WO2010038764A1 - Encryption device, encryption method and program - Google Patents

Encryption device, encryption method and program Download PDF

Info

Publication number
WO2010038764A1
WO2010038764A1 PCT/JP2009/067005 JP2009067005W WO2010038764A1 WO 2010038764 A1 WO2010038764 A1 WO 2010038764A1 JP 2009067005 W JP2009067005 W JP 2009067005W WO 2010038764 A1 WO2010038764 A1 WO 2010038764A1
Authority
WO
WIPO (PCT)
Prior art keywords
encryption
encrypted
keyword
data
character string
Prior art date
Application number
PCT/JP2009/067005
Other languages
French (fr)
Japanese (ja)
Inventor
土屋敏子
Original Assignee
株式会社Icon
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 株式会社Icon filed Critical 株式会社Icon
Publication of WO2010038764A1 publication Critical patent/WO2010038764A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/061Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying further key derivation, e.g. deriving traffic keys from a pair-wise master key

Definitions

  • the present invention relates to an encryption device, an encryption method, and a program for encrypting secret information whose contents are to be kept secret.
  • the user's electronic file data is encrypted and stored in order to prevent leakage to a third party.
  • JP 2005-316669 A Japanese Patent Application Laid-Open No. 2005-166033
  • An object of the present invention is to provide an encryption device, an encryption method, and a program capable of reducing the data amount of encrypted data without reducing the security of the encrypted data. .
  • the encryption device of the present invention includes a storage unit that stores, as a keyword, a character string that is predicted to be used continuously with a character string to be concealed; Search means for searching the position of the keyword stored in the storage means in the document data to be encrypted; Encryption processing means for encrypting at least one character string located before or after the position of the keyword searched by the search means.
  • the encryption processing means may encrypt a character string stored in the storage means as the keyword.
  • the storage means stores a type of a specific character that is frequently used when expressing information to be kept secret
  • the search means searches for the position in the document data to be encrypted of the specific character stored in the storage means
  • the encryption processing means may encrypt the specific character searched by the search means.
  • the other encryption device of the present invention further comprises a determination means for determining the content of the document data to be encrypted,
  • the search unit may select a keyword to be used when performing a search from a plurality of keywords stored in the storage unit according to the content of the document data determined by the determination unit. .
  • the other encryption device of the present invention further comprises setting means for setting the number of characters for encryption for a plurality of keywords stored in the storage means.
  • the encryption processing means may encrypt characters that are consecutive before or after the number of characters set by the setting means from the position of the keyword searched by the search means.
  • the other encryption apparatus of the present invention further includes a setting unit that sets the importance for each of the plurality of keywords stored in the storage unit,
  • the encryption processing means is set by the setting means for an encryption method used when encrypting a character string of at least one character positioned before or after the position of the keyword searched by the search means. You may make it switch according to importance.
  • the encryption processing means encrypts a character string of at least one character positioned before or after the keyword position set as having high importance by the setting means.
  • an encryption key having a larger number of bits than the encryption key used when encrypting other character strings may be used.
  • another encryption apparatus of the present invention includes a determination unit that determines the type of electronic file data to be encrypted, If the electronic file data to be encrypted by the determination means is image data, search means for searching for the position of a specific image included in the image data; And encryption processing means for encrypting only data in an area including the specific image searched by the search means.
  • another encryption apparatus of the present invention includes a determination unit that determines the type of electronic file data to be encrypted, If the electronic file data to be encrypted by the determination means is audio data, search means for searching for data of a specific scale included in the audio data; Encryption processing means for encrypting only data of a specific scale searched by the search means.
  • the encryption method of the present invention includes a step of searching a position in document data to be encrypted of a keyword predicted to be used continuously with a character string to be concealed; And encrypting a character string of at least one character positioned before or after the position of the searched keyword.
  • the program of the present invention searches for the position in the document data to be encrypted of a keyword that is predicted to be used continuously with a character string to be concealed; And causing the computer to execute a step of encrypting at least one character string positioned before or after the position of the searched keyword.
  • an encryption device an encryption method, and a program capable of reducing the data amount of encrypted data without reducing the security of the encrypted data. It becomes.
  • FIG. 8 It is a block diagram which shows the structure of the information management system containing the encryption apparatus 20 of one Embodiment of this invention. It is a block diagram which shows the function structure of the encryption apparatus 20 of one Embodiment of this invention. It is a flowchart for demonstrating the outline of operation
  • 4 is a flowchart for explaining an encryption process for document data shown in step S102 of FIG. 3; 4 is a diagram for explaining a specific example of keywords stored in a keyword storage unit 31.
  • FIG. It is a figure which shows an example of the email data before an encryption process.
  • FIG. 7 is a diagram showing a state after the e-mail data shown in FIG. 6 is encrypted. It is a figure which shows an example of the document data before an encryption process.
  • FIG. 9 is a diagram illustrating a state after the document data illustrated in FIG. 8 is encrypted.
  • the information management system including the encryption device is a system for realizing a secret information management service that manages secret information of contracted users.
  • secret information financial information consisting of PIN numbers of bank cash cards, address book, address book, e-mail, schedule book, diary book, insurance card number, image information such as photos taken by the camera And voice information input from a microphone.
  • an encryption method that selectively encrypts only important information or a portion including information to be kept secret, rather than encrypting all electronic file data that is to be stored as secret information. It is used.
  • a character string that is predicted to be used (or arranged) continuously with a character string to be concealed is registered in advance as a keyword
  • a keyword registered in advance is searched from the character information, and a predetermined number of characters used continuously with the searched keyword are encrypted. Examples of this keyword include “@”, “ ⁇ ”, “sama”, “san”, “chan”, “sha”, “ha”, “number”, “etc.”.
  • search method for searching for a keyword there are a first method for searching all the keywords selected in advance and a second method for searching after selecting a keyword according to the contents of character information.
  • the confidential information is financial information including a bank cash card PIN
  • the keywords “bank”, “number”, “account number”, “ordinary” ”And“ Temporary ” are selected, and when the secret information is an address book,“ town ”and“ number ”are selected as keywords.
  • the secret information is an address book
  • “@”, “ ⁇ ” and “.” are selected as keywords
  • the secret information is an e-mail.
  • “sama”, “san”, “chan”, “company”, and “ha” are selected as keywords.
  • At least one character string located before the keyword is extracted from the secret information, and only the extracted character string is encrypted. For example, when a part of the confidential information is “patent Taro”, only “Taro” is encrypted.
  • the confidential information to be encrypted is image information
  • the face information is included in the image information, for example, the “eye” portion of the image information And only the extracted “eye” portion is encrypted.
  • the encryption apparatus can select, for example, one sound part of “Fa” or “Do”, “Le”, and “Mi” from the voice information. ”And the like, and only the extracted voice information is encrypted.
  • the information management system includes a control unit 10, an encryption device 20, a decryption device 30, and an encrypted data storage unit 40.
  • the control unit 10 receives electronic file data transmitted as secret information from a terminal device such as a personal computer (hereinafter, abbreviated as a personal computer) or a mobile phone, and encrypts it by the encryption device 20 and encrypts it. 40.
  • a terminal device such as a personal computer (hereinafter, abbreviated as a personal computer) or a mobile phone
  • control unit 10 When the control unit 10 receives the acquisition request of the confidential information stored from the terminal device, the control unit 10 searches the encrypted data stored in the encrypted data storage unit 40 for the data that has received the acquisition request. After decryption by the decryption device 30, it is transmitted to the terminal device that has transmitted the acquisition request.
  • the information management system of the present embodiment includes a CPU, a memory, a storage device such as a hard disk drive (HDD), a communication interface device, a user interface device, and the like.
  • the CPU controls the operation of the information management system by executing a predetermined process based on a control program stored in the memory or the storage device.
  • the encryption device 20 includes a keyword storage unit 31, a search unit 32, an encryption processing unit 33, a setting unit 34, and a determination unit 35, as shown in FIG.
  • a character string that is predicted to be used (or arranged) continuously with a character string to be kept secret is stored as a keyword.
  • the character string to be concealed is important information in secret information such as an e-mail address and a telephone number, that is, a character string to be prevented from leaking.
  • the keyword storage unit 31 stores a type of a specific character that is frequently used when expressing confidential information such as a number.
  • the determination unit 35 determines the type of electronic file data to be encrypted, and determines the content of the document data when the electronic file data to be encrypted is document data.
  • various types of electronic file data such as image data, document data, and audio data.
  • the contents of the document data can be classified as financial information, address book, e-mail, etc.
  • the search unit 32 searches the position of the keyword stored in the keyword storage unit 31 in the document data to be encrypted and is stored in the keyword storage unit 31. The position of the specific character in the document data to be encrypted is searched.
  • the search unit 32 does not search for document data using all the keywords stored in the keyword storage unit 31, but uses a keyword storage unit according to the content of the document data determined by the determination unit 35. You may make it select the keyword used when searching from the some keyword memorize
  • the setting unit 34 sets the number of characters for encryption for a plurality of keywords stored in the keyword storage unit 31. For example, the setting unit 34 performs settings such as encrypting the previous two characters or the previous three characters at the keyword position. The setting unit 34 sets the importance for each of the plurality of keywords stored in the keyword storage unit 31.
  • the encryption processing unit 33 encrypts at least one character string located before or after the keyword position searched by the search unit 32.
  • the encryption processing unit 33 may encrypt the character string itself stored as a keyword in the keyword storage unit 31. Note that the encryption processing unit 33 may encrypt a character string of at least one character positioned both before and after the character string set as a keyword, not before or after the character string.
  • the encryption processing unit 33 encrypts the specific character itself searched by the search unit 32.
  • the encryption processing unit 33 sets the number of characters before or after the number of characters set by the setting unit 34 from the keyword position searched by the search unit 32. Encrypts subsequent characters.
  • the encryption processing unit 33 uses the setting unit 34 to set an encryption method used when encrypting at least one character string positioned before or after the position of the keyword searched by the search unit 32. Switch according to the importance.
  • the encryption processing unit 33 encrypts a character string of at least one character positioned before or after the position of the keyword set as having a high importance level by the setting unit 34
  • other characters Use an encryption key with more bits than the encryption key used to encrypt the column. For example, a keyword with importance set to “high” is encrypted with a 256-bit encryption key, and a keyword with importance set to “medium” is encrypted with a 128-bit encryption key. The keyword with the importance set to “low” is encrypted with a 64-bit encryption key.
  • the search unit 32 searches for the position of a specific image included in the image data, for example, the image of “eyes”. . Then, the encryption processing unit 33 encrypts only the data in the area including the specific image searched by the search unit 32.
  • the search unit 32 searches for data of a specific scale, for example, “fa” included in the audio data. Then, the encryption processing unit 33 encrypts only the data of the specific scale searched by the search unit 32.
  • the type of electronic file data to be encrypted that is, whether the electronic file data is document data, image data, or audio data is determined by the determination unit 35 (step) S101, S103, S105).
  • step S101 If the electronic file data to be encrypted is document data (Yes in step S101), an encryption process for the document data is executed (step S102). Details of the encryption processing for the document data will be described later.
  • step S104 If the electronic file data to be encrypted is image data (Yes in step S103), an encryption process for the image data is executed (step S104).
  • an area including a specific image is searched from the image data to be encrypted, and only the area including the image is encrypted.
  • step S106 If the electronic file data to be encrypted is audio data (Yes in step S105), an encryption process for the audio data is executed (step S106).
  • the data of a specific scale is searched from the voice data to be encrypted, and only the data of the scale is encrypted.
  • the determination unit 35 determines that the electronic file data to be encrypted is document data, the content of the document data is further determined (step S201).
  • the search unit 32 selects a keyword to be used for the search from the keyword storage unit 31 according to the content of the document data determined by the determination unit 35 (step S202).
  • all the keywords stored in the keyword storage unit 31 may be set as search target keywords.
  • the search unit 32 searches for the position of the keyword to be searched in the document data to be encrypted (step S203).
  • the encryption processing unit 33 executes an encryption process for the character string located before or after the position of the keyword searched by the search unit 32 (step S204).
  • the encryption processing unit 33 encrypts the keyword itself for a specific keyword among the keywords.
  • the encryption processing unit 33 performs the following operations on character strings such as “@”, “corporation”, “(stock)”, “password”, “e-mail”, etc. It is assumed that the keyword character string itself is set to be encrypted, not just the character strings before, after, or before and after.
  • the setting is made so that the character string of the first two characters, the second two characters, or the two characters before and after the character string set as the keyword is encrypted.
  • the present invention can be similarly applied even when the number of character strings to be encrypted is one character, three characters, or four or more characters.
  • FIGS. Specific examples when the encryption processing is performed in such a state are shown in FIGS.
  • the encrypted characters are represented by “*”.
  • FIG. 6 shows an example of e-mail data before the encryption process
  • FIG. 7 shows the e-mail data after the encryption process.
  • FIG. 8 shows an example of document data before encryption processing
  • FIG. 9 shows document data after encryption processing is performed.
  • the character string “Suzuki” of the character string “Suzuki Construction Co., Ltd.” is encrypted because the character string “Co., Ltd.” is registered as a keyword. It can be seen that the character string is “******* Construction”.
  • the product number, product price, etc. in the document data are all encrypted because the numbers are registered as keywords.
  • the encryption device 20 of the present embodiment not all of the electronic file data to be encrypted is encrypted, but only the character strings located before and after the keyword and the character string of the keyword are encrypted. This makes it possible to encrypt only the information that seems to be important. Therefore, compared with the case where all the electronic file data to be encrypted is encrypted, the data amount of the encrypted electronic file data can be reduced. As a result, according to the present embodiment, the consumption of the storage capacity of the encrypted data storage unit 40 for storing the encrypted electronic file data can be saved, and more data can be stored. become able to.
  • the encryption device 20 of the present embodiment has been described using the case where the present invention is applied to an information management service for managing secret information of a contracted user.
  • the present invention has such a configuration. It is not limited.
  • the present invention is also applicable to the case where document data is stored in a terminal device such as a personal computer (hereinafter abbreviated as a personal computer).
  • a personal computer hereinafter abbreviated as a personal computer
  • the present invention can be applied even in a case where e-mail data received by mail software in a personal computer is encrypted and stored.
  • the present invention can be applied even in a case where client electronic mail data is encrypted and stored in mail software operating on the server device side. In such a case, if the entire text of the email data is partially encrypted without being encrypted, the amount of data transmitted and received between the server device and the personal computer can be reduced.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

