JPH11122237A - Ciphering device and data protection device - Google Patents

Abstract

PROBLEM TO BE SOLVED: To prevent the use of data without the will of a generator by ciphering data based on information peculiar to a use side computer. SOLUTION: The generator designates transmission object data and the use side computer 2a to a transmission destination and inputs (x) as a first password key, for example. Then, suppression data is added to the head of objective transmission data and a second password key is generated from the first password key (x) and information peculiar to the use computer 2a. An Ip address is used as information peculiar to the use side computer, for example. The different password keys are generated for the receptive use computers 2a and 2b becoming transmission destinations. Then, transmission object data is ciphered based on the generated second password key and it is transmitted to the use side computers 2a and 2b. The generator generates a decoding key (y) corresponding to the first password key and it is given to a permitted person.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a data protection apparatus for protecting data by encryption / decryption, and more particularly to a data protection apparatus for preventing data from being used without the intention of a creator. The present invention relates to a data protection device suitable for protecting the interests of persons.

[0002]

2. Description of the Related Art Conventionally, techniques for protecting communication data from unauthorized access such as wiretapping and falsification of the communication data include:
There is encryption technology. For example, data is transmitted and received as follows in a network in which a use-permitted computer that permits use of data and a user-side computer that uses the data are connected.

First, in a use-permitted computer, a sender (for example, a data creator) uses encryption software to encrypt plaintext data to be transmitted into encrypted data based on a specified encryption key. Send this.

[0004] On the other hand, in the user's computer, a receiver having a decryption key for decryption (for example, a licensor who has been permitted to use the plaintext data from the creator) uses the decryption software. The received encrypted data is decrypted into the original plaintext data based on the decryption key in possession.

[0005]

As described above, in the conventional encryption technology, it is possible to protect the confidentiality of data from persons other than the licensor. However, once the creator has sent the encrypted data, there is no restriction on the encrypted data,
There is a possibility that the licenser may use the received encrypted data without restriction. In particular, since the decryption key is a predetermined one, the received encrypted data is decrypted and used by another computer, and no restriction is imposed on the plaintext data similarly decrypted. Therefore, there is a possibility that the decrypted plaintext data is retransmitted to another computer as it is.

In general, since data to be encrypted is extremely confidential, if the data is used or eavesdropped without the intention of the creator, the creator may suffer significant damage. Exposure to sex.

[0007] Therefore, an object of the present invention is to solve such a conventional problem, and to prevent data from being used without the intention of the creator, thereby protecting the creator's interest. It is an object of the present invention to provide a data protection device suitable for the above.

[0008]

According to a first aspect of the present invention, there is provided an encryption apparatus for encrypting data based on information unique to a computer to which the data is provided. ing.

With such a configuration, when the creator attempts to provide data to the licensor, the data to be provided is encrypted based on information unique to the computer to which the data is provided.

In the first aspect of the present invention, the information unique to the computer includes, for example, a network address for specifying a connection position of the computer on a network, a serial number of the computer,
And information about the type of computer.

[0011] On the other hand, a data protection device according to a second aspect of the present invention is a data protection device applied to a use-permitted computer that permits use of data and a use-side computer that uses the data. An encryption unit that converts the data into encrypted data based on the information unique to the use side computer, a unique information acquisition unit that automatically acquires information unique to the use side computer,
Decryption means for restoring the encrypted data to the original data based on the acquired information unique to the use side computer, wherein the encryption means is provided in the use permission side computer, and the unique information acquisition means And the decoding means are provided in the use side computer.

With this configuration, when the creator tries to provide data to the licensor of the user computer at the use-permitted computer, the encrypting means uses at least the information unique to the user computer. The data to be provided is converted into encrypted data. At this time, in order to convert the data, for example, a second encryption key is generated from the first encryption key specified by the creator and information unique to the user computer, and based on the second encryption key, To do it. And the creator
The encrypted data is provided to the licensor, and a first decryption key corresponding to the first encryption key is provided to the licensor.

On the other hand, when the licensor tries to use the encrypted data provided by the creator at the user side computer, the information unique to the user side computer is acquired by the unique information acquisition means, and the decryption means The encrypted data is restored to the original data based on at least the acquired information unique to the user computer. At this time, in order to restore the encrypted data, a second decryption key is generated from the first decryption key provided by the creator and information unique to the user computer, and the second decryption key is generated. To do so.

