JPH11187007A - Ciphering and deciphering device and its method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To obtain a device improving the security of data and simplifying the preserving and taking-out operation of the data by generating key data for ciphering based on a read finger printing pattern and ciphering objective data through the use of generated key data. SOLUTION: When an input occurs at a pattern reading part, the finger printing pattern is detected (step S3). Then it is judged whether the finger printing pattern is properly detected (step S4). In the case when the finger printing pattern is properly detected, key data (a ciphering key, etc.), is generated from the finger printing data (step S5). Data to be preserved is ciphered through the use of generated key data (step S6). A ciphering flag is set to be '1' and it is given to ciphered data (step S7). Ciphered data and the ciphering flag are corresponded and preserved (step S8). Thereby, the security of personal data is secured.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention
The present invention relates to an apparatus and a method for decoding.

[0002]

2. Description of the Related Art In a network environment in which terminals are connected to each other, there is a situation where data managed by an individual can be easily taken out by another person. Also, when sharing a device such as a network host device, there is a need to manage data that is not desired to be known to others. For this reason, in recent years, all kinds of information including documents and images have been digitized. The electronic information is often secured so that it cannot be seen by others or tampered with.

At present, the simplest and most common security technique is a password. In data protection using a password, as is well known, data is stored in association with a certain password, and a computer or the like that stores the data receives a read instruction for the data, and when a read instruction for the data is received, the user receives the password. Is input, and the data is output only when the password associated with the data is input. The password is managed so that only an individual or a person belonging to a specific group knows the password, and is prevented from being known to others, thereby preventing unauthorized access to data.

As another security technique, encryption is widely used. Encryption is a technique that converts data into undecipherable (meaningless) data in accordance with a predetermined algorithm so that the contents of the data cannot be known to others. The most common encryption algorithm is DES (Data Encryption Standard). In the encryption algorithm, key data (encryption key or initial value, etc.) for encryption / decryption is generally required, including the above-mentioned DES.

[0005]

However, in the above-mentioned conventional security method, each user needs to memorize a password or the like, which is a heavy burden. In addition, it is necessary to input a password or the like each time data is taken out, and it has been heard that it takes time and effort. Further, there is a possibility that a password or the like may be leaked. In this case, it is often the case to deal with this by periodically changing a password or the like, which also increases the burden on the user.

[0006] An object of the present invention is to solve the above-mentioned problems, and to provide an apparatus and a method which have high data security and can easily store and retrieve the data.

[0007]

The encryption device of the present invention comprises:
Pattern reading means, key data generating means for generating key data for encryption based on the fingerprint pattern read by the pattern reading means, and encrypting the target data using the key data generated by the key data generating means. And encryption means for encrypting. Key data generating means for generating key data for decryption based on the fingerprint pattern read by the pattern reading means;
And a decryption unit for decrypting the data encrypted by the encryption unit using the key data generated by the key data generation unit.

According to the above configuration, if the fingerprint pattern used for encrypting the data and the fingerprint pattern used for decrypting the data are different from each other, the data encrypted by the encrypting means can be used. When decryption is performed using the decryption means, indecipherable or meaningless data is obtained.
Thus, the contents of the data are not known to anyone other than the data creator.

[0009]

Embodiments of the present invention will be described below with reference to the drawings. FIG. 1 is an external view of a personal computer taken as an example of an information processing device to which the encryption / decryption device of the present invention is applied. The personal computer 1 includes a keyboard 2, a mouse 3, and a display 4 for inputting a user's instruction, and a pattern reading unit 5 for detecting an uneven pattern on the surface of an object. As will be described later in detail, the pattern reading unit 5 is provided in this embodiment for reading a fingerprint pattern of an arbitrary finger of the user.

FIG. 2 is a configuration diagram of the information processing apparatus of the present embodiment. The storage device 11 includes a semiconductor memory, a magnetic recording medium, or an optical recording medium, and stores programs, data, and the like. The storage device 11 may be fixedly provided in the information processing device 1 or may be detachably mounted.

