JP2001265657A - Data base sharing method and system and computer readable storage medium - Google Patents

Abstract

PROBLEM TO BE SOLVED: To securely share a data base without logging in a data base server. SOLUTION: This storage medium (RAM 19, hard disk drive 28; refer to diagram 2) stores the data base 41 readable by a computer 10. The data base 41 is provided with a structure having a ciphered data base main body 45 and data base access information 43 including at least public keys 43-2A-43-2C and ciphered cipher keys 43-4A-43-4C among the IDs 43-1A-43-1C of plural users A-C provided with an access right to the data base 41, the public keys 43-2A-43-2C of the plural users A-C and the ciphered cipher keys 43-4A-43-4C obtained by respectively ciphering a cipher key corresponding to the ciphered data base main body 45 by the public keys 43-2A-43-2C of the plural users A-C.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

The present invention relates to a database sharing method and system for securely sharing a database between a plurality of computers (a plurality of users), and a computer readable storage medium.

[0002]

2. Description of the Related Art Conventionally, sharing of a database is performed by placing the database on a database server. In such a system, a user inputs a user ID and logs in to the database server, whereby the user is authenticated through the database server, and only users who are officially permitted to use the database are registered in the database. It is configured so that it can be accessed.

When a database is used without logging in to a database server, for example, when traveling, a replica of the database placed on the database server is placed on a computer such as a personal computer used on a business trip and accessed. are doing.

[0004]

In a conventional database sharing system, when a database is used without passing through a database server, the database is placed on a computer by a user.

Therefore, anyone can access the database by operating the computer on which the database is placed, so that the database can be shared among a plurality of users.

However, in the conventional database sharing system, a user who does not have the authority to use the database can access the database and read the contents of the database, thereby reducing the security of the database sharing system.

Therefore, in order to prevent a user who does not have the authority to use the database from accessing the database, the security of database access is enhanced by encrypting the database using the encryption key of the user. .

[0008] However, when a plurality of specific users use the database without logging in to the database server while traveling, for example, users other than the user corresponding to the encryption key cannot access the database. However, it has not been possible to realize secure database sharing among a plurality of users.

Further, in the conventional database sharing system, since a user who has authority to use the database is managed by the user ID, the user cannot access the database as an anonymous user without inputting the user ID. It was difficult to protect user privacy.

SUMMARY OF THE INVENTION The present invention has been made in view of the above circumstances, and provides a database sharing method and system, and a computer, which enable a database to be securely shared without logging in to a database server, for example, on a business trip. It is to provide a readable storage medium.

In particular, the present invention has been made in view of the above-mentioned circumstances, and it is an object of the present invention to make it possible to access a database using an encryption key for each user and to securely realize database sharing. .

Further, the present invention has been made in view of the above-mentioned circumstances, and enables access to a database as an anonymous user without inputting a user ID, thereby sharing the database while protecting the privacy of the user. Is to realize

[0013]

According to the first aspect of the present invention, there is provided a computer-readable storage medium storing a database, wherein the database is an encrypted storage medium. The data body and the IDs of a plurality of users having access authority to the database, the public keys of the plurality of users, and the encryption key corresponding to the encrypted stored data body are respectively encrypted with the public keys of the plurality of users. A structure is provided which holds at least the public key and database access information including the encryption key among the encryption keys obtained as described above.

[0014] In the invention according to claim 2, the database stores at least one of an ID of the database, access authority information indicating an access authority of the plurality of users to the database, and an access program to the database. In addition we have.

According to the third aspect of the present invention, there is provided a database sharing system for sharing a database among a plurality of computers, wherein the database according to the first or second aspect is stored. A first storage unit that stores user ID, login information to the computer corresponding to the user, user authentication information including the user's public key, and a secret key corresponding to the user's public key. Based on database access information of a database stored in the first storage means and user authentication information stored in the second storage means in response to a database access request input by the user. An authentication means for authenticating whether or not the user has an access right to the database; When the authentication unit determines that the user has the access right to the database, the authentication unit corresponds to the encrypted stored data body based on the database access information of the database and the user authentication information. Means for obtaining an encryption key;
Access means for accessing the stored data body based on the obtained encryption key corresponding to the encrypted stored data body.

According to a fourth aspect of the present invention, the database is the database according to the second aspect, and the authentication means includes a random number generation means for generating a random number, and extracts the user's public key from the database. An encryption unit for encrypting the random number with the public key; a decryption unit for extracting a secret key of the user from the user authentication information and decrypting the random number encrypted by the encryption unit; Collation means for comparing the original random number before decryption with the decrypted random number to determine whether or not they match, and when it is determined that they match, the user Setting means for determining that the user has an access right, and setting an access right corresponding to the user based on the access right information of the database; and It is provided.

In the invention as set forth in claim 5, the encryption key acquiring means, when it is determined by the collating means that they match, extracts the encryption encryption key of the user from the database, Means for extracting the secret key of the user from the user authentication information, decrypting the encryption key of the corresponding user with the secret key of the extracted user, and obtaining an encryption key corresponding to the encrypted stored data body And

[0018] In the invention according to claim 6, the access means includes: an extraction means for extracting an encrypted record from the encrypted stored data body in the database;
Decryption means for decrypting the retrieved encrypted record using the encryption key corresponding to the stored data body, display means for displaying at least one of the decrypted record and the new record, and this display means Editing means for editing at least one of the decrypted record and the new record displayed by using the encryption key corresponding to the stored data body, and at least one of the edited decrypted record and the new record. Means for encrypting and writing means for writing at least one of the encrypted decrypted record and the new record into the encrypted stored data body in the database.

According to a seventh aspect of the present invention, there is provided a database sharing system for sharing a database among a plurality of computers.
Encrypting the encrypted stored data body and the ID of the user registered in the database with the user, the user's public key, and the encryption key corresponding to the encrypted stored data body with the user's public key. First storage means for storing a database having at least the public key and the database access information including the encryption key among the obtained encryption keys, and a plurality of users having access rights to the database. ID, login information to the corresponding computer of the plurality of users,
A second storage unit configured to store user authentication information including a public key of the plurality of users and a secret key corresponding to the public key of the plurality of users; and a mail address for the plurality of users and the computer, and a mail address of the plurality of users. Address information storage means for respectively storing address information including a public key, wherein each of the computers has a shortage of public keys of other computer users who are not registered in the database in the address information storage means. A public key requesting means for requesting the computer for a public key of the other computer user based on the mail address of the other computer user, and a corresponding other computer in response to a public key request from the other computer Reading the public key of the user from the user authentication information in the second storage means Public key return means for transmitting, based on the returned encryption key of the other computer user encrypted based on the public key of the other computer user and the access right set for the other computer user. Registering means for editing a database and registering the other computer user in the database.

In the invention as set forth in claim 8, the public key requesting means includes: a mail creating means for creating a mail requesting a public key of the other computer user based on a mail address of the other computer user; Key request mail transmitting means for transmitting a key request mail to the other computer, and public key writing means for writing the public key of the other computer user returned from the other computer into the address information storage means. .

According to the ninth aspect of the present invention, the public key return means decrypts whether or not the mail transmitted from the other computer is a key request mail, and as a result of the decryption,
In the case of a public key request mail, a reply mail generating means for reading a public key of another computer user corresponding to the key request mail from the second storage means and attaching it to the mail to generate a reply mail, Mail reply means for returning the reply mail to the other computer which has transmitted the public key request mail.

According to the tenth aspect of the present invention, the registering means includes: an extracting means for extracting a public key of the other computer user attached to a reply mail returned from the mail reply means; An encryption unit that encrypts an encryption key corresponding to the encrypted stored data body using a public key to generate an encryption encryption key, and that corresponds to the other computer user based on the access authority information of the database. Setting means for setting an access right, and writing the generated other computer user's encryption key and the set access right of the other computer user in the database by writing the other computer user in the database Means.

According to another aspect of the present invention, there is provided a computer system comprising:
According to the invention described in (1), there is provided a computer-readable storage medium storing a database, wherein the database includes an encrypted stored data body, an ID of an administrator who manages the database, and a disclosure of the administrator. Database access information including at least the public key and the encrypted encryption key among the encrypted encryption keys obtained by encrypting the key and the encryption key corresponding to the encrypted stored data body with the administrator's public key And a structure that holds

In the twelfth aspect of the present invention, the database includes at least one of an ID of the database, access authority information including an access authority level of a user of the database to the database, and an access program to the database.
Have one.

A thirteenth aspect of the present invention for achieving the above object.
According to the described invention, there is provided a computer-readable storage medium storing ticket information for database access, wherein the ticket information includes a mail address of the database administrator, an ID of the administrator, and a public key of the administrator. , An e-mail address of the database user, an ID of the user, an encrypted encryption key obtained by encrypting an encryption key corresponding to the encrypted data stored in the database with the user's public key, and the management User information including an encrypted access authority level of the user to the database encrypted by the public key of the user, and access route information to the database.

According to a fourteenth aspect of the present invention, there is provided the above-mentioned object.
According to the invention described in the above, there is provided a database sharing system for sharing a database among a plurality of computers, wherein the first storage means for storing the database according to claim 11 or 12, and the ticket information according to claim 13. A second storage unit for storing user ID, login information to the computer corresponding to the user, user authentication information including the user's public key, and a secret key corresponding to the user's public key. Third storage means;
In response to a database access request transmitted from the user, the user is required to access the database based on the ticket information stored in the second storage means and the user authentication information stored in the third storage means. Authentication means for authenticating whether or not the user has the access right; and when the authentication means determines that the user has the access right to the database, the encrypted stored data body And an access unit for accessing the stored data body based on the obtained encrypted key corresponding to the encrypted stored data body.

