Information processing device, information processing system, and program

US 20060018484A1
Filed: 07/28/2005
Published: 01/26/2006
Est. Priority Date: 09/30/2003
Status: Active Grant

First Claim

Patent Images

1. An information processing device, comprising:

encryption information storage means for storing encryption information in which a folder or a file is associated with identification information of a corresponding encryption key;

encryption key decision means for deciding, when a request to save data in the folder or the file has been issued from a user, whether or not an encryption key corresponding to the request target data is included in an encryption key which can be used by the user based on the encryption information stored in the encryption information storage means;

data encryption means for encrypting the request target data using the encryption key corresponding to the data when the encryption key decision means has decided “

yes”

;

nonvolatile storage means for storing the save target data; and

write means for writing the data encrypted by the data encryption means in the nonvolatile storage means.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides an information processing device, an information processing system, and a program capable of improving security and convenience. An information processing system (1) includes an IC card (30) which stores an encryption key and a registered password and allows the encryption key to be read when the IC card (30) has authenticated the user as an authorized user based on the registered password, and an information processing device (10) which stores folder information in which the folder name, path, and hash value of the encryption key are associated, when a request to save data in the folder has been issued from the user, decides whether or not an encryption key corresponding to the folder is included in the encryption key read from the IC card (30) based on the folder information, encrypts the request target data using the corresponding encryption key when the information processing device (10) has decided “YES”, and stores the encrypted data.

61 Citations

View as Search Results

23 Claims

1. An information processing device, comprising:
- encryption information storage means for storing encryption information in which a folder or a file is associated with identification information of a corresponding encryption key;
  
  encryption key decision means for deciding, when a request to save data in the folder or the file has been issued from a user, whether or not an encryption key corresponding to the request target data is included in an encryption key which can be used by the user based on the encryption information stored in the encryption information storage means;
  
  data encryption means for encrypting the request target data using the encryption key corresponding to the data when the encryption key decision means has decided “
  
  yes”
  
  ;
  
  nonvolatile storage means for storing the save target data; and
  
  write means for writing the data encrypted by the data encryption means in the nonvolatile storage means.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The information processing device as defined in claim 1, wherein the data encryption means performs encryption which does not cause a data size to be changed before and after encryption and/or encryption which does not rewrite attribute information of the folder or the file.
  - 3. The information processing device as defined in claim 1, wherein, when a request to read data included in the folder or the file has been issued from a user, the encryption key decision means decides whether or not an encryption key corresponding to the request target data is included in an encryption key which can be used by the user based on the encryption information stored in the encryption information storage means;
    - the information processing device comprising;
      
      read means for reading the request target data stored in the nonvolatile storage means when the encryption key decision means has decided “
      
      YES”
      
      ; and
      
      data decryption means for decrypting the data read by the read means using the corresponding encryption key.
  - 4. The information processing device as defined in claim 1, wherein the encryption information storage means stores the encryption information in which a folder or a file designated by a user is associated with identification information of an encryption key which can be used by the user according to instructions from the user.
  - 5. The information processing device as defined in claim 1, wherein the encryption information storage means stores the encryption information in which identification information of the folder or the file is associated with encryption key identification information including a hash value of the encryption key.
  - 6. The information processing device as defined in claim 1, wherein the data encryption means and/or the data decryption means encrypts or decrypts only data having a predetermined attribute.
  - 7. The information processing device as defined in claim 1, comprising:
    - time acquisition means;
      
      wherein the encryption information storage means stores the encryption information in which the folder or the file, the identification information of the corresponding encryption key, and corresponding time information are associated;
      
      the information processing device comprising;
      
      time decision means for deciding, when a save request or a read request has been issued from a user, whether or not to respond to the request based on time indicated by the time acquisition means and time information corresponding to the request target data stored in the encryption information storage means.
  - 8. The information processing device as defined in claim 7, wherein the encryption information storage means stores the encryption information in which time information corresponding to an attribute of the folder or the file is associated with the folder or the file.
  - 9. The information processing device as defined in claim 1, wherein, when a request to save data of a file in an open state has been issued, the data encryption means encrypts the file using a corresponding encryption key only when the save request is a save request upon completion of editing of the file.
  - 10. The information processing device as defined in claim 1, wherein the data encryption means encrypts only a file designated by a user in advance and/or a file in a folder designated by a user in advance.
  - 11. An information processing system, comprising:
    - the information processing device as defined in claim 1;
      
      and a portable information storage medium which stores an encryption key including a personal key and/or a group key or an element of the encryption key;
      
      wherein the information processing device includes external read means for reading information stored in the portable information storage medium; and
      
      wherein, when a save request or a read request has been issued, the encryption key decision means of the information processing device decides whether or not an encryption key or an element corresponding to the request target data is included in the encryption key or the element read by the external read means from the portable information storage medium based on the encryption information stored in the encryption information storage means.
  - 12. The information processing system as defined in claim 11, wherein the portable information storage medium stores authentication information for authenticating an authorized user, includes authentication decision means for deciding whether or not to authenticate a user as the authorized user based on the authentication information and user input information input from the information processing device, and allows the external read means of the information processing device to read the encryption key or the element stored in the portable information storage medium when the authentication decision means has decided “
    - YES”
      