A recording medium driver 12 reads data stored in a portable recording medium (including a semiconductor memory, a magnetic disk, an optical disk, a magneto-optical disk, and the like) 13 or writes data in the portable recording medium 13. Device. The communication control unit 14 is a unit that controls transmission and reception of data with the network.

The CPU 15 loads a program or the like from the storage device 11 or the portable recording medium 13 into the memory 16 and executes it. Note that a program or the like describing the processing of each flowchart referred to in the embodiments described later is
It is installed in the storage device 11. Note that the program and the like can also be stored in the portable recording medium 13 and supplied. In this case, the program and the like are loaded via the recording medium driver 12. Alternatively, the program or the like may be stored in another device on the network, and may be received via a communication line. Furthermore,
The CPU 15 may use programs, data, and the like stored in another storage device provided on the network via a communication line or the like.

The pattern reading section 5 is a device for detecting irregularities on the surface of an object pressed on its surface, and is formed thin enough to be incorporated in a node type personal computer due to the advancement of miniaturization technology. The pattern reading unit 5 includes, for example, a light source and a two-dimensional photosensor, and converts a current value or a voltage value corresponding to a light receiving level detected by a plurality of light receiving elements constituting the two-dimensional photosensor in a serial format or a parallel format. Output. The applicant of the present invention has previously filed a patent application for a reading apparatus which is capable of reading an uneven pattern on the surface of an object with high accuracy while being sufficiently thin (Japanese Patent Application No. 9-2220).
No. 18).

FIG. 3 is a flowchart of a process for encrypting data to be stored. The process of this flowchart is executed with a trigger that a user inputs an instruction to save data. Note that the encryption processing of the present embodiment does not depend on the attribute of the target data, and can be executed on at least text data, table data, image data, data in which these are mixed, and audio data. It can also be executed on program data expressed in a machine language or a high-level language. Hereinafter, an example in which data is encrypted in file units will be described.

In step S1, an object to be stored is recognized. This processing may include, for example, a procedure of displaying a data list and allowing the user to specify a file name from the data list. In step S2, it is determined whether or not an input has been made to the pattern reading unit 5. This process is to check whether or not the output of the pattern reading unit 5 has changed, for example.

If there is an input to the pattern reading unit 5, it is considered that the user has pressed the desired fingertip (the part where the fingerprint is formed) on the pattern reading unit 5, and the process proceeds to step S3. In step S3, a fingerprint pattern is detected. That is, the output of the pattern reading unit 5 is captured. In step S4, it is determined whether the fingerprint pattern has been properly detected. That is, when the user's finger has not been fixed to the pattern reading unit 5 for a certain period of time or when the contact area is small due to weak pressing, the fingerprint pattern cannot be reproduced. It is determined whether or not it was completed.

If the fingerprint pattern is properly detected, key data (encryption key or the like) is generated from the fingerprint pattern in step S5. In this embodiment,
As an encryption algorithm, DES (Data Encryption
Standard). DES is a block cipher that converts a 64-bit input into a 64-bit output, and uses 64-bit key data for this conversion. Of the 64-bit key data, 8 bits are used as parity. Step S5 of the present embodiment is a process for generating the key data, which will be described later in detail.

In step S6, data to be stored is encrypted using the key data generated in step S5. In step S7, the encryption flag is set to "1", and it is added to the encrypted data. And step S
In step 8, the encrypted data and the encryption flag are stored in association with each other. The area for storing the data is, for example, the storage device 11 or the portable recording medium 13 according to the specification of the user.

On the other hand, if it is determined in step S2 that there is no input to the pattern reading unit 5, the process proceeds to step S1.
At 1, it is checked whether or not the ENTER key has been pressed. If the press of the ENTER key is detected, the process proceeds to step S12, in which the encryption flag is set to “0” and added to the data to be stored. Then, steps S3 to S7
Is skipped, and the data and the encryption flag are stored in association with each other in step S8. Step S1
If the press of the ENTER key cannot be detected in step 1, the process returns to step S1.

