JP2001308844A - Storage medium storing encryption method and encryption program - Google Patents

Abstract

(57) [Summary] [PROBLEMS] To store a cryptographic method and a cryptographic program that allow a user to select the encryption strength, the encryption method, etc., and that are not abused by a malicious third party and do not cause processing delay. A storage medium is provided. According to the present invention, in a merchant connected to a server, a security item necessary for encrypted communication is set and notified to the server, the server holds the security item, and the server communicates with the client. When performing the encrypted communication in the above, the security items are applied to the data items input from the client, a program for the encrypted communication is selected and provided to the client, and the client and the server are selected based on the program for the encrypted communication. Encrypted communication is performed between them.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

The present invention relates to an encryption method and a storage medium storing an encryption program, and more particularly, to an encryption method in encryption communication between a client and a server and a storage medium storing the encryption program.

[0002]

2. Description of the Related Art Conventionally, as a technique for performing encrypted communication between a client and a server, SS
There are encryption methods such as L, DEL, and FEAL. In these general cryptosystems, the strength of the cryptography is always constant.

[0003] As the key information used in these encryption methods, a one-time method is generally used in which an encryption key valid only in one-time encryption is generated and used.

[0004]

However, in the above-mentioned conventional encryption method, since the strength of the encryption is constant, the user using the server cannot freely select the encryption method and strength. In addition, there is concern, and the encryption method and strength cannot be freely selected depending on the data, so that the technical aspect has priority over the needs of the user.

Further, the generation of key information by one-time encryption is good in terms of security because an encryption key is generated every time communication is performed, but has a problem that processing is delayed. As described above, if encryption methods using general SSL, DES, and FEAL are used, even if the strength is increased, the strengths of these encryption methods are easily leaked to the outside, so that an eavesdropper can easily do it. You can imagine how long it takes to thaw.

The present invention has been made in view of the above points, and enables a user to select an encryption strength, an encryption method, and the like, and does not abuse a malicious third party, and is not required to use a malicious third party. It is an object of the present invention to provide an encryption method and a storage medium storing an encryption program that do not cause processing delay due to multi-processing of encryption or the like.

[0007]

Means for Solving the Problems The present invention (claim 1) provides:
In an encryption method for performing encrypted communication between a client and a server, in a merchant connected to the server, a security item required for the encrypted communication is set, and the server is notified, and the server holds the security item. When an encrypted communication request is issued from a client, a security communication item is selected, an encrypted communication program is selected, the encrypted communication program is provided to the client, and when the server performs encrypted communication with the client, the client transmits the encrypted communication program to the client. Encrypted communication is performed between the client and server based on the encrypted communication program for the input data items.

According to the present invention (claim 2), when a security item is specified in a merchant, the number of data items obtained from the client, the encryption strength of each item, the encryption method of each item, and / or Specifies the timing for exchanging key information.

According to the present invention (claim 3), when specifying the encryption method, the encryption method is divided according to time or the encryption method is divided according to the number of times of processing.

According to the present invention (claim 4), when designating the timing of key exchange, the key is divided by time or the key is divided by the number of times of processing.

According to the present invention (claim 5), in the server,
For the held security items, at the time of encrypted communication with the client, exchange of a key and / or encryption method corresponding to the number of times of connection with the client for each data item, or time for each data item Exchange of the combined key and / or encryption method is performed.

According to a sixth aspect of the present invention, there is provided an encryption method for performing encrypted communication between a client and a server, wherein a merchant connected to the server sets security items necessary for the encrypted communication, Notifying the server, the server holds the security item, and when the server issues an encrypted communication request from the client, the server generates a unique key based on the merchant ID at least for at least the time, and provides the screen display information to be provided to the client. Along with this, a cryptographic communication program is provided to the client to establish cryptographic communication with the client, and the merchant changes the cryptographic strength and key based on the data item input from the client obtained from the server. Let it.

