HK40043212A

HK40043212A - System and method for secret sharing of files

Info

Publication number: HK40043212A
Application number: HK62021032747.9A
Authority: HK
Inventors: Masahiro Aoki
Original assignee: Gyotokushiko Co., Ltd.; Technical Infrastructure Logic Corporation
Priority date: 2018-08-16
Filing date: 2019-07-11
Publication date: 2021-09-10

Description

Secure file distribution system and secure file distribution method

Technical Field

The present invention relates to a secure file distribution system and a secure file distribution method, and more particularly, to a secure file distribution system and a secure file distribution method for encrypting a file recorded in a recording medium, securely managing, monitoring, and enabling invalidation.

Background

Conventionally, when data such as a file is transmitted via a public Network such as the internet (hereinafter simply referred to as the "internet"), the data is encrypted and transmitted by being attached to an electronic mail (E-mail) or transmitted using a VPN (Virtual Private Network). However, in the case of these methods, data on the communication path is wiretapped, and in addition, in the case where the key information or the password is deciphered, the data is decrypted and leaked.

A secret distribution method is known as a method for coping with such a security weakness. The secret distribution method is a technique of dividing data to be classified into a plurality of fragment data, and if all or a certain number or more of the fragment data a are not collected, the original data cannot be restored.

As a scheme related to the secret distribution method, japanese patent application laid-open No. 2008-139996 (patent document 1) discloses a system in which an information terminal creates a plurality of shared files by using a secret distribution technique and saves one of the shared files in a portable communication terminal or a management server.

For example, if an application to which a secret distribution method is applied is used, the sender can divide the transmission file into a plurality of fragment data. In addition, the sender can attach each clip file to another email and send it. The recipient collects the clip files attached to a plurality of electronic mails into the same folder, and executes any one of the clip files in the form of an execution file, thereby being able to obtain the original transmission file.

However, the above-described file transmission method not only increases the time and effort of the user, but also reduces the security by placing the clip file in the same mail server. The user can make the addresses of the recipients of the electronic mails to which the respective clip files are attached different, or can transmit the respective clip files by their respective transmission methods. In addition, a contact error related to a file recovery method is likely to occur between the sender and the receiver, and the receiver may not be able to recover the file.

In view of the above circumstances, the invention described in japanese patent No. 6322763 (patent document 2) proposes a data transfer method in a data transfer system that improves security and convenience. The system includes a sender system, a receiver system, and a management system that manages data transfer via a network between the sender system and the receiver system.

The method comprises the following steps.

A seeded sender system divides original data into a plurality of fragment data by a secret distribution method, selects transmission paths for each fragment data, transmits each fragment data to each selected transmission path, and transmits information on each transmission path to a management system.

The seeded management system receives information relating to each transmission path from the sender system, and transmits the received information relating to each transmission path to the receiver system.

The seeded receiver system receives information on each transmission path from the management system, receives each fragment data from each transmission path based on the received information on each transmission path, and restores the received each fragment data to the original data using the secret distribution method.

Documents of the prior art

Patent document

Patent document 1: japanese patent laid-open No. 2008-139996;

patent document 2: japanese patent No. 6322763.

Disclosure of Invention

Problems to be solved by the invention

According to the invention described in patent document 2 having the above configuration, a structure for transferring data with improved security and convenience can be provided. However, the method according to the present invention is a method of deleting a file in a terminal by transmitting information to the internet or the like through an application downloaded to the terminal (sender system), and therefore, when the file moves to an indefinite place due to an environment not connected to a network, backup, or the like, there is a problem that the deleted data cannot be recovered efficiently.

The invention provides a system and a method for secure distribution of files, which can maintain sufficient security by complicating the restoration of files without such problems, and can ensure service continuity by restoring original files using remaining files even if a part of files is lost due to a hardware failure or disaster.