As described above, according to the present embodiment, when the pattern reading unit 5 reads a fingerprint pattern of a desired finger when storing data, steps S3 to S7 are executed, and the data is converted into a fingerprint pattern. Encrypted based on This operation is very simple and does not burden the user. On the other hand, when data is stored, the pattern reading unit 5 does not read the fingerprint pattern,
If the TER key is pressed, steps S3 to S7 are skipped, and the data is stored as plain text without being encrypted.

FIG. 4 is a flowchart of a process for generating key data based on a fingerprint pattern. This process
This is a detailed description of step S5 of the flowchart shown in FIG.

In step S21, the fingerprint pattern data detected by the pattern reading section 5 is developed into image data, and preprocessing such as noise removal is performed. Step S2
In step 2, a "line" is detected from the image data. This process regards, for example, a portion in the image data where the density changes abruptly as a “line”, and includes a process of connecting a broken line and a process of approximating the line to a straight line or a curve.

In step S23, each detected line is regarded as a fingerprint line (each line forming a fingerprint pattern).
The center of the vortex of the fingerprint is detected. In step 24, a predetermined number of fingerprint lines are extracted from the center of the fingerprint vortex.
In step S25, the patterns of the extracted fingerprint lines are approximated by curves, and equations representing the respective curves are derived. In step S26, a predetermined number is substituted for each equation, and a data string having a predetermined bit length is generated from each solution. Then, in step S27, key data is generated from the data string generated in step S26.

FIG. 5A is a diagram showing the concept of the encryption processing. This diagram conceptually shows the process of step S6 of the flowchart shown in FIG. In the encryption processing by DES, input data is encrypted every 64 bits. At this time, 64-bit key data is used. That is, when the 64-bit plaintext data P and the 64-bit key data K are input to the function F, 64-bit ciphertext data C is obtained. The function F includes bit-by-bit conversion processing and is repeatedly executed a predetermined number of times. In addition,
The processing procedure of the DES algorithm is open to the public, and the algorithm itself is not directly related to the present invention.

Next, a description will be given of a process of decrypting the encrypted data according to the process shown in FIG. FIG. 6 is a flowchart illustrating the decryption processing according to the present embodiment. The process of this flowchart is executed with a user inputting an instruction to read stored data as a trigger.

In step S31, a list of readable data stored in an access destination (a predetermined area of the storage device 11, a floppy disk, or the like) designated by the user is displayed, and the user is allowed to select data to be output. . FIG. 7 shows an example of the data list displayed in step S31. The data list displays the file name of each stored data and whether the data is stored as cipher text or plain text. Here, whether each data is stored as a ciphertext or a plaintext depends on an encryption flag assigned to each data. It is assumed that the user selects a desired file using a mouse or the like.

Step S32 is the same as step S2 shown in FIG. 3, and checks whether or not an input has been made to the pattern reading section 5. If there is an input to the pattern reading unit 5, it is checked in step S33 whether the data selected in step S31 has been encrypted. That is, it is determined whether the encryption flag assigned to the selected data is set to “1”. If the data to be read has been encrypted, the process proceeds to step S34.

Steps S34 and S35 are the same as steps S3 and S4 shown in FIG. 3, and detect a fingerprint pattern and determine whether or not the detection is sufficient to generate key data. If the fingerprint pattern has been sufficiently detected, key data is generated from the fingerprint pattern in step S36, and the encrypted data is decrypted using the key data in step S37. Then, in step S38, the decrypted data is output.

The processing in step S36 is exactly the same as step S5 shown in FIG. 3, and the details are as shown in FIG. The processing in step S37 is basically the same as step S6 shown in FIG. 3, but is slightly different. That is, in encryption and decryption, key sequences are used in reverse order. FIG. 5B shows the concept of the decoding process.

