JPH11239128A - Information protection method for remote diagnosing system and its system device - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an information protection method and an information protection system device by which a remote diagnosing system utilizing an information communication network is enabled to transmit privacy information without disclosing the information to a third person and, at the same time, the alteration of the privacy information by the transmitter of the information can be prevented by preventing access to preserved information from the third person. SOLUTION: An information protection system device is constituted of a public key certificate generator 1 and a plurality of information communication equipment 2 and 3. The generator 1 generates the public key certificates of the generator 1 itself and the communication equipment 2 and 3 and the equipment 2 and 3 commonly encipher the privacy information, decode the enciphered information, and produce signatures and, at the same time, make cryptocommunication between them 2 and 3 and preserve the enciphered data and signatures.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a method for protecting patient information and diagnostic information, which are privacy information, in a remote diagnostic system using an information communication network, and a system device directly used for implementing the method.

[0002]

2. Description of the Related Art In recent years, remote diagnosis systems have been put into practical use in the medical field in order to eliminate regional differences in diagnosis, increase the efficiency of diagnosis processing and medical equipment, and improve services to patients. However, although the system devices used in the practical experiment are being consensused in the medical community, the protection of privacy information such as patient information and diagnostic information related to privacy is left to the morals of doctors. Is the current situation.

FIG. 12 is an example of a configuration diagram of a conventional remote diagnosis system. Communication between the information communication device A used by the patient and the information communication device B used by the doctor is plain text communication, and the information stored in each information communication device is stored as it is without being encrypted. However, unauthorized reading and falsification are prevented by enabling the setting of the access right to the stored information of the information communication devices A and B by the function of the operating system (OS) of each of the information communication devices A and B. .

[0004]

In the conventional remote diagnosis system, the communication between the information communication devices A and B is such that the privacy information such as the patient information and the diagnosis information is transmitted in the same state, and the communication is not changed. In the state, each device A,
B.

[0005] For this reason, there is a possibility that information may be intercepted, falsified, or spoofed by a third party with respect to the communication between the information communication devices A and B. In addition, although the information stored in each of the information communication devices A and B is protected by the access right by the OS, in the case of a doctor's misdiagnosis or the like, the accumulated misdiagnosis diagnostic information can be falsified. It is. Furthermore, if the password of the device administrator is leaked, each device and the entire system are damaged.

Here, the main objects to be solved by the present invention are as follows.

A first object of the present invention is to provide a method and system for transmitting patient information and diagnostic information, which are privacy information, to a third party in a remote diagnostic system using an information communication network without giving it to a third party. No device is provided.

A second object of the present invention is to provide a method and a system for preventing a third party from accessing information once stored in each information communication device in a remote diagnosis system using an information communication network. No device is provided.

[0009] A third object of the present invention is to provide a method and a system apparatus which enable a doctor to prevent falsification of patient information transmitted to a patient in a remote diagnosis system using an information communication network. Things.

[0010] Other objects of the present invention will become apparent from the description of the specification, drawings, and particularly from the claims.

[0011]

In order to solve the above-mentioned problems, the method of the present invention performs user authentication of each information communication transmitter / receiver, mutual authentication between users, encrypts the privacy information of the user, and performs encryption. A method of creating encrypted data, transmitting and receiving the encrypted data and the signature, verifying the signature, and managing and storing the encrypted data and the signature is taken.

In order to solve the above-mentioned problems, the system apparatus of the present invention has an information communication network, a public key certificate issuing device for issuing a public key and a secret key to the information communication device, and each of the information communication devices is free. It is composed of a plurality of information communication devices that can be freely connected, can encrypt personal privacy information, can generate and transmit signatures, verify signatures after transmission and reception, and store and manage signatures in an encrypted state together with signatures. Take measures.

[0013] More specifically, in solving the problem, the present invention achieves the above object by adopting a novel characteristic configuration method or means ranging from the upper concept to the lower concept as listed below. It is done as follows.

A first feature of the method of the present invention is to protect communication and recording of privacy information via an information communication network.
User authentication and mutual authentication between users are performed sequentially,
An information protection method that encrypts the user's privacy information, communicates with the transmission destination as encrypted information, records the encrypted information, and makes it possible to detect tampering of the information when referring to it. In the configuration adoption.

A second feature of the method of the present invention resides in the adoption of an information protection method in which the user authentication in the first feature of the method of the present invention is performed by a public key cryptosystem using a public key and an encryption key. is there.

A third feature of the method of the present invention is the configuration of an information protection method in which the mutual authentication in the first or second feature of the method of the present invention is performed by a public key cryptosystem using a public key and an encryption key. In hiring.

A fourth feature of the method of the present invention resides in the adoption of a configuration of an information protection method in which the secret key in the second or third feature of the above-mentioned method of the present invention enables encryption and decryption using a password. .

According to a fifth aspect of the method of the present invention, there is provided an information protection method according to the second, third or fourth aspect of the present invention, wherein the user authentication is performed using a secret key decrypted with a password. In the configuration adoption.

A sixth feature of the method of the present invention is that the mutual authentication according to the third, fourth, or fifth feature of the method of the present invention is characterized in that the generated random number is generated together with a certificate composed of a private key of a transmission source. Sent, the recipient verifies the certificate, generates a signature for the random number received with its own private key, and returns it to the sender.It is both parties' own responsibility to verify the signature with the public key at the receiver. The present invention resides in adopting a configuration of an information protection method to be performed.

