KR100380335B1 - Secure data management and synchronization method on internet using cryptography and digital signature - Google Patents

Abstract

The present invention relates to a method for sharing information by storing and managing data in a server on the Internet while maintaining security, and synchronizing data of various data communication equipments of an individual or a group member.

The synchronization server, which stores and manages data to be synchronized, stores data uploaded by each user through communication equipment (encrypted message text and encrypted message digest for the text). Send to the communication equipment. The communication equipment checks the integrity of the data using the message digest, encrypts the new message text and the message digest and transmits it to the server when there is new information to be updated.

This allows multiple data such as personal information to be collectively stored and managed even in a secured state where the data is not disclosed to the server (administrator) who stores the data, and to synchronize the data of various communication devices possessed by the user. .

Description

Secure data management and synchronization method on internet using cryptography and digital signature}

The present invention provides a method for data security on the Internet, a method for managing and synchronizing data using the same, and more particularly, to properly encrypt data exchanged between a server and a client so that unauthorized persons cannot access data stored in the server. A data security method and a method for collectively managing, synchronizing and sharing data used in various data communication devices of individual or user groups using the same by individual or user groups in a web server of the Internet.

In recent years, with the rapid spread of personal computers (PCs), devices capable of wireless data communication such as PDAs, handheld PCs (H / PCs), PCS, etc. are also rapidly spreading. Such wireless data communication devices generally have personal information scheduling functions such as an address book, a phone book, a schedule manager, and a calendar in addition to a function of transmitting and receiving digital data such as e-mail with other data communication devices.

Due to the widespread use of PCs and data communication devices, it is common for an individual to have a variety of equipment. However, since there is no information exchange between several communication devices, when the data of one device is updated, the same kind of information of the other device is not updated, thereby causing inconsistency in the information between devices owned by one individual. This discrepancy of information not only causes inconvenience to users, but also fundamentally impedes the expansion of data communication devices. Therefore, the unification of information between various data communication devices (PC, PDA, PCS, H / PC, etc.) owned by one person, that is, the synchronization of data, is essential and various technologies have been proposed for this purpose. .

For this data synchronization, in the case of a wireless data communication device commercially available up to now, in order to synchronize with the data stored in the PC, a data conversion application program is installed on at least one of the two devices. A wireless data communication device is connected to a port (Cradle connection), and the above-described application program is executed to synchronize data by updating.

Recently, a data synchronization technology using an internet server has been developed, and Korean Patent Application No. 2000-0039327 proposes a method for integrating information management and sharing of data communication equipment using the Internet. According to this method, each member sets information on the device to be synchronized with the data (target) information to be synchronized, and uploads new data using the equipment owned by the member. Data synchronization is achieved by transmitting and storing updated data to all registered (or selected) equipment.

This data synchronization method cannot solve the data security problem. That is, since the personal information of the member (user) managed by the server is disclosed to the server administrator and the related person as it is, confidentiality is not guaranteed. Since the leakage of personal information will be an obstacle to the expansion of such synchronization service, it is necessary to make the data stored in the server and transmitted / synchronized to each communication device not accessible to the server administrator other than the corresponding user (member or group). .

On the other hand, various encryption methods are being developed for security on the Internet, and the functions required by the encryption method are confidentiality and authentication to verify the identity of the sender. And Integrity to ensure that information has not been compromised in the middle of delivery, and Non-repudiation to prevent information providers from denying information provision. It must be equipped.

In addition to a method using a confidential algorithm as a conventional encryption method having such a function, an encryption method using a "key" has been widely used in recent years. The key-based encryption method is a symmetric algorithm using a single secret key and a public-key algorithm and asymmetric algorithm using a public-private key combination. Are roughly divided into In addition, although it is not an encryption algorithm, there is a message digest method that is used when information is changed (integrity) or the sender is verified (authenticated).

A symmetric algorithm is an algorithm that can calculate a decryption key from an encryption key, or vice versa, and performs both encryption and decryption with one key, commonly referred to as a secret key. The sender of the information encrypts the information (message) with the secret key, converts it into cipher text, and sends it to another person. This method has the advantage that it is quick to encrypt and decrypt, and has wide application since various encryption techniques have been developed. However, if there are multiple users, it is not easy to generate and manage the secret key and secure delivery of the secret key should be guaranteed. There are disadvantages. Such symmetric key encryption algorithms include DES, IDEA, RC2, RC5, and SEED.