Means for solving the problems

The invention described in claim 1 for solving the above problems is a secure file distribution system in which a management server performs transmission and reception of an encrypted file between a transmitting user terminal and a receiving user terminal connected via a network in a secure state, the system comprising:

the transmitting user terminal includes: a function of segmenting an encrypted original file into a plurality of segmented files, and setting a threshold value for the number of segmented files required to restore the original file; and a function of creating a plurality of combined files obtained by combining the plurality of divided files, adding restoration information required for opening the combined file to the combined file, and distributing and storing the combined file to which the restoration information is added to a plurality of online storages,

the management server is provided with: a function of maintaining and managing the resume information transmitted from the transmitting user terminal, transmitting the resume information to the receiving user terminal by accepting an inquiry of the resume information of the binding file from the receiving user terminal having an access right,

the receiving user terminal may open the combined file acquired from the online storage using the restoration information received from the management server, and may restore the original file when the number of the divided files obtained by the opening is equal to or greater than a threshold value of the divided files included in the restoration information.

In one embodiment, the method is characterized by: the sending user terminal and the receiving user terminal comprise: a communication unit; an encryption/decryption unit for encrypting/decrypting the file; a file information management unit that divides the encrypted original file, creates a plurality of combined files that combine a plurality of the divided files, and manages configuration information of each of the combined files when distributing the combined files to the plurality of online storages; and a distribution file input/output unit that distributes the combined file to the plurality of online storages,

the management server includes: a user interface section; a communication unit; a user management part for storing, reading and managing various parameters used by the system in the terminal; an opening management part which receives and transmits data through the communication parts of the sending user terminal and the receiving user terminal and controls the opening of the combined file based on the data; a file information management unit that provides the creation open information of the combined file to the open management unit when the combined file is created and opened, and that manages information set in the transmitting user terminal and the receiving user terminal; a management parameter generation unit that provides a function of generating various data from data of internal operations; and a log generation unit for providing a function of generating a log of the operation and storing the log in the database.

In one embodiment, the threshold value of the number of divided files required to restore the original file is set in advance in a file information management unit of the transmitting user terminal and managed in a file information management unit of the management server. The management server includes a one-time password generation unit for creating a time-limited one-time password used when the management server is opened without connecting to the internet, and the transmission user terminal and the reception user terminal include a one-time password analysis unit for analyzing the one-time password.

In one embodiment, the restore information appended to the combined file includes access rights, an openable deadline, and a threshold for the split file. The application program for opening the combined file is of a self-decompression type, a disk configuration browsing software type (ディスク構成閲覧ソフト型), or a virtual disk installation type (仮想ディスクマウント型).

The invention described in claim 7 for solving the above-mentioned problems is a method for secure distribution of a file, in which a management server performs transmission and reception of an encrypted file between a transmitting user terminal and a receiving user terminal connected via a network in a secure state, characterized in that:

causing the sending user terminal to have: a function of segmenting an encrypted original file into a plurality of segmented files, and setting a threshold value for the number of segmented files required to restore the original file; and a function of creating a plurality of combined files obtained by combining the plurality of divided files, attaching restoration information for opening the combined file to the combined file, and distributing and storing the combined file to which the restoration information is attached to a plurality of online storages,

the management server is provided with: a function of maintaining and managing the resume information transmitted from the transmitting user terminal, and transmitting the resume information to the receiving user terminal when receiving an inquiry of the resume information of the combined file from the receiving user terminal having an access right,

the receiving user terminal opens the combined file acquired from the online storage by using the restoration information received from the management server, extracts the divided files included therein, and can restore the original file from the number of divided files equal to or greater than the threshold value.

Further, an invention described in claim 8 for solving the above-mentioned problems is a method for secure distribution of a file, in which a management server performs transmission and reception of an encrypted file between a transmitting user terminal and a receiving user terminal connected via a network in a secure state, the method including:

an original file encryption and segmentation step of segmenting an encrypted original file into a plurality of segmented files in the sending user terminal and setting a threshold value of the number of the segmented files required for recovering to the original file;

a combined file creating step of creating, in the transmitting user terminal, a plurality of combined files in which the plurality of divided files are combined;

a restoration information creating step of creating restoration information required to open the combined file in the sending user terminal and attaching the restoration information to the combined file;

an online storage distribution and storage step of distributing and storing, in the transmitting user terminal, the plurality of combined files to which the restoration information is added to different online storages; and

a restoration information storage step of maintaining and managing, in the management server, the restoration information transmitted from the transmitting user terminal,

when the receiving user terminal having access right inquires about the restoration information of the combined file from the management server, the restoration information is transmitted from the management server to the receiving user terminal, the combined file acquired from the online storage is opened by the receiving user terminal using the restoration information, the divided files are extracted, and the original file can be restored from the number of the divided files equal to or greater than the threshold value.

