JP2018022351A - External storage device, encryption processing method, encryption processing program, and storage medium with encryption processing program stored thereon - Google Patents

Abstract

PROBLEM TO BE SOLVED: To improve convenience in file encryption and decryption. An encryption processing program displays on a display unit of an electronic device a processing window including a plurality of attachment areas for sending a file to be encrypted, and an encryption operation in any of the attachment areas. When a file to be encrypted is sent, the input window for user input of authentication information by the authentication information input method that is predetermined for each pasting area is displayed on the display unit, and the user input of authentication information is displayed. Accepting process, generating a private key from user's input of authentication information, encrypting a file sent to any of the multiple attachment areas using the private key, and authenticating to the encrypted file after encryption Executing the process of assigning an identifier that can identify the information input method and the process of storing the encrypted file in the external storage device to the external storage device To. [Selection diagram] Figure 2

Description

  The present invention relates to an external storage device, a cryptographic processing method, a cryptographic processing program, and a storage medium storing a cryptographic processing program.

  In Cited Document 1, a file encryption operation is realized by an intuitive operation such as drag and drop for an icon that mimics a safe. Further, the file encryption / encryption is automatically performed from a password for user authentication. It is disclosed that encryption is performed by generating an encryption key used for decryption. In the technique of Patent Document 1, an encryption key is used by using an arbitrary number input by a user when creating an encryption folder for storing an encrypted file and a password used for authentication when the user accesses the encryption folder. Create

JP 09-204330 A

  There are various authentication methods for user authentication, such as password input, pattern input, NFC, and biometric authentication. However, the technique of Patent Document 1 has a problem that it cannot support a plurality of authentication methods, and file encryption and In decryption, convenience was bad.

  In order to achieve the above-described problems, the present invention can be implemented as the following modes.

(1) According to one aspect of the present invention, an external storage device connected to an electronic device is provided. The external storage device stores an encryption processing program, and the encryption processing program is activated when the external storage device is activated on the OS of the electronic device in a state where the external storage device is connected to the electronic device. A process for displaying a processing window including a plurality of pasting areas for sending a file to be encrypted to the display unit and a file to be encrypted are sent to one of the plurality of pasting areas. A process of displaying an input window for performing user input of authentication information by a predetermined authentication information input method for each pasting area on the display unit, and receiving the user input of the authentication information; and the authentication information Generating a secret key from the user input and encrypting a file sent to one of the plurality of pasting areas using the secret key. And performing processing for assigning an identifier capable of identifying the authentication information input method to the encrypted file after encryption and processing for storing the encrypted file in the external storage device in the electronic device Let
According to this aspect, since the authentication information input method can be selected depending on which paste area the user sends the file to, the convenience in file encryption can be improved.

(2) The encryption processing apparatus according to the above aspect, which has a device identifier for identifying the external storage device, and the encryption processing program executes the device identifier before processing for displaying the processing window. If the device identifier is predetermined, the processing window is displayed. If the device identifier is not predetermined, the encryption is performed without displaying the processing window. Processing for terminating the processing program may be executed by the external storage device.
According to this aspect, even if the cryptographic processing program is illegally copied, the cryptographic processing program is terminated only when a regular external storage device is connected, and therefore the cryptographic processing cannot be executed. As a result, unauthorized copy diffusion can be suppressed.

(3) The encryption processing apparatus according to the above aspect, wherein the encryption processing program further includes the encryption when the encrypted file encrypted by the encryption processing program is sent in the processing window. Regardless of whether or not the position where the file was sent corresponds to the pasting area where the file was sent when the encrypted file was created, the authentication information input method is based on the identifier of the encrypted file. A process for identifying and receiving a user input of the authentication information according to the specified authentication information input method, a process of generating the secret key from the user input of the authentication information, and the encryption using the secret key A process for decrypting a file and a process for storing a decrypted file obtained by decrypting the encrypted file in the external storage device may be executed by the electronic device. There.
According to this aspect, since the user does not need to consider which attachment area the file is sent to at the time of decryption, the convenience in decrypting the encrypted file can be improved.

