WO2011078535A2 - Procédé et appareil destinés à séparer des informations personnelles en informations séquentielles et en informations de contenu et ensuite à chiffrer et à composer les informations, serveur et support d'enregistrement - Google Patents

Procédé et appareil destinés à séparer des informations personnelles en informations séquentielles et en informations de contenu et ensuite à chiffrer et à composer les informations, serveur et support d'enregistrement Download PDF

Info

Publication number
WO2011078535A2
WO2011078535A2 PCT/KR2010/009111 KR2010009111W WO2011078535A2 WO 2011078535 A2 WO2011078535 A2 WO 2011078535A2 KR 2010009111 W KR2010009111 W KR 2010009111W WO 2011078535 A2 WO2011078535 A2 WO 2011078535A2
Authority
WO
WIPO (PCT)
Prior art keywords
information
encryption
encrypted
order
encrypting
Prior art date
Application number
PCT/KR2010/009111
Other languages
English (en)
Korean (ko)
Other versions
WO2011078535A3 (fr
Inventor
이순구
Original Assignee
Lee Soon Goo
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from KR1020100085991A external-priority patent/KR101045222B1/ko
Application filed by Lee Soon Goo filed Critical Lee Soon Goo
Publication of WO2011078535A2 publication Critical patent/WO2011078535A2/fr
Publication of WO2011078535A3 publication Critical patent/WO2011078535A3/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Definitions