Provided are an encryption device, an encryption method and a program that enable the amount of encrypted data to be reduced without lowering the safety of the encrypted data. With the encryption device, character strings predicted to be used in succession with character strings to be kept private are preregistered as key words. When the type of confidential information is character information, the key words that have been preregistered are searched for within the character information, and only a prescribed number of characters used in succession with the searched key words are encrypted. For example, when the text string "Mr.," "Mrs.," or "Dear" has been registered as the key word, the two characters preceding the key word are encrypted.

Description

暗号化装置、暗号化方法およびプログラムENCRYPTION DEVICE, ENCRYPTION METHOD, AND PROGRAM
 本発明は、内容を秘密にしようとする秘密情報を暗号化するための暗号化装置、暗号化方法およびプログラムに関する。 The present invention relates to an encryption device, an encryption method, and a program for encrypting secret information whose contents are to be kept secret.
 近年、携帯電話端末装置等の記憶容量が増加しているため、電子メールや画像データ等の様々な電子ファイルデータが携帯電話端末装置内に保管されている。そのため、この携帯電話端末装置を紛失した場合の情報漏洩の危険性が大きくなっている。このような問題を解決するため、電子ファイルデータを携帯電話装置からサーバ装置に送信し、サーバ装置内で保管しておくような電子ファイル管理システムも提案されている(例えば特許文献1、2参照。)。 In recent years, since the storage capacity of mobile phone terminal devices and the like has increased, various electronic file data such as e-mails and image data are stored in the mobile phone terminal devices. Therefore, the risk of information leakage when this mobile phone terminal is lost is increasing. In order to solve such a problem, an electronic file management system in which electronic file data is transmitted from a mobile phone device to a server device and stored in the server device has also been proposed (see, for example, Patent Documents 1 and 2). .)
 このようなシステムでは、第三者への漏洩を防止するためにユーザの電子ファイルデータは暗号化されて保管される。しかし、一般的に暗号化された情報の解読を困難にするためには暗号化処理において使用される暗号鍵のビット数を大きくする必要がある。例えば、128ビットの暗号鍵により暗号化された情報よりも256ビットの暗号鍵により暗号化された情報のほうが解読される可能性は低くなる。 In such a system, the user's electronic file data is encrypted and stored in order to prevent leakage to a third party. However, in general, in order to make it difficult to decrypt the encrypted information, it is necessary to increase the number of bits of the encryption key used in the encryption process. For example, information encrypted with a 256-bit encryption key is less likely to be decrypted than information encrypted with a 128-bit encryption key.
 しかし、使用する暗号鍵のビット数を大きくすると、暗号化されたデータのデータ量も大きくなる。そのため、ユーザからの暗号化データを管理するサーバ装置では、より安全性を高めようとしてビット数の大きい暗号鍵を採用すると管理しなければならないデータ量も大きくなり記憶容量を圧迫することとなってしまう。 However, if the number of bits of the encryption key used is increased, the amount of encrypted data also increases. For this reason, in a server device that manages encrypted data from a user, if an encryption key with a large number of bits is adopted in order to further increase the security, the amount of data that must be managed increases, and the storage capacity is compressed. End up.
特開2005-316669号公報JP 2005-316669 A 特開2005-166033号公報Japanese Patent Application Laid-Open No. 2005-166033
 本発明は、暗号化されたデータの安全性を低下させることなく、暗号化されたデータのデータ量を削減することが可能な暗号化装置、暗号化方法およびプログラムを提供することを目的とする。 An object of the present invention is to provide an encryption device, an encryption method, and a program capable of reducing the data amount of encrypted data without reducing the security of the encrypted data. .
 [暗号化装置]
 本発明の暗号化装置は、秘匿したい文字列と連続して使用されることが予測される文字列をキーワードとして記憶する記憶手段と、
 前記記憶手段に記憶されているキーワードの、暗号化対象の文書データにおける位置を検索する検索手段と、
 前記検索手段により検索されたキーワードの位置の前又は後に位置する少なくとも1文字以上の文字列を暗号化する暗号化処理手段とを備えている。 [Encryption device]
The encryption device of the present invention includes a storage unit that stores, as a keyword, a character string that is predicted to be used continuously with a character string to be concealed;
Search means for searching the position of the keyword stored in the storage means in the document data to be encrypted;
Encryption processing means for encrypting at least one character string located before or after the position of the keyword searched by the search means.
 また、本発明の他の暗号化装置では、前記暗号化処理手段は、前記キーワードとして前記記憶手段に記憶されている文字列を暗号化するようにしてもよい。 In another encryption device of the present invention, the encryption processing means may encrypt a character string stored in the storage means as the keyword.
 また、本発明の他の暗号化装置では、前記記憶手段は、秘匿したい情報を表現する際に使用される頻度が高い特定文字の種類を記憶し、
 前記検索手段は、前記記憶手段に記憶されている特定文字の、暗号化対象の文書データにおける位置を検索し、
 前記暗号化処理手段は、前記検索手段により検索された特定文字を暗号化するようにしてもよい。 Further, in another encryption device of the present invention, the storage means stores a type of a specific character that is frequently used when expressing information to be kept secret,
The search means searches for the position in the document data to be encrypted of the specific character stored in the storage means,
The encryption processing means may encrypt the specific character searched by the search means.
 さらに、本発明の他の暗号化装置は、暗号化対象の文書データの内容を判定する判定手段をさらに備え、
 前記検索手段は、前記判定手段により判定された文書データの内容に応じて、前記記憶手段に記憶されている複数のキーワードの中から検索を行う際に使用するキーワードを選択するようにしてもよい。 Furthermore, the other encryption device of the present invention further comprises a determination means for determining the content of the document data to be encrypted,
The search unit may select a keyword to be used when performing a search from a plurality of keywords stored in the storage unit according to the content of the document data determined by the determination unit. .
 さらに、本発明の他の暗号化装置は、前記記憶手段に記憶されている複数のキーワードに対して、暗号化する際の文字数を設定する設定手段をさらに備え、
 前記暗号化処理手段は、前記検索手段により検索されたキーワードの位置から前記設定手段により設定された文字数だけ前又は後に連続する文字を暗号化するようにしてもよい。 Furthermore, the other encryption device of the present invention further comprises setting means for setting the number of characters for encryption for a plurality of keywords stored in the storage means,
The encryption processing means may encrypt characters that are consecutive before or after the number of characters set by the setting means from the position of the keyword searched by the search means.
 さらに、本発明の他の暗号化装置は、前記記憶手段に記憶されている複数のキーワードのそれぞれに対して重要度を設定する設定手段をさらに備え、
 前記暗号化処理手段は、前記検索手段により検索されたキーワードの位置の前又は後に位置する少なくとも1文字以上の文字列を暗号化する際に使用する暗号化方法を、前記設定手段により設定された重要度に応じて切り換えるようにしてもよい。 Furthermore, the other encryption apparatus of the present invention further includes a setting unit that sets the importance for each of the plurality of keywords stored in the storage unit,
The encryption processing means is set by the setting means for an encryption method used when encrypting a character string of at least one character positioned before or after the position of the keyword searched by the search means. You may make it switch according to importance.
 さらに、本発明の他の暗号化装置では、前記暗号化処理手段は、前記設定手段により重要度が高いと設定されたキーワードの位置の前又は後に位置する少なくとも1文字以上の文字列を暗号化する際に、他の文字列を暗号化する際に使用する暗号鍵よりもビット数が多い暗号鍵を使用するようにしてもよい。 Furthermore, in another encryption apparatus of the present invention, the encryption processing means encrypts a character string of at least one character positioned before or after the keyword position set as having high importance by the setting means. In this case, an encryption key having a larger number of bits than the encryption key used when encrypting other character strings may be used.
 さらに、本発明の他の暗号化装置は、暗号化対象の電子ファイルデータの種類を判定する判定手段と、