The public key algorithm is different from the encryption key and the decryption key and cannot calculate one from the other. The public key algorithm uses a combination of an encryption key called a public key and a decryption key called a private key. The public key is open to anyone. The person who wants to send the information encrypts the message with the public key of the person who receives the information, and the person who receives the message decrypts it with his private key. Since the ciphertext can only be decrypted with the private key corresponding to the public key used for encryption, the problem of key exchange occurring in the symmetric algorithm is solved. However, this public key method has a disadvantage in that encryption and decryption speed is slow and it is inconvenient to encrypt and decrypt a large amount of information. Public key infrastructure (PKI) encryption algorithms include RSA, LUC, Diffie-Hellman, and Elliptic Curve.

On the other hand, although not an encryption method, a message digest (MD) is a method of ensuring the integrity of information. This message digest uses a one-way hash function to convert the given information (message) into a very large numeric value (hash value) of a certain length. When this information is sent along with the ciphertext when the information is sent, the recipient of the information decrypts it to produce plain text, finds its hash value, and checks to see if it matches the received hash value. If the values are the same, it can be confirmed that the information has not changed during the transmission of the information. Of course, this hash value must be transmitted encrypted by an encryption algorithm. Such message digest algorithms include Snefru, CRC-32, CRC-16, MD2, MD4, MD5, SHA and Haval.

Recently, the most commonly used form of electronic commerce is a mixture of public key-based and symmetric key-based methods. The message itself is encrypted using a secret key encryption method using an arbitrary secret key, and the secret key itself is the recipient's public key. After encrypting with public key encryption method using, and sending two cipher texts. The recipient decrypts the private key with his private key and decrypts the message using the decrypted private key. It is also common to send a message digest encrypted with the sender's private key (called "Digital Signature") for authentication, integrity and nonrepudiation. The recipient of the information can achieve the sender's authentication, integrity and nonrepudiation of the sender by decrypting the message digest with the sender's public key and comparing it with the decrypted message digest.

The present invention is to make the data to be synchronized except for the individual (or group) by using the above-described encryption method in the data synchronization of data communication equipment using the Internet. That is, to provide a secure data synchronization method on the Internet.

SUMMARY OF THE INVENTION An object of the present invention is to provide a method for securing data stored by using symmetric or / and public key based encryption and message digest (or digital signature) in a method of storing and managing data in a server on the Internet. To provide.

Another object of the present invention is to provide a method for maintaining security of data to be synchronized by introducing the aforementioned encryption and digital signature into a data synchronization method of data communication equipment using the Internet.

Another object of the present invention is that individuals can maintain the accessibility, confidentiality, integrity of personal information (files, contacts, e-mails, passwords, electronic authentication, account information, etc.) stored in the server, the server is the authentication and non-repudiation of the customer To achieve the above, to provide a method for synchronizing data located in a plurality of data communication equipment.

1 schematically shows the overall configuration of a system for performing a method for managing and synchronizing secure data according to the present invention.

FIG. 2 is a block diagram illustrating the configuration of the synchronization server of FIG. 1 for each functional module.

3 is a flow chart of a first method of synchronizing at the client side (communication equipment user side) of the secure data management and synchronization method on the Internet according to the present invention.

4 is a flowchart illustrating a second method of synchronizing at the server side of the secure data management and synchronization method on the Internet according to the present invention.

5 is a flowchart illustrating a third method of the secure data management and synchronization method according to the present invention.

6 is a table showing a format of data used in the security data management and synchronization method according to the present invention.

7 shows how data (mesh support text and message digest) is converted at each step of the secure data management and synchronization method of the present invention.

Security data management and synchronization method for achieving the above object of the present invention is to connect the database for storing the synchronization data, the synchronization server for managing the database, one or more synchronization data communication equipment, the DB, server and communication equipment The synchronization data stored in the database described above is executed using a system consisting of a computer network connection channel, and a hash function is used for a message text field encrypted with a key and an encrypted message text or an unencrypted message text. It is a message digest extracted by the message and consists of an encrypted message digest field encrypted with a key.