In one embodiment of the above-described method for secure distribution of files, the restoration information added to the combined file includes an access right, an openable deadline, and a threshold value for dividing a file, and the application program for opening the combined file is of a self-decompression type, a disk configuration browsing software type, or a virtual disk installation type. Also, a gap of variable length is embedded between the binding file and the opening application.

Effects of the invention

The system and method for secure distribution of files according to the present invention are capable of maintaining sufficient security by complicating the restoration of files as described above, and also capable of ensuring service continuity by recovering original files using remaining files even if a part of files is lost in the event of a hardware failure or disaster because files are distributed and stored in an online storage in a secure state in combination.

Drawings

Fig. 1 is a schematic configuration diagram of a system for secure distribution of documents according to the present invention.

Fig. 2 is a schematic block diagram of a secure file distribution system according to the present invention.

Fig. 3 is a flowchart showing a processing flow of a secure distribution method of a file according to the present invention.

Fig. 4 is a diagram for explaining the processing from the original file encryption division step to the online memory distribution storage step in the file secure distribution method according to the present invention.

Fig. 5 is a diagram for explaining a method of securely distributing a file according to the present invention, and a method of restoring an original file.

Detailed Description

The mode for carrying out the present invention will be described in more detail with reference to the accompanying drawings. As shown in fig. 1, the secure file distribution system according to the present invention includes a transmitting user terminal 2 and a receiving user terminal 3 for transmitting and receiving encrypted files via a network 1, a plurality of online storages 4 for storing the transmitted and received encrypted files, and a management server 5. The management server 5 holds the restoration information of the encrypted file, provides a user interface for setting and editing the access right and the openable deadline for the encrypted file, and holds the restoration information for managing the set encrypted file.

The receiving user terminal 3 is a terminal designated by the administrator of the transmitting user terminal 2 and handled by one or more users (hereinafter referred to as "open users") to which access rights are given. The public user has individual condition and group condition.

As shown in fig. 2, the transmitting user terminal 2 and the receiving user terminal 3 have installed therein client applications constituting execution forms of modules, which are a communication unit 11 for performing communication with the management server 5, an encoding unit 12 for encrypting a file, a decoding unit 13 for decrypting a file, a file information management unit 14, and a distributed file input/output unit 15, which will be described later. The file information management unit 14 generates a plurality of combined files in which a plurality of divided files obtained by dividing and fragmenting an encrypted original file are combined, and manages the arrangement information, checksum, and the like of each combined file when distributing the combined files. The distributed file input/output unit 15 distributes the combined file supplied from the file information management unit 14 to the plurality of online storages 4.

The client application further constitutes a library 17, and the library 17 is composed of a module management unit 18 for checking whether or not the modules used in the respective applications are correct, a file collection and transfer unit 19 for acquiring data of a format required in the respective applications from the distribution file input/output unit 15, and a file verification unit 20 for verifying the consistency of the data acquired by the file collection and transfer unit 19. The library 17 is created as a set of functions that each application calls in each module constituting the client application.

The management server 5 performs a user authentication function of registering file information transmitted from the client application (the sending user terminal 2) and disclosing the registered information only to a specified public user. The management server 5 includes: a user interface unit 21 for providing a setting change screen for setting a change access right or an openable time limit by a user, or a display screen for browsing open records; a communication unit 22 for performing communication between the communication units 11 of the transmitting user terminal 2 and the receiving user terminal 3; and a user management unit 23 for storing, reading, and managing various parameters used in the system in the terminal. The parameters include the ID of the access management server 5, the MAC address of the terminal, the public user information, and the information of the users after the group.

