JP2009164996A - Information processor - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To prevent long-term and continuous leakage of whole encrypted text stored in a storage means due to the leakage of an encryption key and an encryption algorithm. <P>SOLUTION: Periodically, encrypted text files stored in a hard disk etc. are sequentially read and decoded on the basis of a decoding module using an encryption key and an decoding algorithm corresponding to the files, and are sequentially reencrypted by a decoding module using an encryption key and an encryption algorithm that are different from the encryption key and the algorithm used for the encryption of the encrypted text files. In this case, since required encryption key, encryption algorithm and decoding module have been also encrypted, these are reencrypted after decoding and using them as need. Furthermore, an encryption key etc. is updated under predetermined conditions (S1 to S9). <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention relates to an information processing apparatus including a storage unit that stores a ciphertext obtained by encrypting a plaintext, and a processing unit that decrypts the ciphertext and edits the plaintext and then re-encrypts the ciphertext.

  2. Description of the Related Art Conventionally, in order to prevent data leakage, an information processing apparatus comprising storage means for storing a ciphertext obtained by encrypting plaintext, and processing means for decrypting the ciphertext and editing the plaintext and then re-encrypting the ciphertext (For example, Patent Document 1 below).

  According to this configuration, the data stored in the storage means can always be encrypted, and even if a third party steals the data in the storage means, it is difficult to interpret the contents, and the data is concealed. Can increase the sex.

  However, in the above-described conventional example, the plaintext after decryption is encrypted again with the same encryption program and the same encryption key as those related to encryption of the ciphertext before decryption. Once the encryption program and encryption key are leaked, the contents of the ciphertext may leak for a long time and continuously.

Therefore, in Patent Document 2 below, when the encryption key is updated, the encrypted text stored in the storage means is decrypted, and then the plaintext is updated and is different from that related to encryption of the encrypted text. A configuration for re-encrypting is disclosed.
Japanese Patent Laid-Open No. 2-15534 JP 2003-134103 A

  However, the invention of the above-mentioned Patent Document 2 can be said that the confidentiality of data is still low because the encryption algorithm is the same as that related to the ciphertext before decryption even if the encryption key at the time of re-encryption is different. Also, since re-encryption is performed only when the encryption key is updated, if you forget to update the encryption key, the ciphertext will not be re-encrypted with a different encryption key. Once the algorithm is leaked, the contents of the ciphertext are leaked for a long time and continuously until the encryption key is updated. Further, when the present invention is applied when ciphertext is used (edited) as in Patent Document 1, only the ciphertext used is re-encrypted with a different key, so that the unused ciphertext is re-encrypted. There is nothing to do.

  In view of the above problems, an object of the present invention is to provide an information processing apparatus capable of preventing long-term and continuous leakage of all ciphertexts stored in storage means due to leakage of encryption keys and encryption algorithms. It is to provide.

In the first aspect of the information processing apparatus according to the present invention,
In an information processing apparatus comprising storage means for storing a ciphertext obtained by encrypting plaintext, and processing means for decrypting the ciphertext and editing the plaintext and then re-encrypting the plaintext,
The storage means stores a plurality of mutually different encryption keys, encryption programs, and decryption programs,
The processing means periodically controls the storage means to sequentially read out the ciphertexts stored therein, decrypts them based on the corresponding decryption program, and decrypts the plaintext before decryption. Re-encrypt with an encryption program using an algorithm different from that related to encryption of ciphertext and an encryption key different from the encryption program, and store in the storage means;
It is characterized by that.

  Note that the plaintext and ciphertext forms are electronic files or electronic data.

In the second aspect of the information processing apparatus according to the present invention, in the first aspect,
The encryption key, the encryption program, and the decryption program stored in the storage means are each encrypted.
The processing means further controls the storage means at the time of re-encrypting the ciphertext, reads and decrypts the encryption key to be used, the encryption program and the decryption program, and uses them It is characterized by re-encryption.

In the third aspect of the information processing apparatus according to the present invention, in the first or second aspect,
The processing means is further characterized in that the ciphertext is decrypted and the plaintext is re-encrypted with the encryption key and the encryption program that are different for each plaintext.

In a fourth aspect of the information processing apparatus according to the present invention, in the aspect according to any one of the first to third aspects,
The processing means is further configured to decrypt the ciphertext and edit the plaintext, and then decrypt the ciphertext with an encryption program using an algorithm different from that related to encryption of the ciphertext and a different encryption key. The plaintext is re-encrypted and stored in the storage means.