A seventh feature of the method of the present invention is that the encrypted information in the first, second, third, fourth, fifth or sixth feature of the method of the present invention is such that the session information is shared. The present invention resides in the adoption of the configuration of the information protection method that is communicated.

According to an eighth feature of the method of the present invention, the session key according to the seventh feature of the present invention is characterized in that:
The present invention resides in adopting a configuration of an information protection method generated by a random number generated independently by a receiving source.

According to a ninth feature of the method of the present invention, the generation in the eighth feature of the method of the present invention employs a logical operation and employs an information protection method employing a result of the logical operation. is there.

A tenth feature of the method of the present invention resides in adoption of a configuration of an information protection method in which the logical operation in the ninth feature of the present invention is an exclusive OR.

An eleventh feature of the method of the present invention is that the result of the logical operation in the ninth or tenth feature of the above-described method of the present invention employs an information protection method in which an initial value of the operation is also generated. It is in.

A twelfth feature of the method of the present invention resides in that the random number in the eighth, ninth, tenth or eleventh feature of the method of the present invention is such that the public key of the transmission destination is signed together with the signature of the random number of the generation source. And that it can be decrypted with the private key of the receiving source after being encrypted and transmitted.

A thirteenth feature of the method of the present invention is that the session key in the eighth, ninth, tenth, eleventh, or twelfth feature of the method of the present invention is encrypted with its own public key. In other words, there is a configuration of an information protection method that can be used.

A fourteenth feature of the method of the present invention is that the first, second, third, fourth, fifth, sixth, seventh, eighth, ninth, tenth, and eleventh of the above-described method of the present invention. The encryption according to the twelfth or thirteenth feature lies in adopting a configuration of an information protection method using a common key cryptosystem.

A fifteenth feature of the method of the present invention is that the first, second, third, fourth, fifth, sixth, seventh, eighth, ninth, tenth, and eleventh of the method of the present invention are described. Twelfth, thirteenth or fourteenth
The encrypted information according to the above item is characterized in that the information is transmitted together with a signature for the original information.

A sixteenth feature of the method of the present invention resides in that the sixth, seventh, eighth, ninth, tenth, eleventh and first aspects of the method of the present invention described above.
The signature of the second, thirteenth, fourteenth, or fifteenth feature is characterized by adopting a configuration of an information protection method in which the signature is generated by a secret key of a transmission side.

A seventeenth feature of the method of the present invention is that the sixth, seventh, eighth, ninth, tenth, eleventh, and first aspects of the method of the present invention are described above.
The information obtained by receiving the signature in the second, thirteenth, fourteenth, fifteenth, or sixteenth feature together with the encryption information on the receiving side, re-signing with the secret key of the receiving side, and returning the signature to the transmitting side. It consists in adopting the configuration of the protection method.

The eighteenth feature of the method of the present invention is that the sixth, seventh, eighth, ninth, tenth, eleventh, and first aspects of the method of the present invention are described.
The recording according to the second, thirteenth, fourteenth, fifteenth, sixteenth, or seventeenth feature is based on the adoption of an information protection method that is executed after verifying a signature and performing a result of verifying the signature at the transmission destination. .

A nineteenth feature of the method of the present invention is that the sixth, seventh, eighth, ninth, tenth, eleventh and first aspects of the method of the present invention are described above.
2, thirteenth, fourteenth, fifteenth, sixteenth, seventeenth or first
The feature of the eighth aspect resides in adopting a configuration of an information protection method in which the recording is performed together with the recording of the signature on the information of the transmission source.

The twentieth feature of the method of the present invention is that the sixth, seventh, eighth, ninth, tenth, eleventh and first aspects of the method of the present invention are described above.
2, thirteenth, fourteenth, fifteenth, sixteenth, seventeenth, eighteenth
Alternatively, in the nineteenth aspect, the recording in the nineteenth aspect adopts a configuration of an information protection method in which the recording of a double signature of a transmission destination with respect to a signature of transmission information of a transmission source is performed.

The twenty-first feature of the method of the present invention is the seventh, eighth, ninth, tenth, eleventh, twelfth, thirteenth, fifteenth, sixteenth, and seventeenth aspects of the method of the present invention. , Eighteenth, first
The ninth or twentieth feature is that the reference lies in adopting a configuration of an information protection method performed by decrypting its own secret key and the session key.

A twenty-second feature of the method of the present invention resides in that the reference in the twentieth or twenty-first feature of the present invention performs the verification of the recorded signature of the transmission destination using the public key, and the verification using the own public key. It consists in adopting the configuration of an information protection method performed by further verifying the result.

A twenty-third feature of the method of the present invention is that the seventh, eighth, ninth, tenth, eleventh, twelfth, thirteenth, fifteenth, sixteenth, and seventeenth aspects of the above-described method of the present invention. , Eighteenth, first
9. An information protection method according to the twentieth or twenty-first aspect, wherein the privacy information is transmitted after sharing the session key.

A twenty-fourth feature of the present invention resides in that the first, second, third, fourth, fifth, sixth, seventh, eighth, and eighth aspects of the method of the present invention are described.
Ninth, tenth, eleventh, twelfth, thirteenth, fourteenth, first
5, 16th, 17th, 18th, 19th, 20th, 2nd
The information communication network according to the first, the twenty-second or the twenty-third aspect is the Internet, an intranet, a virtual private network,
The present invention is based on the configuration of an information protection method which is an SDN, a LAN, a telephone network, a satellite network, or an information communication network combining these.