Security data management and synchronization method according to the present invention comprises the following steps. A user of a communication device (a person who wants to synchronize data) makes a data synchronization request to a server using one of the communication devices, the server searches the database and transmits the requested data to the communication device; The device decrypts some or all of the transmitted encrypted data and verifies that the data has not been tampered with, and only if the integrity is verified, the message is the message text field part of the received data. The data synchronization step is performed.

In addition, if there is newly updated data, after the data synchronization step, the communication device encrypts the new message text with a key, extracts a message digest for the encrypted new message text, encrypts it with a key, and then encrypts the new message text. And a data update step of transmitting the encrypted message digest thereof to the server for updating and storing.

The above-mentioned key is a secret key used in the symmetric key encryption method, and the integrity checking step decrypts the message digest part of the data transmitted from the server, extracts the message digest for the message text, and then matches the two. This is done by acknowledging the integrity of the case.

In the above-described first method, the synchronization step is performed at the client side, i.e., the individual communication equipment of the user, and the second method, in which the synchronization process is performed at the server, may be performed as follows.

After the integrity checking step in the first method, the communication device encrypts the latest message original text stored by the key with the key and transmits it to the server. The server synchronizes the data by appropriate synchronization logic based on the transmitted encrypted message text and the corresponding encrypted message text already stored. The synchronized encrypted message text is transmitted back to the communication device and stored, thereby completing the synchronization. Thereafter, the communication device having the encryption key extracts the message digest for the synchronized encrypted message text, transmits the encrypted message to the server by encrypting it with the key, and the server updates the information in the database with the encrypted message digest.

The key used for encryption and decryption of the second method may be a symmetric key-based secret key, but in the case where a group of users sharing data to be synchronized is a group consisting of a public key and a public key based on a public key ( private key). When the public key is used, the private key is used for encrypting the message text and the message digest, and the public key of all users included in the group is used for decryption for integrity checking and message text restoration.

In addition, according to the third method of the present invention, an external information providing server such as a financial institution, a certification authority (CA), etc. transmits a specific message text encrypted with the user's public key to the synchronization server according to a user's request. Update the database based on this. If the user later connects to the synchronization server and requests the synchronization of the specific message text described above, the server transmits the latest message text stored, and the user decrypts and stores it with his private key. It is a way to synchronize the data inside.

Hereinafter, embodiments of the above-described first method, second method, and third method will be described in detail with reference to the accompanying drawings.

1 schematically shows the overall configuration of a system for performing a method for managing and synchronizing secure data according to the present invention. It consists of a synchronization server 14, one or more data communication equipment (11, 12, 13) and the Internet 16 as a computer connection channel connecting them, the synchronization server 14, the user who wants to receive the service according to the present invention A database 15 for storing information, information on data communication equipment, information on a target to be synchronized, data encrypted by the present invention (encrypted message source and message digest), and the like is linked.

In the system for performing the above-described third method, the financial institution server 17, the certification authority server 18, or the like as an external information providing server connected to the Internet 16 should be added. Data is data provided from an external information providing server and is a message text encrypted with a user's public key.

Data communication equipment capable of performing data synchronization according to the present invention includes a personal communication system (PCS), a cellular phone, a personal digital assistant (PDA), a handheld PC, a modem, or a LAN card. It includes notebook computers and general PCs with the same network connection equipment, and is not limited to the above-mentioned equipments. It is connected to a synchronization server through a computer connection channel such as the Internet and can exchange data with the server and other devices. It should be understood as a broad concept that encompasses the whole piece of equipment.

The computer connection channel 16 connects a server with a client device (data communication device). The computer connection channel 16 may be a closed network such as a local area network (LAN) or a wide area network (WAN). The Internet is preferable in terms of phosphorus. The Internet has many services in the TCP / IP protocol and its upper layers: HyperText Transfer Protocol (HTTP), Telnet, File Transfer Protocol (FTP), Domain Name System (DNS), Simple Mail Transfer Protocol (SMTP), and SNMP ( The global open computer network architecture that provides the Simple Network Management Protocol (NFS), Network File Service (NFS), and Network Information Service (NIS).