In a fifth aspect of the information processing apparatus according to the present invention, in the aspect according to any one of the first to fourth aspects,
The storage means further includes an operating system having a task management function that gives a right to execute processing to a task assigned the highest priority among a plurality of tasks including a re-encryption task of the processing means. Stored,
The re-encryption task is characterized by being given the lowest priority among the plurality of tasks.

In a sixth aspect of the information processing apparatus according to the present invention, in the aspect according to any one of the first to fifth aspects,
Further comprising communication means coupled to the communication path;
The processing means is further connected to a host computer via the communication means and the communication path, and downloads and updates the encryption program and the corresponding decryption program from the host computer to the storage means.
It is characterized by that.

  The communication path includes wired and wireless.

  According to the configuration of the first aspect, “periodically, the storage unit is controlled to sequentially read the ciphertexts stored in the storage unit, and these are decrypted based on the corresponding decryption program. Processing means is provided that re-encrypts the plaintext with an encryption program using an algorithm different from that related to encryption of the ciphertext before decryption and stores it in the storage means. For this reason, even if the encryption key and encryption algorithm or decryption algorithm leak once, all ciphertext stored in the storage means with a different encryption key and encryption algorithm is periodically re-encrypted. There is an effect that it is possible to prevent long-term and continuous leakage of all ciphertexts due to leakage of keys and encryption algorithms.

  According to the configuration of the second aspect, since “the encryption key, the encryption program, and the decryption program stored in the storage means are respectively encrypted”, the ciphertext is decrypted. There is an effect that it is possible to prevent leakage of secret information and thus to prevent leakage of ciphertext.

  According to the configuration of the third aspect, “the processing means further decrypts the ciphertext and re-encrypts the plaintext with the encryption key and the encryption program that are different for each plaintext”. Even if one encryption key and an encryption algorithm or a decryption algorithm leak, it is impossible to decrypt all the ciphertexts, so that it is possible to prevent leakage of ciphertexts.

  According to the configuration of the fourth aspect, “the processing means further decrypts the ciphertext and edits the plaintext, and then uses an algorithm different from that relating to the ciphertext encryption. The plaintext decrypted with the encryption key different from the program is re-encrypted and stored in the storage means ". Therefore, the decrypted plaintext is the one before decryption other than the regular timing as in the first aspect. The data is re-encrypted with a different encryption key and encryption algorithm, and there is an effect that data confidentiality can be improved.

  According to the configuration of the fifth aspect, “the right to execute processing is assigned to the task assigned the highest priority among the plurality of tasks including the re-encryption task of the processing means. The operating system having a task management function is stored, and the re-encryption task is given the lowest priority among the plurality of tasks ”, so that the processing speed of the main function of the information processing apparatus is There exists an effect that it can prevent that it falls.

  According to the configuration of the sixth aspect, “the communication means and the communication path are connected to the host computer, and the encryption program and the corresponding decryption program are downloaded from the host computer to the storage means and updated. Therefore, even if the encryption algorithm or decryption algorithm before downloading leaks, the ciphertext is re-encrypted by the updated encryption algorithm by the processing means, and the long-term of all ciphertexts due to the leakage of the encryption algorithm In addition, there is an effect that continuous leakage can be prevented.

  Other objects, configurations and effects of the present invention will become apparent from the following description.

  FIG. 1 is a schematic block diagram illustrating a hardware configuration of the image forming apparatus according to the first embodiment of the present invention.

  In the image forming apparatus 10, an EEPROM 13 E 1, EEPROM 13 E 2, DRAM 13 D, HDD 14, operation panel 15, scanner 16 S, printer 16 P, NIC 17, facsimile modem 18, and compression / decompression ASIC 19 are coupled to the MPU 11 via an interface 12. In FIG. 1, a plurality of interfaces are shown as one block for simplification.

  The EEPROMs 13E1 and 13E2 are, for example, flash memories. The EEPROM 13E1 stores BIOS (Basic Input Output System). The EEPROM 13E2 stores an OS (Operating System) 21, various programs that operate on the OS 21 and include the re-encryption program 22 according to the present invention, various device drivers, and various setting values.

  In addition, the EEPROM 13E2 is different from a plurality of encryption keys 23 having different key information and a plurality of encryption modules 24 using different encryption algorithms, which are respectively used in the re-encryption program 22. A plurality of decryption modules 25 using a decryption algorithm are encrypted and stored. In the first embodiment, a common key encryption method is adopted, and encryption and decryption are performed using a common encryption key.