  • the present invention relates to a method, an apparatus and a recording medium for encrypting personal information, and in particular, to distinguish and encrypt the order information and the content information separated from the personal information such as social security number, card number, account number, and the like and before the encryption
  • ARIA National Standard Encryption Logic
  • DB encryption and retrieval technology can be largely divided into index encryption technology and order maintaining encryption technology. The characteristics are as follows.
  • the Bucket-based index algorithm is a method of creating a separate index column to create an index using the encryption DB search algorithm proposed by Hacigumus in 2002.
  • This method has the advantage of being able to apply encryption to both numbers and characters with a well defined mapping function, but it requires additional filtering to find the exact matched plain text value and practically does not range search.
  • the hash-based index algorithm is a method of encrypting a column to be used for an index by using a one-way hash function. Choosing a hash function without Collision has the advantage of providing exact match and applying both numbers and letters, but it does not support range search, exact match requires additional filtering, and it is vulnerable to analogy attack using frequency distribution. Do.
  • the B + tree index algorithm is constructed separately in the order of plain text, and is safe from analogy attacks using frequency distribution using an index encryption method.
  • the B + tree needs to be re-created, and the data on the node has to be decoded to reach the final value even though the data on the node is not directly used.
  • the random number based encryption algorithm generates pseudo-random data using pseudo random numbers so that the order of the encryption results is the same as the original plain text order, and continuously generates pseudo random numbers during decryption to subtract the random number from the encrypted data. This is how to find plain text. There is an advantage that you do not have to worry about updating the encrypted data, but it is vulnerable to attacks using the frequency distribution, has a very large overhead of managing pseudo random numbers, and can only encrypt integers.
  • the Polinomial function based encryption algorithm uses pseudo random numbers as a random number based encryption algorithm, the encryption value increases exponentially as the number increases, and the overhead of managing it increases the order maintenance using the monotonically increasing function.
  • Encryption method since only the coefficient information of the polynomial is needed for encryption and decryption, the encryption and decryption procedure is very simple, can be applied to mistakes, and there is no need to consider the problem of updating the encrypted data.
  • the distribution of the ciphertext is determined by the polynomial, inference attack is possible, and the order of the plaintext can be exposed when used with other columns.
  • Order Preserving Encryption Scheme is a typical algorithm in the field of ordered encryption and is a method of maintaining the order of encryption values for numerical data.
  • OES Order Preserving Encryption Scheme
  • it is possible to search for exact match, range search, MIN, MAX, Count, Groupby Order By, etc., and it is safe against attack using frequency of occurrence by different distribution of plain text and cipher text.
  • plain text information may be exposed through the analysis of ordinal statistics.
  • the present invention is urgently needed because a new model of encryption method is required to prevent hacking and search quickly even after encrypting data.
  • the present invention is to solve the above-described problems, the object of the present invention is to distinguish the order information and the content information separated from the personal information such as social security number, card number, account number and the like and encrypt the order information as before encryption
  • the present invention provides an encryption method, an apparatus, and a recording medium capable of synthesizing and storing each encrypted information so as to maintain the same.
  • the present invention provides an encryption method, an apparatus, and a recording medium which can index in order and search quickly even by using a secure encryption algorithm such as a national standard encryption logic (ARIA).
  • ARIA national standard encryption logic
  • the method for encrypting data in the data encryption means for achieving the object of the present invention as described above, to determine the order information by separating a portion of the information to be encrypted Doing; Determining a portion of the encryption target information including the remaining information from which the order information is separated as content information; First encrypting the encryption information of the order information to be indexing information; Encrypting the order information independently of indexing; Generating encrypted content information by third encrypting the content information in a different manner from the second encryption regardless of indexing; Generating encrypted order information by replacing a part of the result value of the second encryption with the result value of the first encryption; And storing the encrypted content information in a storage means in correspondence with the encrypted order information.
  • the first method of encryption includes selecting each element (number, letter, or symbol) of the sequence information based on a G-table that divides codes on an ASCII code system into a plurality of groups in order. This is a method of converting to a value corresponding to a corresponding code belonging to one group.
  • the encryption target information includes a social security number, a credit card number, or an account number of a financial institution.
  • the second encryption method is a method based on a one-way encryption method.
  • the one-way encryption scheme includes a scheme based on a secure hash algorithm.
  • the third encryption method is based on National Standard Encryption Logic (ARIA).
  • the encryption method may further comprise: encrypting the encryption information of the order information such that the encryption information is indexing information; And generating the encrypted order information by replacing a part of the result value of the second encryption with a combination of the result value of the first encryption or the result value of the fourth encryption.
  • the fourth encryption method is a method of converting the order information by using a function including a fifth or more equation.
  • a method for encrypting data includes content information including sequence information separated from encryption target information and remaining information from which the sequence information is separated among the encryption target information. It is combined by encrypting in different ways, characterized in that the encrypted information so that the sequence information is included as indexing information, stored in a database and managed.
  • the ordered information is encrypted based on a one-way encryption method, an encryption method using a function including a fifth order equation, or a G-table that divides codes on an ASCII code system into a plurality of groups in order. And a combination of encryption methods for converting each element of the information into a value corresponding to a corresponding code belonging to any one of the plurality of groups.
  • the encryption apparatus to determine the order information by separating a portion of the encryption target information, and determines the portion of the encryption target information including the remaining information from which the order information is separated as the content information.
  • Information separation means First encryption means for first encrypting the encryption information of the order information to be indexing information; Second encryption means for secondly encrypting the order information regardless of indexing; Third encryption means for generating third encrypted content information by encrypting the content information in a manner different from the second encryption regardless of indexing; Combining means for generating encrypted order information by replacing part of the second encryption result with the first encryption result; And storage means for storing the encrypted content information in a storage means corresponding to the encrypted order information.
  • the first encryption means generates an S-table in which codes of different groups of the plurality of groups are mapped to one another according to different elements included in the order information according to the input S-key, and the S-table Each element of the order information is converted based on.
  • the encryption apparatus further includes fourth encryption means for fourth encryption so that the encryption information of the order information becomes indexing information, and the combining means replaces a part of the result value of the second encryption with the result value of the first encryption. Or replace the combination of the result values of the fourth encryption to generate the encrypted order information.
  • the data management server for encrypting, storing, and managing data received from a user terminal includes order information separated from encryption target information among the data, and the order information among the encryption target information. And encrypting and combining the content information including the remaining remaining information in different ways, and encrypting and storing the ordered information so that the encrypted information is included as indexing information, and storing and managing the information in the database.