 前記判定手段により暗号化対象の電子ファイルデータが画像データの場合、当該画像データ中に含まれる特定画像の位置を検索する検索手段と、
 前記検索手段により検索された特定画像が含まれる領域のデータのみを暗号化する暗号化処理手段とを備えている。 Furthermore, another encryption apparatus of the present invention includes a determination unit that determines the type of electronic file data to be encrypted,
If the electronic file data to be encrypted by the determination means is image data, search means for searching for the position of a specific image included in the image data;
And encryption processing means for encrypting only data in an area including the specific image searched by the search means.
 さらに、本発明の他の暗号化装置は、暗号化対象の電子ファイルデータの種類を判定する判定手段と、
 前記判定手段により暗号化対象の電子ファイルデータが音声データの場合、当該音声データ中に含まれる特定音階のデータを検索する検索手段と、
 前記検索手段により検索された特定音階のデータのみを暗号化する暗号化処理手段とを備えている。 Furthermore, another encryption apparatus of the present invention includes a determination unit that determines the type of electronic file data to be encrypted,
If the electronic file data to be encrypted by the determination means is audio data, search means for searching for data of a specific scale included in the audio data;
Encryption processing means for encrypting only data of a specific scale searched by the search means.
 [暗号化方法]
 本発明の暗号化方法は、秘匿したい文字列と連続して使用されることが予測されるキーワードの、暗号化対象の文書データにおける位置を検索するステップと、
 検索された前記キーワードの位置の前又は後に位置する少なくとも1文字以上の文字列を暗号化するステップとを備えている。 [Encryption method]
The encryption method of the present invention includes a step of searching a position in document data to be encrypted of a keyword predicted to be used continuously with a character string to be concealed;
And encrypting a character string of at least one character positioned before or after the position of the searched keyword.
 [プログラム]
 本発明のプログラムは、秘匿したい文字列と連続して使用されることが予測されるキーワードの、暗号化対象の文書データにおける位置を検索するステップと、
 検索された前記キーワードの位置の前又は後に位置する少なくとも1文字以上の文字列を暗号化するステップとをコンピュータに実行させる。 [program]
The program of the present invention searches for the position in the document data to be encrypted of a keyword that is predicted to be used continuously with a character string to be concealed;
And causing the computer to execute a step of encrypting at least one character string positioned before or after the position of the searched keyword.
 本発明によれば、暗号化されたデータの安全性を低下させることなく、暗号化されたデータのデータ量を削減することが可能な暗号化装置、暗号化方法およびプログラムを実現することが可能となる。 According to the present invention, it is possible to realize an encryption device, an encryption method, and a program capable of reducing the data amount of encrypted data without reducing the security of the encrypted data. It becomes.
本発明の一実施形態の暗号化装置20を含む情報管理システムの構成を示すブロック図である。It is a block diagram which shows the structure of the information management system containing the encryption apparatus 20 of one Embodiment of this invention. 本発明の一実施形態の暗号化装置20の機能構成を示すブロック図である。It is a block diagram which shows the function structure of the encryption apparatus 20 of one Embodiment of this invention. 本発明の一実施形態の暗号化装置20の動作の概略を説明するためのフローチャートである。It is a flowchart for demonstrating the outline of operation | movement of the encryption apparatus 20 of one Embodiment of this invention. 図3のステップS102において示した文書データに対する暗号化処理を説明するためのフローチャートである。4 is a flowchart for explaining an encryption process for document data shown in step S102 of FIG. 3; キーワード格納部31に格納されているキーワードの具体例を説明するための図である。4 is a diagram for explaining a specific example of keywords stored in a keyword storage unit 31. FIG. 暗号化処理前の電子メールデータの一例を示す図である。It is a figure which shows an example of the email data before an encryption process. 図6に示した電子メールデータが暗号化された後の様子を示す図である。FIG. 7 is a diagram showing a state after the e-mail data shown in FIG. 6 is encrypted. 暗号化処理前の文書データの一例を示す図である。It is a figure which shows an example of the document data before an encryption process. 図8に示した文書データが暗号化された後の様子を示す図である。FIG. 9 is a diagram illustrating a state after the document data illustrated in FIG. 8 is encrypted.
 以下、本発明の実施の形態について図面を参照して説明する。
 本実施形態の暗号化装置を含む情報管理システムは、契約しているユーザの秘密情報を管理する秘密情報管理サービスを実現するためのシステムである。この秘密情報の一例としては、銀行のキャッシュカードの暗証番号などからなる金融情報、住所録、アドレス帳、電子メール、スケジュール帳、日記帳、保険証番号、カメラによって撮像された写真などの画像情報、マイクから入力された音声情報などがある。 Hereinafter, embodiments of the present invention will be described with reference to the drawings.
The information management system including the encryption device according to the present embodiment is a system for realizing a secret information management service that manages secret information of contracted users. As an example of this secret information, financial information consisting of PIN numbers of bank cash cards, address book, address book, e-mail, schedule book, diary book, insurance card number, image information such as photos taken by the camera And voice information input from a microphone.
 本実施形態の暗号化装置では、秘密情報として保管したい電子ファイルデータ全部を暗号化するのではなく、重要な情報または秘密にしたい情報が含まれる部分のみを選択的に暗号化する暗号化方法が用いられている。 In the encryption apparatus of the present embodiment, there is an encryption method that selectively encrypts only important information or a portion including information to be kept secret, rather than encrypting all electronic file data that is to be stored as secret information. It is used.
 具体的には、本実施形態の暗号化装置における暗号化方法では、秘匿したい文字列と連続して使用(または配置)されることが予測される文字列をキーワードとして予め登録しておき、秘密情報の種類が文字情報の場合には、この文字情報の中から、予め登録しておいたキーワードを検索し、検索したキーワードと連続して使用されている文字を所定数分だけ暗号化する。このキーワードの一例としては、「@」、「-」、「様」、「さん」、「ちゃん」、「社」、「は」、「数字」、「など」がある。 Specifically, in the encryption method in the encryption apparatus of the present embodiment, a character string that is predicted to be used (or arranged) continuously with a character string to be concealed is registered in advance as a keyword, When the type of information is character information, a keyword registered in advance is searched from the character information, and a predetermined number of characters used continuously with the searched keyword are encrypted. Examples of this keyword include “@”, “−”, “sama”, “san”, “chan”, “sha”, “ha”, “number”, “etc.”.
 因みに、キーワードを検索する検索方法としては、予め選定されたキーワードの全てを検索する第1の方法と、文字情報の内容に応じてキーワードを選択した上で検索する第2の方法とがある。 Incidentally, as a search method for searching for a keyword, there are a first method for searching all the keywords selected in advance and a second method for searching after selecting a keyword according to the contents of character information.
 この第2の検索方法では、例えば、秘密情報が、銀行のキャッシュカードの暗証番号などからなる金融情報である場合には、キーワードとして、「銀行」、「数字」、「口座番号」、「普通」、「当座」を選択し、秘密情報が、住所録である場合には、キーワードとして、「町」及び「数字」を選択する。 In the second search method, for example, when the confidential information is financial information including a bank cash card PIN, the keywords “bank”, “number”, “account number”, “ordinary” ”And“ Temporary ”are selected, and when the secret information is an address book,“ town ”and“ number ”are selected as keywords.
 また、この第2の検索方法では、例えば、秘密情報が、アドレス帳である場合には、キーワードとして、「@」、「-」及び「.」を選択し、秘密情報が、電子メールである場合には、キーワードとして、「様」、「さん」、「ちゃん」、「社」及び「は」を選択する。 In the second search method, for example, when the secret information is an address book, “@”, “−” and “.” Are selected as keywords, and the secret information is an e-mail. In this case, “sama”, “san”, “chan”, “company”, and “ha” are selected as keywords.
 続いて、上述の第2の暗号化方法では、秘密情報のうち、キーワード以前に位置する少なくとも1文字以上の文字列を抽出し、当該抽出された文字列のみを暗号化する。例えば、秘密情報の一部が「特許 太郎 様」である場合には、このうち、「太郎」のみを暗号化する。 Subsequently, in the second encryption method, at least one character string located before the keyword is extracted from the secret information, and only the extracted character string is encrypted. For example, when a part of the confidential information is “patent Taro”, only “Taro” is encrypted.
