WO2022249293A1 - Procédé de commande, programme de commande, système de traitement d'informations et dispositif de traitement d'informations - Google Patents

Procédé de commande, programme de commande, système de traitement d'informations et dispositif de traitement d'informations Download PDF

Info

Publication number
WO2022249293A1
WO2022249293A1 PCT/JP2021/019841 JP2021019841W WO2022249293A1 WO 2022249293 A1 WO2022249293 A1 WO 2022249293A1 JP 2021019841 W JP2021019841 W JP 2021019841W WO 2022249293 A1 WO2022249293 A1 WO 2022249293A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
data
information processing
terminal
processing device
Prior art date
Application number
PCT/JP2021/019841
Other languages
English (en)
Japanese (ja)
Inventor
孝一 矢崎
大 山本
洋介 中村
忠信 角田
陸大 小嶋
Original Assignee
富士通株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 富士通株式会社 filed Critical 富士通株式会社
Priority to JP2023523770A priority Critical patent/JPWO2022249293A1/ja
Priority to PCT/JP2021/019841 priority patent/WO2022249293A1/fr
Publication of WO2022249293A1 publication Critical patent/WO2022249293A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules

Definitions

  • the present invention relates to control methods and the like.
  • conventional technology 1 conventional technology 2, etc. are used to share data between the sender and the receiver.
  • FIG. 13 is a diagram for explaining prior art 1.
  • FIG. 13 when data is shared between a sender and a receiver, a method of PPAP (Pre send Password file After send Password) is adopted.
  • PPAP Pre send Password file After send Password
  • the sender 10A encrypts the personal data 2 using a predetermined tool 3 and saves it in the storage 4a of the terminal of the sender 10a.
  • the tool 3 also transmits the encrypted data 2a and the password 2b for decrypting the encrypted data 2a to the terminal of the recipient 10B.
  • the encrypted data 2a and password 2b are stored in the storage 4b of the terminal of the recipient 10B.
  • the recipient 10B uses the password 2b to decrypt the encrypted data 2a and refers to the personal data 2.
  • FIG. 14 is a diagram for explaining the problem of prior art 1.
  • encrypted data 2a and password 2b transmitted from sender 10A are stored in reception box 8 of recipient 10B.
  • the recipient 10B does not perform appropriate management and receives unauthorized access to the reception box 8 from a third party, the encrypted data 2a and password 2b will be read, and the personal data 2 will be leaked.
  • FIG. 15 is a diagram for explaining conventional technique 2.
  • FIG. 15 data is shared between a sender and a receiver using storage on the cloud.
  • storage on the cloud will be referred to as “cloud storage” as appropriate.
  • the sender 10A encrypts the personal data 2 using a predetermined tool 5 and saves it in the storage 4a of the terminal of the sender 10a.
  • the tool 5 places the encrypted data in the cloud storage 6 and restricts access time to a fixed time.
  • the tool 5 transmits the shared link information 7 that gives access rights to the cloud storage 6 to the terminal of the recipient 10B, and stores it in the reception box 8 or the like.
  • the shared link information 8 may be set with the password of the encrypted data placed in the cloud storage 6.
  • the recipient 10B accesses the cloud storage 6 and acquires the personal data 2 based on the shared link information 7.
  • FIG. 1 A block diagram illustrating an exemplary computing environment in accordance with the present disclosure.
  • FIG. 16 is a diagram for explaining the problem of prior art 2.
  • a third party can access data placed in the cloud storage 6 if they know the shared link information 7 . Therefore, if the recipient 10B erroneously transfers the shared link information 7 to the third party 10C, the third party 10C can access the cloud storage 6 and obtain the data.
  • an object of the present invention is to provide a control method, a control program, an information processing system, and an information processing apparatus that can prevent third parties from viewing information.
  • the information processing device executes the following process as a control method.
  • the information processing device receives, from the first terminal, first information identifying the data of the first user stored in the cloud storage, and second information identifying the second user who is the destination of the data. to receive
  • the information processing device provides third information indicating that the data provider is the first user and the data provider is the second user, and signature information of the information processing device related to the third information. to the first terminal.
  • the information processing device stores the data in the storage destination. output instructions to
  • FIG. 1 is a diagram (1) for explaining the processing of the information processing system according to the embodiment.
  • FIG. 2 is a diagram (2) for explaining the processing of the information processing system according to the embodiment.
  • FIG. 3 is a diagram showing an example of the data structure of a token.
  • FIG. 4 is a diagram (3) for explaining the processing of the information processing system according to the embodiment.
  • FIG. 5 is a diagram (4) for explaining the processing of the information processing system according to the embodiment.
  • FIG. 6 is a functional block diagram showing the configuration of the terminal device 20A according to this embodiment.
  • FIG. 7 is a functional block diagram showing the configuration of the information processing apparatus according to this embodiment.
  • FIG. 8 is a flowchart (1) showing the processing procedure of the information processing apparatus according to the embodiment.
  • FIG. 9 is a flowchart (2) showing the processing procedure of the information processing apparatus according to the embodiment.