  • the indexing information In response to the request for data from the encrypted information stored in the database by referring to the indexing information, characterized in that for providing the search results to the user terminal.
  • the ordered information is encrypted based on a one-way encryption method, an encryption method using a function including a fifth order equation, or a G-table that divides codes on an ASCII code system into a plurality of groups in order. And a combination of encryption methods for converting each element of the information into a value corresponding to a corresponding code belonging to any one of the plurality of groups.
  • variable information and the hash function are used to encrypt the order information of personal information such as social security number, card number, account number, etc., and the content information is national standard encryption logic (ARIA). Highly secure because it is encrypted and stored.
  • ARIA national standard encryption logic
  • indexing is possible even after encryption, financial institutions or telecommunications companies that hold tens of millions of personal data can securely manage customer information by making some modifications to existing programs without investing in large hardware.
  • FIG. 1 is a flowchart illustrating an encryption method according to an embodiment of the present invention.
  • FIG. 2 is a view for explaining the sort order maintenance before and after encryption according to the encryption method according to an embodiment of the present invention.
  • FIG 3 is an illustration for explaining each encryption result in the encryption process according to the encryption method according to an embodiment of the present invention.
  • FIG. 4 is a diagram illustrating a G-table applied to variable code encryption according to an embodiment of the present invention.
  • 5 is an example of a hexadecimal value according to an S-key of an S-table applied to variable code encryption according to an embodiment of the present invention.
  • 6 is an example of an output symbol according to an S-key of an S-table applied to variable code encryption according to an embodiment of the present invention.
  • FIG. 7 is a block diagram of an encryption apparatus according to an embodiment of the present invention.
  • variable code encryption unit 8 is a block diagram of a variable code encryption unit according to an embodiment of the present invention.
  • FIG. 9 is a flowchart illustrating an encryption method according to another embodiment of the present invention.
  • FIG. 11 is a diagram for explaining an example where the encryption apparatus according to the present invention is realized in a server connected to a network.
  • FIG. 1 is a flowchart illustrating an encryption method according to an embodiment of the present invention.
  • an encryption apparatus for encrypting various types of encryption required data receives encryption target information (S110).
  • the encryption target information means personal information composed of Arabic numerals (0 to 9) such as a social security number, a credit card number, or an account number of a financial institution.
  • the encryption target information may include not only numbers but also letters or symbols, and it may be noted that the above numerical information may further include other information in which letters or symbols are added.
  • the encryption apparatus may determine a sequence information by separating a portion of the encryption target information, and a portion of the encryption target information including the remaining information from which the sequence information is separated (for example, the entirety of the encryption target information). ) May be determined as content information (S120).
  • content information For example, when the information to be encrypted is the social security number 600511-1690413, a part of the seven-digit number 6005111 may be determined as the order information, and the entire information 6005111690413 may be determined as the content information to be substantially encrypted.
  • the encryption target information is the social security number
  • the 7-digit order information is taken as an example, but the present invention is not limited thereto.
  • the order information may be any one digit from 1 to 13 digits. Even when characters or symbols are included in the information to be encrypted, the order may be set in advance so that they may be arranged in a predetermined order, and some of them may be order information.
  • variable code encryption method is a data conversion method based on codes on the ASCII code system as described below.
  • various encryption target information for example, social security number
  • searching for the resident registration number 600511-1690412 in the data search according to the order of sorting it is earlier than 3 times in the order of sorting in FIG. It is not necessary to search for the following sort order 4, 5...
  • the index information disappears after encrypting the data to retrieve the necessary data from the encrypted data. In this case, it is difficult to search the entire encrypted data stored in the database.
  • the variable code-encrypted information is used as indexing information, and the variable-coded encrypted information (indexing information) is included at the front of the hexa value of the encrypted information as shown in 220 of FIG. We wanted to know the order of sorting.
  • each element of the above order information is based on a G-table (see FIG. 4) that divides codes on the ASCII code system into a plurality of groups in order. Or a symbol) into a value corresponding to a corresponding code belonging to one of the plurality of groups.
  • a G-table see FIG. 4 that divides codes on the ASCII code system into a plurality of groups in order. Or a symbol) into a value corresponding to a corresponding code belonging to one of the plurality of groups.
  • an S-table (see FIG. 5) corresponding to codes of different groups of the plurality of groups is generated for different elements included in the order information according to the input S-key, and the corresponding S-table is generated. Convert each element of the corresponding order information based on.
  • the seven-digit number 6005111 which is the sequence information of the social security number 600511-1690413, which is the encryption target information, is set according to the S-table shown in FIG. 5 based on the G-table shown in FIG. 21 5A 2B 2B 2B
  • Codes on the ASCII code system used for such a variable code encryption method have 256 code systems, and are divided into a plurality of ordered groups, such as the G-table of FIG. 4.
  • the number 0, which is an element of the order information to be encrypted is converted into a value corresponding to a corresponding code belonging to a group consisting of hexadecimal values 21 (output symbols '!') To 28 (output symbols '(') on the ASCII code. That is, in the case where the input S-key is 1, the number 0 may be converted to the hexadecimal value 21 as shown in FIG.
  • the number 1, which is an element of the order information to be encrypted corresponds to a corresponding code belonging to a group consisting of hexadecimal values 29 (output symbol ')' to 35 (output symbol '5') on an ASCII code.
  • the number 1 may be converted into a hexadecimal value 2B as shown in FIG. 5.
  • other Arabic numerals 2-9 which are elements of the order information, can be converted to the corresponding hexa value.
  • the seven-digit number 6005111 which is the order information, can be converted to 65 21 21 5A 2B 2B 2B when the input S-key is 1, and the value differs depending on the input S-key. May be converted to.
  • FIG. 6 shows output symbols (symbols displayed on the user terminal) on the ASCII code system corresponding to the hexa value of FIG. 5.
  • the seven-digit sequence information 5711101 of the encryption target information 571110-1017817 may be converted into 5F6F2F2F2F282F.
  • the S-key which may be input differently at each encryption time, may be more usefully used to prevent hacking.
  • the encrypted indexing information may be different according to the change of the S-key, but the order of sorting is different. Can remain the same. That is, even when the S-key is input to any one of 1 to 13 as shown in FIG. 5, the encrypted information according to the variable code encryption of the order information may be indexing information that can know the sort order.
  • the encryption apparatus encrypts the sequence information separated from the encryption target information as described above according to a one-way encryption scheme such as a secure hash algorithm.
  • 3 illustrates an example of the encryption result of the secure hash algorithm for the seven-digit number 6005111, which is the sequence information.
  • the secure hash algorithm is a method of using a predetermined hash function that converts data having an arbitrary length into a hash value having a fixed length, and is a one-way way in which data modulation by a third party can be easily identified.
  • Encryption method and there are various methods such as Message Digest 4 (MD4), Message Digest 5 (MD5), Secure Hash Algorithm (SHA) -1, and algorithms for these can be acquired based on published data. The detailed description is omitted here.
  • MD4 Message Digest 4
  • MD5 Message Digest 5
  • SHA Secure Hash Algorithm
  • the encryption apparatus may include a portion of a result of encryption according to the secure hash algorithm as described above, for example, a seven-digit hexadecimal value (33353931616633) in the above example as a variable code encryption method in operation S130.
  • the encrypted result value (6521215A2B2B2B) is substituted (S150) to generate encrypted order information as shown in FIG. 3 (S160).
  • the encryption apparatus converts the content information to the national standard encryption logic.
  • ARIA The encryption is performed according to the based encryption method (S170).