The management server 5 further includes an open management unit 24 and a file information management unit 25, the open management unit 24 performs data transmission and reception by the communication unit 11 of the transmitting user terminal 2 and the receiving user terminal 3 and controls opening of a file based on the data, and the file information management unit 25 provides the open management unit 24 with file creation open information when creating an open file and manages information set in the transmitting user terminal 2 and the receiving user terminal 3. The system further includes a management parameter generation unit 26 as a generator for generating various data, and a log generation unit 27 for providing a function of generating a log of an operation and storing the log in a database 29.

When the combined file can be divided using the data of the file information management unit 25, the open management unit 24 divides the combined file and checks whether or not the combined file satisfies a threshold. The management parameter generation unit 26 generates internal information for restoring a file, such as the number of bytes of a gap allocated for dividing data (as described later, a gap of variable length is embedded between a binding file and a restoring program) or a threshold. Further, the file information management unit 25 transmits the number of divided files, the number of coupled files, the stored information of the memory, and all the information of other generated files to the opening management unit 24, based on the information of the divided files and the coupled files collected.

The system is premised on an internet connection, but is preferably opened when there is no connection to the internet. Therefore, the management server 5 includes a one-time password generation unit 28, and the one-time password generation unit 28 creates a time-limited one-time password used when the system is opened without connecting to the internet. The transmitting user terminal 2 and the receiving user terminal 3 include a one-time password analysis unit 16 for analyzing the one-time password. In this way, when the user is not connected to the internet, the one-time password is read and analyzed by the one-time password analysis unit 16, and data can be restored.

Each of the combined files generated by the file information management unit 14 is added with resume information including at least an access right (disclosure user) and an openable deadline. There are also many cases of the publishing user, and in addition, there are cases of one person and cases of a group of the publishing user. As will be described later, the restoration information is stored and managed in the management server 5, and the open user who has been given access right inquires the management server 5 and is supplied from the management server 5 after user authentication. The publishing user who acquires the restoration information can use the restoration information to collect the divided files included in the combined file acquired from the online storage 4 to a threshold value or more, thereby restoring the original file.

The application program for opening the bound file is either of a self-decompression type, a disk configuration browsing software type, or a virtual disk installation type, and is added to each bound file. In the case of the self-decompression type, the combined files are aggregated into a single form, and automatically opened by self-decompression alone when opened. In this case, the management server 5 is inquired to check the access right or the open date, and if the file can be opened, the file is returned to the original divided file and decoded by the decoding unit 13 based on the resume information received from the management server 5. In the case of the self-decompression type, although a file may not be attached by mail or the like in order to adopt an execution form, it is preferable to exchange the file via a medium such as a company internal share or a USB storage device.

When the disk is of a browser type, the file can be encrypted and decrypted by an application program in the form of a resource manager on the OS. In this case, the attribute and others of the file can be displayed in the form of a file browsing application. The split files are collected at recovery time and the original file is recovered.

In the case of the virtual disk mount type, files in the VHD format and the extended format in the virtual disk file format are mounted, and data conversion is automatically performed when writing to or reading from a disk on the OS. In this case, the virtual disk is provided as a drive in the system as in the case of installing the virtual disk.

As described above, as an application program for opening the combined file, either a self-decompression type or a disk configuration browsing software type or a virtual disk mount type is used, and the combined file is added with the program. This makes it more difficult to assume a data portion from a plurality of combined files.

In a method for secure distribution of files according to the present invention, an original file is encrypted and fragmented into a plurality of divided files, a threshold value for the number of divided files required to restore the original file is set, a plurality of combined files in which the plurality of divided files are combined are created, restoration information for opening the combined files is added to the combined files, and the combined files to which the restoration information is added are distributed to a plurality of online storages and stored. Moreover, it is characterized in that: the restoration information is acquired by a person having access right, the combined file acquired from the online storage is opened, and the original file can be restored from the extracted number of divided files equal to or greater than the threshold value. The method for secure distribution of a file can be implemented by the system for secure distribution of a file according to the present invention.

That is, the method for secure distribution of a file using the above system includes the following steps as shown in the flowchart of fig. 3.

