WO2018135447A1 - Système de stockage d'informations chiffrées - Google Patents

Système de stockage d'informations chiffrées Download PDF

Info

Publication number
WO2018135447A1
WO2018135447A1 PCT/JP2018/000883 JP2018000883W WO2018135447A1 WO 2018135447 A1 WO2018135447 A1 WO 2018135447A1 JP 2018000883 W JP2018000883 W JP 2018000883W WO 2018135447 A1 WO2018135447 A1 WO 2018135447A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
encrypted
key
encryption
information
Prior art date
Application number
PCT/JP2018/000883
Other languages
English (en)
Japanese (ja)
Inventor
広知 岡澤
Original Assignee
株式会社Ictソリューションパートナーズ
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from JP2017006388A external-priority patent/JP6128627B1/ja
Priority claimed from JP2017076305A external-priority patent/JP6397953B2/ja
Application filed by 株式会社Ictソリューションパートナーズ filed Critical 株式会社Ictソリューションパートナーズ
Publication of WO2018135447A1 publication Critical patent/WO2018135447A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • GPHYSICS
    • G09EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
    • G09CCIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
    • G09C1/00Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms

Definitions

  • the present invention relates to an encrypted information storage system that stores data in an encrypted state.
  • a service for storing a combination of URL, user ID, password, etc. for each site on the Internet is also provided.
  • measures are taken such that information on each user stored in the server is encrypted in preparation for unauthorized access from the outside and stored in the server together with the encryption key.
  • the measures described above are based on the idea that even if the encryption information is stolen, it is safe if the encryption method and encryption key are not known. For this reason, the server is sufficiently secured to prevent unauthorized intrusion from the outside, and in the unlikely event that unauthorized access from the inside is permitted, the encryption key may be distributed or the encryption key itself
  • the system is constructed from the viewpoint of how to protect the encryption key by, for example, performing encryption.
  • Patent Document 1 as a method of uploading a file to a network storage system, an input of an encryption key is accepted from a user, and the encryption key itself is encrypted by processing using JavaScript (registered trademark) on a browser.
  • JavaScript registered trademark
  • a technique is disclosed in which an encrypted encryption key and an upload target file are transmitted to a server, the file is encrypted on the server, and the encrypted encryption key is stored on a client terminal.
  • Patent Document 2 includes a client terminal connected to an intra-organization network, a key management server, and an online service server connected to the client terminal via a public network, and the encryption acquired by the client terminal from the key management server.
  • a technology related to a data protection system is disclosed in which encryption is performed using an encryption script and an encryption key, and encrypted data is transmitted to an online service server.
  • the user ID may be seen by other users in normal use, but the data with different importance levels such as that the password will not be seen by anyone other than the user himself / herself is paired. Often handled.
  • an object of the present invention is to provide an encrypted information storage system that can safely store and retrieve a plurality of data having different importance levels.
  • an object of the present invention is to provide an encrypted information storage system capable of safely storing and retrieving a plurality of data related to contents.
  • an encrypted information storage system includes:
  • the first storage target data and the second storage target data are the first encrypted data obtained by encrypting the first storage target data with the first key, and the second storage target data is the second storage target data.
  • An encrypted information storage system for storing the second encrypted data encrypted with the key of the first encrypted data and the third encrypted data encrypted with the first key, An encrypted data storage unit that holds the first encrypted data and the third encrypted data;
  • Input receiving means for receiving inputs of the first storage target data, the second storage target data, the first key, and the second key;
  • Encryption means for generating the second encrypted data and generating the third encrypted data by encrypting the second encrypted data using the first key;
  • Recording means for recording the first encrypted data and the third encrypted data in the encrypted data storage unit; Restoring the first data to be stored by decrypting the first encrypted data using the first key and decrypting the third encrypted data using the first key
  • Decryption means for performing the restoration of the second encrypted data by the method and the restoration of the second storage target data by decrypting the second encrypted data using the second key;
  • And an output unit configured to output the first storage target
  • one is encrypted with the first key and the other is double-encrypted with the first and second keys. Can be managed efficiently.
  • the first storage target data and the second storage target data are related to each other in content.
  • a set of related information such as a user ID and password for logging in to a website or the like is stored with the password protected more securely than the user ID. Can be used.
  • the input receiving means receives input of third storage target data
  • the recording means records the third storage target data in the encrypted data storage unit;
  • the output means outputs the third storage target data.
  • the encrypted information storage system is configured such that the encrypted information storage server device and the user terminal device can communicate with each other via a network
  • the user terminal device includes the encryption unit and the decryption unit.
  • the encryption unit and the decryption unit are realized by a script that operates on the user terminal device,
  • the output means outputs the contents of the script.
  • the encryption / decryption process is performed by a script, and the contents are disclosed to the user, so that the user can obtain the key, the pre-encryption data, and the decrypted data in the encryption / decryption process. It can be confirmed that data is not transmitted / received via the network. As a result, it is ensured that unauthorized information has not been acquired during the encryption / decryption process, and the user can use the encrypted information storage system according to the present invention with peace of mind.
  • the first storage target data is hint information reminiscent of the second storage target data.
  • the second storage target data can be recalled based on the contents at the time when the user refers to the first storage target data, the data is more strongly encrypted and stored. In other words, the user can obtain necessary information without decrypting or displaying the second storage target data that is more important data. Therefore, it is possible to reduce the risk of information leakage when displaying the storage target data.
  • the first storage target data is hint information reminiscent of the second key.
  • the key is lost while using the first and second plurality of keys. Risk can be reduced.
  • the decoding method includes: The first data and the second data, the first encrypted data obtained by encrypting the first data using the first key, and the second data encrypted using the second key A method of decrypting data encrypted as second encrypted data and third encrypted data encrypted with the first key by a computer device, A first input receiving step for receiving an input of the first key; A first decryption step of decrypting the first encrypted data using the first key and restoring the first data; A second input receiving step for receiving an input of the second key; A second decryption step of decrypting the third encrypted data using the first key and restoring the second encrypted data; And a third decryption step of decrypting the second encrypted data using the second key and restoring the second data.
  • the first storage target data and the second storage target data can be extracted from the encrypted information storage system of the present invention.
  • the data retrieval method includes: First storage target data and second storage target data, first encrypted data obtained by encrypting the first storage target data using a first key, and the second storage target data
  • the second encrypted data encrypted with the second key is further stored as the third encrypted data encrypted with the first key, and the data to be stored from the encrypted information storage system is stored.
  • a method of taking out A first input receiving step for receiving an input of the first key; A first decryption step of decrypting the first encrypted data using the first key and restoring the first storage target data; A first output step of outputting the first storage target data; A second input receiving step for receiving an input of the second key; A second decryption step of decrypting the third encrypted data using the first key and restoring the second encrypted data; A third decryption step of decrypting the second encrypted data using the second key and restoring the second storage target data; And a second output step for outputting the second storage target data.
  • the encryption method includes: A method of encrypting first data and second data by a computer device, comprising: An input receiving step of receiving input of the first data, the second data, the first key, and the second key; A first encryption step for generating first encrypted data by encrypting the first data using the first key; A second encryption step for generating second encrypted data by encrypting the second data using the second key; And a third encryption step for generating third encrypted data by encrypting the second encrypted data using the first key.
