WO2007091336A1

WO2007091336A1 - Character-encrypting method, and encrypted-character-code depicting method and program

Info

Publication number: WO2007091336A1
Application number: PCT/JP2006/302578
Authority: WO
Inventors: Nobuaki Teraoka
Original assignee: I-Dam Network, Inc
Priority date: 2006-02-08
Filing date: 2006-02-08
Publication date: 2007-08-16

Abstract

A first computer determines a position of character distnctive data extracted from glyph data of characters to be encrypted in accordance with a second parameter value obtained by the generation of a plurality of quasi-random numbers and transfers the character distnctive data obtained from the glyph data at this position to encrypted character codes. When a second computer displays the encrypted character codes, the second computer retrieves encrypted character codes in a decoding table obtained from the first computer and glyph data for encryption depicted from the second parameter. Data including encrypted character codes as glyph data to be depicted at a position instructed by the second parameter from the glyph data are extracted and depicted.

Description

Specification

Method of character encryption, method of drawing encrypted character code, and program

The present invention relates to a technique for using text data encrypted on the server side on the client side. Technical view

Conventionally, data necessary for »between computers connected via a network can be expressed as follows: In ^, encrypted data is described in 3⁄4, and the received computer is decrypted using a prepared key and password . In this technique, it is possible to prevent the malicious third party from using data on the communication path. However, since the decrypted data can be handled freely by the computer on the receiving side, the decrypted data can be easily leaked due to a malicious user or a virus infection. was there.

Patent No. 3 2 0 9 1 9 8 is known to prevent such data from being used illegally in a computer on the receiving side. In this method, the server encrypts character data, and the client-side dedicated view server decrypts and displays the encrypted character data. The server replaces the character code with the encrypted character code, and creates an encrypted font file corresponding to this encrypted character code. The character data to be written to the client is sent to the client by replacing it with the encrypted character data with the B phonetic character code. The client-side dedicated view server receives server-powered encrypted character code and Bf ^ -ized font file. Then, when the client's dedicated view receives the B phonetic character data, when iti ~, the normal font data is displayed by preparing an encrypted font 'file corresponding to the character code.

In this conventional example, browsing of encrypted character data is permitted only with a client equipped with a dedicated view, and the use of character data that is normally used by other applications is Ph, and the displayed character data is used on the client side. In order to prevent it from being handled freely. Disclosure of the invention

However, although security can be secured on the client side in the above-mentioned compliance! |, The server side stores the character data as plain text, so in order to infiltrate a malicious user S on the Sano, There is a problem that information can be used for lines.

Further, in the above-mentioned details, since the encrypted character code is only the character code A † i by random numbers, if it is a computer equipped with a microprocessor of recent years, the B-voice-coded character code The font file relationship may be easily deciphered.

Furthermore, in the above-mentioned detailed information, there is a problem that encrypted character data can not be used except for dedicated views, so that it can not be used in a wide range of applications, such as databases and spreadsheets.

Therefore, the present invention aims to be able to be used in a wide range of applications while securing a high degree of data security on both the server side and the client side.

According to the present invention, in the first measurement, the position of sentence data to be extracted from the glyph data of the character to be encrypted is determined by the value of the second parameter obtained by two times of pseudo random number generation. Sentences obtained from Darif data «of | Let the underlying data be the encrypted character code. That is, a part of the encryption glyph data specified by the second parameter is generated as an encrypted character code. Then, store the encrypted character code of コード and the second parameter in the decryption table. The character code is not related to the original character code, because it consists of glyph data, that is, part of the character shape indicator. For this reason, it is extremely difficult to skimp the original character code from the encrypted character code, and it becomes highly confidential Uf ^ ".

When displaying the encrypted character code in the second calculation, an encryption glyph for drawing from the second character and the t ^ character code of the decryption table obtained from the first difficulty. Data is detected From the glyph data for encryption and extraction, data including data characters encoded by the Japanese character code is extracted as glyph data for characters to be drawn at a position designated by the second parameter. As a result, the character code for Bf ^ is converted to a conventional character code, and it is for drawing data that can be used as a drawing data. You can get Darif data. Therefore, even if only the encrypted character code sentence is taken from the second computer, it is extremely difficult to restore the original character code, and both of the first and second totals »are advanced. Security can be secured.

Furthermore, in the encrypted character code of the present invention, a part of the character shape is encrypted as a conventional character code, so only the application that uses the encrypted character code in the second total ^ ^ Since decryption tables and glyph data for encryption can be used, it is possible to secure high security in a wide range of applications, such as databases and general spreadsheets. Brief description of the drawings

FIG. 1 is a block diagram showing a solution form of this work and showing a system configuration of # ^ to which the present invention is applied to a database system. '

Figure 2 is a block diagram showing the functional elements of the database server, proxy server and client.

Fig. 3 is a block diagram showing the functional elements of the encryption unit of the proxy server.

FIG. 4 is a diagram showing the relationship between the ciphertext determination table and glyph data for encryption.

FIG. 5 is an explanatory diagram when extending the encryption acquisition code from the encryption glyph data using a parameter. f

FIG. 6 is an explanatory diagram when encoding character code and parameter table from parameter table and Darf data for Bf ^.

FIG. 7 is a block diagram showing functional elements of a client for drawing B-encoded character code. FIG. 8 is an explanatory view showing the relationship between the decoded tape 7 and the user / shell area.

FIG. 9 is a flowchart of parameter generation processing performed by the proxy server.

Figure 10 is a flowchart of the encryption process performed by the proxy server.

Figure 11 is a flowchart of the drawing process performed by the client.

FIG. 12 is an explanatory diagram of 3⁄4 ^ that generates a plurality of parameter tables. Figure 13 is a timing chart showing the timing of the client, proxy server, and DB server ^, showing the second difficulty mode.

FIG. 14 is a block diagram showing the function of the database server, the proxy server, and the client according to the third aspect of the present invention.

FIG. 15 is a block diagram showing a fourth mode and showing functional elements of a database server, a proxy server and a client.

FIG. 16 is a block diagram showing the fifth form and showing the relationship between the database server, the proxy server and the client.

FIG. 17 shows a sixth embodiment Hii, and is a block diagram showing the relationship between the database server, proxy server and client.

FIG. 18 shows a seventh form, and is a block diagram showing the relationship between the database server, the network dongle and the client. '

FIG. 19 is a block diagram showing a relationship between a database server, a proxy server, and a client according to an eighth male form.

FIG. 20 is a clear view showing partial glyph data.

Fig. 21 shows an element of glyph data.

Figure 22 is a block diagram showing the relationship between the database server and the client, showing the ninth mode. '■ Invention! Best form for 3⁄4

Hereinafter, a male embodiment of the present invention will be described on the basis of drawing resistance.

(First male form)

FIG. 1 shows the configuration of a database system according to the first embodiment of the present invention. In FIG. 1, the network 3 is connected to the database server (hereinafter referred to as DB server) 1 which manages the database, the client 2 which uses the data of the DB server 1, and the communication between the DB server 1 and the client 2. The proxy proxy to encrypt data 4 power S connected. The DB server 1 has a CPU 1.1 for performing computations, a main memory (memory) 12 containing programs ^^, and an interface 1 for connecting to a network adapter 14 and a storage device 15. And 3. The network adapter 14 is connected to the network 3 to perform communication, and the storage device 15 stores a database. Note that main contents 12 are composed of DRAM, S RAM, etc., and are composed of free memory that does not perform storage operation at the time of @ 断 break. The proxy server 4 is also configured in the same manner as the DB server 1, and CPU 4 for performing arithmetic processing, main memory (memory) 42 with a program ^ ^, and a network adapter 4 4 or storage device 4 5 and an interface 4 3 for connection. The network adapter 4 4 is connected to the network 3 to perform communication, and the storage device 45 stores font data and the like.

Client 2, CPU 2 1 ················································································································································································································································ An interface 2 for connecting to a network adapter 2 4 or a storage device 25 5 And 3. The network adapter 24 is connected to the network 3 for communication, and the storage device 45 carries out programs and the like. In addition, the interface 2 3 is connected to a display 2 6 that displays '隨, an information input device S such as a keyboard 2 7 or a mouse 2 8, etc. that inputs' 1f #.

Figure 2. FIG. 8 is a block diagram showing machine elements of a database system in which eight servers 1, proxy server 4, and client 2 are connected by a network 3.

In the database server 1, a database management system (hereinafter referred to as DBMS) 1 1 0 runs ^] on the database S 1 0 0 that manages the database 1 2 0 containing encrypted character data. The DBMS 110 responds to the request from the client 2 (data reference request or 赌 request by SQL etc.) via the proxy server 4, and the data including Bf ^ converted characters in the database 120. In addition, D BMS 110 cranes the character data encrypted by proxy server 4 into database 120. In addition, database 120 is other than encrypted character data. Stores plaintext (normal character data), numerical values, etc. In the present embodiment, the client 2 is capable of communicating with the DB server 1 via the proxy server 4, and the client 2 means the proxy server 4. I do not know.

In proxy server 4, a packet is sent from client 2 to bucket server 1 to bucket database server 1 and a user authentication module to authenticate the user of client 2 with access to database 1 2 0 4 2 0 And, B2 データベース converts the plaintext character data for database 1 2 0 from client 2 into B-to-speech conversion 咅 | 5 5 0 0 and ^ 3 ^ on OS 5 0 0 respectively.

Then, the conversion unit 500 converts the plaintext character data into ternary character data using the pseudo random number generated by the pseudo random number generation unit 530, and the B-note It is composed mainly of table conversion ^ 5 2 0 which appreciates the client 2 that has successfully authenticated the decryption table 4 60 for decrypting the encrypted character data.

In addition, the storage unit 45 of the proxy server 4 includes a three-sentence table 440 in which character codes to be encrypted are set in advance, and encryption glyph data 4 50 included in encryption font data set in advance. Will be; ^ inside. Glyph data (text data) is data that indicates the shape of a character associated with a single character, and is defined by, for example, a set of function of a word line such as a Bezier curve, a bit map, etc. .

And, as described later, in the main memory 4 2 of the proxy server 4, a parameter table 4 3 0 temporarily generated to create encrypted character data and a code table 4 7 0 are generated. It will be remembered. _f Also, the decoding table 4 60 is temporarily stored in the main memory 4 2. In addition, each table placed in Tsuruuchi on the main memory 42 secures security by erasing at a predetermined timing.

If the user who has already completed authentication, the data from D BMS 1 1 0 to client 2 is referred to as the data from D BMS 1 1 0 as it is, and the authentication has not been completed. Communication is blocked for the client. '

Bucket trace: If the data from client 2 for which authentication has been completed is a SQL statement (data request) or a field for which encryption is not specified, it is processed as it is in D BMS 1 10. On the other hand, the bucket Totra: ^ | 4 1 0 is the data received from client 2 ( If the field of the sentence) is a field in which B-phoneization is specified, this data is converted to the Bf ^ conversion unit 500.喑 ^ 3⁄4 conversion unit 5 0 0 converts the plaintext received from the bucket to trap ^ 54 1 0 into B note and writes it to DBMS 1 1 0, and DBMS 1 1 0 edits encrypted character data into a data space 1 2 0 fr T Ru. In the database 120, it is possible to process any encrypted character code whose character code is plaintext.