The invention according to claim 15, wherein the first
The database stored in the storage means is the database according to claim 12, wherein the authentication means fetches the user's public key from the ticket information and random number generation means for generating a random number, and Encryption means for encrypting with a public key, decryption means for extracting a secret key of the user from the user authentication information, and decrypting a random number encrypted by the encryption means, First collating means for collating the random number with the decrypted random number to determine whether they match, extracting means for extracting the encrypted access authority level of the user from the ticket information, A public key extracting means for extracting a public key of the administrator; and a decryption unit for decrypting the extracted encrypted access authority level by using the public key of the administrator. Decrypting means for acquiring the access privilege level of the user; access privilege information retrieving means for retrieving the user's access privilege information from the database stored in the first storage means; When it is determined that the access right level matches the access right level of the user in the access right information by the first checking unit and the second checking unit, respectively. Setting means for setting an access right corresponding to the access right level of the user.

[0028] In order to achieve the above-mentioned object, a sixteenth aspect is provided.
According to the described invention, there is provided a database sharing method for sharing a database among a plurality of computers, wherein the step of storing the database according to claim 1 or 2, a user ID, and a computer corresponding to the user are provided. Storing login information to the user, user authentication information including the user's public key and a secret key corresponding to the user's public key, and responding to a database access request transmitted from the user, Authenticating whether the user has access authority to the database based on database access information and stored user authentication information; and the authentication step allows the user to access the database. When it is determined that the data Obtaining an encryption key corresponding to the encrypted stored data body on the basis of the database access information and the user authentication information over scan,
Accessing the stored data body based on the obtained encryption key corresponding to the encrypted stored data body.

A seventeenth aspect of the present invention for achieving the above object.
According to the invention described in the above, a computer-readable storage medium for sharing a database among a plurality of computers used by a plurality of users, wherein the database according to claim 1 or 2 is stored in the plurality of computers. Means for storing in the own computer by at least one of the above, and user authentication including an ID of the user, login information of the user to the corresponding computer, a public key of the user, and a secret key corresponding to the public key of the user. Means for storing information in the own computer by at least one of the plurality of computers, and database access information of the database and the database access information in response to a database access request input to the user's computer by at least one user. Based on the user authentication information Means for authenticating, by the user's computer, whether or not the user has an access right to the database, and the authentication determines that the user has the access right to the database. At this time, based on the database access information and the user authentication information of the database,
Means for causing the user use computer to obtain an encryption key corresponding to the encrypted stored data body, and the user use computer obtaining the stored data body based on the obtained encryption key corresponding to the encrypted stored data body. And means for accessing.

[0030]

Embodiments of the present invention will be described with reference to the drawings.

FIG. 1 is a diagram showing an overall configuration of a database sharing system 1 according to each embodiment of the present invention.

Referring to FIG. 1, a database sharing system 1 includes a plurality of computers 3, 4 and 5 connected to a network 2 using a public line or a dedicated line. Although FIG. 1 shows three computers, the number of computers is arbitrary.

When a database server for database management is connected to the network 2, the plurality of computers 3 to 5 make a database access request to the database server, and respond to the database access request. Processing such as browsing and editing of a database is performed in accordance with data transmitted from the server, and is configured as clients 3 to 5 in a server client system.

In this embodiment, in the database sharing system 1, each of the clients 3 to 5 can be used without using a database server, arranging a database on the database server, or logging in to the database server. Is provided with a database server function so that a plurality of clients 3 to 5 can share a database. Therefore, strictly speaking, each of the computers 3 to 5
Can be said to be appropriate as a client / server, but for simplicity, they are described as clients 3-5.

That is, the database sharing system 1
In, the database to be shared is network 2
Located on any at least one client or server above.

Each of the clients 3 to 5 is configured by adding a display device, an input device, a storage device, a fingerprint reading device as a user authentication device, and the like to a computer main body (computer main body) such as a workstation or a personal computer. .

FIG. 2 is a block diagram showing a hardware configuration of each of the clients 3 to 5 in the database sharing system 1.

As shown in FIG. 2, each of the clients 3 to 5
Is a computer (client computer) body (hereinafter simply referred to as a computer) 10, a display device 11 connected to the computer 10, and an input device 1.
2, a printing device 13, an external storage device 14, and a fingerprint reading device 15.

The computer 10 has a CPU bus 16 and C
A PU 17, a ROM 18, and a RAM 19 are provided, respectively.
Each is communicably connected to the CPU bus 16.

The computer 10 has a CPU bus 1
6 are respectively provided with interface units 20 to 26 for peripheral device interfaces, which are connected to the respective peripheral devices, that is, the hard disk device 28, the communication device 29, the display device 11,
An input device 12, a printing device 13, an external storage device 14, and a fingerprint reader 15 are connected to each other.
7 is a CPU bus 16 and each of the interface units 20 to
The peripheral devices 28, 29, and 11 to 15 are controlled via 26.

The ROM 18 stores a boot processing program used to start up the computer 10 and start up an operating system (OS) and the like.

The hard disk drive (hard disk drive; HDD) 28 is provided with a program storage section (storage area) 30 and a data storage section (storage area) 31.

The program storage unit 30 stores an OS, a program for realizing a database sharing system (database sharing system program 34), and the like. The data storage unit 31 stores a database, an ID file, an address book, a ticket, Other various information is stored.

The RAM 19 is used for so-called main storage and cache storage. That is, the RAM 19 is
A work area 32 and a program storage area 33 for various processes by the CPU 17 are provided in the program storage area 33 by the processing of the CPU 17.
1 is stored.

The CPU 17 of each of the clients 3 to 5
In accordance with the database sharing system program 34 stored in the AM 19, an arithmetic control process including a control process for each of the above-described peripheral devices is executed, thereby enabling access to a shared database located in the own client, another client, or a database server. And the database sharing system 1 is realized.

The communication device 29 performs communication processing between the own client and another client and communication processing between the own client and the database server. Various data (databases) stored in the data storage unit 31 of the own client are provided. , Mails, tickets, etc., are supplied to other clients or database servers as necessary by the processing of the CPU 17, and data (databases, mails, tickets, etc.) supplied from other clients or database servers are required. Are received by the client via the communication device 29 and stored in the data storage unit 31 of the hard disk device 28 by the processing of the CPU 17.

The display device 11 and the input device 12 are CP
The GUI function is realized in cooperation with U17, and the user can input various commands to the CPU 17 on the display screen of the display device 11 by operating the input device 12 of the client. Further, it is possible to edit data displayed on the display screen.

The external storage device 14 processes at least one of various data (database, ID file, ticket, address book, program, and other various information) stored in the data storage unit 31 of the client by the processing of the computer 10. It is a device that stores the unit in a portable storage medium and makes storage and transportation convenient and easy. External storage device 14
For example, a floppy disk device (floppy disk drive; FDD) whose portable medium is a floppy (registered trademark) disk, a magneto-optical disk device (MO) whose portable medium is a magneto-optical disk, and a CD-ROM R
A CD-R drive device that is a (compact disc recordable), a CD-R / W drive device whose portable medium is a CD-R / W (compact disc rewritable),
A DVD drive device in which the portable medium is a DVD, an IC memory reading device in which the portable medium is an IC memory, a ZIP drive device in which the portable medium is a ZIP disk, and the like are used.

The fingerprint reader 15 is a device for reading a fingerprint of a user (human), and authenticates whether or not the user is permitted to use the client. In each of the embodiments of the present invention, the fingerprint reader is used for user authentication. However, any device that can be used for identity verification can be used. Also, without using a special authentication device, enter the password of the user
Authentication by collation is also possible.

(First Embodiment) FIG. 3 is a diagram conceptually showing a schematic structure of a database 41 according to a first embodiment of the present invention. The database 41 is shared by the clients 3 to 5 and is held in at least one of the clients 3 to 5 or in a database server.

As shown in FIG. 3, the database 41
A database (D representing the ID of the database 41 itself
B) An ID 42 and authentication information 43 of a user who has authority to use the database 41 (access authority).

As shown in FIG. 3, the user authentication information 43 includes the ID 43-1A of the user A of the client 3 stored in the database 41 in advance, and the ID 43-1A of the user A stored in the database 41 in advance. Public key 43-2
A, an encrypted random number 43-3A encrypted by the public key of the user A, and an encryption key 43-4A by the user A stored in the database 41 in advance.

The encryption key 43-4A is an encryption key (encryption key of a common common key system) corresponding to the encrypted stored data (database body) of the database 41.
Is encrypted with the public key of Mr. A.

Similarly, 43-1B, 43-2B, 43-
3B and 43-4B are an ID, a public key, an encryption coefficient, and an encryption key for the user B of the client 4, respectively, 43-1C, 43-2C, 43-3C, and 43-C.
4C is an ID, a public key, an encryption coefficient, and an encryption key for the user C of the client 5 respectively.

In the present embodiment, the information up to the user C is described. However, if the number of users who have access to the database 41 is large, the user authentication information 43
Are increased according to the number of users.