  • the first data and the second data can be stored in the encrypted information storage system of the present invention.
  • the storage method includes: A method of storing the first data and the second data by a computer device, As the first encrypted data obtained by encrypting the first data using a first key, The second data is encrypted using a second key to be second encrypted data, and then the second encrypted data is further encrypted using the first key. As encrypted data for It is characterized by storing each.
  • FIG. 6 is a diagram illustrating a display example of an input form of an encrypted HTML file in Embodiment 1.
  • FIG. It is a figure which shows the example of a display of the input form of the decoding HTML file in Example 1.
  • FIG. 10 is a diagram illustrating an example of a screen display in the third embodiment.
  • FIG. 10 is a diagram illustrating an example of a screen display in the third embodiment.
  • FIG. 10 is a diagram illustrating an example of display of a random number table in the third embodiment.
  • FIG. 1 is a configuration diagram of an encrypted information storage system according to the present embodiment.
  • the encrypted information storage system is configured such that an encrypted information storage server device 1 and a plurality of user terminal devices 2 can communicate with each other via a network 3.
  • a network 3 the Internet, a LAN (Local Area Network), or the like can be used.
  • FIG. 2 is a functional block diagram of the encrypted information storage system according to the present embodiment.
  • the encrypted information storage server device 1 includes an encrypted data storage unit 101 that stores encrypted data that a user desires to store using an encrypted information storage system, and an encrypted HTML (Hyper for encryption).
  • An encrypted HTML transmission unit 102 that transmits a Text Markup Language) file to the user terminal device 2, receives encrypted data transmitted by the encrypted HTML file from the user terminal device 2, and receives an encrypted data storage unit 101.
  • the encrypted data recording means 103 for recording the encrypted data
  • the identification information generating means 104 for generating the identification information of the encrypted data when the encrypted data recording means 103 records the encrypted data
  • the encrypted data Encrypted data search means 105 for searching for encrypted data from the data storage unit 101, and encrypted data
  • a decryption HTML generation unit 106 that generates a decryption HTML file for decrypting the data and transmits the decryption HTML file to the user terminal device 2 and a key / data update HTML file for updating the key and / or storage target data Key / data update HTML generation means 107 for generating and transmitting to the user terminal device 2, an authentication information storage unit 108 for storing user authentication information, and transmission of an authentication HTML file to the user terminal device 2,
  • User authentication means 109 for receiving authentication information from the user terminal device 2, collating the authentication information received from the user terminal device 2 with the information held in the authentication information storage unit 108, and the encryption included in the encrypted HTML file
  • the user terminal device 2 is an HTML file such as an encrypted HTML file, a decrypted HTML file, a key / data update HTML file, an authentication HTML file, an algorithm description HTML, or a script description HTML transmitted from the encrypted information storage server device 1.
  • HTML receiving means 21 for receiving the data
  • input receiving means 22 for accepting input of data to be stored, a key, etc. from the user
  • an encryption script included in the encrypted HTML file a decryption script included in the decrypted HTML file
  • Script execution means 23 for executing the key / data update script included in the key / data update HTML file
  • encrypted data transmission means 24 for transmitting the encrypted data to the encrypted information storage server device 1, and decryption Display the data to be stored It includes a storage target data display means 25, a.
  • the encrypted information storage server device 1 includes various input / output devices including a computing device (CPU), a main storage device (RAM), an auxiliary storage device such as an HDD, an SSD, a flash memory, and a connection means to the network 3. It can implement
  • the user terminal device 2 includes an arithmetic device (CPU), a main storage device (RAM), an auxiliary storage device such as an HDD, an SSD, and a flash memory, and various input / output devices including a connection means to the network 3.
  • Various computer devices such as a personal computer, a smartphone terminal, and a mobile phone can be used.
  • reception of an HTML file from the encrypted information storage server device 1 and transmission of data to be stored are performed by HTTP (Hyper Text Transfer Protocol), and JavaScript (decryption script) (Registered trademark) is used, but the format of the file or script is not limited to this.
  • HTTP Hyper Text Transfer Protocol
  • JavaScript decryption script
  • the encryption information storage system according to the present embodiment can be used without introducing a special program or the like by many computer devices having a general web browser. Can be used.
  • communication can be performed more safely by using HTTPS (Hypertext Transfer Protocol Secure) instead of HTTP for data transmission / reception.
  • JavaScript registered trademark
  • JavaScript can be included in an HTML file in a state in which the user can confirm the processing contents when intentionally not obfuscating.
  • the user has the knowledge to understand the contents of the script, it becomes an open state in which the contents of the encryption and decryption processing can be grasped, so that the encrypted information storage system can be used with confidence.
  • JavaScript may be directly described in the header or body of the HTML file, or a part or all of the JavaScript for encryption or decryption is provided as a JavaScript file, and the HTML file header is provided. A description may be made such that a JavaScript is included in an HTML file for encryption or decryption by describing a link to the JavaScript file.
  • the user ID and password are registered in advance, and the user authentication using the authentication information storage unit 108 and the user authentication unit 109 described above is performed by the user. It is preferable to obtain the above. Or it is good also as a structure which identifies a user by the method of using the identification information of the user terminal device 2, etc.
  • FIG. 3 is a diagram showing a configuration of the encrypted HTML file H1 according to the present embodiment.
  • the encrypted HTML file H ⁇ b> 1 is encrypted by the encryption script F ⁇ b> 11 executed by the script execution unit 23, the input form F ⁇ b> 12 that receives input from the user by the input reception unit 22, and the user terminal device 2.
  • the encryption script F11 includes a data encryption script F111 that encrypts part or all of the storage target data, and a data transmission script F112 that transmits the transmission form F13 to the encrypted information storage server device 1.
  • the data encryption script F111 may be a script that performs encryption of an arbitrary method such as encryption using AES (Advanced Encryption Standard).
  • the data transmission script F112 may be omitted, and the storage target data may be transmitted only by the function of the web browser of the user terminal device 2.
  • the input form F12 includes a key input area I121 for receiving a key input used when encrypting the storage target data, a storage target data input area I122 for receiving input of the storage target data, a key, and storage target data. Is sent, and a transmission button B123 for receiving an instruction to execute the encryption script F11 is provided.
  • FIG. 4A shows the configuration of the key input area I121.
  • the key input area I121 has two key input areas, a first key input area I121a and a second key input area I121b.
  • a first key hint information input area I121c for receiving input of first key hint information
  • a second key plaintext hint information input area I121d for receiving input of information to be stored in a plaintext state as second key hint information
  • the second key hint information includes a second key encryption hint information input area I121e that accepts input of information to be stored in a state where the encryption process using the first key is performed.
  • FIG. 4B is a diagram showing the configuration of the storage target data input area I122.
  • the storage target data input area I122 includes a level 0 data input area I122a that accepts input of data to be stored as level 0 data (third storage target data), and level 1 data (first storage target).
  • Level 1 data input area I122b for receiving input of data to be stored as (data)
  • level 2 data input area I122c for receiving input of data to be stored as level 2 data (second storage target data).
  • each level from level 0 to level 2 indicates a data storage method on the encrypted data storage unit 101.
  • FIG. 22 schematically shows the handling of each level 0 to level 2 data in the encrypted information storage system according to the present embodiment.
  • level 0 data is not encrypted and is in a plain text state
  • level 1 data is encrypted once with the first key to be encrypted level 1 data.
  • the level 2 data is further encrypted with the first key after being encrypted with the second key, and the encrypted information management server apparatus 1 in a state where the encrypted level 2 data has been double-encrypted. And is recorded in the encrypted data storage unit 101.
