception device permitted to disclose the message, to a data packet including a source address, a destination address, and a message; (2) an encryption unit that encrypts the source address, the destination address, or the disclosure permission information included in the data packet to which the disclosure permission information is added, with an anonymous encryption key; and (3) the encryption. A transmission unit that transmits the data packet obtained by the encryption unit; 4) a first anonymization encryption key storage unit that stores the anonymization encryption key used by the encryption unit in a state where the encryption key cannot be read from the outside of the transmission device. Having.
The receiving device includes: 5) a receiving unit that receives the transmitted data packet; and 6) the encrypted source address, the destination address, or the disclosure permission information of the received data packet. And 7) the message of the received data packet when the receiving device permits the disclosure of the message by the disclosure permission information of the received data packet. And 8) a second anonymized encryption key storage unit that stores the anonymized encryption key used by the decryption unit in a state that cannot be read from the outside of the receiving device.

A second data transmission system according to the present invention is a data transmission system having a transmitting device and a receiving device.
The transmission device includes: 1) a disclosure permission information adding unit that adds disclosure permission information, which is information indicating a reception device permitted to disclose the transmission data, to the transmission data transmitted to the reception device; A data packet generating unit that generates a plurality of messages by dividing the transmission data to which the disclosure permission information is added, adds a source address and a destination address to each message, and generates a plurality of data packets; 3) an encryption unit for encrypting the address information of each of the data packets or each of the data packets with an anonymous encryption key; 4) a transmission unit for transmitting each of the encrypted data packets; A first anonymized encryption key storage unit that stores the anonymized encryption key used by the encryption unit in a state where the encryption key cannot be read from outside the transmission device.
The receiving device includes: 6) a receiving unit that receives each of the transmitted data packets; 7) a decrypting unit that decrypts each of the received data packets with the anonymous encryption key; and 8) each of the decrypted data packets. A restoration unit for restoring the transmission data to which the disclosure permission information has been added by combining the messages included in the data packets; and 9) the receiving device is permitted to disclose the transmission data by the disclosure permission information. And 10) a second anonymous encryption system that stores the anonymous encryption key used by the decryption unit in a state where it cannot be read from outside the receiving device. And a key storage unit.

A first data transmission method according to the present invention is a data transmission method executed in a data transmission system having a transmitting device and a receiving device. In the data transmission method, 1) the transmitting device adds disclosure permission information, which is information indicating a receiving device to which disclosure of the message is permitted, to a data packet including a source address, a destination address, and a message. A disclosure permission information adding step; and 2) the transmitting device encrypts the transmission source address, the transmission destination address, or the disclosure permission information included in the data packet to which the disclosure permission information is added, using an anonymous encryption key. 3) the transmitting device transmits the encrypted data packet; 4) the receiving device receives the transmitted data packet; and 5) the receiving device receives the transmitted data packet. A receiving device configured to encrypt the source address, the destination address, or the disclosure permission information of the received data packet; 6) decrypting the received data packet with the anonymous encryption key; and 6) when the disclosure of the message is permitted by the disclosure permission information of the received data packet, the receiving device transmits the received data packet. And outputting the message to the outside.
7) The transmitting device has a first anonymous encryption key storage unit that stores the anonymous encryption key used in the encryption step in a state where the anonymous encryption key cannot be read from the outside of the transmission device.
8) The receiving device has a second anonymized encryption key storage unit that stores the anonymized encryption key used in the decryption step in a state where the key cannot be read from outside the receiving device.

A second data transmission method according to the present invention is a data transmission method executed in a data transmission system having a transmitting device and a receiving device. The data transmission method includes: 1) disclosure permission information in which the transmission device adds disclosure permission information, which is information indicating a reception device permitted to disclose the transmission data, to transmission data transmitted to the reception device. An adding step; 2) the transmitting apparatus generates a plurality of messages by dividing the transmission data to which the disclosure permission information is added, and adds a source address and a destination address to each message; A data packet generating step of generating a data packet; 3) the transmitting device encrypting address information of each of the data packets or each of the data packets with an anonymous encryption key; and 4) the transmitting device. Transmitting each of the encrypted data packets, and 5) the receiving apparatus receiving each of the transmitted data packets. 6) the receiving device decrypts each of the received data packets with the anonymous encryption key; and 7) the receiving device includes the decrypted data packet included in each of the decrypted data packets. A restoring step of restoring the transmission data to which the disclosure permission information is added by combining the messages; and 8) the receiving device is permitted to disclose the transmission data by the disclosure permission information. And outputting the restored transmission data to the outside.
9) The transmitting device includes a first anonymized encryption key storage unit that stores the anonymized encryption key used in the encryption step in a state where the key cannot be read from outside the transmission device.
10) The receiving device has a second anonymized encryption key storage unit that stores the anonymized encryption key used in the decrypting step in a state where it cannot be read from outside the receiving device.

  According to the present invention, there is provided a technique for improving anonymity of communication performed through a network.

FIG. 1 is a diagram illustrating an outline of a data transmission system according to a first embodiment. FIG. 1 is a block diagram illustrating a configuration of a data transmission system according to a first embodiment. 5 is a flowchart illustrating a flow of a process executed by the transmission device of the first embodiment. 5 is a flowchart illustrating a flow of a process executed by the transmission device of the first embodiment. FIG. 2 is a diagram illustrating a data transmission system having a relay device. It is a block diagram which illustrates a relay device. It is a block diagram which illustrates the receiving device of Embodiment 1 which has an anonymous processing part and a 2nd output part. 13 is a flowchart illustrating a flow of a process performed by the receiving device according to the second embodiment. FIG. 6 is a first diagram illustrating key generation information. FIG. 14 is a second diagram illustrating key generation information. FIG. 2 is a block diagram illustrating a transmission device according to an embodiment. FIG. 4 is a diagram illustrating a process executed by an electronic signature providing unit together with a block diagram. It is a block diagram which illustrates the receiver of an Example. FIG. 4 is a diagram illustrating a process executed by a validity verification unit together with a block diagram. FIG. 9 is a diagram illustrating a process performed by an electronic signature adding unit and a validity determining unit when key generation information added to an electronic signature is not falsified. FIG. 7 is a diagram illustrating a process performed by a validity determination unit when key generation information added to an electronic signature is falsified. FIG. 13 is a diagram illustrating an outline of a data transmission system according to a third embodiment. FIG. 14 is a block diagram illustrating a configuration of a data transmission system according to a third embodiment. It is a block diagram which illustrates the receiver of Embodiment 3 which has an anonymous processing part and the 2nd output part.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings. In all the drawings, the same components are denoted by the same reference numerals, and description thereof will not be repeated. Also, in each block diagram, the flow of arrows indicates the flow of information. Further, in each block diagram, each block shows not a configuration of a hardware unit but a configuration of a functional unit.

[Embodiment 1]
<Overview of Data Transmission System 4000>
FIG. 1 is a diagram illustrating an outline of a data transmission system 4000 according to the first embodiment. Data transmission system 4000 includes transmitting device 2000 and receiving device 3000. Transmitting device 2000 transmits a data packet, and receiving device 3000 receives the data packet. The header of the data packet transmitted from transmitting apparatus 2000 includes a source address, a destination address, and disclosure permission information. The disclosure permission information is information indicating the receiving device 3000 to which disclosure of the message is permitted. Further, the data packet includes information (hereinafter, message) to be transmitted to receiving apparatus 3000. A message is any form of data.

  The transmission device 2000 encrypts and transmits at least the source address, the destination address, or the disclosure permission information among the data included in the data packet. The receiving device 3000 decrypts the encrypted information of the received data packet. Further, when the receiving device 3000 is the receiving device 3000 whose disclosure is permitted by the disclosure permission information, the receiving device 3000 outputs a message included in the data packet in a usable state.

  The data packet may be a set of data transmitted and received between the transmitting device 2000 and the receiving device 3000, and is not limited to an IP packet generally called a “packet”. For example, IP packets and Ethernet (registered trademark) frames can be handled as data packets.

  FIG. 2 is a block diagram illustrating a configuration of the data transmission system 4000 according to the first embodiment. In FIG. 2, the flow of arrows indicates the flow of information. Further, in FIG. 2, each block represents not a configuration of a hardware unit but a configuration of a functional unit.

  The transmission device 2000 includes an encryption unit 2020, a disclosure permission information addition unit 2040, a transmission unit 2060, and a first anonymized encryption key storage unit 2080. Disclosure permission information adding section 2040 adds the above-described disclosure permission information to the data packet. The specific contents of the disclosure permission information will be described later. The encryption unit 2020 encrypts the source address, the destination address, or the disclosure permission information included in the data packet using the encryption key. Hereinafter, this encryption key is referred to as an anonymous encryption key. Information to be encrypted by the encryption unit 2020 is referred to as anonymization target information. Transmitting section 2060 transmits the data packet encrypted by encrypting section 2020. The first anonymous encryption key storage unit 2080 stores the anonymous encryption key used by the encryption unit 2020 in a state where it cannot be read from outside the transmission device 2000. That is, transmitting apparatus 2000 has tamper resistance with respect to the anonymized encryption key. A specific method for storing the anonymized encryption key in a state where it cannot be read from the outside will be described later.

  The receiving device 3000 includes a receiving unit 3020, a decrypting unit 3040, an output unit 3060, and a second anonymous encryption key storage unit 3080. Receiving section 3020 receives the data packet transmitted by transmitting apparatus 2000. The decryption unit 3040 decrypts the anonymization target information (source address, destination address, or disclosure permission information) included in the received data packet using the anonymization encryption key. This anonymized encryption key is stored in the second anonymized encryption key storage unit 3080 in a state where it cannot be read from the outside of the receiving device 3000. That is, receiving apparatus 3000 has tamper resistance with respect to the anonymized encryption key. The output unit 3060 determines whether or not the receiving device 3000 corresponds to the receiving device 3000 permitted to disclose the data packet, which is indicated by the disclosure permission information of the received data packet. Then, when the receiving device 3000 corresponds to the receiving device 3000 permitted to disclose the data packet, the output unit 3060 outputs a message of the received data packet to the outside of the output unit 3060. A specific method in which the output unit 3060 outputs a message will be described in each embodiment described later.