Thus, for example, when the licenser intends to use the encrypted data provided by the creator on another computer, the encrypted data is converted based on information unique to the user computer. Therefore, even if the licensor has the first decryption key, it cannot be restored on another computer.

The data conversion may be performed based on at least information unique to the user's computer. In particular, the first encryption key need not be set. When the first encryption key is not set, the first decryption key is not set accordingly. The use-permitted computer and the use-side computer do not need to be particularly connected via a network or the like. To provide data, for example, the data is stored in a storage medium such as an FD,
This may be read by the user-side computer.

In the second aspect of the present invention, the information unique to the user computer is synonymous with the information unique to the computer. The data protection apparatus according to claim 3 of the present invention is a data protection apparatus applied to a network to which a use-permitted computer that permits use of data and a user computer that uses the data are connected. An encryption unit that converts the data into encrypted data based on the information unique to the use side computer, a transmission unit that transmits the encrypted data to the use side computer, and a unique use side computer. Unique information acquisition means for automatically acquiring information, and decryption means for restoring the encrypted data to the original data based on the acquired information unique to the use side computer, the encryption means and The transmitting means is provided in the use-permitted computer, and the unique information acquisition means and the decryption means are provided in the use-side computer Provided.

With such a configuration, when the creator tries to transmit data to the licensor of the user computer at the use-permitted computer, the creator uses the encryption means based on information unique to the user computer. The data to be transmitted is converted into encrypted data, and the encrypted data is transmitted to the user computer by the transmission means.
At this time, information unique to the user computer used by the usage-permitted computer when converting the data may be registered in advance from the user computer, or the data may be converted. In this case, the information may be obtained from a user computer or a server computer that manages the computer.

On the other hand, when the licenser intends to use the received encrypted data at the user computer, information unique to the user computer is acquired by the unique information acquisition means, and the acquired utilization information is acquired by the decryption means. The encrypted data is restored to the original data based on the information unique to the side computer.

With this arrangement, for example, when the licenser attempts to use the received encrypted data on another computer, the encrypted data is converted based on information unique to the user's computer. Can not restore this on another computer.

In the third aspect of the present invention, the information unique to the user computer is synonymous with the information unique to the computer. Further, in the data protection device according to claim 4 of the present invention, in the data protection device according to claim 2 or 3, the decryption unit inputs restoration information necessary for restoring the encrypted data. Restoration information input means, and encrypted data decryption means for restoring the encrypted data to the original data based on the inputted restoration information and the unique information of the use side computer acquired by the unique information acquisition means And.

With this configuration, when the creator attempts to provide data to the licensor of the user computer at the use-permitted computer, the data to be provided is converted into encrypted data. At this time, in order to convert the data, for example, a second encryption key is generated from the first encryption key specified by the creator and information unique to the user computer, and based on the second encryption key, To do it. The creator provides the encrypted data to the licensor, and also provides the licensor with restoration information corresponding to the first encryption key.

On the other hand, when the licensor tries to use the encrypted data on the user's computer, the licensor inputs restoration information provided by the creator to the restoration information input means. Then, the encrypted data is restored to the original data by the encrypted data decrypting means based on the input restoration information and the acquired information unique to the user computer.

According to a fifth aspect of the present invention, there is provided the data protection device according to the second, third or fourth aspect, wherein the inhibition data for inhibiting data transmission is associated with the data. Association means;
Transmission inhibiting means for inhibiting the transmission of the original data based on the inhibition data, wherein the inhibition data associating means is provided in the use permitting computer, and the transmission inhibiting means is provided in the use side computer.

With this configuration, when the creator tries to provide data to the licensor of the user computer at the use-permitted computer, the data to be provided is added to the data to be provided by the inhibition data association means. Are associated with each other, the encryption unit converts the data associated with the suppression data, and the transmission unit transmits the encrypted data.

On the other hand, in the user's computer, when the licensor tries to retransmit the original data restored by the decrypting means to another computer, the restored original data is associated with the inhibition data. Therefore, transmission of the original data is suppressed by the transmission suppression means based on the suppression data. It should be noted that transmission of data is not suppressed by the transmission suppression means if the data is normal data to which no suppression data is associated.

In the fifth aspect of the present invention, associating the inhibition data with the data means that the inhibition data is added to the beginning or end of the data or at a predetermined position, or link information indicating the link destination of the inhibition data is added to the data. Beginning and end,
Or, it is added to a predetermined position, or the suppression data and the data to be associated are managed in a correspondence table.