  • the content information may be personal information consisting of Arabic numerals (0-9), such as a social security number, a credit card number, or an account number of a financial institution, but in some cases, may include letters or symbols as well as numbers.
  • the above numerical information may further include other information with additional characters or symbols.
  • FIG. 3 exemplifies contents information encoded according to the National Standard Encryption Logic (ARIA) for the 13-digit number 6005111690413, which is the information on the Resident Registration No. 600511-1690413, and according to the National Standard Encryption Logic (ARIA).
  • ARIA National Standard Encryption Logic
  • the encryption method based on the National Standard Encryption Logic (ARIA) is an encryption method adopted as the Korean standard encryption method and is also called a 128-bit block encryption algorithm. Algorithms for the National Standard Cryptography Logic (ARIA) can be acquired based on published data, so detailed descriptions are omitted here.
  • the encrypted content information may be stored in a storage means such as a database in correspondence with the encrypted order information.
  • various encryption target information may be encrypted and stored in a database according to the method of the present invention as shown in FIG. 1.
  • a part of the result value encrypted according to the secure hash algorithm for example, the result value encrypted by the variable code encryption method in step S130 with the 7-digit hexadecimal value (33353931616633) in step S130.
  • the encrypted order information generated by substituting (6521215A2B2B2B) and the encrypted content information generated in step S180 may be corresponded to (or in addition to) database storage management.
  • the data management server can sort the data. Accordingly, when the request information is retrieved from each encrypted final information, the data management server can quickly search based on such indexing information and provide the corresponding data.
  • Each step of the encryption method according to an embodiment of the present invention as shown in FIG. 1 may be implemented as a computer readable code on a computer readable recording medium so that a corresponding function may be realized.
  • the encryption method according to an embodiment of the present invention can be implemented as a device as shown in FIG.
  • FIG. 7 is a block diagram of an encryption apparatus 700 according to an embodiment of the present invention.
  • the encryption apparatus 700 may include an information separation unit 710, a variable code encryption unit 720, an incomprehensible equation encryption unit 725, and a one-way encryption unit 730. ), A combination unit 740, an ARIA encryption unit 750, a storage unit 760, and a database 761.
  • the variable code encryption unit 720 may include a G-table database 721, an S-table generator 722, and an S-table database 723 as shown in FIG. 8.
  • Such an encryption apparatus 700 according to an embodiment of the present invention may be implemented by hardware, software, or a combination of hardware and software.
  • the information separator 710 receives the encryption target information (see S110 of FIG. 1).
  • the encryption target information may be personal information consisting of Arabic numerals (0-9), such as a social security number, a credit card number, or an account number of a financial institution, and in some cases, the encryption target information includes not only numbers but also letters and symbols.
  • the numerical information may further include other information in which letters or symbols are added.
  • the information separation unit 710 may determine a sequence information by separating a portion of the encryption target information, and a portion (eg, encryption) including the remaining information from which the corresponding sequence information is separated from the encryption target information.
  • the entirety of the target information can be determined as the content information (see S120 of FIG. 1).
  • the information to be encrypted is the social security number 600511-1690413
  • a part of the seven-digit number 6005111 may be determined as the order information, and the entire information may be determined as the content information to be substantially encrypted.
  • the seven-digit order information is taken as an example, but the present invention is not limited thereto.
  • any one digit from one to thirteen digits may be determined as the order information. have.
  • the order may be determined in advance so that they may be arranged in a predetermined order, and some of them may be determined as order information.
  • variable code encryption unit 720 After the order information and the content information are determined as described above, the variable code encryption unit 720 performs variable code encryption on the order information (see S130 of FIG. 1). In this way, the variable-code encrypted information becomes indexing information that enables the sort order to be known.
  • Variable code encryption is a data conversion method based on codes on the ASCII code system.
  • the variable code encryption method uses each element of the above sequence information (number, letter, or symbol) based on a G-table (see FIG. 4) that divides codes on the ASCII code system into a plurality of ordered groups. Is converted into a value corresponding to a corresponding code belonging to any one group among a plurality of groups.
  • the G-table database 721 of the variable code encryption unit 720 may store and manage a G-table (see FIG. 4) that divides codes on an ASCII code system into a plurality of groups in order.
  • Codes on the ASCII code system used for such a variable code encryption method have 256 code systems, and are divided into a plurality of ordered groups, such as the G-table of FIG. 4.
  • the number 0, which is an element of the order information to be encrypted is converted into a value corresponding to a corresponding code belonging to a group consisting of hexadecimal values 21 (output symbols '!') To 28 (output symbols '(') on the ASCII code.
  • Fig. 4 the number 0, which is an element of the order information to be encrypted, is converted into a value corresponding to a corresponding code belonging to a group consisting of hexadecimal values 21 (output symbols '!') To 28 (output symbols '(') on the ASCII code.
  • the number 1, an element of the order information to be encrypted is assigned to a corresponding code belonging to a group consisting of hexadecimal value 29 (output symbol ')' to 35 output symbol '5') on an ASCII code. Can be converted to the corresponding value.
  • other Arabic numerals 2 to 9, which are elements of the order information can be converted into corresponding hexa values as in the G-table of FIG.
  • the S-table generating unit 722 corresponds to an S-table in which codes of different groups among the plurality of groups are mapped to one another in accordance with the S-key input from a user terminal or the like. 5) may be generated, stored and managed in the S-table database 723, and the variable code encryption unit 720 converts each element of the corresponding order information based on the corresponding S-table.
  • the seven-digit number 6005111 which is the sequence information of the social security number 600511-1690413, which is the encryption target information, is set according to the S-table shown in FIG. 5 based on the G-table shown in FIG. 21 5A 2B 2B 2B
  • the number 0 may be converted to the hexa value 21 as shown in FIG. 5.
  • the number 1 may be converted to the hexadecimal value 2B.
  • other Arabic numerals 2-9 which are elements of the order information, can be converted to the corresponding hexa value.
  • the seven-digit number 6005111 which is the order information, can be converted to 65 21 21 5A 2B 2B 2B when the input S-key is 1, and the value differs depending on the input S-key. May be converted to.
  • FIG. 6 shows output symbols (symbols displayed on the user terminal) on the ASCII code system corresponding to the hexa value of FIG. 5.
  • the S-table generation unit 722 when the input S-key is 3, the S-table generation unit 722, as shown in the S-table of Fig. 5, a plurality of groups in which the codes on the ASCII code system are ordered for the corresponding S-keys.
  • Each of the codes of different groups may be generated one by one, but may be stored in the S-table database 723 and stored in the S-table database 723.
  • the S-table generator 722 stores and manages the corresponding S-table values in the database 723 in a similar manner, and based on this, the variable code encryption unit 720 ) Converts each element of the corresponding order information.
  • the input S-key is 3, as shown in 220 of FIG. 2, the seven-digit sequence information 5711101 of the encryption target information 571110-1017817 may be converted into 5F6F2F2F2F282F.
  • the S-key which may be input differently at each encryption time, may be more usefully used to prevent hacking.
  • the encrypted indexing information may be different according to the change of the S-key, but the order of sorting is different. Can remain the same. That is, even if the S-key is input to any one of 1 to 13 (which may be a larger number in some cases) as shown in FIG. 5, the indexed information for which the encrypted information according to the variable code encryption of the order information can know the sort order. Can be
  • variable code encryption unit 720 may use the remainder or the quotient obtained by dividing the order information by a predetermined value as the S-key.
  • the remaining division or quotient after giving a predetermined weight to the element can also be used as the S-key.
  • the one-way encryption unit 730 encrypts the sequence information separated from the encryption target information as described above according to a one-way encryption method such as a secure hash algorithm.
  • a one-way encryption method such as a secure hash algorithm.
  • 3 illustrates an example of the encryption result of the secure hash algorithm for the seven-digit number 6005111, which is the sequence information.
