JPH11258985A - File generating device for sending cipher data, recording medium where program thereof is recorded, and storage medium storing file for sending cipher data - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide the cipher data transmission system which is not limited to a transmission destination and can send cipher data safely. SOLUTION: Relating to a computer 2 at a transmission source, an execution program generation part 22 generates an execution program including cipher data showing transmission contents and a deciphering program. The execution program is sent out to a computer 3 at a transmission destination as an execution program file 5 which can be executed by the computer 3. The computer 3 instructs execution of the execution program file 5 and the said deciphering program deciphers the cipher data once a correct common key is inputted. The execution program 5 is in the same format as execution programs for other purposes of use, so it can be sent more safely than when the cipher data themselves are transmitted. Further, the deciphering program is included in the execution program file 5, so the transmission contents can be sent without preparing the deciphering program on the computer 3.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an encrypted data transmission file generating apparatus capable of creating a transmission file suitable for transmitting encrypted data via a communication path, a recording medium, or the like, and a recording medium on which the program is recorded. , And a recording medium in which the transmission file is stored.

[0002]

2. Description of the Related Art With the spread of the Internet in recent years, data transmission and reception between computers has become much easier. On the other hand, unless a countermeasure is taken, unauthorized access to data by a third party is facilitated, and for example, damage such as data leakage, destruction, or falsification tends to increase. Therefore, encryption technology has been conventionally used to protect important data.

[0003] Specifically, for example, in the case of a secret key (shared key) encryption method, an encryption key is shared between a destination computer and a source computer before sending encrypted data. In addition, the type of encryption algorithm used for encryption and decryption is determined between the two computers, and the sending computer is provided with an encryption program corresponding to the encryption algorithm, and the destination computer is provided with the encryption program. A decryption program corresponding to the encryption algorithm is prepared.

[0004] Thereafter, the sending computer encrypts the sending content with the shared key and sends it. On the other hand, in the destination computer, the decryption program is executed using the shared key as a parameter, and the received encrypted data is decrypted into data indicating the content of the transmission. Here, a third party who does not know the shared key cannot correctly decrypt the encrypted data to be transmitted, so that the contents of the transmission can be transmitted safely.

[0005]

However, according to the above-mentioned conventional method of transmitting encrypted data, it is impossible to transmit encrypted data correctly unless the computer at the destination has a decryption program or device having the same encryption algorithm as the source. Have a problem.

Therefore, encrypted data cannot be sent to a computer that does not have a predetermined decryption program, such as a computer that has a different decryption program, and the sending range of the encrypted data is limited.

In order to reliably send encrypted data to each computer, for example, the sending computer distributes the decryption program to the destination in advance, or the destination computer sends the decryption program from a predetermined location in advance. It is necessary to prepare a decryption program by downloading. As a result, as the number of destinations increases, the labor required to prepare a decryption program increases.

Further, when changing the type of the encryption algorithm, it is necessary to prepare a new decryption program for each destination, which is very troublesome. Therefore, the type of the encryption algorithm tends to be fixed and easily leaked to a third party. In addition, in the above-mentioned conventional sending method, since both the sender and the destination know the type of the encryption algorithm, it is more difficult to keep the type of the encryption algorithm secret. As a result, a third party can easily select a decryption method suitable for the encryption algorithm, and the confidentiality of the encrypted data decreases.

[0009] In addition, at the destination, the user needs to instruct the execution of the decryption program corresponding to the encrypted data, and to correctly specify both the encrypted data and the shared key. It becomes complicated. The extension of the file that stores the encrypted data and the MIME (Multipurpose Internet Mail Exte
nsions) If you specify the type, you can specify the decryption program. However, in this case, since the decryption program is disclosed to a third party, the confidentiality of the encrypted data is further reduced.

[0010] In particular, since encrypted data is transmitted and received on a specific port on the Internet, a third party can easily identify encrypted data from data transmitted on the Internet. Therefore, the encrypted data
It is easy to be attacked by eavesdropping or tampering, and the confidentiality of the encrypted data is further reduced.

[0011] The present invention has been made in view of the above problems, and its object is not limited to a destination, and
It is an object of the present invention to provide an encrypted data transmission file generation device capable of creating a transmission file that can be transmitted safely, a recording medium on which the program is recorded, and a recording medium on which the transmission file is stored.

[0012]

According to a first aspect of the present invention, there is provided a file generating apparatus for transmitting encrypted data, wherein a file for transmitting an executable program which can be executed at a destination is stored. It is provided with a file generation unit for generating, wherein the execution program includes encrypted data and a decryption program for decrypting the encrypted data when a correct decryption key is input.

[0013] According to the above configuration, the file generation unit creates an execution program including the encrypted encrypted data and a decryption program for the encrypted data. Generate a transmission file indicating the execution program, such as a compressed file.

The file for transmission is transmitted to a destination via a communication path such as the Internet or a recording medium such as a disk. When the delivery file is delivered to the authorized destination and the execution of the execution program stored in the delivery file is instructed, the execution program causes the decryption program to be executed. The decryption program decrypts the encrypted data included in the execution program when a correct decryption key is input. The input of the decryption key is input by various methods such as an argument for instructing execution of the execution program, a key input during execution, or an input from a specific file. As a result, the encrypted data can be correctly decrypted at the authorized destination. On the other hand, a third party who does not know the decryption key cannot correctly decrypt the encrypted data even if the third party obtains the transmission file. Therefore, the contents of the transmission can be safely transmitted only to the authorized destination.