[0027]

Embodiments of the present invention will be described below with reference to the drawings. FIG. 1 is a diagram showing an embodiment of a data protection device according to the present invention. FIG. 2 is a diagram showing a configuration of the computer in FIG.

In this embodiment, the data protection device according to the present invention is applied to a case where data transmitted by a creator of a use-permitted computer is used by a licensor of the user computer as shown in FIG. It was done.

In the figure, a use-permitted computer 1 that permits the use of data, and user computers 2a and 2b that use the data are connected to the Internet via a data transmission path 3 for transmitting data. ing.

The use-permitted computer 1 and the use-side computers 2a and 2b have the same function, and are provided with an arithmetic processing unit 4 for controlling arithmetic and the entire system based on a control program, and for electrically reading and writing data. It comprises a writable main storage device 5 and an input / output control device 6 for inputting / outputting data between an external device connected to the outside and the main storage device 5.
The main storage device 5 and the input / output control device 6 are mutually connected by a bus which is a signal line for transmitting data.

The input / output control device 6 includes, as external devices,
An auxiliary storage device 7 capable of magnetically reading and writing data and a keyboard 8 as a human interface capable of externally inputting data are connected to each other.

The main storage device 5 is a ROM in which a control program for the arithmetic processing device 4 is stored in a predetermined area in advance.
And a RAM that stores data read from the ROM or the auxiliary storage device 7 and a calculation result required in a calculation process of the calculation processing device 4.

The arithmetic processing unit 4 of the use-permitted computer 1 comprises a microprocessing unit MPU and the like.
A predetermined program stored in a predetermined area of the ROM is started, and the processing shown in the flowchart of FIG. 3 is executed.

Here, in the processing unit 4 of the use-permitted computer 1, the processing executed when trying to transmit data is configured as follows. First,
In the figure, in step S1, the transmission target data to be transmitted is specified from the keyboard 8, and the process proceeds to step S2 where the suppression data for suppressing the data transmission is added to the head of the specified transmission target data, The process proceeds to step S3, where the use side computers 2a and 2b to be the transmission destinations are specified from the keyboard 8, and the process proceeds to step S4.

In step S4, the first encryption key is input from the keyboard 8, and the process proceeds to step S5, where the information unique to the destination use side computers 2a and 2b and the first encryption key are entered.
A second encryption key is generated from the encryption key of
6, the data to be transmitted is encrypted based on the second encryption key, and the process proceeds to step S7, where the encrypted data is transmitted to the use-side computers 2a and 2b as the transmission destinations, and a series of processing is performed. It is to end.

On the other hand, the arithmetic processing unit 4 of the use side computers 2a and 2b includes a micro processing unit MP
U and the like, when trying to use the encrypted data transmitted from the use-permitted computer 1, a predetermined program stored in a predetermined area of the ROM of the main storage device 5 is started, and FIG. While the processing shown in the flowchart of FIG. 4 is executed, when the transmission target data is to be transmitted, the processing shown in the flowchart of FIG. 4B is executed.

Here, the processing executed by the arithmetic processing unit 4 of the use side computers 2a and 2b when trying to use the encrypted data transmitted from the use permission side computer 1 is configured as follows. ing.

In the figure, in step S11, a first decryption key is inputted from the keyboard 8, and the flow shifts to step S12 to acquire self-specific information. And a second decryption key is generated from the first decryption key and the second decryption key. The process proceeds to step S14, where the encrypted data is decrypted based on the second decryption key. Is stored in the auxiliary storage device 7, and a series of processing is ended.

The processing executed by the processing unit 4 of each of the user-side computers 2a and 2b when transmitting data to be transmitted is configured as follows. First, in FIG. 4B, in step S21, transmission target data to be transmitted is specified from the keyboard 8,
The process proceeds to step S22 to determine whether or not the suppression data is added to the head of the designated transmission target data. If it is determined that the suppression data is added, the process proceeds to step S23 to execute the transmission suppression process. Then, a series of processing is terminated.

On the other hand, when it is determined in step S22 that the suppression data is not added to the head of the transmission target data, the process proceeds to step S24, where the transmission target data is transmitted, and a series of processing is terminated. Has become.