Client 2 accesses DB 1 database 1 2 0 of database server 1 DB client application (hereinafter DB client) 2 1 0, Information input device Power S Converts input characters into 2 bit letters FEP ( Front End Processor) 2 2 0, Decryption Table 4 6 0 for decrypting encrypted character data of Database 1 2 0 4 Proxy Server 4 etc. are acquired, and encrypted font manager 2 5 0 is set to Client 2 ,, Respectively on OS 2 0 0.

The OS 2 0 0 0 includes a font rasterizer 2 0 1 that draws a character input to the DB client 2 1 0 and a character output by the DB client 2 1 0 on the display 2 6.

The font rasterizer 201 draws plain text using the normal font data 230 which has been stored in advance in the storage device 25. Also, in the storage device 25, the Darif data 450 for the same code as the proxy server 4 is preliminarily stored. And then, No. Font Manager 2 5 0 Force Decryption Table 4 6 0 is acquired, No. Font Manager 2 5 0 Decryption Table 4 6 Q contents are usually font data 2 3 0 character code table (CMAP (CMAP Set to the predetermined area of), and the encrypted font manager 25 0 pulls the glyph data for encryption 4 5 0 ^ "T, the font rasterizer 2 0 1 enables drawing of the encrypted character data. Note that the normal font data 230 and Darf data for Bf ^ 450 are expanded on the main memory 22 from the storage device 25 and the decryption table 460 acquired from the proxy server 4 is the client 2 The main memory 2 2 is stored in the main memory 2 2. Then, the decoded table 4 6 0 on the main memory 2 2 and the expanded normal font data 2 3 0 are deleted from the main memory 2 2 each time β 2 of the client 2 is lost. Will be

As the DB client 210, for example, a browser or a dedicated application It can be adopted, and B 眘 No. font manager 250 may be installed on client 2 as a plug-in software for DB client 210.

FIG. 3 is a block diagram showing a flow of processing performed by the cryptographic conversion unit 500 of the proxy server 4.

At the time of activation of the proxy server 4, a parameter is generated as an acquisition code 8 from the pseudo random number obtained by the pseudo random number generation unit 530 at the time of activation of the proxy server 4. The pseudo random number generation unit 530 is formed of, for example, a hash function or the like, and generates the same pseudo random number for the same parameter.

The pseudo random number generation unit 5300 uses a value unique to the proxy server 4 and a value ^^ in a program as a value for pseudo random number generation. For example, the IP address and MAC address of the network adapter 44 of the proxy server 4 are used as values for pseudo random number generation (D 1). This 3⁄4 ^, parameter table creation unit 51 1 obtains two pseudo random numbers as parameter 1 A and parameter I B. The values for pseudo random number generation are not limited to the above, and as will be described later, different values for pseudo random number generation may be used for each character.

Then, the parameter table generation unit 51 1 generates a predetermined number of parameters 1 A and IB by the above-mentioned pseudo random number generation unit 5 300, and causes the main memory 4 to correspond to the letter of the B phonetic character. 2. View on the parameter table 4 3 0 created on the top. Also, based on the parameters 1 1 1 :: 回避 In order to avoid that the cryptographic code is generated, a cryptographic code table 4 7 0 that associates the generated cryptographic code with the character code or symbol. Temporarily generate on 2 | The parameter table creation unit 51 1 encrypts only the characters that make up the word, instead of encrypting all the characters, and suppresses the number of characters to be encrypted. Therefore, the parameter table 4 3 0 is created only for the character code set in the ciphertext ^ # grain table 4 4 0 set in advance. As for the character code, any desired character code such as shift JIS, EUC, UN I CODE may be used, and in the present embodiment, an example using UN I CODE (US C-2) will be described. ' The ciphertext determination table 440 is set, for example, in advance except for the following characters.

1. The characters before and after can not be guessed at all

Shape symbol (such as · ★ ★))

歸纏-

Delimiters (such as 'no')

Parentheses ([<, etc.)

Box ^ (circles »etc.)

2. Those who can guess the characters before and after

Punctuation marks (., Etc.)

Japanese (~ & etc)

3. What can identify quite certain characters before and after '

Unit symbol (such as C $$)

Arithmetic symbol (such as X ÷ =)

As described above, for characters that do not form a word, they are treated as plaintext in the ciphertext determination table 4 4 0 as plaintext, and other characters are used as encryption strings. For example, as shown in FIG. 4, in the sentence setting table 440, the character code of the encryption key is set in the 1 to n statements, and the address of the Darif data 4500 for the code corresponding to the character code is set. Set As shown in FIG. 4, the address of the glyph data 45 for the symbol of each character is the start address when the encryption glyph data 4 50 is expanded on the main memory 42.

For example, the character “a” is as shown in FIG. 5 and the font of the font indicated by ^ glyph data 4 0 is as follows. Assuming that values for pseudo random number generation A-I P address and B two-MAC address, if values A and B are respectively assigned to one hash function (pseudo random number generation function RND (x)),

Parameter 1 A = RND (A) = 1 (1)

Parameter 1 B = RND (B) = 2 0 (2) The two pseudo-random numbers "1", "2 0." force S are obtained. These pseudo random numbers are parameter 1 A = “1”, 1 B = “2 0”. Then, as described later, in the parameter table 4 3 0, these parameters 1 A, 1 B and the symbols are associated with each other and are entered into one entry (see FIG. 5) ₀

Next, the value indicating each parameter 1 Α, 1 Β is used as the offset value of the number of pits from the start (start) address in the glyph data for dark crypts of cryptic base letters 5 0. From the position of the corresponding number of bytes of 4 5 0, extract a predetermined number of bytes as a subset of the sentence data. Here, an example is shown in which one knot of glyph data is acquired using the values of parameters 1 Α and 1 Β as the number of pits from the top address.

That is, in FIG. 5, the parameter 1 Α = “1” extracts the first address of the encryption glyph data “5” of “A” or the value of “1 8th bit” “8 8 h”, and parameter 1 B = “ Extract the value "6 B h" of the 2nd byte from 2 0 ". Then, the value “8 8 6 B h” obtained by combining “8 8 h” and “6 B h” extracted is associated with the character code or the statement ^ # in the encryption code table 4 70, and then edited. Note that this combination combines the first extracted value with the upper byte, and the last extracted value with the lowest byte.

Next, as shown in FIG. 5, the parameter table 4 3 0 is generated on the main memory 4 2 2 as an array corresponding to the sentence ^, and the array corresponding to the sentence “A” = “2” "1" of 1 a, to inner "2 0" parameter _f over data 1 B as B sound degree code. That is, as shown in FIG. 6, the parameter table 4 3 0 is a table in which the number of parameter forces S associated with the pattern is associated.

At this point, the sentence “A” of the sentence 3⁄4 2 of the sentence table 4 4 0 and the letter “A” are associated with the Bf ^ acquisition code 1, 20. Then, by using the same hash function R ND (x) of the pseudo random number generation unit 5 3 0, the sentences obtained from 1 and 2 0 of the B tone acquisition code and 4 5 0 for glyph data for encryption «3⁄4 data Cryptographic code 8 8 6 B h consisting of will be associated. Note that the encryption code table 470 is a temporary table for retrieval to avoid the B chord code loss, and is deleted after the parameter table 430 is created. When the plaintext is encrypted, the encrypted data creation unit in FIG. 3 is based on the parameter table 4 3 0 when the plaintext is encrypted. 5 1 2 Raw encrypted character data) ^ T

The encrypted data creation unit 5 1 2 encrypts one sentence for the input sentence ^^. In this encryption, the encrypted capital letters are obtained from the ciphertext identification table 440, and the parameters corresponding to the character numbers are taken from the parameter table 4 ^; ^. Obtained parameters The pseudo random number is generated for each parameter using the hash function RND) of the pseudo random number generation unit 530 from the obtained force.

Then, as in the parameter table creation unit 51 1, the encrypted data creation 5 1 2 extracts a subset of sentence data from the encryption glyph data 4 50 using each pseudorandom number as an offset value, and the value of the extracted byte number Is a combination of the two as an encrypted character code. Then, set the character code converted to the vignette sign in the encrypted sentence ^^ str. '

For example, when plaintext character “A” force S is input, “A” sentence special number “2” is acquired from Bf ^ statement determination table 4 4 0, and as shown in FIG. Parameter table to be acquired 4 2 Get two parameters “1” and “2 0” from 0.

Next, in the pseudo random number generation unit 530, each parameter 1 A, I B is given to the hash function RND), and two pseudo random numbers are ^ as second parameters 1 1 A, 1 1 B.

Noramame 1 1 A = RND (1 A)

Parameter 1 1 B = RND (I B)

For example, as shown in FIG. 6, it is assumed that parameter 1 1 A = “5” and parameter 1 1 B = “3 0” force S are obtained by the hash function RND). Next, get the value “85” of the 5th byte from the glyph data for cryptograph 4 5 0 to the value “A 3” of the 30th dot. Then, the combined value "85 A 3" is used as the encrypted character code (B-encoded character data). In other words, UN I CODE “3 0 4 3 h” “A” character is converted from encryption glyph data 4 5 0 sentence ^ base data to “8 5 A 3 h” encryption character code, From the normal UN I COD E CMAP, “·” is not displayed correctly and is encrypted. This encrypted character code The letter U containing the letter is made into the database 1 2 0 as the letter data: letter data.

At this time, the original glyph data can not be searched only with the pseudorandom number and the encrypted character code obtained from the Darif data for encryption 4 5 0. Therefore, as position information of the glyph data corresponding to the encrypted character code “85 A 3 h” determined above, the parameter 1 1 A = “5” which is the value of the pseudo random number determined for each parameter and the parameter 1 1 B = "3 0" is associated and leaked to the decoding table 4 60 as shown in FIG.

As shown in FIG. 6, the decryption table 460 includes, in one entry, a decryption character code and a position S corresponding to the number of pseudo random numbers to be ^. The position information indicates the parameters 1 A, 1 B, 1 1 A, and 1 IB, and sets the position of the sentence ^ (^ data obtained from the glyph data for encryption 4 5 0. In the present embodiment, The number of pseudo random numbers to be generated is 2, so the position information is up to 2. As for the other characters, as described above, the characters in the ciphertext specification table 4 4 0 are used as the encrypted character code. z converted.

Note that the above-mentioned pseudo random number generation unit 530 determines the range of random numbers so as to be within the length of the data m that generates pseudo random numbers, and then performs random numbers ^^. For example, the character sentence that is focused, [The data was 100 bytes ^ \ The value obtained by subtracting the number of pits to be acquired from the offset value indicated by its parameters 1 A and 1 B is in the range of random numbers. Become. The number of noises to be acquired from the offset value was 1 bit, and the offset value should be in the range of 1 to 9 9 bits. That is, the range of the number of tongues is 1 to 9. Also, as for parameter tape, / re 43, create as many as the number of encryption patterns. The parameter table 4 3 0 in FIG. 5 indicates that the number of encryption patterns is 1.