  • FIG. 23 shows an example of data to be stored that is handled in the present embodiment. This is because when the login information of the site is stored by the encrypted information storage system according to the present embodiment, the login page URL is used as level 0 data, the user ID used for login as level 1 data, and login as level 2 data. This is an example of storing the password used for. As described above, the encrypted information management system according to the present embodiment can be used such that the level of each piece of data is set according to the importance.
  • FIG. 24 shows another example of use of the level setting of the storage target data.
  • FIG. 24A shows “A *” that clarifies only the first character as level 0 data when a character string that the user actually needs to store, for example, a password is a character string “ABC123”.
  • Use for storing the character string "******”, the character string "ABC ***” that clarifies the alphabet part as level 1 data, and the character string "ABC123” that clarifies the full text as level 2 data An example is given.
  • the character string to be actually stored is set as the highest level level 2 data, and the data with a part of the character string is set as the level 1 data and level 0 data, respectively.
  • level 1 data can be used as hint information for remembering level 2 data.
  • the user can remember the character string using the level 0 data or the level 1 data as a clue at the stage of referring to the level 0 data, there is no need to perform the subsequent decoding process. Therefore, when handling an important character string such as a password, it is possible to reduce the risk of peeping from the surroundings by displaying all the character strings on the user terminal device 2.
  • level 0 data or the level 1 data is used as hint information for the user to remember the level 2 data as described above
  • a character string in which a part of the level 2 data is made into a hidden character as described above is used.
  • a character string that is not a part of level 2 data but is pronounced of level 2 data is used as level 2 data hint information as level 0 data. It is also possible to use data or level 1 data.
  • FIG. 24B shows an example in which such use is performed.
  • an example is shown in which three data of levels 0 to 2 are handled as a set, but the present invention is not limited to this.
  • a configuration is set to further set information on which level each data included in the set is to be handled. It is good also as a structure which can be handled by another level setting.
  • the URL of the login page is set as level 0 data (1), and the hint of the user ID used for the login of the site is shown.
  • the information is level 0 data (2)
  • the user ID itself is level 1 data (2)
  • the first hint information of the password used for site login is level 0 data (3)
  • the second password A large number of sets of data are stored at different encryption levels, such as handling hint information as level 1 data (3), password itself as level 2 data (3), and so on. It is good also as a form to do.
  • the first key hint information input area I121c, the second key plaintext hint information I121d, and the second key encryption hint information input area I121e are omitted, and the first key hint information as level 0 data and the first key hint information as level 1 data are omitted. 2 It is good also as a structure which handles encryption hint information.
  • FIG. 26 shows an example of handling such data as each of level 0 to level 2 data.
  • the first key is a character string “DEF456” and the second key is a character string “GHI789”
  • the level 0 data is “D ** 4 **” with a part of the first key as a letter.
  • a character string as level 1 data, a character string “GH *** 9” with a part of the second key as an abbreviated character, and a character string “ABC123” actually stored as level 2 data This is an example of setting.
  • the user first refers to the hint of the first key as level 0 data, inputs it, and then refers to the hint of the second key as level 1 data decrypted thereby.
  • Two keys are input, and finally, level 2 data decrypted by the first key and the second key can be obtained.
  • the risk of loss of the key can be reduced.
  • the storage target data in the present embodiment handles text information such as user IDs and passwords in various services, but the encryption processing by the encryption script F11 and the user terminal device 2 and the encrypted information storage server device. As long as the data capacity does not cause a problem in communication with the mobile phone 1, an arbitrary binary file such as image information may be handled.
  • the transmission form F13 includes transmission destination URI information F131 which is URI (Uniform Resource Identifier) information indicating the encrypted data recording means 103 which is a transmission destination, user ID information F132 for identifying a user, and storage target data input And encrypted data F133 obtained by encrypting a part or all of the storage target data input to the area I122 by the data encryption script F111.
  • URI Uniform Resource Identifier
  • the transmission form F13 does not exist when the encrypted HTML file H1 is received by the HTML receiving means 21, and the transmission form F13 may be generated when the data transmission script F112 is executed.
  • FIG. 4C is a diagram showing a configuration of the encrypted data F133.
  • encrypted data F133 includes level 0 data F133a, encrypted level 1 data F133b obtained by encrypting level 1 data using the first key, and level 2 data encrypted using the second key. Thereafter, the encrypted level 2 data F133c encrypted with the first key, the first key hint information F133d, the second key plaintext hint information F133e, and the second key encryption hint information are encrypted with the first key.
  • Second key plaintext hint information F133f is a diagram showing a configuration of the encrypted data F133.
  • the encryption script display area L14 is an area for displaying the data encryption script F111 and the data transmission script F112.
  • JavaScript is used for the encryption script or the like
  • the user can confirm the processing contents by displaying the script for actually encrypting or transmitting the data. . Thereby, the user can confirm that the encryption is reliably performed and that the key and the data before the encryption are not illegally transmitted.
  • the configuration of the encrypted HTML file H1 shown in FIG. 3 is merely an example, and the configuration may be changed by including other forms (not shown).
  • the input form F12 that holds the storage target data and the encryption key in plain text and the transmission form F13 for transmitting the encrypted storage target data to the encrypted information storage server device 1 are separated. Is preferred.
  • the input form F12 and the transmission form F13 are configured as a single form by including the encrypted data F133, user ID information, etc. of the transmission form F13 in the input form F12, and the encrypted information storage server device
  • the storage target data and the encryption key are prevented from being transmitted in a plain text state by a method such as deleting the storage target data and the encryption key from the form by the data transmission script F112. It is good also as a simple structure.
  • the input form F12 is simply referred to as “form” for the sake of convenience. If it can be referred to from the data encryption script F111, the “form” in the specification of the HTML file, which is always specified by the FORM tag. Need not be.
  • the transmission form F13 is preferably a “form” in the specification of the HTML file that is defined by the FORM tag and uses the transmission destination URI information F131 as the data transmission destination. With this configuration, data can be transmitted in a simple form using the POST method and the GET method, so that the system can be opened to the user.
  • FIG. 5 is a flowchart showing data encryption processing by the encryption information storage system according to the present embodiment.
  • request information of the encrypted HTML file H1 is transmitted from the user terminal device 2 in step S101. This is because, for example, the web browser is operated by a user clicking on a hyperlink from a top page or a menu screen provided by the encrypted information storage server device 1 or another web server device (not shown). Generates and sends request information.
  • step S102 When the encrypted information storage server apparatus 1 receives the request information in step S102, the process proceeds to step S103, and the encrypted HTML file H1 is transmitted to the user terminal apparatus 2.
  • the user terminal device 2 receives the encrypted HTML file H1 in step S104, and in step S105, displays an input screen by the web browser, and inputs each data of level 0 to 2 to the input form F12, the first, The input of the second key is accepted.
  • a display using an arbitrary symbol such as “*” or “ ⁇ ” is displayed on the screen of the user terminal device 2 instead of the actually input character string. Is preferred. Thereby, it is possible to reduce a risk that the key is known to a person other than the user when setting the key. In addition, when a key is entered, the user is prompted twice to enter the same content, so that even if the key character string cannot be confirmed on the screen as described above, an input error may occur. It is possible to reduce the risk that a key unintended by the user is set.
  • the key for receiving the input is an individual key for each set of data to be stored.
  • An encrypted information storage system can be used.
  • step S106 When the transmission button B123 is pressed by the user, the process proceeds to step S106, and the level 1 and 2 data input to the storage target data input area I122 using the data encryption script F111 is input to the key input area I121.
  • the encryption process using the first and second keys is executed.
  • generation of encrypted level 1 data by encryption of level 1 data using the first key encryption of level 2 data using the second key, and further adding the first key
  • generation of encrypted level 2 data by encryption using the first key encryption and generation of second key encrypted hint information by encryption of the second key encryption hint information using the first key.