On the other hand, the first feature of the system apparatus of the present invention is that it has a function of transmitting and protecting privacy information between information communication devices via an information communication network, and has a function of encrypting, decrypting, and signing personal privacy information. An information protection system apparatus includes a plurality of information communication devices that can be generated and a public key issuer that can issue a public key and a secret key to each of the information communication devices.

A second feature of the system device of the present invention is that the public key issuing device according to the first feature of the system device of the present invention has a configuration in which a public key certificate can be freely created by combining a public key and a secret key. The present invention resides in adopting a configuration of a certain information protection system device.

A third feature of the system device of the present invention is that the public key issuing device according to the first or second feature of the above-described system device of the present invention includes a pair key generation unit for generating a public key and a secret key; A signature generation unit that creates a signature for a public key, a certificate creation unit that creates a public key certificate, a storage unit that stores the public key certificate and a private key, and a storage unit that stores the public key certificate and the private key. The present invention resides in adoption of a configuration of an information protection system device including a communication control unit for performing control necessary for transmission to each information communication device and a control unit for controlling the entire public key certificate issuer.

A fourth feature of the system device of the present invention is that the information communication device according to the first, second or third feature of the system device of the present invention includes a display unit for displaying a password input request, An input unit for receiving an input, a secret key encryption / decryption unit for encrypting or decrypting the secret key, a user authentication unit for authenticating the operation of the destination information communication device, and a random number generation unit for generating a random number Unit, a session key generation unit that appropriately generates a session key based on the random number, a common key encryption / decryption unit that performs encryption or decryption with the session key, and encryption or decryption with the public key and the secret key A public key encryption / decryption unit that performs encryption or decryption according to the above, a generation unit that generates the signature, a signature verification unit that verifies the validity of the other party's signature, A public key certificate verifying unit that verifies the security, a storage unit that stores the public key certificate, the secret key, privacy information, and the signature, a communication control unit that controls communication between the information communication devices, A control unit that performs overall sequence control of all the information communication devices and uses the storage unit information to perform encryption / decryption with the various keys, authentication of the other party, and various verification processes. The configuration of the protection system device is adopted.

A fifth feature of the system device of the present invention is that the information communication device according to the fourth feature of the above-mentioned system device of the present invention is such that the information communication device is capable of mounting an external device which is a card capable of storing the secret key. The present invention resides in adopting a configuration of an information protection system device having a control unit.

A sixth feature of the system device of the present invention resides in that the session key generation unit according to the fourth or fifth feature of the above-described system device of the present invention is provided with a pair of the information communication devices for generating the session key. The present invention resides in adopting a configuration of an information protection system device including a logical operation circuit relating to a random number generated in each of the random number generation units.

A seventh feature of the system device of the present invention resides in the configuration adoption of an information protection system device in which the arithmetic circuit in the sixth feature of the system device of the present invention is an exclusive logical operation circuit.

An eighth feature of the system device of the present invention resides in the adoption of a configuration of an information protection system device in which the session key in the fifth feature of the system device of the present invention is a shared key between the information communication devices.

The ninth feature of the system device of the present invention is that the first, second, third, fourth, fifth,
The protection function according to the sixth, seventh, or eighth feature is that the protection function is a function that operates after the transmission and reception of the privacy information and the signature.

The tenth feature of the system device of the present invention is the same as the first, second, third, fourth, fifth, sixth, seventh, eighth or ninth feature of the system device of the present invention. The present invention resides in adopting a configuration of an information protection system device in which a signature includes a double signature.

The eleventh feature of the system device of the present invention is the first, second, third, fourth, fifth, sixth, seventh, eighth, ninth or tenth feature of the system device of the present invention. Wherein the information communication network in the feature is the Internet, an intranet,
An information protection system device is a virtual private network, an ISDN, a LAN, a telephone network, a satellite network, or an information communication network combining these.

[0049]

BRIEF DESCRIPTION OF THE DRAWINGS FIG.
An embodiment of the present invention will be described with reference to an example of a system device.

(Example of Apparatus) FIG. 1 shows an information protection system apparatus according to the present invention. This system device includes a public key certificate issuer 1 and information communication devices 2 and 3. For example, a patient uses the information communication device 2 and a doctor uses the information communication device 3. In addition, the information communication equipment is not limited to the case of two communication equipments and may be more than two communication equipments, and the information communication network between the equipments is the Internet, an intranet, a virtual private network, an ISDN, a LAN, a telephone network, a satellite network. It is an information communication network such as a network or a combination of these networks, and communication with the public key certificate issuer 1 is also possible via the information communication network. However, in the following embodiments, there is no particular limitation. Do not.

The public key certificate issuer 1 creates public key certificates for the public key certificate issuer 1 itself and the information communication devices 2 and 3. The information communication devices 2 and 3 encrypt and decrypt privacy information (patient information or diagnostic information, etc.) and generate a signature, and perform encrypted communication between the information communication devices 2 and 3 to generate encrypted data. Is stored in each of the information communication devices 2 and 3.

FIG. 2 is a block diagram showing the internal configuration of the public key certificate issuer 1 in the information protection system device according to the present invention.