In step S32, the pattern reading section 5
If it is determined that no input has been made, it is checked in step S41 whether the ENTER key has been pressed. EN
If the press of the TER key is detected, the process proceeds to step S42.
Then, it is determined whether or not the data to be read is encrypted, that is, whether or not the encryption flag assigned to the data to be read is “1”. And if the data to be read was not encrypted,
Proceed to step S38 to output the data. on the other hand,
If the data to be read has been encrypted, or if it is determined in step S41 that the ENTER key has not been pressed, the process returns to step S1.

According to the above configuration, when data stored in the storage device is encrypted based on the fingerprint pattern of the user and the pattern reading unit 5 reads the fingerprint pattern, steps S34 to S37 are executed. The encrypted data is decrypted based on the fingerprint pattern read at the time of data retrieval. At this time, if the fingerprint pattern read at the time of encryption and the fingerprint pattern read at the time of decryption match each other,
The encrypted data is correctly decrypted and returns to a decryptable state. On the other hand, if the two fingerprint patterns do not match each other, the encryption key and the decryption key are different from each other, so that even if the decryption processing is executed, a plaintext that can be decrypted is obtained. It is not possible. That is, data encrypted by a fingerprint pattern of a certain user can be substantially decrypted so that only that user can decrypt the data, thereby protecting security.

In the above-described embodiment, the configuration in which the data is encrypted when the data is stored has been described. However, this processing is performed when the newly created data is encrypted and when the data is previously created and stored. The present invention can be applied to both cases where data that has been processed is taken out and stored again. This encryption process can be performed not only when data is stored but also when data is transferred.

Further, in the above-described embodiment, DES has been described as one of the encryption algorithms, but the present invention is not limited to this algorithm. For example, in an encryption algorithm using a pseudo-random number, an initial value to be given to a pseudo-random number generator may be generated according to a fingerprint pattern.

In the above embodiment, the case where data is stored or transferred in file units has been described. However, the present invention can be similarly applied to a case where a predetermined portion of data is encrypted. In this case, specify the area to be encrypted with a mouse, etc.
Encrypt the area specified by fingerprint input.

[0035]

According to the present invention, since the security of personal data is ensured by using the fingerprint of one's finger instead of the conventional password, there is no need to store and manage the password. There is no danger of spills. Furthermore, complicated operations are not required when extracting and storing personal data.

[Brief description of the drawings]

FIG. 1 is an external view of a computer to which an encryption / decryption device of the present invention is applied.

FIG. 2 is a configuration diagram of an information processing apparatus according to the present embodiment.

FIG. 3 is a flowchart of an encryption process according to the embodiment.

FIG. 4 is a flowchart of a process for generating key data based on a fingerprint pattern.

FIGS. 5A and 5B are diagrams for explaining the concepts of encryption processing and decryption processing, respectively.

FIG. 6 is a flowchart of a decoding process according to the embodiment.

FIG. 7 is an example of a data list displayed when reading data.

[Explanation of symbols]

 DESCRIPTION OF SYMBOLS 1 Information processing apparatus 2 Keyboard 3 Mouse 4 Display 5 Pattern reading part 11 Storage device 12 Recording medium driver 13 Portable recording medium 14 Communication control part 15 CPU 16 Memory

Claims (4)

[Claims] A key reading unit that generates key data for encryption based on a fingerprint pattern read by the pattern reading unit; and a key data generated by the key data generating unit. And an encrypting means for encrypting the target data. 2. A key data generating means for generating key data for decryption based on a fingerprint pattern read by said pattern reading means, and said encrypting means using key data generated by said key data generating means. The encryption device according to claim 1, further comprising: decryption means for decrypting the data encrypted by: 3. A method for encrypting input data, comprising: reading a fingerprint pattern of a user; encrypting target data based on the read fingerprint pattern; Decrypting the data encrypted by the step. 4. A recording medium for storing a program describing a process of encrypting input data, wherein: (a) a function for recognizing a fingerprint pattern of a user when the program is executed by a computer; A recording medium that realizes a function of encrypting target data based on the recognized fingerprint pattern, and (c) a function of decoding data encrypted by the function based on the recognized fingerprint pattern.