The public key is an encryption key used in combination with a secret key, and for example, a well-known RSA method or the like is applied.

On the other hand, as shown in FIG. 3, the database 41 includes an access control list 44 for holding the access authority levels of the users A to C in relation to the database 41 in association with the names of the users, and an encrypted access control list 44. A database main body 45 containing accumulated data and a database control program 46 for controlling the operation of the database main body 45 of the database 41 are provided.

The access control list 44 includes, for each user who has database access authority, as a database access authority level of the user, contributor authority, reader authority for reading database records of the database body 45, and new database record. One of a creator authority that can be created, an editor authority for editing the contents of a database record, and an administrator authority for managing the database itself is set.

FIG. 4 is a diagram conceptually showing a schematic structure of a user ID file 47 of, for example, user A according to the first embodiment. The user files of the other users B and C are the same as the user ID file of the user A. The user ID file 47 of each of the users A to C
Are stored in each corresponding client, for example.

The user ID file 47 has a file format, and as shown in FIG.
ID 47-1, the user name 47-2 corresponding to the user ID, and a login password 4 that is login information to the client corresponding to the user ID
7-3 and the secret key 47- of the user corresponding to the user ID
4 and a public key 47-5 of the user corresponding to the user ID, and these information (47-1 to 47-5)
Is information unique to each user.

FIG. 5 is a block diagram showing functions of the clients 3 to 5 (computers 10 and their peripheral devices 11 to 15) of the database sharing system 1 according to the present embodiment. The same components as those in FIGS. 3 and 4 are denoted by the same reference numerals.

In FIG. 5, each of the clients 3 to 5
Various data including the database 41 placed on the own client, another client or the database server,
A transmission / reception unit 50 for transmitting / receiving (communicating) a program or the like between the own client or between the own client and another client / database server by, for example, a packet communication method, and the storage of the hard disk device 28 or the external storage device 14 of the own client. An authentication unit 51 for referring to an ID file 47 stored in a medium or the like to authenticate whether or not the user has a use right (access right) of the client; and an encryption key processing unit for processing an encryption key of the database 41 52, and a database processing unit 53 for processing the database body 45 according to the database control program 46 in the database 41.

FIG. 6 is a block diagram showing each function of the authentication unit 51 of the database sharing system 1 according to the present embodiment. In FIG. 6, components having the same reference numerals as those in the above-mentioned drawings indicate the same components.

As shown in FIG. 6, the authentication unit 51 extracts the public key 43-2A corresponding to the user (for example, Mr. A) authenticated by the fingerprint reader 15 from the database 41 via the transmission / reception unit 50. Key extracting means 60
And a random number generating means 62 for generating a random number 61, and an encryption method for encrypting the generated random number 61 using the user's public key 43-2A extracted by the key extracting means 60 to generate an encrypted random number 63. Means 64.

The authentication unit 51 also includes a user A (I) corresponding to the user (for example, A) authenticated by the fingerprint reader 15.
Key extracting means 65 for extracting the corresponding user's private key 47-4 from the D file 47; decrypting means 66 for decrypting the encrypted encrypted random number 63 using the user's private key 47-4; The original random number 61 generated by the generation means 62 and the random number 6 decrypted by the decryption means 66
7 and a matching means 68 for generating authentication data 69 when the result of the matching is a match.

The authentication unit 51 further includes a database 41
Access control list extracting means 70 for extracting the access control list 44 from the user, and the access right setting means 7 for setting the access right 71 of the corresponding user based on the authentication data 69 and the extracted access control list 44.
2 is provided.

FIG. 7 is a block diagram showing each function of the encryption key processing unit 52 of the database sharing system 1 according to the present embodiment. In FIG. 7, components having the same reference numerals as those in the above-mentioned drawings indicate the same components.

As shown in FIG. 7, the encryption key processing unit 52
Key extracting means 80 for extracting, from the database 41, the encrypted encryption key 43-4A encrypted with the public key 43-2A corresponding to the authenticated user in accordance with the generation of the authentication data 69 of the authentication unit 51; Decryption means 82 for decrypting the encrypted encryption key 43-4A of 41 using the secret key 47-4 of the user authenticated by the authentication unit 51 and obtaining a database encryption key 81 is provided.

FIG. 8 is a block diagram showing each function of the database processing unit 53 of the database sharing system 1 according to the present embodiment. In FIG. 8, components having the same reference numerals as those in the above-described drawings indicate the same components.

As shown in FIG. 8, the database processing unit 5
Reference numeral 3 denotes a record retrieving means 91 for retrieving an encrypted database record in the database body 45 of the database 41, and a decryption of the retrieved encrypted database record 90 with a database encryption key 81 obtained by the encryption processing unit 52 to obtain a database record. A decoding means 93 for obtaining the information 92; a display editing means 94 for displaying and editing the decoded database record 92;
An encryption means 95 for encrypting the edited database record (updated database record) 92A with the encryption key 81 of the database 41, and a record writing means 96 for writing the encrypted updated database record 92B in the database body 41 are provided. ing.

FIG. 9 is a block diagram showing a record addition processing function in the database processing unit 53A of the database sharing system 1 according to the present embodiment. Note that FIG.
In the drawings, components having the same reference numerals as those in the above-mentioned drawings indicate the same components.

As shown in FIG. 9, the database processing unit 5
3A displays and edits a new record to create a new record 92C of the database 41, and the new record 92C created by the display and edit means 94A is encrypted by the encryption key 81 of the database 41. It comprises an encrypting means 95A for encrypting, and a record writing means 96A for writing the encrypted new record 92D into the database body 45 of the database 41.

Next, an overall operation of the database sharing system 1 according to the present embodiment will be described, for example, a process of accessing the database 41 of the client 3 used by the user A.

User A asks client 3 for
By operating the input device 12, the database sharing system program 34 is started. At this time, client 3
Is the started database sharing system program 3
According to 4, the login process of the user A is performed.

That is, the user A attaches a storage medium in which the user ID file 47 owned by the user A is stored in advance to the external storage device 14, and inputs a login password via the input device 12.

The client 3 (client computer 10) stores the ID file 47 read through the external storage device 14 into, for example, the hard disk device 28
ID file 4 stored in the data storage unit 31
The user A is logged in with reference to the login password 7 and the login password input via the input device 12 (FIG. 10; step M1), and the database 41
, That is, the own client 3 is connected to the database 41 (step M2A).

Next, the computer 10 operates in accordance with the database control program 46 of the database 41, and determines whether or not the user A has an access authority level to the database 41 in the access control list 44 of the database 41. According to the access authority level of this authenticated user A,
The database main body 45 of the database 41 is accessed, and record browsing processing, record editing processing, new record creation processing, and the like of the database main body 45 based on the instruction of the user A are performed (step M3A).

Then, the computer 10 closes the database 41 opened in response to the user A's database close command and disconnects the connection of the client 3 to the database 41 (step M4).
A), the user logs out of the database sharing system program 34 and terminates the database sharing system program 34 (step M5).

When there are a plurality of types of databases 41 instead of one type, the computer 10 opens the plurality of types of databases repeatedly and performs access processing as shown in steps M2B to M4B. Has become.

FIG. 11 is a flowchart showing in detail the procedure of the database open process (steps M2A and M2B) in FIG.

According to FIG. 11, the computer 10 connects to the database 41 (step M2-1), executes an authentication process relating to the access of the user A to the database 41 (step M2-2), and obtains the authentication process result. Upon success, the encryption key processing of the database 41 is executed (step M2-3).

FIG. 12 is a flowchart showing in detail the procedure of the authentication process (step M2-2) in FIG.

As shown in FIG. 12, the computer 10 sends the public key 43-2A of Mr. A from the database 41 to the transmitting / receiving unit 50 and the key extracting means 60 (in terms of hardware,
Processing by the CPU 17, the I / F 21 and the communication device 29 of the computer 10, for example, via the network 2 (when the database 41 is located in a location other than the own client) or via the CPU bus 16 (when the database 41 is the own client). ) And save it in the work area 32 of the RAM 34 or the data storage unit 31 of the hard disk drive 28 (step A).
1).

Next, the computer 10 generates a random number 61 by the random number generating means 62, and generates the generated random number 61.
Is encrypted by the encryption means 64 using the public key 43-2A (step A2).

As the encryption processing in step A2,
For example, encryption processing of a public key method such as a typical RSA method is used. Thus, encryption processing by a public key method, that is, a random number encrypted with A's public key is It cannot be decrypted with a secret key.

The computer 10 has a key extracting means 65
As a result, the secret key 4 of Mr. A is obtained from the ID file 47 of Mr. A stored in the data storage unit 31 of the hard disk device 28.
7-4 is read out and stored in the work area 32 of the RAM 19 (step A3).

Next, the computer 10 executes step A
The encrypted random number 63 encrypted in the process 3 is decrypted by the decryption means 66 using Mr. A's secret key 47-4 stored in the work area 32 of the RAM 19, and a random number 67 is obtained (step A4).

Then, the computer 10 stores the original random number 6
1 is compared with the decrypted random number 67 by the matching means 68 to determine whether or not the original random number 61 and the decrypted random number 67 match (step A5).

If the result of this determination in step A5 is that they match (step A5 → "match"), the computer 10
Determines that the secret key and the public key are a correct pair, shifts to the process of step A6, and if they do not match (step A5 → “mismatch”), the computer 10 determines that the secret key and the public key It is determined that they are not paired, and the process proceeds to step A7.