A step (S1) of encrypting and dividing a seed file, in which, in the transmitting user terminal 2, the seed file is encrypted and then fragmented into a plurality of divided files, and a threshold value for the number of divided files required for restoring the seed file is set;

a seeded combined file creating step (S2) of creating, in the transmitting user terminal 2, a plurality of combined files in which a plurality of divided files are combined;

a step (S3) of creating the restoration information necessary for opening the combined file in the transmitting user terminal 2 and attaching the restoration information to each combined file;

a step (S4) of distributing and storing the online storages, in which the transmitting user terminal 2 distributes and stores the plurality of combined files to which the restore information is added to the different online storages 4;

a step (S5) of saving the restoration information, in which the management server 5 keeps and manages the restoration information;

a step (S6) of querying the management server 5 for restoration information of the combined file, in the receiving user terminal 3; and

seeding utilizes the restoration information acquired from the management server through user authentication, opens the combined file acquired from the online storage 4, and restores the original file from the collected divided files of the number equal to or greater than the threshold (S7).

Hereinafter, a method of secure file distribution using the system according to the present invention will be described in detail for each step.

Original file encryption and segmentation step (S1)

This step is a step of fragmenting the original file into a plurality of fragmented files on encryption in the transmitting user terminal 2. Such fragmentation of the file over encryption into multiple split files is a commonly performed step in itself. In the example shown in fig. 4, the original file is fragmented into 9 split files. At the time of this fragmentation, a threshold value of the number of divided files required to restore the original file is set. As will be described later, in order to restore the original file, it is sufficient to collect a predetermined number (threshold value) or more of the divided files without collecting all the divided files.

Combined file creating step (S2)

This step is a step of creating a plurality of combined files in which a plurality of divided files are combined in the file information management unit 14 of the transmitting user terminal 2. The binding file is in the form of a ZIP file or in the form of a virtual disk. The combined file combines a plurality of divided files in an arbitrary combination, and in the example shown in fig. 4, three combined files are created. The combined file 1 is a combination of the divided files 1, 2, and 5, the combined file 2 is a combination of the divided files 3, 4, 8, and 9, and the combined file 3 is a combination of the divided files 6 and 7.

Resume information creation step (S3)

This step is a step of creating restoration information necessary for restoring the combined file in the file information management unit 14 of the transmitting user terminal 2 and adding the restoration information to each combined file. The restoration information mentioned here is not information for restoring the original file, but information for opening the coupled file, which is a preprocessing for restoring the original file, and includes at least a user name (open user name) and an openable deadline specified by the administrator of the transmitting user terminal 2, which are access rights, and a threshold value of the divided file required for restoring the original file, and is set for each open user. The restoration information is created through a user interface provided by the user interface section 21 of the management server 5. The restoration information is not fixed but can be changed over time, and when changed, the stored data in the file information management unit 25 of the management server 5, which will be described later, is updated.

Online memory distribution saving step (S4)

This step is a step of distributing and storing a plurality of combined files to which restore information is added from the file information management unit 14 of the transmitting user terminal 2 to different online memories 4 via the distribution file input/output unit 15. In the example shown in fig. 4, the combined file 1 is stored in the online storage a, the combined file 2 is stored in the online storage B, and the combined file 3 is stored in the online storage C. The file information management unit 14 manages the arrangement information, checksum, and the like regarding which online storage 4 the distributed combination file is arranged in. These pieces of information are simultaneously transmitted to the file information management unit 25 of the management server 5, and information is shared. The combined files stored in the online storages 4 are not limited to the same file, but may be the same file in all cases depending on the capacity, the operation of distribution management, and the like.

Resume information saving step (S5)

This step is a step of holding and managing the resume information transmitted from the file information managing unit 14 of the transmitting user terminal 2 in order to respond to an inquiry from a publishing user described later in the file information managing unit 25 of the management server 5.

Recovery information query step (S6）

This step is a step in which the publishing user who wishes to restore the original file inquires the management server 5 of the restoration information of the combined file from the receiving user terminal 3. When the publishing user inquires about the resume information, the open management unit 24 of the management server 5 checks the access right and the like, and if the publishing user has the access right and the like, the resume information is transmitted to the receiving user terminal 3 of the publishing user. In addition, every time the publishing user inquires about the recovery information, the log generating unit 27 generates a log and stores the log in the database 29, and the data is published in response to a browsing request from the transmitting user terminal 1.