Next, in order to make the generated cryptographic code unique, the parameter table 4 '3 0 in Fig. 5 has two parameters 1 A per character, and two random numbers obtained by IB and offset values. However, this is a method for acquiring discontinuous values to prevent this, as it may become an angle when acquiring the value.

Next, it is also possible that the value obtained by acquiring the “i” encryption acquisition code in the same way may be the same encryption acquisition code as “a” depending on the sentence ^ @: data. Like this: ^, the character Since it can not be determined, the cryptographic code must be a unique value. Therefore, in order for the cryptographic code to be acquired, the following parameters should be generated to acquire a new cryptographic code. In addition, it is possible to prevent normal character codes and Bf ^ acquisition codes from being used not only between code acquisition codes but also between code acquisition codes.

Thus, the proxy server 4 performs encryption. Thus saved in the main memory 4 2 generates a parameter table 4 3 0及No. Tepunore 4 6 0 every time the start of Purokishisa one path ⁴ At the time of shutdown, all the tables required for encryption and decryption are erased, so the security of the cryptographic system can be secured.

Furthermore, since DB server 1 only stores the encrypted character code in database 120, there is no need to configure database 120, and it is extremely easy to introduce a cryptographic system with high security. Can. In addition, even if the contents of DB server 1 are corrupted, the encrypted character code (Bf ^ conversion data) of database 120 is encrypted with decryption table 4 60 of the proxy server 4 authentication source and encrypted Glyph data 4 5 0 and Cipher Font Manager 2 5 0 can not see the contents as a normal sentence! Therefore, it is possible to introduce extremely high security at low cost without adding new software and devices to the DB server 1.

Next, the details of the encryption processing performed by the snux server 4 will be described below. In the encryption unit 500 of proxy server 4, as in _Bfe, the encryption module 5 10 0 creates the parameter table 4 3 0 every time the proxy server 4 is started (the parameter table in FIG. 3). Bull making section 5 1 1). Also, when the plaintext S is input from the client 2 whose authentication has been completed, the Bf ^ conversion processing is performed at 'data ^ 3⁄5 5 1 2 in FIG.

<No, ° Lathem Tape Nore Making Process>

No, Figure 3. An example of the process performed in the parameter tape Nore production ^ 1 1 1 will be described below with reference to FIG. The flowchart in FIG. 9 is to be executed when the proxy server 4 is started. In the following example, the above hash function R is generated when parameter 1 A, IB is generated. Indicates that only one ND (x) is used. .

First, in S1, set the total number n 1 of encryption patterns to be created. In the present embodiment, as shown in FIG. 3 to FIG. 6, the case where the total number n 1 of symbol patterns is set to 1 will be described in order to simplify the description.

In S 2, read the ciphertext determination table 4 40 and set it to the total number n 2 of characters to be encrypted. The total number of sentences to be converted into ^ and B phonetic characters in the ciphertext determination table 440 shown in Fig. 4 is n. In S3, set the total number n 3 of parameters used per character. Since this example shows an example of using two parameters (offset) of parameter 1 A and I B, set n 3 = 2.

In step S4, the parameter i to control the number of parameter tables 4 3 0 (total number of B note patterns) to be generated is initialized to 1. At S5, it is determined whether or not the value of the counter i is within the total number n 1 of the parameter table 4 30 generated. If the value of the counter i is equal to or less than n 1, the process proceeds to S 6. If not, the process proceeds to S 20 to end the parameter table creation process.

In S6, a parameter table 4 3 0 corresponding to the value of the counter i is created on the main memory 4 2. In step S7, the code table 4700 corresponding to the counter i is expanded on the main memory 42. In S 8, initialize the first group j to 1.

In S9, it is judged whether the first nop counter j does not exceed the total number n of characters to be encrypted, and if it exceeds, the parameters in the order of ciphertext identification table 4 4 0 after S 10 0 ^ ^ Do. If the first player j exceeds the total number n 2 of characters to be encrypted, the counter i is incremented by 1 in S 14 to create the next parameter table, and the process returns to S 5.

In S 1 0, the end of the value of the first loop counter j is added to the created parameter table 4 3 0. Then, the value (character number) of the first loop counter j is set to the added entry, and the value of the first loop counter j is set to the sentence 4 4 0 of the ciphertext throttling table.

In S11, the value of a second nopkanta k, which controls the number of parameters, is initialized to one. Also, arrange and clear (k).

In S 12, the second Pekan th k value exceeds the number n 3 of parameters to generate! Determine if If the value of the second nop counter k is less than or equal to the total number of parameters, the process proceeds to S13 to generate a pseudorandom number. On the other hand, if the value of the second / ^ puktan k exceeds the total number of parameters, Proceed to S15, and determine whether there is any error in the code acquisition code of the relevant document.

In S13, a pseudorandom number is generated by the following equation from the value of the first no ^ "" counter j and the value of the second /! ^ Counter k, and is set in the parameter 1 (k).

Parameter 1 (k) = RND (j Xk) (1,)

Then, ^ using parameter 1 (k) as an offset, as shown in Fig. 4 and Fig. 5, the 1st sentence is shown in Fig. 4 and Fig. 5) Sentence ^ ^ ^ Acquires the specified number of bytes (here 1 byte). Then, the sentence data obtained is substituted into cd e.

Further, a combination of the character data acquired last time and the sentence ^ 3⁄4 data acquired this time is taken as a code acquisition code cd e. '

Cipher acquisition de _co de = (code + 10 Oh) + code (3)

In addition, this (3) formula is combined so that the sentence data until the previous time is the upper piet and the 1 byte this time is the lower piet. Note that (c o d e + 100 h) in equation (3) indicates the process of shifting the previous code acquisition cycle c o d e by 8 bits (shifting to the upper bite). Also, the generated parameter 1 (k) is placed in the array L (k).

Then, the value of the second counter k is incremented by 1 and the process returns to S12. That is, in the case of S 12 S 13, parameter 1 (k) powers are generated by the number n 3, and sentence data with this parameter 1 (k) as an offset is integrated in the cryptogram acquisition code cd e. In this example, since n 3 = 2, two parameters 1 (1) and 1 (2) are ^, and the text and glue data in the pitt number of these parameters 1 (1 1 (2) is the code acquisition code co In the parameter table 430 in Fig. 5, the value of the parameter 1 (1) is set in the parameter 1 A in the figure, and the parameter 1 (2) is set in the parameter 1 B in the figure. In array (k), ^ ^ parameter 1 (1 1 (2) force S is sequentially stored).

After generating parameters up to the number n 3 in S12, the process proceeds to S15 and the encryption acquisition code cod Determine whether e does not identify it as another code acquisition code in code table 4700. The second "P" counter k is initialized to 1 in S 16 and then the parameter 1 (k) is generated again, and new sentence data is extracted. If code is not stored, proceed to S17.

In S17, the acquired code acquisition code c o 4 e is set in the No. code table 4 7 0 corresponding to the value of the first screen ^ j.

In S 18, the parameter table 4 3 0 indicated by the B-note pattern i is set and the parameters 1 (1) and 1 (2) stored in (k) are set in the entry of the statement # j. Then, the first loop counter j is incremented by 1 in 3 1 8 to obtain the code acquisition code c o d e from the statement ^ f data corresponding to the next statement.

By looping back the loop S5 to S18 of the loop S5 to S18 by the loop power j, j X loop power nt k, all the characters in the Bf ^ statement ^ constant table 4 4 0 are checked, respectively. Two parameters 1 (1), 1 (2) and cryptographic acquisition code code power S are obtained. Note that for the total number of B note patterns n 1 force 1 more than ^, repeat the above process n 1 times, i = 1 to n 1 multiple parameter table Nore and fif ^ code tape, Nore 4 7 0 It is born.

Then, when the counter i exceeds the total number n 1 of the encryption patterns, the process proceeds to S 2 0 to finish the process, and the code number table 4 7 0 expanded on the main contents 4 2 is erased.

In S _f 2 1, the generated parameter table 4 3 0 is stored in the storage unit 2 5, and further, in S 2 2, the decryption table 4 6 0 to be encrypted in encryption processing is the total number n 1 of encryption patterns. 4 Create on 2nd.

As a result of the above processing, a parameter table 4 3 0 capable of making a unique code acquisition code cd on the code number code table 4 7 0 is created as shown in FIG.

FIG. 10 is a flowchart showing an example of the encoding process shown in FIG. This flow chart is shown in the following figure. Bucket to trace: When the plaintext (statement IJ) received from the client 2 that has completed the authentication of the bucket 2 0 t S received the plaintext (statement IJ), the conversion unit 5 0 0 It is a thing to be chrysanthemum in 2.

In step S30, the database 120 which receives the message ^ received from the client 2 is entered. In each input field of the database 120, a key that needs to be divided into eight is set (J child power S is set in advance, and the encrypted data creation unit 5 12 2 asks the DBMS 1 10, As a result of this inquiry, as a result of matching, the repulsion field requires the B-digitized character data, the process proceeds to S31, and for the plaintext: ^ proceeds to S39 9. S39 Then, the input column is stored as it is in the input field of database 1120.

Encrypt # ^ is S 3 1. This input field ^! The received statement ^^ is set to the statement n l contained. Also, initialize counter i to 1.

Next, in S32, it is determined whether the counter i is less than or equal to the statement .n 1 of the field. If the value of the counter i is equal to n 1, the processing of the sentence ^^ stored in the input field is completed, so the process proceeds to S 4 0. In S 4 0, a statement st r containing the character code of the number character code is registered in the corresponding input field of table 1 2 0, and the process is ended.

On the other hand, if the counter value is n 1 or less, the statement stored in the input field is dated.

In S 3 3, the character code of the i-th character of the input sentence ^ ^ is extracted, and the Bf ^ "conversion sentence 3⁄4: fixed table 4 4 shown in FIG. Since the ^: character code is not in this table, it is not an encrypted statement, so go to S 38 and set this i-th character code in the variable addchar. Go to S36.

On the other hand, if the i-th character code has been machined in the B-phonetic conversion sentence determination table 440, the process proceeds to S34 and encryption is started. In S 34, the character code pointed to by counter i is acquired, and the character code ^ of this character code is acquired from the encrypted statement specification table 4 40. Next, the parameter corresponding to this sentence number is acquired from the parameter table 430. For example, as shown in Fig.4 and Fig.5, it corresponds to the character code from the letter \ \ Bf ^ ^ 3⁄4 fixed table 4 3 0 of the letter "A" of UN IC O D E as shown in Fig. 4 and 5 Get the code = 2 and get 2 parameters from “1” and “2 0” from the parameter table 4 3 0. Here, the acquired value is a variable A for random number generation, Copy to B. Then, pseudo random numbers are calculated in the same manner as in the above equations (1) and (2), and the pseudo random numbers are substituted into parameters 11 A and 11 B.

Next, in S 35-, with the parameters 11 A and 11 B as offsets, the encryption glyph data 450 corresponding to the acquired code is acquired. In this example, a single-byte statement ^ [data is acquired by one parameter, so a total of 2 characters of character difficult data are acquired. These acquired statements ^ data are combined to make an encrypted character code, and assigned to the variable a ddcha r. At this time, in the variable a d d c h a r, the sentence data obtained in the parameter 11 A is set as the high-order pit, and the sentence data obtained in the parameter 11 B is set as the low-order byte.