In particular, in the present embodiment, in the processing of steps A1 to A5, a random number encrypted with a public key and a random number encrypted with a secret key are used instead of simply comparing a public key and a secret key. By collating, the public key and the private key are collated.

This is, for example, a simple operation of the ID file 47.
In the case where the public key is compared with the public key of the database 41, if a hacker requests authentication for access to the database 41 using the public key, it becomes difficult to find the hacker.

However, in the authentication processing of this embodiment, since the authentication is performed using the secret key of the ID file 4 owned by Mr. A, it is possible to find a hacker who attempts to access the database 41 using the public key. it can.

In step A7, the computer 10
Sets the authentication flag “0 (false)” and sets the
Information indicating that Mr. A's public key 43-2A does not match the secret key 47-4 of Mr. A's ID file 47, for example, a message such as "Access to the database has been denied because the key does not match." Display device 11 or printing device 1
The display is output to Mr. A via 3 and the process is terminated.

On the other hand, in step A6, the computer 10 uses the matching means 68 as authentication data
The authentication flag “1 (true)” is set, and the access control list 44 is extracted from the database 41 via the communication network 2 or the CPU bus 16 by the transmission / reception unit 50 and the access control list extraction unit 70.

Then, the computer 10 stores the retrieved access control list 44 in the work area 32 of the RAM 19, and then retrieves the access right 71 of Mr. A from the access control list 44 of the work area 32 by the setting means 72. The value corresponding to the level of the access right 71 is stored in the work area 32 (step A8).

As a result, the value of the authentication flag becomes "1 (true)" only when Mr. A is exactly the same as Mr. A stored in the database 41. Also, in the work area 32 in the RAM 19 of the computer 10, if the authentication of the database 41 of Mr. A is successful (step A5 →
Only in “match”, a value corresponding to the level of the access right 71 of Mr. A is stored.

FIG. 13 is a flowchart showing in detail the procedure of the encryption key processing (step M2-3) in FIG.

Referring to FIG. 13, the computer 10 determines whether or not the authentication flag “1 (true)” is set (step E1). If the result of this determination is “0 (false)”,
The computer 10 performs an error process such as an error message display process via the display device 11 or the printing device 13 (step E2), and ends the process.

On the other hand, if the result of determination in step E1 is that the authentication flag “1 (true)” has been set, the computer 10
Is transmitted via the communication network 2 or the CPU bus 16 by the transmission / reception unit 50 and the key extracting means 80.
Obtain the encryption encryption key 43-4A of the database 41 encrypted with the public key of Mr. A from the database 41 placed on the other client server or the own client,
The data is stored in the work area 32 in the RAM 19 (step E3).

Next, the computer 10 executes step A
RAM acquired from the ID file 47 by the process of 3
Mr. A's private key 47A stored in the 19 work areas 32
4, the encryption key 43-4A of the database 41 encrypted with the public key of Mr. A is decrypted, and the encryption key 81 of the database 41, that is, the encrypted record of the database 41 is decrypted. Alternatively, an encryption key 81 capable of encrypting the decrypted record again is obtained, and the obtained encryption key 81 is stored in the work area 32 of the RAM 19 or the data storage unit 31 of the hard disk device 28 (step E4).

As a result, the encryption key of the database 41 is obtained only when the authentication of Mr. A has been correctly performed (the authentication flag is “1 (true)”). Based computer 10
When the operation is continued, it is stored in the RAM 19, the hard disk device 28, or the like, and the encryption key itself is invisible to anyone.

FIG. 14 is a flowchart showing in detail the procedure of the database access process (steps M3A and M3B) in FIG.

As shown in FIG.
Is the access control list 44 by the processing of step A8.
It is determined whether or not Mr. A has an access right that is equal to or greater than the reader right based on the access right 71 extracted from (step D1).

According to the process in step D1, if Mr. A does not have authority over the reader authority for the database 41, the computer 10 sets the display device 11 and the printing device 1
Through step 3, error processing including error message display output processing such as "you cannot read the record because you do not have authority beyond the reader authority" is performed (step D2), and the processing ends.

On the other hand, if it is determined in step D1 that Mr. A has authority over the reader authority for the database 41, the computer 10 executes the communication network 2 or the CPU bus The database list is extracted from the database 41 via the display 16 and displayed on the display screen of the display device 11.

At this time, when Mr. A operates the input device 12 and designates a database record to be displayed or edited from the displayed database list, the computer 10 causes the transmission / reception section 50 and the record extracting means 91 to operate. With the above processing, the encrypted designated database record 90 in the database body 45 of the database 41 is extracted via the communication network 2 or the CPU bus 2 and the extracted designated encrypted database record is stored in the work area 32 of the RAM 19 ( Step D3).

Next, the computer 10 decrypts the stored encrypted database record 90 by using the encryption key 81 of the database 41 extracted by the processing in step E4, and generates a database record 92 (step D4).

Then, based on the access right 71, the computer 10 determines whether or not Mr. A has an access right higher than the editor right (step D5).

As a result of the processing in step D5, if Mr. A does not have authority over the editor authority for the database 41, the computer 10 sends the decrypted database record 9
2 is displayed on the display screen of the display device 11 (step D).
6).

On the other hand, if it is determined in step D5 that Mr. A has at least editorial authority over the database 41, the computer 10 causes the database display / editing means 94 to display the decrypted database record 92 on the display device. 11 and updates the database records 92 displayed on the display screen while sequentially editing them based on Mr. A's operation of the input device 12.
When his editing work is completed, the edited database record (updated database record) 92A is stored in RAM.
The data is stored in the work area 32 (step D7).

Then, before writing the updated database record 92A in the database 41, the computer 10 performs the same editing authority determination processing as in step D5 (step D8). If there is no authority higher than the editor authority, the computer 10 sends the record via the display device 11 or the printing device 13 such as "You cannot write a record because you do not have the authority higher than the editor authority". An error process including an error message display output process is performed (step D9), and the process ends.

On the other hand, if it is determined in step D8 that Mr. A has at least editorial authority over the database 41, the computer 10 uses the encryption means 95 to update the updated database record 92A at step E8.
The encryption is performed using the database encryption key 91 obtained in step 4 (step D10).

Next, the computer 10 writes the database record list information in a database list (not shown) (step D11), and transmits the encrypted database record 92B encrypted in the process of step D10 to the transmission / reception unit 50 and the record document. By the processing of the loading means 96,
Via the communication network 2 or the CPU bus 16, the data is written in the database main body 45 of the database 41 placed in another client / server or its own client (step D12).

On the other hand, in the database access processing in steps D1 to D12 described above, the computer 10 performs the database addition processing shown in FIG. 15 as necessary.

That is, based on the access right 71 extracted from the access control list 44 by the process of step A8, the computer 10 determines whether or not Mr. A has an access right higher than the database creator right (step D20). ).

According to the process in step D20, if Mr. A does not have the right to create the database 41 with respect to the database 41, the computer 10 sets the display device 1
1 and the printer 13 to perform an error process including an error message display output process such as "You cannot create a record because you do not have database creation authority" (step D21), and terminate the process. .

On the other hand, according to the process of step D21, when Mr. A has more authority than the creation authority for the database 41, he operates the input device 12 to newly add it on the display screen of the display device 11. Enter the information that you want to add as a database record.

The computer 10 edits and creates a new database record 92C based on the input record information by the database display / editing means 94A, and stores the created new database record 92C in the RAM.
The data is stored in the work area 32 (step D22).

Next, the computer 10 encrypts the new database record 92C using the encryption key 81 of the database 41 extracted by the processing of step E4, and generates an encrypted database record 92D (step D23).

The computer 10 writes the database record list information in a database list (not shown) (step D24), and transmits the encrypted database record 92D encrypted in the process of step D13 to the transmitting / receiving unit 50 and the record document. By the processing of the loading means 96,
Via the communication network 2 or the CPU bus 16, the data is written in the database main body 45 of the database 41 placed in another client / server or its own client (step D25).

In the database access process of the computer 10 described above, the database record 92, the updated database record 92A and the new database record 92C of the database 41 are stored in the work area 32 in the RAM 19 of the client computer 10 in the original non-encrypted state. It is stored as data and is transmitted from the own client computer 10 to the outside (other client / server) via the communication network 2 and from outside to the own client computer 10 via the communication network 2. Are the database record 92, the updated database record 92A, and the new database record 92A.
C has been encrypted as encrypted database records 90, 92B and 92D, respectively, with the database encryption key 81.

As described above, the database sharing system 1 according to the present embodiment, and the clients (computers) 3 to 5 constituting the database sharing system 1
According to the storage medium storing the database 41 and the database 41 and the ID file 47 readable by the
A user who has the right to use the database 41 can be correctly authenticated, and the database 41 can be shared securely.

That is, a database encryption key encrypted with the public key of each user is stored in the database 41, and each user has an individual secret key and a public key based on his own user. Since the user has the ID file 47 stored separately, the user without the authority to use the database cannot obtain the database encryption key without using the secret key of the corresponding user.
Database 41 for users without database usage authority
Can be denied access to

Further, according to the present embodiment, the secret key for each user is stored in the ID file 47 (storage medium) for each user instead of the database 41.
Eliminate the worry of secret keys being stolen from the database 41,
The reliability of the database sharing system 1 can be greatly improved.

