JP2003044342A - Data leakage prevention system, its input/output terminal and data transmitting method in internet communication - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a system capable of transmitting information with high confidentiality at ease by computer communication, and a method. SOLUTION: This data leakage prevention system is constituted by providing an ID/PW (password) confirming means (13) to confirm an ID and a password, a member attribute database (35) to store an address, a name, etc., of a member, an ID management means (15) to create a sequence ID, to transmit it to an input/output terminal (60) when a registration request from a member having a registration right is received and to create and output an information ID to the prescribed input/output terminal (60) when the transmitted file is stored in a database (31) and a processing control means (11) to output a decryption key when the information ID is inputted from the input/output terminal (60), to extract the file from the database (31) and to output it in the input/output terminal (60) when a key phrase is inputted.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a system that allows only a specific member designated by an information registrant to read information registered on a membership homepage using an internet communication network.

[0002]

2. Description of the Related Art Today, various information has come to be carried out by computer communication with the spread of the Internet communication network. In such computer communication, highly confidential information is encrypted and transmitted, and the recipient side decrypts the information to read it.

In recent years, a public key and a private key are used for this encryption, the sender encrypts information with the public key disclosed by the receiver, and the receiver manages it secretly. It is often practiced to decrypt information with a private key so that no one other than the recipient can decrypt the information.

[0004]

Although the transmission of information has become extremely convenient nowadays due to the development of the Internet communication network, the information is transmitted through a large number of providers in the Internet communication network. There was a risk of information leaking to a third party in the transmission route. Also, in order to prevent the information from leaking to a third party, although it is transmitted by complicated encryption, the possibility of the information being decrypted by a third party increases as the computer becomes more sophisticated. It was often avoided to send sensitive information by computer communication.

The present invention eliminates such drawbacks and provides a system and method capable of securely transmitting highly confidential information by computer communication.

[0006]

According to the present invention, an ID / PW confirmation means (13) for confirming a member's ID and password when a connection request is received from an input / output terminal (60), and a member's address / address. Member attribute database (35) that stores name / ID / password and information registration conditions and search conditions, and transmission files (130a, 130b, ... 130nnn) when a registration request is received from a registration right holder member. ) Is generated by the input / output terminal (60) and transmitted to the input / output terminal (60), and the transmission file (130a, 130b ,. (... 130nnn) with key phrase added and stored in database (31), notification I
Notification ID created in another predetermined input / output terminal (60) based on the input from the input / output terminal (60) that created D and sent the transmission file (130a, 130b, ... 130nnn) ID management means (15) for outputting the notification ID and the notification ID
When input from (0), notify the input / output terminal (60) I
Outputs a decryption key and a key phrase corresponding to D, and
When the output key phrase is input, a processing control means (11) for extracting a file containing the key phrase from the database (31) and outputting it to the input / output terminal (60).
And a data leakage prevention system provided with.

As described above, according to the present invention, since the ID / PW confirmation means (13) and the member attribute database (35) are provided, only pre-registered members can register information in the database (31), and can also register. The information can be read. Further, when the transmission files (130a, 130b, ... 130nnn) are stored in the database (31), a predetermined input / output terminal (6
ID management means (15) for creating and outputting a notification ID in (0)
And a process of storing the key phrase and the decryption key in the input / output terminal (60) when the notification ID is input, and extracting and outputting the file including the key phrase when the key phrase is input. Since the control means (11) is provided, only the specific recipient of the member can read the information by the notification ID.

When the notification ID is input, the decryption key for decrypting the information is output to the input / output terminal (60).
Even if a person other than the legitimate viewer illegally extracts the information, the information cannot be immediately decrypted. Further, according to the present invention, a transmission file input from the input / output terminal (60) is input in a state in which one group of transmission information is divided into a large number of transmission files (130a, 130b, ... 130nnn). Based on the sequence ID of each transmission file (130a, 130b, ... 130nnn), each transmission file (130a, 130b, ...
······························································································
0) to a large number of data files (150a, 150b, ... 150nnn)
Is stored in the database (31) as the above, and further includes a search means (17) and a noise generation means (25), and includes the key phrase when the key phrase is input from the input / output terminal (60). Data files (150a, 150b, ... 15
(0nnn) is searched from the database (31) by the searching means (17), a large number of data files (150a, 150b, ..., 150nnn) which are one group of transmission information (100) are searched by the searching means (17). It is preferable that the data leakage prevention system outputs the output file group to the input / output terminal (60) together with the files created by the noise creating means (25).

As described above, according to the present invention, one group of transmission information (100) is further divided from the input / output terminal (60) into a large number of transmission files (130a, 130b, ... 130nnn). When input, this transmission file (130a, 130b, ... 130nn
n) is assigned a key phrase and a large number of data files (1
50a, 150b, ..., 150nnn) are stored in the database (31), and one group of transmission information (10
A large number of data files (150a, 150b, ... 150nn)
n) is extracted, the file created by the noise creating means (25) is also included in the output file group. Therefore, the file is decrypted by the decryption key and the required data files (150a, 150b, ... -It is extremely difficult for anyone other than the legitimate recipient who can recover the information from (150nnn) to decipher the information.

Further, according to the present invention, the thread means (65) for dividing the transmission information (100) and the head of each file (110a, 110b, ... 110nnn) obtained by dividing the transmission information (100) are provided. Link key creation and attachment means (67) that creates and attaches a link key that enables connection restoration between files at the end
And each file with a link key (120a, 120b, ...
After assigning the sequence ID received from the database center (10) to 120nnn), the Internet communication network (5
Centralized control means (61) that sends each file (130a, 130b, ... 130nnn) to the database center (10) via 0) and confirms reception of all files at the database center (10). , Key phrase storage means for outputting the key phrase to the database center (10) so that the database center (10) can add the key phrase with the same file name to all files after confirming that all files have been received by the database center (10) (71) and an input / output terminal (60) for a database that includes (71).