FIG. 2 is a block diagram illustrating the configuration of the synchronization server 14 of FIG. 1 for each functional module. The synchronization server includes a control module 21, a data management module 22, and synchronization logic so that the synchronization processor 24, data transmission / reception module 26, and adapter means 25 perform data synchronization. It consists of, and is linked with the database 23 implemented in the server or external.

The data management module 22 is for storing, deleting, and updating data in a database according to the control of the control module, and the synchronization processor 24 is based on update data transmitted from data communication equipment and conventional data. Synchronize data according to a defined routine. The synchronization method followed by such a synchronization processor is implemented with synchronization logic, and includes various conflict resolution routines, so that the data is synchronized when the updated data and the conventional data collide with each other. Of course, this synchronization processor 24 is only needed in the case of the second method of synchronization occurring on the server side, and in the first method it must be implemented in the client side equipment (communication equipment).

The adapter means functions to adjust the data format (form) and / or the transmission protocol for the equipment to receive the synchronization data in order to finally transmit the synchronized data to each communication device. For example, as described in connection with FIG. 6, if the synchronized data is "contact" information and the device to which the data is to be transmitted is a PCS, the software for managing the "contact" information in the PCS (eg, PCS PIMS) It converts the data format into a form and encapsulates the data with a protocol (eg, WAP) that the PCS can receive and recognize the data.

The transmission protocol used for uploading or downloading synchronization data (encrypted message text and / or message digest) according to the present invention is a general TCP / IP (Transfer Control Protocol / Internet Protocol) when the data communication device is a PC or a notebook. Alternatively, User Datagram Protocol (UDP) may be used, and if the target device is a mobile phone or a PDA, WAP (Wireless Application Protocol), which has recently become almost standard, may be used, but is not limited thereto.

Such a synchronization server can be implemented using a web server program that is provided in various ways according to operating systems such as DOS, WINDOWS ^TM , Linux ^TM , UNIX and Macintosh. Typical examples include the website used in the Windows environment, CERN, NCSA, and APACHE used in the TTPS and Unix environments. However, such a server includes a series of application programs that run on the server, in addition to the web server program in a conventional sense, and each data communication device and database using a computer network such as the Internet. And it should be understood as a broad concept including a predetermined system for connecting and mediating between each module. Each means or module included in the synchronization server is generally implemented in software such as an independent application program or a program module (or procedure) included in one program, but may be implemented in hardware. have.

The database 15, 23 stores user information such as personal information of members, data communication equipment information selected and registered by the user, and file information for synchronization, and the like. And message digest) are stored and managed for each member. Such a database may be implemented by being divided into a member information DB, a synchronization data DB, etc. according to the purpose, and the term "database" in the present invention may be implemented as a single module or integrated implementation including information necessary for implementing the present invention. The concept includes all databases.

Possible fields of user information can be personal information such as member's ID, public key, password, phone number, e-mail, job, hobby, etc. It can have fields such as a list of applications being used. Possible fields of the synchronization target information may be file / directory type, file / directory location, file / directory size, etc. for each device.

The above-described databases 15 and 23 refer to data structures implemented in a storage means of a computer system, and are relational database management systems (RDBMS) such as Oracle, Informix, Sybase, and DB2. In addition, the object-oriented database management system (OODBMS) such as Gemstone, Orion, O2, etc. may be implemented for the purposes of the present invention, and has suitable fields as described above.

In addition, although not shown, the data communication device performing the first and second methods includes information on a secret key (or public key-private key combination), extracts a message digest using a hash function, A processor must be included to encrypt the extracted message digest and message text. In addition, in the case of the first method of synchronizing occurring on the client side, a collision solving routine for synchronizing data should be included. Such a processor may be implemented in hardware or software, and various software installed in a PC, PDA, mobile phone, etc. may be implemented in software written in a suitable programming language such as Visual C ++, Visual Basic, Java, but the above programming language It is not limited to. The data communication device for performing the third method includes a user's certificate, a public key and a private key, and has a function of decrypting a message text transmitted from a synchronization server using a private key.