  • step S107 the data transmission script F112 receives the level 0 data, the first key hint information, the second key plaintext hint information received in step S105, and the encrypted data that has been encrypted in step S106. Necessary information such as level 1 data, encrypted level 2 data, and second key encrypted hint information is set in the transmission form F13, and transmission to the encrypted information storage server device 1 is performed as encrypted data. Do.
  • the transmission process of the encrypted data here is preferably performed by the POST method or the GET method as described above.
  • the encrypted data recording unit 103 executes a recording process in the encrypted data storage unit 101.
  • identification information is generated by the identification information generation unit 104 and stored in association with the encrypted data. This completes the data encryption process.
  • level 1 and level 2 data can be encrypted and recorded in the encrypted information storage server device 1 together with unencrypted level 0 data and the like.
  • the encryption process in step S106 is performed on the user terminal device 2, and the encrypted storage target data is transmitted to the encrypted information storage server device 1, that is, the encryption input in the input form F12
  • the previous storage target data and the encryption key itself are not transmitted to the encrypted information storage server device. This eliminates the risk that data to be stored and its encryption key are illegally obtained by a third party on the network 3, or that the encrypted information storage server device 1 is attacked and the information is leaked. can do.
  • FIG. 6 is a diagram showing a configuration of the decrypted HTML file H2 according to the present embodiment.
  • the decrypted HTML file H2 includes a decryption script F21 executed by the script execution means 23, an encrypted data storage form F22 for storing encrypted data to be decrypted.
  • the input receiving unit 22 has an input form F23 for receiving input from the user, and a display form F24 for displaying data decrypted by the decryption script F21.
  • the decryption script F21 includes a data decryption script F211 for decrypting data included in the encrypted data storage form F22. This is configured such that data that has been encrypted by the data encryption script F111 can be decrypted using a key.
  • the data encryption script F111 performs common key encryption, and the encryption key used in the data encryption script F111 and the decryption key used in the data decryption script F211 are the same key.
  • the present invention is not limited to this. For example, if encryption such as a public key method is performed, the encryption key and the decryption key are different.
  • the encrypted data storage form F22 has an encrypted data storage area H221 in which encrypted data set by the encrypted information storage server device 1 is stored. It is sufficient that the encrypted data storage area H221 is configured so that the stored encrypted data can be acquired by the decryption script F21, and when the decrypted HTML file H2 is displayed by the web browser. It may be made invisible.
  • FIG. 7A is a diagram showing a configuration of the encrypted data storage area H221.
  • Level 0 data H221a in plaintext state encrypted level 1 data H221b encrypted with the first key
  • encrypted level 2 data H221c encrypted with the first key after encryption with the second key Plaintext state first key hint information H221d, plaintext state second key plaintext hint information H221e, and second key encrypted hint information H221f encrypted with the first key.
  • FIG. 7B is a diagram showing the configuration of the input form F23.
  • the input form F23 includes a key input area I231, a decryption button B232, a first key hint information display button B233a for instructing display of first key hint information, and display of second key hint information.
  • a second key hint information display button B233b for instructing, a first key hint information display area L234a for displaying the first key hint information, a second key plaintext hint information, and a second key encryption hint information.
  • a second key hint information display area L234b is a diagram showing the configuration of the input form F23.
  • the input form F23 includes a key input area I231, a decryption button B232, a first key hint information display button B233a for instructing display of first key hint information, and display of second key hint information.
  • a second key hint information display button B233b for instructing, a first key hint information display area L234a for displaying the first key hint information, a second key plaintext hint
  • the display form F24 includes a storage target data display area L241 for displaying a result of the decryption process by the decryption script F21 on the encrypted data stored in the encrypted data storage form F22.
  • FIG. 7C is a diagram showing the configuration of the storage target data display area L241.
  • the storage target data display area L241 includes a level 0 data display area L241a for displaying level 0 data, a level 1 data display area L241b for displaying decrypted level 1 data, and a decrypted level 2 A level 2 data display area L241c for displaying data.
  • the decryption script display area L25 is an area for displaying the contents of the data decryption script F211 as with the encryption script display area L14 in the encrypted HTML file H1.
  • the encrypted data storage form F22, the input form F23, and the display form F24 are shown as independent forms here, the encrypted data storage form F22 and the input form F23 are shown.
  • any configuration may be used, such as a single form, or an encrypted data storage form F22 and a display form F24 as a single form.
  • the encrypted data storage form F22 and the input form F23 here do not need to be “forms” in the specification of the HTML file as in the input form F12 in the encrypted HTML file H1, and data decryption is performed. What is necessary is just to be comprised as an element which can be referred from script F211.
  • FIG. 8 is a flowchart showing the decryption processing of the encrypted data by the encryption information storage system according to this embodiment.
  • request information of the decrypted HTML file H2 is transmitted from the user terminal device 2 in step S201.
  • the web browser generates and transmits request information by an operation such as a user clicking a hyperlink from a menu screen or the like by the web browser.
  • the request information of the decrypted HTML file H2 includes identification information of encrypted data to be decrypted.
  • step S202 When the encrypted information storage server device 1 receives the request information in step S202, the process proceeds to step S203, and a decrypted HTML file H2 including the encrypted data to be decrypted is generated. More specifically, the encrypted data specified by the identification information included in the request information from the user terminal device 2 is acquired from the encrypted data storage unit 101 by the encrypted data search unit 105 and encrypted. To the completed data storage form F22.
  • step S204 the decrypted HTML file H2 generated in step S203 is transmitted to the user terminal device 2.
  • the user terminal device 2 receives the decrypted HTML file H2 in step S205, and in step S206, the level 0 data, the first key hint information, and the second key plain text hint information included in the decrypted HTML file in a plain text state. Is displayed.
  • the first key hint information and the second key plaintext hint information may be displayed when the first hint information display button B233b and the second key hint information display button B233b are pressed, respectively. .
  • step S207 the input of the first key is accepted from the user.
  • the user can input the first key using the first key hint information displayed in step S206 as a clue.
  • step S208 decryption processing of the encrypted level 1 data using the first key using the data decryption script F211; Decrypt the second key encrypted hint information by the first key.
  • step S209 the level 1 data obtained as a result of the decryption process and the second key encryption hint information are displayed.
  • step S210 the input of the second key is accepted.
  • the user can input the second key based on the second key plaintext hint information displayed in step S206 and the second key encryption hint information displayed in step S209.
  • the display of the second key encryption hint information in step S209 may be configured to be performed when the second key hint information display button B233b is pressed.
  • the second key hint information display button B233b and the second key hint information display area L234b are used in common for displaying the second key plaintext hint information and the second key encryption hint information.
  • the configuration is shown, a configuration may be adopted in which buttons for displaying instructions and display areas are individually provided.
  • step S211 decryption processing of the encrypted level 2 data with the second key is performed using the data decryption script F211.
  • the resulting level 2 data is displayed in step S212 and encrypted.
  • the decryption process of the digitized data ends.
  • step S207 or S210 If an invalid key is input in step S207 or S210, an arbitrary exception process is performed such as detecting the failure of the decryption process in steps S208 and S211 and notifying the user of the failure of the decryption process. It is preferable.
  • step S207 encrypted data can be acquired from the encrypted information storage server device 1 and decrypted on the user terminal device 2.
  • the decryption process in step S207 is performed on the user terminal device 2, and the key is not transmitted to the encrypted information storage server device 1. It is possible to eliminate the risk that the decrypted storage target data is illegally obtained, or that the encrypted information storage server device 1 is attacked and the information is leaked.