(4) In the encryption processing apparatus according to the above aspect, when a plurality of files are sent to one of the plurality of pasting areas, the encryption processing program includes: (ai) of the plurality of files When the first file determined according to a predetermined rule is a file that is not encrypted by the encryption processing program, user input of the authentication information by an authentication information input method predetermined for each pasting area A process of generating the secret key from a user input of the authentication information and executing the encryption of the first file using the secret key; (a-ii) the first of the plurality of files For each file other than the above file, if the file is not encrypted by the encryption processing program, the (ai) A process that encrypts the file using the same secret key that is used in the process, and does not execute encryption or decryption when the file is an encrypted file encrypted by the encryption processing program; (Bi) When the first file is an encrypted file encrypted by the encryption processing program, user input of the authentication information by an authentication information input method predetermined for each pasting area is performed. Receiving, generating the secret key from user input of the authentication information, and decrypting the first file using the secret key; (b-ii) the first file of the plurality of files For each file other than the above, if the file is an encrypted file encrypted by the encryption processing program, the above (bi) A process that decrypts the file using the same secret key used in the process, and does not encrypt or decrypt the file if the file is not a file encrypted by the encryption processing program; , May be executed by the electronic device.
According to this aspect, when the process of the first file is an encryption process, an unencrypted file sent at the same time can be encrypted, and when the process of the first file is a decryption process, the file is sent simultaneously. Since the encrypted file thus obtained can be decrypted, the convenience in encrypting and decrypting a plurality of files can be improved.

(5) The encryption processing apparatus according to the above aspect, wherein the encryption processing program forms the plurality of pasted areas so that each of the plurality of pasted areas has a plurality of small areas that can be identified with the naked eye. And when the file to be encrypted is sent to any one of the plurality of small areas, the encryption strength varies depending on the small area to which the file to be encrypted is sent. And processing for generating the secret key according to the encryption method.
Generally, if the encryption strength is increased, the processing time for encryption and decryption takes longer. According to this mode, the user can select or determine whether the processing time is required but the encryption strength is increased, or the encryption strength is weak but the processing time is shortened. Can be improved.

(6) The encryption processing apparatus according to the above aspect, wherein the plurality of pasting areas partially overlap, and the cryptographic processing program includes N overlapping areas (N is an integer of 2 or more) overlapping each other. A process of accepting user input of N pieces of authentication information by N pieces of authentication information input methods corresponding to the N pieces of pasted areas when the file to be encrypted is sent to an overlapping portion of And processing for generating one of the secret keys from the user input of the authentication information.
According to this aspect, since user input is performed using a plurality of authentication information input methods, security in file encryption can be improved.

(7) The encryption processing apparatus according to the above aspect, wherein the encryption processing program obtains a file size of a file sent to any one of the plurality of pasting areas, and the file size is predetermined. If the size is greater than or equal to the size, before the user input of the authentication information by the authentication information input method is accepted, a message indicating that the encryption or decryption process cannot be executed is displayed and the encryption or decryption process is stopped. Processing for accepting consent may be executed by the electronic device, and if the consent is obtained, the processing may be stopped by the electronic device.
According to this form, when the file size is large and encryption / decryption takes time, a message indicating that the encryption / decryption process cannot be executed is displayed, and the process of encryption / decryption is canceled with the user's consent. Therefore, the convenience in encryption and decryption can be improved rather than starting and stopping the encryption or decryption process.

(8) In the encryption processing device according to the above aspect, the file is sent to the pasting area. (I) After the file is copied or cut, the file is pasted to the pasting area. Or (2) The file may be dragged and dropped and dropped in the pasting area.
According to this aspect, since the user may copy and paste (copy and paste) the file or drag and drop the file, the convenience of the user can be improved.

  The present invention can be realized in various forms. For example, in addition to an external storage device, an encryption processing device, an encryption processing method, an encryption processing program, a storage medium storing the encryption processing program, encryption It can be realized in the form of a user interface for processing.