As described above, according to the present invention, the transmission information (10
A link that attaches a link key to each file (110a, 110b, ... 110nnn) to restore connection between the thread means (65) that splits 0) and each split file (110a, 110b, ... 110nnn) Each file (120a, 120b, ..., 120nnn) having a key creation addition means (67) and further provided with a link key is further processed, and each file (13) is added to the database center (10).
Since the centralized control means (61) for transmitting 0a, 130b, ..., 130nnn) is provided, the transmission information (100) is stored as a large number of files (130a, 130b, ..., 130nnn) in the database center ( 10) can be sent.

Therefore, when transmitting information to the database (31) via the Internet communication network (50), it is possible that all of the transmission information (100) will be transmitted to the database center (10) through the same route. Can be lowered. Further, since the key phrase storage means (71) is provided, after transmitting a large number of transmission files (130a, 130b, ..., 130nnn), one file for this one group of transmission information (100) You can send a key phrase with your name as a single file.

The present invention also provides an input / output terminal (60)
The ID key (91) that can be attached to and detached from the user I
The input / output terminal (60) for a database is preferably provided with an ID key (91) recording a program for generating D, an encryption key and a decryption key. Thus, the present invention
Since the ID key (91) that records a user ID, a program for generating an encryption key, and a decryption key can be attached to and detached from the input / output terminal (60), the ID key (91) can be managed by managing it. It is possible to prevent information from being extracted from the database (31) by illegally using the output terminal (60).

Further, according to the present invention, one group of information is transmitted to the database center (10) as a number of divided transmission files (130a, 130b, ... 130nnn) via the Internet communication network (50), Database Center (10)
Then, each transmission file (130
a, 130b, ..., 130nnn) with key phrases as file names added to each of a large number of data files (150a, 150b, ...
..150nnn) is stored in the database (31), and when a large number of corresponding data files (150a, 150b, ..., 150nnn) are extracted by the key phrase, this large number of data files (150a, 150b, ·········································································· l so so that the data can be transmitted to the input / output terminal (60) to which the key phrase is input as a transmission file group.

As described above, according to the present invention, the database (3
When registering information in 1), the information is transmitted as divided transmission files (130a, 130b, ... 130nnn).
The communication path of each transmission file (130a, 130b, ... 130nnn) can be made different, the whole information is prevented from leaking to a third party, and when transmitting from the database (31), Information of one group is stored in many data files (150
a, 150b, ... ・ 150nnn) is transmitted as it is, and a transmission file group is created by adding noise files to this many data files (150a, 150b, ...
This is a communication method that makes it extremely difficult for a third party to restore a set of information from this transmission file group.

[0016]

1 is a block diagram of a system according to the present invention.
As shown in FIG. 3, a database 31 for storing information transmitted by computer communication, and a processing control means 11 for controlling communication with various computers such as a personal computer serving as the input / output terminal 60 via the Internet communication network 50. The database center 10 is provided as a system having a high data leakage prevention function.

(Database Center) The computer of the database center 10 is a database 31 which is a storage means of information exchanged between a plurality or a large number of input / output terminals 60, names of members who can access the database 31, Member attribute database 35 for registering and storing registration number and other member information, Internet communication network 50
ID / PW confirmation means for confirming ID and password when access is requested to the database center 10 via
13, file confirmation means 21 for confirming whether or not the file received for registration in the database 31 is appropriate, search means 17 for searching a required data file from the database 31, when registering a data file in the database 31 A key phrase assigning means 23 for assigning a file name to a file group which is one set of information, or a database
When a specific information is searched from 31 by the search means 17, a noise creating means 25 for creating noise information other than the original information, and a decryption key used for decrypting the information when communicating with the input / output terminal 60 are stored. Decryption key storage means 27, ID management means 15 for storing and managing notification IDs and sequence IDs, expiration date confirmation means 19 for managing expiration dates of IDs and passwords, working memory used when registering information in the database 31, and the like.
33, a processing control means 11 for controlling the various means described above and controlling communication, registration, search and other operations.

(Input / output terminal) Further, the input / output terminal 60 is
As shown in FIG. 2, an appropriate display means 85 such as a CRT,
Input means such as keyboard, mouse, image reader
The computer main body 70 is provided with 81. The computer main body 70 is provided with an ID key 91, stores the information created by the input means 81 and displayed on the display means 85, and performs various operations. At this time, a RAM as a data storage means 63 for temporarily storing data and information, a thread means 65 for dividing the data stored in the data storage means 63 into a large number of files, and a link key for each file divided by the thread means 65 Creating a link key to give 6
7. Key phrase providing means 23 of the database center 10
Key phrase storage means 71 for storing the key phrase in
Database center 10 for information such as data storage means 63
Communication means 75 for communicating via the Internet communication network 50, such as transmitting information to the database center 10 and receiving information from the database center 10, link key analysis means 77 for connecting files received from the database center 10, and an ID key.
91 and a centralized control means 61 for controlling the operation of each of the above means.

(ID key) The ID key 91 is an IC card that can be attached to and detached from the computer main body 70, and uses a key number, an owner name, an owner ID, and encryption for decoding and decrypting information. A program for generating a key and a decryption key is stored, and the ID key 91 is distributed to members registered in the database center 10, and the member registers in the database center 10 in advance. According to the contract at the time, the contract for the registration right of information and the viewing range is made.

