Personal Information Management Device, Distributed Key Storage Device, and Personal Information Management System

US 20070239615A1
Filed: 04/22/2005
Published: 10/11/2007
Est. Priority Date: 04/23/2004
Status: Abandoned Application

First Claim

Patent Images

1. A personal information management device that manages personal information, comprising:

an information storage unit storing the personal information in encrypted form;

a distributed key storage unit storing a first distributed key, where the first distributed key and a second distributed key are distributed from a decryption key based on a secret sharing scheme;

a link judgment unit operable to judge whether communication is possible with a distributed key storage device storing the second distributed key;

an acquisition unit operable to, when the communication is possible, acquire the second distributed key from the distributed key storage device;

a decryption key recovering unit operable to recover the decryption key using the first and the second distributed keys based on the secret sharing scheme; and

a decryption unit operable to decrypt the encrypted personal information using the recovered decryption key.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A personal information management device aims to save troubles of inputting passwords and deleting personal information, to prevent others from viewing the personal information, and to maintain confidentiality of the personal information even when a mobile device is lost. Personal information storage unit 201 holds encrypted personal information, key distribution unit 204 distributes a decryption key used for decrypting the encrypted personal information into a first and a second distributed keys based on a secret sharing scheme, distributed key storage unit 205 stores thereon the first distributed key, stores the second distributed key on home device 30, and deletes the decryption key. Upon decryption, link judgment unit 210 judges link establishment. Key recovery unit 207 acquires the second distributed key from home device 30, and recovers the decryption key using the first and the second distributed keys. Decryption unit 208 decrypts the encrypted personal information using the decryption key.

46 Citations

View as Search Results

20 Claims

1. A personal information management device that manages personal information, comprising:
- an information storage unit storing the personal information in encrypted form;
  
  a distributed key storage unit storing a first distributed key, where the first distributed key and a second distributed key are distributed from a decryption key based on a secret sharing scheme;
  
  a link judgment unit operable to judge whether communication is possible with a distributed key storage device storing the second distributed key;
  
  an acquisition unit operable to, when the communication is possible, acquire the second distributed key from the distributed key storage device;
  
  a decryption key recovering unit operable to recover the decryption key using the first and the second distributed keys based on the secret sharing scheme; and
  
  a decryption unit operable to decrypt the encrypted personal information using the recovered decryption key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The personal information management device of claim 1, wherein the link judgment unit includes:
    - a link request unit operable to transmit a link request to the distributed key storage device within a predetermined communication range;
      
      a link response receiving unit operable to receive a response to the link request from the distributed key storage device; and
      
      a determination unit operable to, when the response is received, determine that the communication is possible with the distributed key storage device.
  - 3. The personal information management device of claim 1, wherein the distributed key storage device is disposed in a specified position, and transmits a packet to the personal information management device within a predetermined communication range at a predetermined time interval, and the link judgment unit includes:
    - a packet receiving unit operable to receive the packet; and
      
      a determination unit operable to, when the packet is received, determine that the communication is possible with the distributed key storage device.
  - 4. The personal information management device of claim 1, wherein the distributed key storage device holds judgment information for the link judgment unit to judge whether the communication is possible, and the link judgment unit includes:
    - a reading unit operable to read the judgment information held in the distributed key storage device within a predetermined communication range; and
      
      a determination unit operable to, when the judgment information is read, determine that the communication is possible.
  - 5. The personal information management device of claim 4, wherein the distributed key storage device is an IC tag attached to a belonging of a user of the personal information management device, and the reading unit reads the judgment information held in the IC tag within a wireless access range.
  - 6. The personal information management device of claim 1, wherein the link judgment unit includes:
    - an address storage unit storing an IP address of the personal information management device;
      
      an address acquisition unit operable to acquire an IP address of the distributed key storage device;
      
      an address judgment unit operable to judge whether the IP address of the personal information management device and the IP address of the distributed key storage device belong to a same subnetwork; and
      
      a determination unit operable to, when the judgment is affirmative, determine that the communication is possible with the distributed key storage device.
  - 7. The personal information management device of claim 1, wherein the link judgment unit, after judging that the communication is possible with the distributed key storage device, further periodically judges whether the communication is possible, and the personal information management device further comprises a deletion unit operable to, when the communication is impossible, delete the decryption key recovered by the decryption key recovering unit and the personal information decrypted by the decryption unit.
  - 8. The personal information management device of claim 1 further comprising:
    - a distributed key generation unit operable to distribute the decryption key into the first and the second distributed keys based on the secret sharing scheme, and delete the decryption key;
      
      a distributed key transmission unit operable to transmit the second distributed key to the distributed key storage device; and
      
      a writing unit operable to store the first distributed key on the distributed key storage unit.
  - 9. The personal information management device of claim 1 further comprising:
    - a distributed key receiving unit operable to receive the first distributed key; and
      
      a writing unit operable to store the received first distributed key on the distributed key storage unit.
  - 10. The personal information management device of claim 1, wherein the information storage unit further stores encrypted additional personal information, the personal information management device further comprises:
    - an additional distributed key storage unit storing one of n additional distributed keys distributed from an additional decryption key based on a (k,n) threshold secret sharing scheme;
      
      an additional link judgment unit operable to judge whether each communication is possible with (n-1) additional distributed key storage devices each storing any one of (n-1) additional distributed keys that are mutually different other than the one additional distributed key;
      
      an additional acquisition unit operable to, when the communication is possible with no less than (k-1) additional distributed key storage devices, acquire an additional distributed key from each of the (k-1) additional distributed key storage devices;
      
      an additional decryption key recovering unit operable to recover the additional decryption key using the (k-1) additional distributed keys and the one additional distributed key based on the (k,n) threshold secret sharing scheme; and
      
      an additional decryption unit operable to decrypt the encrypted additional personal information using the recovered additional decryption key.