<Process Flow Performed by Transmitting Device 2000>
FIG. 3 is a flowchart illustrating a flow of a process performed by the transmission device 2000 of the first embodiment. The disclosure permission information adding unit 2040 acquires the data packet (S102). The disclosure permission information adding unit 2040 adds the disclosure permission information to the data packet (S104). The encryption unit 2020 encrypts the anonymization target information included in the data packet using the anonymization encryption key (S106). The transmitting unit 2060 transmits the data packet (S108).

<Flow of Process Executed by Receiving Device 3000>
FIG. 4 is a flowchart illustrating a flow of a process performed by the transmission device 2000 of the first embodiment. The receiving unit 3020 receives the data packet (S202). The decryption unit 3040 decrypts the anonymization target information using the anonymization encryption key by the encryption unit 2020 (S204). The output unit 3060 outputs the data packet message to the outside of the output unit 3060 when the receiving device 3000 permits disclosure of the message by the data packet disclosure permission information (S206).

  Hereinafter, specific functions of the respective functional components will be described with reference to the above-described flowchart as appropriate.

<Details of disclosure permission information adding unit 2040>
The disclosure permission information adding unit 2040 acquires the data packet (S102). The data packet acquired by disclosure permission information adding section 2040 includes a source address, a destination address, and a message. For example, a data packet is an IP packet that includes a source IP address and a destination IP address in a header portion and a message in a data portion. However, the data packet is not limited to the IP packet, but may be data transmitted and received by an arbitrary network protocol.

  Known techniques can be used to generate the data packet. For example, an IP packet is generated by an OS (Operating System) IP protocol stack. Here, since the method of generating a data packet by the protocol stack of the OS is a known technique, the description of the specific method is omitted.

  As described above, the message included in the data packet is arbitrary data. For example, this message is generated by the user of the transmitting device 2000. Specifically, the user generates a message by inputting character data or the like using an input device such as a keyboard. In addition, the message may be automatically generated by the transmitting device 2000. Further, for example, the message may be obtained by transmitting apparatus 2000 from outside transmitting apparatus 2000. Note that the message is not limited to character data, but may be data of any format such as image data and audio data.

  The source address included in the data packet is an address that specifies the transmitting device 2000 that transmits the data packet. For example, the source address is the IP address, MAC (Media Access Control) address, or both of the source transmitting device 2000.

  The destination address included in the data packet is an address that specifies the receiving device 3000 that is the destination of the data packet. For example, the destination address is the IP address, the MAC address, or both of the destination receiving device 3000. However, the destination address may be an address that does not uniquely identify the destination device, such as a multicast address or a broadcast address.

  The disclosure permission information adding unit 2040 adds the disclosure permission information to the data packet (S104). As described above, the disclosure permission information is information indicating the reception device 3000 to which disclosure of a message is permitted. For example, the disclosure permission information indicates an ID (Identifier) of the receiving device 3000 to which disclosure of the message is permitted. Here, the ID of the receiving device 3000 is an arbitrary identifier that can specify the receiving device 3000. For example, the ID of the receiving device 3000 is an IP address, a MAC address, a UUID (Universally Unique Identifier) of the receiving device 3000, or the like. It should be noted that the number of receiving devices 3000 permitted to disclose the message is not limited to one, but may be plural.

  Further, the disclosure permission information may indicate key generation information unique to the receiving device 3000 permitted to disclose the message. The key generation information will be described in an embodiment described later.

  In addition, the disclosure permission information may be information indicating a group of the receiving devices 3000 to which disclosure of the message is permitted. For example, the information indicating the group of the receiving devices 3000 is a multicast address (such as a multicast IP address or a multicast MAC address). Further, for example, in the data transmission system 4000, a group of the receiving devices 3000 may be determined in advance by another method. In this case, information on which receiving device 3000 belongs to which group may be set in the transmitting device 2000 or the receiving device 3000 in advance, or may be stored in a storage device accessible from the transmitting device 2000 or the receiving device 3000. It may be.

  Disclosure permission information adding section 2040 adds additional information to the header of the data packet. For example, the disclosure permission information adding unit 2040 stores the additional information in an unused data area in an existing header such as an IP header or an Ethernet (registered trademark) header. Further, for example, the disclosure permission information adding unit 2040 may generate a new header separately from these existing headers, store the additional information in the header, and insert the additional information into the data packet.

  The disclosure permission information adding unit 2040 includes the receiving device 3000 of the transmission destination as the receiving device 3000 that permits disclosure of the message. Further, the disclosure permission information adding unit 2040 includes a predetermined receiving device 3000 other than the receiving device 3000 of the transmission destination as the receiving device 3000 permitted to disclose the message. The predetermined receiving device 3000 is a receiving device 3000 owned by an agency or a person having special authority such as the police. In this way, by using a computer provided with the receiving device 3000 owned by such an authority or a person having special authority, a message of a data packet transmitted to an arbitrary receiving device 3000 can be acquired / acquired. Be able to browse.

  For example, in a criminal investigation or the like, an email or the like sent by a suspect may contain information serving as important evidence. In such a case, it is preferable that the police or the like can browse this mail without using a computer or the like owned by the criminal. By allowing the disclosure permission information adding unit 2040 to indicate the receiving device 3000 owned by the institution or person having the special authority described above in the disclosure permission information, it is possible to easily obtain important evidence of a crime or the like in these organizations. be able to. On the other hand, since the receiving device 3000 that can disclose the message is limited by the disclosure permission information, the privacy of the person who exchanges the message is respected as compared with the case where the message of the data packet can be disclosed by any receiving device 3000.

  In addition, the disclosure permission information adding unit 2040 may include, in the disclosure permission information, the receiving device 3000 other than the receiving device 3000 of the transmission destination or the receiving device 3000 owned by the police or the like.

  There are various methods for determining the receiving device 3000 to be included in the disclosure permission information. For example, the disclosure permission information adding unit 2040 accepts an input of an ID of the receiving device 3000 that permits disclosure of a message from a user of the computer having the transmitting device 2000. Then, disclosure permission information adding section 2040 includes the input ID of receiving apparatus 3000 in the disclosure permission information. However, the destination receiving device 3000 can be specified from the destination address. Therefore, if the ID of the receiving device 3000 indicated by the disclosure permission information is a network address, the disclosure permission information adding unit 2040 may automatically include the transmission destination address of the data packet in the disclosure permission information. In addition, when the ID of the receiving device 3000 indicated by the disclosure permission information is other than the network address, the disclosure permission information adding unit 2040 specifies the ID of the receiving device 3000 of the transmission destination from the transmission destination address of the data packet, and specifies the ID. The ID may be included in the disclosure permission information. For example, when the disclosure permission information adding unit 2040 can access a database or the like in which the ID of each receiving device 3000 is associated with a network address, the disclosure permission information adding unit 2040 accesses this database and Is specified.

  Also, the disclosure permission information adding unit 2040 automatically includes the ID of the receiving device 3000 owned by the above-mentioned agency such as the police or the like in the disclosure permission information automatically by default. As described above, the ID of the receiving device 3000 to be included in the disclosure permission information by default may be set in the disclosure permission information adding unit 2040 in advance, or may be stored in a storage device accessible from the disclosure permission information adding unit 2040. Is also good.

<Details of the encryption unit 2020>
The encryption unit 2020 encrypts the anonymization target information (the transmission source address, the transmission destination address, or the disclosure permission information) of the data packet (S106). Here, the encryption unit 2020 may encrypt any two or more of the source address, the destination address, and the disclosure permission information. Further, the encryption unit 2020 may encrypt not only the above three pieces of information but also the entire data packet. In this case, the entire data packet becomes the anonymization target information.

  It should be noted that a data packet may include a plurality of source addresses of different types. For example, an Ethernet frame may include a MAC address and an IP address. Similarly, a data packet may include multiple destination addresses of different types. In such a case, the encryption unit 2020 encrypts any one or more of the plurality of addresses.

<< About the encryption method >>
The same anonymous encryption key is used for data encryption by the encryption unit 2020 and data decryption by the decryption unit 3040. That is, the encryption by the encryption unit 2020 and the decryption by the decryption unit 3040 are performed by the common key cryptosystem. The data transmission system 4000 can use any encryption method classified as a common key encryption method. For example, the data transmission system 4000 can use AES (Advanced Encryption Standard) encryption, relocation encryption described in Japanese Patent No. 4737334, and the like.

  The specific mode of the anonymous encryption key is determined by the common key encryption method to be used. A specific example of the anonymous encryption key will be described in an embodiment described later.

<Details of the transmission unit 2060>
The transmitting unit 2060 transmits the data packet to which the additional information has been added (S108). Here, the method of transmitting the data packet according to the destination address indicated in the data packet is a known technique, and a specific description thereof will be omitted.

<Details of the receiving unit 3020>
The receiving unit 3020 receives the data packet (S202). Here, in the data transmission system 4000, the destination address of the data packet may be encrypted. In this case, the receiving device 3000 cannot determine whether or not the data packet is intended for the receiving device 3000 without decoding the destination address of the data packet. Therefore, in this case, receiving section 3020 receives the data packet, and decoding section 3040 decodes the anonymization target information of the data packet. Then, receiving apparatus 3000 determines whether or not the data packet is destined for receiving apparatus 3000 based on the decoded transmission destination address.

  If the transmission destination address of the data packet is not encrypted, the receiving unit 3020 performs the reception processing of the data packet based on the transmission destination address of the data packet. Here, the process of receiving a data packet when the destination address is not encrypted is a known process. Therefore, a detailed description of this processing is omitted.

  Here, the receiving device 3000 may receive a data packet whose destination address is not the address of the receiving device 3000. For example, the receiving device 3000 receives all data packets flowing through the network to which the receiving device 3000 is connected. In addition, receiving apparatus 3000 receives a data packet in which the address information satisfies a predetermined condition. It is assumed that the predetermined condition is stored in the receiving device 3000.