Various data recorded in the ID key 91 is encrypted and written in the ID key 91. (Registration procedure) When registering specific information in the database center 10 using the input / output terminal 60, as shown in FIG.
After creating the sending information to be registered in the database 31 of
When a key phrase which is a file name for registering this information is created by the input / output terminal device 60, the database center 10 performs the authentication processing of this key phrase, and when the key phrase is authenticated, the input / output terminal device 60 Then, an encryption key for encrypting the information for transmission and a decryption key for decrypting the encrypted information are generated.

When the input / output terminal 60 operates the registration request, the database center 10 creates a sequence ID and transmits it to the input / output terminal 60.
In 60, a transmission file is created using this sequence ID, the transmission file is output to the database center 10, and the decryption key is also output to the database center 10 and stored in the working memory 33 of the database center 10. .

Further, when the input / output terminal 60 confirms the reception in the database center 10, if the reception is completed, the database center 10 creates a data reception completion notification, and a key phrase of the data reception completion notification is sent together with the data reception completion notification. Make an input request. When the input / output terminal 60 performs a keyphrase transmission operation, the input / output terminal 60 performs the keyphrase transmission processing together with the encryption key and the decryption key of the transmission information stored in the ID key 91. The database center 10 adds the key phrase to the transmission file input from the input / output terminal 60, registers it in the database 31, and sends a message to members who can view the registered transmission information. When the message recipient operates the input / output terminal 60 to connect to the database center 10 by outputting and sending the notification ID, the notification ID is added to the ID key 91 of the message recipient's input / output terminal 60.
Is to write.

As will be described later, the transmission file is 1
A large number of transmission files 13 are created by dividing the batch transmission information 100 by the thread means 65 and further processing the divided information.
0a, 130b, ... 130nnn is transmitted to the database center 10. (Search procedure) Further, in order to see the contents of the information registered in this registration system, the decryption key and the key phrase are obtained by the notification ID, and as shown in FIG. When the input / output terminal 60 equipped with the written ID key 91 is operated to request a viewing right grant, the database center 10 requests the notification ID and the ID key 91 is sent.
The notification ID is read from the database center 10, and the database center 10 confirms the notification ID and writes the corresponding decryption key and key phrase into the ID key 91 of the input / output terminal 60.

Then, when the input / output terminal 60 is operated to request the browsing of the registered information, the database center 10 requests the key phrase and transmits the key phrase written in the ID key 91. For example, the database center 10 searches for a file containing the corresponding key phrase and sends it to the input / output terminal 60, and the input / output terminal 60 restores the information with the decryption key to enable browsing of the information and ID. This is for deleting the decryption key and the key phrase stored in the key 91.

(System operation of the database center)
As the system operation of this database center 10,
As shown in FIG. 5, it is determined whether or not there is a connection request from the input / output terminal 60 (S100), and when there is a connection request, ID confirmation (S110) is first performed. As the ID confirmation (S110), the key number and the owner ID from the ID key 91 attached to the input / output terminal 60
Is read out, and the ID / PW confirmation means 13 collates with the ID and password registered in the member attribute database 35 to judge whether or not there is member registration (S120). If the password is correct and is the registered member's ID. For example, the access of the input / output terminal 60 that has made the connection request is permitted and the processing such as the registration processing (S200) is performed.

As a result of the ID confirmation (S110), if it is not the ID of the registered member, the connection is immediately terminated (S60) by judging whether or not the member is registered (S120).
0). (Registration Processing) In this registration processing (S200), as shown in FIG. 6, it is determined whether or not the connection is made by the member who received the message (S210) and the data content input from the input / output terminal 60 is received. Determining whether it is a confirmation (S220,
S250), or transmission of the notification ID (S21) by determining whether the request is a data registration request (S240) or the like.
5) Or, perform the pre-registration pre-processing (S230), the provisional registration processing (S300), and the main registration processing (S350),
Further, the process shifts to the search process (S400).

That is, when a connection is made from the input / output terminal 60 having the ID key 91 registered as a member, it is judged whether or not the connection is made by the member who has received the viewable message (S21).
0), and if the member has received the viewable message, it is judged whether or not a notification ID acquisition request is made (S21).
3) When a notification ID acquisition request is made by performing 3), notification I
D is transmitted (S215) to write in the ID key 91.

Then, if it is not a notification ID acquisition request or after the notification ID is transmitted (S215), it is judged whether or not the reception confirmation is input as in the connection from the member who has not received the message. (S220) is performed, and if it is an input for confirmation of reception, main registration processing (S350) is performed, and if the input data is not data for confirmation of reception, preliminary registration preprocessing (S230) is performed.

(Temporary Registration Preprocessing) This temporary registration preprocessing (S2
As described above, 30) is a connection request from a registered member, and is a connection from an input / output terminal 60 other than the input / output terminal 60 that has received the viewable message. This is a process performed when the input data from is not a reception confirmation.

In the pre-registration pre-processing (S230), as shown in FIG. 7, first, it is judged whether or not a key phrase confirmation request is made (S232), and the data input from the input / output terminal 60 is input. If the content is not the key phrase and the key phrase confirmation request, the temporary registration preprocessing (S230) is immediately performed.
Then, it is judged whether or not it is a data registration request (S240).

If the input data contents are the key phrase and the key phrase confirmation request, it is judged whether the input key phrase is the key phrase currently in use (S2).
34) is performed. If the key phrase is not currently used, the key phrase is authenticated (S238) and the pre-registration preprocessing (S230) is terminated, but if the key phrase is currently being used, the key phrase is not authenticated. (S23
6) is performed, and the process returns to the determination (S232) whether or not the key phrase confirmation request is made again.