  The DRAM 13D is for a work area, and the HDD 14 is for data file storage. Here, all the files stored in the HDD 14 are encrypted (hereinafter, these files are referred to as the ciphertext file 100). When the ciphertext file 100 is edited, the MPU 11 reads a predetermined program on the DRAM 13D. , The ciphertext file 100 is decrypted, and after this editing, the ciphertext file 100 is encrypted with the same encryption key and encryption algorithm as those related to the ciphertext file 100 before decryption, and stored in the HDD 14 again. Since this detailed description is disclosed in the above-mentioned Patent Document 1, it will be omitted.

  FIG. 2 is an explanatory diagram of the contents of the ciphertext file 100. In the ciphertext file 100, unencrypted header information 102 is added to ciphertext data 101 obtained by encrypting plaintext data. The header information 102 is used by the re-encryption program 22 in units of 4 bits, and each includes a plurality of keys or encryption key identification information 103 that can specify one of the modules 24 to 25, and an encryption module identification. Information 104 and decryption module identification information 105 are included.

  The operation panel 15 is used for inputting a setting value or an instruction and displaying a setting screen or a state. In the first embodiment, a case where the operation panel 15 is configured by a combination of a touch panel and hardware keys will be described.

  The scanner 16S is used for image input in scanning, copying, and fax transmission. The printer 16P includes a print engine, a fixing device, a paper feed unit, a conveyance unit, and a paper discharge unit, and forms an electrostatic latent image on a photosensitive drum of the print engine based on bitmap data developed on the DRAM 13D. This is developed with toner, transferred to a sheet, fixed, and discharged.

  The NIC 17 can communicate with a host computer (not shown) on the communication path 20 and is used to receive the encryption and decryption modules 24 and 25 from this computer. The facsimile modem 18 is for facsimile transmission / reception.

  The compression / decompression ASIC 19 is used as a coprocessor of the MPU 11.

  The communication path 20 is, for example, a network cable such as the Internet, LAN, or WAN, or wireless, or a serial interface or parallel interface.

  The OS 21 is, for example, Linux (registered trademark), and uses the MPU 11 to start a task having a plurality of independent processing operations, and assigns an execution right to the task assigned the highest priority among these tasks. A task management function is provided. The processing operation of the re-encryption program 22 is one of the above tasks, and the lowest priority is assigned among all the tasks. This is to prevent the processing speed of the main function such as the print function of the image forming apparatus 10 from being lowered by the process of the re-encryption program 22.

  The re-encryption program 22 includes a plurality of modules such as the modules 24 to 25, an encryption key 23 and a reference table to be referred to in order to use the modules 24 to 25, an encryption key 23 and the modules 24 to 25. An encryption key for decrypting and re-encrypting, an encryption program using a predetermined encryption algorithm, and a decryption program using a predetermined decryption algorithm. The re-encryption program 22 is executed by the MPU 11 periodically, for example, every day, by the task management function of the OS 21, and uses the encryption key 23, the modules 24 to 25, and the reference table as needed. Re-encrypt.

  FIG. 3 is an explanatory diagram of a reference table referred to by the re-encryption program 22. FIG. 3A is an explanatory diagram of an encryption key reference table 200 having a plurality of encryption key identification information 103 and a plurality of pointers indicating the start addresses of the encryption keys 23 stored in the EEPROM 13E2. FIG. 3B is an explanatory diagram of the encryption module reference table 201 having a plurality of encryption module identification information 104 and a plurality of pointers indicating the start addresses of the encryption modules 24 stored in the EEPROM 13E2. FIG. 3C is an explanatory diagram of a decoding module reference table 202 having a plurality of decoding module identification information 105 and a plurality of pointers indicating start addresses of the decoding modules 25 stored in the EEPROM 13E2.

  Hereinafter, the operation of the re-encryption program 22 executed periodically will be described. FIG. 4 is a flowchart of the operation of the re-encryption program 22.

  The re-encryption program 22, the MPU 11, and the EEPROM 13E2 serve as “processing means” for re-encryption in the present invention. However, a separate MPU or memory may be provided for the “processing means”. In the following, the step identification codes in FIG. 4 are shown in parentheses.

  (S1, S7) The following steps S2 to S6 are repeated several times so that all ciphertext files 100 stored in the HDD 14 are processed.

  (S2) One ciphertext file 100 is read from the HDD 14 onto the DRAM 13D.