Then, at S 36, the variable a d d c a r is forced to the encrypted sentence s t r as in the following equation. str = str + a ddcha r-Next, in S 37, the variable addchar is set to the encrypted character code in the decryption table 460 created in FIG. 9, parameter 11 A is position information 1, parameter 11 B is position Set to information 2. As a result, the i-th character of the input sentence IJ is based on pseudorandom numbers and glyph data! / Encrypted. Note that writing to the decryption table 460 is not performed for # ^ that the Bt ^ conversion character code already has.

Also, increment counter i by 1 and return to S 32 to move to the next character of the string. _c

By the above processing, as shown in FIG. 6, the plaintext input by the DB client 210 of the client 2 is converted into the encrypted text lj str by the first conversion unit 500 of the proxy server 4 and is transferred to the database 120. Ru.

Note that the decoding table 460 is acquired by this process. When there is a bribery, 3⁄4m verification is completed, and there is a client 2 currently connected ^, Hff The decryption table 460 that has been linked may be made weekly to this client 2. Alternatively, it may be possible to update ^ "instead of the entire decoding table 460.

Thus, the parameter 1A, IB force, etc. generated by the parameter table generation unit 511 are the same. The second parameters 1 1 A and 1 IB are ^^ using the pseudo random number generation function (hash function RND (X)), and these second parameters 1 1 A and 1 1 B are used as offset values for Bf ^ Graph data 4 5 0 to obtain sentence data. Then, the acquired sentence data is converted into ^ character code.

In S35, the encrypted character code is directly assigned to the variable addchar, but if there is the same 13-character code by referring to the decryption table 4600, a new pseudorandom number is generated and Parameters of 2 1 1 A, 1 1 B and * are good.

Overview of drawing character code>

When the encoding is completed, as shown in FIG. 2, the database 1 200 of the DB server 1 is encrypted within the Bf ^ "ized data 1 30, including encrypted character code, plaintext and numerical values, A decryption table for drawing encrypted character codes is stored in the main memory of the proxy server 4 2 4 6 0 power S。 In addition, the decryption table 4 6 0 is a glyph data corresponding to the encrypted character code, Data is acquired and the font rasterizer 2 0 1 is used, and the character rendering data to be output from the encrypted character code to the display 2 6 or the like is not used to decode the Bf ^ character code into the original character code. To generate

喑 ^ 3⁄4 conversion unit 5 0 0 0 table ^ 3⁄4 5 2 0 When the client 1 2 S obtains the access right to the DBMS 1 1 0 by the user authentication module 4 2 0 with the predetermined ID and password etc. Decrypt Taze 4 6 0 to Client 2 3⁄4

The client 2 expands the decryption table 4 6 0 received from the encrypted font manager 2 5 0 proxy server 4 onto the main memory 2 2 of the client 2. Also, the font rasterizer 2 0 1 of the OS 2 0 0 2 also develops the normal font data 2 3 0 onto the main memory 2 2.

Here, as shown in FIG. 7, the normal font data 230 is composed of a normal character code tape Nore (CM AP) 213 and a normal Darif data 223. Here, the character code tape Nore 2 3 1 is a predefined character code area 2 3 1 0 in which the correspondence between the normal character code and the normal darif data 2 3 2 is set in advance, and the character code prepared for the future character 3 Undefined character code area as a reserved area on the system side which does not define normal glyph data 2 3 2 corresponding to Reserved area) 2321 and an undefined character code area (hereinafter referred to as user ^ ^ area) 2322 in which the correspondence between glyph data and character code can be arbitrarily set in order to heal ^ created by the user. It is assumed that three areas are defined.

For example, it holds UN I CODE as character code; ^, 0000 9 FFF address range defined character code area 2310, A 000 DFFF address range is system reserved area 2321 and E 000 FFFF address The range is user ^ area 23 22.

Here, the B note 匕 character code is stored in the user ^ area 2322 freely available to the user 佃 J. The character range of E000 FFFF in the external character area 2322 is 8192! This number is smaller than the pre-defined character code area 2310. Therefore, in the present invention, the number of 3⁄4 letter code = number of letters is reduced, so that the ciphertext specification table 440 is used. In this user ^ ^ area 2322, there is not enough area to store the encrypted character code ^ the power to use the system reserved area 2321, or Use UNICODE (USC-4).

When the authentication of the client 2 is successful, the B-note number font manager 250 receives the decryption table 460 from the table 3⁄4i 3⁄43⁄45520 of the proxy server 4 and expands it on the main storage 22. Then, the cryptographic font manager 250 writes the B phonetically encoded code of the decryption table 460 in the user external character area 2322. As a result, as shown in FIG. 8, the encrypted character code of the decryption table 460 is copied to the character code of the user's area 2322. In addition, it is desirable that the decrypted tape nore 460 shown in FIG. 6 be sorted as shown in FIG. 8 using the encrypted character code as a key.

When the DB client 210 accesses the DB server 1 through the proxy server 4 and issues S QL to acquire data, the font rasterizer 201 of the OS 200 tries to draw characters. Here, at the time of the DB client 210, the cryptographic font manager 250 hooks the drawing operation of the font rasterizer 201 of the OS 200, searches for the encrypted character code of the user external character area 2232, and extracts the glyph data 450 for encryption. Then phone トラトラーライザー 2 o 1 ^.

That is, in FIG. 7, when the DB client 2 1 0 draws the character code acquired from the database 1 2 0, the encrypted font manager 2 5 0 draws the character code to be substituted for the font rasterizer 2 0 1 (hereinafter referred to as Get drawing character code) and search user's area 2 3 2 2. -

For the age in which the user-defined area 2 3 2 2 had the octalized character code corresponding to the drawing character code, the encryption font manager 2 5 0 refers to the decryption table 4 6 0 and the encryption code corresponding to the drawing character code Obtain the location information 1 and chain 2 of the conversion character code.

Then, ^ ^ encrypted character code obtained from the font rasterizer 2 0 1 according to the number of parameters. In this difficulty mode, there are two parameters, and the encrypted character code is two pits. Therefore, the upper byte is divided into one by one, the upper byte is associated with the first parameter (position information 1), and the lower byte is the last. Correspond to the parameter (position information 2). The data of the upper byte and lower byte is the statement ^ data acquired by parameter 1 1 A and the statement ^ ^ data acquired by parameter 1 1 B at Bf ^ conversion.

Then, the upper byte of the encrypted character code is associated with the position information 1 and the value of the lower bit and the position information 2 as a key, and the value of the upper bit is included in the number of bytes of the position information 1, and the lower not The value of is read at position '数 2 byte count of Darifu data for ^ 喑 No. 4 5 0.

For example, _f drawing character code was "8 5 A 3 h"; ^, encrypted font manager 2 5 0 is the user ^ ^ area 2 3 2 2 encrypted character code to drawing character code-Sr T Check. Since the user external character area 2 3 2 2 contains “85 A 3”, the Cipher Font Manager 2 5 0 refers to the decoded tape No. 4 6 0 and positions “8 5 A 3 h”. Information 1 = Get “5” and information 2 = “3 0”.

Next, the cryptographic font manager 250 has the value of the upper byte “85” of the encrypted character code at the “5” pit corresponding to the position “赚 1”, and the “3 0” corresponding to the location information 2バイト [B] Search for Darif data for encryption 4 5 0 with lower byte "A 3" of B character encoding character code. For example, in the example of the Darif data 4 50 for encryption shown in FIG. Extract the glyph data with the value "85" in the address 2 0 0 5 h and the value "A 3" in the address 2 0 3 O h. In addition, when searching for the glyph data for encryption 450, if the smaller value of the position information 1 or the position information 2 is detected, the number of scattered pits of the position '1 * # 1, 2 from this pitt number If there is a value corresponding to the position information of »at the position of, it can be judged as the Darf data for Bf ^ that corresponds to the encrypted character code. That is, the Darif data force S search result including the B phonetic character code in the address satisfying the relative relationship of a plurality of position information is obtained.

That is, since the B-phoneized character code is composed of a part indicating the shape of the character, it is possible to read the value of the encrypted character code from the relative address of the parameter I before the encryption. You can search for Darif data.

The head of the extracted glyph data for a symbol 5 4 5 0. (ϋ 1 2 0 0 h) Force until the end of the glyph data is the Darif data of the encrypted tfc character code “85 A 3 h” The crypto font manager 250 gets. Thus, in this example, the phon ten manager 250 has acquired the "A" glyph data. Note that the end of each glyph data is a code (for example, FFFF h) indicating the end is set in advance S. If the head address is calculated back from position information 1, the number of bytes of glyph data to be acquired I understand.

Thus, the encrypted font manager 250 that has acquired the darif data corresponding to the encrypted character code passes the darif data corresponding to the B-phoneized character code to the font rasterizer 201 to execute drawing. Note that the cryptographic font manager 250 converts or expands the acquired glyph data into a font format (for example, TrueType, etc.) to be used by the font rasterizer 201, then the font manager 250 into ^. It may be T.

Since the age in which the drawing character code is not in the user area 2 3 2 2 is normal font data, the encrypted font manager 2 5 0 returns the drawing process to the font rasterizer 2 0 1 and performs a normal drawing process. Note that DB client 2 10 has not been started ^ ^ Proxy server 4 has been recognized and verified successfully, but the certificate font manager 2 5 0 does not hold, and font rasterizer 2 0 1 is normally used. Draw using data 2 3 0.

Thus, the drawing of the flf ^ character code is normally performed using font data 2 3 0 OS 2 0 0 The font rasterizer 2 0 1 is encrypted and the font manager 2 5 0 is hooked to pass on glyph data.

Note that characters (or sentences are converted by FEP 220 or are not converted by FEP 220) are drawn using normal font data 230 by font rasterizer 201, and display 2 The character or sentence ^^ input from the DB client 2 1 0 is output to the proxy server 4 as it is in plain text, and the proxy server 4 transmits the data “0”. After being encrypted with 0, it is stored in the database 1 2 0. Therefore, when entering, the B note font manager 2 5 0, encryption darif data 4 5 0, decryption tape nore 4 6 0 is a machine. N.

In the present invention, the OS 2 0 0 and the font rasterizer 2 0 1 do not recognize the encryption glyph data 4 5 0 as font data. Then, when the decryption table 4 6 0 downloaded from the proxy server 4 and the glyph data for encryption 4 5 0 S 力力, 、, フォント font manager 2 5 0 are working (in this example, DB client 2 Only the difficulty of 1 0) can draw the encrypted character code, and the other ^ becomes a meaningless character string because it draws the B phonetic character code as it is with the font rasterizer 2 0 1. Therefore, even if the encrypted character code obtained from the database 120 is copied, it can not be used as it is, so extremely high security can be secured. In addition, when using database 120, it is possible to eliminate the need for a person monitoring client 2 users, and it is possible to increase the cost of handling 'ftfg' which has high security such as personal information.