According to the above configuration, the execution file including the decryption program is stored in the transmission file.
Therefore, even if a decryption program or a decryption device of the same encryption algorithm as that at the time of creation of the encrypted data is not prepared at the destination, the destination can decrypt the encrypted data without any trouble. As a result, the encrypted data can be sent over a wider range than before. Also, since there is no need to prepare a destination, it is possible to reduce the trouble when expanding the transmission range.

Furthermore, since encrypted data can be sent without preparing a decryption program or a decryption device at the destination in advance, the time required to switch the encryption algorithm is greatly reduced as compared with the related art. Therefore, the sender can frequently change the encryption algorithm, and can further improve the security when sending the encrypted data.

The encrypted data is transmitted as a file storing an execution program on a transmission path such as a communication path or a recording medium. Here, the execution program may be disclosed to an unspecified number of people, and in general, there are many less important programs than encrypted data. Therefore, when the executable program is sent as a stored file, it is less likely to attract a third party's attention and is less likely to be attacked than when the encrypted data itself is sent. As a result, security can be improved as compared with the case where the encrypted data itself is sent.

Since the execution program is stored, for example, when the decryption key is not correctly input, a program different from the decryption can be executed. In this case, it is more difficult to distinguish a file storing a program for another use from the file, so that the security can be further improved.

In addition, when the execution of the execution program is instructed, the decryption program of the execution program operates to decrypt the encrypted data. Therefore, at the destination, the encrypted data can be decrypted only by instructing the execution of the execution program and inputting the correct decryption key. As a result, there is no need to specify a decryption program corresponding to the encrypted data at the destination, and the operation can be simplified.

Further, since a decryption program is included, encrypted data can be decrypted without the sender having to inform the destination of the type of encryption algorithm. Therefore, there is no fear that the type of the encryption algorithm is leaked from the destination user or the transmission route. As a result, the security when sending the encrypted data can be further improved.

According to a second aspect of the present invention, in the configuration of the first aspect of the present invention, the execution program further includes an authentication program, and the authentication program includes: It is characterized in that the executor of the execution program is authenticated on the basis of the input at the time of execution, and execution of the decryption program is prevented if the authentication fails.

In the above configuration, when the sending file generated by the sending file generating device is delivered to the destination, and the execution program in the sending file is executed,
The execution program causes the authentication program to be executed. The authentication program authenticates the executor of the execution program and, if the authentication fails, prevents execution of the decryption program. The input at the time of authentication is input by various methods such as a key input, an argument, and a specific file, similarly to the input of the decryption key. Therefore, the encrypted data is correctly decrypted only when the specific executor instructs the execution of the execution program. As a result, the performer can be identified,
The security when sending the encrypted data can be further improved.

According to a third aspect of the present invention, in the configuration of the first or second aspect, the execution program further includes an unauthorized input detection program. When the unauthorized input detection program detects an unauthorized input a predetermined number of times,
It is characterized in that the execution program is prevented from being executed by rewriting the file storing the execution program. The rewritten file is, for example,
This is a file in which an execution program is stored, such as a transmission file itself and an execution program file generated from the transmission file.

In the above configuration, when the sending file generated by the sending file generating device is delivered to the destination, and the execution program in the sending file is executed,
The execution program causes an unauthorized input detection program to be executed. The unauthorized input detection program monitors the input of the decryption key and the input for authentication, and when the unauthorized input is detected a predetermined number of times, rewrites the file storing the execution program and executes the decryption program. To block.

At the time of rewriting, the entire file may be deleted, or only a part of the file which is indispensable for executing the decryption program may be changed. In addition, the number of times may be counted each time the execution program is executed, or may be counted in total. In addition, when counting in total, for example, a part of the above file, etc.
Data indicating the total number of times is stored in an area where data can be held even after the execution program ends.

According to the above configuration, when an incorrect input is repeated a predetermined number of times, the file storing the execution program is rewritten. Therefore, even if correct input is performed after rewriting, the encrypted data cannot be decrypted. This makes it impossible to estimate a correct input by trial and error, and further improves safety.

By the way, the above-mentioned encrypted data may be given to the sending file generating device, for example, as an encrypted data file created in advance, or the sending file generating device may encrypt the given sending content. May be generated. Also, if the file generation unit can attach a decryption program corresponding to the encryption algorithm, any encryption algorithm can be used.

However, for example, when the type of the encryption algorithm is instructed to the sending file generating device by the extension or the content of the encrypted data file or the user's instruction, the type of the encrypting algorithm is set to the sending file generating device. May be leaked from the user. In addition, when a user selects an encryption algorithm, the frequency of use of each of the encryption algorithms is often unequal, and the type of encryption algorithm can be easily estimated. In any case, when the type of the encryption algorithm is specified, the encrypted data is easily decrypted, and the security is reduced.

On the other hand, the file generating apparatus for sending encrypted data according to the invention of claim 4 is the configuration of the invention according to claim 1, 2 or 3, further comprising a plurality of predetermined encryption algorithms. A selection unit that selects an encryption algorithm to be used for encryption; and an encryption unit that encrypts transmission contents using the selected encryption algorithm. The decryption program is selected to generate the transmission file.