11. A distributed key storage device that manages a distributed key generated based on a secret sharing scheme, comprising:
- a distributed key storage unit storing a first distributed key, where the first distributed key and a second distributed key are distributed from a decryption key used for decrypting encrypted personal information based on a secret sharing scheme;
  
  a communication unit operable to communicate, such that a personal information management device storing the encrypted personal information judges whether communication is possible; and
  
  a transmission unit operable to transmit the first distributed key to the personal information management device.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The distributed key storage device of claim 11, wherein the communication unit includes:
    - a request receiving unit operable to receive a link request from the personal information management device; and
      
      a response transmission unit operable to transmit a response to the link request.
  - 13. The distributed key storage device of claim 11, being disposed in a specified position, wherein the communication unit transmits a packet to the personal information management device within a predetermined communication range at a predetermined time interval.
  - 14. The distributed key storage device of claim 11, holding judgment information for the communication unit to judge whether the communication is possible, wherein the communication unit transmits the judgment information to the personal information management device within a predetermined communication range.
  - 15. The distributed key storage device of claim 14, being an IC tag attached to a belonging of a user of the personal information management device, wherein the communication unit transmits the judgment information to the personal information management device within a wireless access range.

16. A personal information management system including a personal information management device that manages personal information and a distributed key storage device, the distributed key storage device comprising:
- a first distributed key storage unit storing a first distributed key, where the first distributed key and a second distributed key are distributed from a decryption key based on a secret sharing scheme;
  
  a first link judgment unit operable to judge whether communication is possible with the personal information management device; and
  
  a transmission unit operable to, when the communication is possible with the personal information management device, transfer the first distributed key to the personal information management device, the personal information management device comprising;
  
  a information storage unit storing the encrypted personal information;
  
  a second distributed key storage unit storing the second distributed key;
  
  a second link judgment unit operable to judge whether communication is possible with the distributed key storage device;
  
  an acquisition unit operable to, when the communication is possible with the distributed key storage device, acquire the first distributed key from the distributed key storage device;
  
  a decryption key recovering unit operable to recover the decryption key using the first and the second distributed keys based on the secret sharing scheme; and
  
  a decryption unit operable to decrypt the encrypted personal information using the recovered decryption key.

17. A personal information management method used in a personal information management device storing encrypted personal information and a first distributed key, where the first distributed key and a second distributed key are distributed from a decryption key based on a secret sharing scheme, the personal information management method comprising steps of:
- judging a link whether communication is possible with a distributed key storage device storing the second distributed key;
  
  acquiring, when the communication is possible, the second distributed key from the distributed key storage unit;
  
  recovering the decryption key using the first and the second distributed keys based on the secret sharing scheme; and
  
  decrypting the encrypted personal information using the recovered decryption key.

18. A computer program used in a personal information management device storing encrypted personal information and a first distributed key, where the first distributed key and a second distributed key are distributed from a decryption key based on a secret sharing scheme, the computer program comprising steps of:
- judging a link whether communication is possible with a distributed key storage device storing the second distributed key;
  
  acquiring, when the communication is possible, the second distributed key from the distributed key storage unit;
  
  recovering the decryption key using the first and the second distributed keys based on the secret sharing scheme; and
  
  decrypting the encrypted personal information using the recovered decryption key.
- View Dependent Claims (19)
- - 19. A storage medium storing the computer program of claim 18.

20. An integrated circuit that manages personal information, comprising:
- an information storage unit storing the personal information in encrypted form;
  
  a distributed key storage unit storing a first distributed key, where the first distributed key and a second distributed key are distributed from a decryption key based on a secret sharing scheme;
  
  a link judgment unit operable to judge whether communication is possible with a distributed key storage device storing the second distributed key;
  
  an acquisition unit operable to, when the communication is possible, acquire the second distributed key from the distributed key storage device;
  
  a decryption key recovering unit operable to recover the decryption key using the first and the second distributed keys based on the secret sharing scheme; and
  
  a decryption unit operable to decrypt the encrypted personal information using the recovered decryption key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Panasonic Corporation (Panasonic Holdings Corporation)
Original Assignee
Panasonic Corporation (Panasonic Holdings Corporation)
Inventors
Yokota, Kaoru, Matsuzaki, Natsume, Nonaka, Masao, Nakahara, Tohru, Inoue, Mitsuhiro, Higashi, Akio

Application Number

US11/578,787
Publication Number

US 20070239615A1
Time in Patent Office

Days
Field of Search
US Class Current

705/55
CPC Class Codes

G06K 19/07749   the record carrier being ca...

H04L 2209/60   Digital content management,...

H04L 2209/80   Wireless network architectu...

H04L 9/085   Secret sharing or secret sp...

H04L 9/0897   involving additional device...

Personal Information Management Device, Distributed Key Storage Device, and Personal Information Management System

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

46 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Personal Information Management Device, Distributed Key Storage Device, and Personal Information Management System

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

46 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links