The key phrase is used as a file name when registering the registration information from the input / output terminal 60 in the database 31, and the file or work memory 33 registered in the database 31 is used. It is determined whether or not the file is unused (S234) by comparing with the name of the file stored in. Then, after the preliminary registration preprocessing (S230), it is determined whether the input data content is a data registration request (S240), and if it is not a data registration request, a search process (S400) is performed. If there is, a temporary registration process (S300) is performed.

(Temporary Registration Processing) Then, the temporary registration processing (S3
In 00), first, the member attribute database 35 is searched, and as shown in FIG. 8, it is confirmed whether or not the user is the registration right holder by judging whether or not the user is the registration right holder (S310). Further, if the owner of the registration right, the sequence ID is created and transmitted (S315).

The member attribute database 35 contains information such as the address, name, ID and password of the member and the qualification for registering information in the database 31 based on the contract between the member and the administrator of the database center 10. Registration conditions such as presence or absence and restrictions on information to be registered, rank when searching information in the database 31, range of information exchange targets such as group members based on group contract, and other types of information The search condition such as "or" is also recorded, and it is judged whether or not the user is a registered right holder based on the member ID (S310).

Further, the sequence ID includes the source IP address, the IP address of the database center 10 and the agreement information on communication, and the identification code is appropriately changed for each transmission information 100 by being managed by the ID management means 15. is doing. After transmitting the sequence ID (S315), the transmission file is received (S320), the decryption key is further received (S325), and the received transmission file is stored in the working memory 33 and received. The decrypted key is stored in the decryption key storage means 27, and the decryption key is stored in the decryption key storage means 27.
It is stored in the member attribute database 35 together with what is stored in 27 and that the transmission file is stored in the work memory 33.

Further, it is determined whether or not all the transmission files 130a, 130b, ... 130nnn of the transmission information 100, which are a set based on the sequence ID added to each transmission file, have been received and the decryption key. When all the transmission files 130a, 130b, ... 130nnn and the decryption key are received, it is determined whether all the data have been received (S330). It is determined whether or not the connection of the output terminal 60 is disconnected (S339), and if it is disconnected, the connection is terminated (S600). If not, it is determined whether or not the reception confirmation is input (S240). )I do.

When it is determined whether or not all data has been received (S330), if there is a missing data,
If the retransmission request has already been made (S333) and the connection has been disconnected (S335), the retransmission request has not been made, and if the connection has not been disconnected, the registration information is sent. Send files 130a, 130b, ... 130n
nn or a request to retransmit the decryption key data (S337), the process returns to the reception of the transmission file (S320), and if the retransmission request has already been made or the connection is disconnected, the temporary registration process (S300) ends. Then, the connection with the input / output terminal 60 is terminated (S600).

After the reception of all data is completed and the temporary registration process (S300) is completed, it is judged whether or not the reception confirmation is input (S240). If the reception confirmation is not input, Returning to the determination (S399) of whether or not the disconnection was made in the temporary registration process (S300), when the reception confirmation is input, the main registration process (S350) is performed.

It should be noted that it is determined whether or not the reception confirmation is input immediately before the temporary registration preprocessing (S230) (S220).
Similarly, if the reception confirmation is input in step S <b> 350, the main registration process (S <b> 350) is performed. (Main Registration Processing) In this main registration processing (S350), based on the ID of the input / output terminal 60 to which the reception confirmation data has been input, as shown in FIG. 9, first, it is determined whether or not all data has been received. (S355), and when the reception is not completed, a data resend request (S357) is performed and the process returns to the reception of the transmission file (S320) of the temporary registration process (S300).

If all the data has been received, a key phrase input request is made (S360). When the key phrase is input from the input / output terminal 60, the key phrase assigning means 23 sends the corresponding data. Files 130a, 130b, ... 13
After substituting the sequence ID of 0nnn with a key phrase and creating a data file 150a, 150b, ... 150nnn based on each transmission file 130a, 130b ,. , All data files 150
a, 150b, ... 150nnn is stored in the database 31 (S
370).

After all the data files are stored in the database 31, a viewer designation reception (S380) is performed to wait for the registrant to input the designation of the viewer, and the input / output terminal 60
When the information such as the registered member's individual name or number is specifically input from and the viewer is specified, the browsing notification I is given to the specified viewer by referring to the member attribute database 35.
When D is created (S390) and the type of the registered transmission information 100 or the designation of the viewer group is input, the member attribute database 35 is referred to and the search right is given according to the type of information. The main registration process (S35) is performed by transmitting a message (S395) notifying that the member who is registered as a viewer has registered the browsable information.
0) is completed.

It should be noted that the message includes the notification period of availability of the notification ID and the content for notifying the validity period of the notification ID together with the registrant name and the outline of the registered information. Is included. Then, when there is a connection from the message receiver, the notification ID is transmitted and written in the ID key 91, and the fact that the notification ID is transmitted to the member is stored in the member attribute database 35 and the ID management means 15. It is something to put.

(Operation of input / output terminal) The operation of the input / output terminal 60 for registering information in the database 31 of the database center 10 is performed by the information provider using the input means 81 as shown in FIG. When you created the sending information,
Storing this transmission information in the data storage means 63 (S800) by the operation of the centralized control means 61 is similar to a general computer, and the information provider uses the input means 81 to transmit the transmission information to the database center 10. When a connection operation for registering is registered, a connection request (S810) is first issued to the database center 10.