Hereinafter, the details of data transmission and synchronization to the data communication equipment shall use the technology described in Korean Patent Application No. 2000-0039327.

3 is a flowchart illustrating a first method in which synchronization occurs on the client side (communication equipment user side) of the secure data management and synchronization method on the Internet according to the present invention.

For the sake of unification and shortening of the terminology below, the message text is MS, the message digest is MD, the combined form is called DATA, and if the target is encrypted, the subscript e (encrypted) is subscript d ( decrypted). A session such as SSL (Secure Socket Layer) is connected between the client and the server (S311), and the user obtains access to the server by providing his own certificate to the server and authenticating the server (S312). ). When the user requests synchronization of specific data to the server (S313), the server transmits the corresponding data stored in the database to the communication device (client), and the data transmitted at this time is encrypted with a secret key. The message text MSe and the encrypted message digest MDe therefor (S314).

The communication device decrypts the received message digest (MDe) to generate a received message digest (called MDdr), and hashes the received encrypted message text (MSe) or decrypted message text (MSd) to calculate the message. After extracting the digest (referred to as MDdc) (S315), the two message digests (MDdr and MDdc) are compared and matched to confirm the integrity of the data (S316). At this time, whether to hash the received MSE message or to decode the original message once and then hash it, the encrypted message digest stored in the database based on the criteria set by the server and the user at the time of first use is encrypted. MSe) or the decrypted plaintext message (MSd). However, considering the speed of encryption / decryption, it is desirable to generate a message digest by hashing the encrypted message text (MSe).

If the integrity of the message is confirmed, the communication device decrypts the original message (S318), and synchronizes the corresponding original message according to the synchronization logic on the client side (S319). After that, if the user has data to add (for example, if you want to add a new person's contact to the address book) and enter new data (mesh support) into the communication device, the communication device will be based on the entered information. The data (mesh support statement) is once again synchronized using the synchronization logic (S320 and S321). After that, the communication device encrypts the extracted message digest with its own secret key by hashing the updated new message original (or first encrypting the encrypted message original) to send the newly synchronized data to the server for storage. This is transmitted to the server together with the encrypted message text (MSe) (S322, S323). The server receives the updated new data and updates the corresponding data in the database with the new data (S324). In the figure, the step performed on the client side "C + serial number", and the step performed on the server side "S + serial number".

In summary, the first method is to download the latest contents from the server and synchronize the data of the corresponding communication device once, and if there is new data, store it in the communication device and send it to the server to update the server database. Is performed. That is, in a manner in which data synchronization occurs on the client (communication equipment) side, synchronization logic (eg, a synchronization scheme, a conflict resolution routine, etc.) should be provided on the client side. This synchronization logic is most commonly used for "time-based" synchronization logic, which stores the most recent information first when synchronizing a person's data, but, for example, prioritizes data from a particular device. A ranking scheme or the like may be used.

4 is a flowchart illustrating a second method of synchronizing at the server side of the secure data management and synchronization method on the Internet according to the present invention.

Since the connection between the server and the client and the integrity checking of the message are the same as in the first method, detailed descriptions are omitted (S411 to S417). However, unlike the first method in which only a symmetric key based secret key is used for encryption / decryption, a public key based public key-private key combination can be used. In the case of using such a public key base, it is useful when multiple users want to share data to be synchronized in a group form, which will be described in detail with reference to FIG. 7.

When the integrity of the transmitted message is verified, the data communication device encrypts the latest message text (or synchronization data selected by the user) with the key (private key or secret key) to generate an encrypted message text (MSe). After that, it transmits to the server (S418). The server synchronizes the data by updating the information in the database with the received encrypted message text by the synchronization logic in the control module (S419). This synchronization logic includes a conflict processing routine for determining which data is stored first when there is data corresponding to the received message text among data already stored, that is, when there is a data collision. The matter is described in detail in Korean Patent Application No. 2000-0039327. Of course, if there is no previous information corresponding to the original message received, it may be stored as new information.