Further, according to the present embodiment, since the authentication process regarding whether or not the user has the database access right is performed using the public key stored in the database 41 itself, the public key for each user is transmitted to the client or the like. No need to save.

That is, a user who has the authority to use the database 41 can access the database 4 even if his or her public key is not stored in a client other than the client itself.
1 can obtain its own public key, and can easily access the database 41 via another client using the obtained public key.

Therefore, it is not necessary for each client to have the access right to the database 41 and to manage the public keys of all users who can use the client.

According to the present embodiment, even if an unauthorized user or a hacker who does not have the database access authority performs the falsification of decrypting the format of the database 41 and replacing the public key, the database encryption is not performed. Not the key, but an encrypted encryption key in which the database encryption key is encrypted with the public key is stored, and the value of the database encryption key cannot be obtained from the database 41. The database encryption key encrypted with the public key cannot be falsified, and the confidentiality of the database 41 can be kept high.

Further, in this embodiment, since the database encryption key is encrypted with the public key of each user and stored in the database 41 as the encryption encryption key, the security can be secured by a plurality of users without providing a database server. Database 41 can be used.

In particular, according to the present embodiment, data such as keys and database records communicated on the communication network 2 is encrypted or its validity can be confirmed. Even if a transmission packet is captured by a hacker or the like on the communication network 2, the confidentiality of the communication data itself and the database 41 can be maintained high.

Further, according to the present embodiment, each user using each client can access the database 41 without inputting a user ID, so that a plurality of clients (a plurality of users) can access the database 41. The database can be used securely. That is,
Only a specific user having an access right can access the database 41, and furthermore, the anonymity of the accessing user can be ensured.
1 can be protected.

According to the present embodiment, a program (database sharing system program 34) relating to the basic functions of the database related to database sharing is stored in each client computer, and the database 41
Database control program 46 related to the unique processing of
Can be stored in the database 41 itself separately from the database sharing system program 34, so that the management of the database 41 can be facilitated.

The database sharing system program 34 can be stored in the database 41 together with the database control program 46, and the database control program 46 can be stored in each client together with the database sharing system program 34. It is also possible to keep.

In particular, in the authentication processing of this embodiment, since the random number is encrypted with the user's public key and decrypted with the secret key of the corresponding ID file, even if the database format is decrypted and the public key is replaced. The replacement can be found, and the security of the authentication can be improved.

In particular, according to the encryption key processing of the present embodiment, for example, data transmitted and received via the communication network 2 is a database encryption encryption key encrypted with the public key of each user. Even when a hacker or the like supplements the transmission / reception packet on the network 2, the confidentiality of the transmission / reception data itself and the database 41 can be maintained high.

Further, according to the encryption key processing of the present embodiment, since the secret key can be passed directly from the user ID file to the client computer 10 without passing through the transmission / reception unit 50, there is no possibility that the secret key is stolen. Confidentiality can be kept high.

According to the database access processing of the present embodiment, in the database sharing system 1 constructed by connecting the own client computer to the own client computer from the other client / server on which the database 41 is placed by the communication network 2, Even when database records are communicated via the network 2, the communication network 2 is configured to communicate encrypted database records on the communication network 2.
Even when a communication packet is captured by a hacker or the like on the communication network 2, the confidentiality of the communication packet itself of the database record and the entire database 41 can be maintained high.

(Second Embodiment) FIG. 16 shows a database sharing system 1A according to a second embodiment of the present invention.
It is a block diagram showing each function of client 3A.
The same components as those in the drawings described above are denoted by the same reference numerals, and description thereof will be omitted or simplified.

As shown in FIG. 16, the client 3A of Mr. A
8, an address book 100 stored in the storage medium of the external storage device 14, a public key requesting unit 101 for requesting the public key of another user to the corresponding client, A public key return unit 102 for returning the public key of the client user, and registering the user's access authority to the database 41A /
And a user access control unit 103 for deletion.

The other clients 4A and 5A (not shown) have the same functional block configuration as the client 3A.

FIG. 17 is a diagram conceptually showing a schematic structure of address book 100.

As shown in FIG. 17, the address book 100 has a mail address 100-1A of the user A, a name 100-2A of the user A, and an affiliation 100 of the user A.
-3A and the public key 100-4A of the user A. Similarly, 100-1B, 100-2B, 100-
3B, 100-4B is the mail address for Mr. B,
Name, affiliation, and public key. Illustration of the user C is omitted.

In this embodiment, it is assumed that the user B has not been registered in the database 41A (at least the encryption key and the access authority have not been registered).

FIG. 18 is a block diagram showing each function of the public key requesting unit 101 of the client 3A according to the present embodiment. Note that, in FIG. 18, components having the same reference numerals as those in the above-described drawings indicate the same components.

As shown in FIG. 18, the public key requesting unit 101
Is the mail address 11 of another client (for example, the client 4 of the user B) input by the user A.
, A key request mail 112 is created based on the
0, the key request mail creating means 113 for transmitting the key request mail to the corresponding mail address (other client) via the communication network 2 and the mail address destination (other client) to the communication network 2
Public key extracting means 115 for extracting a public key 116 based on a reply mail 114 transmitted via the transmitting / receiving unit 50 and received via the transmission / reception unit 50, and an address book editor for editing the address book 100 based on the extracted public key 116 Means 1
17 are provided.

FIG. 19 is a block diagram showing each function of the public key reply unit 102 of the client 3A according to the present embodiment. In FIG. 19, components having the same reference numerals as those in the above-mentioned drawings indicate the same components.

[0147] The public key replying unit 102 is composed of a mail decrypting unit 120 for decrypting the key request mail 112 transmitted from the public key requesting unit 101 of the other client via the communication network 2 and received and processed by the transmitting / receiving unit 50. Public key reply mail creating means 122 for creating a public key reply mail 114 based on the decrypted key request mail.

FIG. 20 is a block diagram showing each function of the user access control unit 103 of the client 3A according to the present embodiment. In FIG. 20, components having the same reference numerals as those in the above-mentioned drawings indicate the same components.

As shown in FIG. 20, the user access control unit 103 includes a public key acquiring unit 130 for acquiring the public key of another user of the other client from the address book 100, and a database using the acquired public key of the other user. Encryption key 8
Encrypting means 131 for generating an encrypted encryption key 132 by encrypting the encrypted encryption key 13 of another user;
An access control writing unit 133 for writing 2 as an encryption key of another user in the database 41A, and an access control list editing unit 134 for editing the contents of the access control list 44 of the database 41A.

Next, the overall operation of the database sharing system 1A according to the present embodiment will be described, for example, the process of registering the access authority of the user B from the client 3A of the user A.

The user A stores the public key 100 of the user B in the address book 100 placed on the client 3A.
When requesting the public key of user B in a state where -4B is not stored, the mail address 100-1B of user B is input to computer 10 of client 3A via input device 12. Instead of directly inputting, the user A may select and input the mail address 100-1B of the user B from the address book 100.

At this time, the computer 10 of the client 3A requests the key request mail creating means 113 of the public key request unit 101 to request Mr. B's public key 116 (= 100-4B) in accordance with a predetermined format. Of the key request mail 112 (FIG. 21; Step S)
1) By the processing of the transmission / reception unit 50, the created key request mail 112 is transmitted to the client 4A of the user B corresponding to the mail address 100-1B via the mail server and the communication network 2 (not shown) (step S2). .

The computer 10 of the client 4A
From a plurality of e-mails received via the transmission / reception unit 10 of the own computer 10, the e-mail decryption unit 120
Only the key request mail 112 is identified and its contents are decrypted (FIG. 22; step T1), and the contents of the request (public key 10
0-4B request), the public key generation means 122 attaches the corresponding public key 100-4B of Mr. B to the mail to create a reply mail 114 (step T2), and sends and receives the created reply mail 114. By the processing of the unit 50, the request mail is returned to the client 3A as the request mail transmission source via the mail server and the communication network 2 (not shown) (step T3).

The computer 10 of the client 3A
Based on the reply mail 114 returned via the communication network 2 and received via the transmission / reception unit 50, Mr. B's public key 116 (= 100
-4B) is extracted by the public key extracting means 115, and the extracted public key 100-4B is stored in the work area 32 of the RAM 19.
(Step S3).

Then, the computer 10 of the client 3A writes the public key 100-4B of Mr. B stored in the work area 32 into the address book 100 by the address book editing means 117 (step S4).

Next, based on the public key 100-4B of B, the computer 10 of the client 3A transmits the database encryption key 43-4B of B and the access authority encrypted with the public key 100-4B. When Mr. B registers in the unregistered database 41A, the public key extracting means 130 reads the user B from the address book 100.
Take out his public key 100-4B (step S5),
Using the extracted public key 100-4B, the encryption unit 1
31 encrypts the database encryption key 81 to generate Mr. B's database encryption encryption key 132 (= 43-4B) (step S6).

Next, the computer 10 uses its access control list editing means 134 to
The access control list 44 stored in the work area 32 of the RAM 19 of A is taken out, and the list 44 is edited so that Mr. B's access right becomes a predetermined right (step S7).

The computer 10 transmits the edited access authority and the generated database encryption encryption key 43-4B of Mr. B to the communication network 2 or the CPU by the transmission / reception unit 50 and the access control writing means 133. The database 4 placed in another client / server or its own client via the bus 16
1A, the above-mentioned Mr. B is registered in the database 41A, and the process is terminated (step S8).