Then, the centralized control means 61 makes a connection request (S810) to the database center 10 and performs a registration input process (S900) for processing the transmission information. (Temporary Registration Transmission Process) In this registration input process (S900), first, the temporary registration transmission process (S910) is performed. In the temporary registration transmission process (S910), as shown in FIG. S920) is performed.

In this key phrase confirmation (S920), a predetermined key phrase is created using the input means 81, and this key phrase is transmitted to the database center 10 to determine whether it is an unused key phrase. , Confirming that the key phrase is not already used by the database center 10 and authenticating the database center 10 (S23
It will be received by 8).

As described above, if the key phrase has already been used, a non-authentication notice is sent from the database center 10, so the key phrase is changed and the key phrase is confirmed again (S920). If the key phrase is not used, the authentication of the key phrase is transmitted from the database center 10 to the input / output terminal 60.

When the centralized control means 61 receives the authentication of the key phrase from the database center 10, the centralized control means 61
The member ID is read from the key 91, an encryption key is created together with the key phrase (S930), and a decryption key is created from this encryption key (S935). The program for creating an encryption key by combining the data content of the member ID and the data content of the key phrase, and the program for creating the decryption key are encrypted and recorded in the ID key 91.

Thus, the input / output terminal 60 generates the encryption key and the decryption key, and the thread means 65 creates the thread body file (S940). (Creation of Thread Body File) This thread body file is created (S940) by the thread means 65 as shown in (2) of FIG. To a large number of thread body files 110a, 110b, ...
It is supposed to be 110nnn.

In this division, the transmission information
This is done according to the amount of data of 100. For information with a small amount of data, one thread body file is divided into many files with a size of several tens of bytes, and for information with a large amount of data such as image data, one The thread body file of is divided into an extremely large number of files while having a size of several kilobytes.

When dividing one transmission information 100 into a large number of thread body files 110a, 110b, ... 110nnn, the size of each thread body file is not limited to the same data amount. The size may differ slightly for each thread body file. (Creation of thread file) And one transmission information
100 to many thread body files 110a, 110b, ... 110
After dividing into nnn, the link key creating and adding means 67 is operated, and as shown in (3) of FIG. 7, a thread in which a head key is added to the head of each thread body file and a tail key is added to the end of each thread body file File 120a, 1
Create a thread file with 20b, ..., 120nnn (S94
5) is performed.

Creation of this thread file (S945)
Then, the head key added to the beginning of the first thread body file 110a is a dummy head key (DHK), and the tail key (TK1) added to the end of the first thread body file is added to the beginning of the second thread body file 110b. It is assumed that the head key has a code corresponding to the added head key (HK2), and hereinafter, the tail key is a code corresponding to the head key of the next thread body file.

When the head key and the tail key, which are the link keys, are to be associated with each other, the link key creation giving means 67 forms the combination of the head key and the tail key corresponding to each other as a constant value or a code. , The head key added to the beginning of the first thread body file is a dummy head key (DHK) that does not have a corresponding tail key, and the tail key added to the end of the last thread body file 110nnn is a dummy that does not have a corresponding head key. It is used as a tail key (DTK).

The thread files 120a, 120b, ...
The 120 nnn is created by the central control means 61 before or after adding the link key head key or tail key to the thread body file.
The encryption key is read from 91, and the thread body file 110a, 110 that does not have the link key added with this encryption key
... 110nnn or the thread files 120a, 120b, ... 120nnn to which a link key is added are encrypted. At the time of encryption, a different encryption key is used for each thread file, and information about the type and algorithm of this encryption key is included in the head key of each thread file, or the first thread body file 110a
Dummy head key (DHK) added to the beginning of the link key includes the algorithm information of the link key and the like, and a tail key (TK1) added to the end of the first thread body file and a head key added to the beginning of the second thread body file 110b The calculation result of (HK2) is different from the calculation result of the tail key (TK2) added to the end of the second thread body file 110b and the head key (HK3) added to the beginning of the third thread body file 110c. It may be changed to.

(Reception of Data Registration Request and Sequence ID) Further, the centralized control means 61 sends the thread files 120a, 120b, ... A request for registration of credit information data (S950) is made, and it is confirmed by the key number recorded in the ID key 91, the owner ID, and the password that the user is a registered right holder. The sequence ID is received from S15 (S953).

(Creation of transmission file) Then, as shown in (4) of FIG. 7, the centralized control means 61 attaches a sequence ID to the head of each thread file 120a, 120b, ... 130a, 130b, ...- Creates a transmission file with 130nnn (S955), and uses the Internet communication network.
The transmission information 100 to be registered, which outputs each transmission file 130a, 130b, ..., 130nnn to 50, is transmitted (S957).

As described above, the sequence ID includes the IP address of the database center 10 and the transmission source I.
The P-address, the identification code of the transmission information 100, and other information for agreements in communication are appropriately included. The centralized control means 61 adds the transmission files 130a, 130b, ... To the sequence ID received from the database center 10. The number information of 130nnn is added and combined with each thread file 120a, 120b, ...

Therefore, each transmission file 130a, 130b, ... 130n obtained by dividing the transmission information 100 into a large number of files is processed.
nn will be sent to the database center 10 via an appropriate route. Further, the centralized control means 61 transmits all the transmission files 130a, 130b, ... 130nnn, and then transmits the decryption key (S959) to perform the temporary registration transmission process (S91).
0) is ended.

After the temporary registration transmission process (S910) is completed, the centralized control means 61 determines whether the disconnection operation has already been performed by the input means 81 or the disconnection operation has been performed after transmitting all the data (S970). If the disconnection operation is performed, the registration input processing (S900) is ended, but if the disconnection operation is not performed, the main registration transmission processing (S980) is performed.

