JP2008199278A - Information management system, information management apparatus, information management program - Google Patents

Abstract

There is a high social demand for safely and efficiently updating shared information that has been secretly shared by the secret sharing method.
A dealer apparatus 2 obtains shared information from each storage server apparatus 3j (0 ≦ j ≦ 4) that manages valid shared information, restores the original secret information, and the restored secret information. Random number information is restored based on Random number information different from the restored random number information is newly generated, and update information of the distributed information is generated by exclusive OR of the distributed information to be updated, the restored random number information, and the newly generated random number information. Each storage server device 3j includes a dealer device 2
Update information is received, and the update processing unit 3j2 uses the update information to update the original shared information.
[Selection] Figure 1

Description

The present invention relates to an information management system, an information management apparatus, and an information management program. In particular, in a system that manages information in a distributed manner, the distributed information and the remaining managers when there are no managers managing specific shared information. The present invention relates to an information management system, an information management apparatus, and an information management program for updating distributed information managed by the system.

(Necessity of secret sharing)
In recent enterprises, etc., when managing confidential information such as trade secrets within the company, damage or loss of electronically created confidential information or storage media or storage terminals for storing the confidential information The secret information is copied and managed so that there is no problem even if an accident such as a physical failure occurs.

However, when the number of duplicated secret information files increases, the risk of leaking secret information increases in proportion to the number of files, and a method for managing a plurality of secret information is an important issue.

Therefore, by creating a plurality of shared information constituting the secret information from the secret information and collecting the predetermined set of shared information among the created shared information, the secret information can be restored. From a set of shared information that does not satisfy the set, a method called a secret sharing method, in which the original secret information is not leaked, has attracted attention in recent years. When secret information is managed using this secret sharing method, it is possible to realize a management method that is resistant to the threat of damage or failure and the threat of leakage of secret information.

In addition, compared with encryption technology commonly used as a method for managing confidential information,
In general, security is configured based on a mathematically difficult problem, and the security depends on a calculation amount.

Therefore, there is a possibility that information protected by encryption may be leaked if a performance improvement of a computer or a solution of a mathematically difficult problem is discovered in the future. On the other hand, the secret sharing method has been proved to be safe in terms of information theory, and since it is known that the original secret information cannot be obtained from the distributed information no matter how much the computer performance improves As a method for managing secret information, the management method using secret sharing is also recommended as a technique other than encryption.

(A type of secret sharing: (k, n) threshold secret sharing method)
For example, it is designed so that secret information K can be restored if any k pieces of n pieces of shared information are collected, and secret information K cannot be restored at all from k-1 or less pieces of shared information ( k,
n) A threshold secret sharing method was proposed by Shamir in 1979 (see Non-Patent Document 2). k takes a value of n or less and represents a threshold value, and n represents the number of variances.

In this method, even if there is no specific shared information, the secret information K can be restored and any redundancy can be provided by collecting any k pieces of distributed information from the distributed n pieces of distributed information. Become
Its importance has recently attracted attention because of its confidentiality and availability.

In this Shamir's threshold secret sharing method, secret sharing is performed using k−1 order polynomials for the threshold k, so that it takes time for the distribution / restoration processing, and this places a heavy load on the computer. Was pointed out. As a method for solving this problem, Fujii et al. Have proposed a secret sharing method in which the distribution / restoration processing is performed only by bitwise exclusive OR operation without using a k−1 degree polynomial (Non-Patent Document 2). Non-Patent Document 3). This secret sharing method is known as a secret sharing method capable of high-speed processing because the secret information is distributed and restored by exclusive OR as described above. Non-patent document 2 describes an example in which the threshold value k is 2 and the number of variances n, and non-patent document 3 describes the example in which the threshold value k is 3 and the variance number 5 and the threshold value k is 3 and the variance number 7 Yes.
A. Shamir: “How to share a secret”, Communications of the ACM, 22, 11, pp. 612-613 (1979). Yoshihiro Fujii, Minako Tada, Norikazu Hosaka, Takaya Tochikubo, Takehisa Kato, “Fast (2, n) threshold method construction and application to systems,” CSS 2005 Proceedings, pp. 631-636 (2005) Minako Tada, Yoshihiro Fujii, Norikazu Hosaka, Takaya Tochikubo, Takehisa Kato, “Structure of Secret Sharing Method with Threshold 3,” CSS 2005 Proceedings, pp. 637-642 (2005)

In the secret sharing system as described above, according to the study by the present inventor, it is considered that there is room for improvement in the following points.

(Task)
In an information system (for example, an information system composed of a dealer device and a plurality of storage devices) that manages shared information generated by the secret sharing method in a storage server device handled by a specific number of distributed information managers At least one of the secret information managers may change or the storage server device may be lost. In this case, it is necessary to cope with disconnecting the storage server device managed by the administrator from the network or the like, or making all shared information that is secretly shared invalid data.

In other words, when there is no distributed information manager, from the viewpoint of information security,
There is a problem that all the distributed information is discarded and the above-mentioned dealer device must secretly distribute again using the original confidential information, and the new distributed information must be safely redistributed to the remaining managers. . This is because, for example, in the case of secret sharing using the (2, n) threshold secret sharing method, the original information is obtained from the shared information managed by the distributed information manager that has disappeared and the distributed information obtained illegally. This is because the secret information is restored and there is a large risk in terms of information security.

A simple operation example that has been conventionally performed with respect to this problem will be briefly described with reference to FIG.

FIG. 16 shows the dealer apparatus 2, n (= 5) storage server apparatuses 30, and storage server apparatuses 31.
The storage server device 32, the storage server device 33, and the storage server device 34 are connected to the network 50.
FIG. 2 is a schematic diagram showing an overall configuration of secret sharing systems connected via 0;

Here, when there is no shared information manager managing the storage server device 34, the storage server device (j = 4) 34 that stores and manages the shared information D (4) to be managed by the shared information manager.
Is disconnected from the network 500 and all distributed information D (0), D (1), D (2), D
(3) and D (4) are discarded by each distributed information manager, and the dealer apparatus 2 stores the storage unit 2.
16, the secret information is distributed again using the secret information distribution unit 218, and the storage server device 30, the storage server device 31, and the storage server device 32 excluding the storage server device 34 are connected via the communication unit 211. Therefore, it is necessary to transmit the redistributed distributed information to the storage server device 33 by e-mail or the like. The system administrator using the dealer apparatus 2 requests each shared information manager to “store the redistributed shared information and delete the previous shared information”.

At this time, as a system administrator using the dealer apparatus 2, even if each shared information manager intends to delete the previous shared information by transmitting the shared information to each storage server apparatus,
The distributed information manager using each storage server device shares the distributed information (D (0), D (1),
.., D (3)) can be left without being deleted. That is, for example, the shared information manager using the storage server device 30 leaves the shared information D (0) as it is, and the storage server device 3
There is a problem that there is a possibility that the secret information can be restored if the shared information D (4) is obtained illegally from 4.

As described above, when there is no distributed information manager, conventionally, from the viewpoint of information security, secret sharing must be performed again and the distributed information must be redistributed to the remaining managers. Neither the method of Document 2 nor the method of Non-Patent Document 2 or Non-Patent Document 3 has shown a safe and efficient method for updating distributed information.

In the first place, in the threshold secret sharing method using the k−1 order polynomial shown in Non-Patent Document 1, a large load is applied to the secret information distribution processing and restoration processing to the computer. It is not efficient when it is not suitable for the restoration process. In addition, regardless of which of the secret sharing methods using exclusive OR shown in Non-Patent Document 2 and Non-Patent Document 3 that do not place a heavy load on the secret information distribution processing and restoration processing, It does not show how to update information safely and efficiently.

Accordingly, the present invention has been made to solve the above-described problem, and in a system that manages secret information by secretly sharing it, when there is no administrator managing specific distributed information, it is safe and efficient. Information management system, information management device, and information management system that can update shared information
The purpose is to provide an information management program.

In order to solve the above-described problem, the first invention of the present invention provides n pieces of secret information K distributed (
, D (j),..., D (n−1) (0 ≦ j ≦ n−1) are individually transmitted to n storage devices, and n ≧ 2) The secret information K can be restored from arbitrary two pieces of shared information D (j) and D (j ′) (0 ≦ j ′ ≦ n−1, j ≠ j ′) among the n pieces of shared information. (2, n) type information management device, and n storage devices for storing the individually transmitted shared information and transmitting the shared information in response to a request from the information management device In the management system, the information management device stores storage information received from the storage device, and random information R included in the storage information for the storage information stored in the storage device.
(I) random number information restoring means for restoring (0 ≦ i ≦ n−2), and n−1 pieces of random number information R ′ (i
) Generating the update information U (i) using the random number information restored by the random number information restoration means and the random number information created by the random number generation means And update information transmission means for transmitting the update information generated by the update information generation means to the storage device, wherein each storage device stores the distributed information transmitted by the information management device And shared information update means for updating the shared information using the shared information stored in the shared information storage means and the update information transmitted from the information management device.

In the second invention of the present invention, n pieces (n ≧ 2) of pieces of shared information D (0
),..., D (j),..., D (n−1) (0 ≦ j ≦ n−1) are individually transmitted to n storage devices. An information management system comprising n storage devices that store individually transmitted distributed information, wherein the information management device includes n−1 random number information R ′ (i) (0 ≦ i ≦ n). -2), an update information generation unit that generates update information U (i) of the shared information using random number information R ′ (i) generated by the random number generation unit, and the update Update information transmitting means for transmitting the update information generated by the information generating means to the storage device, respectively, each storage device, distributed information storage means for storing the distributed information transmitted by the information management device, Distributed information stored in the shared information storage means and transmitted from the information management device. Characterized in that it comprises a shared information updating means for updating the shared information using the updated information.

The third invention of the present invention provides n (n ≧ 2) pieces of shared information D (0) obtained by distributing secret information K.
),..., D (j),..., D (n−1) (0 ≦ j ≦ n−1) are individually transmitted to n storage devices, and any of the n pieces of distributed information Of the two pieces of shared information D (j), D (j ′) (0
≦ j ′ ≦ n−1, j ≠ j ′) (2, n) type information management device capable of restoring the secret information K, and storing the individually distributed information and storing the individually transmitted information from the information management device An information management system comprising: n storage devices that transmit the shared information in response to a request; and a secret information management device that stores secret information K ′ after update of the secret information K. The apparatus stores storage information received from the storage device and random information R (i) (0 ≦ i ≦ n−2) included in the distribution information for the distribution information stored in the storage means. ), Random number generating means for generating n-1 random number information R ′ (i), and requesting the secret information management device to acquire the secret information, and Update secret information acquisition means for acquiring information, and the random number information restoration Update information generation means for generating update information U (i) of the shared information using the random number information restored by the means, the random information generated by the random number generation means, and the secret information acquired by the update secret information acquisition means And update information transmitting means for transmitting the update information generated by the update information generating means to the storage device, respectively, wherein each storage device stores the distributed information transmitted by the information management device And shared information update means for updating the shared information using the shared information stored in the shared information storage means and the update information transmitted from the information management device.