The computer 10 is stored in the database 41 located in another client / server or its own client via the communication network 2 or the CPU bus 16 by the transmission / reception unit 50 and the access control writing means 133. By deleting the database encryption key of the predetermined user, the access authority of the predetermined user to the database 41 can be deleted.

As described above, according to the present embodiment,
For example, the user A of the client 3A does not issue the database encryption key 81 from the client 3A, and encrypts the database of another user B who is not registered in the database 41A with the database 41 via the client 3A. Since the user can be registered in the database 41A of the user B by setting the encryption key and the access authority, respectively, the user B who does not have the access authority (unregistered) of the database 41A can also be registered in the database 41A. Can be accessed.

In particular, by transmitting an encrypted database encryption key instead of transmitting the database encryption key 81 directly via the communication network 2, the database 41 can be exchanged between the users A and B.
A can be securely shared.

Further, according to the present embodiment, the user A automatically registers the public key of the other user B who wants to be registered in the database 41A in the address book 100 of the client 3A, and registers the public key. Based on the public key of the user B, the database encryption key of the user B can be obtained.

Further, according to the present embodiment, the public key request mail is automatically identified from the plurality of mails transmitted from the client 3A of the user A, and based on the identified public key request mail, the public key request mail of the user A is identified. A reply mail including the public key can be automatically created and returned to the requester, User A.

In the present embodiment, the process of registering the access right of the user B from the client 3A of the user A has been described. However, the access right of the other user C can be registered. Mr. C's client 4
Other user access authority registration from A and 5A is also possible.

(Third Embodiment) FIG. 23 is a diagram conceptually showing a schematic structure of a database 41B according to a third embodiment of the present invention. The same components as those in FIG. 3 are denoted by the same reference numerals, and the description thereof will be omitted or simplified.

As shown in FIG. 23, the database 41B according to the present embodiment includes a database ID 41, authentication information 43B of a user A who is a database administrator (user having administrator authority), and an access control list 44.
, A database body 45, and a database control program 46.

As shown in FIG. 23, the authentication information 43B of the administrator A includes the ID 43B-1A of the administrator A stored in the database 41B in advance and the database 41B.
B's public key 43B-2A stored in B;
The encrypted random number 43 encrypted with the public key of the administrator A
B-3A and an encryption key 43B-4A by the administrator A stored in the database 41B in advance.

FIG. 24 is a block diagram showing each function of the client 3B of the database sharing system 1B according to the present embodiment. The same components as those in the drawings described above are denoted by the same reference numerals, and description thereof will be omitted or simplified.

As shown in FIG. 24, the client 3B of Mr. A
8 with reference to the ticket 140 stored in the data storage unit 31 or the storage medium of the external storage device 14 and the ID file 47 stored in the hard disk device 28 of the own client or the storage medium of the external storage device 14, for example. Authenticates whether the user has the access right of the client,
The authentication unit 51B that authenticates the contents of the access authority of the authenticated user with reference to the ticket 140 and the key extracting unit 80B extract the encryption key corresponding to the authenticated user from the ticket 140 instead of from the database 41. And an encryption key processing unit 52B for processing
Key extraction and extraction means 8 in the encryption key processing unit 52B
The functions other than the function 0B are the same as the functions of the encryption key processing unit 52 shown in FIG.

The other clients 4B and 5B (not shown) have the same functional block configuration as the client 3B.

FIG. 25 is a diagram conceptually showing the schematic structure of the ticket 140. As shown in FIG.

As shown in FIG. 25, the ticket 140
Information 14 on the administrator (Mr. A) of the database 41B
0A and information 14 regarding the user of the database 41B (user having access authority less than the administrator authority) B
0B and information 140C relating to an access route to the database 41B.

The manager information 140A includes the mail address 140-1A of the manager A and the ID 140-
2A, the name 140-3A of the administrator A, the affiliation 140-4A of the administrator A, and the public key 140-4 of the administrator A
A.

The user information 140B contains the administrator information 140
Similarly to A, the mail address 140-1 of the user B
B, B ID 140-2B, B name 140-3B, B
It has a member affiliation 140-4B and a Mr. B public key 140-5B.

Then, the user information 140B is stored in the encrypted encryption key 140-B encrypted with the public key 140-5B of Mr. B.
6B, and an access level 140-7B for the database 41B of Mr. B encrypted with the secret key of the manager A. Illustration of the user C is omitted.

FIG. 26 is a block diagram showing each function of the authentication unit 51B of the database sharing system 1B according to the present embodiment. In FIG. 26, the same components as those in FIG. 6 are denoted by the same reference numerals.

As shown in FIG. 26, the key extracting means 60B in the authentication section 51B outputs the public key 1 corresponding to the user (for example, Mr. B) authenticated by the fingerprint reader 15.
40-5B is taken out from the ticket 140.

Then, the key extracting means 65B of the authentication section 51B extracts the secret key 47-4 of the corresponding user from the B-person ID file 47 corresponding to the user B authenticated by the fingerprint reader 15. I have.

Further, in the present embodiment, the authentication unit 51
B obtains the public key 140-
Key extracting means 60C for extracting 5A and ticket 14
0, an access level extracting means 150 for extracting the access level 140-7B of the administrator B encrypted with the secret key 47-4 of the administrator A, and the encrypted access level 140-B of the administrator B
7B using the public key 140-5A of the administrator A extracted by the key extracting unit 60C, and the access control list 44 extracted from the database 41B by the access control list extracting unit 70. And the collation means 152 for collating the access level of Mr. B with the decrypted access level of Mr. B, and the access right setting means 72B responds based on the verification result of the authentication data 69 and the collation means 152. The access right 71 of the user B is set.

Next, the overall operation of the database sharing system 1B according to the present embodiment will be described, for example, a process of accessing the database 41B from the client 4B of the user B.

The user B operates the input device 12 to activate the database sharing system program 34 on the client 4B, and the login process of the user B is performed (see step M1 in FIG. 10 described above). Then, the database 41B is opened, that is, the own client 4B is connected to the database 41B (FIG. 1).
0; see step M2A).

Next, the computer 10 in the client 4B of the user B operates in accordance with the database control program 46 of the database 41B.
Based on the information of the ticket 140, the user authenticates whether or not he has what access authority level to the database 41B, and according to the authenticated access authority level of the user B, the database body 45 of the database 41B. To perform a record browsing process, a record editing process, a new record creation process, etc. of the database body 45 based on the instruction of the user B (see FIG. 10; step M2A).

Also in the present embodiment, the database open processing (steps M2A and M2B) is performed as shown in FIG.
This is the same as Step M2-1 to Step M2-3 of the first embodiment. In the present embodiment, the authentication process of Step M2-2 in the database open process is different from that of the first embodiment.

That is, the computer 10 of the client 4B obtains the public key 140-5 of Mr. B from the ticket 140.
B is extracted by the key extraction means 60B, and RA
It is stored in the work area 32 of M19 and the data storage unit 31 of the hard disk device 28 (FIG. 27; step U1).

Next, the computer 10 randomizes the extracted public key 140-5B of Mr. B and the secret key of the Mr. B ID file 47 stored in the client 4B, and collates the results. In this case, the authentication flag "1 (true)" is set (see FIG. 12; steps A2 to A6).

Subsequently, the computer 10 of the client 4B obtains, from the ticket 140, the access level 140-7B of the own user B encrypted with the secret key of the administrator A.
It is taken out and stored in the work area 32 of the RAM 19. At this time, the access level 140-7B of Mr. B
No one can falsify or alter the access level because it is encrypted with his secret key.

Then, the computer 10 stores the ticket 1
Take out public key 140-5A of administrator A from 40 and
The data is stored in the work area 32 of the AM 19 (step U2), and is decrypted by the decryption means 151 into the encryption access level 1
40-7B is decrypted using the public key 140-5A of the administrator A, and the decrypted access level 140-
7B1 is stored in the work area of the RAM 19 (step U
3).

On the other hand, the computer 10
0, the access path 140 to the database 41B
C, location where database 41B is stored (own client or other client / server)
The access path 140C is read, and the transmission / reception unit 50 and the access control list extraction unit 70 pass the communication path 2 or the CPU bus 16 and the own client or the other client in which the database 41B exists, according to the read access path 140C. Access the server and its database 41
B is retrieved from B (step U)
4).

Then, the computer 10 stores the retrieved access control list 44 in the work area 32 of the RAM 19, and then checks the decrypted access level of Mr. B and the access control retrieved from the database 41 B by the collating means 152. The access level is compared with Mr. B's access level in the list 44 (step U5).

As a result of the comparison, if the decrypted access level of Mr. B does not match the access level of Mr. B retrieved from the database 41B, the computer 10 sets the access level of Mr. B in the database 41B to the ticket. Information indicating that the access level does not match the access level of Mr. 140, for example, an error message such as “Access to the database was denied because the access level does not match” is displayed via the display device 11 or the printing device 13. Is displayed on the screen and the process is terminated (step U).
6).

On the other hand, as a result of the above collation, the decrypted access level of Mr. B matches the access level of Mr. B retrieved from the database 41B, and the authentication flag in step A6 is set to “1 (true). ) ", The setting means 72B sets the access right 71 of the user B according to the matched access level (step U7).