[0013] The present invention (claim 7) is a storage medium storing an encryption program mounted on a merchant connected to the server in an encryption communication system between the client and the server. It has an item setting process for setting security items, a transmission process for transmitting the security items to the server, and an update process for updating the security items as necessary.

According to the present invention (claim 8), the item setting process includes: an item number setting process for setting the number of items of data acquired from the client; a strength setting process for setting the encryption strength of each item; And a key setting process for designating the timing of exchanging key information.

The present invention (claim 9) includes, in the encryption system setting process, a process of dividing the encryption system according to time or dividing the encryption system according to the number of times of processing.

According to a tenth aspect of the present invention, in the key setting process, a key is divided according to time or a key is divided according to the number of times of processing.

According to the present invention (claim 11), in the updating process, there is provided a process for changing the encryption strength and the key based on the data item obtained from the server and input from the client.

According to the present invention (claim 12), in an encryption communication system between a client and a server, a storage medium storing an encryption program mounted on the server and obtained from a merchant connected to the own apparatus. When performing a cryptographic communication between the process of storing security items in the storage means and the client, the security items are applied to data items input from the client, a program for encrypted communication is selected, and And a cryptographic program selection process provided to the user.

According to a thirteenth aspect of the present invention, in an encryption communication system between a client and a server, a storage medium storing an encryption program mounted on the server is obtained from a merchant connected to the own apparatus. A process for storing security items in the storage means, and when a cryptographic communication request is issued from a client, at least a unique key is generated based on time, merchant ID, etc., and screen display information provided to the client,
A process of providing a cryptographic communication program to the client, and, when performing cryptographic communication between the client and the server, applying security items to data items input from the client and performing data specified by the client. Setting the strength for each item, selecting an encryption communication program, and providing it to the client.

According to the present invention (claim 14), for the security items held in the storage means, at the time of encrypted communication with the client, for each data item, a key corresponding to the number of times of connection with the client, and / or , Exchange of encryption method, or key and / or time according to each data item
Alternatively, it has a process of exchanging encryption methods.

As described above, in the present invention, the server receives settings (encryption method, strength, key expiration date) of security items and the like from the user, and performs encryption according to the settings from the user. , The strength of encryption, the timing of exchanging key information, and the like are determined, and even if the data to be handled is the same, the encryption method can be changed according to the handling timing.

In addition, even if a plurality of data are processed at the same timing, the encryption method and the strength are divided for each data, so that multiple encryption can be performed for each data item and the processing can be speeded up. .

Also, a person (merchant) who wants to acquire data can freely select an encryption method and strength according to the contents of the data.

Further, since it is possible to control the timing of exchanging key information, it is possible to prevent performance degradation due to key exchange.

[0025]

FIG. 1 shows a system configuration of the present invention.

The system shown in FIG.
0, a server 20, and a merchant (user) 30. The customer terminal 10 and the server 20 are connected via the Internet.

The customer terminal 10 has a communication unit 11,
The communication unit 11 issues an encrypted communication request to the server 20, acquires a program for encrypted communication such as JAVA from the server 20, and establishes encrypted communication.

The server 20 comprises a processing control unit 21, an encryption setting database 22, and a customer database 23.

The processing control section 21 has a function of sending an encryption program in response to an encryption communication request from the customer terminal 10 and accepts security item settings from the merchant 30. It has a function of storing the set contents and a function of exchanging keys and exchanging encryption methods in accordance with the settings of the merchant 30. In this exchange, a program (such as JAVA) for performing cryptographic communication is uploaded to the customer, and data exchange is performed using the program. The encryption communication program to be passed to the customer terminal 10 is
The encryption method and strength differ depending on each input item and time.

The encryption setting database 22 stores security item settings obtained from the merchant 30. The security items to be stored include: the number of data items obtained from the customer; the strength of encryption of each item; the method of encrypting each item; and the encryption method (DES, FEAL, etc.) is divided according to time.

The encryption method (DE
S, FEAL, etc.). -Key information exchange timing; keys are divided according to time.