The server transmits the synchronized (finally encrypted message text stored in the DB) message text to the communication device (S420), the communication device receives the synchronized message text and decrypts it with a public key or a secret key and stores it by communicating. The data synchronization with the furnace ends (S421). The communication device hashes the synchronized message text (encrypted message text or decrypted message text) to extract the message digest (MDd) (S422), encrypts it with a private key or a secret key, and generates an encrypted message digest (MDe). This is transmitted to the server (S423). The server ends all steps by storing the encrypted message digest (MDe) corresponding to the synchronized message text in the corresponding area of the database (S424). Since the database contains already synchronized message text (encrypted), all you need to do is store the received message digest.

In summary, this second method receives the data (encrypted message text and message digest) stored in the database of the server corresponding to the data to be synchronized selected by the user to check integrity and update (synchronize) the message text. Encrypt it and send it to the server. After the server performs the synchronization, the synchronized message text is sent back to the client side, and the client receives and stores it so that data update on the client side is achieved. The client extracts the message digest for the synchronized message text, encrypts it, and sends it to the server, which stores the encrypted message digest with the synchronized message text.

5 is a flowchart illustrating a third method of the secure data management and synchronization method according to the present invention.

The user connects to an external information providing server such as a financial institution server or a certification authority server by using one of his communication equipments (S511), and with his certificate which is a means for authenticating himself to the external information providing server. In step S512, the client requests to transmit specific information among the information related to itself stored in the external information providing server to the synchronization server. The external information providing server extracts specific information (mesh support text) only when the user is authenticated (S513), encrypts it with the public key of the user, and transmits it to the synchronization server (S514), and the synchronization server receives the received (encryption). The corresponding message in the database is updated with the message text (S515).

After that, when the user accesses the synchronization server using a communication device and requests synchronization for a specific message text (S516), the synchronization server transmits the corresponding (encrypted) message support message to the communication device through user authentication. (S517). The communication device can securely synchronize data of various devices by decrypting and storing the message text using the user's private key (S518, S519).

At this time, when the synchronization server receives the encrypted message text from the information providing server, it must be able to recognize what kind of information of which user, that is, which area of the database (because the data is encrypted and synchronized). The server cannot know its contents.), The external information providing server must assign a recognition code indicating the type of the message text by the user's request or its own logic.

In order to allow the server to recognize the type of encrypted message text, for example, in an example of the format of data to be described later, items such as "domain name" or "object name" are not encrypted, but only "field" and "content". (Value) "may be used, or the message text encrypted with the data type defined by the user through DTD (Data Type Definition) may be converted and the transmission document may be converted using XML (eXtensible Mark-up Language). You can also use the making method.

When a user requests a message text transmission to an external information providing server, it is desirable to attach a digital signature to ensure nonrepudiation and integrity. "Electronic signature" means that the user encrypts the message digest for the request made by the external information provision server with the user's private key, and the external information provision server receiving the message decrypts the message digest and the request contents decrypted with the user's public key. Nonrepudiation and integrity can be verified by comparing the message digests extracted from them.

There is no restriction on the type of external information providing server and the type of message text. However, looking at the example, the external information providing server is a server such as a bank or a securities company. In addition, the external information providing server is a certificate authority, and the message text is a certificate of the user or another person or a "certificate revocation list (CRL)" which can know whether the certificate is valid or invalid. Can be.

6 is a table showing a format of data used in the security data management and synchronization method according to the present invention.

The data illustrated in the figure largely consists of a message text consisting of a domain name, an object name, a field name, content, and the like, and a message digest (MDe or MDd) for each message text. "Domain Name" is the largest category for classifying data, and in the drawings, "contact" information, "bank account" information, "digital certificate" information, "general personal work content" and the like are shown. This classification of "domain name" can be done arbitrarily. In each domain name, "object" and "field name" and "content" items of data corresponding to the object-field are added in subclasses. Taking the "contact" domain name as an example, "object" indicates the name of the individual, "field name" indicates the type of contact, such as a telephone number and an e-mail address, and "content" indicates a corresponding value. A "digital certificate" contains a certified certificate of a user, friend or trader of the user, for example, the public-key infrastructure certificate form of the IETF's Security Area. In X.509 format or RFC 2459 format, but is not limited thereto.

At this time, the basic unit of the message text to be synchronized is preferably a "domain name" unit, but may be a more "object" unit in more detail. If the basic unit of the message text to be synchronized is "domain name", for example, the message digest for all of the information corresponding to "contact" is extracted from the client and extracted from the client, which in turn is the user's private key or secret. The key is encrypted and converted to another value (MDe, "7979ace980e" in the figure). That is, the data stored in the database of the server is, for example, an encrypted message text (MSe) encrypting data (mesh support text; MSd) included in the "contact", and an encrypted message digest (MDe) thereof. . In this case, the entire message text does not need to be encrypted. For example, the domain name "contact" is not encrypted to be used as a classification unit (a recognition unit for classifying and storing data by the server), and only sub information thereof is encrypted. Can be.

However, the data synchronized by the present invention is not limited in kind and may include any information that may be stored and used in the data communication equipment in addition to the classification according to the "domain name" illustrated in the drawings.

7 is a diagram illustrating how data (mesh support text and message digest) is converted at each step of the secure data management and synchronization method according to the present invention.

FIG. 6A corresponds to a message integrity checking step in the first and second methods of the present invention, in which data (DATAe = MSe + MDe) requested by a user is transmitted from a server, and communication equipment receives the received encryption. The received message digest MDdr is generated by decrypting the message digest MDe with its private or public key. Then, the encrypted message text or decrypted message text is hashed to generate a calculated message digest MDdc, and then the integrity of the data (unmodulated) is verified by comparing the identity of the two (MDdr, MDdc).

As described above, a symmetric key-based secret key is generally used for encrypting and decrypting data, but a public key-private key combination is useful when multiple users want to share data to be synchronized in a group form. Is used. Each member of the group has a different public key and private key, and when encrypting the message text or message digest, each group uses its own private key and decrypts the group's public key (public key 1, 2 ... n; This is referred to as a "public key ring". That is, when decrypting for integrity check or restoring the message text, it is not possible to know which member uploaded the corresponding data. Therefore, decryption is performed sequentially using all public keys of all group members. Using this method, the message text can be decoded into meaningful information only when using the public cache key of the member who uploaded the data.In the integrity check, the message digest (MDdr) that is decrypted by one of the public keyrings is the resulting message digest. If it matches (MDdc), integrity is recognized.

On the other hand, if one common secret key is used for data synchronization of the group, if the secret key is leaked by one of the members, there is a concern that the data of the entire synchronized group may be leaked and altered. In this case, however, if the public key-private key is used as described above, even if the private key of one member is disclosed, only the data uploaded by the member can be leaked, and the remaining group information can be kept secure.

Such public key based group data synchronization can be more usefully applied to the second method than the first method. In the case of the first method, since synchronization occurs on the client side, there is a restriction that data communication equipment of all group members must use the same synchronization logic. However, in the second method, synchronization occurs on the server side and data encryption / decryption on the client side. This is because there is no limit as described above because only it occurs.

However, the "public key" in this public key-based group data synchronization is slightly different from the conventional concept of "public key" in that it is only open to members of the group and not to others. Do.

Fig. 7B shows a step of uploading additional (update) information to the server in the first method, which checks the integrity of the data and synchronizes the data on the client side (communication equipment side) based on the data transmitted from the server. Then, if there is a new message text.

The new message text (MSd) is hashed to generate a message digest (MDd), and the encrypted message text (MSe) and the encrypted message digest (MDe) are generated by encrypting the message text and the message digest with a secret key. The two combine to create an encrypted data package (DATAe = MSe + MDe) and send it to the server. The server stores and updates the transmitted encryption package in the corresponding area of the database. This ensures that the most recent data is always stored in the database on the server side.

FIG. 7C illustrates a data synchronization step in the second method. After receiving the message text and the message digest stored from the server to check the integrity, the FIG. 7C does not directly store the data in the communication device. The message text is encrypted with the user's private key or secret key to generate an encrypted message text (MSe) and then transmitted to the server. The server generates a synchronization message text (MSesync) by synchronizing the message text according to the synchronization logic based on the new message text received and the corresponding message text already stored, and transmits it to the communication device (client). The communication device performs data synchronization by decrypting and storing the received synchronization message text with the user's public or private key, and then hashes the encrypted or decrypted synchronization data (MSesync or MSdsync) to create a new message digest (MDd). Extract The newly extracted message digest (MDd) is encrypted with a secret key or a user's private key to generate an encrypted message digest (MDe), which is then transmitted to the server for storage. Therefore, the same synchronization message text as that stored in the communication device (except for encrypted; MSesync) and its encrypted message digest (MDe) are stored in the server.

According to the method of the present invention, the data of a plurality of data communication equipments owned by a user or a group member are collectively stored and managed in a server on the Internet, and the corresponding data is provided according to a user's request. Or / and by using public key-based encryption and message digests (or digital signatures), an individual can determine the accessibility, confidentiality, and integrity of personal information (files, contacts, e-mails, passwords, electronic certificates, account information, etc.) stored on the server. It can maintain and the server can achieve customer's authentication and nonrepudiation.

In addition, it is possible to collectively manage and synchronize data of a plurality of data communication devices owned by a user or a group member without the contents of the data being disclosed to a server (administrator) who stores and manages the data. have.

In addition, while maintaining security, the latest information may be transmitted from the server providing the personal information to the synchronization server, and the information may be synchronized to various data communication devices of the individual at the request of the user.

Claims (12)

In the data synchronization method using a database for storing the synchronization data, a synchronization server for managing the database, one or more synchronization data communication equipment, a computer network connection channel connecting the DB, the server and the communication equipment, Each of the synchronization data stored in the database is an encrypted message encrypted with a key as a message digest extracted by a hash function for one of a message original field encrypted with a key and an encrypted message original and an unencrypted message original. Consists of digest fields, A user of a communication device making a data synchronization request to a server using one of the communication devices; The server searching the database and transmitting the requested data to the communication device; After deciphering the message digest field from the encrypted data transmitted by the communication device, extracting the message digest of one of the encrypted message text field portion and the unencrypted message text field portion, the decrypted received message digest and the extracted output message digest are extracted. An integrity checking step of acknowledging the integrity only in the same case in comparison; A data synchronization step of updating, by the communication equipment, the corresponding data stored in the message original field part of the received data only when the integrity is confirmed; And Data that communication equipment encrypts new message text with key, extracts message digest for encrypted new message text, encrypts with key, and transmits new encrypted message text and encrypted message digest to server for update and storage. Update phase Secure data management and synchronization method on the Internet, characterized in that consisting of. delete The method of claim 1, And said key is a secret key of an individual used in a symmetric key-based encryption method. delete In the data synchronization method using a database for storing the synchronization data, a synchronization server for managing the database, one or more synchronization data communication equipment, a computer network connection channel connecting the DB, the server and the communication equipment, Each of the synchronization data stored in the database is an encrypted message encrypted with a key as a message digest extracted by a hash function for one of a message original field encrypted with a key and an encrypted message original and an unencrypted message original. Consists of digest fields, A user of a communication device making a data synchronization request to a server using one of the communication devices; The server searching the database and transmitting the requested data to the communication device; After deciphering the message digest field from the encrypted data transmitted by the communication device, extracting the message digest of one of the encrypted message text field portion and the unencrypted message text field portion, the decrypted received message digest and the extracted output message digest are extracted. An integrity checking step of acknowledging the integrity only in the same case in comparison; Only when the integrity is confirmed, encrypting the latest message text of the communication device with a key and transmitting it to a server; The server synchronizing the latest message original encrypted by the predetermined synchronization logic with the corresponding corresponding message to generate an encrypted synchronization message original, and transmitting it to the communication device; The communication device extracts the message digest for the encrypted synchronization message text, encrypts it with a key, and transmits the message digest to the server; And updating and storing a corresponding message digest of the database with the received encrypted message digest. 2. delete The method of claim 5, And said key is a secret key of an individual used in a symmetric key-based encryption method. The method of claim 5, The key is a public key and a private key used in a public key based encryption method, In the encryption of the message text and the message digest, the private key of each of the one or more group users to synchronize data is used, and the entire public key of one or more group users is used for decryption. Way. delete delete delete delete