In the present invention, a collection of devices is expressed as a “system”. However, the present invention is not limited to this, and “device”, “method”, “program”, or “computer reading” is not limited to this. Needless to say, it may be expressed as “possible storage medium”.

According to the present invention, when shared information is deleted in a secret sharing system, it becomes possible to update the shared information managed by the remaining managers safely and efficiently using the original shared information. Can be updated without redistribution.

Hereinafter, embodiments of the present invention will be described with reference to the drawings. Each of the following devices can be implemented with either a hardware configuration or a combination configuration of hardware resources and software. As the software of the combined configuration, a program that is installed in advance on a computer of a corresponding device from a network or a storage medium and that realizes the function of the corresponding device is used.

First, before describing each embodiment, Table 1 shows a secret sharing scheme that is a premise of the secret sharing system described in Non-Patent Document 2, symbols used in each embodiment of the present invention, and descriptions thereof.

(First embodiment)
In the secret sharing system shown below, in the first embodiment, when updating the shared information of the secret information, in particular, the shared information is collected from the storage server device to restore the secret information,
In this embodiment, the distributed information is updated by replacing the random number information in the restored secret information with new random number information. Details will be described below.

(Overall configuration of secret sharing system)
FIG. 1 is a schematic diagram showing the overall configuration of a secret sharing system 1 according to the first embodiment of the present invention. This secret sharing system 1 includes a dealer apparatus 2 used by a secret information manager and n distributed information for managing n (= 5) pieces of shared information secretly distributed by the dealer apparatus 2 via a network 100. It consists of n storage server devices 3j (0 ≦ j ≦ n−1) used by the administrator.

The devices 2, 30, 31,..., 34 are connected to a network 100 such as the Internet or an intranet, and can communicate with each other. However, when an open network such as the Internet is assumed, each device 2, 30, 31,...
It is desirable to use encryption communication such as SSL (Secure Socket Layer) when communicating between the four.

(Operation of dealer device in secret sharing system)
In the overall configuration of the secret sharing system 1 in FIG.
The storage server device 3j connected through 0 (j: integer of 0 ≦ j ≦ n−1, n: number of distributed information, the same applies hereinafter) is used with the secret sharing scheme shown in Non-Patent Document 2. Generated distributed information D (
j) has already been transmitted, the shared information D (j) is acquired from the storage server device 3j, the secret information K is restored in the dealer device 2, and a new random number R (i) is generated by the random number generation unit 214. To generate update information U (i) for the shared information D (j). The generated update information U (j) is transmitted to the storage server device 3j connected via the network 100.

(Internal configuration of dealer equipment)
FIG. 1 shows the internal configuration of the dealer apparatus 2. 1, the dealer apparatus includes a communication unit 211, a control unit 212, a secret information restoration unit 213, a random number generation unit 214, an update information generation unit 215, a storage 216 unit, and a DB 217.

The communication unit 211 is a processing unit that performs communication such as transmission and reception of various data with the storage server device 3j connected via the network 100 of FIG.

The control unit 212 has a function of controlling the units 211 and 213 to 217 so as to generate the update information of the shared information. Specifically, the control unit 212 executes the operation of the dealer apparatus 2 shown in FIG.
Each unit 211, 213 to 217 is controlled.

For example, the control unit 212 manages the shared information D (j) generated by the secret sharing scheme of Non-Patent Document 2 and manages the validity and invalidity of the shared information D (j) transmitted to the storage server device 3j. Depending on the contents of each data of the dealer apparatus 2, a predetermined number (p
A processing unit that processes data for generating update information U (j).

The secret information restoration unit 213 uses the shared information D (j) acquired from the storage server device 3j connected via the network 100, and the distributed partial data D (j, i) constituting the shared information D (j). ) Is a processing unit for restoring the random number information R (i). In the first embodiment and the third embodiment of the present invention, when this secret information is restored, it is assumed that the method shown in Non-Patent Document 2 is executed. However, it suffices to restore with the same algorithm as the algorithm that performed secret sharing in the dealer apparatus 2, and nothing is limited to the secret sharing method of Non-Patent Document 2. (I: A value indicating the order of the distributed partial data constituting the distributed information D (j).
An integer satisfying 0 ≦ i ≦ n−2. The same applies below. )
The random number generation unit 214 is necessary for converting the random number information in the distributed partial data D (j, i) constituting the shared information D (j) from R (i) to another random number information R ′ (i). A random number R ′ (i)
Is a processing unit for generating

The update information generation unit 215 is a processing unit that generates update information U (k) for the shared information D (j).

The storage unit 216 is a storage device that can be read / written from each of the units 211 to 215, specifically, various information acquired from the storage server device 2 j and the distributed information D (j) generated by the update information generation unit 215. The storage unit stores update information U (j) and the like.

The DB 217 is a storage device that can be read / written from the control unit 212. Specifically, the shared information D (j) transmitted to the storage server device 3j and the validity and invalidity of the shared information D (j) are stored. This is a storage unit for storing the distributed information management table 217-1 for management.
The configuration of the distributed information management table will be described later.

(Operation of storage server device in secret sharing system)
In the overall configuration of the secret sharing system 1 in FIG. 1, the storage server device 3j stores the distributed information D (j) generated in advance by the dealer device 2 based on the secret sharing scheme shown in Non-Patent Document 2, and The shared information D (j) is transmitted to the dealer device 2 in response to the update processing request for the shared information D (j) from the device 2, and the updated information U (
i), and the shared information D (j) stored in the storage unit 3j1 of the storage server device 3j is
The update information U (i) received from the dealer apparatus 2 is used for updating.

(Internal configuration of storage server device)
FIG. 1 shows the internal configuration of the storage server device 3j. In FIG. 1, the storage server device 3j includes a communication unit 3j1, a storage unit 3j2, and an update processing unit 3j3.

The communication unit 3j1 is a processing unit that performs communication such as transmission / reception of various data such as distributed information D (j) and update information U (i) with the dealer apparatus 2 connected via the network 100 of FIG.

The storage unit 3j2 stores the shared information D (j) generated in advance by the dealer apparatus 2 using the secret sharing scheme shown in Non-Patent Document 2, and also stores the shared information D (
This is a storage unit for storing the shared information D ′ (j) updated using the updated information U (i) of j).

The update processing unit 3j3 includes the update information U (i) generated by the dealer device 2 and the storage server device 3
The shared information D ′ () after updating the shared information D (j) using the shared information D (j) stored by j
j).

(Structure of shared information generated by the secret sharing scheme of Non-Patent Document 2)
Next, shared information configured using the technique of Non-Patent Document 2 will be described with reference to the drawings.
The configuration of the shared information is the same in each embodiment of the present invention. For example, in order to simplify the description, when the shared information D (j) is generated by the (2, 5) threshold secret sharing method using the method of Non-Patent Document 2, the storage server 3j (0 ≦ j ≦ The shared information D (j) stored in 4) is as shown in FIG. Further, each piece of distributed information D (j) is, as shown in FIG.
(J), a hash value h (H (j)) of header information, i pieces of distributed partial data D (j, i) (
0 ≦ j ≦ 4, 0 ≦ i ≦ 3).

Here, the relationship of the following equation is established in the distributed partial data D (j, i).

D (j, i) = K ((j−i) mod n) (+) R (i)
D (j) = ΣD (j, i) (i: an integer satisfying 0 ≦ i ≦ 3)
For example, the distributed information D (0) includes the distributed partial data D (0,0) and the distributed partial data D (0,1).
), Distributed partial data D (0, 2), distributed partial data D (0, 3), header information H (0), and a hash value h (H (0)) of the header information. Other distributed information D (
The same applies to 1), D (2), D (3), and D (4).

D (0,0) shown here is composed of exclusive OR of K (0) and R (0), and is random number information R
(0) and random number information R (i) in other distributed partial data D (j, i)
It is comprised so that it may contain.

Here, K (0),..., K (4) and R (0),..., R (3) are all binary data taking values from 0 and 1 having the same length. The secret information K is K = K (1) || K
(2) || K (3) || K (4). That is, K (1) and K of the divided secret data, respectively.
(2), K (3), and K (4) are data obtained by dividing the secret information K into the same length by the control unit 212, and K (0) is zero-value data. R (0), R (1), R (2)
, R (3) is a random value generated by the random number generation unit 214.

(Structure of distributed information header information)
Next, an example of header information H (j) for managing the distributed information D (j) is shown in FIG.

Here, the header information H (j) is a secret information K file for indicating that the header information H (j) is shared information D (j) generated from the same secret information K file as shown in the upper part of FIG. ID
, A data identifier j indicating the identification number of the storage server device 3j, a header size indicating the size of the header information H (j), an original data size m indicating the size of the secret information K which is the original data, and a division of the original secret information K The division number n-1 indicating the number, the processing unit bit length a indicating the processing unit bit of the distributed partial data D (j, i), the random number data size a indicating the data size of the random number R (i), and the divided secret data A divided data size a representing the size of K (j), a padding algorithm representing the presence or absence of padding and an algorithm, hash algorithm information (optional),
A valid / invalid flag (option) indicating the valid / invalid state of the shared information D (j) is conceivable.

The hash algorithm information is stored when the hash value h (H (j)) of the header information H (j) is calculated and the originality of the header information H (j) is guaranteed. In other words, the hash algorithm information includes various security requirements (Public Key Infrastructure).
(cture) or the like. For example, in the first and third embodiments described later, the shared information D (j) is transmitted to the dealer apparatus 2, and at this time, the shared information D (( It is conceivable that j) is wiretapped or tampered with, which adversely affects the operation of the dealer apparatus 2. In order to prevent this, the shared information D (
The header value H (j) of j) needs to include the hash value h (H (j)). Specifically, when the storage server device 3j transmits the shared information D (j) to the dealer device 2, the control unit 212 of the dealer device 2 uses the header information H (j) of the shared information D (j). Hash value h (H (j)) is calculated, and the hash value h (H (H (j)) included in the header information H (j) is calculated.
j)) may be compared with each other.

However, when the hash algorithm is determined in advance by the secret sharing system 1 as a security requirement, the hash algorithm information can be omitted from the header information. The valid / invalid flag of the shared information D (j) indicates status information indicating the valid status or invalid status of the shared information D (j). For example, when this flag is “1”, the shared information D ( j) is valid. When this flag is “0”, it can be seen that the distributed information D (j) is invalid. However, this valid / invalid flag does not have to be an essential configuration, and has an optional configuration. There may be.