  (S3) The header information 102 of the read ciphertext file 100 is acquired, and a plurality of encryption keys are obtained by referring to the encryption key reference table 200 shown in FIG. One of the 23 pointers is determined, and one of the pointers of the plurality of decoding modules 25 is determined by referring to the decoding module reference table 202 shown in FIG. To decide.

  (S4) First, since the encryption key 23 and the decryption module 25 indicated by the determined pointer are encrypted, the encryption key and the decryption algorithm recorded in the re-encryption program 22 itself are used. The encryption key 23 and the decryption module 25 indicated by the pointer are decrypted with the program. Thereafter, the ciphertext data 101 of the ciphertext file 100 is decrypted by using the encryption key 23 and the decryption module 25 obtained by decryption. Further, the used key 23 and the module 25 are re-encrypted with an encryption key other than these and a program using an encryption algorithm and an encryption algorithm recorded in the re-encryption program 22 itself.

  (S5) Refer to the encryption key reference table 200 shown in FIG. 3A based on the encryption key identification information 103 of the acquired header information 102 for use in re-encrypting the plaintext data obtained by decryption. One pointer indicating the encryption key 23 that is different for each ciphertext file 100 and different from that corresponding to the encryption key identification information 103 is determined, and based on the encryption module identification information 104, FIG. The pointer indicating the encryption module 24 using an encryption algorithm that is different for each ciphertext file 100 and different from that corresponding to the encryption module identification information 104, with reference to the encryption module reference table 201 shown in FIG. Determine one.

  (S6) First, since the encryption key 23 and the encryption module 24 indicated by the determined pointer are encrypted, the encryption key and the decryption algorithm recorded in the re-encryption program 22 itself other than these are used. The encryption key 23 and the encryption module 24 indicated by the pointer are decrypted with the program used. Thereafter, the plaintext data obtained by decrypting the ciphertext data 100 is re-encrypted using the encryption key 23 obtained by the decryption and the encryption module 24. Further, the used key 23 and the module 24 are re-encrypted with a program using an encryption key and an encryption algorithm other than these and recorded in the re-encryption program 22 itself. Furthermore, identification information 103 to 105 of the decryption module 25 corresponding to the encryption key 23 and the encryption module 24 used at the time of re-encryption is added as header information 102 to the ciphertext data 101 obtained by re-encryption. Thus, the ciphertext file 100 is obtained.

  (S8) It is determined whether, for example, one month has passed since the encryption key 23 and the modules 24 to 25 were updated. If the determination is affirmative, the process proceeds to the next step, and if the determination is negative, the process ends.

  (S9) The encryption key 23 and the modules 24 to 25 are updated. Specifically, the encryption key 23 is updated by randomly generating the bit information at random, and the encryption module 24 and the decryption module 25 are downloaded from the host computer (not shown) via the NIC 17 and the communication path 20. Updated by However, the encryption key 23 and the decryption module 25 necessary for decrypting the ciphertext file 100 obtained by re-encryption are not erased but are stored in the EEPROM 13E2. Each of the reference tables 200 to 202 does not need to be updated because the pointer is recorded and the module name is not recorded.

  According to the first embodiment, all the ciphertext files 100 stored in the HDD 14 periodically by the re-encryption program 22 are different for each ciphertext file 100 and are related to the encryption of the ciphertext file 100. Re-encryption is sequentially performed using an encryption key 23 and an encryption module 25 different from those. For this reason, even if the encryption key 23 and the encryption module 24 or the decryption module 25 leak once, all ciphertext files are periodically re-encrypted with different encryption keys and encryption modules. It is possible to prevent long-term and continuous leakage of all ciphertext files due to the leakage of the encryption algorithm.

  In addition, Example 1 of this invention mentioned above is an illustration for description of this invention, and is not the meaning which limits the scope of the present invention only to those Examples. Various modifications can be made to the present invention without departing from the gist thereof. Hereinafter, some of the modifications will be exemplified.

  In the first embodiment, when the ciphertext file 100 is edited, a program using the same encryption key and the same encryption algorithm as those related to the encryption of the ciphertext 100 as in Patent Document 1 above. However, after the editing, the re-encryption program 22 may be started and steps S5 to S9 shown in FIG. 4 may be executed.

  Further, although a common key is used for encryption and decryption as an encryption key, separate keys may be used for encryption and decryption as in the public key cryptosystem.

  Furthermore, the apparatus to which the present invention is applied is not limited to the image forming apparatus 10 described in the first embodiment, and may be any information processing apparatus that requires data encryption. For example, an information processing apparatus such as a personal computer or a mobile phone can be used.

  Furthermore, the storage means for storing the ciphertext file 100 is not limited to the HDD 14 described above, and may be other storage means such as the EEPROM 13E2 shown in FIG. 1 or a USB memory (not shown). Further, the unit of the ciphertext data 101 and the unit of the file are not necessary, and the unit of data of a predetermined number of bits may be used.

  Further, a part of the re-encryption process in the first embodiment can be realized by a dedicated hardware circuit.

  Further, the re-encryption program 22 may be provided by a computer-readable recording medium such as a flexible disk or a CD-ROM, or may be provided online via a network such as the Internet. In this case, the program recorded on the computer-readable recording medium is normally transferred to and stored in storage means such as the EEPROM 13E2.

  Furthermore, the image forming apparatus 10 may include components other than the components described above, or may not include some of the components described above.

1 is a schematic block diagram illustrating a hardware configuration of an image forming apparatus according to Embodiment 1 of the present invention. It is content explanatory drawing of a ciphertext file. It is explanatory drawing of the reference table which the re-encryption program shown in FIG. 1 refers. (A) is explanatory drawing of the encryption key reference table which has several encryption key identification information and several pointers which show the head address of the encryption key stored in EEPROM shown in FIG. (B) is an explanatory diagram of an encryption module reference table having a plurality of encryption module identification information and a plurality of pointers indicating the start addresses of the encryption modules stored in the EEPROM shown in FIG. (C) is an explanatory diagram of a decoding module reference table having a plurality of decoding module identification information and a plurality of pointers indicating the start addresses of the decoding modules stored in the EEPROM shown in FIG. It is a flowchart of operation | movement of a re-encryption program.

Explanation of symbols

10 Image forming apparatus 11 MPU
12 interface 13E1 EEPROM
13E2 EEPROM
13D DRAM
14 HDD
15 Operation panel 16S Scanner 16P Printer 17 NIC
18 Facsimile modem 19 Compression / decompression ASIC
20 Communication channel 21 OS
22 re-encryption program 23 encryption key 24 encryption module 25 decryption module 100 ciphertext file 101 ciphertext data 102 header information 103 encryption key identification information 104 encryption module identification information 105 decryption module identification information 200 encryption key reference table 201 encryption Module reference table 202 Decryption module reference table

Claims (7)

In an information processing apparatus comprising storage means for storing a ciphertext obtained by encrypting plaintext, and processing means for decrypting the ciphertext and editing the plaintext and then re-encrypting the plaintext,
The storage means stores a plurality of mutually different encryption keys, encryption programs, and decryption programs,
The processing means periodically controls the storage means to sequentially read out the ciphertexts stored therein, decrypts them based on the corresponding decryption program, and decrypts the plaintext before decryption. Re-encrypt with an encryption program using an algorithm different from that related to encryption of ciphertext and an encryption key different from the encryption program, and store in the storage means;
An information processing apparatus characterized by that. The encryption key, the encryption program, and the decryption program stored in the storage means are each encrypted.
The processing means further controls the storage means at the time of re-encrypting the ciphertext, reads and decrypts the encryption key to be used, the encryption program and the decryption program, and uses them The information processing apparatus according to claim 1, wherein re-encryption is performed.   The information according to claim 1 or 2, wherein the processing means further decrypts the ciphertext and re-encrypts the plaintext with the encryption key and the encryption program that are different for each plaintext. Processing equipment.   The processing means is further configured to decrypt the ciphertext and edit the plaintext, and then decrypt the ciphertext with an encryption program using an algorithm different from that related to encryption of the ciphertext and a different encryption key. 4. The information processing apparatus according to claim 1, wherein the plaintext is re-encrypted and stored in the storage unit. The storage means further includes an operating system having a task management function that gives a right to execute processing to a task assigned the highest priority among a plurality of tasks including a re-encryption task of the processing means. Stored,
5. The information processing apparatus according to claim 1, wherein the re-encryption task is given the lowest priority among the plurality of tasks. Further comprising communication means coupled to the communication path;
The processing means is further connected to a host computer via the communication means and the communication path, and downloads and updates the encryption program and the corresponding decryption program from the host computer to the storage means.
The information processing apparatus according to claim 1, wherein the information processing apparatus is an information processing apparatus.   The information processing apparatus according to claim 1, wherein the information processing apparatus is an image forming apparatus.

Images