Thereafter, as in the first embodiment, an encryption key process M2-3 in the database open process and a database access process are performed, and based on the set access right 71, access to Mr. B's database 41B is made. Done.

As described above, according to the present embodiment,
The database 41B and the ticket 140 can authenticate an accessor to the correct database 41B.

That is, since the user B has the ticket 140 in which the database encryption key encrypted with his / her own public key is stored, the user who does not have the authority to use the database can use the corresponding user B If the secret key is not used, the database encryption key cannot be decrypted to obtain the database encryption key, and access to the database 41B by a user without the authority to use the database can be denied.

Further, according to the present embodiment, the secret key for each user is stored in the ID file 47 (storage medium) for each user instead of the database 41B, so that the secret key is stolen from the database 41B. It is possible to eliminate the worry and greatly improve the reliability of the database sharing system 1B.

Further, according to this embodiment, even if the ticket 140 owned by the user B is lost or the ticket 140 is stolen, an unauthorized user other than the owner uses the ticket 140 even if the ticket 140 is stolen. Therefore, the confidentiality of the database 41B can be kept high.

According to the present embodiment, even if an unauthorized user, hacker, or the like who does not have the database access authority performs the falsification of replacing the public key by decrypting the format of the database 41B.
Since the value of the database encryption key cannot be obtained from B, the unauthorized user, hacker, etc. cannot falsify the database encryption key encrypted with the public key,
The confidentiality of the database 41B can be kept high.

Further, in this embodiment, since the database encryption key is encrypted with the public key of each user and stored in the ticket 140 as the encryption encryption key, the security can be secured by a plurality of users without providing a database server. Database 41B can be used.

In particular, according to the present embodiment, data such as keys and database records communicated on the communication network 2 is encrypted or its validity can be confirmed. Even if a transmission packet is captured by a hacker or the like on the communication device 2, the confidentiality of the communication data itself and the database 41B can be maintained high.

Further, according to the present embodiment, each user using each client can access the database 41B without inputting a user ID, so that the database can be stored between a plurality of clients (a plurality of users). Can be used securely. That is, only a specific user having an access right can access the database 41 while securing the anonymity, so that the privacy of the user can be protected.

In particular, according to the present embodiment, the ticket 14
Since the authentication process relating to the database access authority of the user is performed using the public key stored in 0, it is not necessary to store the public key for each user in the client or the like.

In the authentication process of this embodiment, the random number is encrypted with the user's public key and decrypted with the secret key of the corresponding ID file. Therefore, the database format is decrypted and the public key is replaced. However, the replacement can be found, and the security of the authentication can be improved.

Then, according to the present invention, the ticket 140
Since the database access path is stored in the client, the client who wants to access the database 41B can refer to the access path of the ticket 140 and can quickly and easily access the database 41B according to the access path, thereby improving the database access efficiency. it can.

In the present embodiment, the database access processing from the client 4B of the user B has been described, but the access processing of the other user C is also performed in the same manner. The administrator is Mr. A, but other users B
Mr and C may be managers.

In each of the above-described embodiments, as the authentication processing of the authentication unit, a random number is generated by the random number generation means 62 and encrypted with the user's public key, and the encrypted random number is decrypted with the user's secret key. However, the present invention is not limited to this, and random numbers encrypted with the user's public key may be stored in the databases 41 and 41B from the beginning.

In each of the above embodiments,
The user ID, the user's public key, and the user's encryption key are stored in advance in the databases 41, 41A, and 41B as user authentication information. However, the present invention is not limited to this. The public key and the user's encryption key are stored in the database,
The user ID may be configured to be obtained from an ID file or a ticket.

In each of the above-described embodiments, the database bodies (database records) are encrypted and stored in the databases 41 and 41B. However, the present invention is not limited to this, and only authentication is performed. It is also possible to perform access control on the database body 45 by using the above method.

Further, the data stored in the database body 45, that is, the data stored in the databases 41 and 41B may be any form of data, and needless to say, may be any form of data such as text data, audio data, video data, and programs. No.

[0209]

As described above, according to the present invention, a database can be securely shared by a plurality of computers (a plurality of users) without using a database server. Since the user can access the database, the database utilization efficiency of the user can be greatly improved.

Further, according to the present invention, since the data transmitted between the computers sharing the database is encrypted or only its validity can be confirmed, the data transmitted during the data communication between the shared computers can be confirmed. Even if communication data is captured by hackers, etc., the confidentiality of the data itself and the database can be kept high, so not only on the company's secure intranet, but also on telephone lines and the Internet etc. Via this, communication between the database sharing computers can be performed securely.

Further, according to the present invention, a program for accessing the database can be stored in the database, and a program based on processing unique to the database can be stored in the database. It can be done easily.

In particular, according to the present invention, since a plurality of users can securely access the database without inputting their respective user IDs, only specific users registered in advance can secure their anonymity. While accessing the database, privacy of each user can be protected.

[Brief description of the drawings]

FIG. 1 is a diagram showing an overall configuration of a database sharing system 1 according to each embodiment of the present invention.

FIG. 2 is a block diagram showing a hardware configuration of each client in the database sharing system 1.

FIG. 3 is a diagram conceptually showing a schematic structure of a database according to the first embodiment of the present invention.

FIG. 4 is a diagram conceptually showing a schematic structure of a user ID file of, for example, a user A according to the first embodiment.

FIG. 5 is a block diagram showing each function of each client of the database sharing system according to the first embodiment.

FIG. 6 is a block diagram showing each function of an authentication unit of the database sharing system according to the first embodiment.

FIG. 7 is a block diagram showing each function of an encryption key processing unit of the database sharing system according to the first embodiment.

FIG. 8 is a block diagram showing each function of a database processing unit of the database sharing system according to the first embodiment.

FIG. 9 is a block diagram showing a record addition processing function in a database processing unit of the database sharing system according to the first embodiment.

FIG. 10 is an exemplary flowchart for explaining an example of an overall database access process of the database sharing system according to the first embodiment;

11 is a schematic flowchart for explaining an example of a database open process in FIG.

FIG. 12 is a flowchart showing details of the procedure of the authentication process in FIG. 11;

FIG. 13 is a flowchart showing details of the encryption key processing procedure in FIG. 12;

FIG. 14 is a flowchart showing details of a database access process in FIG. 10;

FIG. 15 is an exemplary flowchart for explaining the procedure of a database addition process in the database access process shown in FIG. 14;

FIG. 16 is a diagram conceptually showing a schematic structure of a database according to the second embodiment of the present invention.

FIG. 17 is a diagram conceptually showing a schematic structure of the address book shown in FIG. 16;

FIG. 18 is a block diagram showing functions of a public key request unit of a client according to the second embodiment.

FIG. 19 is a block diagram showing each function of a public key reply unit of the client according to the second embodiment.

FIG. 20 is a block diagram showing each function of a user access control unit of a client according to the second embodiment.

FIG. 21 is a diagram illustrating a user B from a client of a user A in the database sharing system according to the second embodiment;
9 is a schematic flowchart illustrating an example of a Mr. access right registration process.

FIG. 22 shows a user B from a client of a user A in the database sharing system according to the second embodiment.
9 is a schematic flowchart illustrating an example of a Mr. access right registration process.

FIG. 23 is a diagram conceptually showing a schematic structure of a database according to a third embodiment of the present invention.

FIG. 24 is a block diagram showing each function of a client of the database sharing system according to the third embodiment.

FIG. 25 is a view conceptually showing a schematic structure of the ticket shown in FIG. 24;

FIG. 26 is a block diagram showing each function of an authentication unit of the database sharing system according to the third embodiment.

FIG. 27 is a schematic flowchart showing an example of a database access process from a client of a user B in the database sharing system according to the third embodiment.

[Explanation of symbols]

DESCRIPTION OF SYMBOLS 1, 1A, 1B Database sharing system 2 Network 3-5, 3A-5A, 3B-5B Computer (client) 10 Computer main body 11 Display device 12 Input device 14 External storage device 15 Fingerprint reader 17 CPU 18 ROM 19 RAM 28 Hard disk drive 29 Communication device 41, 41A, 41B Database 43-1A to 43-1C User A to C ID 43-2A to 43-2C User A to C public key 43-4A to 43-4C User Mr. A to Mr. C's encryption keys 44 Access control list 45 Database body 46 Database control program 47 ID file 47-1 ID 47-2 Name 47-3 Login password 47-4 Private key 47-5, 116 Public key 50 Transceiver 51, 51B Authentication unit 52, 52B Encryption key processing unit 53 Database processing unit 60, 60B, 60C, 65 Key extraction unit 61, 67 Random number 62 Random number generation unit 63 Encrypted random number 64, 95, 131 Encryption unit 66, 82, 93, 151 Decryption means 68, 152 collation means 69 authentication data 70 access control list extraction means 71 access right 72, 72B access right setting means 80 key extraction means 81 database encryption key 90 encryption database record 91 record extraction means 92 database record 92A update database Record 92B Encrypted database record 92C Additional database record 94, 94A Database display / editing means 96, 96A Record writing means 100 Address book 100-1A to 100-1B, 140-1A to 140-
1B E-mail addresses of Mr. A and Mr. B 100-4A-100-4B, 140-5A-140-
5B Public keys of Mrs. A and B 101 Public key request unit 102 Public key reply unit 103 User access control unit 112 Key request mail 113 Key request mail creation unit 114 Reply mail 115, 130 Public key extraction unit 117 Address book editing unit 120 E-mail decryption means 122 Public key reply mail creation means 130 Public key extraction means 132 Encrypted encryption key 133 Access control writing means 134 Access control list editing means 140 Ticket 140-2A-140-2B ID of A-B 140- 6B B's encryption key 140-7B B's access level 140C Access route to database 150 Access right level extraction means