The data format of the shared information D (j) is, as shown in the lower part of FIG. 3, header information H (j), its hash value h (H (j)), n−1 pieces of distributed partial data. D (j, 0
), D (j, 1),..., D (j, n−2). Here, the hash value h (
H (j)) is an option, and, like the hash algorithm information in the header information H (j), various security requirements (Public Key Infrastructure)
(cture) can be omitted.

As a method of managing the shared information D (j) in the dealer apparatus 2, the header information H
By using the file ID and the data identifier j in (j), which storage information D (j) is valid and which distribution information D (j) is invalid is registered and managed in the DB 217, which storage server It is conceivable to manage whether the distributed information D (j) transmitted to 3j is valid / invalid.

In addition, the header information H (j) is provided with another field indicating validity / invalidity (in the above example, the validity / invalidity flag of the distributed information is indicated), and the validity of the distributed information is determined using the information in the field. Gender and invalidity may be managed. The validity and invalidity of the shared information D (j) is managed in the DB 217 using the distributed information management table, and the valid / invalid flag of the shared information is provided in the header information H (j) field of the shared information D (j). In both methods, the validity and invalidity of the distributed information D (j) may be managed.

(Configuration example of distributed information management table)
A configuration example of the distributed information management table 217-1 stored in the DB 217 of the dealer apparatus 2 is shown in FIG. The shared information management table 217-1 is a table for managing whether the shared information D (j) stored in each storage server device 3j is currently valid or invalid.
Specifically, at least the data identifier j indicating the identification number of the storage server device 3j, the distributed information D (j) to be managed, and the valid / invalid state are associated at least.
For example, the shared information D (0) of j = 0, the shared information D (1) of j = 1, the shared information D (2) of j = 2, and the shared information D (3) of j = 3 shown in FIG. Valid, shared information D (4) with j = 4
Is found to be invalid.

Although not shown in FIG. 4, which secret information K is included in each shared information D (j) in the shared information management table.
Information for identifying which secret information K each of the shared information D (j) is secret-distributed is further managed. Needless to say, it is more preferable if it is associated with the management table 217-1.

(Overall sequence of distributed information update processing)
Next, with respect to the shared information managed by the shared information manager (five people of 0 ≦ j ≦ n−1 (= 4)) in the secret sharing system 1 shown in FIG. 1, there is no shared information manager of j = 4. In the case (when it is necessary to invalidate the distributed information D (4) to be managed), the operation of updating the shared information D (j) in the secret sharing system 1 of the present invention is described with reference to the sequence diagram of FIG. explain.

The outline of FIG. 5 is that the dealer device 2 does not disappear (remains) the shared information D (1) stored in the storage server device 30 and the storage server device 31 used by the distributed information manager.
, D (3) is generated to generate update information U (i), and all storage server devices 30, storage server devices 31, storage server devices 32, storage server devices 33 used by the distributed information manager that has not disappeared. Update information U (i) is transmitted to each shared information D (0), D (1), D (2), D
This is a sequence for updating (3).

If the administrator of the secret sharing system 1 using the dealer apparatus 2 receives an instruction to start updating the shared information D (j) from an input unit or a display unit (not shown), the dealer apparatus 2 passes the control unit 212. For the distributed information D (j) corresponding to the distributed information management table 217-1 stored in the DB 217, “the distributed information D used by the distributed information manager and effective.
The number “j” of the storage server device 3j that stores (j) is acquired, and the acquired information (j) is stored in the storage unit 216 (ST101).

For example, in the shared information management table 217-1 shown in FIG. 4, the storage server device 3j that stores valid shared information D (j) is “storage server device 30 with j = 0” and “storage server with j = 1”. It is possible to grasp in this ST 101 that “device 31”, “j = 2 storage server device 32”, and “j = 3 storage server device 33”.

The dealer apparatus 2 uses, for example, effective distributed information stored in the storage unit 312 of the storage server apparatus 31 from the storage server apparatus 31 (j = 1: effective) connected by the network 100 via the communication unit 211. The distributed information acquisition request 1 which is an acquisition request of D (1) is transmitted (ST
102).

In response to the shared information acquisition request 1 transmitted from the dealer apparatus 2 connected via the communication unit 311 via the communication unit 311 in ST102, the storage server device 30 stores the distributed information stored in the storage unit 312 of the storage server device 31. A distributed information acquisition response 1 including D (1) is transmitted (
ST103).

The dealer apparatus 2 acquires the distributed information D (1) from the data of the distributed information acquisition response 1 transmitted from the storage server apparatus 31 connected via the communication unit 211 via the network 100, and stores the storage unit 216 of the own apparatus 2. (ST104).

Next, the dealer apparatus 2 receives, for example, a valid stored in the storage unit 312 of the storage server apparatus 31 from the storage server 33 (j = 3: valid) connected by the network 100 via the communication unit 211. A shared information acquisition request 3 that is a request for acquiring the shared information D (3) is transmitted (S
T105).

In response to the shared information acquisition request 3 transmitted from the dealer apparatus 2 connected via the communication unit 311 via the communication unit 311 in ST105, the storage server device 31 stores the distributed information stored in the storage unit 332 of the storage server device 33. The distributed information acquisition response 3 including D (3) is transmitted (
ST106).

The dealer apparatus 2 acquires the distributed information D (3) from the data of the distributed information acquisition response 3 transmitted from the storage server apparatus 33 connected via the communication unit 211 via the network 100, and stores the storage unit 216 of the own apparatus 2. (ST107).

The dealer apparatus 2 includes the shared information D (1) and the shared information D (3) stored in the storage unit 216.
), The secret information restoration unit 213 restores the secret information K, and then the random number information R (i) and the divided secret data K (k) are restored (ST108). The details of the restoration process of the random number information R (i) by the secret information restoration unit 213 are mainly described in the method shown in Non-Patent Document 2, but are roughly calculated in the following order. Next to the description of this general order, a specific calculation procedure will be described in detail. In the third embodiment to be described later, the secret information restoration unit 213 uses the random number information R (
The restoration process such as i) is executed, but since the process is the same, detailed description thereof is omitted in the description of the embodiment.

(Schematic order of secret information restoration processing by the secret information restoration unit)
(1) The divided secret data K (p) is restored from the shared information D (1) and the shared information D (3) by the method shown in Non-Patent Document 2 (1 ≦ p ≦ 4). When all of the divided secret data K (p) are obtained, the controller 212 connects the divided secret data, that is, K = K (1) || K (
2) || K (3) || K (4) is performed to restore the original secret information K.

(2) Using the divided secret data K (p) and the shared information D (j) obtained in (1), the random number information R (i) is obtained by calculation according to the following equation.

R (i) = D (j, i) (+) K ((ji) mod n)
(Detailed procedure for restoring secret information by the secret information restoration unit)
A procedure by which the secret information restoring unit 213 of the dealer apparatus 2 restores the secret information will be described with reference to the drawings. 7 is a flowchart showing a procedure for restoring the secret information by the secret information restoration unit 213, FIG. 8 is a schematic diagram for explaining the operation of the restoration process, and FIG. 9 is a reference for explaining the operation of the restoration process. FIG.

Assuming that the administrator of the secret sharing system 1 using the dealer apparatus 2 inputs an instruction for starting the restoration process of the random number information R (i) from an input section or a display section (not shown), the dealer apparatus 2
Based on this start command, the process for restoring the secret information is started.

The control unit 212 includes five storage server devices 30, a storage server device 31, and a storage server device 32.
, Five pieces of shared information D (0) transmitted to the storage server device 33 and the storage server device 34, respectively.
Collect any two pieces of shared information D (1) and D (3) among D (4) and input the obtained shared information D (1) and D (3) to the secret information restoration unit 213 To do. Here, the shared information D (1), D (3) is used from the above description, but other effective shared information D (0
Needless to say, D (2) may be used.

Upon receiving the shared information D (1) and D (3) (ST11), the secret information restoring unit 213 receives the header information H (1) and H (3) of the two shared information D (1) and D (3). 8 and 9, for example, it is analyzed that j = (i =) 1st and j = 3rd shared information D (1), D (3) (ST12). For example, it is confirmed that the shared information is D (1), D (3).

The secret information restoration unit 213 is one of the two pieces of shared information D (1) and D (3).
With regard to (1), distributed partial data D (1,1) assigned the same column number 1 as row number 1
(ST13).

As a result of the determination in step ST13, when the shared information D (1) includes the distributed partial data D (1, 1) (ST13; YES), the secret information restoring unit 213 executes step ST14.

In step ST14, the distributed partial data D (1, 1) and the other shared information D (
3) Based on the distributed partial data D (3, 1) of the same column number 1 included in 3) and the p = 0th divided secret data K (0) (= 0), the divided secret data K (r) = D (i, i) (+) D (
j, i) (+) The divided secret data K (2) is restored from the equation of K (0) (where r = (j−
i) mod n, where r = 2 (see FIG. 9)).

Specifically, the random number information R (1) is calculated based on the exclusive OR of the distributed partial data D (1, 1) and the divided secret data K (0) (= 0) (ST14-1). ). K (0)
D (1,1) = R (1) may be set without calculating the exclusive OR with (= 0). Subsequently, the divided secret data K (2) is restored based on the exclusive OR of the random number information R (1) and the distributed partial data D (3, 1) (ST14-2).

Further, after the restoration of the divided secret data K (2), it is determined whether or not the first end condition i−r = n−1 is satisfied (ST14). For example, after the restoration of K (2), the first end condition i−r (mod
5) It is determined whether or not 1-2 (mod 5) = 4 satisfies n−1 = 5-1 = 4. Satisfy this case.

In the above example, there may be a case where the first end condition is satisfied but is not satisfied depending on the shared information to be selected. If this determination result does not satisfy the first termination condition, the divided secret data K (
By shifting the restoration formula of r) by r, the other first
The divided secret data K (r + r),..., K ((n−1) r) is restored. However,
K (r + r) = D (i, ir) (+) D (j, ir) (+) K (r),
…,
K ((n−1) r) = D (i, i− (n−2) r) (+) D (j, i− (n−2) r) (
+) K ((n-2) r)).

On the other hand, when the determination result in step ST14 satisfies the first end condition or step ST1
If the determination result of 3 is negative, the secret information restoring unit 213 executes step ST15.