  The receiving device 3000 that receives a data packet whose transmission destination address is not the address of the receiving device 3000 is, for example, a device that captures a data packet flowing through a network or a device that is owned by an organization such as the police as described later. The device that captures the data packet is, for example, a device that generates statistical data of the data packet for the data packet flowing through the network, and performs a virus scan or the like on a message included in the data packet.

<Details of decoding unit 3040>
The decryption unit 3040 decrypts the anonymization target information included in the data packet received by the reception unit 3020 using the anonymization encryption key (S204). Here, the decryption unit 3040 needs to know which data among the data included in the data packet is encrypted. There are various methods for the decryption unit 3040 to know which data is encrypted. For example, in the data transmission system 4000, which data of a data packet is to be encrypted is determined in advance. In this case, the encryption unit 2020 encrypts predetermined data (eg, a destination IP address). Then, the decoding unit 3040 decodes the predetermined data. The information defining "which data in the data packet is to be encrypted" may be set in the encryption unit 2020 and the decryption unit 3040 in advance, or may be accessed from the encryption unit 2020 and the decryption unit 3040, respectively. It may be stored in a simple storage device or the like.

  Further, for example, the encryption unit 2020 may add information indicating which data of the data packet has been encrypted to the data packet. In this case, the decryption unit 3040 grasps which data of the data packet is encrypted by referring to the added information. Information indicating "which data of the data packet has been encrypted" is added, for example, to the head of the data packet. However, the position where this information is added is not limited to the head of the data packet.

  Here, a technique for decrypting the encrypted data using a predetermined encryption key is a known technique. Therefore, a detailed description of a method in which the decryption unit 3040 decrypts the anonymization target information using the anonymization encryption key is omitted.

<About the output unit 3060>
The output unit 3060 outputs the data packet to the outside of the output unit 3060 when the reception device 3000 having the output unit 3060 corresponds to the reception device 3000 permitted to disclose the message, which is indicated by the data packet disclosure permission information. Is output (S206). By outputting the message to the outside, the OS or the like operating on a computer having the output unit 3060 can use the message. For example, the OS can display a message on the display. A specific method for realizing the output unit 3060 will be described in an embodiment described later.

<Hardware configuration>
Each of the transmitting device 2000 and the receiving device 3000 is implemented using one hardware chip or a combination of a plurality of hardware chips. The hardware chip is, for example, an integrated circuit such as an LSI (Large Scale Integration). However, the mounting method of the transmitting device 2000 and the receiving device 3000 is not limited to the mounting method using an integrated circuit.

  For example, the encryption unit 2020, the disclosure permission information addition unit 2040, and the transmission unit 2060 are each implemented as hardware on the hardware chip by wired logic or the like. In addition, for example, each of the functional components is implemented as a combination of software and hardware. The combination of software and hardware is, for example, a combination of hardware such as a processor, a memory, and a storage, and a program stored in the memory or the storage. The processor realizes the functions of the functional components by, for example, reading each program that implements the functional components into a memory and executing the program. For example, various hardware such as the above-described processor is mounted on a hardware chip as an SoC (System on Chip).

  The first anonymized encryption key storage unit 2080 is implemented as, for example, a ROM or a RAM that does not have a communication path with the outside of the transmission device 2000. In this case, the anonymous encryption key is stored in this ROM or RAM. Alternatively, for example, the first anonymized encryption key storage unit 2080 may be implemented using wired logic or the like. In this case, the anonymous encryption key is implemented as a physical electric circuit incorporated in the first anonymous encryption key storage unit 2080. For example, when the encryption unit 2020, the disclosure permission information addition unit 2040, and the transmission unit 2060 are mounted on one hardware chip, the first anonymous encryption key storage unit 2080 is mounted on the hardware chip. . However, the first anonymized encryption key storage unit 2080 may be implemented as another hardware chip having a communication path with a hardware chip on which the encryption unit 2020 and the like are mounted.

  The method of mounting the receiving unit 3020, the decrypting unit 3040, and the output unit 3060 is the same as the method of mounting the encrypting unit 2020, the disclosure permission information adding unit 2040, and the transmitting unit 2060. The method of mounting the second anonymized encryption key storage unit 3080 is the same as the method of mounting the first anonymized encryption key storage unit 2080. For example, when the receiving unit 3020, the decrypting unit 3040, and the output unit 3060 are mounted on one hardware chip, the second anonymized encryption key storage unit 3080 is mounted on the hardware chip. However, the second anonymous encryption key storage unit 3080 may be implemented as another hardware chip having a communication path with the hardware chip on which the receiving unit 3020 and the like are mounted.

  For example, the transmitting device 2000 and the receiving device 3000 are respectively mounted on network interfaces of various computers such as a PC (Personal Computer), a server, and a portable terminal. By doing so, each data packet that the OS or the like of the computer having the transmission device 2000 intends to transmit via the network is processed by the transmission device 2000 before being transmitted. Then, the data packet received by the receiving device 3000 via the network is processed by the receiving device 3000 and then used by an OS of a computer having the receiving device 3000.

<Relay of data packet>
When a data packet is relayed by a relay device such as a layer 2 switch or a router, these relay devices decode the address information included in the data packet using an anonymous encryption key, and based on the decoded address information. Determine the relay destination. Then, when the address information needs to be changed, the relay device changes the address information, encrypts the changed data packet with the anonymous encryption key, and transmits the encrypted data packet. The relay device, like the transmission device 2000 and the reception device 3000, has a storage unit that stores the anonymized encryption key in a state where it cannot be read from outside the relay device. The method in which the relay device encrypts the data packet using the anonymous encryption key is the same as the method in which the encryption unit 2020 encrypts the data packet. The method in which the relay device decrypts the data packet using the anonymous encryption key is the same as the method in which the decryption unit 3040 decrypts the data packet.

  The change of the address information performed by the relay device is, for example, Network Address Translation (NAT) or Network Address Port Translation (NAPT). In this case, the relay device is a gateway device located at a boundary between a Local Area Network (LAN) and a Wide Area Network (WAN). Since NAT and NAPT are known technologies, their detailed description will be omitted.

  FIG. 5 is a diagram illustrating a data transmission system 4000 having a relay device 5000. Relay device 5000 is located between transmitting device 2000 and receiving device 3000, and relays a data packet. Note that a plurality of relay devices 5000 may be interposed between the transmitting device 2000 and the receiving device 3000.

  FIG. 6 is a block diagram illustrating the relay device 5000. Each block shows a configuration of a functional unit, not a configuration of a hardware unit.

  The relay device 5000 includes a second reception unit 5020, a second decryption unit 5040, a conversion unit 5060, a second encryption unit 5080, a second transmission unit 5100, and a third anonymized encryption key storage unit 5120. Second receiving section 5020 receives the data packet.

  The second decryption unit 5040 decrypts the encrypted source address or destination address of the data packet using the anonymous encryption key. The method by which the second decoding unit 5040 decodes a data packet is the same as the method by which the decoding unit 3040 decodes a data packet. When the disclosure permission information of the data packet is encrypted together with the transmission source address and the like, the disclosure permission information is also decrypted together. However, when the source address, the destination address, and the disclosure permission information are separately encrypted, the second decryption unit 5040 does not need to decrypt the disclosure permission information.

  The conversion unit 5060 converts a source address or a destination address. This conversion is, for example, the NAT or NAPT processing described above.

  The second encryption unit 5080 encrypts the converted source address or destination address with the anonymous encryption key. The method by which the second encryption unit 5080 encrypts the data packet is the same as the method by which the encryption unit 2020 encrypts the data packet. If the disclosure permission information is encrypted in the received data packet, the second encryption unit 5080 also encrypts the disclosure permission information.

  Second transmitting section 5100 transmits the data packet encrypted by second encrypting section 5080.

  The third anonymous encryption key storage unit 5120 stores the anonymous encryption key used by the second decryption unit 5040 and the second encryption unit 5080 in a state where it cannot be read from the outside of the relay device 5000.

  The hardware configuration of relay device 5000 is the same as the hardware configuration of transmitting device 2000 and receiving device 3000.

<Action and effect>
According to the data transmission system 4000 of the present embodiment, when a data packet is transmitted from the transmitting device 2000 to the receiving device 3000, the source address, the destination address, or the disclosure permission information (information to be anonymized) of the data packet Is encrypted. The anonymous encryption key used for the encryption is stored in a state where it cannot be read from the outside of the transmitting device 2000 or the receiving device 3000. Therefore, even if the data packet is intercepted by a third party, the third party cannot specify the transmission destination or the transmission source of the data packet. Therefore, according to data transmission system 4000, the confidentiality of data packets can be improved.

  Further, according to the data transmission system 4000 of the present embodiment, the anonymization target information is encrypted and decrypted by the common key encryption. Here, in general, the encryption processing of the public key encryption method takes longer time than the encryption processing of the common key encryption method, and therefore, if encryption is performed in data packet units, the overhead of the encryption processing increases. On the other hand, since the encryption processing of the common key encryption method is fast, it can be said that even if the encryption processing is performed for each data packet, the overhead of the encryption processing is small. Therefore, according to the data transmission system 4000, the confidentiality of the data packet can be improved while the overhead due to the encryption processing is kept small.

  Further, according to data transmission system 4000, receiving apparatus 3000 to which disclosure of a message is permitted by disclosure permission information can be freely set. As described above, the receiving device 3000 to which disclosure of a message is permitted by the disclosure permission information includes, in addition to the receiving device 3000 of the transmission destination, the receiving device 3000 owned by an agency or a person having a special authority such as the police. It is. By doing so, it becomes easy for these special institutions to obtain evidence of crime and the like. In addition, by operating the network so that an agency or the like having a special authority can view the message, it becomes difficult to execute the crime itself, and there is an effect that the crime is deterrent.

<Modification>
In addition to outputting a data packet message to the outside, or instead of outputting a data packet message to the outside, receiving apparatus 3000 performs arbitrary processing (for example, statistical processing) on a message included in one or more data packets. ), And information indicating the result may be generated and output. Hereinafter, information indicating a result of performing an arbitrary process on a message included in one or a plurality of data packets is referred to as process result information.