Also, the decryption table 46 can be downloaded from the proxy server 4 to the client 2 only when the authentication of the proxy server 4 is completed. Thank you. For this reason, when the client 2 stops, the decryption table 4 6 0 is deleted from the main memory 2 2, and the decryption table 4 6 0 can not be downloaded from the proxy server 4 to the client 2 until authentication of the proxy server 4 is completed. . Therefore, the decoded tape on the main memory 22 can not be ^ f on a line, and high security can be ensured. In addition, there is no key generation associated with encryption between the proxy server 4 and the client 2, no information leakage associated with the key «further The operation can be a crane, as there is no processing such as decoding.

Furthermore, if you add Proxy Server 4 to existing database 120 and plug in DB client 2 1 0 as 1 ^ · font manager 2 5 0, you do not need to set up the system. You can ^^ for advanced cryptographic systems inexpensively. Also, since the D client 2 210 can execute a general browser ^ ffl, a special application for using the database 1 2 0 can be eliminated. Therefore, if it is an application that can use the cryptographic font manager 250 as a plug-in for IJ, the system of the present invention can be used. For this reason, it is possible to use in a wide range of fields as well as the above database system, as long as it is a system that has a statement such as a WEB server or a mail server. '

FIG. 11 is a flow chart showing an example of the process of drawing the encrypted character code performed by the encrypted font manager 250 of FIG. This flow chart is to be repeated at a predetermined cycle (for example, several msec).

In S 50, it is determined whether the DB client 2 1 0 is being executed. In S 5 1, it is determined whether the font rasterizer 2 0 1 S has been started. Execute the processing after step S 52 when the DB client 2 1 0 0 is in the section and when the font rasterizer 2 0 1 starts drawing, otherwise end the processing.

In S 5 2 font rasterizer 2 0 1 force S Get the character code to draw, and in S 5 S, this character code will be: 1⁄2 in the user 胖 area 2 3 2 検; In order to do so, it is determined that the character code to be displayed is an encrypted character code, and the flow proceeds to S54. Since the acquired character code is not in the user ^^ area 2 3 2 2 ^ is a plaintext character code, the process proceeds to S 50 and returns control to the font rasterizer 2 0 1 as it is.

In S 54, the decoded tape No. 4 600 is referred to, and the acquired character code (B-phoneized character code) is obtained. Obtain parameters 1 1 A, 1 IB (location information 1, 2). In S 5 5 ^ ^ encryption character code according to the number of parameters. Here, as in _b3⁄4E, since the B-coded character code is 2 bytes and the parameter is 2 pairs, the upper digit of the encrypted character code is associated with the parameter 1 1 A that is position '[f3⁄4 1, The lower pit is associated with the parameter 1 1 B which becomes the position '2.

In S 56, the upper bite and lower bite S position “隨 1, 2” are compared from the Darrief data for cryptographic use 4 50 and the glyph data in positions 1 and 2 are checked. In S57, if there is the glyph data at the position of upper byte and lower byte force S position information 1 and 2, the process proceeds to S58, otherwise the process proceeds to S50.

Then, at S 58, the glyph data corresponding to the search result is acquired, and at S 59, this Darif data is sent to the font rasterizer 201. Then, at S 60, control of the character code seedling is returned to the photon rasterizer 2 0 1, and the processing is ended.

By the above processing, the font rasterizer 2 0 1 processing is hooked, and the font manager 2 5 0 acquires the darif data, and the font rasterizer 2 0 1 ^ "Bf ^" converted the character code It is possible to render encrypted character code without converting it to character code etc.

In the above-mentioned first form, an example is shown in which the glyph data for encryption 4 5 0 is encrypted in advance to the client 2, but when the authentication of the client 2 is completed by the proxy server 4, the tee It is also possible for Puno ^^ 2 2 0 to send encryption glyph data 4 5 0 and decryption table 4 6 0 to client 2. By expanding the decryption table 460 and the glyph data for encryption 450 on this main memory 2 2 of the client 2's main memory, the bell power of the data necessary for the decryption S becomes more difficult, and high security can be achieved. It can be secured. '

In addition, the decryption table 460 created in S 2 2 in the above FIG. 9 is the parameter 1 A and IB acquired from the parameter table 4 320 created in S 18, and the encrypted text No Tape 4 4 0 characters The processing of S3 4 to S 3 7 in FIG. 10 above may be performed in numerical order to set the parameter 1 1 A, 1 IB, and 6-character code. This: tj ^, above figure 10 of the encryption process of S 3 7 in decryption series 4 of 6 0: There is no need to do gff, all decryption character code and Noramé to the client 2 It is possible to outperform the decoded tape tape 4600 including data 1 1 A, 1 IB.

In the above-described first embodiment, an example is shown in which one pseudo random number generation function (hash function) RND (X) is used to obtain parameters 1 A, 1 B, 1 1 A, and 1 IB. A plurality of pseudo random number generation functions may be used. For example,

1 A, 1 1 A = RND 1 (x)

1 B, 1 I B = RND 2 (y)

As described above, security can be further improved by using different pseudo random number generation functions for each parameter corresponding to the upper byte and lower byte of the encrypted character code.

Here, the pseudo random numbers in the pseudo random number generation unit 530 of the present invention utilize the same random number every time the pseudo random number generation function has the same value (initial value).

In the above form, pseudo random functions are generated by giving a predetermined initial value to the pseudo random function. Next, the next pseudorandom number is obtained using the obtained pseudorandom number as a parameter. In this way, n pseudo random numbers are obtained by making the necessary times ^ "" jump. Therefore, it is possible to obtain the same pseudorandom number even if the pseudorandom number itself is not recorded if the number of pseudorandom numbers generated is recorded. In addition to this, you may generate as many parameter values as you need by using pseudo-random functions. This age is obtained, for example, by pseudorandom C ^ synthetic functions A and B that generate different pseudorandom numbers to obtain the required number of pseudorandom numbers. Pseudo random number «Function A is a pseudo tongue L» function for parameter generation. Pseudo random function B is pseudo random → ^ function A pseudo random number obtained by A is used as a parameter to take an actual encryption code. Can be a Bf ^ acquisition code to

Further, an example of generating a plurality of encryption patterns in S1 and S6 of the parameter tape / record creation processing of FIG. 9 will be described below.

Figure 12 shows that the number n 1 of encrypted patterns to be created is 1. In the first encryption pattern, parameter table 4 3 0 1 is created with parameter 1 A, IB, and in the second and third encryption patterns, parameter table 2 A, 2 B, parameter 3 A, 3 B to parameter table 4 3 0-2 Create 4 3 0-3. If the symbol acquisition code is generated with each parameter table 4 3 0 _ 1 – 1 3 from the glyph data of the character “A” of the number = 2 shown in FIG. Code acquisition code from 4 3 0 -1 = 8 8 6 B h Force meter parameter Nore 4 3 0 2-Force obtained by 2 power encryption code = 9 8 E 0 h Force Parameter table 4 3 0-3 Code acquisition code from 3 0-3 = 8 9 8 9 h is generated. Each parameter table 4 3 0-1 to 3 and the code acquisition code of each character A decryption table for each Bf ^ pattern 4 6 0 -1 to 1 3 is also ^ 3⁄4.

—Having multiple parameter tables for one glyph data: For example, by switching the encryption pattern to be used for each of the database 1 2 0 fino reeds, more secure encryption can be achieved. ^ ^ Can be.

In the above first form, the first parameter 1 A, 1 B and the second parameter 1 1 A, 1 IB are used to show an example of generating a Bf ^ converted character code from data. However, as a simpler method, the first parameter 1 A, using the encryption acquisition code obtained from IB as the encrypted character code, parameter table 4 30 parameter 1 A, IB and the encrypted character code It is also good that the corresponding decoding table 4 6 0 is generated. In the decoding process of the plaintext shown in this ^ \ figure 10, it is sufficient to omit S 34 and replace the pseudo random number of S 35 with parameters 1 A and I B. As shown in FIG. 5, an example using the whole of the glyph data for ^ as shown in FIG. 5 is shown, but as shown in FIG. 20, a glyph of one character is used. The data may be divided into grid-like sections, and each section may be partial encryption glyph data. Then, at the time of generation of the encryption acquisition code and the encryption character code, partial darif data may be extracted from the data of the section set in advance. Alternatively, instead of the section, as shown in FIG. 21, the element of glyph data may be extracted, and the encryption acquisition code and the encryption character code may be acquired from the data of this element.

In addition, if glyph data for encryption 4 is an outline data, it is possible to use outline coordinate values, moving distance of coordinates, etc., or compose Darif data such as point, carp point, tangent point, etc. You may use the numbers, coordinate values, and moving distances of each character, and elements such as the number of elements that make up the character (elements that make up the character, such as letters and letters) or the total number of outlines You may use the area of the element. In addition, if the cryptographic darif data 4 5 0 is a bitmap, the number and order of bitmaps can be used. As described above in FIG. 20, the part line data or bit map data may be data obtained by further dividing the entire win where the character fits, and being contained in one or more of the divided sections.

In addition, as long as the number of strokes, the total extension of the outline, the stroke order, and the data that can be attached with characters such as reading, the data can be used as the data of the encrypted acquisition code or the encoded character code source. And these data can be combined to generate a combination of.

Second weave form>

FIG. 13 shows the second trap form, and the parameter table ^ 3⁄4⁄4⁄4⁄4⁄4⁄4⁄4⁄4⁄4⁄4⁄4⁄4⁄4⁄4⁄4⁄4⁄4⁄4⁄4⁄4⁄4⁄4⁄4⁄4⁄4⁄4⁄4⁄4⁄4⁄4⁄4⁄4⁄4⁄4⁄4⁄4⁄4⁄4⁄4⁄4⁄4⁄4⁄4⁄4⁄4⁄ process of proxy server 4 shown in the first disliked form is bypassed each time authentication of client 2 succeeds. The parameter table 4 3 0 and the command table 4 6 0 are deleted when the connection of the is disconnected. The other configurations are the same as in the first embodiment.

FIG. 13 is a timing chart showing the relationship between the processing performed by the client 2 and the processing performed by the DB server 1, centering on the processing performed by the proxy server 4.

First, at time T1, the client 2 starts up the DB client 210 at client 2. At time Τ2, the DB client 210 needs user authentication of the proxy server 4 user authentication module 20. This authentication can use ^! 'S method based on the user's ID and password.

If the user of the proxy server 4 or the certification module 420 is correct, the authentication request from the client 2 is correct, and at time 3, the authentication completion is sent to the conversion unit 500.

The dark “^” conversion unit 5 0 0 that has received the end of the comment generation generates a parameter table 4 3 0 in the main memory 4 2 2 at time Τ 4 in the same manner as the first modification. The dark 変換 conversion unit 5 0 0 ife ^ T on the main memory 4 2 in the same manner as in the first difficulty mode at time Τ 5 in the same manner as the first difficulty form.

When the decryption table 4 6 0 is ^^, the time Τ 6 変換 conversion unit 5 0 0 tapeno 5 2

0 says client 2 ^ table 4 6 0 that authentication is complete. The client 2 receiving the decryption table 4 6 0 sets the encrypted character code of the decryption table 4 6 0 in the encryption font manager 2 5 0 in B Tera T T 7 in the user's IS area 2 3 2 2 and decrypts it. Set the character code to be drawable.