  • the secure hash algorithm is a method of calculating a hash value using a predetermined hash function. Since the algorithm can be acquired based on published data, a detailed description thereof will be omitted.
  • the combiner 740 is a part of the result of encryption according to the secure hash algorithm as described above, for example, the result of the seven-digit hexadecimal value (33353931616633) encrypted by the variable code encryption method in step S130 in the above example. Substituted by (6521215A2B2B2B) generates encrypted sequence information as shown in FIG. 3 (see S150 and S160 of FIG. 1).
  • the ARIA encryption unit 750 encrypts the content information according to the encryption method based on the National Standard Encryption Logic (ARIA) (FIG. 1). See S170).
  • the content information may be personal information consisting of Arabic numerals (0-9), such as a social security number, a credit card number, or an account number of a financial institution, but in some cases, may include letters or symbols as well as numbers.
  • the above numerical information may further include other information with additional characters or symbols.
  • FIG. 3 exemplifies contents information encoded according to the National Standard Encryption Logic (ARIA) for the 13-digit number 6005111690413, which is the information on the Resident Registration No. 600511-1690413, and according to the National Standard Encryption Logic (ARIA).
  • ARIA National Standard Encryption Logic
  • the encryption method based on the National Standard Encryption Logic (ARIA) is an encryption method adopted as the Korean standard encryption method and is also called a 128-bit block encryption algorithm. Algorithms for the National Standard Cryptography Logic (ARIA) can be acquired based on published data, so detailed descriptions are omitted here.
  • the storage unit 160 stores the encrypted content information in correspondence with the encrypted order information. In the database 861.
  • various encryption target information may be encrypted and stored in a database according to the method of the present invention as shown in FIG. 1.
  • the combiner 740 generates a part of the result value encrypted according to the secure hash algorithm, that is, replaces the first 7 hexadecimal value (33353931616633) with the result code (6521215A2B2B2B) encrypted by the variable code encryption method.
  • the encrypted order information and the encrypted content information generated by the ARIA encryption unit 750 may correspond to (or in addition to) store and manage the database 761.
  • FIG. 9 is a flowchart illustrating an encryption method according to another embodiment of the present invention.
  • a process in which each step of S210 to S290 is performed is similar to that of FIG. 7, in addition to the steps of S300 and S310.
  • the incomprehensible equation encrypting unit 725 of FIG. 7 uses a function including order equations among the order information and the content information included in the above encryption target information as shown in Equation 1 above.
  • Each element of the sequence information can be converted and encrypted (S300).
  • Equation 1 variables a to k are constants such as real numbers.
  • Equation 1 shows an example of a fifth-order function, and in some cases, it is not possible.
  • the equation encryptor 725 includes various fifth-order functions, or sixth or seventh order equations such as fifth or more equations. Each element of the order information can be converted using the function F (x).
  • the incomprehensible equation encrypting unit 725 may convert order information included in the resident registration number into x by using a fifth-order function such as [Equation 1].
  • the indexing information can be used as indexing information.
  • the inconsistency equation encryption unit 725 is a natural log (ln).
  • the transcendental function may be processed to maintain a small value of the encrypted number (S310).
  • the combiner 740 may replace a portion of the result value encrypted by the one-way encryption unit 730 with the result encrypted by the variable code encryption unit 720, but in one direction. A part of the result value encrypted by the encryption unit 730 may not be replaced by the result value encrypted by the equation encryption unit 725.
  • the coupling unit 740 may partially encrypt the result value encrypted by the one-way encryption unit 730 in some cases, or may not be encrypted. The combination of result values encrypted by the equation encrypting unit 725 may be substituted.
  • the combiner 740 replaces a part of the result value encrypted by the one-way encryption unit 730 with the result encrypted by the variable code encryption unit 720 as above, and the other It is impossible to replace a part with a result value encrypted by the equation encrypting unit 725.
  • the combiner 740 may not replace a part of the result value encrypted by the one-way encryption unit 730 with another encryption result value as described above, and in this case, the one-way encryption unit 730
  • the encrypted result value itself may be encrypted order information stored together with the encrypted content information in the storage unit 160.
  • 11 is a view for explaining an example in which the encryption apparatus 700 according to an embodiment of the present invention is realized in a data management server connected to a network.
  • the data management server may encrypt and store the data received from the user terminal through the network using the encryption apparatus 700, and the database of the encryption apparatus 700 for the data request from the user terminal.
  • the search result may be searched in the encrypted information stored at 761 and the search result may be provided to the user terminal.
  • the network may be a wired or wireless Internet, or may be a core network integrated with a wired public network, a wireless mobile communication network, or a portable Internet, or may be a LAN or other dedicated network.
  • the user terminal is generally a computer such as a desktop PC or a notebook PC, but is not limited thereto. Any kind of interactive service that can transmit data to the data management server or request data from the data management server through a network can be used. It may be a wired or wireless communication device.
  • the user terminal may be a cellular phone, a PCS phone (Personal Communications Services phone), a synchronous / asynchronous IMT-2000 (International Mobile Telecommunication-2000), or the like that communicates through a wireless Internet or a portable Internet.
  • Including a mobile terminal in addition to a Palm Personal Computer (PDA), a Personal Digital Assistant (PDA), a Smartphone (Smart phone), a WAP phone (Wireless application protocol phone), a mobile game machine (mobile play- All wired and wireless consumer electronics / communication devices with a user interface for accessing a data management server, such as a station, may be inclusively referred to.
  • PDA Palm Personal Computer
  • PDA Personal Digital Assistant
  • Smartphone Smart phone
  • WAP phone Wireless application protocol phone
  • mobile game machine mobile play- All wired and wireless consumer electronics / communication devices with a user interface for accessing a data management server, such as a station, may be inclusively referred to.
  • the data management server capable of encrypting, storing, and managing data online through such a network and providing search results may be data received using the encryption apparatus 700 when received from a user terminal through the network.
  • the sequence information separated from the encryption target information, which is some data as in step S110 (or S210), and the content information which is the entire encryption target information are encrypted and combined in different ways, respectively (see S130, S140, S160, or S230, S300). , S310, S240, S260), and the encrypted information may be stored and managed in the database 761 so that the encrypted information is included as indexing information.
  • the encrypted information managed in the database 761 includes indexing information (a variable code encrypted information of the order information) at the front as shown in 220 of FIG. sorting) is enabled. Accordingly, when there is a request for data from the user terminal, the data management server can quickly search based on the indexing information from the sorting information of each final information encrypted and stored in the database 761 and provide the corresponding search result.
  • indexing information a variable code encrypted information of the order information
  • index information disappears to search for the necessary data in the encrypted data. In this case, it was difficult to search the entire encrypted data stored in the database.
  • variable information is encrypted using sequence code information, or the information encrypted using a function including a fifth or higher equation is indexing information, and the hexadecimal value of the encrypted information as shown in FIG.
  • the data management server may use the database 761. You can quickly search for requested material at.
  • the functions used in the methods and apparatus disclosed herein can be embodied as computer readable code on a computer readable recording medium.
  • the computer-readable recording medium includes all kinds of recording devices in which data that can be read by a computer system is stored. Examples of computer-readable recording media include ROM, RAM, CD-ROM, magnetic tape, floppy disks, optical data storage devices, hard disks, removable storage devices, and also carrier waves (for example, transmission over the Internet). It also includes the implementation in the form of.
  • the computer readable recording medium can also be distributed over network coupled computer systems so that the computer readable code is stored and executed in a distributed fashion.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