  • FIG. 9 is a diagram showing a configuration of the key / data update HTML file H3 according to the present embodiment.
  • the key / data update HTML file H3 includes a key / data update script F31 executed by the script execution unit 23 and a cipher that stores encrypted data to be updated with the key and / or data.
  • the key / data update script F31 includes a data decryption script F311 for decrypting data stored in the encrypted data storage form F32, and a data encryption script F312 for encrypting part or all of the storage target data. And a data transmission script F313 for transmitting the transmission form F34 to the encrypted information storage server device 1.
  • the data transmission script F313 may be omitted, and the storage target data may be transmitted only by the function of the web web browser of the user terminal device 2.
  • the data decryption script F311 is the data decryption script F211 in the decryption HTML file H2
  • the data encryption script F312 and the data transmission script F313 are the data encryption script F111 and the data transmission script F112 in the encrypted HTML file H1. And the same script can be used for each.
  • the encrypted data storage form F32 has an encrypted data storage area H321 in which encrypted data set by the encrypted information storage server device 1 is stored.
  • the encrypted data storage area H321 only needs to be configured so that the stored encrypted data can be acquired by the data decryption script F311, and the encryption key / data update HTML file H3 displayed by the web browser is displayed. In this case, it may be made invisible. Further, the encrypted data storage area H321 has the same configuration as the encrypted data storage area H221 of the decrypted HTML file H2 shown in FIG.
  • FIG. 10A shows the configuration of the input form F33.
  • the input form F33 includes a key input area I331, a decryption button B332 for accepting an instruction to execute the data decryption script F311 after the decryption key is input, and an encryption of the encrypted data storage form F32.
  • Decrypted data display / data change input area for receiving input of storage target data after change when displaying the result of the decryption processing by the data decryption script F311 and changing the storage target data I333, a first key hint information display button B335a for instructing display of the first key hint information, a second key plaintext hint information display button B335b for instructing display of the second key plaintext hint information, and the second key encryption
  • a second key encryption hint information display button B335c for instructing display of hint information
  • a first key hint information display / update input area L336a for receiving display and change input
  • a second key plaintext hint information display / update input area L336b for receiving second key plaintext hint information and change input.
  • the key input area I331 includes a first key input area I331a that receives an input of a first key and a second key input area I331b that receives an input of a second key.
  • FIG. 10B is a diagram showing a more detailed configuration of the storage target data display / change input receiving area I333.
  • the storage target data display / change input area I333 includes a level 0 data display / change input area I333a for receiving level 0 data display and change input, and a level 1 data display / change input.
  • Level 1 data display / change input area I333b, and level 2 data display / change input area I333c for receiving level 2 data display and change input.
  • the transmission form F34 includes transmission destination URI information F341 which is URI information indicating the encrypted data recording means 103 which is a transmission destination, user ID information F342 for identifying the user, and decrypted data display / data change input.
  • Encrypted data F343 obtained by encrypting part or all of the storage target data input to the area I333 by the data encryption script F312 and encrypted data identification information F344 for uniquely identifying the encrypted data And comprising.
  • the encrypted data identification information F344 is acquired from the encrypted data storage unit 101 when the key / data update HTML generation unit 107 generates the key / data update HTML file H3 by the key / data update HTML generation unit 107, and Set in the transmission form F34 in advance, or include it in the encrypted data storage area H221 when generating the key / data update HTML file H3, and set it in the transmission form F34 when executing the data transmission script F313. What is necessary is just to set it as the structure set at the time.
  • the encryption / decryption script display area L35 is similar to the encryption script display area L14 in the encrypted HTML file H1 and the decryption script display area L25 in the decrypted HTML file H2, and the data decryption script F311 and the data encryption script F312. This is an area for displaying the contents of the data transmission script F313.
  • the transmission form F34 does not exist when the encryption key / data update HTML file H3 is received by the HTML receiving means 21, and is generated when the data transmission script F313 is executed. It is good also as a simple structure.
  • the configuration of the key / data update HTML file H3 shown in FIG. 9 is merely an example, and the configuration may be changed by including other forms (not shown).
  • the input form F33 for storing the storage target data and the key in plain text and the transmission form F34 for transmitting the encrypted storage target data to the encrypted information storage server device 1 may be separated. preferable.
  • the storage target data and the encryption key are deleted from the form.
  • the storage target data and the encryption key may be configured to avoid transmission in a plain text state.
  • the encrypted data storage form F32 and the input form F33 here do not have to be “forms” in the specification of the HTML file, like the input form F12 in the encrypted HTML file H1, but the transmission form F34 is preferably a “form” in the HTML file specification that is defined by the FORM tag and can be transmitted by the POST method or the GET method, like the transmission form F13 in the encrypted HTML file H1.
  • FIG. 11 is a flowchart showing a key and / or storage target data update process by the encryption information storage system according to the present embodiment.
  • the request information of the key / data update HTML file H3 is transmitted from the user terminal device 2 in step S301. This is because, for example, the web browser is operated by a user clicking on a hyperlink from a top page or a menu screen provided by the encrypted information storage server device 1 or another web server device (not shown). Generates and sends request information.
  • the request information of the encryption key / data update HTML file H3 here includes the encryption key and / or identification information of the encrypted data that is the update target of the storage target data.
  • step S302 When the encrypted information storage server device 1 receives the request information in step S302, the process proceeds to step S303, and a key / data update HTML file H3 including encrypted data to be updated of the key and / or storage target data is generated. . More specifically, the encrypted data specified by the identification information included in the request information from the user terminal device 2 is acquired from the encrypted data storage unit 101 by the encrypted data search unit 105 and encrypted. To the completed data storage form F32.
  • step S304 the key / data update HTML file H3 generated in step S303 is transmitted to the user terminal device 2.
  • the user terminal device 2 receives the key / data update HTML file H3 in step S305, and in step S306, an input screen is displayed by the web browser to accept the input of the decryption key to the key input area I331.
  • step S307 the encrypted data stored in the encrypted data storage area H321 is decrypted using the data decryption script F311, and step S308 is performed.
  • the data obtained as a result of the decryption process is displayed in the storage target data display / data change input area I333.
  • step S309 the input of the key change to the key input area I331 and the input of the change of the storage target data to the storage target data display / data change input area I333 are received from the user.
  • the storage target data is displayed in the storage target data display / data change input area I333 in step S308, the user can make changes.
  • step S310 When the transmission button B334 is pressed by the user, the process proceeds to step S310, and the data to be stored in the storage target data display / data change input area I333 using the data encryption script F312 is held in the key input area I331. Performs encryption processing using a key.
  • step S311 the data transmission script F313 sets necessary information such as the encrypted data encrypted in step S310 in the transmission form F34, and the encryption to the encrypted information storage server device 1 is performed. Transmit identification data and data to be stored.
  • the encrypted data recording unit 103 records the encrypted data in the encrypted data storage unit 101, that is, the encryption key and / or the storage target data.
  • the update is executed and the update process ends.
  • the key input area I331 serves as both the key input area set before the change and the key input area set after the change. These input areas are provided separately, and the key input area is set in step S309. If there is no input by the user in the input area, the encryption process using the key used for the decryption process is performed in step S310, and if the key is input in step S309, it is used in step S310. It is also possible to adopt a configuration in which the encryption processing that has been performed, that is, the key is updated.