Then, after time T 8 after setting of the Bf ^ font manager 250 data S decryption table 460 is complete, the Bf ^ character code from the DB server 1 can be displayed on the client 2.

At time T 8, client 2 DB client 2 10 issues S Q L to proxy server 4. If the packet trap section 4 1 0 is a user who has completed the authentication, the proxy server 4 sends the received S Q L statement to the D B server 1. When 30 sentences are received, 0: 6 server 1 searches DBMS 1 1 0 for database 1 2 0. D BMS 1 1 0 is a search result including encrypted data 1 3 0 at time T 9 Is sent back to proxy server 4. Packet track of proxy server 4: 7 ^ 4 1 0. Client 2 ^ ^ requesting reply from DB server 1

In the client 2 receiving the reply from the DB server 1 from the proxy server 4, the DB client 2 1 0 instructs the font rasterizer 2 0 1 to search results including encrypted data 1 3 0 at time T 1 0. At this time, as in the case of the 1st mode, the B note font manager 250 hooks the drawing difficulties of the fontrizer 2 0 1 and the Japanese character code is present in the character code to be drawn. For example, the drawing data is extracted from the glyph data for encryption 2 4 0 and the font rasterizer 20 1 3⁄41 ~. The font rasterizer 201 outputs a character to the display 26 with the drawing data of the encrypted character code received from the encrypted font manager 250. Each time the DB server 1 receives an S Q L statement reply from the DB server 1, the client 2 repeats the process of T 10 above. When the client 2 performs a manual S on the database 1 2 0 at the client 2, D at the time T 1 1

The B client 210 sends the input data to the proxy server 4 as it is. The packet trap section 4 1 0 that has received an input input to the database _{1 2} 0 determines whether the field in which the input was made is an encrypted data. If it is the habit of B sound conversion, the packet trap unit 4 1 0 sends the received plaintext to the conversion unit 5 0 0 at time T 1 2.変換 In the conversion unit 500, the plaintext is converted to the encrypted character code based on the parameters of the parameter table 430, as in the tffffS first difficulty mode, and sent to 08 server 1. In FIG. 2, the No. 5 conversion unit 5 Although 0 0 displayed to DB server 1 as 3⁄4 data including encrypted character code, B sound “3⁄4 conversion unit 5 0 0 is knocket trap ⁰ 3⁄44 1 0 Encrypted character code to 0 0 -Also, if the input field is not encrypted, the data received from the client 2 will be transferred to the DB server 1 as it is. At time T13, the DB server 1 receives data from the proxy server 4, and the DBMS 110 transfers the data to the database 120. Thus, the data strength S is input by the client 2. Each time, the proxy server 4 converts the character code into the encrypted character code as necessary and sends it to the DB server 1, and the DBMS 1 10 repeats the process of transmitting the data to the database 1 20. Next, at time T 14 client 2 is the proxy server Break the connection with 4 ^ 1 ". Disconnection with proxy server 4 is termination processing of DB client 2 10 and termination of client 2. '

When the connection with the proxy server 4 is disconnected, the cryptographic font manager 250 erases the decryption table 46 6 on the main memory 2 2. In addition, to download Darif data for encryption 4 5 0 from the proxy server 4 ^, the Darif data for encryption 4 5 0 is also deleted from the two clients.

Since the data for drawing the encrypted character code is lost on the client 2 due to the deletion process of the font number font manager 250, it is assumed that the encrypted character code is stored on the client 2 Also, encrypted character code can not be displayed as a significant sentence ^^ until authentication with DB client 2 0 is successful. As a result, a high degree of security can be secured without changing the configuration of the database 120.

The processing up to time T15 is the same as in the t & fS first base form, and the processing of the proxy server 4 after time T16 to be described next differs from the fit self first ^ type.

When the authenticated client 2 disconnects from the proxy server 4, the bucket trap unit 4 1 0 notifies the dark “^” conversion unit 5 0 0 to contact removal. The detection notifies the end of processing to the DB server 1 when the DB client 2 1 0 ends. 4 packet track: 73⁄44 1 0 can detect disconnection when it receives this notification.

Upon receiving the notification of conversion and removal, the dark conversion unit 5-0 deletes the parameter table 4 3 0 on the main memory 4 2 and the decoding table 4 6 0 respectively. Then, the parameter table 430 and the third table 464 are not generated until the authentication of the client 2 is completed next. As a result, even if the proxy server 4 is malicious SfiA, as long as there is no parameter table 4 3 0 No. Tape No 4 6 0, there is no relation between the encrypted character code and the encryption Darif data 4 5 0 It becomes extremely difficult. '

As described above, the proxy server 4 in addition to the client 2 detects that the client 2 does not access the DB server 1 and deletes the decoded tape No. 4 6 0 and the parameter table 3 0 from the storage 4 2 As a result, drawing of encrypted character code or taking of drawing data becomes extremely difficult even in the proxy server 4 in addition to the client 2. 'This enables high security to be secured on both the client 2 side and the proxy server 4.

When a plurality of clients 2 access the DB server 1 via the proxy server 4, the deletion process may be performed when there are no clients 2 connected to the proxy server 4.

Third difficulty form>

Figure 14 shows the third type of difficulty, the first type of encrypted font manager 2 5 0 and Ο S 2 0 0 font rasterizer 2 0 1 instead of the DB client 2 1 0 dedicated encrypted font A rasterizer 260 is provided. The other configuration is the same as that of the first embodiment.

The No. font rasterizer 2 6 0 is installed on client 2 as a plug-in for DB client 2 1 0.

In addition to the functions of the font font manager 250 of the first embodiment, the font rasterizer 2 60 has a function of drawing characters based on glyph data and a function of drawing plain text. To It is

The encrypted font rasterizer 260 sets the encrypted character code of the decrypted tape No. 4 6 0 to the user ^^ g area 2 3 2 2 in the same manner as the font manager 2 5 0 of the first embodiment of fillS. Then, if the character code which instructed the DB client 210 force S drawing is in the user's spleen area 2222, it is judged as an encrypted character code, and as shown in the Itit S first mode, for the B note Search glyph data 4 5 0 and get glyph data. Then, drawing is performed based on the acquired glyph data, and output to display 26.

On the other hand, since the character code for which drawing command was given from the DB client 210 is plain text if it is not in the user's area 22032, it is normal font tape Noret 230 to obtain Darif data and _h3⁄4! ₀ to do drawing

In this way, by operating the No. 2 font rasterizer 2 6 0 that renders plain text and encrypted character code without depending on the font rasterizer 2 0 1 of the OS 2 0 0, the OS can It is difficult to draw the encrypted character code without being affected by the version or the version.

Fourth male form>.

Figure 15 shows the fourth font form, the first font form day font manager 2 5 0 glyph data for the encryption 4 5 0 drawing of the Darif data to be drawn by the proxy server 4 drawing It moved to data ^^ 5 0.

Packet track of proxy server 4: 1 0 is a client when data from DB server 1 to client 2 is received, and B is also converted to B 3 0 4 0. Encryption conversion unit 5 0 0 is Data from DB server 1 has encrypted character code. Transfer to drawing data. 3⁄4 5 5 0 force Daref data for encryption 4 5 0 Get glyph data from 0 and encrypt font manager 2 for client 2 50, "" . At this time, the drawing data ^ t3⁄5 5 0 obtains the encrypted character code from the decryption table 4 6 0, and the cipher sends the character code and the glyph data as a pair to the client 2. The procedure for controlling the glyph data for encryption from the B-phoned character code 450 is performed by the proxy server 4 in the processing of the font manager 250 of the first embodiment. Client B's B note font manager 250 'hooks the operation of the rasterizer 201 when it issues a DB client 210 force S drawing command to the rasterizer 201. Then, Darif data corresponding to the encrypted character code received from the proxy server 4 is passed to the font rasterizer 2 0 1 so that the drawing of the character is delayed.

According to this fourth difficulty mode, there is no need to store the decryption table 460 or the Darif data for No. 4450 in the client 2, and it is only necessary to draw the received Darif data for the encrypted character code. For this reason, even if the data in the client 2 is broken early, it becomes more difficult to obtain the relationship between the encrypted character code and the glyph data for B note 45. Security on the side can be further improved.

5th toe form>

Figure 16 shows the fifth form, and the proxy server 4 of the first difficult form is used as an Application Service Provider (ASP) on Internet 300! The rest of the configuration is the same as the first one.

Referring to FIG. 16, the DB server 1 is connected to the in-house LAN 30 via the WE B server 5. DB server 1 executes database 1 2 0 including encrypted data 1 3 0 in the same manner as in Fig. 1 2 in the ffiia 1st male form, and connects to in-house L AN 3 0 with WE B service 6 as the front end. ^ ^ Database 1 2 0 on client 2 Also, the corporate LAN 30 is connected to the ASP proxy server 4 via the Internet 300.

Communication between DB server 1 and client 2 is performed via WEB server 5 and proxy server 4. The decrypted tape No. 4 60 is sent from the proxy server 4 to the client 2 whose authentication has been completed.

The access of the database 1 2 0 requested by the client 2 DB 2 0 1 0 is performed from the WEB server 1 to the client 2 via the proxy server 4 of the ASP. On client 2, encrypted character code is drawn by encrypted font manager 250 in the same manner as in the first embodiment.

The data entered in DB client 2 1 0 is sent to the proxy server 4 and is in plain text Is encrypted as needed. Then, the WEB server 1 is converted from the DB server 1 to the DB server 1 as a tripled data 1 3 0 including the encrypted character code, and is made to the database 1 2 0.

This ^, the company LAN 30 database system encrypts the contents of database 120 of DB server 1 as needed, and encrypt font manager 2 5 0 as a plug-in to client 2 DB 2 210 Install it. Then, the communication path between the client 2 and the DB server 1 is set by the WEB server 1 so as to pass the proxy server 4 on the Internet 300.

In this case, by using the proxy server 4 as a service on the Internet 300 without introducing the proxy server 4 into the company LAN 30, it is possible to construct a database system with high security.

Note that communication such as SSL or VPN can be used between the internal LAN 30 and the proxy server 4 of ASP, and security is secured for plaintext data transferred from the client 2 to the proxy server 4. be able to.

6th row form>

Figure 17 shows the sixth type of difficulty, in which the mm 5 difficult form DB server 1 is made to use Application Service Provider (ASP) on Internet 300, and the other configuration is Same as 6 mm.

In Fig.17, ASP sends service of both DB server 1 and proxy server 4 to client 2 to reduce the cost of installing and operating the in-house database system, while reducing the cost of installing and operating the in-house database system. A high level of security can be secured on both DB servers 1.

<The seventh difficulty form> '

Fig. 18 shows the seventh HSfe configuration, in which the proxy server 4 of the third embodiment is replaced with the network dongle 6 connected to each of the clients 2. The other configuration is the same as that of the third embodiment. It is.

Network dongle 6 is connected between corporate LAN 30 and client 2 and authenticates the user, encrypts the statement sent from client 2 to DB server 1, and sends it to client 2 Perform of drawing data. For this reason, the network dongle 6 has the functional elements of the proxy server 4 shown in FIG.

In other words, the network don-no-le 6 is: bucket 3) 44 1 0, user recognition 4 2.0, dark "^" conversion unit 5 0 0, glyph data for encryption 4 5 0, B note text ^ ^ constant tape no 4 4 0, parameter table 4 3 0, decryption table 4 6 0, code table 4 7 0. In this example, each client 2 accessing DB server 1 needs a network dongle 6 And access from client 2 not connected to network dongle 6 can be excluded.

The network dongle 6 may be configured with the same functional elements as the proxy server 4 of the first embodiment.

Eighth «state ff>

FIG. 19 shows the eighth embodiment, in which the encryption glyph data 450 shown in the t & lB-th embodiment is included in the portable storage medium 7, and the other configuration is the same as that of the first difficult embodiment. is there. The portable storage medium 7 is composed of portable nonvolatile memory such as USB memory, and 8 glyph data 450 are glued in advance. In order to access DB server 1 and display the character code in Bf ^ on client 2, it is necessary to connect client 2 to client 2.

Even if DB client 2 1 0 and Bf ^ font manager 2 5 0 power S ^, encryption glyph data 4 5 0 can not display encrypted character code of database 1 2 on client 2 .

That is, even if the authentication information S in the proxy server 4 leaks, the image storage medium 7 can be used as a physical key of the database 120, and high security can be ensured.

Figure 22 shows the ninth form, and the encryption glyph data 4 50 of the proxy server 4 shown in the first form 1⁄3⁄4⁄4 form, B note text ^ fixed tape note 4 4 0, parameter tape note 4 3 0 , User authentication module 4 20 0, 4th mode dark conversion unit 5 0 0 and encrypted font manager 2 5 0, to the silent storage medium 7 Tsuruuchi, DB server 1 instead of encrypted character code Data that contains It is equipped with the stored Faino 1 ^ B.

The file server 8 stores files such as calculations including encrypted data in the same manner as the database 120 in the first form of iilB, and the client 2 can read and write via the network 3 in the same manner as the first embodiment. It has become.

The client 2 is capable of learning the same as the 'fakeB 8th key form'. In addition to the glyph data 4 5 0 for the 8th male form in the writable storage medium 7, the B sound “^ conversion unit 5 0 0, the text determination table 5 0 0 in the proxy server 4 according to the 8th embodiment of the ffllB eighth embodiment 4 4 0, parameter tape no 4 3 0, user authentication module 4 2 0 and client 2 font manager 2 5 0, force S 攝.

Connect the removable storage medium 7 to the client 2 and ^ ff the user authentication module 420. User authentication module 4 2 0 3 1 3 4 E To be recognized as a valid user, load Bf ^ conversion unit 5 0 0 and encrypted font manager 2 5 0, into memory 2 of client 2 Write character code and encrypt plaintext. Here, the client 2 executes a client application 2 1 0 'that processes など calculation, etc., and the font manager 2 5 0' and the conversion unit 5 0 0 are the plug-ins of this client application 2 1 0 '. I am good at it.

The function g of the font manager 2 5 0, and the 5 conversion unit 5 0 0 is the same as that of the 3 ⁄ 43⁄4⁄4 form, and based on the ciphertext determination table 4 4 0 and the pseudo tongue number generation unit 4 3 0 The decryption table 4 6 0 is generated on the memory 2 2 of the client 2. Then, the encrypted character code file of the encrypted data 130 read from the file server 8, the encrypted font manager 250, the force S drawing data is passed to the font rasterizer for drawing. The plaintext input to the client application 2 0 1 is converted into an encrypted character code by the encryption conversion unit 5 0 0 and stored in the file server 8.

Then, when the client application 2 0 1 1 ends, the decryption table 4 6 0, the encryption font manager 2 5 0 ', 喑 "Replacement unit 5 0 0 is erased on the memory 2 2. File again. When using 8-bit data 1 3 0 of server 8, the above user authentication module 4 2 0 The authentication will be done by loading the above modules. As described above, the encryption of the characters of the present invention and the drawing of the encrypted character code can be performed in one measure by storing each module in the storage medium 7.

The user authentication module 420 may be stored on the client 2 side. Modification 1>

In the first situation, the decoded tape No. 4 60 was generated based on the Darif data 4 50 for the symbol, but not shown, a table composed of arbitrary numerical values (for example, a pseudo random number table) Are set in advance, and the relationship between this numeric table and glyph data for encryption 450 is associated. Then, parameter table 4 3 0 and code table 4 6 0 are generated based on the values of the disgusting number table. When converting this # ^, glyph data for encryption 4 60 into drawing data, the power required to set a pre-set numerical table can further enhance the secrecy of the encrypted character code. 'Industrial availability

According to the present invention, information is leaked to the outside from both the client side and the server side by applying the present invention to a computer system in which the data input on the server side is displayed and input by the client and the data input on the server side is applied. You can build a cryptographic system that can prevent

Claims

The scope of the claims

1 · A method of character encryption that encrypts the characters entered in the first total »

A process of reading an encryption character code for a character set in advance as an f-comcode, and a process of generating a pseudo-random number for each first character code and setting it as a first parameter.

tilB encryption A process of selecting Darif data for encryption corresponding to each character code;

Processing of extracting data from the position of the glyph data corresponding to the value of the first parameter;

Processing that the extracted 3⁄4 m data is used as a code to be acquired in the code table, and

A process of storing, in the parameter table, a first parameter corresponding to the self-cipher code acquisition code, a process of acquiring a first parameter corresponding to the character that has been hate-filled,

tfrt processing of setting a pseudo random number based on the first parameter acquired by itself as a second parameter

A process of selecting glyph data for encryption corresponding to the input character;

processing for extracting sentence ^ 敫 data from the position of the lift own glyph data corresponding to the value of the lift own second parameter;

tilt the process of setting the sentence «data himself extracted _f as encrypted character code,

Processing of associating the self-ciphered character code and the self-secondary parameter in a decryption table;

The character's Noun method that is considered to include.

2. In the character encryption method according to claim 1,

The process of reading the proper character code of 肅 is

A character encoding method characterized in that it includes a process of setting a character code corresponding to a character that can be configured as a character code among the characters that need to be encrypted as a character code in a cipher specification table.

3. In the encryption method according to claim 1,

The process of generating a pseudo random number and setting it as the first parameter is

A process of substituting a predetermined initial value into a pseudo random number generation function set in advance and performing pseudo random number ^ 3⁄4 and t & IB pseudo random number are set as the first parameter, and this first parameter is set to the Ifil SB tone coded character code Process to associate and in-process,

^ Of the letter that is to be taken to include.

4. Claim numbering according to claim 1: ^ in the ',

The process of extracting the sentence ^ M data from the position of the tflt self glyph data corresponding to the value of the flit self first parameter

determining the position corresponding to the offset from the start address of the lift self-glyph data using the value of tiilB as the first parameter as an offset;

Processing for setting glyph data extracted by a predetermined number of bytes from a position determined as a sentence data

A method of zeroing characters that is supposed to contain.

5. The third aspect of claim 1 ^

The process of extracting the character «data from the position of the lilt self glyph data corresponding to the value of the tilt self second parameter is

A process of determining a position corresponding to the offset from the start address of the Darif data using the value of the first parameter as an offset;

Setting Darif data extracted as many as a predetermined number of bytes from a position determined to be disgusting as sentence ^ # 3⁄4 data;

A method of character encryption that is to be considered as including.

6. In the encryption method according to claim 3,

文字 A character encryption [^ method, which has multiple pseudo random number generation functions and uses multiple pseudo random numbers generated for each pseudo random number generation function as the first parameter.

7. In the encryption method according to claim 6, The process of extracting sentence data from the position of tins glyph data corresponding to the value of parameter e 1 is as follows:

a process of determining, from the start address of the tiff-self glyph data, a position corresponding to the ΙΐίΙΗ-offset by using the values of the first parameter of the tiff-self as the first set;

ItilB ^ The process of outputting the disgusting Darif data by the preset number of pits from a plurality of fixed positions;

lift A method of character encryption that makes it difficult to include multiple self-extracted glyph data; setting a combined value as sentence m data.

8. Claim to claim 6 and leave,

The process of extracting the sentence ^ a data from the position of the Darf data corresponding to the value of the disgust second parameter is.

SiriE Multiple values of the second parameters of the SiriE are used as offsets, and processing to multiply the position corresponding to Tsurumi offset from the start address of the tiffs Darif data,

処理 Process to output littering Darif darif data by the preset number of bytes from a plurality of revised positions,

A method of character encryption that includes a value obtained by combining a plurality of self-extracted glyph data and setting it as a sentence data.

9. Bf ^ "conversion according to claim 1; ^ in the past,

The process of compiling the self-extracted sentence ^ m data into the encryption code table as the Bt ^ acquisition code is

There is no duplicate code acquisition code in the code code table: In the statement ^ [Data is stored in the code code table as code acquisition code

In the case of duplicate code acquisition code in the code number code table, a character encryption method in which pseudo random numbers are generated again to acquire the first parameter.

1 0. Encryption according to claim 1 ^ ^

The process of storing the first parameter corresponding to the encryption code acquisition code in the parameter table is tOfB A method of character encoding that makes it difficult to include the process of deleting the symbol code table after compiling the first parameter of the tillB parameter into the parameter table for all characters to be encrypted.

1 1. The drawing of an encrypted character for drawing a character by the second calculation from the ^ conversion character code according to claim 1

The process of authenticating the second total »to the first total» and

A process of obtaining a decryption table from the first measure after the completion of the second measure by the second measure, and a process of receiving a character code from the first measure by the second computer.

The second difficulty is the process of determining whether the received character code is an encrypted character code or a plain text.

Self-accepted ^: When the character code is the encrypted character code, the sum of s 2 «gets the second parameter corresponding to the encrypted character code from the decryption table,

The second measure takes the value of the second parameter as the position '赚 of the encryption glyph data, and searches for the glyph data for the code having the value of the encrypted character code in the address corresponding to the position † f 3⁄4 Processing and

A process of taking Darif data corresponding to the encrypted character code from Darif data which the second total 2⁄4 has snooped;

Is this your first time? Processing of drawing glyph data acquired by ttif

How to draw encrypted characters that contains

1 2. A method of drawing encrypted characters according to claim 1 1, wherein

A process in which the second hardship searches for the Darif data for encryption having the value of the encrypted character code in the address corresponding to the position if 3⁄4 with the value of the second parameter as the position 'If # of the encryption glyph data Is

Using the value of the second parameter of the second parameter as an offset, check whether the character code value is included in the address corresponding to the offset from the open address of the glyph data of the secret encryption. How to draw an encrypted character that uses as a glue.

1 3. Drawing of the encrypted character according to claim 1 2;

The process of acquiring Darif data corresponding to the character code from the glyph data that the second total of 嫌 has searched is:

tiilEl ^ Drawing of encrypted characters that extract from the opening address of the encryption glyph data including the value of the character code to the ending address as glyph data corresponding to the encryption character code.

1 4. Drawing of the encrypted character according to claim 1 1;

The second parameter power S is composed of a plurality of pseudo random numbers, and the dislike encrypted character code is composed by combining Darif data corresponding to a plurality of pseudo random numbers,.