Claims (17)

[Claims] 1. A computer-readable storage medium storing a database, the database comprising: an encrypted stored data body;
The IDs of a plurality of users having access authority to the database, the public keys of the plurality of users, and the encryption keys corresponding to the encrypted stored data bodies are obtained by encrypting with the public keys of the plurality of users. A storage medium having a structure for holding at least the public key and database access information including the encryption key among the encryption keys. 2. The database according to claim 1, further comprising at least one of an ID of the database, access authority information indicating an access authority of each of the plurality of users to the database, and an access program to the database. The storage medium according to claim 1, wherein 3. A database sharing system for sharing a database among a plurality of computers, a first storage unit for storing the database according to claim 1 or 2, correspondence between the user ID and the user. A second storage unit for storing login information to a computer to be executed, user authentication information including a public key of the user and a secret key corresponding to the public key of the user, and a database access request input from the user. Whether the user has access to the database based on the database access information of the database stored in the first storage means and the user authentication information stored in the second storage means Authentication means for authenticating the database, and the authentication means allows the user to access the database. Means for obtaining an encryption key corresponding to the encrypted stored data body based on the database access information of the database and the user authentication information when it is determined that the user has the authority; and Access means for accessing the stored data body based on an encryption key corresponding to the encrypted stored data body. 4. The database according to claim 2, wherein the authentication unit extracts a user's public key from the database, and outputs the random number to the public key. Encryption means for encrypting, a decryption means for extracting a secret key of the user from the user authentication information, and decrypting a random number encrypted by the encryption means, and an original random number before the encryption. Collation means for collating with the decrypted random number to determine whether or not they match;
When it is determined that they match, the user is determined to have the access right to the database, and the access right corresponding to the user is determined based on the access right information of the database. 4. The database sharing system according to claim 3, further comprising setting means for setting. 5. The encryption key acquisition unit, when it is determined that the passwords match, by the comparison unit, extracts the encryption key of the user from the database;
Extracting the secret key of the user from the user authentication information,
5. The apparatus according to claim 4, further comprising: means for decrypting a corresponding user's encrypted encryption key with the extracted user's secret key and obtaining an encryption key corresponding to the encrypted stored data body. Database sharing system. 6. An access unit for extracting an encrypted record from the encrypted stored data body in the database, and decrypting the extracted encrypted record using an encryption key corresponding to the stored data body. Decoding means, and display means for displaying at least one of the decrypted record and the new record,
Editing means for editing at least one of the decrypted record and the new record displayed by the display means; and an encryption key corresponding to the stored data body by using at least one of the edited decrypted record and the new record. And means for writing at least one of an encrypted decryption record and a new record into the encrypted stored data body in the database. 5. The database sharing system according to 5. 7. A database sharing system for sharing a database between a plurality of computers, comprising: an encrypted stored data body; a user ID registered as a user in the database; a public key of the user; A database having at least database access information including the public key and the encryption key among the encryption keys obtained by encrypting the encryption key corresponding to the encrypted stored data body with the user's public key. Storage means for storing IDs of a plurality of users having access authority to the database, login information of the plurality of users to corresponding computers,
A second storage unit configured to store user authentication information including a public key of the plurality of users and a secret key corresponding to the public key of the plurality of users; and an e-mail address for the plurality of users and the computer; Address information storage means for respectively storing address information including a public key, wherein each of the computers has a shortage of public keys of other computer users who are not registered in the database in the address information storage means. A public key requesting means for requesting the computer for a public key of the other computer user based on the mail address of the other computer user, and a corresponding other computer in response to a public key request from the other computer The user's public key to the second
A public key returning means for reading out and returning from the user authentication information of the storage means of the other computer user, and an encryption encryption key of the other computer user encrypted based on the returned public key of the other computer user and the other computer user Registering means for editing the database based on the set access authority and registering the other computer user in the database. 8. The public key requesting unit includes: a mail creating unit that creates a mail requesting a public key of the other computer user based on an email address of another computer user; A key request mail transmitting unit for transmitting to a computer, and a public key writing unit for writing a public key of the other computer user returned from the other computer into the address information storage unit. 7. The database sharing system according to 7. 9. The public key reply means decodes whether or not the mail transmitted from the other computer is a key request mail, and if the decryption results in a public key request mail,
Reply mail creation means for creating a reply mail by reading the public key of the other computer user corresponding to the key request mail from the second storage means and attaching the read mail to the mail, and sending the created reply mail to the public key request 9. The database sharing system according to claim 8, further comprising: mail reply means for replying to another computer of the mail transmission source. 10. The registration means, comprising: an extraction means for extracting a public key of the other computer user attached to a reply mail returned from the mail reply means; and a public key of the extracted other computer user, Encryption means for encrypting an encryption key corresponding to the encrypted stored data body to generate an encryption encryption key, and setting for setting an access right corresponding to the other computer user based on access right information of the database Means, and writing means for registering the other computer user in the database by writing the generated encryption key of the other computer user and the set access right of the other computer user in the database. The database sharing system according to claim 9, wherein: 11. A computer-readable storage medium storing a database, the database comprising: an encrypted stored data body;
Among the encrypted encryption key obtained by encrypting the ID of the administrator who manages the database, the public key of the administrator, and the encryption key corresponding to the encrypted stored data body with the public key of the administrator. , A storage medium having at least the database access information including the public key and the encryption key. 12. The database, wherein the database has at least one of an ID of the database, access authority information including an access authority level of a user of the database to the database, and a program for accessing the database. The storage medium according to claim 11, wherein 13. A computer-readable storage medium storing ticket information for database access, wherein the ticket information includes a mail address of the database administrator, an ID of the administrator, and a public key of the administrator. The administrator information, the mail address of the database user, the user ID, an encrypted encryption key obtained by encrypting the encryption key corresponding to the encrypted database storage data with the user's public key, and the administrator's A storage medium comprising: user information including an encrypted access authority level of the user to the database encrypted by a public key; and access path information to the database. 14. A database sharing system for sharing a database between a plurality of computers, wherein the first storage means stores the database according to claim 11 or 12, and the ticket information according to claim 13. A second storage unit for storing user ID, login information to the computer corresponding to the user, user authentication information including the user's public key, and a secret key corresponding to the user's public key. And the user based on the ticket information stored in the second storage and the user authentication information stored in the third storage in response to a database access request transmitted from the user. An authentication means for authenticating whether or not the user has an access right to the database; Means for obtaining an encryption key corresponding to the encrypted stored data body when it is determined that the user has an access right to the database; An access unit for accessing the stored data body based on an encryption key. 15. The database according to claim 12, wherein said database stored in said first storage means is a database according to claim 12, and said authentication means is a random number generation means for generating a random number, and said user is disclosed from said ticket information. Encryption means for extracting a key, encrypting the random number with the public key, and decrypting means for extracting the user's secret key from the user authentication information and decrypting the random number encrypted by the encryption means; First collating means for collating the original random number before encryption with the decrypted random number to determine whether or not they match each other, and extracting the encrypted access authority level of the user from the ticket information Means, a public key extracting means for extracting the public key of the administrator from the ticket information, and a public key of the administrator for the extracted encrypted access authority level. Decoding means for acquiring access authorization level of the user with more decoded, means takes out the access authority information to retrieve the access authority information of the user from the database stored in the first storage means,
A second checking unit that checks the access right level of the user obtained by the decryption and the access right level of the user in the access right information, and the first checking unit and the second checking unit. 15. The database sharing system according to claim 14, further comprising a setting unit configured to set an access right corresponding to the access right level of the user when it is determined that they match. 16. A database sharing method for sharing a database among a plurality of computers, the method comprising: storing the database according to claim 1 or 2; Storing login information, user authentication information including the user's public key and a secret key corresponding to the user's public key, and accessing the stored database in response to a database access request sent from the user Authenticating, based on the information and the stored user authentication information, whether the user has access authority to the database; and the authentication step allows the user to have access authority to the database. When it is determined that the database Obtaining an encryption key corresponding to the encrypted stored data body based on the database access information and the user authentication information; and storing the stored data based on the obtained encrypted key corresponding to the encrypted stored data body. And a step of accessing the main body. 17. A computer-readable storage medium for sharing a database among a plurality of computers used by a plurality of users, wherein the database according to claim 1 or 2 is stored in at least one of the plurality of computers. Means for storing the user's ID in the own computer, login information to the computer corresponding to the user, user's public key, and user authentication information including a private key corresponding to the user's public key; Means for storing the information in its own computer by at least one of the computers, and database access information and the user authentication information of the database in response to a database access request input to the user's computer from at least one user. Based on the user Means for authenticating by the user use computer whether or not the user has access to the database, and when it is determined that the user has access to the database by this authentication, Means for causing the computer used by the user to obtain an encryption key corresponding to the encrypted stored data body based on the database access information and the user authentication information of the database, and corresponding to the obtained encrypted stored data body. Means for allowing the computer used by the user to access the stored data body based on an encryption key.