The key is divided according to the number of times of processing. And so on.

The customer database 23 stores data items related to the customer on the GCI acquired from the customer terminal 10.

The information input from the customer terminal 10 is, for example, the following information. -Credit card information-Questionnaire information-Customer information The merchant (user) 30 has an item setting unit 31 and a setting information updating unit 32. The item setting unit 31 sets the number of data items acquired from the customer, the strength of encryption for each item, how to apply encryption for each item, the timing of key information exchange, and the like. As the setting of the encryption method for each item,
There are a setting method of dividing the encryption method (DES, FEAL, etc.) and strength according to time, and a setting method of dividing the encryption method (DES, FEAL, etc.) and strength according to the number of times of processing.

As the setting of the timing for exchanging key information, there are a setting method of dividing keys according to time and a method of dividing keys according to the number of times of processing.

The setting information updating unit 32 performs various updates on each item of information set by the item setting unit 31.

FIG. 2 is a diagram for explaining the operation of the present invention.

Step 101) First, merchant 3
At 0, security items and the like are set. The setting of security items performed by the merchant 30 sets the number of data items obtained from the customer, the strength of encryption of each item, the method of encryption (encryption method) for each item, the timing of key information exchange, and the like.

Step 102) The set contents of the set security items are transmitted to the server 20. Thereby, the server 20 stores the setting contents in the encryption setting database 22.

Step 103) Here, an encrypted communication request is issued from the customer terminal 10 to the server 20 via the Internet.

Step 104) The server 20 reads an encryption communication program (such as JAVA) from the encryption setting database 22 against the security item obtained from the merchant 30 in step 102, and
It is uploaded to the browser of the customer terminal 10 together with the GI. It is assumed that the encryption communication program to be read has a different encryption scheme and strength for each item input from the customer. Step 105) Thereby, the encrypted communication between the customer terminal 10 and the server 20 is established.

Step 106) In the customer terminal 10, an input screen is provided from the CGI, and the customer inputs necessary items to data items on the screen. For example, credit card information, questionnaire information, customer information, and the like are input. As a result, the data is sent to the server 10 based on the encryption method and strength setting for each data item set by the merchant.

Step 107) The customer terminal 10
The input data item is transmitted to the server 20.

Step 108) The server 20 stores the data items input by the customer in the customer database 2
3 is stored.

Step 109) When the cryptographic communication ends, the server 20 sets the merchant 30
The encryption setting is performed by exchanging the key and the encryption method according to the number of connections with the customer for each data item, or the key exchange and the encryption method according to the time for each data item. The database 22 is updated. Step 110) In the merchant 30, the contents of necessary items are updated in the same manner as in step 101, and the merchant 30 is notified to the server 20. Thereby, the contents of the encryption setting database 22 of the server 20 are updated.

[0046]

Embodiments of the present invention will be described below with reference to the drawings.

FIG. 3 is a diagram for explaining an encryption method according to one embodiment of the present invention.

The following operation will be described with reference to the sequence chart of FIG.

In the following description, the server 20 will be described as a server for credit settlement, and the merchant 30 will be described as a terminal in an institution that owns the server.

In the merchant 30, security items are set (step 101). The setting of the security item specifies the number of data items to be obtained from a customer who needs to be encrypted, and how to encrypt the data items. As the encryption method, an encryption method such as DES or FEAL is selected according to time and the number of times of processing. Also, the timing of key information exchange is specified.
As for the timing, the method of dividing the key by time,
There is a method of dividing keys according to the number of times of processing. Also, when setting security items or designating the timing of exchanging key information, the process numbers may be divided within the same time.

Next, the merchant 30 transmits the set security items to the settlement server 20 (step 102). Thereby, the settlement server 20 stores the security items in the encryption setting database 22.

Here, when the customer issues a cryptographic communication request (payment request) by CGI call (step 1).
03), a cryptographic communication program such as JAVA is read from the cryptographic setting database 22 and provided to the customer terminal 10 together with the CGI (step 104). Thereby, the encrypted communication is established between the customer terminal 10 and the settlement server 20 (Step 105).

Next, at the customer terminal 10, an input screen is displayed to the customer by the CGI, and the customer inputs data to the data items of the input screen (step 106). As the data, for example, data items / credit card information data items / questionnaire information data items / customer information are input.

In the above example of inputting data items, C
An example in which the customer inputs data items displayed by the GI (the importance is given by setting the merchant's security items) is shown.
The strength corresponding to each data item may be input by the customer. For example, when a doctor uploads data, there is a case where the data is transmitted with added strength (importance) due to confidentiality of the data to be transmitted.

When these data items are input and payment server 20 acquires the data via the network (step 107), the contents of the data items are stored in customer database 23 (step 108).

When the encrypted communication is completed, the settlement server 20
According to the setting of the merchant 30, exchange of a key and / or an encryption method according to the number of times of connection with the customer for each data item, or a key that is timed for each data item, and / or The encryption system is exchanged with the encryption setting database 22 (step 109).

The merchant 30 changes the settings of necessary items in the same manner as the setting of the security items performed in step 101, and sends the changed items to the settlement server 20 (step 110). Thereby, the settlement server 20
Then, the changed item is reflected in the encryption setting database 22.

In the processing of the settlement server 20 in the above step 104, when the customer terminal 10 issues a cryptographic communication request, a unique key is generated using the time, merchant ID, etc. May be provided together with a CGI or an encryption communication program provided to the user.

The customer terminal 10 in the above embodiment may be a personal computer, a mobile phone to which software such as JAVA can be uploaded, or a mobile terminal. In addition, the security item setting / updating operation in the merchant 30 and the operation in the payment server 20 are constructed as a program, and a disk device connected to the merchant or the payment server, a floppy disk,
The present invention can be easily realized by storing it in a portable storage medium such as a CD-ROM and installing it when implementing the present invention.

The present invention is not limited to the above-described embodiments, but can be variously modified and applied within the scope of the claims.

[0061]

As described above, according to the present invention, even if the data to be handled is the same, the encryption method and the strength are changed according to the timing, thereby making it harder for eavesdropping.

Even among a plurality of data processed at the same timing, the encryption method and the strength are separately handled for each data,
It is possible to prevent the eavesdropper from decrypting the data only by decompressing the data by acquiring the data and limiting the encryption method.

Further, since the encryption method and strength are divided for each data even in a plurality of data processed at the same timing, multi-encryption can be performed for each data item.
Processing can be speeded up.

Further, since the present invention is not a technology-advanced system such as simply “40 bits in SSL” as in the prior art, it is possible to freely select the data to be obtained according to the contents of the data. And strength can be selected.

Further, since the timing of exchanging key information can be controlled, it is possible to prevent the performance from being deteriorated due to key exchange.

Further, according to the present invention, the server provides the client side (customer terminal) with the cryptographic communication program corresponding to the security item set by the merchant at the time of use, thereby providing the client with the cryptographic communication program in advance. You do not need to have the program installed.

Further, the enhancement of encryption can be easily realized only by updating the program on the server.

[Brief description of the drawings]

FIG. 1 is a system configuration diagram of the present invention.

FIG. 2 is a sequence chart for explaining the operation of the present invention.

FIG. 3 is a diagram illustrating an encryption method according to an embodiment of the present invention.