The second leg selects the Darf data for encryption having the value of the encrypted character code in the address corresponding to the position ', using the value of the second parameter as the position information of the glyph data for index. Processing is

The process of processing the character code of Hit 己 Β Β according to the number of the tfjf second parameter, and

To address the relative relationship of multiple values of m 2 parameters,

A method of drawing encrypted characters that is based on examining glyph data containing character codes.

1 5. The drawing of the encrypted character described in claim 1 1

The process of releasing the decryption table from the first misery is to place the decryption table on the main memory of the second misery, and when the drawing of the encrypted character code becomes unnecessary, Drawing of the encrypted character which is supposed to erase the decryption table from its own memory; W passed.

1 6. A method of drawing encrypted characters according to claim 1 1,

including processing for acquiring encryption glyph data from a total of m 1 ^ i,

Put the acquired glyph data for encryption in the main memory of the second tiff's second meter, and when it is no longer necessary to draw the encrypted character code, delete the Darif data for 8 from the main memory. The No. I with a tree base is a drawing method of characters.

1 7. Drawing of an encrypted character for drawing a character from the encrypted character code according to claim 1 with a second difficulty a process of performing a second measurement of the tiff's first total »

認 1 ^ 計 ^ ^ 脑脑灘 2 灘灘処理 ^ ^ 文字 character code including encrypted character code, and

The first computer in the disgusting process is a process of half-determining whether the character code subjected to fiiSB is an encrypted character code or a plain text.

文字第計計計計文字文字文字文字文字文字処理処理処理処理処理処理 til til 処理処理処理処理処理処理処理処理処理処理処理処理文字文字文字文字文字文字文字文字文字文字 til til til 処理処理処理処理処理処理処理処理処理処理文字文字文字第第第文字文字文字文字文字文字文字文字文字文字文字 til 処理処理処理処理処理処理処理処理処理処理処理処理処理処理文字文字文字文字文字計計計文字文字文字処理処理処理処理 The processing to get the second parameter corresponding to the enciphered character code

A process of searching for encryption Darif data having the value of the encrypted character code in the address corresponding to the position ', with the value of the second parameter as the position information of the glyph data for 8; ,

The Darling data corresponding to the encrypted character code is acquired from the Darif data searched by the first meter, and this glyph data is transferred to the second accounting together with the encrypted character code;

The second computer receives the character code from the first IGIB calculator, and

The second hardship is the process of determining whether the character code accepted by the selfish person is an encrypted character code or a plain text.

The tfif second total is a process of drawing the corresponding encrypted character code from Darif data received from the m 1 count and the encrypted character code in the character code of the received character code.

How to draw encrypted characters that contain m.

1 8. First character encryption method of character encryption to encrypt characters input to «

A process of reading an encryption character code for a preset encryption character;

tfna first total «generates a pseudo-random number for each encryption character code and sets it as a parameter ^ T

A process to select the glyph data for encryption corresponding to each character code, and a process to extract character data from the position of tiJlB glyph data corresponding to the value of the dislike parameter And

Processing to associate the extracted data of Tsurugi and the key parameter with the decryption table! ^

A process of setting tffiB sentence data of an encrypted 3⁄4 character code corresponding to the character code of a self-input character as a code to be acquired,

How to encrypt characters that are supposed to contain.

18. A method of drawing an encrypted character for drawing a character by the second bell from the encrypted character code according to claim 18;

a process of performing a second total authentication on the first computer tiff

The process of obtaining the decoding table from the first measure after the end of recognition by the second measure by the second step, and the process of receiving the character code from the first measure by the second measure by the second watch. When,

The key self-second counting process is performed to determine whether the character code accepted by the user is an encrypted character code.

If the character code accepted by tins is an encrypted character code, the processing by the 2 computer acquires a parameter corresponding to the ternary character code from the decryption class,

A second process of searching for Darf data for Bf ^ "having the value of the encrypted character code in the address corresponding to the position information using the parameter value as the position information of the encryption glyph data; _c

A process of taking Darif data corresponding to the encrypted character code from Darif data to which the second total tOt has been subjected;

The process of drawing the glyph data that the second ttif self «acquired by Hit self,

How to draw encrypted characters that are supposed to contain. '

2 0. A program that uses the first program »to process the process of encrypting the input characters, and a procedure for reading an encryption character code in advance for a predetermined character to be encrypted, A procedure for generating a pseudo random number for each character code and setting it as the first parameter; ttrt A hand for selecting glyph data for encryption corresponding to each character code for t note) 手 A procedure for extracting sentence data from the position of tflt own glyph data corresponding to the value of the first parameter

t & IH extracted sentence ^ procedure to put data in code number code table as code acquisition code, and

A procedure for storing a first parameter corresponding to the self-cipher code acquisition code in the parameter table; a procedure for acquiring a first parameter corresponding to the character input to ttilS;

tfilE) A pseudo-random number based on the first parameter acquired and a hand set as the second parameter

tflt A procedure for selecting glyph data for encryption corresponding to a self-input character,

tifia) a hand that extracts the sentence m data from the position of the key glyph data corresponding to the value of the second parameter;

Iff! Set self-extracted sentence data as a conversion character code, '

ttilBB phonetic character code and the second parameter are associated with each other to be edited in the decoding table;

籠 A character encryption program that makes it the first hardship to function.

21. A program for drawing a character from the encrypted character code according to claim 20 with a second difficulty,

The procedure for performing the second term authentication on the computer of it itself l _f ,

A procedure for acquiring a decryption table from the first misery after completion of leaked authentication,

A procedure for accepting a character code from the first self-defense

A procedure to determine whether the character code accepted is a plaintext that is an encrypted character code, 't & t The character code accepted by itself is an encrypted character code: in the decryption table Bf ^ converted character code Obtaining a second parameter corresponding to

A procedure for searching encryption glyph data having the value of the encrypted character code in the address corresponding to the position information with the value of the second parameter as the position of the glyph data for encryption, and m ^ glyph data made m ^ Hand to process glyph data corresponding to encrypted character code from When,

己己手手手手手手手手

It is a drawing program of encrypted characters with the intention of making it function as a ^second measure.

A program for executing a process of drawing a character from the encrypted character code according to claim 2 0, according to a first difficulty, comprising:

A procedure for authenticating the second measure:

After completion of ttilH authentication, determine whether the character code including the character code including the encrypted character code is transferred to the second total ^ 3⁄4 and whether the character code uttered is a plain text that is a Bf ^ character code. Procedure and IifSii character code is an encrypted character code:: ^, 手順 ^ from the テーブル ^ table The procedure to obtain the second parameter corresponding to the character code,

a procedure for detecting Darf data for Bt ^ having the value of the encrypted character code in the address corresponding to the position 'If report with the value of the second parameter of ttflB as the position information of the glyph data for Bf ^ ";

Obtain the Darif data corresponding to the encrypted character code from the Darif data that has been fifmy ist, and use this glyph data as drawing data along with the encrypted character code as a second procedure.

An encrypted character drawing program that makes it function in the first troubles.

A method of character encryption that converts the characters entered in 2 3 Total ».

A process of reading an encrypted character code for a predetermined character to be encrypted;

l Self-timer »generates pseudo-random numbers for each code ^ ^ character code and sets it as the first parameter,

tflt self encryption process of selecting glyph data for encryption corresponding to each character code,

a process of extracting sentence data from the position of the lift self-glyph data corresponding to the value of the first self-parameter;

Process to put the extracted sentence data in the Bf ^ code table as the code acquisition code, and

Storing the first parameter corresponding to the hate code acquisition code in the parameter table « If you get the first parameter that corresponds to the character input tiilB

Processing of setting a pseudo-random number based on the first parameter acquired and the second parameter;

processing to select glyph data for encryption corresponding to characters input to tiilB

a process of extracting sentence layout data from the position of tiHH glyph data corresponding to the value of the second parameter;

tiff self-extracted sentence: Setting data as encrypted character code «,

関連付け暗号辦関連付け爾爾処処処処処処, 暗号暗号暗号暗号暗号暗号暗号暗号暗号暗号暗号暗号暗号暗号暗号暗号暗号暗号暗号暗号暗号暗号暗号暗号暗号暗号暗号暗号暗号暗号暗号編処処処処処処暗号処処処処処)

A method of characterization that implies that it contains.

2 4. A method of drawing an encrypted character for drawing a character on a computer from the encrypted character code according to claim 23.

The process of making the atrocious account authentication of the user,

A process of acquiring a decryption table from a removable storage medium connected to a computer after the completion of authentication;

A process of accepting the character code input to the dissident calculator,

tff! E The process of judging whether the received character code is a plaintext which is an encrypted character code, and the character code given by ttit is an encrypted character code. Obtaining a second parameter corresponding to the encrypted character code from the decryption table;

Assuming that the value of the second parameter is the position of the encryption glyph data '[^, processing for searching encryption Darif data having the value of the encrypted character code in the address corresponding to the position information; Processing of extracting Darif data corresponding to the encrypted character code from the data;

process of drawing the glyph data acquired by lift

The drawing of the encrypted characters to be included in the drawing; W gone.

2 5. A method of encrypting characters that encrypts the characters entered in the first total ». A process of reading a ciphertext character code for a preset character to be converted into Bf ^, and a process of generating a pseudorandom number every first character code for every eight character code and setting it as a first parameter, and

A process of selecting glyph data for encryption corresponding to each image character code, a process of reading a numerical value table set in advance in association with darif data for tna ^, tfif the first parameter From the position of the value table corresponding to the value «II [Process of extracting data,

tut self-extracted sentence ^ process of compiling data in the encryption code table as an encryption acquisition code, and

The first parameter corresponding to the tfll E encryption acquisition code is compiled into a parameter table, and the first parameter corresponding to the character that has been reciprocated is acquired,

Processing of generating a pseudo-random number based on the first parameter acquired and setting it as the second parameter;

and a process of selecting a numeric table for encryption corresponding to the self-entered character, and

a process of extracting sentence data from the position of the tin self-number table corresponding to the value of the second parameter of tiria;

processing that sets the extracted text ^^ data as an encrypted character code,

Processing to associate the dislike encrypted character code and the disgust second parameter into the decryption table;

Encryption of characters that are supposed to contain.

2. A method of drawing an encrypted character for drawing a character according to a second difficulty from the encrypted character code according to claim 25.

Certification of the second total «against the first total« «« «,

The second hardship to get the decoding table from the first hardship after the authentication is complete, and the IB second meter to accept the character code from the first computer ^ 3⁄4,

l The second computer, 151 Self-accepted character code is encrypted character code or is plain text The process of determining

ttflB The received character code is Bt ^ "In the character code, the process of acquiring the second parameter corresponding to the encrypted character code from the second calculator table.

t & IS second total leak force S The second parameter value is used as position information, and a process of detecting a numerical value table having an encrypted character code value in an address corresponding to the position information;

A process of searching glyph data for B note corresponding to the position information of the personal value table;

A process of taking Darif data corresponding to the 0-ized character code from Darif data that the f & f self-second total has favored, and

a process of drawing the glyph data which t & f's second total has acquired by ttit,

How to draw encrypted characters that are supposed to contain.