  In this case, receiving apparatus 3000 further includes anonymous processing section 3200 and second output section 3220. FIG. 7 is a block diagram illustrating the receiving device 3000 of the first embodiment including the anonymous processing unit 3200 and the second output unit 3220. The anonymous processing unit 3200 performs an arbitrary process (for example, a process of performing anonymization) on one or a plurality of data packet messages decrypted by the decryption unit 3040, and generates processing result information. The second output unit 3220 outputs the processing result information to the outside. By outputting the processing result information to the outside, the OS or the like operating on the computer having the second output unit 3220 can use the message. For example, the OS can display a message on the display.

  For example, the anonymous processing unit 3200 performs statistical processing with anonymization on a message indicating data with confidentiality obligations, and generates processing result information indicating the result. For example, assume that receiving device 3000 is a device that receives voting data of an election. In this case, the message of the data packet is data indicating which candidate to vote. In this case, the specific content of the processing result information is a voting result indicating how many votes are cast by each candidate. If the receiving device 3000 outputs only the processing result information without outputting the message itself, it is possible to disclose only the election result to the outside without disclosing “who voted for whom” to the outside. Thus, the results of the election can be disclosed while protecting the privacy of the right to vote.

  Note that data with a duty of confidentiality handled by the data transmission system 4000 is not limited to data on elections. Other confidential data is, for example, medical-related information (such as medical records) or various personal information such as information related to my number and driver's license.

  Further, for example, the anonymous processing unit 3200 performs image processing with anonymization on a message representing image data acquired from the security camera, and generates processing result information indicating the result. For example, it is assumed that the receiving device 3000 is a device that collects image data from a security camera and searches for a wanted person or the like. In this case, the message of the data packet represents image data. In this case, the specific content of the processing result information is information indicating whether or not the wanted person is included in the image data. If the receiving apparatus 3000 outputs only the processing result information without outputting the message itself, the disclosed image data obtained from the security camera is disclosed to the outside, and if a wanted crime is found, the fact is disclosed. be able to. Therefore, it is possible to search for a wanted criminal and the like while protecting the privacy of ordinary people captured by the security camera.

  However, the processing performed by anonymous processing section 3200 is not limited to processing involving anonymization. Further, for example, the anonymous processing unit 3200 performs a virus check on the message and generates processing result information indicating the result. In this case, the specific content of the processing result information is information indicating whether a virus has been detected from the message. If the receiving device 3000 outputs only the processing result information without outputting the message itself, it is possible to perform a virus check on the message without disclosing the contents of each message.

  Here, the anonymous processing unit 3200 may or may not determine whether disclosure of the message is permitted by the disclosure permission information. In the former case, the anonymous processing unit 3200 performs the above-described arbitrary processing on a message whose disclosure is not permitted by the disclosure permission information, and generates processing result information. In the latter case, the anonymous processing unit 3200 determines whether disclosure of the message is permitted by the disclosure permission information in the same manner as the output unit 3060. Then, the anonymous processing unit 3200 performs the above-described arbitrary processing only on the message permitted to be disclosed, and generates processing result information.

  When the anonymous processing unit 3200 also performs anonymization processing on a message for which disclosure is not permitted by the disclosure permission information, the user of the receiving device 3000 cannot know the content itself of the message, but performs predetermined processing on the message. You can know the result of the application. For example, in each of the above-described examples, the user of the receiving apparatus 3000 cannot know 1) “who voted for whom”, but can know the voting result, and 2) who appears in each image data of the security camera. You can't tell if a person is on the security camera, but you can tell if the wanted person is on the security camera. 3) You can't know the content of the message, but you know if the message contains a virus. Can.

  Here, when the anonymous processing unit 3200 performs an anonymization process or the like on a message included in a plurality of data packets, the anonymous processing unit 3200 accumulates the messages included in the plurality of data packets, and a predetermined requirement is satisfied. When satisfied, an anonymization process is performed. For example, the predetermined requirement is elapse of a predetermined time, reception of a predetermined number of data packets, or reception of a data packet whose header includes a flag indicating that statistical processing or the like should be started.

  Note that when the receiving device 3000 outputs the processing result information without outputting the message, the receiving device 3000 may not have the output unit 3060. When receiving apparatus 3000 has both output section 3060 and second output section 3220, receiving apparatus 3000 may output both the message and the processing result information, or may output only one of them. . When only one of the message and the processing result information is output, for example, the user of the receiving device 3000 or the administrator of the data transmission system 4000 can set which of the message and the processing result information is output to the receiving device 3000. To do.

[Embodiment 2]
The functional configuration of the data transmission system 4000 according to the second embodiment is, for example, shown in FIG. 1 similarly to the data transmission system 4000 of the first embodiment. Except for the points described below, the data transmission system 4000 of the second embodiment has the same functions as the data transmission system 4000 of the first embodiment.

  In the second embodiment, the disclosure permission information indicates a list of the receiving devices 3000 permitted to disclose the data packet. For example, this list indicates the ID of the receiving device 3000 described in the first embodiment and the ID of the group to which the receiving device 3000 belongs.

  In the second embodiment, the output unit 3060 outputs the message included in the received data packet to the outside only when the receiving device 3000 having the output unit 3060 is shown in the list.

  FIG. 8 is a flowchart illustrating a flow of a process performed by the receiving device 3000 of the second embodiment. The flowchart in FIG. 8 illustrates a specific flow of S206 in FIG. 2 performed by the output unit 3060 of the second embodiment. The output unit 3060 determines whether the disclosure permission information of the data packet indicates a receiving device having the output unit 3060 (S302). For example, the output unit 3060 determines whether the list indicated by the disclosure permission information includes the ID of the receiving device 3000 having the output unit 3060 or the ID of the group to which the receiving device 3000 belongs.

  When the disclosure permission information of the data packet indicates the receiving device having the output unit 3060 (S302: YES), the process of FIG. 8 proceeds to S304. On the other hand, when the disclosure permission information of the data packet does not indicate the receiving device having the output unit 3060 (S302: NO), the processing in FIG. 8 ends.

  In S304, output section 3060 outputs a data packet message.

<Action and effect>
According to the data transmission system 4000 of the second embodiment, when the receiving device 3000 receiving the data packet is permitted to disclose the message of the data packet, the output unit 3060 outputs the message of the data packet. Therefore, in this case, a user such as a computer having the receiving device 3000 can browse the data packet message. On the other hand, when the receiving device 3000 that has received the data packet is not permitted to disclose the message, the output unit 3060 does not output the message of the data packet. Therefore, in this case, a user such as a computer having the receiving device 3000 cannot browse the data packet message. As described above, according to the present embodiment, it is possible to limit who can view a message or the like based on the list of receiving devices 3000 indicated in the disclosure permission information added to the data packet by transmitting device 2000.

[Example]
Hereinafter, more specific examples of the method and operation of the data transmission system 4000 will be described as embodiments. Note that the configuration of the data transmission system 4000 described below is merely an example, and does not limit the method of implementing the data transmission system 4000.

  In this embodiment, data of 1) a unique encryption key, 2) key generation information, and 3) a master encryption key are introduced. The unique encryption key is an encryption key that uniquely corresponds to the receiving device 3000. In other words, one receiving device 3000 and another receiving device 3000 have different corresponding unique encryption keys. The unique encryption key of a certain receiving device 3000 is stored inside the receiving device 3000 in a state where it cannot be read from the outside of the receiving device 3000. That is, receiving apparatus 3000 has tamper resistance with respect to the unique encryption key.

  The key generation information is information for generating a unique encryption key. The unique encryption key uniquely corresponds to the key generation information. In other words, key generation information corresponding to a certain unique encryption key differs from that of another unique encryption key. When the unique encryption key is generated from the key generation information using a secure hash function, this uniqueness may be replaced with the difficulty of collision with the generated unique encryption key.

  The master encryption key is an encryption key used for generating a unique encryption key using the key generation information. However, the master encryption key cannot be calculated from the unique encryption key. The master encryption key is stored inside receiving device 3000 in a state where it cannot be read from outside receiving device 3000. That is, receiving apparatus 3000 also has tamper resistance with respect to the master encryption key.

<Details of key generation information>
The data structure of the key generation information is arbitrary. For example, the key generation information has a hierarchical structure (eg, a tree structure) by being configured by a combination of a plurality of data. FIG. 9 is a first diagram illustrating key generation information. 9, the key generation information _{T a} is constituted by eight data _T a1 _{through T a8} with fixed length. Each the size of T _a1 ~T _a8 is, for example, 16 bytes. For example, when the key generation information indicates the tree structure, the key generation information T _a is, T _a1 is the root, the key generation information T _a8 represents a tree structure is a leaf.

FIG. 10 is a second diagram illustrating the key generation information. 10, the key generation information _{T b,} it is constituted by a header indicating the size of the different data _T b1 _{through T b3,} and the data size. T _b1 through T _b3 each 5 bytes size, 16 bytes, 256 bytes.

  Note that the key generation information only needs to be hard to collide with the encryption key, and is not limited to the above configuration.

<Details of unique encryption key>
The unique encryption key can be generated based on the key generation information and the master encryption key. For example, the unique encryption key is a value calculated by a function that inputs the key generation information and the master encryption key. For example, this function is a hash function such as SHA-256. This function needs to have one-way or original image calculation difficulty. In addition, this function must be injectable or have collision difficulties. In the case of injection, different unique encryption keys are always generated from different key generation information. In addition, in the case of collision difficulties, although the same unique encryption key can be generated from different key generation information, it is difficult to find a set of a plurality of pieces of key generation information that generate the same unique encryption key. It is.

  For example, the above-mentioned SHA-256 is generally said to have difficulty in original image and collision, and at least a set of key generation information used in the data transmission system 4000 (for example, about 10 billion pieces of key generation information). Is considered to have difficulty in original image and difficulty in collision. Note that the above “about 10 billion” is merely an example, and does not limit the size of a set of key generation information that can be used when operating the data transmission system 4000.