[Explanation of symbols]

 Reference Signs List 10 customer terminal 11 communication unit 20 server 21 processing control unit 22 encryption setting database 23 customer database 30 merchant 31 item setting unit 32 setting information updating unit

 ──────────────────────────────────────────────────続 き Continued on the front page F term (reference) 5J104 AA01 AA34 AA36 AA37 AA41 DA05 NA01 NA02 NA05 NA27 PA10 9A001 BB03 CC03 EE03 JJ18 JJ67 KK57 LL03

Claims (14)

[Claims] 1. An encryption method for performing encrypted communication between a client and a server, wherein a merchant connected to the server sets security items required for encrypted communication,
Notifying the server, the server holds the security item, and when an encryption communication request is issued from a client, selects the encryption communication program by applying the security item and provides it to the client. When the server performs encrypted communication with a client, the server performs encrypted communication between the client and the server based on the encrypted communication program for a data item input from the client. Encryption method. 2. In the merchant, when designating the security item, exchanging the number of items of data acquired from the client, the encryption strength of each item, the encryption method of each item, and / or the exchange of key information. 2. The encryption method according to claim 1, wherein the timing of the encryption is specified. 3. When designating the encryption method, the encryption method and strength are divided according to time, or the encryption method and strength are divided according to the number of times of processing.
The cipher method described. 4. The encryption method according to claim 2, wherein, when designating the key exchange timing, the key is divided according to time or the key is divided according to the number of times of processing. 5. In the server, for the held security items, at the time of encrypted communication with the client, for each data item, a key corresponding to the number of times of connection with the client and / or an encryption method 2. The encryption method according to claim 1, wherein the exchange and / or the exchange of the key and / or the encryption method according to the time for each data item are performed. 6. An encryption method for performing encrypted communication between a client and a server, wherein a merchant connected to the server sets security items necessary for encrypted communication,
Notifying the server, the server holds the security item, and in the server, when a cryptographic communication request is issued from the client, generates a unique key based on a merchant ID or the like for at least time, Providing an encrypted communication program to the client together with the screen display information to be provided to the client, establishing the encrypted communication with the client, and in the merchant, based on a data item input from the client obtained from the server. And changing the encryption strength and key. 7. In a cryptographic communication system between a client and a server, a storage medium storing a cryptographic program mounted on a merchant connected to the server, wherein an item setting for setting a security item necessary for the cryptographic communication is performed. A storage medium storing an encryption program, comprising: a process; a transmission process of transmitting the security item to the server; and an update process of updating the security item as necessary. 8. The item setting process includes: an item number setting process for setting the number of items of data acquired from the client; a strength setting process for setting the encryption strength of each item; and an encryption method for each item. 8. A storage medium storing an encryption program according to claim 7, comprising: an encryption method setting process to set; and a key setting process to specify a timing of exchanging key information. 9. The storage medium storing an encryption program according to claim 8, wherein the encryption method setting process includes a process of dividing the encryption method and strength according to time or dividing the encryption method and strength according to the number of times of processing. 10. The storage medium storing an encryption program according to claim 9, wherein said key setting process includes a process of dividing keys according to time or dividing keys according to the number of times of processing. 11. The storage medium storing a cryptographic program according to claim 7, wherein the updating process includes a process of changing a cryptographic strength and a key based on a data item obtained from the server and input from the client. . 12. In an encryption communication system between a client and a server, a storage medium storing an encryption program mounted on the server, wherein security items obtained from a merchant connected to the own apparatus are stored in storage means. A cryptographic program that, when performing cryptographic communication with the client, applies the security item to a data item input from the client, selects a cryptographic communication program, and provides the client with the program. A storage medium storing an encryption program, characterized by having a selection process. 13. An encryption communication system between a client and a server, wherein the storage medium stores an encryption program mounted on the server, and stores security items acquired from a merchant connected to the own apparatus in a storage unit. And when a cryptographic communication request is issued from the client, a unique key is generated based on time, merchant ID, etc.
A cryptographic program comprising: a process of providing a cryptographic communication program to the client together with screen display information to be provided to the client; and a process of transferring a data item obtained by cryptographic communication from the client to the merchant. Storage medium storing. 14. In the security item held in the storage means, at the time of encrypted communication with the client, for each data item, a key corresponding to the number of times of connection with the client and / or an encryption method. Exchange and / or key and / or timed for each data item
14. A storage medium storing the encryption program according to claim 12, further comprising a process of exchanging encryption methods.