  • FIG. 10 is a diagram for explaining other processing of the information processing system.
  • FIG. 11 is a diagram illustrating an example of a hardware configuration of a computer that implements functions similar to those of the information processing apparatus.
  • FIG. 12 is a diagram showing an example of the hardware configuration of a computer that implements the same functions as the terminal device.
  • FIG. 13 is a diagram for explaining prior art 1.
  • FIG. FIG. 14 is a diagram for explaining the problem of prior art 1.
  • FIG. FIG. 15 is a diagram for explaining the prior art 2.
  • FIG. FIG. 16 is a diagram for explaining the problem of prior art 2.
  • FIG. 1 is a diagram (1) for explaining the processing of the information processing system according to this embodiment.
  • the information processing system has an information processing device 100 and terminal devices 20A, 20B, and 20C. Although illustration is omitted, the information processing device 100 and the terminal devices 20A, 20B, and 20C are interconnected via a network.
  • FIG. 1 illustrates a case in which the personal data 15 of the sender 10A is provided to the receiver 10B.
  • An agent 30 is operating in the terminal device 20A. Upon receiving the personal data 15 input, the agent 30 arranges the personal data 15 in the cloud storage CS1 of the sender 10A. The agent 30 transmits the token 16 generated by the information processing device 100 to the terminal device 20B.
  • the token 16 includes an instruction to move the personal data 15 placed in the cloud storage CS1 of the sender 10A to the cloud storage CS2 accessible only by the recipient 10B.
  • the terminal device 20B transmits the token 16 to the information processing device 100 upon receiving the operation input of the recipient 10B.
  • the information processing apparatus 100 moves the personal data 15 in the cloud storage CS1 to the cloud storage CS2 based on the command of the token 16.
  • the recipient 10B can operate the terminal device 20B to acquire the personal data 15 from the cloud storage CS2.
  • the terminal device 20C transmits the token 16 to the information processing device 100 upon receiving the operation input from the third party 10C.
  • the information processing apparatus 100 moves the personal data 15 in the cloud storage CS1 to the cloud storage CS2 based on the command of the token 16.
  • the information processing apparatus 100 moves the personal data 15 based on the command of the token 16, even if the token 16 is received from the terminal device 20C, the personal data 15 in the cloud storage CS1 is Move to cloud storage CS2. In other words, the information processing device 100 never moves the personal data 15 to the cloud storage CS3 or the like of the third party 10C.
  • the third party 10C cannot access the cloud storage CS2, so even if the recipient 10B erroneously transfers the token 16 to the terminal device 20C, the personal data 15 by the third party 10C is can be prevented from viewing.
  • FIG. 2 is a diagram (2) for explaining the processing of the information processing system according to the embodiment. As shown in FIG. 2, the information processing system executes the processes of steps S1 to S8 shown below.
  • step S1 executed by the information processing system will be explained.
  • the agent 30 of the terminal device 20A arranges the personal data 15 in the cloud storage CS1 of the sender 10A. Also, the agent 30 moves the personal data 15 in the cloud storage CS1 to the TaaS area TS1 accessible by the information processing device 100 . It is assumed that the personal data 15 is given a data ID (Identification) that can uniquely identify the data. For example, the data ID set in the personal data 15 corresponds to "first information".
  • step S2 executed by the information processing system will be described.
  • the agent 30 sends the destination list 11 specified by the sender 10A to the information processing device 100, thereby making a token generation request.
  • addresses (email addresses, etc.) of terminal devices to which personal data is provided are set.
  • the destination list 11 is set with the address of the terminal device 20B. If there are multiple supply destinations, multiple addresses are set in the destination list 11 .
  • FIG. 2 it is assumed that the address of the terminal device 20B (recipient 10B) is set in the destination list.
  • the addresses set in the destination list 11 correspond to the "second information".
  • the address set in the destination list 11 is used as information for identifying the recipient's cloud storage. For example, it is assumed that the recipient 10B uses two cloud storages CS2-1 and CS2-2 using the address of the terminal device 20B. In this case, the address of the terminal device 20B set in the destination list 11 identifies the cloud storages CS2-1 and CS2-2.
  • FIG. 3 is a diagram showing an example of the data structure of a token. As shown in FIG. 3, this token 16 has an address group, data ID, sender address, nonce, and signature information.
  • the addresses of the recipient 10B (the terminal device 20B of the recipient 10B) to which the personal data 15 set in the destination list 11 are provided are set in the address group.
  • the data ID is information that uniquely identifies the personal data 15 .
  • the sender address the address of the sender 10A (the terminal device 20A of the sender 10A) who provides the personal data 15 is set.
  • a nonce is information used for countermeasures against replay attacks.
  • the signature information is signature information generated by the TaaS key possessed by the information processing apparatus 100 .
  • the information processing apparatus 100 generates signature information by converting data in a predetermined area of the token 16 into a hash value using a hash function and encrypting the hash value using the TaaS key.
  • the address group and sender address included in the token 16 correspond to "third information”.