Selon un mode de réalisation de la présente invention, un procédé de chiffrement de données exécuté dans un moyen de chiffrement de données comprend les étapes consistant à : séparer une partie des informations à chiffrer et déterminer des informations séquentielles ; placer les autres informations, à l'exception des informations séquentielles, hors des informations à chiffrer en tant qu'informations de contenu ; exécuter une première opération de chiffrement de façon à transformer les informations de chiffrement des informations séquentielles en informations d'indexation ; exécuter une deuxième opération de chiffrement sur les informations séquentielles, indépendamment de l'indexation ; générer des informations de contenu chiffrées en exécutant une troisième opération de chiffrement sur les informations de contenu, indépendamment de l'indexation, d'une façon différente de la deuxième opération de chiffrement ; générer des informations séquentielles chiffrées en remplaçant une partie des valeurs de résultat du deuxième chiffrement par les valeurs de résultat du premier chiffrement ; et stocker dans un moyen de mémoire les informations de contenu chiffrées selon les informations séquentielles chiffrées.
PCT/KR2010/009111 2009-12-22 2010-12-20 Procédé et appareil destinés à séparer des informations personnelles en informations séquentielles et en informations de contenu et ensuite à chiffrer et à composer les informations, serveur et support d'enregistrement WO2011078535A2 (fr)