Explanatory drawing which shows the external storage device of 1st Embodiment, and an electronic device. The operation | movement flowchart in 1st Embodiment. An example of the screen displayed on the display part of an electronic device when a user starts a cryptographic processing program. Explanatory drawing which shows an example of the drag and drop to the 1st drop area of the file which is not encrypted. An example of the input screen of the 1st authentication information input method displayed by step S160. An example of the input screen of the 2nd authentication information input method displayed by step S180. An example of the screen displayed on the display part after an encryption process. Explanatory drawing which shows an example of drag and drop of an encryption file. An example of the screen displayed on the display part after a decoding process. Explanatory drawing which shows the external storage device of 2nd Embodiment, and an electronic device. The operation | movement flowchart in 2nd Embodiment. The operation | movement flowchart in 3rd Embodiment. Explanatory drawing which shows an example of the drag and drop to the 1st drop area | region of the some file in 3rd Embodiment. An example of the screen displayed on the display part after the process of the encryption or the decoding of 3rd Embodiment. Explanatory drawing which shows an example of the drag and drop to the 1st drop area | region of the some file in 3rd Embodiment. An example of the screen displayed on the display part after the process of the encryption or the decoding of 3rd Embodiment. Explanatory drawing which shows an example of the drag and drop to the 1st drop area of the folder in 3rd Embodiment. An example of a screen displayed on the display unit after encryption or decryption processing when a folder is dropped. An example of the screen displayed on a display part when the encryption processing program in 4th Embodiment is started. An example of the screen displayed on a display part when the encryption processing program in 5th Embodiment is started. The operation | movement flowchart in 5th Embodiment. Explanatory drawing which shows the external storage device of 6th Embodiment, and an electronic device. The operation | movement flowchart in 6th Embodiment.

First embodiment:
FIG. 1 is an explanatory diagram illustrating an external storage device 100 and an electronic device 200 according to the first embodiment. The electronic device 200 is a device to which the external storage device 100 can be connected, and includes, for example, a computer, a tablet terminal, and a smart phone. The electronic device 200 includes a CPU 210, a storage unit 220, an input unit 230, a display unit 240, an interface 260 (also referred to as “I / F 260”), and a connector 270. The storage unit 220 stores an operating system 225 (referred to as “OS225”). The OS 225 is basic software for using the electronic device 200. The input unit 230 is a device for receiving input from a user. As the input unit 230, for example, a keyboard, a mouse, a trackball, a tablet, or the like can be used. The display unit 240 is a display device for displaying information to the user. In addition, you may comprise the display part 240 as an input part and display part which also serves as an input part by comprising the display part 240 with a touch panel etc. FIG. However, even in this case, the input unit 230 may be provided separately. The connector 270 is a connector for connecting the external storage device 100. As the connector 270, for example, a USB connector (“USB” is a registered trademark), an IEEE 1394 connector, or a memory card connector can be used. The connector 270 is preferably a hot-plug connector. The hot plug refers to a function that allows the connector (the connector 170 of the external storage device 100) connected to the connector 270 to be inserted / removed without turning off the power of the electronic device 200. In the first embodiment, the electronic device 200 and the external storage device 100 are connected by wire using the connectors 270 and 170, but may be connected wirelessly. In this case, a wireless connection device may be provided instead of the connector 270 or together with the connector 270. The connector 270 is connected to the CPU 210 via the interface 260.

  The external storage device 100 is a device that is connected to the electronic device 200 by a USB connector, an IEEE1394 connector, or a memory card connector. For example, a hard disk that is connected by USB or IEEE1394, an SSD that is connected by USB or IEEE1394, or a USB memory In addition, memory cards such as an SD card, a compact flash (registered trademark), and a memory stick (registered trademark) are included. The external storage device 100 includes a control unit 110, a storage unit 120, an interface 160, and a connector 170. The storage unit 120 includes an encryption processing program 130 and a storage folder 150.