  • step S307 the encrypted data is decrypted on the user terminal device 2, and if necessary, the key and / or storage target data is changed in step S309.
  • the key and the data to be stored can be updated safely without transmitting / receiving the key before and after the change, the level 1 data in the plaintext state, and the level 2 data via the network 3. Can do.
  • the user can manage the storage target data more safely.
  • encryption is performed by performing both encryption processing and decryption processing on the user terminal device 2 instead of the encryption information storage server device 1. / It is possible to prevent the key used for the decryption process from leaking to a third party and the data to be stored in plain text, and the user can safely manage the data to be stored. Become.
  • the algorithm explanation HTML provided by the algorithm explanation providing means 110 includes a mechanism of encryption processing using the encrypted HTML file H1, decryption processing using the decryption HTML file H2, and key and data update processing using the key / data update HTML file H3. , To explain to the user. That is, each process described with reference to the flowcharts shown in FIGS. 5, 8, and 7 is explained to the user.
  • the script explanation HTML provided by the script explanation providing means 111 displays source codes such as an encryption script, a decryption script, and a data transmission script, and explains the contents in more detail. Further, when these scripts are configured to refer to an external library, it is preferable to explain what kind of library is being referenced.
  • comments and scores regarding the algorithm and script safety from the user as evaluation information by the encrypted information storage server device 1 and other server devices that can communicate with the user terminal device 2 via the network 3 It is good also as a structure which can collect and provide to another user.
  • a user who is familiar with a technology such as an HTML file or JavaScript makes a comment, and a user who is not familiar with such a technology also refers to the comment, so that the encrypted information storage system according to the present embodiment can be relieved.
  • the configuration is such that algorithm and script evaluation information is collected and provided by an external review site or the like operated by a third party different from the operator who manages the encrypted information storage server device 1 or the like. The reliability of the evaluation information can be made higher.
  • an electronic certificate is given to a file including an encryption script and a decryption script to be provided to the user terminal device 2, and the user terminal device 2 checks that the file has not been tampered with using the electronic certificate. If the configuration is such that the script is executed, the security of the encrypted information storage system according to the present invention can be further enhanced. Furthermore, when collecting evaluation information of algorithms and scripts as described above, evaluation information by other users is provided by releasing a file with an electronic certificate and collecting evaluation information for the file. It can be ensured that the script actually executed on the user terminal device 2 is the same, and the user can use the encrypted information storage system according to the present invention with peace of mind.
  • the encrypted information storage server device 1 may be encrypted or decrypted using a program language such as Ruby.
  • each user terminal device 2 can selectively execute encryption / decryption processing on the user terminal device 2 and encryption / decryption processing on the encrypted information storage server device 1. Also good.
  • the encryption / decryption processing is performed on the user terminal device 2, and when the other user terminal device 2 is used, the encrypted information storage server device 1 The above-described encryption / decryption process is performed.
  • it can be used more safely and can also be used in other user terminal devices 2.
  • a secure encrypted information storage system when encryption / decryption processing on the user terminal device 2 is possible, it can be used more safely and can also be used in other user terminal devices 2.
  • Example 1 This embodiment is an example in the case where the login information D1 of the website as shown in FIG. 12 is managed by the encryption information storage system according to the present invention.
  • the login information D1 includes arbitrary title D101, first key hint information D102, second key hint information D103 stored in plain text, second key hint information D104 stored encrypted, site URL D105, arbitrary Encryption level information D107, level 0 data D108 stored in plain text, level 1 data D109 encrypted with the first key, and first after encryption with the second key for each of the memo D106, login ID, password, and Email It is assumed that level 2 data D110 encrypted with a key is included.
  • FIG. 13 is a display example on the user terminal device 2 of the input form F12 possessed by the encrypted HTML file H1 in the present embodiment.
  • the key and its hint information, the encryption level of each item, input fields for data of each level, and the like, and a send button are provided.
  • FIG. 14 shows a display example on the user terminal device 2 of the input form F23 included in the decrypted HTML file H2 in the present embodiment.
  • the input form F23 includes input areas for the first and second keys, a transmission button and a display area for the hint information, and a decryption button.
  • the result of the decryption process is provided to the user by the decrypted data display area L241 of the decrypted HTML file H2 as shown in FIG.
  • the user can use the encrypted information storage system more conveniently by setting the arbitrary set and handling the storage target data like the login information to the website.
  • bank account information D2 is managed by the encryption information storage system according to the present invention.
  • the bank account information D2 includes arbitrary title D201, first key hint information D202, second key hint information D203 stored in plain text, second key hint information D204 stored encrypted, bank name, bank Number, branch name, branch number, account type, account number, personal identification number, subject of any user-specified item, value of any user-specified item, and encryption level information D205 for the contents of the random number table, in plain text Level 0 data D206 to be stored, level 1 data D207 to be encrypted with the first key, and level 2 data D208 to be encrypted with the first key after being encrypted with the second key.
  • the random number table is a matrix form of 5 columns from “A” to “O” and 5 rows from “1” to “5”, and all 25 from “A1” to “O5”. It shall have the value of For authentication in recent Internet banking systems and the like, authentication using a value in an arbitrary column designated by the system from a random number table of such a format is often used.
  • FIG. 17 is a display example on the user terminal device 2 of the input form F12 included in the encrypted HTML file H1 in the present embodiment.
  • the key and its hint information, the encryption level of each item, input fields for data of each level, and the like, and a send button are provided.
  • the value of the encryption level selected for the item may be set in the transmission form.
  • an arbitrary value such as an empty character string or a symbol designated in advance in the storage area for data of other encryption levels in the transmission form so that it can be determined that the value is not meaningful.
  • the account type corresponds to such an item, and as shown in FIG. 17, an input of only one value is accepted by a drop-down list.
  • data such as a random number table can be handled as data to be stored, and various data can be managed by the encryption information storage system.
  • Example 3 The present embodiment is an example in the case where information on a plurality of websites and banks is managed by the encryption information storage system according to the present invention.
  • a list of a plurality of storage target data stored by the user is generated by the encrypted information storage server device 1 and displayed on the user terminal device 2.
  • the list shown in FIG. 19A includes titles of respective sites and banks, ID level 0 data, and password level 0 data, and the user can browse the information.
  • each title is set as a hyperlink, and a click from the user, such as a site or bank designation, is accepted, and a key input and decrypted data display screen as shown in FIG. 19B is displayed. To do.
  • FIG. 19B is a level 0 data display screen, and therefore, ID and password level 0 data are displayed.
  • the screen transitions to a level 2 data display screen as shown in FIG.
  • a level having an input area of only the first key as shown in FIG. You may make it change to the display screen of 0 data.
  • the level 1 data of ID and password are hyperlinked as shown in FIG. 20B. Display as.
  • a hyperlink is clicked, a transition is made to a screen having level 1 data and a second key input area for the selected item, as shown in FIG.
  • the level 2 data of a single item is displayed as shown in FIG.
  • the level 0 data is displayed in the format of the random number table as shown in FIG. 21A at the level 0, and after the decryption processing by the first key, The screen transits to a screen displaying level 1 decrypted data as shown in 21 (b). Then, by receiving selection from the level 1 data, the level 2 decrypted data is displayed for one value in the random number table, as shown in FIG.
  • the level 0 data is provided to the user in a form that is highly viewable such as a list, and the level 2 data is provided with only necessary data such as individual display. By doing so, the difference in data handling due to the setting of the encryption level can be used more effectively.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