The public key certificate issuing unit 1 includes a pair key generation unit 11 for generating a public key and a secret key in a public key cryptosystem.
And a signature generation unit 12 for generating a signature for the public key
And a certificate creation unit 13 that constitutes a public key certificate, a storage unit 14 that stores the public key certificate and a secret key, and stores the public key certificate and the secret key in each of the information communication devices 2 and 3. The communication control unit 15 includes a communication control unit 15 that performs control necessary for transmission, and a control unit 16 that controls the entire public key certificate issuer 1 itself.

FIG. 3 is a block diagram showing the configuration of the information communication device 2 in the information protection system device according to the present invention.

The information communication device 2 includes a display unit 21, an input unit 22, a secret key encryption / decryption unit 23, and a user authentication unit 24.
A random number generation unit 25, a common key encryption / decryption unit 26, a public key encryption / decryption unit 27, a signature generation unit 28, a signature verification unit 29, a public key certificate verification unit 2A, a session key generation unit It comprises a unit 2B, a storage unit 2C, a communication control unit 2D, a card control unit 2E, and a control unit 2F.

The display unit 21 displays a password input request and receives it, and the input unit 22 receives an input of a password. The secret key encryption / decryption unit 23 encrypts or decrypts the secret key of the public key cryptosystem, and
Authenticates the validity of the operation of the information communication devices 2 and 3, and the random number generation unit 25 generates a random number.

The common key encryption / decryption unit 26 performs encryption or decryption using a session key (DEK), and the public key encryption / decryption unit 27 performs encryption or decryption using a public key and encryption or decryption using a private key. Perform the conversion. The signature generation unit 28
A signature is generated, and the signature verification unit 29 verifies the validity of the signature. The public key certificate verification unit 2A verifies the validity of the public key certificate, and the session key generation unit 2B generates a session key for encrypting privacy information.

The storage unit 2C stores a public key certificate, a private key, privacy information, and a signature. Communication control unit 2D
Performs communication control between the information communication devices 2 and 3 and, when obtaining a public key certificate and a private key from the public key certificate issuer 1 online, also performs accompanying communication control. The card control unit 2E controls a computer card that stores a secret key, and the control unit 2F controls the entire information communication device 2.

The information communication equipment 3 is the information communication equipment 2
3, the display unit 31, the input unit 32, the secret key encryption / decryption unit 3
3, a user authentication unit 34, a random number generation unit 35, a common key encryption / decryption unit 36, a public key encryption / decryption unit 37, a signature generation unit 38, a signature verification unit 39, a public key certificate A verification unit 3A, a session key generation unit 3B, a storage unit 3C, a communication control unit 3D, a card control unit 3E, a control unit 3F,
, And each component has the same function as the information communication device 2.

(Example of Method) An execution procedure of the example of the present method to which the example of the present apparatus is applied will be described below.

First, each of the information communication devices 2 and 3 needs to have a public key certificate of each device 2 and 3 and a secret key of a public key cryptosystem. Therefore, a public key certificate is issued and a secret key is registered in each of the devices 2 and 3 as preprocessing.

FIG. 4 is a flowchart showing a procedure for issuing a public key certificate. The public key certificate issuing procedure will be described with reference to FIG.

First, a public key certificate C1 of the public key certificate issuer 1 itself is created. The creation procedure is a pair key, that is, a public key P of a public key
k1 and a secret key Sk1 are generated in the pair key generation unit 11 (S1a).

Next, the signature generation unit 12 generates a signature Sk1 (Pk1) of the public key Pk1 using the secret key Sk1 (S1b). Then, using the generated public key Pk1 and the signature Sk1 (Pk1), the certificate creation unit 13 creates the public key certificate C1 of the public key certificate issuer 1 itself (S1c).

The procedure for generating the public key certificate C1 of the public key certificate issuer 1 itself has been described above (S1).

Using the same procedure, a public key certificate C2 for the information communication device 2 is created. The creation procedure is as follows:
According to the instruction of No. 6, a pair key, that is, a public key Pk2 and a secret key Sk2 of the public key cryptosystem are generated in the pair key generation unit 11 (S2a).

Next, the signature generation unit 12 generates a signature Sk1 (Pk2) of the public key Pk2 using the secret key Sk1 (S2b). Then, using the generated public key Pk2 and the signature S1 (Pk2), the certificate creation unit 13 causes the public key certificate C2 of the information communication device 2 to be generated.
Is created (S2c).

The above is the procedure for creating the public key certificate of the information communication device 2 (S2).

Using exactly the same procedure, the information communication equipment 3
A public key certificate C3 is created (S3). Also, when there are three or more information communication devices (when there are a plurality of patients or diagnosticians, respectively), the public key certificate is configured in the same procedure.

Then, the control unit 16 generates the public key certificates C1, C2, C3 and the secret keys Sk1, Sk2, Sk.
3 is stored in the storage unit 14.

The internal structure of the public key certificate is shown in FIG.
(A) shows the configuration of the public key certificate C1 of the public key issuer 1, (b) shows the configuration of the public key certificate C2 of the information communication device 2, and (c) shows the configuration of the information communication device 3. Public key certificate C
3 is a configuration. Note that, as a standard public key certificate, X.400 is used. A public key certificate of the 509 format may be used.

FIG. 6 is a flowchart showing a procedure for registering a secret key of the information communication device 2. FIG. 6 shows a case where the information communication device 2 performs secret key registration, but the same applies to a case where another information communication device 3 performs secret key registration.

Following the public key certificate issuance procedure shown in FIG. 4, the control unit 2F of the information communication device 2 transmits the public key certificate C1 of the public key certificate issuer 1 and the public key certificate C of the information communication device 2.
2 and a secret key Sk2 (S4). At this time, the method of obtaining the information includes the communication control unit 15 of the public key certificate issuer 1,
In addition to the method of obtaining the information from the communication control unit 2D of the information communication device 2 via an information communication network such as a communication line, there is a method of using an information medium such as a floppy disk.

Next, the control unit 2F causes the display unit 21 to display a password input request, and the user (patient) inputs the password Pw from the input unit 22 (S5). The control unit 2F
In response to this, the secret key encryption / decryption unit 23 sends the password P
A secret key encryption key is generated from w, and the secret key Sk2 is encrypted using the secret key encryption key (S6). At this time, the PKCS # 5 method can be used as a standard method.

Next, the encrypted private key Sk2 and the public key certificate C1 and the public key certificate C2
Is stored in the storage unit 2C (S7) or the card control unit 2C
It is stored in the ID card via E (S8).

The same operation is performed for the information communication device 3 in the same manner. The above is the public key certificate issuance 1 and the encryption private key registration in the information communication devices 2 and 3.

Transmission / reception of privacy information such as remote diagnosis includes procedures for user authentication, mutual authentication, session key sharing, information communication and storage, and will be described in this order.

FIG. 7 shows a procedure for authenticating the operability of the information communication device 2. After activating the information protection system, the control unit 2F displays a password input request on the display unit 21, and the user (patient) inputs the password Pw from the input unit 22 (S9).

In response to this, the control unit 2F causes the secret key encryption / decryption unit 23 to generate a secret key decryption key from the password Pw and to decrypt the encrypted secret key (S10).
At this time, the encrypted secret key Sk2 is obtained from the storage unit 2C or the ID card via the card control unit 2E.
At this time, the PKCS # 5 method can be used as a standard method.

The control unit 2F notifies the user authentication unit 24 of the decryption result of the secret key Sk2, and the user authentication unit 24 determines whether the decryption result of the secret key Sk2 is normal or not. User authentication is performed (S11). If the user authentication is abnormal, the control unit 2F performs an error process of displaying a message to notify the abnormality to the display unit 21 (S12). Thus, the user authentication procedure of the information communication device 2 ends.

User authentication is similarly performed for the information communication device 3.

FIG. 8 shows both information communication devices 2 and 3 (patient,
It is a sequence chart which shows the procedure of mutually authenticating a (doctor).

First, on both sides, private key registration is performed in accordance with the procedure shown in FIG.
2 and the secret key Sk2, and the information communication device 3 stores the public key certificates C1 and C3 and the secret key Sk3 (SC1).

Next, user authentication is performed according to the procedure shown in FIG. 7, and a connection between the information communication device 2 and the information communication device 3 is established (SC2).

Then, the information communication device 2 includes a random number generation unit 2
5, a random number R2 is generated, the random number R2 is transmitted to the information communication device 3 together with the public key certificate C2, and the information communication device 3 receives the random number R2 and the public key certificate C2,
The public key certificate verification unit 3A verifies the public key certificate C2 (SC3).

Similarly, the information communication device 3 includes a random number generation unit 3
5, a random number R3 is generated, the random number R3 is transmitted to the information communication device 2 together with the public key certificate C3, and the information communication device 2 receives the random number R3 and the public key certificate C3,
The public key certificate verification unit 2A verifies the public key certificate C3 (SC4).

The information communication device 2 generates a signature S2 (R3) for the random number R3 transmitted from the information communication device 3 in the signature generation unit 28 using the secret key Sk2.
(R3) is transmitted to the information communication device 3, and the information communication device 3 receives the signature S2 (R3) and verifies it with the public key Pk2 in the signature verification unit 39 (SC5). Similarly, the information communication device 3 uses its own secret key Sk3 to generate the signature
8, a signature S3 (R2) for the random number R2 transmitted from the information communication device 2 is generated, the signature S3 (R2) is transmitted to the information communication device 2, and the information communication device 2
3 (R2), and the signature verification unit 29 receives the public key P
Verification is performed using k3 (SC6).

After SC2, SC3 or SC4
Either may be the first. SC5 is SC4 and SC6
If is after SC3, the procedure may change. Here, if the verification in both information communication devices is normal, it is determined that the communication partner is correct. As a standard method after establishing a connection, ISO / IEC9798-
There are three methods.

FIG. 9 is a sequence chart showing a session key sharing procedure for encrypted communication.

First, a random number Rkv2 is generated by the random number generation unit 25 of the information communication device 2, and is encrypted by the public key encryption / decryption unit 27 using the public key Pk3.
[Pk3] (Rkv2) is generated. Then, in the signature generation unit 28, the random number Rk is obtained by using its own secret key Sk2.
v2, and generates a signature S2 (Rkv2) for the communication control unit 2 together with the encrypted data P [Pk3] (Rkv2).
D and 3D to the information communication device 3, and the information communication device 3 transmits the signature S2 (Rkv2) and the encrypted data P
[Pk3] (Rkv2) is received (SC7).