Next, the operation of the above embodiment will be described with reference to the drawings. FIG. 6 is a diagram illustrating information unique to the user-side computer and a diagram illustrating a process of generating a second encryption key corresponding to a transmission destination.

First, in the use-permitted computer 1, when the creator of data intends to transmit data to the licensor of the user computer 2a, the creator specifies transmission target data to be transmitted, and It is assumed that the computer 2a is designated as the transmission destination and "x" is input as the first encryption key, for example.

Then, the suppression data is added to the head of the transmission target data, and the second encryption key is generated from the first encryption key "x" and the information unique to the user computer 2a. Here, as shown in FIG. 6A, the information unique to the user-side computer includes, for example, an I for specifying the connection position of the computer on the Internet.
Use the P address. At this time, "202.247.130.1" is assigned to the information unique to the user computer 2a, and "202.247.130.2" is assigned to the information unique to the user computer 2b.

That is, when transmitting the transmission target data to the use side computer 2a, as shown in FIG. 6B, the first encryption key "x" and the use side computer 2a
A second encryption key “x.202.247.130.1” is generated from the IP address “202.247.130.1” of the second encryption key. When transmitting the transmission target data to the use side computer 2b, the first encryption key “x” and the use side computer 2b
And the second encryption key "x.202.247.130.2" is generated from the IP address "202.247.130.2" of the second encryption key. in this way,
A different second encryption key is generated for each of the use-side computers 2a and 2b that are destinations.

Next, the generated second encryption key “x.2”
The transmission target data is encrypted based on “02.247.130.1” and transmitted to the user computer 2a. Here, when the transmission target data is divided into messages of a predetermined data length, one message is represented by M, Is e, and one message constituting the encrypted data is C, the transmission target data is encrypted into the encrypted data by the following relational expression.

C = e (M, “x.202.247.130.1”) (Equation 1) This is to encrypt the message M into the message C based on the second encryption key “x.202.247.130.1”. Is shown. That is, the encrypted data is configured by collecting messages C obtained by individually encrypting each message M of the data to be transmitted.

The creator transmits the encrypted data to the licensor of the user-side computer 2a, and performs the first decryption corresponding to the first encryption key “x” and necessary for decryption. A key “y” is generated and provided to the licensor.

Next, in the use side computer 2a,
When the licenser intends to use the transmitted encrypted data, the licenser inputs the first decryption key “y” provided by the creator.

Then, I of the user side computer 2a
The P address “202.247.130.1” is obtained, and this and the first
And the second decryption key “y.202.247.1”
30.1 ”is generated, and the generated second decryption key“ y.20 ”is generated.
Based on 2.247.130.1 ", the encrypted data is decrypted and stored in the auxiliary storage device 7. Here, one message when the encrypted data is divided into messages of a predetermined data length is C, a decryption function Is d and one message constituting the transmission target data is M, the encrypted data is decrypted into the original transmission target data by the following relational expression.

M = d (C, “y.202.247.130.1”) (Equation 2) This is to decrypt the message C into the message M based on the second decryption key “y.202.247.130.1”. Is shown. That is, the transmission target data is configured by collecting messages M obtained by individually decrypting each message C of the encrypted data.

As described above, if the data to be transmitted is encrypted based on the information unique to the use side computers 2a and 2b as the transmission destinations, for example, the licenser can encrypt the data transmitted to the use side computer 2a. User computer 2
b, when the licenser inputs the first decryption key “y” provided by the creator in the user-side computer 2b, , The IP address of the user-side computer 2b “20
2.247.130.2 "and the second decryption key" y.202.247.1 "
Therefore, the encrypted data transmitted to the user-side computer 2a is not normally restored to the original data to be transmitted with the second decryption key "y.202.247.130.2". Is not converted.

On the other hand, in the use side computer 2a,
If the licensor tries to retransmit the decrypted transmission target data to the user-side computer 2b as it is (as plain text data), the suppression data is added to the top of the transmission target data. Then, the transmission suppression processing is executed, and the transmission to the use side computer 2b is suppressed.
Here, the transmission suppression processing includes, for example, erasing data to be transmitted as an unauthorized use, notifying the creator of the use-permitted computer 1 of the unauthorized use by e-mail or the like, For example, the dummy data is transmitted to the user-side computer 2b. In addition, if the suppression data is normal transmission target data that is not added to the head, the transmission is not suppressed.