The sending file generating apparatus according to the above configuration encrypts sending contents using any one of a plurality of encryption algorithms, and generates a sending file. Therefore, even if the user of the sending file generation device,
The type of encryption algorithm cannot be specified. Furthermore, the use frequency of each encryption algorithm is set regardless of the user's preference. As a result, the type of encryption algorithm used to create the encrypted data can be more securely concealed,
Safety can be improved.

According to another aspect of the present invention, there is provided a recording medium in which a program for realizing a file generation unit for generating a file for sending encrypted data is provided. Is recorded,
The sending file stores an executable program that can be executed at the destination. The executing program includes the encrypted data and a decryption program that decrypts the encrypted data when a correct decryption key is input. It is characterized by having.

When the program recorded on the recording medium having the above configuration is executed by a computer, the file generating section generates a transmission file storing an executable program executable at the destination. Since the execution program includes the encryption data and the decryption program, by transmitting the transmission file, the transmission program is not limited to the destination, and the encryption data is securely transmitted. Can be sent.

According to a sixth aspect of the present invention, there is provided a recording medium storing a file for transmitting encrypted data, wherein the file for transmission stores an execution program to solve the above problem. The execution program includes the above-described encrypted data and a decryption program that decrypts the encrypted data when a correct decryption key is input, and when execution is instructed at the reading destination, based on the input decryption key,
The decryption program decrypts the encrypted data.

[0034] In the above configuration, when the computer becomes readable from the recording medium and the execution of the execution program in the transmission file is instructed, the decryption program in the execution program is executed.
When the correct input key is input, the decryption program correctly decrypts the encrypted data in the execution program.
Therefore, by transmitting the data via the recording medium, it is possible to transmit the encrypted data safely without being limited to the destination, as in the first aspect.

[0035]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS [First Embodiment] An embodiment of the present invention will be described below with reference to FIGS. That is, as shown in FIG. 1, an encrypted data transmission system 1 according to the present embodiment includes a computer 2 that is a source of encrypted data, and a destination computer 3 that receives the data. The encrypted data is sent as the execution program file 5 via the sending path 4. The sending path 4 is, for example,
It is a communication path such as the Internet or a portable recording medium such as a magnetic disk, and can deliver the execution program file 5. The execution program file 5 corresponds to a sending file described in the claims, and the computer 2 corresponds to a sending file generating device.

The transmission source computer 2 includes an encryption unit 21 for encrypting transmission contents by a predetermined encryption algorithm,
An execution program generation unit 22 that generates an execution program that can be executed by the destination computer 3 based on the generated encrypted data, and a file generation unit 23 that outputs the execution program as a file are provided. Further, the computer 2 is provided with a decryption program storage area 24 and an unauthorized input detection program storage area 25 as one area of a storage device such as a semiconductor memory or a disk device.

Each of the units 21 to 23 may be a functional block realized by the CPU of the computer 2 executing a predetermined program, or may be realized as hardware performing the same operation. However, when realized by software, each of the units 21 to 23 can be realized by distributing the programs on a recording medium or a communication path and executing the program on a normal computer, thereby facilitating the distribution. The execution program generation unit 2
2 and the file generation unit 23 correspond to the file generation unit described in the claims.

The encryption algorithm of the encryption unit 21 is, for example, DES (Data Encryption Standard), IDEA
(International Data Encryption Algorithm) or a secret key encryption method such as RC5. Share a shared key with In the secret key cryptosystem,
Since the encryption key for encrypting the encrypted data and the decryption key for decryption are common, in the following, the two are not particularly distinguished,
It is called a shared key.

The two program storage areas 24 and 25 are:
A program executable by the computer 3 is stored, and a decryption program for decrypting the encrypted data is stored in the decryption program storage area 24.
The unauthorized input detection program storage area 25 stores an unauthorized input detection program for detecting an unauthorized input during decryption. Note that each program may not be executable on the sending computer 2 as long as it can be executed on the sending computer 3.

Further, the execution program generation unit 22
Generates an execution program by, for example, adding the encrypted data received from the encryption unit 21 to the programs read from the program storage areas 24 and 25. When there is a portion that varies according to the encryption data in the read program, the execution program generation unit 22 adjusts the portion based on the encryption data received from the encryption unit 21 to generate an execution program. Further, the file generation unit 23 can generate the execution program file 5 by writing the execution program on a recording medium (not shown). The executable program file 5
Is a binary file of the same format as an executable program file used for other purposes, and cannot be distinguished at a glance.

In FIG. 1, for convenience of explanation, each program storage area 24, 25 and each area 52,
Although 53 is clearly distinguished, in many cases, the unauthorized input detection program is a part of the decryption program, and each area 25 (53) is realized as a part of each area 24 (52). In the above description, each program area 24
Although the case where the program itself is stored in 25 has been described as an example, data for generating the program may be stored. As long as the execution program files 5 having the same contents can be generated, the same effect can be obtained regardless of the storage method.

On the other hand, the destination computer 3 has a file storage unit 31 for storing the received execution program file 5 and an input unit 32 for receiving an input from the user.
An execution processing unit 33 that executes the execution program file 5 in the file storage unit 31 in accordance with an instruction from the input unit 32
Are provided. The file storage unit 31 may be a storage device provided in the computer 3, such as a hard disk, or a portable recording medium, as long as the file can be read by the execution processing unit 33.

The input section 32 is composed of, for example, an input device such as a mouse and a keyboard, and a user interface program such as a shell, and receives an execution instruction of the execution program file 5 from a user. Can be. Further, the execution processing unit 33
Is realized, for example, as a function of an operating system (OS). When an execution instruction is received from the input unit 32, for example, the execution program file 5 is expanded in an internal memory by a method specified by the OS. hand,
The program stored in the execution program file 5 is executed. When the execution program file 5 in the file storage unit 31 is executed, if the function blocks 52X and 53X described later can be formed, the input unit 32 of another configuration is used.
The same effect can be obtained by using the execution processing unit 33.

The operation of transmitting the contents of transmission from the transmission source computer 2 to the transmission destination computer 3 in the encrypted data transmission system 1 having the above configuration will be described below. That is, as shown in S1 of FIG. 2, when the transmission content is given to the encryption unit 21 of the transmission source computer 2, the encryption unit 21 encrypts the transmission content using a predetermined shared key ( S2). As the shared key, for example, a key previously stored in the computer 2 may be used, or a user of the computer 2 may input the key each time.

Further, the execution program generation unit 22
3, the encrypted data received from the encryption unit 21;
An execution program is generated based on the decryption program storage area 24 and the program read from the unauthorized input detection program storage area 25, and the file generation unit 23
In S4, the execution program is output as an execution program file 5.

As a result, as shown in FIG. 1, in the computer 2, an encryption data area 51 storing the encryption data, a decryption program area 52 storing the decryption program, and an unauthorized input detection program are stored. An execution program file 5 having an illegal input detection program area 53 is generated. In S5, the execution program file 5 includes, for example, transportation of a recording medium and communication.
The data is sent to the destination computer 3 using various methods.

On the other hand, in the destination computer 3, the received execution program file 5 is stored in the file storage unit 31.
(S6). Further, when the execution of the execution program file 5 is instructed by a user's instruction or the like (S7), the execution processing unit 33 causes the execution program in the execution program file 5 to be executed (S8). As a result, the encrypted data in the encrypted data area 51 is decrypted by the decryption program in the decryption program area 52, and the computer 3 can obtain the contents to be sent.

More specifically, in step S 8, the execution processing unit 33 adds the functional blocks shown in FIG. 3 to the computer 3 based on the execution program file 5. Thereby, the processing of S11 to S16 in FIG. 4 is performed. Note that the decryption unit 52X and the unauthorized input detection unit 53X are functional blocks realized by the computer 3 executing the decryption program in the decryption program area 52 and the unauthorized input detection program in the unauthorized input detection program area 53. Steps S11 to S14 shown in FIG. 4 correspond to the decryption program described in the claims, and S13, S15, and S16 correspond to the unauthorized input detection program.

That is, when the execution is instructed, the decryption unit 52X requests the input of the shared key by, for example, display (S11). In S12, when the user inputs the shared key through the input unit 32, in S13, the unauthorized input detection unit 53X determines whether the shared key is correct.

When the correct shared key is input, the decryption unit 52X uses the shared key to
1 is decrypted into the correct transmission contents (S1
4). On the other hand, when an unauthorized shared key is input, the unauthorized input detection unit 53X determines whether the number of unauthorized inputs exceeds a predetermined value (S15). Here, the execution program file 5 is stored in the file storage unit 31 as the number of inputs.
In the case of counting the total number of times since the execution of the execution program is completed, the unauthorized input detection unit 53X, for example, a partial area of the execution program file 5 saves the total number of times after the execution of the execution program ends. Is stored, and the determination is made with reference to the value of the area.

In S15, if the number of inputs exceeds a predetermined value, the unauthorized input detection unit 53X prevents the decoding unit 52X from operating normally even if the execution of the execution program file 5 is instructed thereafter. Then, the contents of the execution program file 5 are changed, and the process ends (S16). In addition,
According to the change method, the execution program file 5 itself may be deleted from the file storage unit 31, or an area of the execution program file 5 in which data indispensable for forming the correct decoding unit 52X is rewritten. Is also good. On the other hand, if the number does not exceed the predetermined number in S15, the process ends without performing the process in S16.

According to the above configuration, since the execution program file 5 sent on the sending path 4 is encrypted,
It is difficult for a third party who does not know the shared key to observe, destroy, or falsify the transmitted contents. Furthermore, since the execution program file 5 is often an execution program file whose contents are lower in importance than the encrypted data, it is difficult to attract the attention of a third party and is less likely to be attacked. As a result, the sending computer 2 can safely send the sending contents.

The execution program file 5 is:
It has the same format as the execution program file for other uses, and is transmitted without using a port for transmitting encrypted data. As a result, even if the transmission path 4 uses the Internet where encrypted data can be easily identified, the transmission contents can be transmitted inconspicuously.

Further, since the execution program is stored in the execution program file 5, programs other than the decryption program can be included. As an example, the security at the time of decryption can be improved by adding a program for directly improving the security at the time of transmitting encrypted data, such as an authentication program described later.

Further, a dummy program can be added in place of or in addition to the authentication program. The dummy program is, for example,
A program that does not cause suspicion even if the file size is relatively large, such as an image display program and a sound output program, is preferable. The program is executed when a shared key or the like is not correctly specified when the execution program file is executed. In this case, at first glance, the execution program file 5 performs the same operation as the program file for other uses, so that it is easy for a third party to mistakenly recognize that the encrypted data is not included. As a result, the execution program file 5 is easily removed from the attack target of the third party, and the security when sending the encrypted data can be further improved. In this case, in order to easily confuse the decryption program and the authentication program with each other, it is preferable that the decryption program and the authentication program do not require the user to input, for example, by inputting an argument when instructing execution. Good.

The execution program file 5 sent by the sending computer 2 stores an execution program including encrypted data and a decryption program for decrypting the encrypted data. Therefore, even if a decryption program or a device corresponding to the encrypted data is not prepared in advance, the destination computer 3 can decrypt the encrypted data only by executing the transmitted execution program file 5. As a result, unlike the related art, the transmission range of the encrypted data is not limited by the type of the encryption algorithm at the time of encryption, and it is possible to reduce the trouble when the transmission range is expanded.

Further, even if the type of the encryption algorithm is changed, it is not necessary to prepare a new decryption program or device in the destination computer 3, so that the type of the encryption algorithm can be changed frequently. Furthermore, the destination only instructs execution of the execution program file 5 irrespective of the type of encryption algorithm used for encryption. Therefore, there is no need for the destination user or the computer 3 to know the type of the encryption algorithm. As a result, the type of the encryption algorithm is easily concealed, and the security at the time of transmission can be further improved.

In addition, the destination computer 3 can decrypt the encrypted data only by instructing the execution of the execution program file 5 and inputting the correct shared key. Therefore, the operation of the computer 3 can be simplified as compared with the related art in which the transmitted encrypted data, the decryption program corresponding to the encrypted data, and the decryption key need to be specified. Further, since the encrypted data and the decryption program are stored in the same execution program file 5, the file management in the two computers 2 and 3 and the transmission path 4 becomes easier than when each is transmitted as a separate file. .

In the above description, S11 and S1
As shown in FIG. 2, the case where the user inputs a shared key during execution of the execution program file 5 has been described as an example, but the present invention is not limited to this. S11 and S12 above
Instead of, for example, if the shared key is read from a file prepared in advance, the trouble of inputting the shared key can be reduced. When instructing execution of the execution program file 5, for example, a shared key may be input as an argument in addition to the file name of the execution program file 5. In any case, if the shared key is input before the decryption unit 52X decrypts the encrypted data, the same effect as that of the present embodiment can be obtained.

In the above S7, the case where the execution of the execution program file 5 is instructed by the user has been described as an example. For example, it is detected that the execution program file 5 is stored in the file storage unit 31. For example, the execution processing unit 33 may actively execute the execution program.

By the way, the execution program file 5 of this embodiment includes a program for forming the unauthorized input detection unit 53X in addition to the decryption program.
Therefore, when an incorrect input is detected, the execution program file 5 can be changed so that it cannot be executed normally thereafter. As a result, even if a third party repeatedly inputs the shared key, the contents of transmission cannot be decrypted, and the security can be further improved.

Here, if the number of times until the above-mentioned S16 is executed is too small, if a legitimate user makes an input error,
The decryption program cannot be executed. On the other hand, if it is too large, a third party may accidentally input a correct shared key and leak the contents to be sent. Therefore, the number of times is set to a value that balances them, for example, about several times.

It is also possible to request the input of the shared key again by performing the processing of S11 without terminating after the processing of S15 and S16. In this case, the above S15
The number of inputs may be re-counted every time the execution program file 5 is executed. Of course, when recounting, there is no need to save the total number of times.

[Second Embodiment] In this embodiment, a case where the execution program further includes an authentication program will be described.

That is, as shown in FIG. 5, in the encrypted data sending system 1a according to the present embodiment, an authentication program storage area 26a is added to the sending computer 2a, and the execution program generation unit 22a sets The execution program file 5a can be generated with reference to the contents of the program storage area 26a. Thus, the execution program file 5a having the authentication program area 54a in addition to the areas 51 to 53 shown in FIG. 1 is generated. The remaining configuration of the sending computer 2a,
In addition, since the configuration of the destination computer 3 is the same as the configuration shown in FIG. 1, members having the same functions are denoted by the same reference numerals, and description thereof will be omitted.

In the encrypted data transmission system 1a having the above configuration, each step shown in FIG. 2 is performed similarly to the encrypted data transmission system 1 shown in FIG.
Executes the execution program file 5a.

However, since the authentication program area 54a is added to the execution program file 5a,
When execution of the execution program file 5a is instructed,
In S8 described above, the functional blocks shown in FIG. 6 are formed in the destination computer 3. Specifically, in addition to the functional blocks shown in FIG.
The authentication unit 54X is formed between the authentication unit 54X and the authentication unit 54X. The authentication unit 54X is a functional block realized by the computer 3 of the destination executing the program stored in the authentication program area 54a.

As a result, as shown in FIG. 7, before the steps S11 to S16 shown in FIG. 4, the processes of S21 to S23 are performed, and the execution program file 5a is executed.
Is authenticated. Note that these steps S21
Steps S23 to S23 correspond to the authentication program described in the claims. In the present embodiment, the above-described S1
3. In addition to S15 and S16, S23 corresponds to the unauthorized input detection program.