La présente invention est fournie afin de fournir un système de stockage d'informations chiffrées capable de stocker et de récupérer en toute sécurité une pluralité d'ensembles de données ayant différents degrés d'importance. Ce système de stockage d'informations chiffrées stocke des premières données cibles de stockage et des deuxièmes données cibles de stockage en tant que premières données chiffrées obtenues en chiffrant les premières données cibles de stockage à l'aide d'une première clé, et des troisièmes données chiffrées obtenues en chiffrant les deuxièmes données cibles de stockage à l'aide d'une seconde clé et en chiffrant en outre les deuxièmes données chiffrées résultantes à l'aide de la première clé, un moyen de sortie délivrant en sortie les premières données cibles de stockage et les deuxièmes données cibles de stockage déchiffrées par un moyen de déchiffrement.
PCT/JP2018/000883 2017-01-18 2018-01-15 Système de stockage d'informations chiffrées WO2018135447A1 (fr)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
JP2017-006388 2017-01-18
JP2017006388A JP6128627B1 (ja) 2017-01-18 2017-01-18 暗号化情報保管システム
JP2017-076305 2017-04-06
JP2017076305A JP6397953B2 (ja) 2017-04-06 2017-04-06 暗号化情報保管システム

Publications (1)

Publication Number Publication Date
WO2018135447A1 true WO2018135447A1 (fr) 2018-07-26