  The cryptographic processing program 130 is a program executed by the CPU 210 of the electronic device 200, and includes a processing window forming unit 132, an authentication information input unit 134, a file determination unit 136, a secret key generation unit 138, and an encryption processing unit. 140 and a decryption processing unit 142. The processing window forming unit 132 displays a processing window including a plurality of drop areas in which a file to be encrypted is dragged and dropped on the display unit 240 of the electronic device 200. The drop area is an attachment area to which files are sent.

  When the file is dropped into any of a plurality of drop areas, the authentication information input unit 134 displays an authentication information input window based on an authentication information input method that is predetermined according to the drop area, on the display unit 240 of the electronic device 200. To display. Thereafter, the user input of the authentication information input in the authentication information input window is accepted. Note that the user inputs the authentication information to the authentication information input window using the input unit 230 of the electronic device 200.

  The file determination unit 136 determines whether the file dropped in the drop area is an encrypted file encrypted by the encryption processing program 130. In the first embodiment, when the file dropped in the drop area is an encrypted file encrypted by the encryption processing program 130, the encryption processing program 130 performs a decryption process instead of an encryption process. Because. The file determination unit 136 performs this determination based on, for example, the file extension. Therefore, when the file name is changed such that the extension is changed after encryption, the file is encrypted twice. Also, even when encrypted by a cryptographic processing program other than the cryptographic processing program 130, if the extension is different, the encryption is performed in the same manner. If the extension of the unencrypted file is changed and has the same extension as that of the encrypted file encrypted by the encryption processing program 130, the encryption processing program 130 executes the decryption process. try to. However, in this case, since the authentication information input method and the secret key do not match, the file is not decrypted.

  The secret key generation unit 138 generates a secret key based on the user input of the authentication information input in the authentication information input window. Therefore, when the user input of the authentication information input to the authentication information input window is the same, the same secret key is generated. It is preferable that the secret key cannot be taken out to the outside. The encryption processing unit 140 performs processing for encrypting the file using the secret key. The decryption processing unit 142 performs a process of decrypting the encrypted file using the secret key.

  The storage folder 150 is a folder for storing an encrypted file that has been encrypted. In the first embodiment, the storage folder 150 is created at the top of the folder hierarchy of the storage unit 120 of the external storage device 100 (also referred to as “root folder”). However, the storage folder 150 may not be created in the root folder as long as it is in the storage unit 120 of the external storage device 100. In the initial setting, the external storage device 100 is configured so that the location of the storage folder 150 is the root folder of the storage unit 120 of the external storage device 100, and then the user can change the location of the storage folder 150 to an arbitrary location. It is good also as a structure. Even in this case, the storage folder 150 is preferably created in the storage unit 120 of the external storage device 100. The decrypted file is also stored in the storage folder 150.

  The connector 170 is a connector corresponding to the connector 270 of the electronic device 200. A wireless connection device may be provided instead of the connector 170. In this case, the external storage device 100 is wirelessly connected to the electronic device 200. The connector 170 is connected to the control unit 110 via the interface 160.

  FIG. 2 is an operation flowchart in the first embodiment. In step S <b> 100, the user connects the external storage device 100 to the electronic device 200. In step S110, the user activates the cryptographic processing program 130 (see FIG. 1) stored in the storage unit 120 of the external storage device 100. In step S <b> 120, the processing window forming unit 132 forms a processing window on the display unit 240 of the electronic device 200.

  FIG. 3 is an example of a screen displayed on the display unit 240 of the electronic device 200 when the user activates the cryptographic processing program 130. In FIG. 3, a processing window 300, a window 400 showing a document folder, and a window 500 showing the structure of folders and files stored in the storage unit 120 of the external storage device 100 are displayed on the display unit 240.