Specifically, when the execution is instructed, the authentication unit 54X requests the executor to input a password (S2).
1). In S22, when the executor inputs the password in the same manner as the input of the shared key, in S23, the authentication unit 54X determines whether or not the password is correct.
Authenticate the performer.

The algorithm at the time of authentication by the authentication unit 54X is, for example, an algorithm using a fixed password, an algorithm using a one-time password of a challenge-response method or a synchronous method, or the like.
Various algorithms are available. However, the authentication unit 54
The authentication program for forming X is determined in advance by the sending computer 2a.

If the authentication is successful, the above-described steps S11 to S16 are performed, and the decryption unit 52X decrypts the encrypted data when a correct shared key is input. On the other hand, if the authentication has failed, the above-described processing after S15 is performed. As a result, if the authentication fails a predetermined number of times, the execution program file 5a is rewritten, and thereafter, the encrypted data cannot be decrypted regardless of the authentication result and the shared key. In the present embodiment, in S15, the total of the number of times of authentication failure and the number of times of failed input of the shared key is counted, but may be counted separately.

According to the above configuration, the authentication unit 54X authenticates the executor before the decryption unit 52X decrypts the encrypted data. As a result, the executor of the execution program file 5a can be specified, and the security when sending the encrypted data can be further improved.

The password can be changed for each authentication, unlike the shared key. Further, even if the authentication algorithm is complicated, it does not affect the decryption speed of the encrypted data. As a result, for example, the security can be efficiently improved as compared with the case where the security is improved only by the encryption algorithm, such as increasing the length of the shared key.

[Third Embodiment] By the way, in the first and second embodiments, the case where only one type of encryption algorithm is used for encryption has been described as an example, but the present invention is not limited to this. In the present embodiment, a case will be described in which encryption can be performed using a plurality of encryption algorithms, and the sender computer itself selects an encryption algorithm.

That is, as shown in FIG. 8, in the present embodiment, in the sending computer 2b, in addition to the configuration shown in FIG. 1, a selecting section 27b for selecting a plurality of encryption algorithms is provided. Along with this, instead of the encryption unit 21, an encryption unit 21b capable of encrypting the contents of transmission using a designated encryption algorithm among a plurality of encryption algorithms is provided, and the decryption program storage area 24b is provided. , A decryption program corresponding to each encryption algorithm is stored. The remaining members are the same as those shown in FIG. 1, and therefore, members having the same functions are denoted by the same reference numerals, and description thereof will be omitted.

In the encrypted data transmission system 1b according to the present embodiment, the length of the shared key is set to be equal to or longer than the maximum length of the shared key used in each encryption algorithm.
The encryption unit 21b and the decryption unit 52X generate a shared key for each encryption algorithm using a predetermined operation such as bit selection. As a result, the user of the sending computer 2b and the sending computer 3 can use the same shared key for encryption / decryption regardless of the encryption algorithm.
Decryption can be specified. If the length of the shared key becomes longer,
Normally, the length is set to the maximum length because input becomes complicated.

In the above configuration, the encrypted data sending system 1b performs the same operation as each step shown in FIG.
However, as shown in FIG. 9, when the transmission content is input in S1, in a newly provided step S31, the selecting unit 27b selects a cryptographic algorithm to be used this time from a plurality of predetermined cryptographic algorithms. Choose an algorithm. On the other hand, in S2, the encryption unit 21b encrypts the transmission content using the selected encryption algorithm. Also, S
At 3, when the execution program generation unit 22 generates the execution program, a decryption program corresponding to the encryption algorithm is read from the decryption program storage area 24b, for example, based on an instruction from the selection unit 27b. Thereby, the sending computer 2b can change the encryption algorithm at the time of creating the execution program file 5 every time, regardless of the intention of the user.

According to the above configuration, since the sending computer 2b selects the encryption algorithm, even the user of the sending computer 2 cannot specify the type of the encryption algorithm. Also, unlike the case where the user selects, the frequency of use of each encryption algorithm is not affected by the user's preference. As a result, the type of the encryption algorithm can be more securely concealed, so that the security when transmitting the encrypted data can be further improved.

[Fourth Embodiment] In the first to third embodiments, the case where the execution program file itself is transmitted has been described. However, the present invention is not limited to this. If the execution program is stored in the file to be sent, the same effects as in the above embodiments can be obtained.
In the following, a case where a file in another format is sent will be described, taking as an example a case where a compressed file obtained by compressing an execution program file is sent.

That is, as shown in FIG. 10, in the encrypted data sending system 1c according to the present embodiment, the file generation unit 2 shown in FIG.
3 is provided with a compressed file generation unit 23c. When the execution program generation unit 22 generates the execution program, the compressed file generation unit 23c stores the execution program in the execution program file 5 and further compresses the execution program file 5, for example. Generate the file 6c. In the present embodiment, the compressed file 6c corresponds to the sending file described in the claims.

The compressed file 6c is usually specified with a file name extension, MIME type, etc., in order to identify the algorithm used at the time of compression. However,
The execution program file 5 stored in the compressed file 6c is indistinguishable from other execution program files as in the first embodiment. Therefore, it is difficult for a third party to distinguish the compressed file 6c from a compressed file obtained by compressing another execution program file, and the same effect as when the execution program file 5 itself is sent can be obtained.