  Further, it is preferable to use a function having a low probability that the same unique encryption key is generated from different key generation information for a set of a small number of key generation information.

  The master encryption key is used to generate a unique encryption key based on the key generation information. Here, the method of generating the master encryption key is not disclosed. This prevents a third party from generating a master encryption key. As described above, the master encryption key cannot be read from the master encryption key storage unit 3120.

  Note that each unique encryption key used in the output unit 3060 is an encryption key corresponding to the encryption method used in the output unit 3060. Here, the output unit 3060 can use various encryption methods. For example, the output unit 3060 uses DES (Data Encryption Standard) encryption, AES (Advanced Encryption Standard) encryption, relocation encryption, or the like. Details of the relocation encryption will be described later. If a block cipher such as DES or AES is used, the mode of use is arbitrary. Examples of the use mode of the block cipher include an ECB (Electric Code Book) mode, a CFB (Cipher Feed Back) mode, an OFB (Output Feed Back) mode, a CBC (Cipher Block Chaining) mode, and a counter mode.

<Specific example of encryption key generation method>
A specific example of a method in which the output unit 3060 generates a unique encryption key will be described. As described above, the output unit 3060 can use various encryption methods. Hereinafter, three specific examples will be described.

<< Method 1 >>
For example, the output unit 3060, using Equation (1), to calculate a unique cryptographic key _{K 1} that corresponds uniquely to the key generation information _{T 1.} H is a hash function having one-way property and collision resistance. _Km is a master encryption key. T ₁ | K _m is a combination of the bit string forming T ₁ and the bit string forming K _m . For example, if T ₁ is 001 and K _m is 101, T ₁ | K _m becomes 001101.

Note that the output unit 3060 may use a part of the bit string constituting H (T ₁ | K _m ) as the unique encryption key K ₁ . For example, the output unit 3060 sets the _first 128 bits of H (T ₁ | K _m ) as the unique encryption key K ₁ . For example, when using the AES encryption method, when the size of H (T ₁ | K _m ) is different from the block size of the AES encryption method, the output unit 3060 makes the size of the unique encryption key K ₁ equal to the block size. Therefore, a part of H (T ₁ | K _m ) is set as a unique encryption key K ₁ .

<< Method 2 >>
Further, for example, the output unit 3060, using Equation (2), to generate a unique encryption key _{K b} corresponding uniquely to the key generation information _{T b.} The key generation information _Tb is the key generation information shown in FIG. E _a is a function that converts such partial data T _b1 which constitute the key generation information to an arbitrary value. Here, when using the AES encryption scheme, E _a is a like partial data T _b1, converted to an arbitrary value with the block size equal to the size of the AES encryption scheme using.

<< Method 3 >>
Further, for example, the output unit 3060 generates a unique encryption key used for the rearrangement encryption method from the master encryption key and the key generation information. The rearrangement encryption method encrypts data by dividing data to be encrypted into a plurality of pieces and rearranging the respective pieces of data based on information indicated by a unique encryption key.

  First, the output unit 3060 generates a pseudo random number header R. Next, the output unit 3060 generates a pseudo-random number using R as an initial value, and stream-encrypts the data to be encrypted. Next, the output unit 3060 performs non-linear integration by using the rearrangement table K including R as an SBOX. Lastly, the output unit 3060 outputs the final cipher text by rearranging the stream-encrypted data using K.

  It should be noted that further details of the rearrangement encryption method are described in Japanese Patent No. 4737334, and thus are omitted here.

<Configuration of transmitting apparatus 2000>
FIG. 11 is a block diagram illustrating the transmission device 2000 according to the embodiment. The disclosure permission information adding unit 2040 according to the present embodiment generates disclosure permission information indicating a list of unique key generation information unique to each receiving device 3000 permitted to disclose a message. Further, the transmitting device 2000 of the present embodiment has a function of adding an electronic signature to a message, in addition to the function of the transmitting device 2000 of the second embodiment. In order to realize a function of attaching a digital signature to a message, the transmitting device 2000 includes a key generation information storage unit 2100, a unique encryption key storage unit 2120, and an electronic signature addition unit 2140.

  The unique encryption key storage unit 2120 stores a unique encryption key that uniquely corresponds to the transmitting device 2000 having the unique encryption key storage unit 2120 in a state where it cannot be read from the outside. Therefore, transmitting apparatus 2000 has tamper resistance with respect to the unique encryption key. The key generation information storage unit 2100 stores key generation information uniquely corresponding to the unique encryption key of the transmitting device 2000 having the key generation information storage unit 2100. Hereinafter, key generation information uniquely corresponding to a unique encryption key of a certain device is also referred to as unique key generation information of the device.

  FIG. 12 is a diagram exemplifying a process executed by the electronic signature giving unit 2140 together with a block diagram. As shown in FIG. 12, the message included in each data packet in the present embodiment is obtained by dividing a message with an electronic signature (hereinafter, signature data). The signature data includes key generation information (hereinafter, unique key generation information) uniquely corresponding to the transmission device 2000 of the transmission source, and encrypted data obtained by encrypting data to be transmitted to the transmission destination (hereinafter, transmission data). . This unique key generation information has a role as an identifier indicating the transmission device 2000 of the transmission source, and at the same time functions as an electronic signature.

  Electronic signature adding section 2140 generates signature data from the transmission data. Specifically, first, electronic signature adding section 2140 encrypts transmission data using a unique encryption key of transmitting apparatus 2000 having electronic signature adding section 2140 to generate encrypted data. Next, the electronic signature adding unit 2140 generates signature data by adding key generation information stored in the key generation information storage unit 2100 to the encrypted data.

  The transmitting device 2000 divides the signature data and generates a plurality of data packets each including the divided signature data as a message. The data packet is transmitted to the receiving device 3000 by being processed by the disclosure permission information adding unit 2040, the disclosure permission information adding unit 2040, and the transmission unit 2060 as described in the first embodiment. Note that if the entire signature data can be accommodated in one data packet, it is not necessary to divide the signature data.

<< hardware configuration >>
The computer having the transmitting device 2000 according to the embodiment is configured so that the data packet transmitted from the computer is always processed by the transmitting device 2000. For example, as described above, the transmission device 2000 is provided on a network interface of a computer having the transmission device 2000. By doing so, the above-mentioned electronic signature is always added to the data packet transmitted by the transmitting device 2000.

  The electronic signature adding unit 2140 may be mounted on the same hardware chip as the other functional components of the transmission device 2000, or may be mounted on another hardware chip.

  The unique encryption key storage unit 2120 is implemented in the same manner as other tamper-resistant storage units such as the first anonymized encryption key storage unit 2080. The key generation information storage unit 2100 is implemented as an arbitrary memory or storage such as a RAM or a ROM. The key generation information storage unit 2100 may be accessible from a device external to the transmitting device 2000.

<Configuration of receiving device 3000>
FIG. 13 is a block diagram illustrating the receiving device 3000 of the present embodiment. The receiving device 3000 of the present embodiment handles key generation information as disclosure permission information. Further, the receiving device 3000 of the present embodiment has a function of determining whether a data packet has been tampered with, using an electronic signature attached to the message. To this end, the receiving device 3000 includes a unique encryption key storage unit 3100, a master encryption key storage unit 3120, a unique key generation information storage unit 3140, and a validity determination unit 3160.

  The unique encryption key storage unit 3100 stores the unique encryption key in a state where it cannot be read from the outside of the receiving device 3000. Therefore, receiving apparatus 3000 has tamper resistance with respect to the unique encryption key.

  Master encryption key storage section 3120 stores the master encryption key in a state where it cannot be read from outside reception device 3000. Therefore, receiving apparatus 3000 has tamper resistance with respect to the master encryption key.

  The unique key generation information storage unit 3140 stores the unique key generation information in a state where it cannot be read from outside the receiving device 3000. Therefore, receiving apparatus 3000 has tamper resistance with respect to the unique key generation information.

  The data packet received by receiving section 3020 is decoded by decoding section 3040. The output unit 3060 determines whether the list of key generation information indicated by the disclosure permission information of the decrypted data packet indicates the unique key generation information stored in the unique key generation information storage unit 3140. If this is indicated, output section 3060 outputs the message included in the data packet to validity verification section 3160. On the other hand, if this is not indicated, output section 3060 does not output the message included in the data packet to validity verification section 3160.

  FIG. 14 is a diagram exemplifying a flow of processing executed by the validity verification unit 3160 together with a block diagram. Each message output by the output unit 3060 is obtained by dividing signature data. The validity verification unit 3160 acquires the restored signature data by combining the divided signature data. If the entire signature data fits in one data packet, this combination is unnecessary.

  The validity determination unit 3160 uses the key generation information included in the restored signature data and the master encryption key stored in the master encryption key storage unit 3120 to generate a unique encryption code uniquely corresponding to the key generation information. Generate a key. Then, the validity determination unit 3160 decrypts the encrypted data included in the signature data with the generated unique encryption key.

  If the encrypted data has been correctly decrypted, the receiving device 3000 can obtain the decrypted transmission data. On the other hand, if the encrypted data has been correctly decrypted, the receiving device 3000 can obtain the decrypted transmission data. If the encrypted data has been correctly decrypted, the validity verification unit 3160 determines that the signature data has not been falsified and the transmitted data is valid. On the other hand, if the encrypted data cannot be decrypted correctly, the validity verification unit 3160 determines that the signature data has been falsified and the transmitted data is unauthorized.

  A mechanism in which the validity verification unit 3160 determines whether the signature data has been tampered will be described. This mechanism is an invention by the inventor of the present invention, and details are described in Japanese Patent Application No. 2014-127670.

  FIG. 15 is a diagram exemplifying processing by the electronic signature adding unit 2140 and the validity determining unit 3160 when the signature data added to the electronic signature is not falsified. Note that processing by functional components other than the electronic signature adding unit 2140 and the validity determining unit 3160 is omitted.