 なお、上記では、秘密情報を暗号する方法として、秘密情報のうち、キーワード以前に位置する少なくとも1文字以上の文字列を抽出し、当該抽出された文字列のみを暗号化する場合について述べたが、秘密情報が英文情報を有する場合には、キーワードとして、例えば「Hi」、「From」、「Name」、「To」、「E-mail」、「tel」、「Dear」、「ID」などを予め選定しておき、秘密情報の中から、この予め選定されたキーワードを抽出した際には、秘密情報のうち、キーワード以後に位置する少なくとも1文字以上の文字列を抽出し、当該抽出された文字列のみを暗号化するようにしても良い。要は、キーワード以前又は以後に位置する少なくとも1文字以上の文字列を暗号化すれば良い。 In the above description, as a method of encrypting secret information, a case has been described in which at least one character string located before the keyword is extracted from the secret information, and only the extracted character string is encrypted. If the confidential information has English information, keywords such as “Hi”, “From”, “Name”, “To”, “E-mail”, “tel”, “Dear”, “ID” etc. When the preselected keyword is extracted from the secret information, at least one character string positioned after the keyword is extracted from the secret information and extracted. Only the character string may be encrypted. In short, it is only necessary to encrypt at least one character string located before or after the keyword.
 これにより、秘密情報のうちの重要な部分を暗号化することを確保した上で、暗号化秘密情報のデータ量を削減することができ、従って当該暗号化秘密情報を記憶するためのメモリ容量を削減することができる。 As a result, it is possible to reduce the data amount of the encrypted secret information while ensuring that an important part of the secret information is encrypted, and therefore, it is possible to reduce the memory capacity for storing the encrypted secret information. Can be reduced.
 また、本実施形態の暗号化装置は、暗号化対象の秘密情報が画像情報であり、当該画像情報に顔画像が含まれている場合には、当該画像情報の中から例えば「目」の部分を抽出し、当該抽出された「目」の部分のみを暗号化する。 In addition, in the encryption apparatus according to the present embodiment, when the confidential information to be encrypted is image information, and the face information is included in the image information, for example, the “eye” portion of the image information And only the extracted “eye” portion is encrypted.
 また、本実施形態の暗号化装置は、秘密情報が音声情報である場合には、当該音声情報の中から、例えば、「ファ」の一音部分、又は「ド」、「レ」及び「ミ」などの数音部分を抽出し、当該抽出された音声情報のみを暗号化する。 In addition, when the secret information is voice information, the encryption apparatus according to the present embodiment can select, for example, one sound part of “Fa” or “Do”, “Le”, and “Mi” from the voice information. ”And the like, and only the extracted voice information is encrypted.
 このような暗号化方法を実現する本実施形態の暗号化装置20を含む情報管理システムの構成を図1のブロック図を参照して説明する。 The configuration of an information management system including the encryption device 20 of the present embodiment that realizes such an encryption method will be described with reference to the block diagram of FIG.
 この情報管理システムは、図1に示されるように、制御部10と、暗号化装置20と、復号化装置30と、暗号化データ保管部40とから構成されている。 As shown in FIG. 1, the information management system includes a control unit 10, an encryption device 20, a decryption device 30, and an encrypted data storage unit 40.
 制御部10は、パーソナルコンピュータ(以下、パソコンと略す。)や携帯電話機等の端末装置から秘密情報として送信されてきた電子ファイルデータを受信して暗号化装置20により暗号化して暗号化データ保管部40に格納する。 The control unit 10 receives electronic file data transmitted as secret information from a terminal device such as a personal computer (hereinafter, abbreviated as a personal computer) or a mobile phone, and encrypts it by the encryption device 20 and encrypts it. 40.
 そして、制御部10は、端末装置から保管されている秘密情報の取得依頼を受信すると、暗号化データ保管部40に格納されている暗号化データの中から取得依頼を受けたデータを検索して復号化装置30により復号した後に、取得依頼を送信してきた端末装置に送信する。 When the control unit 10 receives the acquisition request of the confidential information stored from the terminal device, the control unit 10 searches the encrypted data stored in the encrypted data storage unit 40 for the data that has received the acquisition request. After decryption by the decryption device 30, it is transmitted to the terminal device that has transmitted the acquisition request.
 なお、本実施形態の情報管理システムは、CPU、メモリ、ハードディスクドライブ(HDD)等の記憶装置、通信インタフェース装置、ユーザインタフェース装置等により構成されている。そして、CPUは、メモリまたは記憶装置に格納された制御プログラムに基づいて所定の処理を実行することにより情報管理システムの動作を制御する。 Note that the information management system of the present embodiment includes a CPU, a memory, a storage device such as a hard disk drive (HDD), a communication interface device, a user interface device, and the like. The CPU controls the operation of the information management system by executing a predetermined process based on a control program stored in the memory or the storage device.
 上記の制御プログラムが実行されることにより実現される暗号化装置20の機能構成を図2のブロック図に示す。 The functional configuration of the encryption device 20 realized by executing the above control program is shown in the block diagram of FIG.
 本実施形態における暗号化装置20は、図2に示されるように、キーワード格納部31と、検索部32と、暗号化処理部33と、設定部34と、判定部35とを備えている。 2, the encryption device 20 according to the present embodiment includes a keyword storage unit 31, a search unit 32, an encryption processing unit 33, a setting unit 34, and a determination unit 35, as shown in FIG.
 キーワード格納部31には、秘匿したい文字列と連続して使用(または配置)されることが予測される文字列がキーワードとして記憶されている。ここで、秘匿したい文字列とは、電子メールアドレス、電話番号のような秘密情報中の重要な情報、つまり漏洩することを防止したい文字列である。さらに、キーワード格納部31には、例えば数字のように、秘匿したい情報を表現する際に使用される頻度が高い特定文字の種類が記憶されている。 In the keyword storage unit 31, a character string that is predicted to be used (or arranged) continuously with a character string to be kept secret is stored as a keyword. Here, the character string to be concealed is important information in secret information such as an e-mail address and a telephone number, that is, a character string to be prevented from leaking. Further, the keyword storage unit 31 stores a type of a specific character that is frequently used when expressing confidential information such as a number.
 判定部35は、暗号化対象の電子ファイルデータの種類を判定するとともに、暗号化対象の電子ファイルデータが文書データの場合に、この文書データの内容を判定する。ここで、電子ファイルデータの種類としては、画像データ、文書データ、音声データの様々な種類が存在する。また、文書データの内容としては、金融情報、アドレス帳、電子メール等のような分類を行うことが可能である。 The determination unit 35 determines the type of electronic file data to be encrypted, and determines the content of the document data when the electronic file data to be encrypted is document data. Here, there are various types of electronic file data such as image data, document data, and audio data. The contents of the document data can be classified as financial information, address book, e-mail, etc.
 検索部32は、暗号化対象の電子ファイルデータが文書データの場合、キーワード格納部31に記憶されているキーワードの、暗号化対象の文書データにおける位置を検索するとともに、キーワード格納部31に記憶されている特定文字の暗号化対象の文書データにおける位置を検索する。 When the electronic file data to be encrypted is document data, the search unit 32 searches the position of the keyword stored in the keyword storage unit 31 in the document data to be encrypted and is stored in the keyword storage unit 31. The position of the specific character in the document data to be encrypted is searched.
 なお、検索部32は、キーワード格納部31に記憶されている全てのキーワードを用いて文書データの検索を行うのではなく、判定部35により判定された文書データの内容に応じて、キーワード格納部31に記憶されている複数のキーワードの中から検索を行う際に使用するキーワードを選択するようにしてもよい。 Note that the search unit 32 does not search for document data using all the keywords stored in the keyword storage unit 31, but uses a keyword storage unit according to the content of the document data determined by the determination unit 35. You may make it select the keyword used when searching from the some keyword memorize | stored in 31. FIG.