On the other hand, the destination computer 3 is provided with an execution processing unit 33c capable of instructing execution to the execution program file 5 in the compressed file 6c instead of the execution processing unit 33. The compressed file 6c is stored in the file storage unit 3
1 and the execution instruction of the execution program file 5 is transmitted via the input unit 32, the execution processing unit 33c
Forms the functional blocks shown in FIG. 3 by, for example, decompressing the compressed file 6c and further expanding it in the internal memory. Thereby, similarly to the first embodiment,
An authorized user can obtain the contents of the transmission.

In the above description, the case where the execution processing unit 33c instructs the execution program file 5 in the compressed file 6c to execute directly is described, but the present invention is not limited to this. For example, a decompression unit that decompresses the compressed file 6c may be provided in the destination computer 3. The decompression unit decompresses the compressed file 6c and generates the execution program file 5 in response to a user's instruction or in conjunction with the reception of the compressed file 6c. The execution program file 5 is stored in the file storage unit 31.
In this case, execution of the execution program file 5 can be instructed by the execution processing unit 33 shown in FIG. In this case, the unauthorized input detection unit 53X may rewrite the execution program file 5 instead of rewriting the sent compressed file 6c itself. The same effect can be obtained by rewriting the file storing the execution program.

Further, the case where the execution program file 5 is converted into the compressed file 6c has been described as an example, but the present invention is not limited to this. The sending computer may generate files in various formats according to the characteristics of the communication path and the recording medium. If the file to be sent contains an execution program containing the encrypted data and the decryption program,
Similar effects can be obtained.

In the first to fourth embodiments, the execution program file (5.5a) is stored in each area (5
1, 52, 53, and 54a), the arrangement of each area is not limited to this. Each region may be cut into a plurality of portions and mixed and arranged. If execution is instructed, as long as the decryption program can decrypt encrypted data and the authentication program can authenticate the executor, regardless of the location of each area,
Similar effects can be obtained. However, in terms of the execution speed of the decryption program and the authentication program, the encrypted data area (5
1) is preferably one.

Further, in each of the above embodiments, the case where the secret key cryptosystem is adopted as the cryptographic algorithm has been described as an example. However, for example, RSA (Rivest Shamir Adlema
n) A public key cryptosystem such as a cryptosystem may be used.
However, in order to keep your decryption key confidential,
Using a program or device prepared in advance according to the encryption algorithm, create a public encryption key from the decryption key,
You need to notify the sender. On the other hand, if the sender notifies the destination of the decryption key in advance, the program and the device need not be prepared at the destination, but the destination cannot conceal its decryption key. Therefore, it is desirable to employ the secret key cryptosystem in view of the speed and scale of the decryption program.

Further, in each of the first, second and fourth embodiments, the sending computer (2.2a.2c)
Has been described as an example in which the transmission contents are encrypted, but the present invention is not limited to this. Execution program generator (22
If the encrypted data is given to 22a), the encryption unit (21)
The same effect can be obtained even without. In this case, the execution program generation unit identifies the encryption algorithm used when creating the encrypted data, for example, by the content itself of the encrypted data, the extension of the file indicating the encrypted data, or the instruction of the user, Attach a suitable decryption program.

In the first to fourth embodiments, the case where the file storage unit (31) is provided in the destination computer (3) has been described. And a part or the whole of the file storage unit is the computer (2.2a / 2b / 2c) of the sender.
May be provided. The input unit (32) of the destination computer can instruct execution of the execution program file (5.5a), and the execution processing unit (33 / 33c) instructs the computer 3 to execute each function block (52X / 53X / 54X).
Can be obtained, the same effects as in the above embodiments can be obtained.

Further, in each of the above embodiments, the case where the execution program file is a binary file has been described as an example.
For example, it may be a file in which the processing contents of a program such as a decryption program and encrypted data are expressed in a text format. Regardless of the format of the execution program file, if the above-described functional blocks can be formed when the program is executed on the destination computer, the same effect can be obtained. The function blocks need not always be formed, but may be formed as needed. For example, if the unauthorized input detection unit (53X) detects an unauthorized input, the decryption unit (5X)
2X) may not be formed.

[0090]

According to the first aspect of the present invention, there is provided a file generating apparatus for transmitting encrypted data, as described above, including a file generating section for generating a file for transmission in which an execution program is stored. The configuration includes encrypted data and a decryption program for decrypting the encrypted data when a correct decryption key is input.

According to the above configuration, since the execution file including the decryption program is stored in the transmission file, the transmission destination can transmit the encrypted data without preparing the decryption program or the decryption device in advance. As a result, the sending file generation device that is the sending source is not limited to the sending destination,
This has the effect that encrypted data can be sent.

Further, since the encrypted data is transmitted as a file storing the execution program on a transmission path such as a communication path or a recording medium, it is hard to be attacked by a third party. Further, since the destination only instructs execution of the execution program stored in the transmission file regardless of the type of the encryption algorithm, the type of the encryption algorithm can be kept secret. As a result, as compared with the case where the encrypted data itself is sent, the effect that the security can be improved is also exhibited.

The file generating apparatus for sending encrypted data according to the second aspect of the present invention has the configuration according to the first aspect of the present invention, wherein the execution program includes an authentication program.