Applications Claiming Priority (6)

Application Number Priority Date Filing Date Title
KR10-2009-0128949 2009-12-22
KR20090128949 2009-12-22
KR10-2010-0005021 2010-01-20
KR20100005021 2010-01-20
KR1020100085991A KR101045222B1 (ko) 2009-12-22 2010-09-02 개인 정보를 순서 정보와 내용 정보로 분리하여 암호화하고 합성하는 방법, 장치,서버 및 기록 매체
KR10-2010-0085991 2010-09-02

Publications (2)

Publication Number Publication Date
WO2011078535A2 true WO2011078535A2 (fr) 2011-06-30
WO2011078535A3 WO2011078535A3 (fr) 2011-10-20

Family

ID=44196279

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2010/009111 WO2011078535A2 (fr) 2009-12-22 2010-12-20 Procédé et appareil destinés à séparer des informations personnelles en informations séquentielles et en informations de contenu et ensuite à chiffrer et à composer les informations, serveur et support d'enregistrement

Country Status (1)

Country Link
WO (1) WO2011078535A2 (fr)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150104011A1 (en) * 2011-09-13 2015-04-16 Combined Conditional Access Development & Support, LLC Preservation of encryption
JP2018120865A (ja) * 2012-12-21 2018-08-02 三星エスディアイ株式会社Samsung SDI Co., Ltd. バッテリーパック
CN112329393A (zh) * 2020-11-05 2021-02-05 广东科徕尼智能科技有限公司 一种短码id的生成方法、设备、存储介质
CN114459633A (zh) * 2022-04-11 2022-05-10 深圳中宝新材科技有限公司 基于物联网的抗氧化键合金丝设备数据加密及解密方法