  • the signature information included in the token 16 corresponds to "fourth information”.
  • step S4 executed by the information processing system will be described.
  • the agent 30 acquires the token 16 from the information processing device 100 .
  • step S5 executed by the information processing system will be described.
  • the agent 30 transmits the token 16 obtained from the information processing device 100 to the terminal device 20B.
  • step S6 executed by the information processing system will be described.
  • the terminal device 20B receives the token 16 from the agent 30, the terminal device 20B displays screen information indicating that the token 16 (mail from the sender 10A) has been received on the display screen or the like of the terminal device 20B.
  • the recipient 10B operates the terminal device 20B, selects the token 16, and selects one of the cloud storages CS2-1 and CS2-2.
  • the receiver 10B selects the cloud storage CS2-1 from among the cloud storages CS2-1 and CS2-2.
  • the terminal device 20B transmits the token 16 to the information processing device 100 upon receiving the operation from the recipient 10B.
  • Information indicating that the cloud storage CS2-1 has been selected is added to the token 16.
  • FIG. Such selected cloud storage information corresponds to "fifth information”.
  • step S7 executed by the information processing system will be described.
  • the information processing device 100 receives the token 16
  • the information processing device 100 performs the following process.
  • the information processing device 100 authenticates the token 16 based on the signature information included in the token 16 and the TaaS key. For example, the information processing apparatus 100 determines that the authentication of the token 16 has succeeded when the hash value of the data in the predetermined area of the token 16 with the hash function corresponds to the value obtained by decrypting the signature information with the TaaS key.
  • the information processing device 100 accesses the TaaS area TS1 associated with the sender address of the token 16 and acquires the personal data 15 corresponding to the data ID.
  • the information processing apparatus 100 is the cloud storage CS2-1 selected by the recipient 10B from among the cloud storages CS2-1 and CS2-2 set in the address group, and corresponds to the cloud storage CS2-1. Identify the TaaS area TS2. The information processing device 100 arranges the personal data 15 in the TaaS area TS2.
  • step S8 executed by the information processing system will be explained.
  • the terminal device 20B accesses the cloud storage CS2-1 and moves the personal data 15 arranged in the TaaS area TS2 to the cloud storage CS2-1.
  • the information processing system can securely share the personal data 15 between the sender 10A and the receiver 10B by executing the processes of steps S1 to S8.
  • steps S1 to S8 the processes of steps S1 to S8.
  • the token 16 is erroneously transferred to the terminal device 20C of the third party 10C, as described in FIG. Since the personal data 15 is stored in the cloud storage CS2-1, information leakage of the personal data 15 can be prevented.
  • cloud storage shown in FIG. 2 and the TaaS area may be set in the same storage device.
  • the cloud storage of the sender 10A and the cloud storage of the receiver 10B may be the same cloud storage.
  • FIG. 4 and 5 are diagrams (3) and (4) for explaining the processing of the information processing system according to the embodiment.
  • the agent 30 of the terminal device 20A executes authentication processing with the cloud storage CS1 (step S20). If the authentication process succeeds, the agent 30 transmits personal data to the cloud storage CS1 (step S21). Cloud storage CS1 stores personal data (step S22).
  • the cloud storage CS1 moves the personal data to the TaaS area TS1 according to the agent 30's instruction (step S23).
  • the TaaS area TS1 stores personal data (step S24).
  • the information processing device 100 acquires the personal data saved in the TaaS area TS1 (step S25).
  • the agent 30 and the information processing device 100 execute authentication processing (step S26).
  • the agent 30 transmits the destination list to the information processing device 100 (step S27).
  • the information processing device 100 generates a token (step S28).
  • the information processing device 100 transmits the token to the agent 30 (step S29).
  • the agent 30 transmits the token received from the information processing device 100 to the terminal device 20B (step S30).
  • the terminal device 20B transmits the token received from the agent 30 of the terminal device 20A to the information processing device 100 (step S31).
  • the information processing device 100 identifies the destination of the personal data based on the token (step S32).
  • the information processing device 100 moves the personal data to the TaaS area TS2 (step S33).
  • the TaaS area TS2 stores personal data (step S34).
  • the TaaS domain TS2 notifies the terminal device 20B that the personal data has been saved according to the instruction from the information processing device 100 (step S35).
  • the terminal device 20B executes authentication processing with the cloud storage CS2 (step S36).
  • the TaaS domain TS2 moves the personal data to the cloud storage CS2 according to the instruction from the terminal device 20B that has succeeded in the authentication process (step S37).
  • Cloud storage CS2 stores the personal data (step S38).
  • the terminal device 20B acquires personal data from the cloud storage CS2 (step S39).
  • the terminal device 20A corresponds to a smart phone, a tablet terminal, a notebook PC (Personal Computer), a PC, or the like. Only functions that are closely related to this embodiment will be described here.
  • FIG. 6 is a functional block diagram showing the configuration of the terminal device 20A according to this embodiment. As shown in FIG. 6, the terminal device 20A has a communication section 21, an input section 22, a display section 23, a storage section 24, and a control section 25. FIG.
  • the communication unit 21 performs data communication with the information processing device 100, the terminal device 20B, the cloud storage CS1, etc. via the network.
  • the communication unit 21 is an example of a communication device.
  • the input unit 22 is an input device for inputting various types of information to the terminal device 20A.
  • sender 10A operates input unit 22 to input personal data 15 .
  • the sender 10A operates the input unit 22 to input the address of the recipient of the personal data 15.
  • the display unit 23 is a display device that displays information output from the control unit 25 .
  • the storage unit 24 has a destination list 11, personal data 15, and a token 16.
  • the storage unit 24 corresponds to semiconductor memory devices such as RAM (Random Access Memory) and flash memory, and storage devices such as HDD (Hard Disk Drive).
  • the destination list 11 contains addresses to which the personal data 15 is provided.
  • the addresses set in the destination list 11 are designated by the sender 10A.
  • the personal data 15 is data provided by the sender 10A to the recipient 10B.
  • the token 16 is information generated by the information processing device 100 .
  • the data structure of token 16 corresponds to the data structure described in FIG.
  • the control unit 25 has a reception unit 25a and an agent execution unit 25b.
  • the control unit 25 is implemented by hardwired logic such as a CPU (Central Processing Unit), a GPU (Graphics Processing Unit), an ASIC (Application Specific Integrated Circuit), and an FPGA (Field Programmable Gate Array).
  • the reception unit 25a receives various types of information from the communication unit 21 and the input unit 22. For example, reception unit 25 a receives personal data 15 from communication unit 21 or input unit 22 and stores it in storage unit 24 . Upon receiving the address of the recipient of the personal data 15 , the receiving unit 25 a sets the received address in the destination list 11 .
  • the agent execution unit 25b executes the agent 30.
  • the contents of processing performed by the agent 30 correspond to the processing of the agent 30 described with reference to FIGS. 1, 2, and 4.
  • FIG. An example of the contents of the processing of the agent 30 will be described below.
  • the agent 30 performs authentication processing with the cloud storage CS1. For example, the agent 30 uses the user ID and password specified by the sender 10A to issue an authentication request to the cloud storage CS1. The agent 30 stores the personal data 15 in the cloud storage CS1 when the authentication is successful. The agent 30 requests the cloud storage CS1 to move the personal data 15 to the TaaS area TS1.
  • the agent 30 performs authentication processing with the information processing device 100 .
  • the agent 30 makes an authentication request to the information processing device 100 using the user ID and password specified by the sender 10A.
  • the agent 30 transmits a token generation request to the information processing device 100 when the authentication is successful.
  • the token generation request includes the destination list 11, the data ID for identifying the personal data 15, and the address of the terminal device 20A.
  • the agent 30 When the agent 30 receives the token 16 from the information processing device 100, the agent 30 transmits the token 16 to the terminal device (for example, the terminal device 20B) of the address set in the destination list 11.
  • the terminal device for example, the terminal device 20B
  • the configurations of the terminal devices 20B and 20C described with reference to FIG. 1 and the like correspond to smartphones, tablet terminals, notebook PCs, PCs, etc., so descriptions using functional block diagrams are omitted.
  • FIG. 7 is a functional block diagram showing the configuration of the information processing apparatus according to this embodiment.
  • the information processing apparatus 100 has a communication section 110 , a storage section 140 and a control section 150 .
  • the communication unit 110 performs data communication with the terminal devices 20A, 20B, TaaS areas TS1, TS2, TS3, etc. via the network.
  • Communication unit 110 is an example of a communication device.
  • the storage unit 140 has a personal data table 141, TaaS key information 142, and a token 16.
  • the storage unit 140 corresponds to semiconductor memory elements such as RAM and flash memory, and storage devices such as HDD.
  • the personal data table 141 holds personal data (eg, personal data 15) provided by a sender (eg, sender 10A) to a receiver (eg, receiver 10B). Personal data 15 is obtained from the TaaS area TS1. Personal data in the personal data table 141 is associated with a unique data ID.
  • the TaaS key information 142 is used when generating signature information to be registered in the token 16 and when authenticating the signature information of the token 16.
  • the token 16 is generated by the control unit 150, which will be described later.
  • the data structure of token 16 corresponds to the data structure described in FIG.
  • the control unit 150 has a reception unit 151 , a generation unit 152 and a movement control unit 153 .
  • the control unit 150 is realized by hardwired logic such as CPU, GPU, ASIC, FPGA, or the like.
  • the receiving unit 151 periodically accesses the TaaS area TS1 and acquires the personal data 15.
  • the receiving unit 151 registers the acquired personal data 15 in the personal data table 141 .
  • the receiving unit 151 may access another TaaS area, acquire other personal data, and register it in the personal data table 141 .
  • the receiving unit 151 receives an authentication request from the agent 30 of the terminal device 20A, and performs authentication based on the user ID, password, etc. received from the agent 30.
  • the receiving unit 151 receives a token generation request from the agent 30 when the authentication is successful.
  • the reception unit 151 outputs the information of the token generation request to the generation unit 152 .
  • the generation unit 152 is a processing unit that generates the token 16.
  • the generation unit 152 sets the destination list 11, the data ID, and the address of the terminal device 20A included in the token generation request to the address group, data ID, and sender address of the token 16, respectively.
  • the generation unit 152 generates nonce information and sets it in the token 16 .
  • the generation unit 152 uses the TaaS key information 142 to generate signature information and set it in the token 16 .
  • the generation unit 152 converts the address group, data ID, and sender address set in the token 16 into a hash value using a hash function, encrypts the hash value with the TaaS key information 142, and converts the signature information to Generate.
  • the generation unit 152 transmits the token 16 generated by the above process to the agent 30 of the terminal device 20A.
  • the movement control unit 153 is a processing unit that, when receiving the token 16 from the terminal device 20B or the like, moves the personal data 15 registered in the personal data table 141 to the designated TaaS area based on the token 16. For example, the movement control unit 153 executes the following processes.
  • the movement control unit 153 When the movement control unit 153 receives the token 16, it authenticates whether the token 16 is a proper token.
  • the movement control unit 153 converts the address group, data ID, and sender address set in the received token 16 into hash values using a hash function.
  • the movement control unit 153 decrypts the signature information set in the received token 16 with the TaaS key information.
  • the movement control unit 153 determines that the token 16 is a proper token when the decrypted value and the hash value match.
  • the movement control unit 153 performs authentication using the nonce information set in the token 16 .
  • the movement control unit 153 acquires the personal data 15 corresponding to the data ID set in the token 16 from the personal data table 141.
  • the movement control unit 153 also identifies the cloud storage to which the personal data 15 is to be moved based on the addresses set in the address group of the token 16 . If there are a plurality of cloud storages corresponding to the address, the movement control unit 153 identifies the cloud storage to be the destination based on the cloud storage selection information given to the token 16 .
  • the movement control unit 153 arranges the personal data 15 in the TaaS area corresponding to the specified cloud storage.
  • the movement control unit 153 places the personal data 15 in the TaaS area TS2.
  • the movement control unit 153 arranges the personal data 15 in the TaaS area TS3.
  • FIG. 8 is a flowchart (1) showing the processing procedure of the information processing apparatus according to the embodiment.
  • the receiving unit 151 of the information processing device 100 acquires personal data from the TaaS area and registers the acquired personal data in the personal data table 141 (step S101).
  • the receiving unit 151 executes authentication processing with the agent of the terminal device (step S102).
  • the receiving unit 151 receives a token generation request from the agent when the authentication is successful (step S103).
  • the generation unit 152 of the information processing device 100 generates the token 16 based on the token generation request (step S104).
  • the generation unit 152 transmits the generated token 16 to the agent (step S105).
  • FIG. 9 is a flowchart (2) showing the processing procedure of the information processing apparatus according to this embodiment.
  • the movement control unit 153 of the information processing device 100 receives a token from the terminal device (step S201).
  • the movement control unit 153 executes token authentication (step S202). When the token authentication is successful, the movement control unit 153 acquires personal data corresponding to the data ID of the token from the personal data table 141 (step S203).
  • the movement control unit 153 identifies the destination TaaS area based on the token and selection information (step S204). The movement control unit 153 moves the personal data to the specified TaaS area (step S205).
  • the information processing device 100 When receiving the token generation request (destination list 11) from the terminal device 20A, the information processing device 100 generates the token 16 and transmits the token 16 to the terminal device 20A.
  • information processing apparatus 100 receives token 16 from terminal device 20B, information processing apparatus 100 places personal data 15 placed in TaaS area TS1 in the TaaS area specified by token 16 (for example, TaaS area TS2). .
  • the TaaS area TS2 is an area accessible only by the recipient 10B of the destination list 11 to which the personal data 15 is provided. Therefore, even if the token 16 is erroneously transferred to the terminal device 20C of the third party 10C, information leakage of the personal data 15 can be prevented.
  • data is not exposed to an unspecified number of people without pre-setting such as common passwords among related parties and which cloud storage is used as the delivery destination of personal data.
  • personal data can only be shared with the parties concerned.
  • the information processing apparatus 100 When the information processing apparatus 100 receives the token 16, the information processing apparatus 100 authenticates the token 16 based on the signature information included in the token 16, and designates the personal data 15 as the token 16 when the authentication is successful. Move to the TaaS area where As a result, the personal data 15 can be moved appropriately.
  • the information processing device 100 acquires the personal data 15 from the TaaS area TS1 shared with the terminal device 20A. This allows the sender 10A of the terminal device 20A to securely transfer the personal data 15 to the information processing device 100.
  • FIG. 1 A block diagram illustrating an exemplary computing environment in accordance with the present disclosure.
  • processing of the information processing system described above is an example, and other processing may be executed.
  • an agent may be introduced into the terminal device 20B to automate the work of the recipient 10B.
  • FIG. 10 is a diagram for explaining other processing of the information processing system. Among the processes shown in FIG. 10, the processes of steps S1 to S5 and S7 are the same as the processes of steps S1 to S5 and S7 described with reference to FIG. 3, so description thereof will be omitted. As shown in FIG. 10, an agent 31 operates in the terminal device 20B.
  • step S6' executed by the information processing system will be described.
  • the agent 31 Upon receiving the token 16 from the agent 30 of the terminal device 20 ⁇ /b>A, the agent 31 transfers the token 16 to the information processing device 100 . If there are a plurality of cloud storages corresponding to the address of the terminal device 20B, the recipient 10B sets information indicating which cloud storage to use in the agent 31 in advance. The agent 31 provides the token 16 with cloud storage information set in advance.
  • step S8' A description will be given of the processing of step S8', which is timed by the information processing system.
  • the agent 31 accesses the cloud storage CS2-1 and moves the personal data 15 placed in the TaaS area TS2 to the cloud storage CS2-1. For example, the agent 31 rewrites the link destination of the token in the Mail Box to the unique storage (cloud storage CS2-1) of the recipient 10B.
  • the recipient 10B can easily obtain the personal data 15 by having the agent 31 act for the recipient 10B.
  • FIG. 11 is a diagram illustrating an example of a hardware configuration of a computer that implements functions similar to those of the information processing apparatus.
  • the computer 200 has a CPU 201 that executes various arithmetic processes, an input device 202 that receives data input from the user, and a display 203 .
  • the computer 200 also has a communication device 204 that receives data from an external device, and an interface device 205 that connects with various devices.
  • the computer 200 has a RAM 206 that temporarily stores various information and a hard disk device 207 . Each device 201 - 207 is then connected to a bus 208 .
  • the hard disk device 207 has a reception program 207a, a generation program 207b, and a movement control program 207c.
  • the CPU 201 reads out the reception program 207a, the generation program 207b, and the movement control program 207c and develops them in the RAM 206.
  • FIG. 1 A reception program 207a, a generation program 207b, and a movement control program 207c.
  • the receiving program 207a functions as a receiving process 206a.
  • Generation program 207b functions as generation process 206b.
  • the movement control program 207c functions as a movement control process 206c.
  • the processing of the receiving process 206a corresponds to the processing of the receiving unit 151.
  • the processing of the generation process 206 b corresponds to the processing of the generation unit 152 .
  • Processing of the movement control process 206 c corresponds to processing of the movement control unit 153 .
  • each program 207a to 207c do not necessarily have to be stored in the hard disk device 207 from the beginning.
  • each program is stored in a “portable physical medium” such as a flexible disk (FD), CD-ROM, DVD disk, magneto-optical disk, IC card, etc. inserted into the computer 200 .
  • the computer 200 may read and execute each program 207a to 207c.
  • FIG. 12 is a diagram showing an example of the hardware configuration of a computer that implements the same functions as the terminal device.
  • the computer 300 has a CPU 301 that executes various arithmetic processes, an input device 302 that receives data input from the user, and a display 303 .
  • the computer 300 also has a communication device 304 that receives data from an external device, and an interface device 305 that connects to various devices.
  • the computer 300 has a RAM 306 that temporarily stores various information and a hard disk device 307 . Each device 301 - 307 is then connected to a bus 308 .
  • the hard disk device 307 has a reception program 307a and an agent execution program 307b.
  • the CPU 301 reads the receiving program 307 a and the agent execution program 307 b and develops them in the RAM 306 .
  • the receiving program 307a functions as a receiving process 306a.
  • Agent execution program 307b functions as agent execution process 306b.
  • the processing of the reception process 306a corresponds to the processing of the reception unit 25a.
  • Processing of the agent execution process 306b corresponds to processing of the agent execution unit 25b.
  • each program does not necessarily have to be stored in the hard disk device 307 from the beginning.
  • each program is stored in a “portable physical medium” such as a flexible disk (FD), CD-ROM, DVD disk, magneto-optical disk, IC card, etc. inserted into the computer 300 . Then, the computer 300 may read and execute the programs 307a and 307b.
  • a “portable physical medium” such as a flexible disk (FD), CD-ROM, DVD disk, magneto-optical disk, IC card, etc.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

Lors de la réception, en provenance d'un premier terminal, de premières informations qui identifient des données d'un premier utilisateur telles que stockées dans un stockage en nuage et de secondes informations qui identifient un second utilisateur qui est un destinataire des données, ce dispositif de traitement d'informations transmet des troisièmes informations qui indiquent qu'un fournisseur des données est le premier utilisateur et que le destinataire des données est le second utilisateur, et des quatrièmes informations qui indiquent des informations de signature d'un dispositif de traitement d'informations se rapportant aux troisièmes informations, au premier terminal. Lors de la réception, en provenance d'un second terminal, des premières informations, des troisièmes informations, des quatrièmes informations et de cinquièmes informations qui indiquent une destination de stockage de données, le dispositif de traitement d'informations émet une instruction pour stocker les données dans la destination de stockage.
PCT/JP2021/019841 2021-05-25 2021-05-25 Procédé de commande, programme de commande, système de traitement d'informations et dispositif de traitement d'informations WO2022249293A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
JP2023523770A JPWO2022249293A1 (fr) 2021-05-25 2021-05-25
PCT/JP2021/019841 WO2022249293A1 (fr) 2021-05-25 2021-05-25 Procédé de commande, programme de commande, système de traitement d'informations et dispositif de traitement d'informations

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2021/019841 WO2022249293A1 (fr) 2021-05-25 2021-05-25 Procédé de commande, programme de commande, système de traitement d'informations et dispositif de traitement d'informations

Publications (1)

Publication Number Publication Date
WO2022249293A1 true WO2022249293A1 (fr) 2022-12-01

Family

ID=84229700

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2021/019841 WO2022249293A1 (fr) 2021-05-25 2021-05-25 Procédé de commande, programme de commande, système de traitement d'informations et dispositif de traitement d'informations

Country Status (2)

Country Link
JP (1) JPWO2022249293A1 (fr)
WO (1) WO2022249293A1 (fr)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003030356A (ja) * 2001-07-19 2003-01-31 Nec Corp データサービス方法およびシステム、データ処理装置および方法、コンピュータプログラム
JP2010226336A (ja) * 2009-03-23 2010-10-07 Denso It Laboratory Inc 認証方法および認証装置
JP2011003187A (ja) * 2009-06-22 2011-01-06 Samsung Electronics Co Ltd クラウドストレージを提供するクライアント、仲介サーバ及び方法

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003030356A (ja) * 2001-07-19 2003-01-31 Nec Corp データサービス方法およびシステム、データ処理装置および方法、コンピュータプログラム
JP2010226336A (ja) * 2009-03-23 2010-10-07 Denso It Laboratory Inc 認証方法および認証装置
JP2011003187A (ja) * 2009-06-22 2011-01-06 Samsung Electronics Co Ltd クラウドストレージを提供するクライアント、仲介サーバ及び方法

Also Published As

Publication number Publication date
JPWO2022249293A1 (fr) 2022-12-01

Similar Documents

Publication Publication Date Title
US11750591B2 (en) Key attestation statement generation providing device anonymity
CN106716914B (zh) 用于漫游的受保护内容的安全密钥管理
WO2019105290A1 (fr) Procédé de traitement de données, et procédé et appareil d'application de données de ressource d'interface utilisateur de confiance
TWI585612B (zh) 管理具有隔離元件的現場可程式設計閘陣列的使用
CN1985466B (zh) 使用分发cd按签署组向设备传递直接证据私钥的方法
US9032192B2 (en) Method and system for policy based authentication
US8850216B1 (en) Client device and media client authentication mechanism
US8953805B2 (en) Authentication information generating system, authentication information generating method, client apparatus, and authentication information generating program for implementing the method
CN105993146A (zh) 不访问私钥而使用公钥密码的安全会话能力
CN111193703A (zh) 在分散式网络中使用的通信装置和通信方法
JP6930053B2 (ja) 装置認証キーを利用したデータ暗号化方法およびシステム
CA2891610C (fr) Agent dispensant un service de securite nuagique et dispositif de jeton de securite destine au service de securite nuagique
JP2007020065A (ja) 復号化バックアップ方法、復号化リストア方法、認証デバイス、個別鍵設定機、利用者端末、バックアップ装置、暗号化バックアッププログラム、復号化リストアプログラム
CN112187726A (zh) 数据传输方法、装置、存储介质及终端
JP2010217604A (ja) 画像形成装置、情報管理方法、及びプログラム
WO2020177109A1 (fr) Procédé de traitement de tirage au sort, puce de confiance, nœud, support de stockage et dispositif électronique
WO2022249293A1 (fr) Procédé de commande, programme de commande, système de traitement d'informations et dispositif de traitement d'informations
CN114223176B (zh) 一种证书管理方法及装置
JP2001125481A (ja) 暗号通信端末、暗号通信センター装置及び暗号通信システム並びに記録媒体
JP2008011100A (ja) 属性認証方法、属性証明書生成装置、サービス提供先装置、サービス提供元装置、及び属性認証システム
WO2023228373A1 (fr) Automate programmable (plc), procédé de commande et programme
JP2008306685A (ja) セキュリティ情報設定システム、そのマスタ端末、一般端末、プログラム
JP2023048525A (ja) データ共有装置、及び、データ共有方法
CN114282235A (zh) 一种对接硬件安全模块的系统和服务器
US20150326544A1 (en) Method of processing data in distributed storage system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21942948

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 2023523770

Country of ref document: JP

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21942948

Country of ref document: EP

Kind code of ref document: A1