Therefore, the encrypted data is correctly decrypted only when the specific executor instructs the execution of the execution program. As a result, there is an effect that the executor can be specified and the security when sending the encrypted data can be further improved.

According to a third aspect of the present invention, there is provided a file generating apparatus for transmitting encrypted data, as described above.
In the configuration of the described invention, the execution program includes:
When an illegal input is detected a predetermined number of times, a file in which the execution program is stored is rewritten to include an illegal input detection program for preventing execution of the decryption program.

According to the above configuration, when an incorrect input is repeated a predetermined number of times, the file storing the execution program is rewritten. Therefore, even if correct input is performed after rewriting, the encrypted data cannot be decrypted. As a result, it is impossible for a third party to estimate a correct input by trial and error, and there is an effect that security can be further improved.

According to a fourth aspect of the present invention, there is provided a file generating apparatus for transmitting encrypted data according to the configuration of the first, second or third aspect of the invention, further comprising a plurality of predetermined encryption algorithms. The configuration includes a selection unit that selects an encryption algorithm to be used for encryption from among them, and an encryption unit that encrypts transmission contents using the selected encryption algorithm.

Therefore, as compared with the case where the user of the sending file generation device specifies the encryption algorithm, the type of the encryption algorithm used for creating the encrypted data can be kept secret and the security can be further improved. Play.

The recording medium on which the program according to the fifth aspect of the present invention is recorded stores the program for realizing a file generation unit for generating a file for sending encrypted data as described above. The transmission file stores an execution program including encrypted data and a decryption program.

Therefore, by executing the program recorded on the recording medium having the above-described configuration and transmitting the generated transmission file, the present invention is not limited to the transmission destination as in the first aspect, and is safe. This has the effect that encrypted data can be sent.

According to the sixth aspect of the present invention, as described above, the recording medium storing the file for transmitting the encrypted data has the execution program stored in the file for transmission. This configuration includes encrypted data and a decryption program that decrypts the encrypted data when a correct decryption key is input.

Therefore, by sending the information via the recording medium, the destination is not limited to the destination as in the first aspect.
In addition, there is an effect that encrypted data can be sent safely.

[Brief description of the drawings]

FIG. 1 illustrates one embodiment of the present invention, and is a block diagram illustrating a main configuration of an encrypted data transmission system.

FIG. 2 is a flowchart showing an operation of the encrypted data sending system.

FIG. 3 is a block diagram showing functional blocks formed when an execution program file is executed in a destination of the encrypted data transmission system.

FIG. 4 is a flowchart showing an operation of the functional block.

FIG. 5, showing another embodiment of the present invention, is a block diagram illustrating a main configuration of an encrypted data transmission system.

FIG. 6 is a block diagram showing functional blocks formed when an execution program file is executed at a destination of the encrypted data transmission system.

FIG. 7 is a flowchart showing the operation of the functional block.

FIG. 8 shows still another embodiment of the present invention, and is a block diagram illustrating a main configuration of an encrypted data transmission system.

FIG. 9 is a flowchart showing an operation of the encrypted data sending system.

FIG. 10 shows still another embodiment of the present invention, and is a block diagram illustrating a main configuration of an encrypted data transmission system.

[Explanation of symbols]

2.2a, 2b, 2c Transmission source computer (transmission file generation device) 3 Destination computer (transmission destination) 4 Transmission path (recording medium) 5.5a Execution program file (transmission file) 6c Compressed file (transmission File) 21b encryption unit 22 / 22a execution program generation unit (file generation unit) 23 file generation unit 23c compressed file generation unit (file generation unit) 31 file storage unit (recording medium)

Claims (6)

[Claims] 1. A file generation unit for generating a transmission file storing an execution program executable at a destination, wherein the execution program is provided when encrypted data and a correct decryption key are input. And a decryption program for decrypting the encrypted data. 2. The execution program further includes an authentication program. The authentication program authenticates an executor of the execution program based on an input at the time of execution. 2. A file generating apparatus for sending encrypted data according to claim 1, wherein execution of said decryption program is prevented. 3. The execution program further includes an unauthorized input detection program. When the unauthorized input detection program detects an unauthorized input a predetermined number of times, a file containing the execution program is stored. 3. The file generating apparatus for sending encrypted data according to claim 1, wherein the decryption program is prevented from being executed. 4. A selection unit for selecting an encryption algorithm to be used for encryption from among a plurality of predetermined encryption algorithms, and an encryption unit for encrypting transmission contents using the selected encryption algorithm. 4. The cipher data transmission device according to claim 1, wherein the file generation unit selects a decryption program according to the selected encryption algorithm to generate the transmission file. File generator. 5. A program for realizing a file generation unit for generating a file for sending encrypted data, wherein the file for sending stores an execution program executable at a destination, A recording medium on which a program is recorded, wherein the execution program includes the encrypted data and a decryption program for decrypting the encrypted data when a correct decryption key is input. 6. A recording medium storing a file for sending encrypted encrypted data, wherein the file for sending stores an execution program, wherein the execution program includes the encrypted data, A decryption program for decrypting the encrypted data when a correct decryption key is input, and instructing the decryption program to decrypt the encrypted data based on the input decryption key when execution is instructed at the read destination. A recording medium storing a file for sending encrypted data.