Family

ID=62908198

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2018/000883 WO2018135447A1 (fr) 2017-01-18 2018-01-15 Système de stockage d'informations chiffrées

Country Status (2)

Country Link
TW (1) TW201837693A (fr)
WO (1) WO2018135447A1 (fr)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2000138667A (ja) * 1999-11-29 2000-05-16 Hitachi Software Eng Co Ltd 回覧デ―タ参照順の制御方法およびシステム
JP2008193612A (ja) * 2007-02-07 2008-08-21 Fuji Xerox Co Ltd 文書処理装置およびプログラム
JP2010072916A (ja) * 2008-09-18 2010-04-02 Hitachi Software Eng Co Ltd データ保護システム及びデータ保護方法
JP2010231697A (ja) * 2009-03-30 2010-10-14 Fujitsu Fsas Inc ドキュメント提供装置,方法,およびプログラム
JP2012114592A (ja) * 2010-11-22 2012-06-14 Nec Corp データ処理装置およびデータ処理システムとデータ処理プログラムならびにアクセス制限方法

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2000138667A (ja) * 1999-11-29 2000-05-16 Hitachi Software Eng Co Ltd 回覧デ―タ参照順の制御方法およびシステム
JP2008193612A (ja) * 2007-02-07 2008-08-21 Fuji Xerox Co Ltd 文書処理装置およびプログラム
JP2010072916A (ja) * 2008-09-18 2010-04-02 Hitachi Software Eng Co Ltd データ保護システム及びデータ保護方法
JP2010231697A (ja) * 2009-03-30 2010-10-14 Fujitsu Fsas Inc ドキュメント提供装置,方法,およびプログラム
JP2012114592A (ja) * 2010-11-22 2012-06-14 Nec Corp データ処理装置およびデータ処理システムとデータ処理プログラムならびにアクセス制限方法

Also Published As

Publication number Publication date
TW201837693A (zh) 2018-10-16

Similar Documents

Publication Publication Date Title
US11973860B1 (en) Systems and methods for encryption and provision of information security using platform services
US9621343B1 (en) Systems and methods for providing information security using context-based keys
JP4994752B2 (ja) 情報処理システム
JP5777804B2 (ja) ウェブベースのセキュリティ認証システム及び方法
JP2012212211A (ja) 認証連携システム、および、認証連携方法
JP6364287B2 (ja) データ秘匿・復元装置、方法およびプログラム、データ秘匿・復元システム、ならびに帳票作成装置
JP2011238036A (ja) 認証システム、シングルサインオンシステム、サーバ装置およびプログラム
JP2004102460A (ja) 個人認証方法及びプログラム
US20240089249A1 (en) Method and system for verification of identify of a user
JP6131644B2 (ja) 情報処理装置、情報処理システム
JP6397953B2 (ja) 暗号化情報保管システム
JP6128627B1 (ja) 暗号化情報保管システム
WO2018135447A1 (fr) Système de stockage d'informations chiffrées
JP2017028441A (ja) 暗号化情報保管システム
JP2007142504A (ja) 情報処理システム
JP2006215795A (ja) サーバ装置、制御方法およびプログラム
JP2016162278A (ja) アクセス中継装置、情報処理方法、及びプログラム
JP2006004321A (ja) セキュリティシステム
JP2002351841A (ja) パスワード生成保存方式及び認証方式
JP5361850B2 (ja) アクセス管理システム
JP6745864B2 (ja) 機密情報管理システム
Sai Kishan et al. Password Generation Based on Song Lyrics and Its Management
Ananya ADDING A TIMER TO CAPTCHA-BASED RGB COLOR AUTHENTICATION
Potocký et al. Advanced Industrial Espionage: Mobile Device as Anti-Forensic and Anonymization Tool
Ashok Dynamic Cryptographic Algorithm to Provide Password Authentication using Cued Click Points

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18742059

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18742059

Country of ref document: EP

Kind code of ref document: A1