(Main Registration Transmission Processing) In this main registration transmission processing (S980), it is first confirmed based on the operation of the input means 81 whether all data has been received by the database center 10 (S981). If all the data is received by the database center 10, it is judged whether or not the reception of all the data is completed based on the key phrase request from the database center 10 (S982), and then the input means 81 is operated to operate the key phrase storage means. The authenticated key phrase stored in 71 is transmitted (S983).

As a result of the confirmation of all data reception (S981), when the data retransmission request is transmitted to the input / output terminal 60, the temporary registration transmission process (S) is performed again as shown in FIG.
Return to 910) and create a thread body file (S9
40) The subsequent processing is performed. Then, after transmitting the key phrase (S983), the centralized control means 61 of the input / output terminal 60 confirms that the key phrase has been received by the database center 10 (S986), and the key phrase is registered. If the registration is not completed by judging whether it is completed (S987), the key phrase is transmitted again (S983), and if the registration is completed, the encryption key recorded in the ID key 91 is erased and decrypted. The key is erased (S990).

Thereafter, the input means 81 is operated to judge whether or not the viewer is designated (S995). When the viewer is designated, the data of the viewer who is the designated specific member is determined. Is transmitted (S997) and the registration input process (S9
00) is ended. When the key phrase is transmitted to the database center 10 by the main registration transmission process (S980) in the input / output terminal 60, the database center 10 that has received this key phrase transmits the key phrase adding means 23.
File 13 sent from the input / output terminal 60 by
All transmission files 130a, 130b, ... 130nnn, which are grouped by dividing one group of information received from the input / output terminal 60 based on the sequence ID of 0a, 130b ,. ········································· 120nnn is added to the thread files 120a, 120b, ... It is what makes me.

When the registered right holder who has registered the transmission information 100 in the database center 10 through the input / output terminal 60 specifies the browsing period of the transmission information 100 registered or the viewer, the deadline The expiration date of the key phrase is stored in the confirmation means 19, and the message is transmitted (S395) as described above based on this designation.

In this way, when the transmission information 100 is registered in the database center 10 of the database center 10 from the input / output terminal 60, as described above, it can be browsed by those who have the search right. The message is transmitted to the registered members who are permitted to view, and the viewing-permitted members who have received the message enabling the viewing obtain the notification ID within the valid period and send the notification I.
During the validity period of D, the key phrase and the decryption key are ID key 91
It is possible to obtain the viewing right by recording in.

Further, the viewing right owner who has acquired the viewing right can view the contents of the information by requesting the viewing. (Search processing of the database center) Then, the notification ID owner who is a permitted member for browsing is the database center 10
When a connection request is made to the database and a search right request is made, as described above with reference to FIG.
When the processing control means 11 of 10 receives the connection request from the input / output terminal 60, the key number and the owner ID are input from the ID key 91.
Is read and ID confirmation is performed by the ID / PW confirmation means 13 to check the ID and password registered in the member attribute database 35 (S110). If the password is correct and the ID of the registered member, it is determined whether or not the member is registered. (S1
In step 20), the access of the input / output terminal 60 that has issued the connection request is permitted.

Thereafter, as shown in FIG. 6, in the registration processing (S200), it is judged whether or not the request is a data registration request (S
The search processing (S400) is performed according to 240). (Browsing Right Granting Process) In this search process (S400), first, as shown in FIG. 13, it is judged whether or not the request is a browsing right granting request (S410). S450) is performed, and if it is not a request for granting a viewing right, it is determined whether a request for viewing is made (S430).

In this browsing right granting process (S450), first, the processing control means 11 requests the notification ID (S460), and further judges whether or not the member is a browsing-permitted member based on the input notification ID (S465). I do. The determination as to whether or not the member is a browsing-permitted member (S465) includes a determination as to whether or not the notification ID is within the valid period by referring to the ID management unit 15 by the time limit confirmation unit 19.

Judgment as to whether or not this member is a browsing-permitted member (S46
According to 5), in the case of the viewing right granting request from the input / output terminal 60 having the owner ID which does not own the notification ID, the search process (S400) is immediately terminated and the connection with the input / output terminal 60 is terminated (S600). When the request is given from the input / output terminal 60 of the member who owns the notification ID, the decryption key is transmitted (S470), and the key phrase is transmitted (S480) for browsing. Granting process (S45)
0) is ended.

After this browsing right granting process (S450), or when it is not a request for browsing right grant in the determination (S410) whether or not a browsing right grant request is made, it is determined whether a browsing request is made (S).
430), and if it is a browsing request, an information output process (S5
10) is performed, and if it is not a browsing request, it is judged whether or not the connection is disconnected (S435). If the connection is disconnected, the connection is terminated (S600). If the connection is not disconnected, the browsing request is made. Returns to the determination (S430).

(Information Output Processing) In the information output processing (S510), first, a key phrase input request (S
515) is performed. Then, when the key phrase is input, the searching means 17 is caused to search the data file to which the corresponding key phrase is added from the database 31, and it is judged whether or not there is the corresponding data file (S525). Data file to be stored in the working memory 33, and a noise thread file is created by the noise creating means 25 and stored in the working memory 33. The searched data file and the noise thread file are combined as an output file group. An output file group to be created is created (S530).

This noise creating means 25 matches the number of data files searched by the key phrase and the length of each data file with a noise thread file with a random numerical value approximate to the length of the data file With respect to the above, the work memory 33 is created and stored in a predetermined ratio. As for the ratio of the noise thread file to the data file, the ratio of the noise thread file is increased when the number of data files is small, and the ratio of the noise thread file is decreased when the number of data files is large.

Further, as a result of searching the data file registered in the database 31 by the searching means 17, when the data file having the input key phrase is not registered, the processing control means 11 causes the noise creating means 25 to perform the appropriate processing. A required number of noise thread files having the data length of (3) are created, and a dummy file group for storing the large number of noise thread files as a dummy file group in the work memory 33 is created (S540).

Then, the output file group including the data file corresponding to the key phrase and the noise thread file or the file transmission for transmitting the dummy file group including only the noise thread file is performed (S550) to perform the information output process (S510). ) Ends. (Decryption of information) In the input / output terminal 60 which has received the output file group or the dummy file group, when the data file group specified by the key phrase is received from the database center 10 by the link key analysis means 77, each data The code of the tail key in the file and the code of the head key in the other data file are calculated, and the thread body files are combined by the corresponding combination of the tail key and the head key.

In this combination, the dummy head key or the dummy tail key is searched first, the head key corresponding to the tail key TK1 of the thread file 120a having the dummy head key DHK is searched, and the thread body files are combined, and then sequentially. A method of searching the head key corresponding to the tail key of the combined file, or a dummy tail key D
Head key HK of thread file 120nnn with TK
Search the tail key corresponding to nnn to combine the thread body files and search the tail key corresponding to the head key of the combined file sequentially, or the head key corresponding to the tail key of the randomly extracted thread file. By searching and sequentially combining, and also by searching the tail key corresponding to the head key of the randomly extracted thread file and sequentially combining, the thread body files of the thread files are combined and one transmission information 100 is restored. There are also things to do.

(Characteristic) As described above, in the database center 10, the information output process in response to the browsing request (S51
In 0), when a key phrase is input, even if the key phrase is incorrect, a dummy file group is created and output as data corresponding to the key phrase, so correct information is required unless the contents of the dummy file group are examined. Whether or not it is unknown, the risk of information leaking to an illicit person who does not possess the link key calculation method or the decryption key can be extremely reduced.

Also, when outputting the data file of the information requested by the regular key phrase, the link key is used to output the requested information as a large number of data files and an output file group including the noise thread file. Even when information is leaked to an illicit person who does not own the calculation method or the decryption key, it is difficult to restore the information from the output file group, and the risk of information leakage can be reduced.

Then, the data file is stored in the database 31.
When you register in, the notification ID will be sent to the search right holder among registered members who can obtain information, and the key phrase search will be performed by the notification ID. In the database 31, one group of information will be stored in many data files. Since it is registered and stored in a state of being divided into, it is possible to extremely reduce the risk of reading information by unauthorized access.

Further, when the information creator registers this information in the database 31, the content of the information is encrypted with a secret key, and this information is divided into a large number of thread body files and a large number of transmission files 130a, 130b. , ... 130n
nn is transmitted to the database center 10, each transmission file 130a, 130b, ..., 130nnn reaches the database center 10 via a required route of the internet communication network 50 individually, and is transmitted for one transmission. All transmission files 130a, 130b, ..., 130nnn that form a group of information 100
Is unlikely to pass a specific provider, making it difficult for a third party to extract all of the transmission information 100,
It becomes impossible to analyze the whole picture of information.

[0078]

According to the present invention described in claim 1, ID / P
W confirmation means and a member attribute database are provided, and when a transmission file is stored in the database, an ID management means that creates and outputs a notification ID to a predetermined input / output terminal, and a file when the notification ID is input. Since the processing control means for extracting and outputting the information is provided, only the specific recipient among the members can read the information by the notification ID, and further, when the notification ID is input, the decoding for decoding the information Since the key is output to the input / output terminal, it is a system in which information cannot be immediately decrypted by anyone other than the authorized viewer.

Therefore, the present invention is a membership-based database, which requires an ID and password to connect to the database and reads registered information.
The notification ID is required, it is difficult for anyone other than the intended recipient of the information provider to know the content of the information, and
It is a system that allows information to be easily transmitted from multiple members to required multiple members.

In addition to the invention described in claim 1, the invention described in claim 2 further inputs one group of transmission information by dividing it into a large number of transmission files from the input / output terminal. In this system, this transmission file is stored as a data file in a database, and when a large number of data files that are one group of transmission information are extracted, the files created by the noise creating means are also included in the output file group. Therefore, it is a system in which it is extremely difficult for a person other than the authorized receiver who can decrypt the information by using the decryption key to restore the information from the required data file.

Therefore, since the registration in the database is performed by dividing it into a large number of transmission files, the possibility that the entire information will be known to a third party at the time of registration in the database is reduced.
It is a system that makes it extremely difficult for a third party to restore the information extracted from the database. The present invention according to claim 3 has a thread means for dividing the transmission information and a link key creation adding means for adding a link key for connecting and restoring each divided file to each file, and sending each file. Since it has a centralized control means for transmitting, it is possible to transmit the information for transmission as a large number of files to the database center, and when transmitting the information to the database via the Internet communication network, all of the information for transmission uses the same route. It is an input / output terminal that can reduce the possibility of being sent to the database center.

Therefore, the input / output terminal can be used as a registration means in the database in which it is difficult for a third party to illegally know the entire information. Further, according to the present invention described in claim 4, in addition to the invention described in claim 3, a user ID
The ID key storing the encryption key and the decryption key generation program can be attached to and detached from the input / output terminal, and the ID key is managed to prevent the input / output terminal from being illegally used to connect to the database. It is an input / output terminal.