Original file recovery step (S7)

This step is a step in which the publishing user opens the combined file acquired from the online storage 4 using the restore information transmitted from the management server 5 and restores the original file from the collected divided files of the number equal to or greater than the threshold. In general, a plurality of combined files are necessary for restoration to an original file, but in the case of a combined file including a number of divided files equal to or greater than a threshold value, restoration can be performed under one combined file. In the example shown in fig. 4, the combined file 1 includes three divided files, the combined file 2 includes 4 divided files, and the combined file 3 includes two divided files, so that, for example, in the case where the threshold number is 4, it is sufficient to use only the combined file 2 including 4 divided files, and in the case where the threshold number is 5, at least two combined files are required (see fig. 5).

Each time the publishing user opens the binding file, a log is generated in the log generation unit 27 and registered in the database 29, and the user can refer to the open record. In addition, in the case where the number of divided files required to restore the original file does not satisfy the threshold, a plurality of combined files are required, but in this case, the restoration process is executed by requesting the management server 5 for another divided file and combined file and forwarding the data (original file restoration step (S7)). In the present invention, in order to restore the original file as such, it is sufficient to collect the number of divided files equal to or more than the threshold value set at the time of division, and this enables decryption in the decoding section 13 using the information for decryption of the divided files transmitted from the management server 5.

Industrial applicability

The system and method for secure distribution of files according to the present invention are configured as described above, and can maintain sufficient security because recovery of files becomes complicated. Further, since the combined file is distributed and stored in the online storage in a secure state, even if a part of the file is lost when a hardware failure or a disaster occurs, the original file can be restored by using the remaining file.

Claims

1. A secure file distribution system for executing transmission and reception of an encrypted file between a transmitting user terminal and a receiving user terminal connected via a network in a secure state by a management server, characterized in that:

the receiving user terminal may open the combined file acquired from the online storage using the restoration information received from the management server, and may restore the original file when the number of the divided files collected by the opening is equal to or greater than a threshold value of the divided files included in the restoration information.

2. A system for secure distribution of documents according to claim 1, characterized in that:

the sending user terminal and the receiving user terminal comprise: a communication unit; an encryption/decryption unit for encrypting/decrypting the file; a file information management unit that divides the encrypted original file, creates a plurality of combined files that combine a plurality of the divided files, and manages configuration information of each of the combined files when distributing the combined files to the plurality of online storages; and a distribution file input/output unit that distributes the combined file to the plurality of online storages,

3. The secure distribution system of documents as claimed in claim 2,

the threshold value of the number of divided files required to restore the original file is set in advance in the file information management unit of the transmitting user terminal and managed in the file information management unit of the management server.

4. The secure distribution system of files of any one of claims 1 to 3,

the management server includes a one-time password generation unit for creating a time-limited one-time password used when the management server is opened without connecting to the internet, and the transmission user terminal and the reception user terminal include a one-time password analysis unit for analyzing the one-time password.

5. The secure distribution system of documents as claimed in claim 1,

the restoration information attached to the combined file contains access rights, an openable deadline, and a threshold value of the divided file.

6. The secure distribution system of documents as claimed in claim 1,

the application program for opening the combined file is of a self-decompression type, a disk configuration browsing software type, or a virtual disk installation type.

7. A method for secure distribution of a file, in which a management server executes transmission and reception of an encrypted file between a transmitting user terminal and a receiving user terminal connected via a network in a secure state, characterized by:

8. A method for secure distribution of a file, which executes transmission and reception of an encrypted file between a transmitting user terminal and a receiving user terminal connected via a network in a secure state by a management server, comprising:

when the receiving user terminal having access right inquires about the restoration information of the combined file from the management server, the restoration information is transmitted from the management server to the receiving user terminal, the combined file acquired from the online storage is opened by the receiving user terminal using the restoration information, the divided files are extracted, and the original file can be restored from the number of divided files equal to or greater than a preset threshold value.

9. The secure distribution method of a document according to claim 7 or 8,

the restoration information attached to the combined file includes access rights, an openable period, and a threshold value for dividing the file.

10. The secure distribution method of a document according to claim 7 or 8,

11. The secure distribution method of documents according to claim 10,

a gap of variable length is embedded between the binding file and the opening application.