  The windows 400 and 500 are displayed on the display unit 240 when the user performs a predetermined operation on the OS 225. In the window 400, child folders and files included in the document folder are displayed. The document folder is a folder used by the user of the first embodiment for storing files. However, since the folder and drive used to store the file differ depending on the user, the folder used by the user for storing the file is not necessarily a document folder. In the window 500, an icon 5150 indicating the storage folder 150 and an icon 5130 indicating the cryptographic processing program 130 of the external storage device 100 are displayed. In the present embodiment, the cryptographic processing program 130 is crypt. The file name is “exe”, and the storage folder 150 is a folder name “SecureLockMobile2”. The names of the cryptographic processing program 130 and the storage folder 150 are examples, and other names may be used. When the user selects and starts the encryption processing program 130 (crypt.exe) in the window 500, the processing window 300 is displayed.

  The processing window 300 includes a first drop area 310, a second drop area 320, and a status bar 330. In the first drop area 310 and the second drop area 320, a file or folder to be encrypted or decrypted, specifically, an icon corresponding to the file or folder is dragged and dropped ("drag and drop" (" It is abbreviated as “drag and drop”) or simply “drop”.) The first drop area 310 and the second drop area 320 are preferably displayed in different colors or different tile patterns in order to distinguish the areas. When a non-encrypted file encrypted by the cryptographic processing program 130 is dropped in the first drop area 310, user input of authentication information by the first authentication information input method (password method) is performed, and the second drop area 320 When a file that is not an encrypted file encrypted by the encryption processing program 130 is dropped, authentication information is input by the second authentication information input method (pattern method). In the example shown in FIG. 3, an image pattern 311 composed of an asterisk indicating that the password method is used is displayed in the first drop area 310, and 3 × 3 indicating that the pattern method is used in the second drop area 320. An image pattern 321 consisting of the nine dots is displayed. Display of the image patterns 311 and 321 is preferable in that the user can intuitively determine the authentication information input method. Note that the image patterns 311 and 321 are examples, and may be image patterns other than the image patterns shown in FIG. 3 as long as the user can intuitively determine the authentication information input method. Further, the processing window forming unit 132 may not display the image patterns 311 and 321 in the drop areas 310 and 320. In the status bar 330, a path 340 to the storage folder 150 is displayed. When the location of the storage folder 150 is fixed to any of the storage units 120, the path 340 may not be displayed, and the status bar 330 may not be provided.

  In step S130 of FIG. 2, the user drags and drops a file or folder to be encrypted or decrypted, specifically an icon corresponding to the file or folder, into the first drop area 310 or the second drop area 320. In step S140, the file determination unit 136 determines whether or not the dropped file is an encrypted file encrypted by the encryption processing program. As described above, the file determination unit 136 performs this determination based on the file extension. If the dropped file is not an encrypted file encrypted by the encryption processing program, for example, if it is a plain text file, the process proceeds to step S150, and if it is an encrypted file encrypted by the encryption processing program 130, The process proceeds to step S220.

  Step S150 includes steps S155 to S210, and a process for encrypting the file is performed. In step S155, the authentication information input unit 134 determines whether the area where the file is dropped is the first drop area 310 (FIG. 3). If the authentication information input unit 134 determines that the area where the file is dropped is the first drop area 310, the authentication information input unit 134 proceeds to step S160 and determines that the area where the file is dropped is not the first drop area 310. In that case, the process proceeds to step S170.

  FIG. 4 is an explanatory diagram showing an example of drag and drop of an unencrypted file to the first drop area 310. Here, as an example, the user selects pic02. An example of dropping a jpg icon in the first drop area 310 is shown. In step S160, the authentication information input unit 134 (FIG. 1) displays an authentication information input window (first authentication information input window) corresponding to the first drop region 310 on the display unit 240 of the electronic device 200, and authenticates from the user. Accept user input of information.