Therefore, it is possible to prevent the information from leaking to a third party other than the one having the authorized input / output terminal and the ID key. Further, according to the present invention described in claim 5, when registering the information in the database, it is possible to perform communication as a transmission file in which the information is divided to make the communication path of each transmission file different, and At the time of transmission, since one group of information is transmitted as many data files as it is and a file that becomes noise is added to this many data files, one group of information is transmitted from this group of transmission files. This is a communication method that makes it extremely difficult for a third party to restore.

Therefore, the risk of information leaking to a third party along the route from the transmission of information to the proper reception is extremely reduced, and even highly confidential information can be safely transmitted by computer communication. It is a transmission method.

[Brief description of drawings]

FIG. 1 is a block diagram showing an outline of a data leakage prevention system according to the present invention.

FIG. 2 is a block diagram showing an input / output terminal of the data leakage prevention system according to the present invention.

FIG. 3 is a diagram showing a flow of information registration between the database center and the input / output terminal in the data leakage prevention system according to the present invention.

FIG. 4 is a diagram showing a flow of information browsing between the database center and the input / output terminal in the data leakage prevention system according to the present invention.

FIG. 5 is a flowchart showing the operation of the data leakage prevention system according to the present invention.

FIG. 6 is a flowchart showing the registration processing operation of the data leakage prevention system according to the present invention.

FIG. 7 is a flowchart showing the operation of pre-registration preprocessing of the data leakage prevention system according to the present invention.

FIG. 8 is a flowchart showing the operation of the temporary registration process of the data leakage prevention system according to the present invention.

FIG. 9 is a flowchart showing the operation of main registration processing of the data leakage prevention system according to the present invention.

FIG. 10 is a flowchart showing the main operation of the input / output terminal of the data leakage prevention system according to the present invention.

FIG. 11 is a flowchart showing the operation of the temporary registration transmission process of the input / output terminal of the data leakage prevention system according to the present invention.

FIG. 12 is a schematic diagram showing processing of data in the data leakage prevention system according to the present invention.

FIG. 13 is a flowchart showing a data output processing operation of the data leakage prevention system according to the present invention.

[Explanation of symbols]

10 Database Center 11 Processing Control Means 13 ID / P
W confirmation means 15 ID management means 17 Search means 19 Deadline confirmation means 21 File confirmation means 23 Key phrase addition means 25 Noise generation means 27 Decryption key storage means 31 Database 33 Working memory 35 Member attribute database 50 Internet communication network 60 Input / output terminal Machine 61 Centralized control means 63 Data storage means 65 Thread means 67 Link key creation giving means 70 Computer main body 71 Key phrase storage means 75 Communication means 77 Link key analysis means 81 Input means 85 Display means 91 ID key

Continued front page    F-term (reference) 5B017 AA07 BA05 BA07 CA16                 5B082 GA11 HA05 HA08                 5B085 AA08 AE01 AE09 AE12 BG07                 5J104 AA01 AA07 AA16 EA04 EA16                       KA01 MA01 NA02 PA07

Claims (5)

[Claims] 1. An ID / PW confirmation means for confirming a member's ID and password when receiving a connection request from an input / output terminal, and a member's address, name, ID, password, and information registration and search conditions. A member attribute database to be stored and a sequence I for creating a transmission file on an input / output terminal when a registration request is received from a registration right holder member.
D is created and sent to the input / output terminal, and when the send file is input from the input / output terminal, a key phrase is added to the send file and stored in the database. At this time, a notification ID is created and the file is created. ID management means for outputting a notification ID to a predetermined other input / output terminal based on the input from the input / output terminal sent, and corresponding to the input / output terminal when the notification ID is input from the input / output terminal Output the decryption key and the key phrase, and
A data leakage prevention system comprising: a processing control unit that, when the key phrase is input, extracts a file including the key phrase from a database and outputs the file to the input / output terminal. 2. A transmission file input from an input / output terminal is input in a state in which one group of transmission information is divided into a plurality of transmission files, and each transmission file is input based on the sequence ID of each transmission file. Key phrase adding means for adding a key phrase to form a large number of data files is provided, and one set of transmission information is stored in the database as a large number of data files, and a search means and a noise creating means are provided. When a data file containing the key phrase is searched from the database by the search means when the key phrase is input from the input / output terminal, a large number of data files, which are one set of transmission information, are extracted by the search means. The files created by the noise creation means are also included in the output file group, and this output file group is input. The data leakage prevention system according to claim 1, wherein the data leakage prevention system outputs the data to an output terminal. 3. A thread means for dividing the transmission information, and a link key for creating and giving a link key at the beginning and the end of each file into which the transmission information is divided so that the connection between the files can be restored. After giving the creation ID means and the sequence ID received from the database center to each file to which the link key is added, each file is sent to the database center via the Internet communication network, and further all files are received by the database center. Centralized control means to check, and key phrase storage means to output the key phrase to the database center so that the database center can add the key phrase with the same file name to all files after confirming receipt of all files at the database center. An entry for a database that is equipped with Force terminal. 4. An ID key which can be attached to and detached from an input / output terminal, and which comprises an ID key recording a program for generating a user ID, an encryption key and a decryption key. Input / output terminal for the database described in. 5. The information is transmitted to the database center as a large number of divided transmission files through the Internet communication network, and the database center assigns a key phrase as a file name to each transmission file obtained by dividing the single information. When added to each and stored in the database as a large number of data files, and extracted the corresponding large number of data files by the key phrase,
A data transmission method in Internet communication, characterized in that a large number of files that become noise are further added to the large number of data files and output as a transmission file group to an input / output terminal to which a key phrase is input.