      .
  - 13. The information processing system as defined in claim 11, wherein the portable information storage medium stores device identification information for identifying the information processing device, and allows the encryption key or the element to be read when a request is issued from the information processing device indicated by the device identification information.
  - 14. An information processing system, comprising:
    - the information processing device as defined in claim 1;
      
      and a key management device which includes authentication information storage means for storing authentication information for authenticating an authorized user, authentication decision means for deciding whether or not to authenticate a user as the authorized user based on the authentication information stored in the authentication information storage means and user input information received from the information processing device, encryption key storage means for storing an encryption key including a personal key and/or a group key or an element of the encryption key which can be used by the authorized user decided by the authentication decision means, and transmission means for transmitting the encryption key or the element to the information processing device when the authentication decision means has decided “
      
      YES”
      
      , and is connected with the information processing device through a communication line;
      
      wherein the information processing device includes transmission means for transmitting the user input information to the key management device, and reception means for receiving the encryption key or the element which can be used by the authorized user authenticated by the authentication decision means of the key management device based on the user input information from the key management device; and
      
      wherein, when a save request or a read request has been issued, the encryption key decision means of the information processing device decides whether or not an encryption key or an element corresponding to the request target data is included in the encryption key or the element received by the reception means from the key management device based on the encryption information stored in the encryption information storage means.
  - 15. The information processing system as defined in claim 14, wherein the encryption key storage means of the key management device stores device identification information for identifying the information processing device while associating the device identification information with the encryption key or the element, and the transmission means transmits the encryption key or the element only to the information processing device indicated by the device identification information corresponding to the encryption key or the element.
  - 16. The information processing system as defined in claim 11, wherein the information processing device does not respond to a save request and/or a read request from a user when a communication path with an external device other than a predetermined external device including the portable information storage medium or the key management device which has provided the encryption key or the element is established.
  - 17. The information processing system as defined in claim 11, wherein the information processing device includes encryption key deletion means for deleting the encryption key and/or the element provided from the portable information storage medium or the key management device and stored in the information processing device when a communication path with the portable information storage medium or the key management device is disabled.
  - 18. The information processing system as defined in claim 11, wherein the portable information storage medium or the key management device stores device identification information for identifying the information processing device while associating the device identification information with the encryption key or the element;
    - and wherein the information processing device includes device identification information decision means for deciding whether or not to respond to a save request or a read request from a user based on the device identification information read by the external read means from the portable information storage medium or the device identification information received from the key management device and corresponding to the encryption key or the element received by the reception means from the key management device.

19. A program for execution by an information processing device, the information processing device including encryption information storage means for storing encryption information in which a folder or a file is associated with identification information of a corresponding encryption key, and nonvolatile storage means for storing save target data, and performing processing according to an application program, the program comprising:
- a first decision procedure for deciding, when a request to write data into the folder or the file has been issued from the application program, whether or not an encryption key corresponding to the request target data is included in an encryption key which can be used by a user based on the encryption information stored in the encryption information storage means;
  
  a data encryption procedure for encrypting the request target data using the encryption key corresponding to the data when “
  
  YES”
  
  in the first decision procedure; and
  
  a write procedure for writing the data encrypted in the data encryption procedure into the nonvolatile storage means.
- View Dependent Claims (20, 21, 22, 23)
- - 20. The program as defined in claim 19, comprising:
    - a second decision procedure for deciding, when a request to read data included in the folder or the file has been issued from the application program, whether or not an encryption key corresponding to the request target data is included in an encryption key which can be used by the user based on the encryption information stored in the encryption information storage means;
      
      a read procedure for reading the request target data stored in the nonvolatile storage means when “
      
      YES”
      
      in the second decision procedure; and
      
      a data decryption procedure for decrypting the data read in the read procedure using the corresponding encryption key.
  - 21. The program as defined in claim 19, wherein the first and/or second decision procedure decides whether or not an encryption key or an element of the encryption key corresponding to the request target data is included in an encryption key or an element of the encryption key which can be used by an authorized user input from an external device which has authenticated the user as the authorized user.
  - 22. The program as defined in claim 19, wherein, when a write request for a file in an open state has been issued from the application program, the data encryption procedure encrypts the file using the corresponding encryption key only when the write request is a save request upon completion of editing of the file.
  - 23. The program as defined in claim 19, wherein the data encryption procedure encrypts only a file designated by a user in advance and/or a file in a folder designated by a user in advance.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dai Nippon Printing Company Limited
Original Assignee
Dai Nippon Printing Company Limited
Inventors
Satoshi, Nakamura, Ichiro, Ozeki, Yoshihiro, Yano, Kaoru, Ishihira

Granted Patent

US 8,918,633 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/277
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 21/6218   to a system of files or obj...

G06F 2221/2153   Using hardware token as a s...

Information processing device, information processing system, and program

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

61 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Information processing device, information processing system, and program

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

61 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links