In step ST15, the distributed partial data D (3, 3) to which the same column number 3 as the row number 3 in the other shared information D (3) is assigned, and the same included in one shared information D (1). Distributed partial data D (1,3) of column number 3 and j = 0th divided secret data K (0)
Based on (= 0), the other divided secret data K (−r) = D (i, j) (+) D (j, j
) (+) The divided secret data K (3) is restored from the equation of K (0). Here, -r = ((-
2 + 5) mod 5) = 3.

Specifically, random number data R (3) is calculated based on the exclusive OR of the distributed partial data D (3, 3) and the divided secret data K (0) (= 0) (ST15-1). ). K (0
D (3,3) = R (3) without calculating the exclusive OR with () (= 0). Subsequently, based on the exclusive OR of the random number data R (3) and the distributed partial data D (1,3),
The divided secret data K (3) is restored (ST15-2).

Further, after the restoration of the divided secret data K (−r), it is determined whether or not the second end condition j + r = n−1 is satisfied. For example, after restoration of K (3), the second end condition j + r (mod 5) = 3 +
It is determined whether 2 (mod 5) = 5 (mod 5) = 0 satisfies n−1 = 4. This case is not satisfied.

When this determination result does not satisfy the second end condition, the rest of the divided secret data K is sequentially changed until the second end condition is satisfied by shifting the restoration formula of the divided secret data K (−r) by r.
(−r−r),..., K (− (n−1) r) are restored. However,
K (−r−r) = D (i, j + r) (+) D (j, j + r) (+) K (−r),
…,
K (-(n-1) r) = D (i, j + (n-2) r) (+) D (j, j + (n-2) r)
(+) K (-(n-2) r)).

For example, the remaining divided secret data K (1) and K (4) are restored by steps ST15-3 to ST15-6 in FIGS.

When step ST15 is completed, the secret information restoring unit 213 sends the four pieces of the divided secret data K (1),..., K (4) restored to the control unit 213.

The control unit 213 applies header information H (1) to the divided secret data K (1),..., K (4).
), H (3), if there is a process such as padding, it is removed (ST16). Thereafter, the controller 17 concatenates the divided secret data K (1),..., K (4) to each other, thereby obtaining the secret information K = K (1) ‖K (2) ‖ ... ‖K (4). Restore (ST17).

As a result of the above calculation, the secret information restoring unit 213 obtains each divided secret data K (p) (p: 0 ≦ p ≦ 4).
) To calculate and restore the random number information R (0), R (1), R (2), R (3), and restore the random number information R (0), R (1), R (2) , R (3) is stored in the storage unit 216 (S
T108).

The dealer 2 uses the random number generator 214 to generate new random number information R ′ (i) (i: 0 ≦ i ≦ 3
) And the generated new random number information R ′ (i) is stored in the storage unit 216 (ST109). Specifically, as R ′ (i), R ′ (0), R ′ (1), R ′ (2)
, R ′ (3) is generated, and these four types of random number information are stored in the storage unit 216.

The dealer apparatus 2 uses the update information generation unit 215 to obtain the random number information R (i
) And the new random number information R ′ (i) generated by the random number generation unit 214, the distributed information D (j)
Update information U (i) is calculated according to the following equation.

In particular,
U (i) = R (i) (+) R ′ (i) (where (+) means exclusive OR)
(0 ≦ i ≦ 3)
And the update information U (i) generated by this execution is stored in the storage unit 216 (ST1
10).

Dealer device 2 transmits update information U (i) stored in storage unit 216 in ST110 to storage server device 30 (ST111).

The storage server device 30 that has received the update information U (i) from the dealer device 2 via the communication unit 301 determines that the distributed information update process is necessary by transmission of ST111 and stores it using the update processing unit 303. The shared information D (0) stored in the unit 301 and the updated information U (i) received by transmission of ST111 are used to update the shared information D (0), and the updated shared information D ′ (0) is updated. It memorize | stores in the memory | storage part 302 (ST112).

The shared information D ′ (0) is updated according to the following formula, and the same calculation is executed in the update processing unit 3j2 in the other storage server device 3j.
Only the calculation example of) will be shown. The distributed partial data of the distributed information D ′ (j) is represented as D ′ (j, i).
Then, when j = 0,
D ′ (0, i) = D (0, j) (+) U (i)
(When i = 0)
D ′ (0,0) = {K (0) (+) R (0)} (+) {R (0) (+) R ′ (0)}
= K (0) (+) R '(0)
(When i = 1)
D ′ (0,1) = {K (4) (+) R (1)} (+) {R (1) (+) R ′ (1)}
= K (4) (+) R '(1)
(When i = 2)
D ′ (0,2) = {K (3) (+) R (2)} (+) {R (2) (+) R ′ (2)}
= K (3) (+) R '(2)
(When i = 3)
D ′ (0,3) = {K (2) (+) R (3)} (+) {R (3) (+) R ′ (3)}
= K (2) (+) R '(3)
And each distributed partial data is
Since D ′ (j, i) = K (p) (+) R ′ (i), the update is performed in a form that does not match the distributed partial data before update (FIG. 2). Therefore, D ′ (0) including these distributed partial data D ′ (0, i) is updated to a data structure as shown in FIG.
It is updated in a form that does not match the shared information before update (FIG. 2).

Next, the dealer apparatus 2 transmits the update information U (i) stored in the storage unit 216 in ST110 to the storage server apparatus 31. (ST113).

The storage server device 31 that has received the update information U (i) from the dealer device 2 via the communication unit 312 determines that the update processing of the distributed information is necessary by transmission of ST113 and stores it using the update processing unit 313. The shared information D (1) stored in the unit 312 and the update information U (i) received by transmission of ST111 are used to update the shared information D (1), and the updated shared information D ′ (1) is updated. Store in storage unit 312 (ST114).

Next, dealer device 2 transmits update information U (i) stored in storage unit 216 in ST110 to storage server device 32 (not shown) (ST115).

The storage server device 32 that has received the update information U (i) from the dealer device 2 via the communication unit 322 determines that the shared information update processing is necessary by transmission of ST115, and stores it using the update processing unit 323. The shared information D (2) stored in the unit 322 and the updated information U (i) received by the transmission of ST111 are used to update the shared information D (2), and the updated shared information D ′ (2) is updated. It memorize | stores in the memory | storage part 312 (ST116).

Finally, the dealer apparatus 2 transmits the update information U (i) stored in the storage unit 216 in ST110 to the storage server apparatus 33. (ST117).

The storage server device 33 that has received the update information U (i) from the dealer device 2 via the communication unit 332 determines that the distributed information update processing is necessary by transmission of ST117 and stores it using the update processing unit 333. The shared information D (3) stored in the unit 332 and the updated information U (i) received by transmission of ST111 are used to update the shared information D (3), and the updated shared information D ′ (3) is updated. Store in storage unit 312 (ST118).

Dealer device 2 updates update information U (i) of shared information D (j) to all storage server devices 3j.
Is transmitted, the update date of the distributed information management table 217-1 stored in the DB 217 (
(Not shown) is updated, and if there is any invalid shared information, various information such as validly changing the invalid shared information is updated (ST119).

(Configuration example of shared information after the entire sequence of shared information update processing)
FIG. 6 shows a configuration example of the shared information after the entire sequence of the shared information update process shown in FIG.

6 is different from the shared information shown in FIG. 2 (number of managers of shared information managers n = 5).
4) As a result of the absence of the distributed information managers managing the number of managers and the decrease in the number of managers (the number of managers of the distributed information managers n = 4), the shared information is updated on the remaining storage server devices (0 ≦ j ≦ 3). In this case, the updated distributed information is shown. It can be seen that the shared information D (j) before the update and the shared information D ′ (j) after the update are updated so as not to match by the above-described shared information update process.

Through the above processing, according to the first embodiment of the present invention, the random number information included in the conventional (pre-update) shared information is updated, so that the storage server device retains the conventional shared information as it is. The distributed information can be updated without being stored in the storage. For storage server devices that do not hold conventional shared information, the update information (= random number information) is meaningless data, and even if the existing shared information is held without performing update processing. The original secret information cannot be restored from the updated other shared information.

Therefore, even if the shared information held by the shared information manager that has been lost is not deleted, the original secret information cannot be restored, and the original secret information cannot be obtained from the features of the secret sharing technology. Therefore, even if the shared information is leaked, confidential information is not leaked.

In the first embodiment, the dealer device 2 manages the validity / invalidity of the distributed information, but the storage server device that inquires each storage server device 3j and stores the currently valid distributed information, You may inquire about the size of distributed information.

(Second Embodiment)
The first embodiment is an embodiment for updating shared information by performing processing for updating random number information included in the original shared information to new random information in the secret sharing system. However, the newly generated random number information may be added to the shared information without updating the random number information included in the original shared information. In the second embodiment, random number information is newly added.

(Overall configuration of secret sharing system)
FIG. 13 is a schematic diagram showing an overall configuration of a secret sharing system 1-2 according to the second embodiment of the present invention. This secret sharing system 1-2 is the same as the overall configuration (FIG. 1) shown in the first embodiment except that the secret information restoring unit 213 of the dealer apparatus 2 is not provided. Detailed description of each part will be omitted.

(Operation of dealer device in secret sharing system)
In the overall configuration of the secret sharing system 1-2 in FIG. 13, the dealer device 2 is connected to the storage server device 3j (j: integer of 0 ≦ j ≦ n−1) and n: the number of shared information connected via the network 200. The same applies to the following.) The shared information D (j) generated using the secret sharing scheme shown in Non-Patent Document 2 has already been transmitted. The dealer apparatus 2 generates a new random number R (i) by the random number generation unit 214 and generates update information U (i) of the shared information D (j). Also, the generated update information U (i) is stored in the storage server device 3j connected via the network 200.
) As random number information R (i).

(Internal configuration of dealer equipment)
Although FIG. 13 shows the internal configuration in the dealer apparatus 2, the internal configuration of the dealer apparatus 2 shown in the first embodiment is a configuration without the secret information restoration unit 213, and the others are the same. Description is omitted. However, the dealer information 2 shown in FIG. 13 may include the secret information restoration unit 213 shown in FIG.

(Operation of storage server device in secret sharing system)
In the overall configuration of the secret sharing system 1-2 in FIG. 13, the storage server device 3j includes the shared information D (j) generated in advance by the dealer device 2 based on the secret sharing scheme shown in Non-Patent Document 2.
Keep. Further, the update information U (i) of the shared information D (j) is received from the dealer apparatus 2, and the shared information D (j) stored in the storage unit 3j2 of the storage server apparatus 3j is received from the dealer apparatus 2. It is updated using the update information U (i).

(Internal configuration of storage server device)
FIG. 13 shows the internal configuration of the storage server device 3j, which is the same as that of the first embodiment shown in FIG.