  FIG. 5 is an example of an input screen for the first authentication information input method displayed in step S160. In FIG. 5, in addition to the windows 300, 400, 500 shown in FIG. 3, a first authentication information input window 600 is displayed. In the first authentication information input window 600, an identification information input unit 610, a completion button 620, and a clear button 630 are displayed. For example, the user inputs identification information to the identification information input unit 610 from the input unit 230 (FIG. 1) of the electronic device 200. After the input of the identification information, the user presses a completion button 620 (for example, clicks with a mouse) to confirm and complete the user input of the identification information (also simply referred to as “user input”). The clear button 630 is a button for clearing the input content input to the identification information input unit 610 before pressing the completion button 620 to confirm the user input of the identification information. In this case, the user redoes the user input to the identification information input unit 610. When the input unit 230 has a keyboard, it is possible to correct the user input of the identification information in units of characters using the Del key or BS key of the keyboard.

  In step S170 of FIG. 2, the authentication information input unit 134 determines whether the area where the file is dropped is the second drop area 320 (FIG. 3). If it is determined that the area where the file is dropped is the second drop area 320, the process proceeds to step S180, and if it is determined that the area where the file is dropped is not the second drop area 320, the process ends. To do. As an example in which the file is not dropped in either the first drop area 310 or the second drop area 320, there is a case where the file is dragged and dropped onto the status bar 330, for example. In step S180, the authentication information input unit 134 (FIG. 1) displays an authentication information input window (second authentication information input window) corresponding to the second drop area 320 on the display unit 240 of the electronic device 200, and authenticates from the user. Accept user input of information.

  FIG. 6 is an example of an input screen for the second authentication information input method displayed in step S180. FIG. 6 is a screen displayed on the display unit 240 (FIG. 1) when the file is dropped on the second drop area 320 instead of the first drop area 310 in FIG. In FIG. 6, in addition to the windows 300, 400, 500 shown in FIG. 3, a second authentication information input window 700 is displayed. In the second authentication information input window 700, an identification information input unit 710, a completion button 720, and a clear button 730 are displayed. In the present embodiment, the identification information input unit 710 has nine points of 3 × 3 in length and breadth, and user input of the identification information is performed according to how these nine points are selected. In the example shown in FIG. 6, the points are selected in the order of (upper right) → (middle right) → (lower right) → (middle lower) → (middle left).

  In step S190 of FIG. 2, the secret key generation unit 138 generates a secret key from the user input of authentication information. In step S200, the encryption processing unit 140 performs encryption processing on the dropped file using a secret key, and an identifier indicating which authentication information input method is used in the encrypted file after encryption. Give. Note that the encryption processing unit 140 preferably assigns the hash value of the secret key to the encrypted file. The hash value of the secret key is a value calculated from a secret key by a predetermined calculation formula, and has a smaller number of bits than the number of bits of the secret key. The same hash value can be obtained from the same secret key, but if the secret key is slightly different, the hash value is different. Since the calculation of the hash value is an irreversible calculation including a loss of information amount, it is impossible to calculate the original secret key from the hash value.

  In step S210, the encrypted file is stored in the storage folder 150 of the external storage device 100. The encryption processing unit 140 executes storage of the encrypted file in the storage folder 150. If there is already a file having the same file name in the storage folder 150, the encryption processing unit 140 saves it with another name.

  FIG. 7 is an example of a screen displayed on the display unit after the encryption process. Comparing FIG. 3 and FIG. 7, in FIG. 7, pic02. jpg. It can be seen that an encrypted file called bufenc is formed. The encrypted file has a character string “.bufenc” added as an extension at the end of the original file name “pic02.jpg” before being encrypted. The file determination unit 136 can determine whether or not the file is an encrypted file encrypted by the encryption processing program 130 based on the presence or absence of the extension “.bufenc”. In addition, since the original file name is included in the preceding stage of the file name, the user can easily recognize what the original file was from the file name. Note that the character string with the extension “.bufenc” is an example, and may be another character string. If there is already a file having the same file name in the storage folder 150, the encryption processing unit 140 saves it with an alias.

  FIG. 8 is an explanatory diagram showing an example of drag and drop of an encrypted file. Here, stub.stored in SecureLockMobile2, which is the storage folder 150 (FIG. 1). doc. The case where the icon of the encrypted file named bufenc is dragged and dropped into the first drop area 310 will be described as an example.