  In FIG. 15, transmission data 10 is transmitted from transmitting apparatus 2000-1 to receiving apparatus 3000. In transmission device 2000-1, electronic signature adding section 2140 encrypts transmission data 10 using unique encryption key 30-1 that is a unique encryption key of transmission device 2000-1, and generates encrypted data 20. Further, the electronic signature adding unit 2140 adds key generation information 50-1, which is the unique key generation information of the transmitting device 2000, to the cipher text 20 to generate the signature data 40.

  The validity determination unit 3160 generates the unique encryption key 30-1 using the key generation information 50-1 included in the received signature data 40 and the master encryption key 60 stored in the master encryption key storage unit 3120. I do. Here, since the key generation information 50-1 included in the signature data 40 is the unique key generation information of the transmitting device 2000-1, the validity determination unit 3160 was used for encryption by the transmitting device 2000-1. A unique encryption key 30-1 identical to the unique encryption key is generated. Therefore, the encryption data 20 is correctly decrypted by the validity determination unit 3160, and the transmission data 10 is calculated. Therefore, the validity determination unit 3160 determines that the signature data 40 has not been falsified.

  On the other hand, FIG. 16 is a diagram illustrating a process by the validity determination unit 3160 when the key generation information added to the electronic signature is falsified. Note that the flow of processing by the electronic signature adding unit 2140 is the same as that in FIG.

  In FIG. 16, the key generation information included in the signature data 40 received by the receiving device 3000 is not the key generation information 50-1 but the key generation information 50-2. That is, the key generation information indicating the transmission source of the signature data 40 has been falsified. In this case, the unique encryption key 30-2 generated by the validity determination unit 3160 using the key generation information 50-2 and the master encryption key 60 is an encryption key different from the unique encryption key 30-1. Therefore, the encrypted data 20 cannot be correctly decrypted by the validity determination unit 3160. Therefore, the validity determination unit 3160 determines that the signature data 40 has been falsified.

  As described above with reference to FIGS. 15 and 16, it is possible to determine whether the signature data has been tampered with by the processing by the electronic signature adding unit 2140 and the validity determining unit 3160.

  Further, as described above, the key generation information also has a role as an identifier indicating the transmission device 2000 of the transmission source. Therefore, when it is determined that the signature data has not been tampered with, it is also understood that "the transmission device 2000 that transmitted the signature data is the transmission device 2000 uniquely corresponding to the key generation information included in the signature data." Can be.

  As described above, the validity determination unit 3160 can determine whether or not the signature data has been falsified, and can further specify the transmission device 2000 as the transmission source. Therefore, it can be said that the signature data processed by the electronic signature adding unit 2140 is a data packet with an electronic signature that can prevent the data from being falsified and certify the source device.

<< hardware configuration >>
The computer having the receiving device 3000 according to the embodiment is configured so that the data packet received by the computer is always processed by the receiving device 3000. For example, as described above, the receiving device 3000 is provided in a network interface of a computer having the receiving device 3000.

  The validity determination unit 3160 may be mounted on the same hardware chip as the hardware chip on which the receiving unit 3020 and the like are mounted, or may be mounted on a different hardware chip.

<Example of Specific Processing in Data Transmission System 4000 of the Present Embodiment>
The data transmission system 4000 of the present embodiment includes a transmitting device 2000-1, a receiving device 3000-1, and a receiving device 3000-2. In this embodiment, it is assumed that a threat message is sent from a certain user (hereinafter, an assailant) to another user (hereinafter, a victim). The transmission device 2000-1 is built in a computer owned by the perpetrator. The receiving device 3000-1 is built in a computer owned by the victim. The receiving device 3000-2 is an investigating receiving device 3000 possessed by the police.

  The transmitting device 2000-1 transmits the threatening text with an electronic signature. First, the electronic signature attaching unit 2140 encrypts the intimidating sentence with the unique encryption key of the transmission device 2000-1 to generate encrypted data, attaches the encrypted data to the unique key generation information of the transmission device 2000-1, and signs the encrypted data. Generate data. Next, transmitting apparatus 2000-1 generates data packets A1 to An including the plurality of messages M1 to Mn obtained by dividing the signature data. In each data packet, the source address is the address of the transmitting device 2000-1, and the destination address is the address of the receiving device 3000-1.

  The disclosure permission information adding unit 2040 adds disclosure permission information to A1. In this embodiment, the disclosure permission information adding unit 2040 is configured to include the unique key generation information of the receiving device 3000-1 of the transmission destination and the unique key generation information of the receiving device 3000-2 owned by the police in the disclosure permission information. Have been. Therefore, the disclosure permission information adding unit 2040 generates disclosure permission information including the unique key generation information of the receiving device 3000-1 and the unique key generation information of the receiving device 3000-2, and adds it to the data packet. The encryption unit 2020 encrypts the source address, destination address, and disclosure permission information of A1. Transmitting section 2060 transmits A1 processed by encrypting section 2020 to receiving apparatus 3000-1.

  The disclosure permission information adding unit 2040, the encrypting unit 2020, and the transmitting unit 2060 perform the same processing for the remaining A2 to An.

  A1 to An are received by the receiving unit 3020 of the receiving device 3000-1. The decryption unit 3040 decrypts the source address, destination address, and disclosure permission information of A1 using the anonymous encryption key.

  The output unit 3060 determines whether the list of key generation information indicated by the disclosure permission information of A1 includes the unique key generation information of the receiving device 3000-1. Here, in the present embodiment, the unique key generation information of the receiving device 3000-1 is included in the list of key generation information indicated by the disclosure permission information. Therefore, the output unit 3060 outputs M1 included in A1.

  The receiving unit 3020, the decoding unit 3040, and the output unit 3060 perform the same processing for the remaining A2 to An. As a result, Mn is output from M2.

  The validity verification unit 3160 combines the M1 with the Mn to obtain the restored signature data. The validity verification unit 3160 uses the key generation information included in the signature data and the master encryption key stored in the master encryption key storage unit 3120 to uniquely identify the key generation information included in the signature data. Generate a corresponding unique encryption key. The validity determination unit 3160 uses the unique encryption key to decrypt the encrypted data included in the signature data, thereby acquiring the threat text.

  The validity determination unit 3160 determines whether or not the encrypted data has been correctly decrypted by the decryption processing. When the encrypted data is successfully decrypted, it can be said that the signature data has not been falsified, as described above.

  When the victim who receives the intimidation text consults the police, the police will try to identify the sender of the intimidation text, that is, the assailant.

  Here, the disclosure permission information of the data packets A1 to An indicates that disclosure by the receiving device 3000-2 is permitted. Therefore, the police can acquire the above-mentioned threatening sentence by receiving An from the data packet A1 by the receiving device 3000-2, and can confirm that the threatening sentence is included in A1 to An. Furthermore, as described above, the threatening sentence is transmitted as signature data with an electronic signature, and the police having the receiving device 3000-2 states that the transmitting device 2000 that transmitted the threatening sentence is the transmitting device 2000-1. You can get confirmation. Therefore, the police can obtain high-proof evidence that the device that transmitted the threatening sentence is a computer having the transmitting device 2000-1. For example, even if an assailant tries to avoid saying, "The source of the threatening text has been falsified and this threatening text was not transmitted from the transmitting device 2000-1," such a falsification has not been made. Since this is proved by an electronic signature, such an escape cannot be avoided.

  It should be noted that the method of using the data transmission system 4000 is not limited to use in investigations by police and the like. For example, the data transmission system 4000 can be used for an electronic money system, an anonymous questionnaire system, an electronic voting system, an anonymous tax payment system, an electronic bidding system, an anonymous medical information system, a group signature system, and the like.

[Embodiment 3]
FIG. 17 is a diagram illustrating an outline of a data transmission system 4000 according to the third embodiment. The data transmission system 4000 of the third embodiment is common to the data transmission systems 4000 of the first and second embodiments in the concept of controlling the data output by the receiving device 3000 based on the disclosure permission information.

  On the other hand, the data transmission system 4000 according to the third embodiment adds disclosure permission information to data to be transmitted to the reception device 3000 (transmission data), and divides the transmission data to which the disclosure permission information has been added by dividing the transmission data. It differs from the data transmission systems 4000 of the first and second embodiments in that packets are generated.

  FIG. 18 is a block diagram illustrating the configuration of the data transmission system 4000 according to the third embodiment. In FIG. 18, the flow of arrows indicates the flow of information. Further, in FIG. 18, each block represents a configuration of a functional unit, not a configuration of a hardware unit.

  The transmission device 2000 according to the third embodiment includes a disclosure permission information addition unit 2040, a data packet generation unit 2160, an encryption unit 2020, a transmission unit 2060, and a first anonymous encryption key storage unit 2080. The disclosure permission information adding unit 2040 according to the third embodiment adds disclosure permission information to transmission data. The data packet generation unit 2160 generates a plurality of messages by generating a plurality of messages by dividing the transmission data to which the disclosure permission information has been added, and adding address information to each message. The encryption unit 2020 according to the third embodiment encrypts only the address information or the entire data packet of the data packet generated by the data packet generation unit 2160. The transmission unit 2060 according to the third embodiment transmits each data packet encrypted by the encryption unit 2020 to the reception device 3000. The function of the first anonymized encryption key storage unit 2080 of the third embodiment is the same as the function of the first anonymized encryption key storage unit 2080 of the first embodiment.

  The contents of the disclosure permission information and the address information, and the method of encryption using the anonymous encryption key are as described in the above embodiments and examples. Further, since a method of dividing data into a plurality of data packets is a known technique, details of the method are omitted.

  The receiving device 3000 according to the third embodiment includes a receiving unit 3020, a decrypting unit 3040, a restoring unit 3180, an output unit 3060, and a second anonymous encryption key storage unit 3080. The receiving unit 3020 according to the third embodiment receives a plurality of data packets transmitted by the transmitting device 2000. The decryption unit 3040 according to the third embodiment decrypts the encrypted data of each data packet using the anonymous encryption key. The restoration unit 3180 restores the transmission data to which the disclosure permission information has been added by combining the messages included in the decoded data packets. The output unit 3060 according to the third embodiment determines whether or not the receiving device 3000 corresponds to the receiving device 3000 permitted to disclose the transmission data, which is indicated by the restored disclosure permission information. Then, when the receiving device 3000 corresponds to the receiving device 3000 for which disclosure of the transmission data is permitted, the output unit 3060 outputs the transmission data to the outside. The function of the second anonymous encryption key storage unit 3080 of the third embodiment is the same as the function of the second anonymous encryption key storage unit 3080 of the first embodiment.