 設定部34は、キーワード格納部31に記憶されている複数のキーワードに対して、暗号化する際の文字数を設定する。例えば、設定部34は、キーワードの位置の前2文字または前3文字を暗号化するというような設定を行う。また、設定部34は、キーワード格納部31に記憶されている複数のキーワードのそれぞれに対して重要度を設定する。 The setting unit 34 sets the number of characters for encryption for a plurality of keywords stored in the keyword storage unit 31. For example, the setting unit 34 performs settings such as encrypting the previous two characters or the previous three characters at the keyword position. The setting unit 34 sets the importance for each of the plurality of keywords stored in the keyword storage unit 31.
 暗号化処理部33は、検索部32により検索されたキーワードの位置の前又は後に位置する少なくとも1文字以上の文字列を暗号化する。また、暗号化処理部33は、キーワード格納部31にキーワードとして記憶されている文字列そのものを暗号化するようにしてもよい。なお、暗号化処理部33は、キーワードとして設定された文字列の前または後ろのいずれかではなく、前後両方に位置する少なくとも1文字以上の文字列を暗号化するようにしてもよい。 The encryption processing unit 33 encrypts at least one character string located before or after the keyword position searched by the search unit 32. The encryption processing unit 33 may encrypt the character string itself stored as a keyword in the keyword storage unit 31. Note that the encryption processing unit 33 may encrypt a character string of at least one character positioned both before and after the character string set as a keyword, not before or after the character string.
 さらに、キーワード格納部31に数字のような特定文字の種類が記憶されている場合、暗号化処理部33は、検索部32により検索された特定文字そのものを暗号化する。 Furthermore, when the type of a specific character such as a number is stored in the keyword storage unit 31, the encryption processing unit 33 encrypts the specific character itself searched by the search unit 32.
 なお、暗号化処理部33は、設定部34により暗号化する際の文字数が設定されている場合には、検索部32により検索されたキーワードの位置から設定部34により設定された文字数だけ前又は後に連続する文字を暗号化する。 In addition, when the number of characters for encryption is set by the setting unit 34, the encryption processing unit 33 sets the number of characters before or after the number of characters set by the setting unit 34 from the keyword position searched by the search unit 32. Encrypts subsequent characters.
 さらに、暗号化処理部33は、検索部32により検索されたキーワードの位置の前又は後に位置する少なくとも1文字以上の文字列を暗号化する際に使用する暗号化方法を、設定部34により設定された重要度に応じて切り換える。 Furthermore, the encryption processing unit 33 uses the setting unit 34 to set an encryption method used when encrypting at least one character string positioned before or after the position of the keyword searched by the search unit 32. Switch according to the importance.
 具体的には、暗号化処理部33は、設定部34により重要度が高いと設定されたキーワードの位置の前又は後に位置する少なくとも1文字以上の文字列を暗号化する際に、他の文字列を暗号化する際に使用する暗号鍵よりもビット数が多い暗号鍵を使用する。例えば、重要度が「高」と設定されているキーワードについては256ビットの暗号鍵により暗号化を行い、重要度が「中」と設定されているキーワードについては128ビットの暗号鍵により暗号化を行い、重要度が「低」と設定されているキーワードについては64ビットの暗号鍵により暗号化を行うようにする。 Specifically, when the encryption processing unit 33 encrypts a character string of at least one character positioned before or after the position of the keyword set as having a high importance level by the setting unit 34, other characters Use an encryption key with more bits than the encryption key used to encrypt the column. For example, a keyword with importance set to “high” is encrypted with a 256-bit encryption key, and a keyword with importance set to “medium” is encrypted with a 128-bit encryption key. The keyword with the importance set to “low” is encrypted with a 64-bit encryption key.
 なお、暗号化対象の電子ファイルデータが画像データであると判定部35により判定された場合、検索部32は、その画像データ中に含まれる特定画像、例えば「目」の画像の位置を検索する。そして、暗号化処理部33は、検索部32により検索された特定画像が含まれる領域のデータのみを暗号化する。 When the determination unit 35 determines that the electronic file data to be encrypted is image data, the search unit 32 searches for the position of a specific image included in the image data, for example, the image of “eyes”. . Then, the encryption processing unit 33 encrypts only the data in the area including the specific image searched by the search unit 32.
 また、暗号化対象の電子ファイルデータが音声データであると判定部35により判定された場合、検索部32は、その音声データ中に含まれる特定音階、例えば「ファ」のデータを検索する。そして、暗号化処理部33は、検索部32により検索された特定音階のデータのみを暗号化する。 If the determination unit 35 determines that the electronic file data to be encrypted is audio data, the search unit 32 searches for data of a specific scale, for example, “fa” included in the audio data. Then, the encryption processing unit 33 encrypts only the data of the specific scale searched by the search unit 32.
 次に、本実施形態の暗号化装置20の動作を図面を参照して詳細に説明する。 Next, the operation of the encryption device 20 of this embodiment will be described in detail with reference to the drawings.
 先ず、本実施形態の暗号化装置20の動作の概略を図3のフローチャートを参照して説明する。
 本実施形態の暗号化装置20では、先ず、暗号化対象の電子ファイルデータの種類、つまり電子ファイルデータが文書データなのか、画像データなのか音声データなのかが判定部35により判定される(ステップS101、S103、S105)。 First, an outline of the operation of the encryption device 20 of the present embodiment will be described with reference to the flowchart of FIG.
In the encryption apparatus 20 of the present embodiment, first, the type of electronic file data to be encrypted, that is, whether the electronic file data is document data, image data, or audio data is determined by the determination unit 35 (step) S101, S103, S105).
 そして、暗号化対象の電子ファイルデータが文書データの場合には(ステップS101においてYes)、文書データに対する暗号化処理が実行される(ステップS102)。この文書データに対する暗号化処理の詳細については後述する。 If the electronic file data to be encrypted is document data (Yes in step S101), an encryption process for the document data is executed (step S102). Details of the encryption processing for the document data will be described later.
 また、暗号化対象の電子ファイルデータが画像データの場合には(ステップS103においてYes)、画像データに対する暗号化処理が実行される(ステップS104)。 If the electronic file data to be encrypted is image data (Yes in step S103), an encryption process for the image data is executed (step S104).
 この画像データに対する暗号化処理では、暗号化対象の画像データの中から特定の画像が含まれる領域が検索され、その画像が含まれる領域のみに対して暗号化が行われる。 In the encryption processing for the image data, an area including a specific image is searched from the image data to be encrypted, and only the area including the image is encrypted.
 そして、暗号化対象の電子ファイルデータが音声データの場合には(ステップS105においてYes)、音声データに対する暗号化処理が実行される(ステップS106)。 If the electronic file data to be encrypted is audio data (Yes in step S105), an encryption process for the audio data is executed (step S106).
 この音声データに対する暗号化処理では、暗号化対象の音声データの中から特定の音階のデータが検索され、その音階のデータのみに対して暗号化が行われる。 In the encryption process for the voice data, the data of a specific scale is searched from the voice data to be encrypted, and only the data of the scale is encrypted.
 次に、図3のステップS102において示した文書データに対する暗号化処理を、図4のフローチャートを参照して説明する。 Next, the encryption process for the document data shown in step S102 of FIG. 3 will be described with reference to the flowchart of FIG.
 判定部35において暗号化対象の電子ファイルデータが文書データであると判定された場合、さらにこの文書データの内容が判定される(ステップS201)。 If the determination unit 35 determines that the electronic file data to be encrypted is document data, the content of the document data is further determined (step S201).
 そして、検索部32では、判定部35により判定された文書データの内容に応じてキーワード格納部31の中から検索に使用するキーワードが選択される(ステップS202)。なお、ここでキーワード格納部31に格納されている全てのキーワードを検索対象のキーワードとするようにしてもよい。 The search unit 32 selects a keyword to be used for the search from the keyword storage unit 31 according to the content of the document data determined by the determination unit 35 (step S202). Here, all the keywords stored in the keyword storage unit 31 may be set as search target keywords.
 そして、検索部32では、暗号化対象の文書データの中における、検索対象としたキーワードの位置が検索される(ステップS203)。 The search unit 32 searches for the position of the keyword to be searched in the document data to be encrypted (step S203).