The information communication device 3 transmits the signature S2 (Rkv
2) and after receiving the encrypted data P [Pk3] (Rkv2), the same procedure as the information communication device 2 is performed, and the random number generation unit 3
5 generates a random number Rkv3, encrypts it with the public key Pk2 in the public key encryption / decryption unit 37, generates encrypted data P [Pk2] (Rkv3), and in the signature generation unit 38, uses the secret key Sk3 to generate the random number Rkv3. Generates a signature S3 (Rkv3) of the signature S3 (Rkv3).
v3) and the encrypted data P [Pk2] (Rkv3) are transmitted to the information communication device 2, and the information communication device 2 transmits the signature S
3 (Rkv3) and the encrypted data P [Pk2] (Rkv3)
3) is received (SC8).

The information communication equipment 2 has a public key encryption / decryption unit 27
The signature S3 (Rkv3) and the encrypted data P
[Pk2] (Rkv3) is decoded into a random number Rkv3 based on
The signature verification unit uses the public key Pk3 to execute S3 (Rkv
Verify 3). The information communication device 3 also decrypts the random number Rkv2 according to the same procedure,
(Rkv2) is verified (SC9).

The session generation units 2B and 3B of the information communication device 2 and the information communication device 3 generate a session key DEK and an initial value by a logical operation of the random numbers Rkv2 and Rkv3. For example, the random number Rkv2
And the random number Rkv3 are subjected to an exclusive OR operation, and the upper byte is set to DEK and the lower byte is set to an initial value (SC1
1). The public key encryption / decryption units 27 and 37 store the session key DEK and the initial value in their own public keys Pk2 and Pk2.
k3 and recorded in the storage units 2C and 3C (SC
12). With the above, session key sharing ends.
The order of SC7 and SC8 may be reversed according to use.

FIG. 10 is a sequence chart showing a procedure for communicating privacy information.

First, the information communication device 2 decrypts the secret key Sk2 in the secret key encryption / decryption unit 23 and decrypts the session key DEK in the public key encryption / decryption unit 27. The information communication device 3 similarly decrypts the secret key Sk3 and the session key DEK (SC13). Next, a signature generation unit 28 generates a signature S2 (D2) of its own privacy information (patient information) D2 using the secret key Sk2, and a common key encryption / decryption unit 26 generates the signature S2 (D2).
Is encrypted to generate encrypted data E (D2), and transmits the encrypted data E (D2) to the information communication device 3 via the communication control units 2D and 3D together with the signature S2 (D2) (SC14).

The information communication device 3 transmits the encrypted data E
(D2) and the signature S2 (D2),
The decryption unit 36 decrypts the encrypted data E (D2),
The signature verification unit 39 uses the public key Pk2 to generate the signature S2.
(D2) is verified (SC15). If the signature verification is normal, the signature generation unit 38 applies the double signature S3 (S2 (D2) to the signature S2 (D2) received by the secret key Sk3.
2)), and transmits the double signature S3 (S2 (D2)) to the information communication device 2 via the communication control units 3D and 2D (SC16).

In the information communication device 2, the signature verification unit 29 verifies the double signature S3 (S2 (D2)) with the public key Pk3 (SC17). Then, the verification result is transmitted to the information communication device 3 via the communication control units 2D and 3D (SC1).
8).

If the signature verification is normal, the encrypted data E
(D2), signature S2 (D2) and double signature S3 (S2
(D2)) is stored in the storage units 2C and 3C of each information communication device (SC19). In the above example, the case where privacy information is communicated from the information communication device 2 to the information communication device 3 has been described, but the same applies to the case where privacy information is communicated from the information communication device 3 to the information communication device 2.

Next, referring to the privacy information in the information protection system apparatus will be performed after the user is authenticated. Here, only the procedure for referring to the privacy information is shown in FIG.
It will be described based on FIG. FIG. 11 is a flowchart showing a procedure for referring to privacy information.

The information communication device 2 decrypts the secret key Sk2 in the secret key encryption / decryption 23 and decrypts the session key DEK in the public key encryption / decryption unit 27 (S13). In the common key encryption / decryption unit 26, the privacy information (patient information) D2 is decrypted by the session key DEK (S
14).

The signature verification unit 29 verifies the double signature S3 (S2 (D2)) using the public key Pk3 (S1).
Along with 5), the signature S2 (D2) is verified using the public key Pk2 (S16). Then, the control unit 2F determines the normality of the verification (S17), and in the case of an abnormality, performs an error process of displaying a message notifying the abnormality on the display unit S21 (S18), and outputs the privacy information. End browsing. It is needless to say that privacy information can be referred to using the information communication device 3 by using a similar method.

Although the embodiment of the present invention has been described with reference to the example of the apparatus and the example of the method, the present invention is not necessarily limited to the above-described matter, and achieves the object of the present invention and has the effects described below. Changes can be made as appropriate within the scope.

[0103]

As described above, according to the present invention,
2. Description of the Related Art In an information communication system such as a remote diagnosis system using an information communication network, information such as patient information and diagnosis information requiring privacy can be protected from eavesdropping, falsification, and spoofing. Also, it is possible to prevent eavesdropping and falsification of information stored in each information communication device by a third party, and to detect even falsification due to stored information.

The present invention is applicable not only to a remote diagnostic system but also to other systems using an information communication network.
For example, it is needless to say that information can be easily used when communicating, storing and referring to information that may pose a privacy problem, such as electronic merchandise transactions, credit card numbers, personal identification numbers, and passwords. It has excellent effects such as ensuring security and reliability and maintaining system security.