  The method of receiving a data packet, the method of decryption using an anonymous encryption key, and the method of determination using disclosure permission information are as described in the above-described embodiments and examples. Also, since a method of combining a plurality of data packets is a known technique, details of the method are omitted.

<Hardware configuration>
The hardware configurations of the transmitting device 2000 and the receiving device 3000 of the present embodiment are the same as the hardware configurations of the transmitting device 2000 and the receiving device 3000 of the first embodiment, respectively.

<Modification>
The receiving device 3000 according to the third embodiment may further include an anonymous processing unit 3200 and a second output unit 3220, like the receiving device 3000 according to the modification of the first embodiment. In this case, in addition to outputting the transmission data to the outside, or instead of outputting the message of the data packet to the outside, the receiving apparatus 3000 performs arbitrary processing on one or a plurality of transmission data (for example, involves anonymization). The processing result information indicating the result of performing the statistical processing is generated and output. FIG. 19 is a block diagram illustrating a receiving device 3000 according to the third embodiment including the anonymous processing unit 3200 and the second output unit 3220.

  The anonymous processing unit 3200 in the present modification performs an arbitrary process on one or a plurality of transmission data restored by the restoration unit 3180, and generates processing result information indicating the result. The processing in which the anonymous processing unit 3200 in the present modification generates processing result information for one or a plurality of transmission data is performed by the anonymous processing unit 3200 in the modification of the first embodiment. This is the same as the processing for generating information. The operation of the second output unit 3220 in the present modification is the same as the operation of the second output unit 3220 in the modification of the first embodiment.

  The embodiments and examples of the present invention have been described with reference to the drawings. However, these are exemplifications of the present invention, and combinations of the above-described embodiments and examples, and various configurations other than the above-described embodiments and examples Can also be adopted.

Hereinafter, examples of the reference embodiment will be additionally described.
1. A data transmission system having a transmission device and a reception device,
The transmission device,
A disclosure permission information adding unit that adds disclosure permission information, which is information indicating a receiving device permitted to disclose the message, to a data packet including a source address, a destination address, and a message;
The transmission source address included in the data packet to which the disclosure permission information is added, the destination address, or an encryption unit that encrypts the disclosure permission information with an anonymous encryption key,
A transmitting unit that transmits the encrypted data packet;
A first anonymous encryption key storage unit that stores the anonymous encryption key used by the encryption unit in a state where it cannot be read from outside the transmission device,
The receiving device,
A receiving unit that receives the transmitted data packet;
A decryption unit that decrypts the encrypted source address of the received data packet, the destination address or the disclosure permission information with the anonymous encryption key,
An output unit that outputs the message of the received data packet to the outside, when the receiving device is permitted to disclose the message by the disclosure permission information of the received data packet;
A second anonymous encryption key storage unit that stores the anonymous encryption key used by the decryption unit in a state where it cannot be read from outside the receiving device.
2. The disclosure permission information indicates a list of the receiving devices to which disclosure of the message is permitted,
The output unit of the receiving device outputs the message of the received data packet to the outside only when the receiving device is indicated in the list. 2. A data transmission system according to claim 1.
3. A unique encryption key uniquely corresponding to the receiving device, unique key generation information uniquely corresponding to the receiving device, and can be generated using a master encryption key,
The disclosure permission information indicates unique key generation information uniquely corresponding to the receiving device to which disclosure of the message is permitted,
The receiving device has a unique key generation information storage unit that stores the key generation information uniquely corresponding to the receiving device in a state that cannot be read from outside the receiving device,
The output unit, when the key generation information stored in the unique key generation information storage unit is indicated by the disclosure permission information of the received data packet, the message of the received data packet. To the outside,
The master encryption key cannot be calculated from another encryption key. Or 2. 2. A data transmission system according to claim 1.
4. Receiving devices for which disclosure of a message is permitted by the disclosure permission information include receiving devices other than the receiving device of the transmission destination. To 3. The data transmission system according to any one of the above.
5. An anonymous processing unit that performs processing on one or a plurality of the messages and generates processing result information indicating a result of the processing;
A second output unit that outputs the processing result information. To 4. The data transmission system according to any one of the above.
6. A data transmission system having a transmission device and a reception device,
The transmission device,
For transmission data to be transmitted to the receiving device, a disclosure permission information adding unit that adds disclosure permission information that is information indicating a receiving device permitted to disclose the transmission data,
A data packet generating unit that generates a plurality of messages by dividing the transmission data to which the disclosure permission information is added, adds a source address and a destination address to each message, and generates a plurality of data packets;
An encryption unit for encrypting the address information of each of the data packets or each of the data packets with an anonymous encryption key,
A transmitting unit that transmits each of the encrypted data packets;
A first anonymous encryption key storage unit that stores the anonymous encryption key used by the encryption unit in a state where it cannot be read from outside the transmission device,
The receiving device,
A receiving unit for receiving each of the transmitted data packets;
A decryption unit that decrypts each of the received data packets with the anonymous encryption key;
A restoration unit that restores the transmission data to which the disclosure permission information is added by combining the messages included in each of the decoded data packets;
An output unit that outputs the restored transmission data to the outside when the receiving device is permitted to disclose the transmission data by the disclosure permission information;
A second anonymous encryption key storage unit that stores the anonymous encryption key used by the decryption unit in a state where it cannot be read from outside the receiving device.
7. The disclosure permission information indicates a list of the receiving devices to which disclosure of the transmission data is permitted,
5. The output unit of the receiving device outputs the restored transmission data to the outside only when the receiving device is indicated in the list. 2. A data transmission system according to claim 1.
8. A unique encryption key uniquely corresponding to the receiving device, unique key generation information uniquely corresponding to the receiving device, and can be generated using a master encryption key,
The disclosure permission information indicates unique key generation information uniquely corresponding to the receiving device to which disclosure of the transmission data is permitted,
The receiving device has a unique key generation information storage unit that stores the key generation information uniquely corresponding to the receiving device in a state that cannot be read from outside the receiving device,
The output unit outputs the restored transmission when the key generation information stored in the unique key generation information storage unit is indicated by the disclosure permission information added to the restored data packet. Output data to the outside,
5. the master encryption key cannot be calculated from another encryption key; Or 7. 2. A data transmission system according to claim 1.
9. Receiving devices for which disclosure of a message is permitted by the disclosure permission information include receiving devices other than the receiving device of the transmission destination. To 4. The data transmission system according to any one of the above.
10. An anonymous processing unit that performs processing on one or a plurality of the transmission data and generates processing result information indicating a result of the processing;
5. a second output unit that outputs the processing result information. To 9. The data transmission system according to any one of the above.
11. The data transmission system further includes a relay device,
The encryption unit of the transmission device encrypts at least the source address or the destination address of the data packet,
The relay device,
A second receiving unit that receives the transmitted data packet;
A second decryption unit that decrypts the encrypted source address or destination address of the received data packet with the anonymous encryption key,
A conversion unit that converts the source address or the destination address,
A second encryption unit that encrypts the converted source address or destination address with the anonymous encryption key,
A second transmission unit that transmits the data packet encrypted by the second encryption unit;
A third anonymous encryption key storage unit that stores the anonymous encryption key used by the second encryption unit and the second decryption unit in a state where it cannot be read from outside the relay device. To 10. The data transmission system according to any one of the above.
12. 1. To 11. A transmission device included in the data transmission system according to any one of the above.
13. 1. To 11. A receiving device included in the data transmission system according to any one of the above.
14． 11. 3. A relay device included in the data transmission system according to 1.
15. A data transmission method executed in a data transmission system having a transmitting device and a receiving device,
The transmission device, disclosure permission information adding step of adding disclosure permission information, which is information indicating a reception device permitted to disclose the message, to a data packet including a source address, a destination address and a message,
The transmitting device, the source address included in the data packet to which the disclosure permission information is added, the destination address, or an encryption step of encrypting the disclosure permission information with an anonymous encryption key,
A transmitting step of transmitting the encrypted data packet by the transmitting device,
A receiving step of receiving the transmitted data packet,
The receiving apparatus, the decrypted step of decrypting the encrypted source address of the received data packet, the destination address, or the disclosure permission information with the anonymous encryption key,
When the disclosure of the message is permitted by the disclosure permission information of the received data packet, the receiving device outputs the message of the received data packet to the outside, and ,
The transmission device has a first anonymization encryption key storage unit that stores the anonymization encryption key used in the encryption step in a state where it cannot be read from outside the transmission device,
The data transmission method, wherein the receiving device has a second anonymous encryption key storage unit that stores the anonymous encryption key used in the decryption step in a state where the anonymous encryption key cannot be read from outside the receiving device.
16. The disclosure permission information indicates a list of the receiving devices to which disclosure of the message is permitted,
14. The output step performed by the receiving device outputs the message of the received data packet to the outside only when the receiving device is indicated in the list. 2. The data transmission method according to item 1.
17． A unique encryption key uniquely corresponding to the receiving device, unique key generation information uniquely corresponding to the receiving device, and can be generated using a master encryption key,
The disclosure permission information indicates unique key generation information uniquely corresponding to the receiving device to which disclosure of the message is permitted,
The receiving device has a unique key generation information storage unit that stores the key generation information uniquely corresponding to the receiving device in a state that cannot be read from outside the receiving device,
The output step may include, when the key generation information stored in the unique key generation information storage unit is indicated by the disclosure permission information of the received data packet, the message of the received data packet. To the outside,
14. the master encryption key cannot be calculated from another encryption key; Or 16. 2. The data transmission method according to item 1.
18. 14. Receiving devices for which disclosure of a message is permitted by the disclosure permission information include receiving devices other than the receiving device of the transmission destination. To 17. The data transmission method according to any one of the above.
19. An anonymous processing step of performing processing on one or more of the messages and generating processing result information indicating a result of the processing;
14. a second output step of outputting the processing result information. To 17. The data transmission method according to any one of the above.
20. A data transmission method executed in a data transmission system having a transmitting device and a receiving device,
The transmission device, disclosure permission information adding step of adding disclosure permission information, which is information indicating a reception device permitted to disclose the transmission data, to transmission data transmitted to the reception device,
The transmitting apparatus generates a plurality of messages by dividing the transmission data to which the disclosure permission information is added, and adds a source address and a destination address to each message to generate a plurality of data packets. A packet generation step;
An encryption step in which the transmission device encrypts the address information of each of the data packets or each of the data packets with an anonymous encryption key,
A transmitting step of the transmitting device transmitting each of the encrypted data packets;
A receiving step in which the receiving device receives each of the transmitted data packets;
A decryption step in which the receiving device decrypts each of the received data packets with the anonymous encryption key;
A restoration step in which the receiving device combines the messages included in each of the decoded data packets to restore the transmission data to which the disclosure permission information has been added;
The receiving device, when the receiving device is permitted to disclose the transmission data by the disclosure permission information, output step of outputting the restored transmission data to the outside,
The transmission device has a first anonymization encryption key storage unit that stores the anonymization encryption key used in the encryption step in a state where it cannot be read from outside the transmission device,
The data transmission system, wherein the receiving device has a second anonymized encryption key storage unit that stores the anonymized encryption key used in the decryption step in a state where the key cannot be read from outside the reception device.
21. The disclosure permission information indicates a list of the receiving devices to which disclosure of the transmission data is permitted,
19. The output step performed by the receiving device includes outputting the transmission data to the outside only when the receiving device is indicated in the list. 2. The data transmission method according to item 1.
22. A unique encryption key uniquely corresponding to the receiving device, unique key generation information uniquely corresponding to the receiving device, and can be generated using a master encryption key,
The disclosure permission information indicates unique key generation information uniquely corresponding to the receiving device to which disclosure of the transmission data is permitted,
The receiving device has a unique key generation information storage unit that stores the key generation information uniquely corresponding to the receiving device in a state that cannot be read from outside the receiving device,
The output step includes a step of, when the key generation information stored in the unique key generation information storage unit is indicated by the disclosure permission information added to the restored data packet, Output data to the outside,
21. The master encryption key cannot be calculated from another encryption key. Or 21. 2. The data transmission method according to item 1.
23. 20. Receiving devices permitted to disclose transmission data by the disclosure permission information include receiving devices other than the receiving device of the transmission destination. To 22. The data transmission method according to any one of the above.
24. Anonymous processing step of performing processing on one or more of the transmission data and generating processing result information indicating a result of the processing;
20. A second output step of outputting the processing result information. To 23. The data transmission method according to any one of the above.
25. The data transmission system further includes a relay device,
The encrypting step of the transmitting device encrypts at least the source address or the destination address of the data packet,
The data transmission method is
A second receiving step in which the relay device receives the transmitted data packet;
A second decryption step in which the relay device decrypts the encrypted source address or destination address of the received data packet with the anonymous encryption key;
A conversion step in which the relay device performs the conversion of the source address or the destination address,
A second encryption step in which the relay device encrypts the converted source address or destination address with the anonymous encryption key;
A second transmitting step in which the relay device transmits the data packet encrypted by the second encrypting step,
14. The relay device includes a third anonymized encryption key storage unit that stores the anonymized encryption key used in the encryption step and the decryption step in a state where it cannot be read from outside the relay device. To 24. The data transmission method according to any one of the above.
26. 15. To 25. A transmission method having each step executed by a transmission device in the data transmission method according to any one of the above.
27. 15. To 25. A receiving method comprising steps executed by a receiving device in the data transmission method according to any one of the above.
28. 25. 7. A relay method comprising the steps executed by a relay device in the data transmission method described in 1. above.
29. 26. A program for causing a computer to execute each step of the transmission method according to 1.
30. 27. A program for causing a computer to execute each step of the receiving method according to 1.
31. 28. A program that causes a computer to execute each step of the relay method according to 1.