 最後に、暗号化処理部33では、検索部32により検索されたキーワードの位置の前または後に位置する文字列の暗号化処理が実行される(ステップS204)。なお、暗号化処理部33は、キーワードのうち特定のキーワードについては、キーワード自体を暗号化する。 Finally, the encryption processing unit 33 executes an encryption process for the character string located before or after the position of the keyword searched by the search unit 32 (step S204). The encryption processing unit 33 encrypts the keyword itself for a specific keyword among the keywords.
 このようにして文書データに対して実行される暗号化処理の具体例を図面を参照して説明する。ここでは、図5に示すようなキーワードがキーワード格納部31に格納されているものとして説明する。 A specific example of the encryption process executed on the document data in this way will be described with reference to the drawings. Here, a description will be given assuming that keywords as shown in FIG. 5 are stored in the keyword storage unit 31.
 図5を参照すると、例えば、「様」、「殿」、「君」というキーワードが登録されていて、このキーワードが文書データに存在する場合には、このキーワードの前2文字を暗号化するよう設定されていることがわかる。 Referring to FIG. 5, for example, when keywords “sama”, “dono”, and “you” are registered and this keyword exists in the document data, the two characters before the keyword are encrypted. You can see that it is set.
 また、この図5を参照すると、例えば、「@」、「株式会社」、「(株)」というキーワードに関しては、このキーワードが文書データに存在する場合には、このキーワードの前後2文字を暗号化するよう設定されていることがわかる。 Referring to FIG. 5, for example, regarding the keywords “@”, “stock”, and “(stock)”, if this keyword exists in the document data, the two characters before and after this keyword are encrypted. You can see that it is set to be.
 また、この図5を参照すると、キーワードとして「数字」が設定されていて、暗号化対象の文書データ中に存在する全ての数字を暗号化するよう設定されていることがわかる。 Referring to FIG. 5, it can be seen that “number” is set as a keyword, and all numbers existing in the document data to be encrypted are set to be encrypted.
 さらに、この図5を参照すると、例えば、「Sir.」、「Dr.」、「Mr.」というキーワードが登録されていて、このキーワードが文書データに存在する場合には、このキーワードの後2文字を暗号化するよう設定されていることがわかる。 Further, referring to FIG. 5, for example, when keywords “Sir.”, “Dr.”, “Mr.” are registered and this keyword is present in the document data, two after this keyword are stored. You can see that it is set to encrypt characters.
 さらに、図5には示されていないが、暗号化処理部33は、「@」、「株式会社」、「(株)」、「パスワード」、「e-mail」等の文字列については、前、後または前後の文字列だけではく、キーワードの文字列自体を暗号化するよう設定されているものとする。 Further, although not shown in FIG. 5, the encryption processing unit 33 performs the following operations on character strings such as “@”, “corporation”, “(stock)”, “password”, “e-mail”, etc. It is assumed that the keyword character string itself is set to be encrypted, not just the character strings before, after, or before and after.
 なお、この図5では、キーワードとして設定されている文字列の前2文字、後2文字または前後2文字の文字列を暗号化するような設定がされているが、暗号化する文字列の数は2文字に限定されるものではない。暗号化する文字列の数が、1文字でも3文字または4文字以上の場合でも同様に本発明を適用することが可能である。 In FIG. 5, the setting is made so that the character string of the first two characters, the second two characters, or the two characters before and after the character string set as the keyword is encrypted. Is not limited to two characters. The present invention can be similarly applied even when the number of character strings to be encrypted is one character, three characters, or four or more characters.
 このような設定がされている状態において暗号化処理が行われた場合の具体例を図6~図9に示す。なお、ここでは暗号化処理された文字を「*」により表現している。 Specific examples when the encryption processing is performed in such a state are shown in FIGS. Here, the encrypted characters are represented by “*”.
 例えば、図6に暗号化処理前の電子メールデータの一例を示し、図7に暗号化処理が行われた後の電子メールデータを示す。 For example, FIG. 6 shows an example of e-mail data before the encryption process, and FIG. 7 shows the e-mail data after the encryption process.
 図6、図7を参照すると、「さん」という文字列がキーワードとして登録されていることにより、「山田さんへ」という文字列の「山田」という文字列に対して暗号化が行われ「**さんへ」という文字列となっていることがわかる。 Referring to FIG. 6 and FIG. 7, since the character string “san” is registered as a keyword, the character string “Yamada” of the character string “to Yamada-san” is encrypted, and “* It can be seen that the character string is “To *”.
 また、「@」、「.」という文字列がキーワードとして登録されていることにより、「tsatoh@aaaaaa.ne.jp」という文字列が暗号化され「tsat*****aa**.**.**」という文字列となっていることがわかる。 In addition, because the character strings “@” and “.” Are registered as keywords, the character string “tsatoh@aaaaaa.ne.jp” is encrypted and “tsat ***** aa **. * It can be seen that the character string is "*. **".
 さらに、図8に暗号化処理前の文書データの一例を示し、図9に暗号化処理が行われた後の文書データを示す。 Further, FIG. 8 shows an example of document data before encryption processing, and FIG. 9 shows document data after encryption processing is performed.
 図8、図9を参照すると、「株式会社」という文字列がキーワードとして登録されていることにより、「株式会社鈴木建設」という文字列の「鈴木」という文字列に対して暗号化が行われ「******建設」という文字列となっていることがわかる。 Referring to FIGS. 8 and 9, the character string “Suzuki” of the character string “Suzuki Construction Co., Ltd.” is encrypted because the character string “Co., Ltd.” is registered as a keyword. It can be seen that the character string is “******* Construction”.
 また、数字がキーワードとして登録されていることにより、文書データ中の商品番号、商品代金等が全て暗号化されていることがわかる。 Also, it can be seen that the product number, product price, etc. in the document data are all encrypted because the numbers are registered as keywords.
 このように本実施形態の暗号化装置20によれば、暗号化対象の電子ファイルデータの全てを暗号化するのではなく、キーワードの前後に位置する文字列やキーワードの文字列のみを暗号化することにより、重要であると思われる情報のみを暗号化することが可能となる。そのため、暗号化対象の電子ファイルデータを全部暗号化する場合と比較して、暗号化後の電子ファイルデータのデータ量を削減することができる。この結果、本実施形態によれば、暗号化された電子ファイルデータを保管するための暗号化データ保管部40の記憶容量の消費量を節約することができ、より多くのデータを保管することができるようになる。 As described above, according to the encryption device 20 of the present embodiment, not all of the electronic file data to be encrypted is encrypted, but only the character strings located before and after the keyword and the character string of the keyword are encrypted. This makes it possible to encrypt only the information that seems to be important. Therefore, compared with the case where all the electronic file data to be encrypted is encrypted, the data amount of the encrypted electronic file data can be reduced. As a result, according to the present embodiment, the consumption of the storage capacity of the encrypted data storage unit 40 for storing the encrypted electronic file data can be saved, and more data can be stored. become able to.
 なお、本実施形態の暗号化装置20は、契約しているユーザの秘密情報を管理する情報管理サービスに本発明を適用した場合を用いて説明しているが、本発明はこのような構成に限定されるものではない。パーソナルコンピュータ(以下、パソコンと略す。)等の端末装置において文書データを保管するような場合でも、本発明は同様に適用可能である。例えば、パソコン内のメールソフトにおいて受信した電子メールデータ等を暗号化して保管するような場合でも本発明は適用可能である。さらに、サーバ装置側で動作するメールソフトにおいてクライアントの電子メールデータを暗号化して保管するような場合でも本発明は適用可能である。このような場合に電子メールデータの全文を暗号化せずに部分的に暗号化するようにすれば、サーバ装置とパソコン間で送受信されるデータ量を削減することが可能となる。 The encryption device 20 of the present embodiment has been described using the case where the present invention is applied to an information management service for managing secret information of a contracted user. However, the present invention has such a configuration. It is not limited. The present invention is also applicable to the case where document data is stored in a terminal device such as a personal computer (hereinafter abbreviated as a personal computer). For example, the present invention can be applied even in a case where e-mail data received by mail software in a personal computer is encrypted and stored. Furthermore, the present invention can be applied even in a case where client electronic mail data is encrypted and stored in mail software operating on the server device side. In such a case, if the entire text of the email data is partially encrypted without being encrypted, the amount of data transmitted and received between the server device and the personal computer can be reduced.