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2000059355A (ja) * 1998-08-04 2000-02-25 Dainippon Printing Co Ltd 暗号化処理システム
JP2006004301A (ja) * 2004-06-18 2006-01-05 Hideo Suzuki データを管理する方法および情報処理装置
KR20060121772A (ko) * 2006-10-04 2006-11-29 (주)이글로벌시스템 암호화된 컬럼에 대한 색인 방법
US20070206788A1 (en) * 2006-02-10 2007-09-06 Atsushi Hagiwara Data encoding apparatus, data encoding method, data encoding program, and recording medium

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2000059355A (ja) * 1998-08-04 2000-02-25 Dainippon Printing Co Ltd 暗号化処理システム
JP2006004301A (ja) * 2004-06-18 2006-01-05 Hideo Suzuki データを管理する方法および情報処理装置
US20070206788A1 (en) * 2006-02-10 2007-09-06 Atsushi Hagiwara Data encoding apparatus, data encoding method, data encoding program, and recording medium
KR20060121772A (ko) * 2006-10-04 2006-11-29 (주)이글로벌시스템 암호화된 컬럼에 대한 색인 방법

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150104011A1 (en) * 2011-09-13 2015-04-16 Combined Conditional Access Development & Support, LLC Preservation of encryption
US11418339B2 (en) * 2011-09-13 2022-08-16 Combined Conditional Access Development & Support, Llc (Ccad) Preservation of encryption
JP2018120865A (ja) * 2012-12-21 2018-08-02 三星エスディアイ株式会社Samsung SDI Co., Ltd. バッテリーパック
CN112329393A (zh) * 2020-11-05 2021-02-05 广东科徕尼智能科技有限公司 一种短码id的生成方法、设备、存储介质
CN114459633A (zh) * 2022-04-11 2022-05-10 深圳中宝新材科技有限公司 基于物联网的抗氧化键合金丝设备数据加密及解密方法

Also Published As

Publication number Publication date
WO2011078535A3 (fr) 2011-10-20

Similar Documents

Publication Publication Date Title
US10951392B2 (en) Fast format-preserving encryption for variable length data
CN1197023C (zh) 在数据通信系统中安全传送数据组的方法和系统
WO2014003497A1 (fr) Génération et vérification de données additionnelles ayant un format spécifique
US5966449A (en) Method and network for communicating between a group of entities a text encrypted using an encryption key intrinsic to the group of entities in a network having a plurality of entities and a center
WO2014119936A1 (fr) Procédé et appareil de traitement de logiciel à l'aide d'une fonction de hachage pour sécuriser le logiciel, et support lisible par ordinateur stockant des instructions exécutables pour mettre en œuvre le procédé
US20130046995A1 (en) Method and computer program product for order preserving symbol based encryption
EP0759669A2 (fr) Procédé et dispositif de chiffrage par rotor à clé variable
WO2018097521A1 (fr) Procédé de duplexage de base de données
CN107105324B (zh) 一种保护弹幕信息的方法及客户端
WO2011078535A2 (fr) Procédé et appareil destinés à séparer des informations personnelles en informations séquentielles et en informations de contenu et ensuite à chiffrer et à composer les informations, serveur et support d'enregistrement
CN110704853A (zh) 一种基于脱敏策略的敏感数据脱敏方法及系统
WO2018186543A1 (fr) Procédé et système de chiffrement de données utilisant une clé d'authentification de dispositif
KR101045222B1 (ko) 개인 정보를 순서 정보와 내용 정보로 분리하여 암호화하고 합성하는 방법, 장치,서버 및 기록 매체
CN107682303B (zh) 个人敏感信息加密查询系统及方法
CN113489710B (zh) 一种文件共享方法、装置、设备和存储介质
CN110830261A (zh) 加密方法、装置、计算机设备及存储介质
CN110365468B (zh) 匿名化处理方法、装置、设备及存储介质
US20190260583A1 (en) Encryption device, search device, computer readable medium, encryption method, and search method
CN106022158A (zh) 一种文件资料的外带管理系统
WO2023191216A1 (fr) Système et procédé de chiffrement et de déchiffrement de données
WO2010079878A1 (fr) Appareil de cryptage et décryptage de données utilisant une table de code variable et procédé correspondant
NO321541B1 (no) Elektronisk handtering av informasjon ved hjelp av en stasjon (server) for bruksregler
CN115001784B (zh) 数据存储方法、装置、电子设备及计算机可读存储介质
CN115422579A (zh) 数据加密存储及存储后查询方法及系统
CN113904865A (zh) 一种基于非对称算法的日志传输方法及装置

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10839732

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase in:

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205 DATED 28.08.2012)

122 Ep: pct application non-entry in european phase

Ref document number: 10839732

Country of ref document: EP

Kind code of ref document: A2