As described above, the use-permitted computer 1
Can be used only by the user-side computer 2a, and the encrypted data sent to the user-side computer 2b can only be used by the user-side computer 2b. Not available.

As described above, in the use-permitted computer 1, the use-side computers 2a, 2
b) encrypts the transmission target data based on the encryption key including the IP address b, transmits the encrypted data,
In 2b, the received encrypted data is decrypted based on the decryption key including its own IP address, so that the transmission target data is used without the intention of the creator as compared with the related art. Possibilities can be reduced and the interests of the creator can be effectively protected.

In particular, each of the user-side computers 2a and 2b generates a second decryption key from the first decryption key provided by the creator and its own IP address, and encrypts the encrypted data based on the second decryption key. Since the decryption is performed, it is possible to reduce the possibility that the encrypted data is decrypted by anyone other than the licensor or that the data to be transmitted is illegally used.

Further, the use-permitted computer 1 transmits the data to be transmitted with the suppression data added thereto, and the user-side computers 2a and 2b transmit the decrypted transmission-target data to the other user-side computers 2b and 2a. When transmission is attempted, the transmission is suppressed based on the suppression data, so that the possibility that the transmission target data is used without the intention of the creator can be further reduced, and the transmission target It is also possible to reduce the possibility that data contents leak to other computers.

Further, as the transmission suppression processing, for example, the data to be transmitted is erased, so that the licensor or a third party tries to illegally distribute the decrypted data to be transmitted to other use side computers. Can be suppressed to some extent.

Further, as the transmission suppression processing, for example, the creator of the use-permitted computer 1 is notified of the unauthorized use by e-mail or the like, so that the creator can confirm the unauthorized use, and the usability is improved. Is good.

Further, as the transmission suppression processing, for example, the dummy data is transmitted to the destination computer 2b as the transmission destination, so that the destination computer 2b is erroneously assumed that the data to be transmitted has been normally transmitted. And the act of the licensor or a third party attempting to use the transmission target data illegally can be suppressed to some extent.

In the above embodiment, the suppression data is added to the head of the transmission target data. However, the present invention is not limited to this. By adding the suppression data to the end of the transmission target data or at a predetermined position. In such a case, it is configured to make it difficult to illegally remove the inhibition data, or to add link data indicating the link destination of the inhibition data instead of the inhibition data to the beginning or end of the transmission target data, or to a predetermined position. May be configured.

In the above embodiment, the use-permitted computer 1 and the use-side computers 2a and 2b
Are connected via a network, but the present invention is not limited to this.
Any configuration that can read data provided from the use-permitted computer 1 may be used. In particular, the use-permitted computer 1 and the use-side computers 2a and 2b need not be configured to be connected via a network. Is also good.

Further, in the above embodiment, the IP addresses of the use side computers 2a and 2b are used as the information unique to the use side computers 2a and 2b. However, the present invention is not limited to this. 2
The serial number b may be used. It should be noted that the information unique to the use side computers 2a, 2b does not necessarily need to be information that completely identifies the use side computers 2a, 2b, but may be information such as information on the model of the use side computers 2a, 2b.
Information that can specify b to some extent may be used.

Further, in the above embodiment, the data to be transmitted is encrypted based on the first encryption key designated by the creator, and the encrypted data is decrypted based on the first decryption key provided by the creator. However, the present invention is not limited to this, and by encrypting and decrypting the transmission target data based only on the information unique to the destination use side computers 2a and 2b, the configuration and automation can be facilitated. You may comprise so that it may become.

Further, in the above embodiment, the encrypted data transmitted from the use-permitted computer 1 to the use-side computer 2a is configured not to be used by the use-side computer 2b. However, the present invention is not limited to this. Is used by the user side computer 2b, for example, a decryption key for decrypting the encrypted data is
The creator of the use-permitted computer 1 may transmit the encrypted data to the user-side computer 2b and decrypt the encrypted data based on the transmission. With such a configuration, the creator can easily grasp where the transmission target file is used, and the usability is good.

Further, in the above-described embodiment, a case has been described in which, when executing the processing shown in the flowcharts of FIGS. 3 and 4, a program stored in advance in the ROM of the main storage device 5 is executed. However, the present invention is not limited to this, and the program may be read from a recording medium on which a program indicating these procedures is recorded into the RAM of the main storage device 5 and executed.