[Brief description of the drawings]

FIG. 1 is a block diagram of an entire system of an example of an information protection system according to an embodiment of the present invention.

FIG. 2 is an internal block configuration diagram of a public key certificate issuing device of the above device example.

FIG. 3 is an internal block configuration diagram of the information communication device of the example of the device.

FIG. 4 is a flowchart showing a public key certificate issuing procedure in a method example showing an embodiment of the present invention.

FIG. 5 is an internal configuration diagram of the public key certificate created above.

FIG. 6 is a flowchart showing a secret key registration procedure in the embodiment.

FIG. 7 is a flowchart showing a user authentication procedure in the embodiment.

FIG. 8 is a sequence chart showing a mutual authentication procedure in the embodiment.

FIG. 9 is a sequence chart showing a session key sharing procedure in the embodiment.

FIG. 10 is a sequence chart showing a communication procedure in the embodiment.

FIG. 11 is a flowchart showing a data reference procedure in the embodiment.

FIG. 12 is a block diagram of an entire system of a conventional remote diagnosis system device.

[Explanation of symbols]

DESCRIPTION OF SYMBOLS 1 ... Public key certificate issuer 2, 3, A, B ... Information communication equipment 21, 31 ... Display part 22, 32 ... Input part 23, 33 ... Private key encryption / decryption part 24, 34 ... User authentication part 25 , 35 ... random number generation units 26, 36 ... common key encryption / decryption units 27, 37 ... public key encryption / decryption units 28, 38 ... signature generation units 29, 39 ... signature verification units 2A, 3A ... public key certificate verification units 2B, 3B ... session key generation unit 2C, 3C ... storage unit 2D, 3D ... communication control unit 2E, 3E ... card control unit 2F, 3F ... control unit S1 ... public key certificate issuance of public key certificate issuer S1a ... Generating a pair key of a public key certificate S1b ... Signing of Pk1 with Sk1 S1c ... Generating a public key certificate of a public key certificate issuer S2 ... Issuing a public key certificate of the information communication device 2 S2a ... Pair key of the information communication device 2 Generate S2b ... Sk1 and Pk2 Name S2c: Creation of public key certificate of information communication device 2 S3: Issuance of public key certificate of information communication device 3 S4: Acquisition of C1, C2, Sk2 S5: Input of password S6: Generation of encryption key from password and generation of Sk2 Encryption S7: Save to storage unit S8: Save to ID card S9: Enter password S10: Generate decryption key from password and decrypt Sk2 S11: Determine normality of decryption result S12, S18: Error processing S13: Sk2 , DEK decryption S14: Decryption of E (D2) by DEK S15: Verification of S3 (S2 (D2)) S16: Verification of S2 (D2) S17: Normality judgment of verification result SC1: Information communication devices 2 and 3 Certificate registration and secret registration SC2: User approval and establishment of connection between information communication devices SC3: Generation of random number R2, transmission and reception of R2 and C2 And C2
SC4: Generation of random number R3, transmission and reception of R3 and C3, and C3
SC5 ... Generation, transmission and reception and verification of the signature of the information communication device 2 SC6 ... Generation, transmission and reception and verification of the signature of the information communication device SC7 ... Generation of a random number Rk2, generation of signature encryption and transmission and reception SC8 ... Generation of a random number Rk3 SC9: Decryption of Rk2 and Rk3 and signature verification SC10: Sharing of session key SC11: Encryption of session key and initial value SC12: Storage of encrypted session key and initial value SC13: Private key and session Key decryption SC14 ... Signature generation and encryption of privacy information and signature and transmission of encrypted data SC15 ... Signature and encryption data transmission, decryption of encrypted data and signature verification SC16 ... Generation and transmission of double signature SC17 ... Receiving double signature and verification of double signature SC18: Verification result of double signature Send and receive SC19 ... privacy information, storage of the signature and the double signing

Claims (35)

[Claims] 1. To protect communication and recording of privacy information via an information communication network, user authentication and mutual authentication between users are sequentially performed.
The privacy information of the user is encrypted and communicated to the transmission destination as encrypted information, the encrypted information is recorded, and it is possible to detect the tampering of the information when referring to it. Information protection method. 2. The information protection method according to claim 1, wherein the user authentication is performed by a public key cryptosystem using a public key and an encryption key. 3. The information protection method according to claim 1, wherein the mutual authentication is performed by a public key cryptosystem using a public key and an encryption key. 4. The information protection method according to claim 2, wherein the secret key enables encryption and decryption using a password. 5. The information protection method according to claim 2, wherein the user authentication is performed using a secret key decrypted with a password. 6. The mutual authentication includes transmitting the generated random number together with a certificate composed of a private key of a transmission source, verifying the certificate on the receiver side, and converting the received random number to a random number received using its own private key. 6. The information protection method according to claim 3, wherein a signature is generated and returned to the transmission source, and the reception source independently verifies the signature with the public key. 7. The information protection method according to claim 1, wherein the encrypted information is communicated by sharing a session key. 8. The information protection method according to claim 7, wherein said session key is generated by a random number independently generated by each of a transmission source and a reception source. 9. The information protection method according to claim 8, wherein the generation uses a logical operation and utilizes a result of the logical operation. 10. The information protection method according to claim 9, wherein said logical operation is an exclusive OR. 11. The information protection method according to claim 9, wherein the result of the logical operation also generates an initial value of the operation. 12. The method according to claim 1, wherein the random number is encrypted with a public key of a transmission destination together with a signature of the random number of the generation source and transmitted, and then can be decrypted with a private key of the reception source. The information protection method according to claim 8, 9, 10, or 11, wherein 13. The information protection method according to claim 8, wherein the session key can be encrypted with its own public key. 14. The method according to claim 1, wherein said encryption uses a common key encryption method.
8. The information protection method according to 8, 9, 10, 11, 12, or 13. 15. The method according to claim 1, wherein the encrypted information is transmitted together with a signature for the original information.
The information protection method according to 8, 9, 10, 11, 12, 13 or 14. 16. The method according to claim 6, wherein said signature is generated by a secret key of a transmitting side.
The information protection method according to 12, 13, 14, or 15. 17. The method according to claim 6, wherein after receiving the signature together with the encryption information on the receiving side, the signature is re-signed with the secret key of the receiving side and returned to the transmitting side. 9, 10, 11,
12. The information protection method according to 12, 13, 14, 15 or 16. 18. The method according to claim 6, wherein the recording is performed after verifying the signature and confirming the result of the signature to the transmission destination.
12. The information protection method according to 12, 13, 14, 15, 16, or 17. 19. The method according to claim 6, wherein the recording is performed together with the recording of a signature on the information of the transmission source.
Information protection method according to 12, 13, 14, 15, 16, 17 or 18 20. The recording method according to claim 6, wherein the recording is performed together with the recording of a double signature of a transmission destination with respect to a signature of transmission information of a transmission source.
12. The information protection method according to 12, 13, 14, 15, 16, 17, 18, or 19. 21. The method according to claim 7, wherein the reference is performed by decrypting its own secret key and the session key.
2, 13, 14, 15, 16, 17, 18, 19, or 2
0. The information protection method described in item 0. 22. The method according to claim 20, wherein the reference is performed by verifying the recorded signature of the transmission destination using a public key, and further verifying the verification result using its own public key. Information protection method. 23. The method according to claim 7, wherein the privacy information is transmitted after sharing the session key.
2, 13, 14, 15, 16, 17, 18, 19, 20
Or the information protection method according to 21. 24. The information communication network includes the Internet, an intranet, a virtual private network, an ISD
N, a LAN, a telephone network, a satellite network, or an information communication network obtained by combining these.
8, 9, 10, 11, 12, 13, 14, 15, 16,
The information protection method according to 17, 18, 19, 20, 21, 22, or 23. 25. A plurality of information communication devices having a function of transmitting and protecting privacy information between information communication devices via an information communication network and capable of generating encryption, decryption, and signature of personal privacy information, and A public key issuer capable of issuing a key and a secret key to each of the information communication devices. 26. The information protection system device according to claim 25, wherein said public key issuing device is capable of generating a public key certificate by combining a public key and a secret key. 27. The public key issuing device, comprising: a pair key generation unit for generating a public key and a secret key; a signature generation unit for generating a signature for the public key; and a certificate generation unit for generating a public key certificate. A storage unit for storing the public key certificate and the secret key; a communication control unit for performing control necessary for transmitting the public key certificate and the secret key to each information communication device; 27. The information protection system device according to claim 25, further comprising: a control unit that controls the entire document issuer. 28. An information communication device comprising: a display unit for displaying a password input request; an input unit for receiving an input of the password; a secret key encryption / decryption unit for encrypting or decrypting the secret key; A user authentication unit for authenticating the validity of the operation of the other party's information communication device; a random number generation unit for generating a random number; a session key generation unit for appropriately generating a session key based on the random number; and encryption using the session key Or a common key encryption / decryption unit that performs decryption, a public key encryption / decryption unit that performs encryption or decryption with the public key and encryption or decryption with the secret key, and a generation unit that generates the signature, A signature verification unit for verifying the validity of the counterpart signature, a public key certificate verification unit for verifying the validity of the counterpart public key certificate, the public key certificate, the private key, and privacy. Performing a storage unit for storing information and the signature, and a communication control unit for controlling communication between the information communication device, the overall sequence control of the whole the information communication device,
28. A control unit that performs encryption / decryption using the various keys using the storage unit information, performs authentication of the other party, and performs various verification processes. Information protection system device as described. 29. The information protection system device according to claim 28, wherein said information communication device has a card information control unit to which an external device which can store the secret key can be attached. . 30. The session key generation unit, further comprising: a logical operation circuit relating to a random number generated by each of the random number generation units of the pair of information communication devices to generate the session key. Item 30. The information protection system device according to item 28 or 29. 31. The information protection system device according to claim 30, wherein said operation circuit is an exclusive logical operation circuit. 32. The information protection system device according to claim 29, wherein the session key is a shared key between the information communication devices. 33. The protection function according to claim 25, wherein the protection function is a function that operates after the transmission and reception of the privacy information and the signature.
The information protection system device according to 9, 30, 31, or 32. 34. The signature according to claim 25, wherein the signature includes a double signature.
The information protection system device according to 9, 30, 31, 32 or 33. 35. The information communication network according to claim 25, wherein the information communication network is the Internet, an intranet, a virtual private network, an ISDN, a LAN, a telephone line network, a satellite line network, or an information communication network combining these. , 26, 27, 28, 2
9. The information protection method according to 9, 30, 31, 32, 33 or 34.