DESCRIPTION OF SYMBOLS 10 Transmission data 20 Encrypted data 30 Unique encryption key 40 Signature data 50 Key generation information 60 Master encryption key 70 Unique encryption key 2000 Transmission device 2020 Encryption unit 2040 Disclosure permission information addition unit 2060 Transmission unit 2080 First anonymized encryption key storage unit 2100 Unique key generation information storage unit 2100 Key generation information storage unit 2120 Unique encryption key storage unit 2140 Electronic signature addition unit 2160 Data packet generation unit 3000 Receiving device 3020 Receiving unit 3040 Decrypting unit 3060 Output unit 3080 Second anonymized encryption key storing unit 3100 unique encryption key storage unit 3120 master encryption key storage unit 3140 second decryption unit 3160 validity determination unit 3180 recovery unit 3200 anonymous processing unit 3220 second output unit 4000 data transmission system

Claims (6)

A data transmission system having a transmission device and a reception device,
The transmission device,
A disclosure permission information adding unit that adds disclosure permission information, which is information indicating a receiving device permitted to disclose the message, to a data packet including a source address, a destination address, and a message;
The transmission source address included in the data packet to which the disclosure permission information is added, the destination address, or an encryption unit that encrypts the disclosure permission information with an anonymous encryption key,
A transmitting unit that transmits the encrypted data packet;
A first anonymous encryption key storage unit that stores the anonymous encryption key used by the encryption unit in a state where it cannot be read from outside the transmission device,
The receiving device,
A receiving unit that receives the transmitted data packet;
A decryption unit that decrypts the encrypted source address of the received data packet, the destination address or the disclosure permission information with the anonymous encryption key,
An output unit that outputs the message of the received data packet to the outside, when the receiving device is permitted to disclose the message by the disclosure permission information of the received data packet;
Have a, a second anonymous cipher key storage unit for storing externally from unreadable state of the decoder is the receiving apparatus anonymous cipher key used,
A unique encryption key uniquely corresponding to the receiving device, unique key generation information uniquely corresponding to the receiving device, and can be generated using a master encryption key,
The disclosure permission information indicates unique key generation information uniquely corresponding to the receiving device to which disclosure of the message is permitted,
The receiving device has a unique key generation information storage unit that stores the key generation information uniquely corresponding to the receiving device in a state that cannot be read from outside the receiving device,
The output unit, when the key generation information stored in the unique key generation information storage unit is indicated by the disclosure permission information of the received data packet, the message of the received data packet. To the outside,
A data transmission system, wherein the master encryption key cannot be calculated from another encryption key . The data transmission system according to claim 1, wherein the receiving devices permitted to disclose the message by the disclosure permission information include receiving devices other than the receiving device of the transmission destination. An anonymous processing unit that performs processing on one or a plurality of the messages and generates processing result information indicating a result of the processing;
Data transmission system according to claim 1 or 2 having a second output section for outputting the processing result information. The data transmission system further includes a relay device,
The encryption unit of the transmission device encrypts at least the source address or the destination address of the data packet,
The relay device,
A second receiving unit that receives the transmitted data packet;
A second decryption unit that decrypts the encrypted source address or destination address of the received data packet with the anonymous encryption key,
A conversion unit that converts the source address or the destination address,
A second encryption unit that encrypts the converted source address or destination address with the anonymous encryption key,
A second transmission unit that transmits the data packet encrypted by the second encryption unit;
From claim 1, further comprising a third anonymous cipher key storage unit for storing externally from unreadable state of the second encryption unit and the second decoding unit is the anonymization encryption key the relay equipment using 3. The data transmission system according to claim 3. A data transmission method executed in a data transmission system having a transmitting device and a receiving device,
The transmission device, disclosure permission information adding step of adding disclosure permission information, which is information indicating a reception device permitted to disclose the message, to a data packet including a source address, a destination address and a message,
The transmitting device, the source address included in the data packet to which the disclosure permission information is added, the destination address, or an encryption step of encrypting the disclosure permission information with an anonymous encryption key,
A transmitting step of transmitting the encrypted data packet by the transmitting device,
A receiving step of receiving the transmitted data packet,
The receiving apparatus, the decrypted step of decrypting the encrypted source address of the received data packet, the destination address, or the disclosure permission information with the anonymous encryption key,
When the disclosure of the message is permitted by the disclosure permission information of the received data packet, the receiving device outputs the message of the received data packet to the outside, and ,
The transmission device has a first anonymization encryption key storage unit that stores the anonymization encryption key used in the encryption step in a state where it cannot be read from outside the transmission device,
The receiving device, the anonymous cipher key used in the decryption step have a second anonymous cipher key storage unit for storing externally from unreadable state of the receiving device,
A unique encryption key uniquely corresponding to the receiving device, unique key generation information uniquely corresponding to the receiving device, and can be generated using a master encryption key,
The disclosure permission information indicates unique key generation information uniquely corresponding to the receiving device to which disclosure of the message is permitted,
The receiving device has a unique key generation information storage unit that stores the key generation information uniquely corresponding to the receiving device in a state that cannot be read from outside the receiving device,
In the output step, when the key generation information stored in the unique key generation information storage unit is indicated by the disclosure permission information of the received data packet, the message of the received data packet is output. To the outside,
A data transmission method, wherein the master encryption key cannot be calculated from another encryption key . The data transmission system further includes a relay device,
The encrypting step of the transmitting device encrypts at least the source address or the destination address of the data packet,
The data transmission method is
A second receiving step in which the relay device receives the transmitted data packet;
A second decryption step in which the relay device decrypts the encrypted source address or destination address of the received data packet with the anonymous encryption key;
A conversion step in which the relay device performs the conversion of the source address or the destination address,
A second encryption step in which the relay device encrypts the converted source address or destination address with the anonymous encryption key;
A second transmitting step in which the relay device transmits the data packet encrypted by the second encrypting step,
The relay device includes a third anonymous encryption key storage unit that stores the anonymous encryption key used in the encryption step and the second decryption step in a state where the anonymous encryption key cannot be read from outside the relay device. 6. The data transmission method according to 5 .

Images