Claims (11)

  1.  秘匿したい文字列と連続して使用されることが予測される文字列をキーワードとして記憶する記憶手段と、
     前記記憶手段に記憶されているキーワードの、暗号化対象の文書データにおける位置を検索する検索手段と、
     前記検索手段により検索されたキーワードの位置の前又は後に位置する少なくとも1文字以上の文字列を暗号化する暗号化処理手段と、
     を備えた暗号化装置。     Storage means for storing, as a keyword, a character string that is predicted to be used continuously with a character string to be concealed;
    Search means for searching the position of the keyword stored in the storage means in the document data to be encrypted;
    An encryption processing means for encrypting a character string of at least one character located before or after the position of the keyword searched by the search means;
    An encryption device comprising:
  2.  前記暗号化処理手段は、前記キーワードとして前記記憶手段に記憶されている文字列を暗号化する請求項1記載の暗号化装置。 The encryption apparatus according to claim 1, wherein the encryption processing means encrypts a character string stored in the storage means as the keyword.
  3.  前記記憶手段には、秘匿したい情報を表現する際に使用される頻度が高い特定文字の種類が記憶されていて、
     前記検索手段は、前記記憶手段に記憶されている特定文字の、暗号化対象の文書データにおける位置を検索し、
     前記暗号化処理手段は、前記検索手段により検索された特定文字を暗号化する請求項1または2記載の暗号化装置。     The storage means stores a type of a specific character that is frequently used when expressing information to be concealed,
    The search means searches for the position in the document data to be encrypted of the specific character stored in the storage means,
    The encryption apparatus according to claim 1, wherein the encryption processing unit encrypts the specific character searched by the search unit.
  4.  暗号化対象の文書データの内容を判定する判定手段をさらに備え、
     前記検索手段は、前記判定手段により判定された文書データの内容に応じて、前記記憶手段に記憶されている複数のキーワードの中から検索を行う際に使用するキーワードを選択する請求項1から3のいずれか1項記載の暗号化装置。     A determination means for determining the content of the document data to be encrypted;
    The search unit selects a keyword to be used when performing a search from a plurality of keywords stored in the storage unit according to the content of the document data determined by the determination unit. The encryption device according to any one of the above.
  5.  前記記憶手段に記憶されている複数のキーワードに対して、暗号化する際の文字数を設定する設定手段をさらに備え、
     前記暗号化処理手段は、前記検索手段により検索されたキーワードの位置から前記設定手段により設定された文字数だけ前又は後に連続する文字を暗号化する請求項1から4のいずれか1項記載の暗号化装置。     A setting means for setting the number of characters for encryption for the plurality of keywords stored in the storage means;
    The encryption according to any one of claims 1 to 4, wherein the encryption processing means encrypts characters consecutive before or after the number of characters set by the setting means from the position of the keyword searched by the search means. Device.
  6.  前記記憶手段に記憶されている複数のキーワードのそれぞれに対して重要度を設定する設定手段をさらに備え、
     前記暗号化処理手段は、前記検索手段により検索されたキーワードの位置の前又は後に位置する少なくとも1文字以上の文字列を暗号化する際に使用する暗号化方法を、前記設定手段により設定された重要度に応じて切り換える請求項1から4のいずれか1項記載の暗号化装置。     Setting means for setting importance for each of the plurality of keywords stored in the storage means;
    The encryption processing means is set by the setting means for an encryption method used when encrypting a character string of at least one character positioned before or after the position of the keyword searched by the search means. The encryption device according to claim 1, wherein the encryption device is switched according to importance.
  7.  前記暗号化処理手段は、前記設定手段により重要度が高いと設定されたキーワードの位置の前又は後に位置する少なくとも1文字以上の文字列を暗号化する際に、他の文字列を暗号化する際に使用する暗号鍵よりもビット数が多い暗号鍵を使用する請求項6記載の暗号化装置。 The encryption processing means encrypts another character string when encrypting a character string of at least one character located before or after the position of the keyword set as having high importance by the setting means. 7. The encryption apparatus according to claim 6, wherein an encryption key having a larger number of bits than an encryption key used at the time is used.
  8.  暗号化対象の電子ファイルデータの種類を判定する判定手段と、
     前記判定手段により暗号化対象の電子ファイルデータが画像データの場合、当該画像データ中に含まれる特定画像の位置を検索する検索手段と、
     前記検索手段により検索された特定画像が含まれる領域のデータのみを暗号化する暗号化処理手段と、
     を備えた暗号化装置。     Determining means for determining the type of electronic file data to be encrypted;
    If the electronic file data to be encrypted by the determination means is image data, search means for searching for the position of a specific image included in the image data;
    An encryption processing means for encrypting only data in an area including the specific image searched by the search means;
    An encryption device comprising:
  9.  暗号化対象の電子ファイルデータの種類を判定する判定手段と、
     前記判定手段により暗号化対象の電子ファイルデータが音声データの場合、当該音声データ中に含まれる特定音階のデータを検索する検索手段と、
     前記検索手段により検索された特定音階のデータのみを暗号化する暗号化処理手段と、
     を備えた暗号化装置。     Determining means for determining the type of electronic file data to be encrypted;
    If the electronic file data to be encrypted by the determination means is audio data, search means for searching for data of a specific scale included in the audio data;
    Encryption processing means for encrypting only data of a specific scale searched by the search means;
    An encryption device comprising:
  10.  秘匿したい文字列と連続して使用されることが予測されるキーワードの、暗号化対象の文書データにおける位置を検索するステップと、
     検索された前記キーワードの位置の前又は後に位置する少なくとも1文字以上の文字列を暗号化するステップと、
     を備えた暗号化方法。     A step of searching for a position in the document data to be encrypted of a keyword predicted to be used continuously with a character string to be concealed;
    Encrypting a character string of at least one character positioned before or after the position of the searched keyword;
    An encryption method comprising:
  11.  秘匿したい文字列と連続して使用されることが予測されるキーワードの、暗号化対象の文書データにおける位置を検索するステップと、
     検索された前記キーワードの位置の前又は後に位置する少なくとも1文字以上の文字列を暗号化するステップとをコンピュータに実行させるためのプログラム。     A step of searching for a position in the document data to be encrypted of a keyword predicted to be used continuously with a character string to be concealed;
    A program for causing a computer to execute a step of encrypting a character string of at least one character positioned before or after the position of the searched keyword.
PCT/JP2009/067005 2008-10-01 2009-09-30 Encryption device, encryption method and program WO2010038764A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2008-256464 2008-10-01
JP2008256464 2008-10-01

Publications (1)

Publication Number Publication Date
WO2010038764A1 true WO2010038764A1 (en) 2010-04-08

Family

ID=42073524

Family Applications (2)

Application Number Title Priority Date Filing Date
PCT/JP2009/067004 WO2010038763A1 (en) 2008-10-01 2009-09-30 Information management system, terminal unit, server device and program
PCT/JP2009/067005 WO2010038764A1 (en) 2008-10-01 2009-09-30 Encryption device, encryption method and program

Family Applications Before (1)

Application Number Title Priority Date Filing Date
PCT/JP2009/067004 WO2010038763A1 (en) 2008-10-01 2009-09-30 Information management system, terminal unit, server device and program

Country Status (1)

Country Link
WO (2) WO2010038763A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2012123163A (en) * 2010-12-08 2012-06-28 Internatl Business Mach Corp <Ibm> Information processing apparatus that filters confidential information, method and program
JP2013047854A (en) * 2012-11-22 2013-03-07 Kyocera Document Solutions Inc Information concealing method and information concealing device

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107818243B (en) 2012-02-24 2020-12-08 河谷控股Ip有限责任公司 Content activation through interaction-based authentication, systems and methods
JP5485452B1 (en) * 2012-08-02 2014-05-07 エヌ・ティ・ティ・コミュニケーションズ株式会社 Key management system, key management method, user terminal, key generation management device, and program
JP6492731B2 (en) * 2015-02-16 2019-04-03 富士通株式会社 Storage system, storage control device, and storage control program
JP5969716B1 (en) * 2016-01-13 2016-08-17 株式会社ショーケース・ティービー Data management system, data management program, communication terminal, and data management server

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPS63158663A (en) * 1986-12-23 1988-07-01 Toshiba Corp Document privacy protecting device
JP2002149638A (en) * 2000-11-07 2002-05-24 Oki Electric Ind Co Ltd Electronic document editing device and electronic mail device
JP2004287566A (en) * 2003-03-19 2004-10-14 Fuji Xerox Co Ltd Device for concealing part of content and content circulation system using it
WO2009144924A1 (en) * 2008-05-27 2009-12-03 京セラ株式会社 Portable terminal with peeking prevention function

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002149608A (en) * 2000-11-09 2002-05-24 Techno Brain:Kk System/method for managing secrecy by deciphering and computer-readable recording medium with program for making computer perform the method recorded thereon
JP2005166033A (en) * 2003-11-10 2005-06-23 Matsushita Electric Ind Co Ltd Confidential information management system, server device and terminal device
JP4600021B2 (en) * 2004-12-10 2010-12-15 株式会社日立製作所 Encrypted data access control method
JP4518969B2 (en) * 2005-01-25 2010-08-04 株式会社トリニティーセキュリティーシステムズ Mobile communication device, backup device, backup method, and backup program
JP4722620B2 (en) * 2005-08-19 2011-07-13 Kddi株式会社 Encrypted document search method and encrypted document search system
JPWO2007142072A1 (en) * 2006-06-09 2009-10-22 株式会社ハートランド Terminal apparatus and data management system provided with the same

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPS63158663A (en) * 1986-12-23 1988-07-01 Toshiba Corp Document privacy protecting device
JP2002149638A (en) * 2000-11-07 2002-05-24 Oki Electric Ind Co Ltd Electronic document editing device and electronic mail device
JP2004287566A (en) * 2003-03-19 2004-10-14 Fuji Xerox Co Ltd Device for concealing part of content and content circulation system using it
WO2009144924A1 (en) * 2008-05-27 2009-12-03 京セラ株式会社 Portable terminal with peeking prevention function

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2012123163A (en) * 2010-12-08 2012-06-28 Internatl Business Mach Corp <Ibm> Information processing apparatus that filters confidential information, method and program
US8913744B2 (en) 2010-12-08 2014-12-16 Nuance Communications, Inc. Filtering confidential information in voice and image data
US9330267B2 (en) 2010-12-08 2016-05-03 Nuance Communications, Inc. Filtering confidential information in voice and image data
JP2013047854A (en) * 2012-11-22 2013-03-07 Kyocera Document Solutions Inc Information concealing method and information concealing device

Also Published As

Publication number Publication date
WO2010038763A1 (en) 2010-04-08

Similar Documents

Publication Publication Date Title
KR101852724B1 (en) Computer programs, secret management methods and systems
US9853820B2 (en) Intelligent deletion of revoked data
JP4651681B2 (en) Terminal device and computer program
US8621189B2 (en) System and method for hardware strengthened passwords
JP2009139990A (en) Technology for preventing unauthorized access to information
WO2010038764A1 (en) Encryption device, encryption method and program
CN103268456A (en) Method and device for file safety control
US9996686B2 (en) Password retrieval system and method involving token usage without prior knowledge of the password
US11250143B2 (en) Method and system for implementing an encryption SDK
JP2010154419A (en) Electronic file transmission method
US8639941B2 (en) Data security in mobile devices
US8412955B1 (en) Framework and method for secure data management in a diversified platform
CN106203141A (en) The data processing method of a kind of application and device
JP2007108833A (en) Device for storing a plurality of passwords and password management method
US20140068256A1 (en) Methods and apparatus for secure mobile data storage
US7715560B2 (en) Systems and methods for hiding a data group
JP2006172351A (en) Method and system for content expiration date management by use of removable medium
CN101604296A (en) Disk-data sector-level encryption method
JP2007310603A (en) Document processor and document processing program
KR20080057172A (en) Information terminal apparatus
US9537842B2 (en) Secondary communications channel facilitating document security
JP2011164907A (en) Information management system
JP4338185B2 (en) How to encrypt / decrypt files
JP2006268218A (en) Mail transmitter and mail transmitting method
JP2006164096A (en) Encrypted data access control method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09817796

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09817796

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: JP