Here, the recording medium is RAM, ROM,
Any recording medium, such as an FD, a compact disk, a hard disk, or a magneto-optical disk, which is a computer-readable recording medium regardless of an electronic, magnetic, optical, or other reading method. Is included.

Further, in the above-described embodiment, the processing shown in the flowcharts of FIGS. 3 and 4 has been described with respect to the case where the processing is implemented by software. However, instead of this, a comparison circuit, an arithmetic circuit, a logic circuit, etc. You may comprise so that an electronic circuit may be combined.

In the above embodiment, steps S3 to S6 correspond to the encryption means according to claim 2 or 3, and step S12 corresponds to the unique information acquisition means according to claim 2 or 3. Steps S11, S13 and S14 correspond to the decrypting means according to claim 2, 3 or 4, and step S7 corresponds to the transmitting means according to claim 3. Step S11 corresponds to the restoration information input means described in claim 4, and steps S13 and S14
Corresponds to the encrypted data decrypting means according to claim 4,
Step S2 corresponds to the suppression data association means described in claim 5, and steps S22 and S23 correspond to the transmission suppression means described in claim 5.

[0069]

As described above, according to the data protection apparatus of the present invention, it is possible to reduce the possibility that the data to be transmitted is used without the intention of the creator as compared with the related art. Thus, the effect that the profit of the creator can be effectively protected can be obtained.

According to the data protection device of the fourth aspect of the present invention, it is possible to reduce the possibility that the encrypted data is decrypted by anyone other than the licensor or the data to be transmitted is illegally used. The effect that it can be obtained is also obtained.

Further, according to the data protection apparatus of the fifth aspect of the present invention, it is possible to further reduce the possibility that the data to be transmitted is used without the intention of the creator, The effect of reducing the possibility that the contents of the information is leaked to another computer can also be obtained.

[Brief description of the drawings]

FIG. 1 is a block diagram showing a configuration of an embodiment.

FIG. 2 is a block diagram illustrating a configuration of a use-permitted computer and a use-side computer.

FIG. 3 is a flowchart illustrating a process executed by a use-permitted computer.

FIG. 4 is a flowchart illustrating a process executed by a user-side computer.

FIG. 5 is a diagram illustrating information unique to a user-side computer and a diagram illustrating a process of generating a second encryption key corresponding to a transmission destination.

[Description of Signs] 1 Use-permitted computer 2a, 2b Use-side computer 3 Data transmission path 4 Arithmetic processing unit 5 Main storage device 6 Input / output control device 7 Auxiliary storage device 8 Keyboard

Claims (5)

[Claims] 1. An encryption device for encrypting data based on information unique to a computer to which the data is provided. 2. A data protection device applied to a use-permitted computer that permits use of data, and a user-side computer that uses the data, wherein the data protection device is provided based on information unique to the use-side computer. Encrypting means for converting the encrypted data into encrypted data, unique information acquiring means for automatically acquiring information unique to the user-side computer, and encrypting the encrypted data based on the acquired information unique to the user-side computer. Decryption means for restoring the data to the data, wherein the encryption means is provided in the use-permitted computer,
A data protection apparatus, wherein the unique information acquisition unit and the decryption unit are provided in the use side computer. 3. A data protection device applied to a network connected to a use-permitted computer that permits use of data and a user computer that uses the data, wherein the information is unique to the use computer. Encrypting means for converting the data into encrypted data based on the data, transmitting means for transmitting the encrypted data to the use side computer, and unique information acquisition means for automatically acquiring information unique to the use side computer And decryption means for restoring the encrypted data to the original data based on the acquired information unique to the use side computer, wherein the encryption means and the transmission means are provided in the use permission side computer. A data protection device, wherein the unique information acquisition unit and the decryption unit are provided in the use side computer. 4. The decryption means comprises: a recovery information input means for inputting recovery information necessary for recovering the encrypted data; and the input recovery information and the unique information obtained by the unique information obtaining means. 4. The data protection device according to claim 2, further comprising: an encrypted data decrypting unit that restores the encrypted data to the original data based on information unique to a user-side computer. 5. Suppression data associating means for associating suppression data for suppressing data transmission with the data,
Transmission inhibiting means for inhibiting transmission of the original data based on the inhibition data, wherein the inhibition data associating means is provided in the use-permitted computer, and the transmission inhibiting means is provided in the user-side computer. 5. The data protection device according to claim 2, wherein: