WO2016175334A1 - 端末装置およびコンピュータプログラム - Google Patents
端末装置およびコンピュータプログラム Download PDFInfo
- Publication number
- WO2016175334A1 WO2016175334A1 PCT/JP2016/063614 JP2016063614W WO2016175334A1 WO 2016175334 A1 WO2016175334 A1 WO 2016175334A1 JP 2016063614 W JP2016063614 W JP 2016063614W WO 2016175334 A1 WO2016175334 A1 WO 2016175334A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- file
- terminal device
- storage
- information
- divided
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
Definitions
- the present invention relates to a terminal device and a computer program having a data encryption function.
- Patent Document 1 Japanese Patent Application Laid-Open No. H10-228561 discloses that the stored data is protected by double encryption.
- An object of the present invention is to provide a terminal device that can protect data more safely.
- a terminal device provides: A dividing means for dividing a file to be saved and generating a divided file; Selecting means for selecting one of a plurality of encryption methods and a plurality of storage destinations; A storage unit that encrypts the divided file generated by the dividing unit using the encryption method selected by the selecting unit, and stores the encrypted divided file in a physical storage destination selected by the selecting unit; , A table for storing information specifying the divided file, the encryption method, and a physical address of a storage destination in association with each other; Is provided.
- the storage means further stores information specifying the encryption method in the physical storage destination, Storing the divided file generated by the dividing unit and information for specifying an encryption method for encrypting the divided file in different storage destinations; You may comprise as follows.
- an acquisition means for acquiring the user's biological information
- a division size setting unit for obtaining the size of the divided file from conversion information for converting the biometric information acquired by the acquisition unit into the size of the divided file
- the dividing unit generates a divided file having the size obtained by the divided size setting unit.
- the biological information includes a plurality of types of biological information
- the division size setting means obtains the size of the division file from the conversion information for each of the plurality of types of biological information,
- the dividing unit divides the file to be saved and generates one or a plurality of divided files among the sizes obtained by the divided size setting unit. You may comprise as follows.
- the division size setting means is a division size table that stores a condition based on a user's biometric information and a size of a division file in association with each other,
- the selection means further selects the size of the divided file from the division size table based on the biological information acquired by the acquisition means,
- the dividing unit generates a divided file of the size selected by the selecting unit; You may comprise as follows.
- You may comprise as follows.
- the biological information includes a plurality of types of biological information
- the creation means creates the encryption keys from the plurality of types of biological information
- the storage means encrypts the divided file by using one or a plurality of encryption keys among the encryption keys created by the creation means, You may comprise as follows.
- a divided file specifying means for specifying the divided file corresponding to the read target file;
- a specifying unit that specifies the physical address of the storage destination of the divided file and the encryption method with reference to the table;
- Reproducing means for reading the divided file from the physical address specified by the specifying means and decrypting based on the specified encryption method; May be further provided.
- the divided file is composed of data for one cluster, for example.
- At least one of the plurality of storage destinations is detachably attached.
- At least one of the plurality of storage destinations is arranged on the cloud.
- a computer program for causing a computer to function as the above-described terminal device is also included in the invention.
- the encryption method and the storage destination are changed for each divided data, decryption becomes more difficult. Thereby, data can be protected more safely. On the other hand, the processing burden is small.
- FIG. 3 is a diagram for explaining a configuration of a cluster according to the first embodiment; It is a figure for demonstrating the encryption process which the terminal device of FIG. 1 performs. It is a figure which shows the structural example of a file management table. It is a flowchart of the file storage process which the terminal device of FIG. 1 performs. It is a flowchart of the file reproduction
- FIG. 3 is a diagram for explaining a configuration of a cluster according to the first embodiment; It is a figure for demonstrating the encryption process which the terminal device of FIG. 1 performs. It is a figure which shows the structural example of a file management table. It is a flowchart of the file storage process which the terminal device of FIG. 1 performs. It is a flowchart of the file reproduction
- FIG. 6 is a block diagram of a modification of the terminal device or the like according to the first embodiment. It is a block diagram of a terminal device or the like according to the second embodiment of the present invention. It is a figure which shows the example of the file management table concerning Embodiment 2. It is a figure which shows the example of the division
- FIG. It is a flowchart of the file storage process which the terminal device shown in FIG. 8 performs.
- 12 is a flowchart illustrating a detailed example of file division processing and encryption processing illustrated in FIG. 11.
- 12 is a flowchart illustrating a detailed example of distributed storage processing illustrated in FIG. 11. It is a figure which shows the example of the file storage process shown in FIG.
- FIG. 20 is another diagram illustrating the configuration of one sector realized by the pad data position selection table of FIG. 19.
- the terminal device 10 according to Embodiment 1 of the present invention will be described below with reference to the drawings.
- the terminal device 10 according to the present embodiment is a so-called smartphone and has a function of encrypting data and distributing and storing the data.
- the terminal device 10 includes a control unit 110, a microphone 11, a speaker 12, a touch panel 13, a camera 14, storage units 111 and 112, and a communication unit connected to the control unit 110. 113.
- the microphone 11 is a device that picks up a user's voice in a voice call.
- the speaker 12 outputs the received voice in a voice call.
- the touch panel 13 is configured by stacking a touch sensor and a display device. The touch sensor determines the operation position of the user.
- the display device displays various information under the control of the control unit 110.
- the camera 14 is disposed in front of the terminal device 10 and images a subject.
- the control unit 110 includes a processor, a RAM (Random Access Memory), and the like, and executes application programs stored in the storage units 111 and 112.
- the application program includes a file management program, a mail program, a schedule management program, and the like.
- the control unit 110 distributes and stores various files (data) by executing a file management program, reads the data from a plurality of locations, and decrypts the original data.
- the storage units 111 and 112 are non-volatile memories used as auxiliary storage devices, and are composed of flash memories or the like.
- the storage unit 111 stores a file management program FMP
- the storage unit 112 stores a file allocation table (file management table) FMT.
- the storage units 111 and 112 store highly confidential information such as so-called telephone directory data and schedule data in a distributed manner.
- the storage units 111 and 112 are detachably connected to the terminal device 10, respectively. Specifically, the storage units 111 and 112 are attached to a slot or the like formed in the casing of the terminal device 10 and are connected to the control unit 110 via the connector CN.
- the communication unit 113 performs wireless communication with a base station or a nearby access point under the control of the control unit 110, and performs voice call, mail communication, data communication, and the like.
- one file is divided into clusters which are the minimum unit of computer desk access.
- the number of sectors included in one cluster is arbitrary, in the following description, it is assumed to be eight as shown in FIG. 2B.
- one sector is 512 bytes. Therefore, one cluster has a size of 4,096 bytes (about 4 Kbytes).
- the application program manages sectors and clusters with logical addresses.
- the cluster is specified by the upper n-3 bits of the n-bit logical address.
- Each sector in the cluster is specified by the lower 3 bits of the logical address.
- the logical address for a cluster means the upper (n-3) bits of the entire n-bit logical address.
- a cluster (hereinafter referred to as an odd-numbered logical address ((n-3) bits)) is assigned.
- An odd logical address cluster) and a cluster to which an even logical address is assigned (hereinafter, even logical address cluster) are processed differently.
- the file management program FMP performs an encryption process with the encryption key KA on a cluster to which an odd logical address is assigned, and stores it in an arbitrary physical address PA on the storage unit 111.
- the encryption key KA is stored on the storage unit 112.
- the file management program FMP performs an encryption process with the encryption key KB on the cluster to which the even logical address is assigned, and stores it in an arbitrary physical address PB on the storage unit 112.
- the encryption key PB is stored on the storage unit 111.
- the file management program FMP generates the file management table FMT shown in FIG. 2D after performing the above-described processing. This indicates that the cluster specified by the logical address Li is stored in the physical address PAi (or PBi) and encrypted with the key KA (or KB).
- the file management table is stored in the control unit 110. Since the key is specified from the logical address Li, the key KA or KB need not be stored.
- the file management program FMP When the file management program FMP receives a request for access to a file from the application program, the file management program FMP obtains the logical address (n-3 bits as described above) of the cluster that constitutes the access target file.
- the file management program FMP When the file management program FMP receives a request for access to the file from the application program, the file management program FMP obtains the logical address of the first cluster constituting the file to be accessed.
- the access request includes, for example, the logical address of the head sector.
- the file management program FMP obtains the logical address of the leading cluster from the logical address of the leading sector.
- the file management program FMP refers to the file management table FMT to obtain the corresponding physical address, and further specifies the encryption key.
- the file management program FMP reads data from the corresponding physical address, encodes it using the specified encryption key, and passes it to the application.
- the file management program FMP executes the same operation in the subsequent cluster, decrypts all the clusters, and passes it to the application program to end the process.
- control unit 110 starts the file storage process shown in FIG.
- control unit 110 executes the file management program FMP, identifies the logical address Li of the first cluster that constitutes the file to be saved, and determines whether it is an odd number or an even number (step S11). If the logical address Li is an odd number (step S11: Yes), as shown in FIG. 2C, the cluster to be processed is encrypted with the encryption key KA (step S12). The control unit 110 stores the encrypted cluster in a free area on the storage unit 111 (step S13).
- control unit 110 associates the logical address Li of the processed cluster with the physical address PAi of the stored area and the encryption key KA and registers them in the file management table FMT as shown in FIG. 2D (step S14). .
- control unit 110 determines whether or not the storage of the file has ended (step S15). If the storage has not ended (step S15: No), the logical address Li is incremented by 1 (step S18). Subsequently, the process returns to step S11 to process the next cluster.
- step S11 determines whether the logical address of the cluster to be processed is an even number (step S11: No). If it is determined in step S11 that the logical address of the cluster to be processed is an even number (step S11: No), the cluster to be processed is encrypted with the encryption key KB as shown in FIG. 2C (step S11). S16). The control unit 110 stores the encrypted cluster in a free area on the storage unit 112 (step S17).
- control unit 110 associates the logical address Li of the processed cluster with the physical address PBi of the stored area and the encryption key KB and registers them in the file management table FMT as shown in FIG. 2D (step S14). .
- control unit 110 determines whether or not the storage of the file has ended (step S15). If the storage has not ended (step S15: No), the logical address Li is incremented by 1 (step S18). Subsequently, the process returns to step S11 to process the next cluster.
- step S15 If it is determined in step S15 that the file has been saved (step S15: Yes), the file storage process ends.
- the read target is specified in the format of the logical address and data amount of the first sector constituting the file.
- control unit 110 obtains the logical address of the head cluster, refers to the file management table FMT, and specifies the encryption key that encrypted the cluster to be processed and the physical address of the storage location (step S21).
- control unit 110 reads a cluster from the physical address specified in step S21 (step S22).
- control unit 110 decrypts the read cluster with the encryption key specified in step S21 (step S23) and passes it to the application program.
- step S24 it is determined whether or not the reading of the file has been completed. If it has not been completed (step S24: No), the process returns to step S21 and the same file reproduction process is continued for the next cluster.
- step S24 If it is determined in step S24 that the reading of the file has ended (step S24: Yes), the file reproduction process ends.
- one file is distributed and stored in the storage units 111 and 112. Further, the cluster stored in the storage unit 111 is encrypted with the encryption key KA, and the encryption key KA is stored in the storage unit 112. Further, the cluster stored in the storage unit 112 is encrypted with the encryption key KB, and the encryption key KB is stored in the storage unit 111. For this reason, even if the data in one storage unit 111 or 112 leaks to the outside, it is difficult to restore the data.
- the file management program FMP automatically performs encryption processing, the control burden is small. As a result, even if the so-called address book as shown in FIG. 5 and schedule data as shown in FIG. 6 are stored in the terminal device 10, the risk of information leakage is small.
- the present invention is not limited to the above embodiment, and various modifications and applications are possible.
- the storage units 111 and 112 are detachable, but only one of them may be detachable or both may be fixed.
- the storage destination and encryption key are specified in cluster units, but what size is used as a unit is arbitrary, and is set in consideration of processing load and security.
- the storage location of data may be an external server, database, etc. connected via a network.
- the encryption algorithm itself may be changed.
- the file management table FMT may be stored in a nonvolatile memory such as a flash memory in the control unit 110. Further, as shown in FIG. 7, the storage units 111 and 112 may be arranged in an external device via a network NW.
- two encryption keys are used for encryption.
- three or more encryption keys may be used.
- the file storage location is two, it may be three or more.
- the control unit 110 divides the logical address of the cluster by M (an integer greater than or equal to 3).
- the cluster is encrypted with the encryption key specified by the remainder mod (M)
- the logical address of the cluster is divided by N (an integer of 3 or more)
- the control unit 110 stores the logical address of the cluster, the encryption key, and the physical address of the storage location in association with each other in the file management table FMT. Since the encryption key can be specified from the logical address, the encryption key may be omitted.
- Embodiment 2 Next, a terminal apparatus according to Embodiment 2 of the present invention will be described with reference to the drawings.
- a terminal device that stores data safely without burdening the user by distributing and storing files in different ways depending on the user is provided.
- symbol is attached
- the terminal device 10A of the present embodiment is connected to storage devices 210 and 220 on the cloud CL via a network.
- the terminal device 10A has a function of acquiring the user's biometric information, dividing the file FI based on the biometric information, encrypting it, and transmitting it to the storage devices 210 and 220.
- biometric information In the present embodiment, fingerprints, voiceprints, and irises will be described as examples of biometric information.
- the terminal device 10 ⁇ / b> A includes a control unit 110, a microphone 11, a speaker 12, a touch panel 13, a camera 14, a storage unit 111, and a communication unit 113 connected to the control unit 110.
- the microphone 11 picks up the user's voice and passes it to the control unit 110.
- the speaker 12 provides voice information to the user according to an instruction from the control unit 110.
- the touch panel 13 acquires a user's fingerprint by a touch sensor and passes it to the control unit 110.
- the camera 14 acquires an iris image of the user according to an instruction from the control unit 110 and passes it to the control unit 110.
- the control unit 110 includes a processor, a RAM (Random Access Memory), and the like, and executes an application program and a file management program FMP stored in the storage unit 111.
- the control unit 110 executes the file management program FMP to acquire the user's biometric information, divides various file FIs based on the biometric information, encrypts them, and transmits them to the storage devices 210 and 220. And save. Further, the control unit 110 acquires the user's biometric information by executing the file management program FMP, reads data from the storage devices 210 and 220 based on the biometric information, and decodes the original data.
- the storage unit 111 stores a division size table DST and encryption keys KF, KV, and KI.
- the file management table FMT in this embodiment includes a data management table DMT and a cluster management table CMT, as shown in FIG.
- the data management table DMT stores the data number i of the data obtained by dividing the file FI to be saved, the size after encryption, and the encryption key used for encryption in association with each other.
- the cluster management table CMT stores a cluster number j, a physical address of a storage destination, and a data number i of data included in the cluster in association with each other.
- the division size table DST stored in the storage unit 111 is a table that stores information that defines the size for dividing the file FI to be stored.
- the division size changes according to the user's biological information. For this reason, as shown in FIG. 10, in the division size table DST, the biological information, the condition that the biological information should satisfy, and the division size selected when the condition is satisfied are associated with each other.
- the size relationship between the number of fingerprint endpoints and the number of branch points is set as a condition for fingerprint information, and the volume of voice print information is set as the condition.
- the magnitude relationship between the large frequency f top and the second largest frequency f second is set, and for the iris information, as a condition, the magnitude relationship between the number N 1 of 1 and the number N 0 of 0 is as a condition. Is set.
- the communication unit 113 shown in FIG. 8 communicates with the storage devices 210 and 220 on the cloud CL.
- the file storage process in the present embodiment is a process of dividing the file FI into data having a size based on the user's biometric information, encrypting the divided file FI based on the biometric information, and distributing and storing the file FI. .
- the control unit 110 starts the file FI storage process shown in FIG.
- the control unit 110 requests the user to input biometric information (fingerprint information, voiceprint information, iris information) (step S10). Specifically, the control unit 110 displays, on the display device of the touch panel 13, a content of instructing to place the belly of the finger on the touch sensor, utter a predetermined word toward the microphone 11, and stare at the camera 14. .
- biometric information fingerprint information, voiceprint information, iris information
- control unit 110 instructs the touch panel 13, the microphone 11, and the camera 14 to acquire biometric information, and determines whether or not the biometric information has been acquired (step S20).
- the control part 110 will be in a standby state until it acquires all the requested biometric information (step S20; No). On the other hand, if the control part 110 judges that all the requested
- the control unit 110 extracts, for example, the positions of the end points and branch points included in the fingerprint as the feature information of the fingerprint information. In addition, the control unit 110 extracts, as characteristic information of the voiceprint information, a frequency at which the sound volume is a mountain on the sound spectrum and a ranking based on the sound volume. In addition, the control unit 110 extracts an iris code as feature information of iris information.
- the control unit 110 executes a file division process for dividing the save target file FI (step S40), and executes an encryption process for encrypting each of the divided file FI (data). (Step S50) Further, the divided storage process for storing the encrypted divided file FI in a distributed manner in the storage units 210 and 220 is terminated (Step S60).
- step S40 file division processing (step S40) to distributed storage processing (step S60) executed in the file storage processing will be described with reference to FIGS. 12-14.
- the control unit 110 divides the data constituting the file FI into data having a size specified by the biometric information in the file division process.
- Japanese hiragana and kanji are represented by 3 bytes in UTF-8 (Unicode Transform Format-8).
- UTF-8 Unicode Transform Format-8
- each character of “ABCDEFGHTIJKL” is represented by 3 bytes.
- the control unit 110 includes data of a size (number of bytes) that cannot be divided by 3, such as 7 bytes, 9 bytes, 4 bytes,... To divide.
- the codes representing the characters “C”, “E”, “I”, and “K” are divided in the middle. This makes it difficult to decrypt the file FI even if a part of the data 1 to 6 is leaked.
- the file FI is divided in this way.
- the control unit 110 first refers to the division size table DST stored in the storage unit 111 based on the feature information extracted in step S30 as shown in FIG. determining a partition size S F by the information, the partition size S V by voiceprint information, the three division size S of the partition size S I by iris data (step S41).
- the end point of the fingerprint is 4 and the branching point is 5, the highest frequency f top of the voiceprint is 300 Hz, the second highest frequency f second is 400 Hz, and the iris code.
- the number N 1 is the number N 0 of 1005,0 the first is 1043, for the fingerprint becomes an end point ⁇ branch point 503 bytes are selected as the partition size S F, for voiceprint, f top ⁇ It becomes f Second is 491 bytes selected as division size S V, with respect to the iris, N 1 ⁇ N 0 becomes as division size S I, 479 bytes are selected.
- the division size S is set to a size of less than one sector (512 bytes), which is a normal data processing unit. Furthermore, it is set to a prime byte. The division size S is set to a size smaller than one sector.
- control unit 110 sets an initial value “1” to a pointer i indicating a data number (step S42).
- Mod (i, 3) 1 if (step S43; Yes), the control unit 110 cuts out an amount of data corresponding to the division size S F at the beginning of the data remaining in the file FI (step S44). The control unit 110 encrypts the extracted data with the encryption key KF (step S45).
- Mod (i, 3) For 2 (step S43; No, S46; Yes) , the control unit 110 cuts out an amount of data corresponding to the division size S V from the beginning of the data remaining in the file FI ( Step S47). The control unit 110 encrypts the extracted data with the encryption key KV (step S48).
- Mod (i, 3) if 0 (step S43; No, S46; No) , the control unit 110 cuts out an amount of data corresponding to the division size S I from the beginning of the data remaining in the file FI ( Step S49). The control unit 110 encrypts the extracted data with the encryption key KI (step S50).
- control unit 110 generates data of one sector by combining the data encrypted in steps S45, S48, and S50 with the pad data as shown in FIG. 15 (step S51).
- step S51 the data number i, the encrypted size of the data, and the encryption key used for encryption are registered in the data management table DMT (step S52).
- step S53 it is determined whether or not the unprocessed data is 0 bytes. If the unprocessed data is not 0 bytes (step S53; No), the data number i is incremented by 1 (step S54), the process returns to step S43, and the save target file FI Extract and encrypt data from If it is determined in step S53 that the unprocessed data is 0 bytes (step S53; Yes), the process returns to the main flow.
- the file division and encryption processing the control unit 110, a storage target file FI, the division size S F determined by the fingerprint, the division size S V determined by voiceprint, the division size S I determined by the iris, the order The data is cut out in order from the storage target file FI.
- the control unit 110 sequentially encrypts the extracted data with the encryption keys KF, KV, and KI, and sequentially generates data for one sector.
- step S60 details of the distributed storage processing (step S60) shown in FIG. 11 will be described with reference to FIG.
- Sector data including data encrypted by the division / encryption process is sequentially generated.
- the generated sector data is collectively stored in the storage devices 210 and 220 as a cluster. Therefore, the control unit 110 initializes the cluster number j indicating the cluster order to 1 (step S61).
- a cluster is generated by combining the sector data generated by the division / encryption process in order of eight (step S62).
- control unit 110 determines whether the cluster number j of the cluster to be saved is an odd number or an even number (step S63). If the cluster number j is an odd number (step S63: Yes), the cluster is stored in the free physical address PA on the storage device 210 (step S64).
- control unit 110 associates the cluster number j of the processed cluster with the physical address PA of the stored area and the data number i of the data included in the cluster, as shown in FIG. Register in the management table CMT (step S66).
- control unit 110 determines whether or not the storage of the file FI has ended (step S67), and if it has not ended (step S67: No), increments the cluster number j by 1 (step S68). Subsequently, the process returns to step S62 to process the next cluster.
- step S63 determines whether the cluster number j of the cluster to be processed is an even number (step S63: No). If it is determined in step S63 that the cluster number j of the cluster to be processed is an even number (step S63: No), the control unit 110 stores the cluster in the free physical address PB on the storage device 220. (Step S65).
- step S67 If it is determined in step S67 that the saving of the file FI has ended (step S67: Yes), the file storage process ends.
- the control unit 110 reads the cluster management table CMT for the file FI, specifies the storage destination physical address, and sequentially reads the clusters.
- the control unit 110 encrypts data encrypted from the sectors included in each read cluster according to the contents of the cluster management table CMT and the data management table DMT from each sector included in the read cluster.
- the control unit 110 decrypts the extracted data using an appropriate encryption key based on the contents of the data management table DMT.
- the original data (file FI) is reproduced by concatenating the decoded data in the order of the data number i.
- the file FI is divided into data clusters of a size that is unique to the user and cannot be recognized by the computer as it is, it is difficult to decipher the leaked cluster even if part of the data leaks. There is little risk of information leakage.
- the present invention is not limited to the above embodiment, and various modifications and applications are possible.
- the storage devices 210 and 220 have been described as devices on the cloud CL, but may be devices that are locally connected to the terminal device 10.
- the number of storage devices is arbitrary.
- the division size S is also arbitrary.
- the number of encryption keys is also arbitrary.
- the division size S may be obtained from the biological information acquired by the terminal device 10 by a method such as converting feature information extracted from the biological information acquired by the control unit 110 using an arbitrary function (conversion information).
- the conversion information is not limited to the storage unit 111 in the terminal device 10, but may be stored in, for example, a server connected to the terminal device 10 via a network.
- the terminal device 10 may temporarily store the conversion information stored in the server in the storage unit 111 and convert the biological information into the division size S, or may divide the server.
- the size S may be calculated and downloaded.
- the terminal device 10 may learn a user's habit, and may divide the file FI with a division size S based on the hazy character photographed by the camera or the habit character drawn on the touch panel 13.
- the division size S is determined by the feature information extracted from the user's biometric information.
- an encryption method including an encryption key may be determined based on the biometric information. For example, as shown in FIG. 16, an encryption key may be set according to the condition to be satisfied by the biometric information, and the encryption key may be selected according to the biometric information.
- the encryption key table EKT in FIG. 16 one of the encryption keys KF1 and KF2 is selected and used in step S45, one of the encryption keys KV1 and KV2 is selected and used in step S48, and the encryption key is used in step S50.
- One of KI1 and KI2 is selected and used. Note that the number of encryption keys to be used may be increased. Moreover, you may convert biometric information or a feature-value into an encryption key with a function.
- the storage location of the file FI may be determined based on the biometric information. For example, as shown in FIGS. 17A and 17B, the cluster storage destination may be set according to the condition satisfied by the biological information, and the storage destination may be selected according to the biological information.
- the biometric information referred to for encryption is determined.
- the biometric information referred to for encryption may be changed based on the biometric information. .
- a condition that certain biological information should satisfy may be associated with biological information (a feature amount) that is referred to when the condition is satisfied.
- biological information a feature amount
- the processing shown in FIG. 12 is executed.
- step S47 data is cut out with a division size S (487 bytes or 479 bytes in the example of FIG. 10) corresponding to the iris, and encryption with the encryption key KI is performed in step S48.
- the KI1 or KI2 shown in FIG. 16 may be used as the encryption key.
- the pad data is arranged at the end in order to make the cut-out size S data one sector of data, but the position of the pad data may be changed based on the biological information.
- a condition to be satisfied by certain biological information may be associated with a position of pad data when the condition is met.
- pad data is arranged at the head of one sector as shown in FIG. 20A. If it is determined from the feature amount of the input iris information that N 1 ⁇ N 0 , as shown in FIG. 20B, the first 100 bytes of the data of size S extracted from the storage target file is one sector. Then, the pad data continues for (data size of one sector ⁇ S), and then the remaining portion of the cut out data is arranged. In this case, it is desirable to register the position and size of pad data in the data management table DMT.
- biometric information or feature amount registered in advance may be referred to.
- biometric information for authentication or a feature amount thereof is registered at the time of user registration and stored in the control unit 110 or the storage unit 111 or 112.
- the user inputs biological information from the microphone 11, the touch panel 13, and the camera 14.
- the input biometric information is compared with registered biometric information or feature quantities in order to authenticate the user.
- the biometric information or feature amount referred to for encryption / decryption after the user is authenticated may be registered biometric information or feature amount.
- the input biometric information may vary depending on the usage environment or operation of the terminal device 10 or 10A, but the registered biometric information or feature amount does not vary. Decoding can be performed stably.
- the encryption key KA or KB in the file management table FMT shown in FIG. 2D can be derived from the logical address Li and may be deleted.
- the logical address Li functions as information for specifying the encryption key used for encryption.
- the encryption keys KF, KV, and KI in the data management table DMT shown in FIG. 9 may also be deleted.
- the data number in the cluster management table CMT shown in FIG. 9 can be deleted.
- the j-th cluster includes data with a data number i of 8 ⁇ (j ⁇ 1) +1 to 8 ⁇ j.
- biometric information Although fingerprint information, voiceprint information, and iris information are exemplified as biometric information to be referenced for encryption / decryption, the types of biometric information are not limited to these. For example, in addition to these, vein information, face information, palm print information, signature information, etc. may be captured as biometric information. The number of information used is not limited to three, but may be one, two, or more. Good.
- each device / part can be arbitrarily changed.
- a computer program for causing a computer to function as the terminal device 10 is stored and distributed in a computer-readable non-transitory recording medium (CD-ROM or the like), and the program is installed in the computer. You may comprise the terminal device 10 which performs a process.
- Terminal device 11 Microphone 12 Speaker 13 Touch panel 14 Camera 111, 112 Storage unit 113 Communication unit 210, 220 Storage device CL Cloud
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
Description
保存対象のファイルを分割して分割ファイルを生成する分割手段と、
複数の暗号化手法と複数の記憶先のうちのそれぞれ1つを選択する選択手段と、
前記選択手段で選択された暗号化手法で、前記分割手段により生成された分割ファイルを暗号化し、前記暗号化した分割ファイルを前記選択手段により選択された物理的な記憶先に保存する保存手段と、
前記分割ファイルを特定する情報と、前記暗号化手法と、保存先の物理アドレスとを対応付けて記憶するテーブルと、
を備える。
前記分割手段が生成した分割ファイルと、その分割ファイルを暗号化した暗号化手法を特定する情報と、を異なる記憶先に保存する、
ように構成してもよい。
前記取得手段が取得した生体情報を前記分割ファイルのサイズに変換する変換情報から、該分割ファイルのサイズを得る分割サイズ設定手段と、をさらに備え、
前記分割手段は、前記分割サイズ設定手段が得たサイズの分割ファイルを生成する、
ように構成してもよい。
前記分割サイズ設定手段は、前記複数の種類の生体情報毎に、前記変換情報から前記分割ファイルのサイズを得、
前記分割手段は、前記保存対象のファイルを分割して、前記分割サイズ設定手段が得たサイズのうち、1又は複数の分割ファイルを生成する、
ように構成してもよい。
前記選択手段は、前記取得手段が取得した生体情報に基づいて、前記分割サイズテーブルから、前記分割ファイルのサイズをさらに選択し、
前記分割手段は、前記選択手段が選択したサイズの分割ファイルを生成する、
ように構成してもよい。
前記取得手段が取得した生体情報から暗号キーを作成する作成手段と、をさらに備え、
前記保存手段は、前記作成手段が作成した暗号キーで、前記分割ファイルを暗号化する、
ように構成してもよい。
前記作成手段は、前記複数の種類の生体情報から、それぞれ前記暗号キーを作成し、
前記保存手段は、前記作成手段がそれぞれ作成した暗号キーのうち、1又は複数の暗号キーを用いて、前記分割ファイルを暗号化する、
ように構成してもよい。
前記テーブルを参照して前記分割ファイルの保存先の物理アドレスと前記暗号化手法とを特定する特定手段と、
前記特定手段により特定された物理アドレスから前記分割ファイルを読み出し、特定された前記暗号化手法に基づいて復号化する再生手段と、
をさらに備えても良い。
以下に、本発明の実施の形態1に係る端末装置を図面を参照して説明する。
本実施形態の端末装置10は、いわゆるスマートフォンであり、データを暗号化し且つ分散して保存する機能を備える。
アプリケーションプログラムは、セクタ及びクラスタを論理アドレスで管理する。
クラスタはnビットの論理アドレスの上位n-3ビットで指定される。クラスタ内の各セクタは、論理アドレスの下位3ビットにより指定される。
これにより、図5に示すようないわゆるアドレス帳、図6に例示するようなスケジュールデータ等を端末装置10内に保存しても情報漏洩の危険が小さい。
また、図7に示すように、記憶部111と112を、ネットワークNWを介して、外部装置に配置してもよい。
次に、本発明の実施の形態2に係る端末装置を図面を参照して説明する。
実施の形態2では、ユーザによって異なる方式でファイルを分散して保存することにより、ユーザに負担をかけずに、安全にデータを保存する端末装置を提供する。なお、実施の形態1に係る端末装置が備える構成と同等の構成については、同一の符号を付す。
制御部110は、ファイル管理プログラムFMPを実行することにより、ユーザの生体情報を取得して、その生体情報に基づいて様々なファイルFIを分割し、且つ、暗号化して記憶装置210、220に送信し、保存する。また、制御部110は、ファイル管理プログラムFMPを実行することにより、ユーザの生体情報を取得して、その生体情報に基づいて記憶装置210、220からデータを読み出して元データを復号する。
一方、クラスタ管理テーブルCMTは、クラスタ番号jと格納先の物理アドレスと、そのクラスタに含まれているデータのデータ番号iとを対応付けて記憶する。
制御部110は、ユーザ又はアプリケーションソフトウエアがファイルFIの保存を要求すると、図11に示すファイルFI格納処理を開始する。
制御部110は、ファイル分割処理を開始すると、図12に示すように、まず、ステップS30で抽出した特徴情報に基づいて、記憶部111に格納されている分割サイズテーブルDSTを参照して、指紋情報による分割サイズSFと、声紋情報による分割サイズSVと、虹彩情報による分割サイズSIの3種類の分割サイズSを求める(ステップS41)。
次に、図9に示すように、データ番号iとデータの暗号化後のサイズと暗号に使用した暗号キーとを、データ管理テーブルDMTに登録する(ステップS52)。
ステップS53で、未処理のデータが0バイトであると判別されると(ステップS53;Yes)、処理はメインフローにリターンする。
分割・暗号化処理により暗号化されたデータを含むセクタデータが順次生成される。生成されたセクタデータは、8個纏めてクラスタとして記憶装置210,220に格納される。
このため、制御部110は、クラスタの順番を示すクラスタ番号jを1に初期化する(ステップS61)。
次に、分割・暗号化処理で生成されたセクタデータを、順番に8個ずつ組み合わせてクラスタを生成する(ステップS62)。
ステップS67で、ファイルFIの保存が終了したと判別されると(ステップS67:Yes)、ファイル格納処理は終了する。
制御部110は、復号対象のファイルFIが特定されると、そのファイルFI用のクラスタ管理テーブルCMTを読み出し、格納先の物理アドレスを特定し、クラスタを順次読み出す。
次に、制御部110は、読み出したクラスタに含まれている各セクタから、クラスタ管理テーブルCMTとデータ管理テーブルDMTとの内容に従って、読み出した各クラスタに含まれているセクタから暗号化されたデータを抽出する。
制御部110は、データ管理テーブルDMTの内容に基づいて、抽出したデータを適切な暗号キーを使用して復号する。
次に、データ番号i順に復号したデータを連結することにより、元のデータ(ファイルFI)を再生する。
例えば図16に示すように、生体情報が満たすべき条件に応じて暗号キーを設定しておき、生体情報に応じて暗号キーを選択するようにしてもよい。図16の暗号キーテーブルEKTの例では、ステップS45で暗号キーKF1とKF2の一方が選択されて使用され、ステップS48で暗号キーKV1とKV2の一方が選択されて使用され、ステップS50で暗号キーKI1とKI2の一方が選択されて使用される。なお、使用する暗号キーの数をより多くしてもよい。
また、生体情報又は特徴量を関数などで、暗号キーに変換してもよい。
11 マイク
12 スピーカ
13 タッチパネル
14 カメラ
111、112 記憶部
113 通信部
210、220 記憶装置
CL クラウド
Claims (12)
- 保存対象のファイルを分割して分割ファイルを生成する分割手段と、
複数の暗号化手法と複数の記憶先のうちのそれぞれ1つを選択する選択手段と、
前記選択手段で選択された暗号化手法で、前記分割手段により生成された分割ファイルを暗号化し、前記暗号化した分割ファイルを前記選択手段により選択された物理的な記憶先に保存する保存手段と、
前記分割ファイルを特定する情報と、前記暗号化手法と、保存先の物理アドレスとを対応付けて記憶するテーブルと、
を備える端末装置。 - 前記保存手段は、さらに、前記暗号化手法を特定する情報を前記物理的な記憶先に保存し、
前記分割手段が生成した分割ファイルと、その分割ファイルを暗号化した暗号化手法を特定する情報と、を異なる記憶先に保存する、
請求項1に記載の端末装置。 - ユーザの生体情報を取得する取得手段と、
前記取得手段が取得した生体情報を前記分割ファイルのサイズに変換する変換情報から、該分割ファイルのサイズを得る分割サイズ設定手段と、をさらに備え、
前記分割手段は、前記分割サイズ設定手段が得たサイズの分割ファイルを生成する、
請求項1又は2に記載の端末装置。 - 前記生体情報には、複数の種類の生体情報が含まれ、
前記分割サイズ設定手段は、前記複数の種類の生体情報毎に、前記変換情報から前記分割ファイルのサイズを得、
前記分割手段は、前記保存対象のファイルを分割して、前記分割サイズ設定手段が得たサイズのうち、1又は複数の分割ファイルを生成する、
請求項3に記載の端末装置。 - 前記分割サイズ設定手段は、ユーザの生体情報に基づく条件と、分割ファイルのサイズとを対応付けて記憶する分割サイズテーブルであり、
前記選択手段は、前記取得手段が取得した生体情報に基づいて、前記分割サイズテーブルから、前記分割ファイルのサイズをさらに選択し、
前記分割手段は、前記選択手段が選択したサイズの分割ファイルを生成する、
請求項3又は4に記載の端末装置。 - ユーザの生体情報を取得する取得手段と、
前記取得手段が取得した生体情報から暗号キーを作成する作成手段と、をさらに備え、
前記保存手段は、前記作成手段が作成した暗号キーで、前記分割ファイルを暗号化する、
請求項1から5の何れか1項に記載の端末装置。 - 前記生体情報には、複数の種類の生体情報が含まれ、
前記作成手段は、前記複数の種類の生体情報から、それぞれ前記暗号キーを作成し、
前記保存手段は、前記作成手段がそれぞれ作成した暗号キーのうち、1又は複数の暗号キーを用いて、前記分割ファイルを暗号化する、
請求項6に記載の端末装置。 - 読み出し対象ファイルに対応する前記分割ファイルを特定する分割ファイル特定手段と、
前記テーブルを参照して前記分割ファイルの保存先の物理アドレスと前記暗号化手法とを特定する特定手段と、
前記特定手段により特定された物理アドレスから前記分割ファイルを読み出し、特定された前記暗号化手法に基づいて復号化する再生手段と、
を含む、請求項1から7の何れか1項に記載の端末装置。 - 前記分割ファイルは、1クラスタ分のデータから構成される、
請求項1から8の何れか1項に記載の端末装置。 - 前記複数の記憶先の少なくとも1つは、着脱可能に取り付けられている、
請求項1から9の何れか1項に記載の端末装置。 - 前記複数の記憶先の少なくとも1つは、クラウド上に配置されている、
請求項1から9の何れか1項に記載の端末装置。 - コンピュータを、
請求項1乃至11の何れか1項に記載の端末装置として機能させるためのコンピュータプログラム。
Priority Applications (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2016555633A JP6049958B1 (ja) | 2015-04-30 | 2016-05-02 | 端末装置およびコンピュータプログラム |
US15/570,035 US10929550B2 (en) | 2015-04-30 | 2016-05-02 | Terminal device and computer program |
CN201680038418.9A CN107710671B (zh) | 2015-04-30 | 2016-05-02 | 终端装置及计算机可读存储介质 |
CN202010425693.4A CN111597535B (zh) | 2015-04-30 | 2016-05-02 | 终端装置及存储介质 |
US17/161,962 US11704420B2 (en) | 2015-04-30 | 2021-01-29 | Terminal device and computer program |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2015-093729 | 2015-04-30 | ||
JP2015093729 | 2015-04-30 |
Related Child Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/570,035 A-371-Of-International US10929550B2 (en) | 2015-04-30 | 2016-05-02 | Terminal device and computer program |
US17/161,962 Continuation US11704420B2 (en) | 2015-04-30 | 2021-01-29 | Terminal device and computer program |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2016175334A1 true WO2016175334A1 (ja) | 2016-11-03 |
Family
ID=57199265
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2016/063614 WO2016175334A1 (ja) | 2015-04-30 | 2016-05-02 | 端末装置およびコンピュータプログラム |
Country Status (4)
Country | Link |
---|---|
US (2) | US10929550B2 (ja) |
JP (2) | JP6049958B1 (ja) |
CN (2) | CN111597535B (ja) |
WO (1) | WO2016175334A1 (ja) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPWO2020217823A1 (ja) * | 2019-04-24 | 2020-10-29 | ||
EP3796199A4 (en) * | 2017-11-02 | 2021-05-05 | Matsunaga, Chikara | DATA MANAGEMENT SYSTEM AND DATA MANAGEMENT PROCEDURES |
US11615171B2 (en) | 2019-07-31 | 2023-03-28 | Masaaki Tokuyama | Terminal device, information processing method, and computer-readable recording medium storing program for authentication |
US11734443B2 (en) * | 2017-01-19 | 2023-08-22 | Creator's Head Inc. | Information control program, information control system, and information control method |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP7109992B2 (ja) * | 2018-05-22 | 2022-08-01 | キオクシア株式会社 | メモリシステムおよび制御方法 |
CN108769052A (zh) * | 2018-06-12 | 2018-11-06 | 北斗巡星信息科技有限公司 | 腕带传输信息加密的方法及装置 |
CN111756741B (zh) * | 2020-06-24 | 2023-06-13 | 安徽听见科技有限公司 | 一种数据传输方法、装置、设备及存储介质 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2000059355A (ja) * | 1998-08-04 | 2000-02-25 | Dainippon Printing Co Ltd | 暗号化処理システム |
JP2005123883A (ja) * | 2003-10-16 | 2005-05-12 | Japan Science & Technology Agency | 電子署名システム |
JP2007281919A (ja) * | 2006-04-07 | 2007-10-25 | Shinshu Univ | アクセス制限を行う公衆回線上の通信システムと端末接続装置およびサーバー接続制限装置 |
CN102664928A (zh) * | 2012-04-01 | 2012-09-12 | 南京邮电大学 | 一种用于云存储的数据安全存取方法及用户端*** |
JP2013120600A (ja) * | 2011-12-08 | 2013-06-17 | Samsung Electronics Co Ltd | 異種の格納媒体にファイルを分離して格納するデータ格納装置及びそれのデータ管理方法 |
Family Cites Families (63)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6885747B1 (en) * | 1997-02-13 | 2005-04-26 | Tec.Sec, Inc. | Cryptographic key split combiner |
US6061733A (en) * | 1997-10-16 | 2000-05-09 | International Business Machines Corp. | Method and apparatus for improving internet download integrity via client/server dynamic file sizes |
US8077870B2 (en) * | 1998-02-13 | 2011-12-13 | Tecsec, Inc. | Cryptographic key split binder for use with tagged data elements |
US7111173B1 (en) * | 1998-09-01 | 2006-09-19 | Tecsec, Inc. | Encryption process including a biometric unit |
JP2000215280A (ja) * | 1999-01-26 | 2000-08-04 | Hitachi Ltd | 本人認証システム |
US8479012B1 (en) * | 1999-10-19 | 2013-07-02 | Harris Technology, Llc | Using biometrics as an encryption key |
JP2002268543A (ja) * | 2001-03-14 | 2002-09-20 | Yutaka Hokura | 電子情報証明方法 |
JP2003134106A (ja) * | 2001-10-22 | 2003-05-09 | Victor Co Of Japan Ltd | 暗号化方法、復号化方法及び装置、並びに情報記録媒体 |
US6987870B2 (en) * | 2002-03-15 | 2006-01-17 | Sharp Laboratories Of America, Inc. | System and method for selecting a destination profile using biometrics |
JP2005078228A (ja) | 2003-08-28 | 2005-03-24 | Casio Comput Co Ltd | 個人認証装置及びプログラム |
JP2005100063A (ja) | 2003-09-24 | 2005-04-14 | Sanyo Electric Co Ltd | 認証装置および認証方法 |
JP4460265B2 (ja) | 2003-11-18 | 2010-05-12 | 三菱電機株式会社 | 入退室管理装置 |
JP2006004321A (ja) * | 2004-06-21 | 2006-01-05 | Base Technology Inc | セキュリティシステム |
JP2006011591A (ja) | 2004-06-23 | 2006-01-12 | Denso Corp | 個人認証システム |
US7697773B1 (en) * | 2004-07-22 | 2010-04-13 | Roger A. Bauchspies | System, method and computer program product for image compression/decompression |
JP4665467B2 (ja) * | 2004-09-14 | 2011-04-06 | 凸版印刷株式会社 | 認証装置および方法 |
US8375218B2 (en) * | 2004-12-07 | 2013-02-12 | Mitsubishi Electric Research Laboratories, Inc. | Pre-processing biometric parameters before encoding and decoding |
US20060294390A1 (en) | 2005-06-23 | 2006-12-28 | International Business Machines Corporation | Method and apparatus for sequential authentication using one or more error rates characterizing each security challenge |
US20070118885A1 (en) * | 2005-11-23 | 2007-05-24 | Elrod Craig T | Unique SNiP for use in secure data networking and identity management |
JP2007206934A (ja) | 2006-02-01 | 2007-08-16 | Konica Minolta Holdings Inc | 認証システム、認証制御装置およびプログラム |
US7962755B2 (en) * | 2006-04-28 | 2011-06-14 | Ceelox, Inc. | System and method for biometrically secured, transparent encryption and decryption |
JP4919744B2 (ja) * | 2006-09-12 | 2012-04-18 | 富士通株式会社 | 生体認証装置及び生体認証方法 |
JP2008134786A (ja) | 2006-11-28 | 2008-06-12 | Hitachi Omron Terminal Solutions Corp | 認証システム及び認証装置及び認証方法 |
JP2008191942A (ja) | 2007-02-05 | 2008-08-21 | Fujitsu Ltd | 認証装置、認証方法及びそのプログラム |
JP5096117B2 (ja) | 2007-11-29 | 2012-12-12 | 京セラ株式会社 | 電子機器、電子機器の制御方法、及びプログラム |
US8838990B2 (en) * | 2008-04-25 | 2014-09-16 | University Of Colorado Board Of Regents | Bio-cryptography: secure cryptographic protocols with bipartite biotokens |
US20090300737A1 (en) * | 2008-05-27 | 2009-12-03 | Crandell Jeffrey L | Split template biometric verification system |
CN101345619B (zh) * | 2008-08-01 | 2011-01-26 | 清华大学深圳研究生院 | 基于生物特征和移动密钥的电子数据保护方法及装置 |
JP2010198536A (ja) | 2009-02-27 | 2010-09-09 | Brother Ind Ltd | ユーザ認証装置、会議システム、ユーザ認証方法およびユーザ認証プログラム |
JP5269984B2 (ja) * | 2009-04-28 | 2013-08-21 | 住友電気工業株式会社 | 暗号鍵生成装置 |
KR101483750B1 (ko) * | 2009-07-24 | 2015-01-19 | 삼성전자주식회사 | 영상의 부호화 방법 및 장치, 영상 복호화 방법 및 장치 |
US8121993B2 (en) * | 2009-10-28 | 2012-02-21 | Oracle America, Inc. | Data sharing and recovery within a network of untrusted storage devices using data object fingerprinting |
EP2511871B1 (en) * | 2009-12-09 | 2018-05-09 | Fujitsu Limited | Capacitance sensor and biological image forming method |
US8522308B2 (en) * | 2010-02-11 | 2013-08-27 | Verizon Patent And Licensing Inc. | Systems and methods for providing a spatial-input-based multi-user shared display experience |
US9262643B2 (en) * | 2010-02-22 | 2016-02-16 | Sookasa Inc. | Encrypting files within a cloud computing environment |
EP2619939A2 (en) * | 2010-09-20 | 2013-07-31 | Rick L. Orsini | Systems and methods for secure data sharing |
US9152779B2 (en) * | 2011-01-16 | 2015-10-06 | Michael Stephen Fiske | Protecting codes, keys and user credentials with identity and patterns |
CN103354925B (zh) * | 2011-01-31 | 2016-03-02 | 三菱电机株式会社 | 存储器控制器和存储器访问方法 |
JP5861529B2 (ja) | 2012-03-27 | 2016-02-16 | 富士通株式会社 | 生体認証装置、生体認証システム、生体認証方法、生体認証プログラム |
US9600709B2 (en) * | 2012-03-28 | 2017-03-21 | Synaptics Incorporated | Methods and systems for enrolling biometric data |
US9438589B2 (en) * | 2012-04-19 | 2016-09-06 | Martin Tomlinson | Binding a digital file to a person's identity using biometrics |
CN102693398B (zh) * | 2012-05-09 | 2015-04-01 | 深圳大学 | 一种数据加密方法及*** |
US20140032924A1 (en) * | 2012-07-30 | 2014-01-30 | David M. Durham | Media encryption based on biometric data |
US20140211944A1 (en) * | 2012-09-24 | 2014-07-31 | Daniel Joseph Lutz | System and method of protecting, storing and decrypting keys over a computerized network |
JP5492274B2 (ja) | 2012-10-25 | 2014-05-14 | エヌ・ティ・ティ・コミュニケーションズ株式会社 | 認証装置、認証方法及び認証プログラム |
CN103020953A (zh) * | 2012-11-07 | 2013-04-03 | 桂林理工大学 | 一种指纹图像的分割方法 |
JP5971089B2 (ja) * | 2012-11-14 | 2016-08-17 | 富士通株式会社 | 生体情報補正装置、生体情報補正方法及び生体情報補正用コンピュータプログラム |
JP6098151B2 (ja) | 2012-12-14 | 2017-03-22 | 株式会社リコー | 情報処理システム及び情報処理方法 |
CN104038339A (zh) * | 2013-03-04 | 2014-09-10 | 唐键 | 使用多密码算法和多密钥对文件或通信报文进行加密的方法 |
US8880892B2 (en) * | 2013-03-13 | 2014-11-04 | Willow, Inc. | Secured embedded data encryption systems |
US9020567B2 (en) | 2013-04-05 | 2015-04-28 | Blackberry Limited | Authentication using fingerprint sensor in gesture path |
JP6197345B2 (ja) | 2013-04-22 | 2017-09-20 | 富士通株式会社 | 生体認証装置、生体認証システム、および生体認証方法 |
JP2015001800A (ja) | 2013-06-14 | 2015-01-05 | レノボ・シンガポール・プライベート・リミテッド | スリープ状態からレジュームする方法、携帯式電子機器およびコンピュータ・プログラム |
CN103455764B (zh) * | 2013-08-27 | 2016-09-14 | 无锡华御信息技术有限公司 | 一种基于文件分割合并技术的文件加密以及解密*** |
CN104683302A (zh) | 2013-11-29 | 2015-06-03 | 国际商业机器公司 | 认证方法、认证装置、终端设备、认证服务器及*** |
EP3608812A1 (en) * | 2014-03-21 | 2020-02-12 | Samsung Electronics Co., Ltd. | System and method for executing file by using biometric information |
CA2902093C (en) | 2014-08-28 | 2023-03-07 | Kevin Alan Tussy | Facial recognition authentication system including path parameters |
US10614204B2 (en) | 2014-08-28 | 2020-04-07 | Facetec, Inc. | Facial recognition authentication system including path parameters |
CN111898108B (zh) | 2014-09-03 | 2024-06-04 | 创新先进技术有限公司 | 身份认证方法、装置、终端及服务器 |
US9992171B2 (en) * | 2014-11-03 | 2018-06-05 | Sony Corporation | Method and system for digital rights management of encrypted digital content |
US20180285573A1 (en) * | 2014-11-14 | 2018-10-04 | Telefonaktiebolaget Lm Ericsson (Publ) | Visual cryptography and obfuscation using augmented reality |
US9621342B2 (en) * | 2015-04-06 | 2017-04-11 | Qualcomm Incorporated | System and method for hierarchical cryptographic key generation using biometric data |
JP6682816B2 (ja) | 2015-11-16 | 2020-04-15 | 富士通株式会社 | 秘匿情報記憶方法、情報処理端末、及び秘匿情報記憶プログラム |
-
2016
- 2016-05-02 WO PCT/JP2016/063614 patent/WO2016175334A1/ja active Application Filing
- 2016-05-02 JP JP2016555633A patent/JP6049958B1/ja active Active
- 2016-05-02 CN CN202010425693.4A patent/CN111597535B/zh active Active
- 2016-05-02 CN CN201680038418.9A patent/CN107710671B/zh active Active
- 2016-05-02 US US15/570,035 patent/US10929550B2/en active Active
- 2016-11-22 JP JP2016226689A patent/JP6809878B2/ja active Active
-
2021
- 2021-01-29 US US17/161,962 patent/US11704420B2/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2000059355A (ja) * | 1998-08-04 | 2000-02-25 | Dainippon Printing Co Ltd | 暗号化処理システム |
JP2005123883A (ja) * | 2003-10-16 | 2005-05-12 | Japan Science & Technology Agency | 電子署名システム |
JP2007281919A (ja) * | 2006-04-07 | 2007-10-25 | Shinshu Univ | アクセス制限を行う公衆回線上の通信システムと端末接続装置およびサーバー接続制限装置 |
JP2013120600A (ja) * | 2011-12-08 | 2013-06-17 | Samsung Electronics Co Ltd | 異種の格納媒体にファイルを分離して格納するデータ格納装置及びそれのデータ管理方法 |
CN102664928A (zh) * | 2012-04-01 | 2012-09-12 | 南京邮电大学 | 一种用于云存储的数据安全存取方法及用户端*** |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11734443B2 (en) * | 2017-01-19 | 2023-08-22 | Creator's Head Inc. | Information control program, information control system, and information control method |
EP3796199A4 (en) * | 2017-11-02 | 2021-05-05 | Matsunaga, Chikara | DATA MANAGEMENT SYSTEM AND DATA MANAGEMENT PROCEDURES |
JPWO2020217823A1 (ja) * | 2019-04-24 | 2020-10-29 | ||
WO2020217823A1 (ja) * | 2019-04-24 | 2020-10-29 | 真旭 徳山 | 情報処理システム、情報処理方法、及びプログラム |
JP7299972B2 (ja) | 2019-04-24 | 2023-06-28 | 真旭 徳山 | 情報処理システム、情報処理方法、及びプログラム |
US11615171B2 (en) | 2019-07-31 | 2023-03-28 | Masaaki Tokuyama | Terminal device, information processing method, and computer-readable recording medium storing program for authentication |
Also Published As
Publication number | Publication date |
---|---|
CN107710671B (zh) | 2020-06-12 |
CN111597535A (zh) | 2020-08-28 |
JP6049958B1 (ja) | 2016-12-21 |
JP2017046358A (ja) | 2017-03-02 |
CN107710671A (zh) | 2018-02-16 |
JP6809878B2 (ja) | 2021-01-06 |
US11704420B2 (en) | 2023-07-18 |
CN111597535B (zh) | 2023-07-18 |
US10929550B2 (en) | 2021-02-23 |
US20180121666A1 (en) | 2018-05-03 |
JPWO2016175334A1 (ja) | 2017-05-18 |
US20210157943A1 (en) | 2021-05-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP6049958B1 (ja) | 端末装置およびコンピュータプログラム | |
US11238165B2 (en) | File encryption method, file decryption method, electronic device, and storage medium | |
KR20190031989A (ko) | 블록체인 기반의 전자 계약 처리 시스템 및 방법 | |
CN108647262B (zh) | 一种图片管理方法、装置、计算机设备及存储介质 | |
Zheng et al. | Lossless data hiding algorithm for encrypted images with high capacity | |
WO2020215568A1 (zh) | 更换通信号码的方法、装置、***、计算机设备及存储介质 | |
CN112135086B (zh) | 一种会议录制加密方法、***和可读存储介质 | |
US20200019685A1 (en) | Computer system, verification method of confidential information, and computer | |
CN114285575A (zh) | 图像加密和解密方法和装置、存储介质及电子装置 | |
JP7323004B2 (ja) | データ抽出システム、データ抽出方法、登録装置及びプログラム | |
KR102328106B1 (ko) | 이미지 암호화 저장 시스템 및 방법 | |
CN113051598B (zh) | 文件访问控制方法、文件加密方法及计算设备 | |
KR102328057B1 (ko) | 단말 정보에 기반하여 문서 파일의 암호화가 수행되도록 지원하는 문서 보안 서비스 서버 및 그 동작 방법 | |
JP2006080658A (ja) | コンテンツ多段暗号化システムおよびコンテンツ多段暗号化プログラム | |
CN110427768B (zh) | 一种私钥管理方法及*** | |
KR102132685B1 (ko) | 순서 노출 암호화를 위한 장치 및 방법 | |
CN115766173A (zh) | 数据的处理方法、***及装置 | |
KR102442674B1 (ko) | 사설 클라우드 서버에 대한 액세스를 관리하는 액세스 관리 서버 및 그 동작 방법 | |
CN115757535A (zh) | 数据查询方法、数据存储方法、装置及电子设备 | |
KR102192594B1 (ko) | 신뢰기관이 없는 다중 클라이언트 환경의 순서 노출 암호화를 위한 장치 및 방법 | |
JP2018014582A (ja) | データ処理装置、方法およびプログラム | |
WO2022038845A1 (ja) | 暗号化方法、端末装置、暗号化システム及びプログラム | |
KR102500764B1 (ko) | 회원 식별 정보에 기반하여 전자 문서에 대한 공유 설정을 지원하는 전자 문서 공유 서버 및 그 동작 방법 | |
JP6957292B2 (ja) | ファイル管理システム及びファイル管理用プログラム | |
US20200067717A1 (en) | Authentication system, authentication device, terminal device, authentication method, and recording medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
ENP | Entry into the national phase |
Ref document number: 2016555633 Country of ref document: JP Kind code of ref document: A |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 16786610 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 15570035 Country of ref document: US |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 16786610 Country of ref document: EP Kind code of ref document: A1 |