(Overall sequence of distributed information update processing)
Next, in the secret sharing system 1-2 shown in FIG. 13, the shared information manager (0 ≦ j ≦ n−1 (= 4)).
J = 4 shared information manager (shared information D to be managed)
In the case where (4)) is deleted, the operation of updating the shared information D (j) in the secret sharing system 1-2 of the present invention will be described with reference to the sequence diagram of FIG. That is, the precondition regarding the secret sharing scheme is the same as in the first embodiment.

The outline of FIG. 11 is generated for the storage server device 30, the storage server device 31, the storage server device 32, and the storage server device 33 used by the distributed information manager that is not lost (remains). Sequence for transmitting update information U (i) and updating each piece of shared information D (0), D (1), D (2), D (3) stored in storage unit 3j2 of each storage server device 3j It is.

When the administrator of the secret sharing system 1 using the dealer apparatus 2 inputs a request to update the shared information D (j) via a display unit (not shown), the dealer apparatus 2 controls the control unit 21.
Specifically, the secret information K to be managed in 2 is based on the distributed information management table 217-1 (see FIG. 4) stored in the DB 217, and is used by the distributed information manager. And obtains the number j of the storage server device 3j that stores the valid distributed information D (j),
The acquired information (j) is stored in the storage unit 216 (ST201).

For example, in the shared information management table 217-1 shown in FIG. 4, the storage server device 3j that stores valid shared information D (j) is “storage server device 30 with j = 0” and “storage server with j = 1”. It can be grasped in ST201 that the device 31 ", the storage server device 32 with j = 2, and the storage server device 33 with j = 3.

For example, the dealer apparatus 2 uses the random number generation unit 214 to generate new random number information R ′ (i) (i: 0).
≦ i ≦ 3) is generated, and the generated new random number information R ′ (i) is stored in the storage unit 216 (ST202). Specifically, as R ′ (i), R ′ (0), R ′ (1), R
'(2), R' (3) is generated, and these four types of random number information are stored in the storage unit 216.

The dealer apparatus 2 uses the update information generation unit 215 to newly use the random number information R ′ (i) as update information U (i) of the shared information D (j).
U (i) = R ′ (i)
(0 ≦ i ≦ 3)
And the created update information U (i) is stored in the storage unit 216 (ST203). Specifically, U (i) is generated, and these four types of update information are stored in the storage unit 216.

Dealer apparatus 2 transmits update information U (i) stored in storage section 216 in ST203 to storage server apparatus 30 (ST204).

The storage server device 30 that has received the update information U (i) from the dealer device 2 via the communication unit 301 uses the update processing unit 303 to store the distributed information D (0) and ST stored in the storage unit 302.
The shared information D (0) is updated using the update information U (i) received by the transmission of 204, and the updated shared information D ′ (0) is stored in the storage unit 302 (ST205).

The shared information D ′ (0) is updated according to the following formula, and the same calculation is executed in the update processing unit 3j2 in the other storage server device 3j.
Only the calculation example of) will be shown. The distributed partial data of the distributed information D ′ (j) is represented as D ′ (j, i).
Then, when j = 0,
D ′ (0, i) = D (0, i) (+) U (i)
(When i = 0)
D ′ (0,0) = {K (0) (+) R (0)} (+) R ′ (0)
= K (0) (+) R (0) (+) R '(0)
(When i = 1)
D ′ (0,1) = {K (4) (+) R (1)} (+) R ′ (1)
= K (4) (+) R (1) (+) R '(1)
(When i = 2)
D ′ (0,2) = {K (3) (+) R (2)} (+) R ′ (2)}
= K (3) (+) R (2) (+) R '(2)
(When i = 3)
D ′ (0,3) = {K (2) (+) R (3)} (+) R ′ (3)
= K (2) (+) R (3) (+) R '(3)
And each distributed partial data is
Since D ′ (j, i) = K (p) (+) R (i) (+) R ′ (i), the update is performed in a form that does not match the distributed partial data before update (FIG. 2). You can see that Accordingly, D ′ (0) including these distributed partial data D ′ (0, i) is updated to the data structure as shown in FIG. 12, and in a form that does not match the pre-update (FIG. 2) shared information. Will be updated.

Next, dealer device 2 transmits update information U (i) stored in storage unit 216 in ST203 to storage server device 31 (ST206).

The storage server device 30 that has received the update information U (i) from the dealer device 2 via the communication unit 311 determines that the shared information update processing is necessary by transmission of ST206 and stores it using the update processing unit 313. The shared information D (1) stored in the unit 312 and the updated information U (i) received by transmission of ST204 are used to update the shared information D (1), and the updated shared information D ′ (1) is updated. Store in storage unit 312 (ST207).

Next, dealer device 2 transmits update information U (i) stored in storage unit 216 in ST203 to storage server device 32 (not shown) (ST208).

The storage server device 32 that has received the update information U (i) from the dealer device 2 via the communication unit 322 determines that the shared information update processing is necessary by transmission of ST208, and stores it using the update processing unit 323. The shared information D (2) stored in the unit 322 and the updated information U (i) received by the transmission of ST111 are used to update the shared information D (2), and the updated shared information D ′ (2) is updated. It memorize | stores in the memory | storage part 312 (ST209).

Finally, the dealer apparatus 2 transmits the update information U (i) stored in the storage unit 216 in ST203 to the storage server apparatus 33 (ST210).

The storage server device 33 that has received the update information U (i) from the dealer device 2 via the communication unit 331 determines that the distributed information update process is necessary by transmission of ST210, and stores it using the update processing unit 333. The shared information D (3) stored in the unit 332 and the update information U (i) received by transmission of ST204 are used to update the shared information D (3), and the updated shared information D ′ (3) is updated. It memorize | stores in the memory | storage part 332 (ST211).

When the dealer apparatus 2 finishes sending the update information U (i) of the shared information D (j) to all the storage servers 3j, it updates the update date (not shown) of the shared information management table 217-1 stored in the DB 217. Then, if there is any shared information that has been invalidated, various information such as validly changing the invalid shared information is updated (ST212).

(Configuration example of shared information after the entire sequence of shared information update processing)
A configuration example of the shared information after the entire sequence of the shared information update process shown in FIG. 14 is shown in FIG.

12 is different from the shared information shown in FIG. 2 (the number n = 5 managed by the shared information manager).
4) As a result of the absence of the distributed information manager managing the number of managers and the decrease in the number of managers (the number of managed information managers n = 4) The distributed information after the update when managed is shown. It can be seen that the shared information D (j) before the update and the shared information D ′ (j) after the update are updated so as not to match by the above-described shared information update process.

Through the above processing, according to the second embodiment of the present invention, compared to the first embodiment, there is no need to transmit the shared information D (1) or D (3) itself to the dealer apparatus 2, Distributed information update is executed. In other words, since the storage server device 31 and the storage server device 33 do not have to transmit the shared information D (1) and D (3), it is more secure from the viewpoint of information security than being intercepted by someone during the transmission. This is a preferred embodiment.

Similarly to the first embodiment described above, since the secret information cannot be restored from the non-updated shared information and the updated shared information, the effect of the second embodiment of the present invention is the same as the first embodiment described above.
This is the same as or above.

(Third embodiment)
In the first embodiment and the second embodiment, the shared information is updated by changing the random number information R (i) without updating the secret information K itself, but the shared information D (j It is fully conceivable that the secret information K itself is updated at the timing of the update. The third embodiment is an example in which the original secret information K is also updated in the shared information update process.

(Overall configuration of secret sharing system)
FIG. 13 is a schematic diagram showing an overall configuration of a secret sharing system 1-3 according to the third embodiment of the present invention. In this secret sharing system 1-3, the dealer device 2 used by the secret information manager and the secret information K secret-shared by the dealer device 2 using the secret sharing method shown in Non-Patent Document 2 are updated via the network 300. Secret information storage device 4 storing the stored secret information K ′
And n storage server devices 3j (0 ≦ j ≦ n−1) used by n distributed information managers managing the distributed information secretly distributed to n by the dealer device 2.

(Operation of dealer device in secret sharing system)
In the overall configuration of the secret sharing system 1-3 in FIG. 13, the dealer device 2 acquires the sharing information D (j) from the storage server device 3j connected via the network 300, and the dealer device 2 uses the random number information R ( i) is restored, and a random number R ′ (i) is newly generated separately to generate update information U (i). When generating the update information U (i), the updated secret information K ′ is received from the secret information storage device 4 connected via the network 300,
This secret information K ′ is also used to generate update information. Then, the generated update information U (i) is transmitted to the storage server device 3j connected via the network 300.

(Internal configuration of dealer equipment)
Although FIG. 13 shows the internal configuration in the dealer apparatus 2, the detailed configuration is omitted because it is exactly the same as the internal configuration of the dealer apparatus 2 shown in the first embodiment.

(Operation of storage server device in secret sharing system)
In the overall configuration of the secret sharing system 1-3 in FIG. 13, the storage server device 3j uses the shared information D (j) generated in advance by the dealer device 2 based on the secret sharing scheme shown in Non-Patent Document 2.
Are stored, and the distributed information D (j) is transmitted to the dealer apparatus 2 in response to the update processing request for the shared information D (j) from the dealer apparatus 2 and the update information U (i) is received from the dealer apparatus 2. , Distributed information D (j stored in the storage unit 3j1 of the storage server device 3j
) Using the update information U (i) received from the dealer apparatus 2.

(Internal configuration of storage server device)
Although FIG. 13 shows the internal configuration of the storage server device 3j, it is exactly the same as the internal configuration of the storage server device 3j shown in the first embodiment, and therefore detailed description thereof is omitted.

(Operation of secret information storage device in secret sharing system)
In the overall configuration of the secret sharing system 1-3 shown in FIG. 13, the secret information storage device 4 is configured such that the secret information K that can be restored from the shared information D (j) before the update is the administrator who updated the secret information K. The secret information K ′ (K ≠ K ′) updated by the person is transmitted to the dealer apparatus 2 via the network 300.

(Internal configuration of confidential information storage device)
FIG. 13 shows the internal configuration of the secret information storage device 4. In FIG. 13, the secret information storage device 4 includes a communication unit 401 and a storage unit 402.

The communication unit 401 is a processing unit that performs communication such as transmission / reception of secret information K ′ with the dealer apparatus 2.

The storage unit 402 is a storage unit in which secret information K ′ in which the content of the secret information K is updated is stored in advance.

(Overall sequence of distributed information update processing)
Next, in the secret sharing system 1 shown in FIG. 13, 5 of the shared information manager (0 ≦ j ≦ n−1 (= 4)).
For shared information managed by a person, j = 4 shared information manager (managed shared information D (4
)) Disappears (when the shared information D (4) to be managed needs to be invalidated), the operation of updating the shared information D (j) in the secret sharing system 1 of the present invention is shown in FIG.
This will be described with reference to FIG.

The outline of FIG. 14 is that the dealer device 2 does not disappear (remains) the shared information D (1) stored in the storage server device 30 and the storage server 31 used by the distributed information manager.
D (3) and the secret information K ′ acquired from the secret information storage device 4 are acquired and the update information U (i)
And the update information U (i) is transmitted to all the storage server devices 30, the storage server device 31, the storage server device 32, and the storage server device 33 used by the distributed information manager that is not lost. This sequence updates (0), D (1), D (2), and D (3).

When the administrator of the secret sharing system 1 using the dealer apparatus 2 inputs a request to update the shared information D (j) via a display unit (not shown), the dealer apparatus 2 controls the control unit 21.
For the shared information D (j) corresponding to the shared information management table 217-1 stored in the DB 217 via the “2”, the distributed information D (j) used by the distributed information manager and valid is stored. The storage server device 3j number j ”is acquired, and the acquired information (j) is stored in the storage unit 21.
6 (ST301).

For example, in the shared information management table 217-1 shown in FIG. 4, the storage server device 3j that stores valid shared information D (j) is “storage server device 30 with j = 0” and “storage server with j = 1”. In ST301, it is possible to recognize that “the device 31”, “the storage server device 32 with j = 2”, and “the storage server device 33 with j = 3”.

The dealer apparatus 2 uses, for example, effective distributed information stored in the storage unit 312 of the storage server apparatus 31 from the storage server apparatus 31 (j = 1: effective) connected by the network 100 via the communication unit 211. A distributed information acquisition request 1 which is an acquisition request for D (1) is sent (ST30).
2).

In response to the shared information acquisition request 1 transmitted from the dealer apparatus 2 connected via the communication unit 311 via the communication unit 311 in ST102, the storage server device 30 stores the distributed information stored in the storage unit 312 of the storage server device 31. A distributed information acquisition response 1 including D (1) is transmitted (
ST303).

The dealer apparatus 2 acquires the distributed information D (1) from the data of the distributed information acquisition response 1 transmitted from the storage server apparatus 30 connected via the communication unit 211 via the network 300, and stores the storage unit 216 of the own apparatus 2. (ST304).

Next, the dealer apparatus 2 receives, for example, a valid stored in the storage unit 312 of the storage server apparatus 33 from the storage server 33 (j = 3: valid) connected by the network 300 via the communication unit 211. A shared information acquisition request 3 that is a request for acquiring the shared information D (3) is transmitted (S
T305).

In response to the shared information acquisition request 3 transmitted from the dealer apparatus 2 connected via the communication unit 331 via the communication unit 331 in ST305, the storage server device 31 stores the distributed information stored in the storage unit 332 of the storage server device 33. The distributed information acquisition response 3 including D (3) is transmitted (
ST306).

The dealer apparatus 2 acquires the distributed information D (3) from the data of the distributed information acquisition response 3 transmitted from the storage server apparatus 33 connected via the communication unit 211 via the network 300, and stores the storage unit 216 of the own apparatus 2. (ST307).

The dealer apparatus 2 includes the shared information D (1) and the shared information D (3) stored in the storage unit 216.
), The secret information restoring unit 213 restores the random number information R (i) and the divided secret data K (p) (ST308). The details of the restoration process of the random number information R (i) and the divided secret data K (p) by the secret information restoration unit 213 are described in the method shown in Non-Patent Document 2, but are omitted. Operate in the following order: Note that this is the same as the example shown in the first embodiment.

(Schematic order of random number information restoration processing by the secret information restoration unit)
(1) The divided secret data K (p) is restored from the shared information D (1) and the shared information D (3) by the method shown in Non-Patent Document 2. That is, K (1), K (2), K (3), and K (4) are restored. When all of the divided secret data K (p) are obtained, the control unit 212 calculates the concatenation of the divided secret data, that is, K = K (1) || K (2) || K (3) || K (4). As a result, the original secret information K is restored (k: an integer satisfying 0 ≦ k ≦ 4).

(2) Using the divided secret data K (p) and the shared information D (j) obtained in (1), the random number information R (i) is obtained by calculation according to the following equation.

R (i) = D (j, i) (+) K ((ji) mod n)
The secret information restoration unit 213 obtains the divided secret data K (p) (p: 0 ≦ k ≦ 4) as a result of the above calculation.
Random number information R (0), R (1), R (2), R (3) is calculated and restored from the calculated random number information R (0), R (1), R (2), R (3) is stored in the storage unit 216 (ST
308).

The dealer 2 uses the random number generator 214 to generate new random number information R ′ (i) (i: 0 ≦ i ≦ 3
) And the generated new random number information R ′ (i) is stored in the storage unit 216 (ST309). Specifically, as R ′ (i), R ′ (0), R ′ (1), R ′ (2)
, R ′ (3) is generated, and these four types of random number information are stored in the storage unit 216.

The dealer apparatus 2 transmits a secret information acquisition request that is an acquisition request for the secret information K ′ stored in the storage unit 402 of the secret information storage apparatus 4 to the secret information storage apparatus 4 via the communication unit 211 ( ST310).

In response to the secret information acquisition request received via communication unit 401 in ST310, secret information storage device 4 transmits a secret information acquisition response including secret information K ′ to dealer device 2 via communication unit 401 (ST311). .

The dealer apparatus 2 acquires the secret information K ′ from the secret information acquisition response data transmitted from the secret information storage apparatus 4 connected via the communication unit 211 via the network 300, and uses the acquired secret information K ′. Store in storage section 216 (ST312). At this time, although not illustrated in FIG. 14, the control unit 212 performs p (= 4) K ′ (p: 1 ≦ p ≦ 4) with respect to the secret information K ′ acquired from the secret information management device 4. ) To generate divided secret data K ′ (p). At this time, since the control unit 212 also generates zero value data of K ′ (0) (= 0), as K ′ (p), specifically, K ′ (0), K ′ (1) , K ′ (2), K ′ (3
), K ′ (4) is generated.

The dealer apparatus 2 uses the update information generation unit 215 to update information U (i).
U (i) = K (p) (+) K ′ (p) (+) R (i) (+) R ′ (i)
(Where + means exclusive OR)
(0 ≦ p ≦ 4, 0 ≦ i ≦ 3)
And the generated update information U (i) is stored in the storage unit 216 (ST313). Specifically, U (i) is generated, and this update information U (i) is stored in the storage unit 216.

Here, it is assumed that the bit length of the original secret information K (p) is equal to the bit length of the original random information R (i), and the bits of the updated secret information K ′ (p) acquired from the secret information management device 4 It is assumed that the length and the bit length of the new random number information R ′ (i) are equal.

Dealer apparatus 2 transmits update information U (i) stored in storage section 216 in ST313 to storage server apparatus 30 (ST314).

Storage server 30 that has received update information U (i) from dealer device 2 via communication unit 301
Determines that update processing of shared information is necessary by transmission of ST314, and updates processor 3
03 is used to update the shared information D (0) using the shared information D (0) stored in the storage unit 302 and the update information U (i) received by transmission of ST314, and this updated shared information D '
(0) is stored in the storage unit 302 (ST315).

The shared information D ′ (0) is updated according to the following formula, and the same calculation is executed in the update processing unit 3j2 in the other storage server device 3j.
Only the calculation example of) will be shown. The distributed partial data of the distributed information D ′ (j) is represented as D ′ (j, i).
Then, when j = 0,
D ′ (0, i) = D (0, j) (+) U (i)
(When i = 0)
D ′ (0,0) = {K (0) (+) R (0)} (+) {K (0) (+) K ′ (0)
(+) R (0) (+) R ′ (0)}
= K '(0) (+) R' (0)
(When i = 1)
D ′ (0,1) = {K (4) (+) R (1)} (+) {K (4) (+) K ′ (4)
(+) R (1) (+) R ′ (1)}
= K '(4) (+) R' (1)
(When i = 2)
D ′ (0,2) = {K (3) (+) R (2)} (+) {K (3) (+) K ′ (3)
(+) R (2) (+) R ′ (2)}
= K '(3) (+) R' (2)
(When i = 3)
D ′ (0,3) = {K (2) (+) R (3)} (+) {K (2) (+) K ′ (2)
(+) R (3) (+) R ′ (3)}
= K '(2) (+) R' (3)
And each distributed partial data is
Since D ′ (j, i) = K ′ (p) (+) R ′ (i), the update is performed in a form that does not match the pre-update (FIG. 2) distributed partial data. Therefore, D ′ (0) including these distributed partial data D ′ (0, i) is updated to the data structure as shown in FIG. 15 and does not match the pre-update (FIG. 2) shared information. Will be updated.

Next, the dealer apparatus 2 transmits the update information U (i) stored in the storage unit 216 in ST313 to the storage server apparatus 31 (ST316).

The storage server device 31 that has received the update information U (i) from the dealer device 2 via the communication unit 311 determines that the distributed information update process is necessary by transmission of ST316, and stores it using the update processing unit 303. The shared information D (1) stored in the unit 312 and the updated information U (i) received by the transmission of ST316 are used to update the shared information D (1), and the updated shared information D ′ (1) is updated. It memorize | stores in the memory | storage part 312 (ST317).

Next, dealer device 2 transmits update information U (i) stored in storage unit 216 in ST313 to storage server device 32 (not shown) (ST318).

The storage server device 32 that has received the update information U (i) from the dealer device 2 via the communication unit 322 determines that the distributed information update processing is necessary by transmission of ST318, and stores it using the update processing unit 323. The shared information D (2) stored in the unit 322 and the updated information U (i) received by transmission of ST318 are used to update the shared information D (2), and the updated shared information D ′ (2) is updated. It memorize | stores in the memory | storage part 312 (ST319).

Finally, the dealer apparatus 2 transmits the update information U (i) stored in the storage unit 216 in ST203 to the storage server apparatus 33 (ST320).

The storage server device 33 that has received the update information U (i) from the dealer device 2 via the communication unit 331 determines that the distributed information update process is necessary by transmission of ST320, and stores it using the update processing unit 333. The shared information D (3) stored in the unit 332 and the update information U (i) received by transmission of ST204 are used to update the shared information D (3), and the updated shared information D ′ (3) is updated. It memorize | stores in the memory | storage part 332 (ST321).

When the dealer apparatus 2 finishes sending the update information U (i) of the shared information D (j) to all the storage servers 3j, it updates the update date (not shown) of the shared information management table 217-1 stored in the DB 217. Then, if there is any invalid shared information, various information such as validly changing the invalid shared information is updated (ST322).

(Configuration example of shared information after the entire sequence of shared information update processing)
FIG. 15 shows a configuration example of the shared information after the entire sequence of the shared information update process shown in FIG. FIG. 15 shows a storage server device (see FIG. 2) that manages the shared information D (4) for the shared information shown in FIG.
14 shows deleted shared information when j = 4) is deleted and the remaining storage server devices (0 ≦ j ≦ 3) are updated and managed by the procedure of FIG. It can be seen that the shared information D (j) before the update and the shared information D ′ (j) after the update are updated so as not to match by the above-described shared information update process.

Through the above processing, according to the third embodiment of the present invention, compared to the first embodiment and the second embodiment, the update of the distributed information considering the update of the secret information K itself is executed. Is possible. In addition, when the bit length of the new secret information is larger than the bit length of the secret information when the shared information was previously generated, the size of each distributed partial data length is larger than the size of the conventional distributed partial data length. growing. However, since the newly generated random number information is larger than the size of the conventional distributed partial data length, the previous secret information is not leaked and there is no security problem.

When the bit length of the new secret information is smaller than the bit length of the previous secret information, the size of each distributed partial data length is smaller than the size of the conventional distributed partial data length. If the size of the distributed partial data length does not change, a part of the conventional secret information may be leaked, but when the dealer device performs secret sharing, the size of the distributed partial data length is changed to the bit length of the new secret information. By making it smaller at the same time, it can be said that there is no security problem because the previous secret information is not leaked by the combination with the newly generated random number.

Note that the method described in the above embodiment includes a magnetic disk (floppy (registered trademark) disk, hard disk, etc.), a program that can be executed by a computer,
It can also be stored and distributed in a storage medium such as an optical disk (CD-ROM, DVD, etc.), a magneto-optical disk (MO), or a semiconductor memory.

In addition, as long as the storage medium can store a program and can be read by a computer, the storage format may be any form.

In addition, an OS (operating system) running on a computer based on an instruction of a program installed in the computer from a storage medium, MW (middleware) such as database management software, network software, and the like realize the above-described embodiment. A part of each process may be executed.

Furthermore, the storage medium in the present invention is not limited to a medium independent of a computer, but also includes a storage medium in which a program transmitted via a LAN or the Internet is downloaded and stored or temporarily stored.

Further, the number of storage media is not limited to one, and the case where the processing in the above embodiment is executed from a plurality of media is also included in the storage media in the present invention, and the media configuration may be any configuration.

The computer according to the present invention executes each process in the above-described embodiment based on a program stored in a storage medium, and is a single device such as a personal computer or a system in which a plurality of devices are connected to a network. Any configuration may be used.

In addition, the computer in the present invention is not limited to a personal computer, but includes an arithmetic processing device, a microcomputer, and the like included in an information processing device, and is a generic term for devices and devices that can realize the functions of the present invention by a program. .

Note that the present invention is not limited to the above-described embodiment as it is, and can be embodied by modifying the constituent elements without departing from the scope of the invention in the implementation stage. Moreover, various inventions can be formed by appropriately combining a plurality of constituent elements disclosed in the embodiment. For example, some components may be deleted from all the components shown in the embodiment. Furthermore, constituent elements over different embodiments may be appropriately combined. For example, in the first embodiment or the third embodiment described above, when the dealer apparatus 2 acquires shared information from the storage server apparatus 3j that stores valid shared information, D (1) and D (3) In this example, D (0) or D (2) may be acquired as long as it is valid shared information. Of course, the random number information R (i
The same applies to the calculation of the divided secret data K (p).

Further, in each of the above embodiments, a flag for indicating the validity and invalidity of the shared information is added, and the content of this flag is determined by an administrator or the like. However, it is not due to human processing, but mechanically, for example, if a specific number of days has elapsed since the latest update date (included in the header information H (j) of the distributed information D (j)). There may also be an application example in which the content of this flag is automatically changed from “valid” to “invalid” based on information of an internal clock (not shown) of the dealer apparatus 2.

In addition, there are no particular criteria for determining the validity or invalidity of the distributed information. For example, when history information that the shared information D (j) is transmitted from the dealer apparatus 2 to the storage server apparatus 3j is managed in the storage unit 216 or the DB 217, the shared information D (j) is valid. If the information is not transmitted, the shared information D (j) is invalid.
You may judge by 12.

Moreover, although the said dealer apparatus 2 is providing the memory | storage part 216 and DB217 separately as an internal structure, you may provide these 216 and 217 as memory | storage part 216 'integrated. Further, each storage unit 3j2 of the storage server device 3j is a storage unit 21 of the dealer device 2.
6 'may be included in the internal configuration of the storage server device 3j, or may be included in the storage unit 216' of the dealer device 2 as well as the internal configuration of the storage server device 3j. It doesn't matter if you do. In the former case, the updated shared information D ′ (j) is not stored in the storage server device 3j but only stored in the storage unit 216 ′ of the dealer device 2, and in the latter case, after the update The distributed information D ′ (j) is stored in both the storage server device 3j and the storage unit 216 ′ of the dealer device 2. Which configuration is adopted depends on the policy of the system administrator.

In addition, in the above embodiments, the timing at which the shared information management table 217-1 is updated is that the dealer apparatus 2 updates all of the shared information update information to the storage server apparatus 3j and then updates the shared information management table 217-1 all at once. However, it is not limited to this. For example, when one piece of update information of certain shared information is transmitted, the corresponding record of the shared information management table 217-1 regarding the distributed information to be transmitted may be updated. Further, the record may be updated when a specific number of transmissions are completed without being limited to one by one. In this connection, the shared information management information on the shared information management table may be in a table format or a file format. Particularly in the case of a file format, the management information may be provided for each piece of shared information, or may be provided in a file format for the shared information of one secret information K.

Furthermore, in each of the above embodiments of the present invention, it is assumed that one shared information D (j) is stored in the storage unit 3j2 of the storage server device 3j used by the distributed information manager. Yes. However, depending on the policy of the shared information manager, there are cases where a plurality of the same shared information D (j) is prepared (created) in the storage unit 3j2 as a backup of the shared information D (j). However, even if it is for backup, if a large amount of shared information D (j) is prepared (created), this shared information D (j) may leak to the outside. )
Is not preferred. Therefore, when the update processing unit 3j3 receives the update information U (i) of the shared information D (j) from the dealer apparatus 2 and updates the shared information D (j), the update processing unit 3j3 is stored in the storage unit 3j2. The shared information D (j) is searched, the update information U (i) is copied by the number of the same shared information D (j) found by the search, and all the shared information D (j) is prepared by copying. The updated shared information D ′ (j) may be generated simultaneously or at a specific timing using the update information U (i). The shared information D ′ (j) can be updated by a selective operation by the shared information manager using the storage server device, not limited to a specific timing. By doing so, even if a plurality of pre-update shared information D (j) is stored in the storage unit 3j2, the pre-update shared information D (j) remains at all even after the update. This is a more preferable embodiment from the viewpoint of information security.

Furthermore, in the third embodiment of the present invention, it is described on the assumption that the dealer apparatus 2 acquires the distributed information D (j) from each storage server apparatus 3j. However, there may be no acquisition act. . Specifically, in order to generate the update information U (i) of the shared information D (j), the update acquired from the secret information storage device without acquiring the shared information D (j) from each storage server device 3j. Update information U (i) is obtained by exclusive OR with the later secret information K ′ and the newly generated random number.
May be configured to generate.

It is a mimetic diagram showing the whole secret sharing system composition concerning a 1st embodiment in the present invention. FIG. 3 is a data structure diagram of shared information distributed in advance to a shared information manager in the secret sharing system according to the embodiment. 6 is a diagram specifically illustrating a data structure of distributed information stored in a storage server device. It is drawing which showed concretely the data structure of the distributed information management table memorize | stored in DB of a dealer apparatus. It is the whole sequence diagram of the update process of the shared information in the embodiment. It is a data structure figure of the shared information which the administrator of the shared information after the update in the embodiment holds. It is the flowchart which showed the procedure in which the secret information decompression | restoration part in the same embodiment decompress | restores secret information. It is a schematic diagram for demonstrating the operation | movement of the decompression | restoration process in the embodiment. FIG. 6 is a reference diagram for explaining the operation of the restoration process in the embodiment It is a schematic diagram which shows the whole structure of the secret sharing system which concerns on 2nd Embodiment in this invention. It is the whole sequence diagram of the update process of the shared information in the embodiment. It is a data structure figure of the shared information which the administrator of the shared information after the update in the embodiment holds. It is a schematic diagram which shows the whole structure of the secret sharing system which concerns on 3rd Embodiment in this invention. It is the whole sequence diagram of the update process of the shared information in the embodiment. It is a data structure figure of the shared information which the administrator of the shared information after the update in the embodiment holds. It is the schematic diagram which showed the whole structure of the secret sharing system which showed an example of the update of the shared information in the past.

Explanation of symbols

1, 1-2, 1-3 ... secret sharing system, 100, 200, 300 ... network, 2
... Dealer device, 30, 31, 32, 33, 3j, 34 ... Storage server device, 4 ... Secret information management device, 211, 301, 311, 321, 331, 341, 401 ... Communication unit, 21
2 ... control unit, 213 ... secret information restoration unit, 214 ... random number generation unit, 215 ... update information generation unit,
216: Storage unit, 217: DB, 302, 312, 323, 333, 342, 402 ... Storage unit, 303, 313, 323, 333, 343 ... Update processing unit.

Claims (27)

N (n ≧ 2) shared information D (0),..., D (j),.
D (n−1) (0 ≦ j ≦ n−1) is individually transmitted to n storage devices, and any two of the n pieces of shared information D (j), D (j ′) (0 ≦ j ′ ≦ n−1, j ≠ j
'), The (2, n) type information management device capable of restoring the secret information K, and the individually distributed shared information are stored and the shared information is transmitted in response to a request from the information management device An information management system comprising n storage devices,
The information management device includes:
Storage means for storing distributed information received from the storage device;
For the shared information stored in the storage means, random number information R (i) (
Random number information restoring means for restoring 0 ≦ i ≦ n−2);
random number generating means for generating n-1 pieces of random number information R ′ (i);
Update information generating means for generating update information U (i) of the shared information using the random number information restored by the random number information restoring means and the random number information generated by the random number generating means;
Update information transmitting means for transmitting update information generated by the update information generating means to the storage device,
Each of the storage devices
Shared information storage means for storing shared information transmitted by the information management device;
Shared information updating means for updating shared information using shared information stored in the shared information storage means and update information transmitted from the information management device;
An information management system comprising: The information management device further includes storage means for storing shared information management information that associates valid or invalid status information of the shared information,
2. The information management system according to claim 1, wherein when the information management device acquires shared information from the storage device, only the valid shared information is acquired based on the status information of the shared information management information. . 3. The information management apparatus updates the distributed information management information stored in the storage unit each time the update information transmission unit transmits the update information of the shared information to the storage device.
The information management system described. The information management apparatus updates the shared information management information stored in the storage unit simultaneously after the update information transmission unit transmits update information of all the shared information to the storage device. 2. Information management system according to 2. N (n ≧ 2) shared information D (0),..., D (j),.
D (n−1) (0 ≦ j ≦ n−1) is individually transmitted to n storage devices, and any two of the n pieces of shared information D (j), D (j ′) (0 ≦ j ′ ≦ n−1, j ≠ j
') Is a (2, n) type information management device capable of restoring the secret information K from
Storage means for storing distributed information received from the storage device;
For the shared information stored in the storage means, random number information R (i) (
Random number information restoring means for restoring 0 ≦ i ≦ n−2);
random number generating means for generating n-1 pieces of random number information R ′ (i);
Update information generating means for generating update information U (i) of the shared information using the random number information restored by the random number information restoring means and the random number information generated by the random number generating means;
An information management apparatus comprising: an update request information transmission unit configured to transmit update request information of shared information including update information generated by the update information generation unit to the storage device. The information management device stores in the storage means distributed information management information that associates valid or invalid status information of the shared information.
6. The information management apparatus according to claim 5, wherein, when shared information is acquired from the storage apparatus, only valid shared information is acquired based on status information of the shared information management information. 7. The information management apparatus updates the shared information management information stored in the storage unit each time the update information transmission unit transmits the update information of the shared information to the storage device.
The information management device described. The information management apparatus updates the shared information management information stored in the storage unit simultaneously after the update information transmission unit transmits update information of all the shared information to the storage device. 6. The information management device according to 6. N (n ≧ 2) shared information D (0),..., D (j),.
D (n−1) (0 ≦ j ≦ n−1) is individually transmitted to n storage devices, and any two pieces of shared information D among the n pieces of shared information D (j). (J), D (j ′) (0 ≦ j ′ ≦ n−1)
, J ≠ j ′) to a computer that is a (2, n) type information management device capable of restoring the secret information K from
For the shared information received from the storage device, random number information R (i) (
Random number information restoration function for restoring 0 ≦ i ≦ n−2),
a random number generation function for generating n-1 pieces of random number information R ′ (i);
An update information generation function for generating update information U (i) of the shared information using the random number information recovered by the random number information recovery function and the random number information generated by the random number generation function;
An information management program for realizing, in the storage device, an update request information transmission function for respectively transmitting update request information of distributed information including update information generated by the update information generation function. Storing in the storage means distributed information management information that associates valid or invalid state information of the shared information;
The information management program according to claim 9 for realizing a function of acquiring only valid shared information based on status information of the shared information management information when the shared information is acquired from the storage device. 11. The information management program according to claim 10, for realizing a function of updating the distributed information management information stored in the storage unit each time the update information transmission unit transmits the update information of the shared information to the storage device. 12. The information management according to claim 11, for realizing a function of updating the shared information management information stored in the storage unit at a time after the update information transmission unit transmits update information of all the shared information to the storage device. program. N (n ≧ 2) shared information D (0),..., D (j),.
(2, n) type information management device for individually transmitting D (n−1) (0 ≦ j ≦ n−1) to n storage devices, and n for storing the individually transmitted distributed information An information management system comprising a storage device,
The information management device includes:
random number generating means for generating n-1 pieces of random number information R ′ (i) (0 ≦ i ≦ n−2);
Update information generating means for generating update information U (i) of the shared information using random number information R ′ (i) generated by the random number generating means;
Update information transmitting means for transmitting update information generated by the update information generating means to the storage device, respectively,
Each of the storage devices
Shared information storage means for storing shared information transmitted by the information management device;
Shared information updating means for updating shared information using shared information stored in the shared information storage means and update information transmitted from the information management device;
An information management system comprising: Storage means for storing shared information management information that associates valid or invalid state information of the shared information;
3. The information management apparatus updates the distributed information management information stored in the storage unit each time the update information transmission unit transmits the update information of the shared information to the storage device.
The information management system described. The information management apparatus updates the shared information management information stored in the storage unit simultaneously after the update information transmission unit transmits update information of all the shared information to the storage device. 14. The information management system according to 14. N (n ≧ 2) shared information D (0),..., D (j),.
A (2, n) type information management device that individually transmits D (n−1) (0 ≦ j ≦ n−1) to n storage devices,
random number generating means for generating n-1 pieces of random number information R ′ (i) (0 ≦ i ≦ n−2);
Update information generating means for generating update information U (i) of the shared information using random number information R ′ (i) generated by the random number generating means;
An information management apparatus comprising: an update request information transmission unit configured to transmit update request information of shared information including update information generated by the update information generation unit to the storage device. Storage means for storing shared information management information that associates valid or invalid state information of the shared information;
17. The information management apparatus according to claim 16, wherein the update information transmission unit updates the distributed information management information stored in the storage unit every time the update information transmission unit transmits the update information of the shared information to the storage device. 18. The information management apparatus according to claim 17, wherein the update information transmitting unit updates the shared information management information stored in the storage unit at once after the update information transmission unit transmits the update information of all the shared information to the storage device. . N (n ≧ 2) shared information D (0),..., D (j),.
D (n−1) (0 ≦ j ≦ n−1) is individually transmitted to n storage devices to a computer that is a (2, n) type information management device.
a random number generation function for generating n-1 pieces of random number information R ′ (i) (0 ≦ i ≦ n−2);
An update information generation function for generating update information U (i) of the shared information using random number information generated by the random number generation function;
An information management program for realizing, in the storage device, an update request information transmission function for respectively transmitting update request information of distributed information including update information generated by the update information generation function. Storing in the storage means distributed information management information that associates valid or invalid state information of the shared information;
20. The information management program according to claim 19, for realizing a function of updating the distributed information management information stored in the storage unit each time the update information transmission function transmits update information of the distributed information to each storage device. 21. The information management according to claim 20, wherein the update information transmitting unit realizes a function of simultaneously updating the distributed information management information stored in the storage unit after the update information transmission unit transmits update information of all the shared information to the storage device. program. N (n ≧ 2) shared information D (0),..., D (j),.
D (n−1) (0 ≦ j ≦ n−1) is individually transmitted to n storage devices, and any two of the n pieces of shared information D (j), D (j ′) (0 ≦ j ′ ≦ n−1, j ≠ j
(2) type (2, n) type information management apparatus capable of restoring the secret information K, and the distributed information transmitted individually and storing the distributed information in response to a request from the information management apparatus An information management system comprising a storage device and a secret information management device for storing secret information K ′ after the update of the secret information K,
The information management device includes:
Storage means for storing distributed information received from the storage device;
For the shared information stored in the storage means, random number information R (i) (
Random number information restoring means for restoring 0 ≦ i ≦ n−2);
random number generating means for generating n-1 pieces of random number information R ′ (i);
Requesting the secret information management device to acquire the secret information, updated secret information acquisition means for acquiring the secret information,
Using the random number information restored by the random number information restoring means, the random number information generated by the random number generating means, and the secret information obtained by the updated secret information obtaining means, the update information U (i) of the shared information is generated. Update information generating means;
Update information transmitting means for transmitting update information generated by the update information generating means to the storage device, respectively,
Each of the storage devices
Shared information storage means for storing shared information transmitted by the information management device;
Shared information updating means for updating shared information using shared information stored in the shared information storage means and update information transmitted from the information management device;
An information management system comprising: The secret information acquired by the update information acquisition means is divided into n-1 pieces and divided secret data K ′ (
p) further comprising secret information dividing means for generating (0 ≦ p ≦ n−1),
23. The information management system according to claim 22, wherein the update information generating means uses the divided secret data generated by the secret information dividing means when generating the update information of the shared information. N (n ≧ 2) shared information D (0),..., D (j),.
D (n−1) (0 ≦ j ≦ n−1) is individually transmitted to n storage devices, and any two pieces of shared information D among the n pieces of shared information D (j). (J), D (j ′) (0 ≦ j ′ ≦ n−1)
, J ≠ j ′), it is a (2, n) type information management device capable of restoring the secret information K,
Storage means for storing distributed information received from the storage device;
For the shared information stored in the storage means, random number information R (i) (
Random number information restoring means for restoring 0 ≦ i ≦ n−2);
random number generating means for generating n-1 pieces of random number information R ′ (i);
Update secret information acquisition means for requesting acquisition of the secret information to the secret information management device that stores the updated secret information K ′, and acquiring the secret information;
Update that generates update information U (i) of the shared information using the random number information restored by the information restoration means, the random number information generated by the random number generation means, and the secret information acquired by the updated secret information acquisition means Information generating means;
An information management apparatus comprising: an update request information transmitting unit that transmits update request information of shared information including update information U (i) generated by the update information generating unit to the storage device. The secret information acquired by the update information acquisition means is divided into n-1 pieces and divided secret data K ′ (
p) further comprising secret information dividing means for generating (0 ≦ p ≦ n−1),
25. The information management apparatus according to claim 24, wherein the update information generating unit uses the divided secret data generated by the secret information dividing unit when generating the update information of the shared information. N (n ≧ 2) shared information D (0),..., D (j),.
(N−1) (0 ≦ j ≦ n−1) is individually transmitted to n storage devices, and any two pieces of shared information D (j), D among the n pieces of shared information (J ′) (0 ≦ j ′ ≦ n−1, j ≠ j ′
) To a computer that is a (2, n) type information management device capable of restoring secret information K from
For the shared information received from the storage device, random number information R (i) included in the shared information
A random number information restoration function for restoring (0 ≦ i ≦ n−2);
a random number generation function for generating n-1 pieces of random number information R ′ (i);
An update secret information acquisition function for requesting acquisition of the secret information to the secret information management device storing the secret information K ′ after the update of the secret information K, and acquiring the secret information;
Using the random number information restored by the random number information restoration function, the random number information created by the random number generation function, and the secret information obtained by the updated secret information acquisition function, the update information U (i) of the shared information is generated. Update information generation function,
An information management program for realizing, in the storage device, an update request information transmission function for respectively transmitting update request information of distributed information including update information generated by the update information generation function. The secret information acquired by the update information acquisition means is divided into n-1 pieces and divided secret data K ′ (
p) further having a secret information dividing function for generating (0 ≦ p ≦ n−1),
27. The program according to claim 26, wherein the update information generation function realizes a function of using the divided secret data generated by the secret information division function when generating update information of the shared information.