  In step S140 of FIG. 2, the file determination unit 136 determines whether the file dropped in the first drop area 310 is a file encrypted by the cryptographic processing program 130, based on the extension of the dropped file. In the example shown in FIG. 8, since the dropped file has the extension “.bufenc”, the file determination unit 136 determines that the file is encrypted by the encryption processing program 130, and the process proceeds to step S220. Transition.

  Step S220 includes steps S225 to S280, and a process of decoding the file is performed. In step S225, the authentication information input unit 134 specifies the authentication information input method for which the authentication information for encryption has been input for the encrypted file. As described in step S200, the encrypted file is given an identifier indicating which authentication information input method is used. Therefore, the authentication information input unit 134 can specify which authentication information input method is used to input the authentication information for encryption using this identifier. The authentication information input unit 134 is an identifier indicating whether or not the authentication information input method is used, and the authentication information input method can be specified. Therefore, the authentication information input unit 134 includes files in the first drop area 310 and the second drop area 320. It is not necessary to determine to which of them has been dropped. Even when the file is dropped on the status bar 330, the authentication information input unit 134 can use this identifier to specify which authentication information input method is used to input the authentication information for encryption.

  In step S230, the authentication information input unit 134 displays an authentication information input window (the first authentication information input window 600 in FIG. 5 or the second authentication information input window 700 in FIG. 6) based on the specified authentication information input method on the display unit 240. (FIG. 1), and prompts the user to input authentication information. In step S240, the secret key generation unit 138 generates a secret key based on the user input. In step S250, the decryption processing unit 142 determines whether the generated secret key is correct. The correct private key means that the encrypted file can be decrypted with the private key. Whether or not the generated secret key is correct can be determined based on whether or not the hash value of the secret key stored in the encrypted file matches the hash value of the secret key generated in step S240. If the hash values match, the decryption processing unit 142 determines that the encrypted secret file is a correct secret key that can be decrypted. If the generated secret key is correct, the process proceeds to step S260, and the decryption processing unit 142 performs decryption processing on the encrypted file. In step S270, the decrypted file is stored in the storage folder 150 of the external storage device 100. The decryption processing unit 142 stores the decrypted file. When a file having the same file name already exists in the folder for storing the decrypted file, the decryption processing unit 142 stores the file with another name. If the private key is not correct in step S250, the decryption processing unit 142 proceeds to step S280, and displays, for example, an error message indicating that the user input is not correct and cannot be decrypted on the display unit 240 of the electronic device 200. .

  FIG. 9 is an example of a screen displayed on the display unit after the decryption process. Comparing FIG. 8 and FIG. 9, in FIG. 9, stuv. doc is generated. The file name “stub.doc” of this plaintext file is deleted from the encrypted file “stub.doc.bufenc” with the extension “.bufenc” indicating that it is an encrypted file by the encryption processing program 130. File name.

  As described above, according to the first embodiment, the cryptographic processing program 130 has a plurality of drop areas (the first drop area 310 and the second drop area) for dropping a file to be encrypted on the display unit 240 of the electronic device 200. A processing window 300 including a drop area 320) is displayed. After that, when a file to be encrypted is dropped in any of the plurality of drop areas 310 and 320, an input window for performing user input of authentication information by a predetermined authentication information input method for each drop area Is displayed on the display unit 240, and user input of authentication information is accepted. Therefore, since the authentication information input method can be selected depending on which drop area the user drops the file, the convenience in file encryption can be improved. In addition, the user need only remember the word or pattern entered by the user, and does not need to be aware of secret key generation or secret key management. In this respect as well, the convenience in the process of encrypting the file is improved. Can do.

  In the present embodiment, the encrypted encrypted file is stored in the external storage device 100. This assumes that the external storage device 100 storing the encrypted file is taken out to the destination and decrypted at the destination. In other words, it is always time to decrypt an encrypted file. At this time, if the cryptographic processing program 130 and the encrypted file are stored in the same external storage device 100, the external storage device 100 can be connected to the destination electronic device for decryption.

  According to the first embodiment, when the encryption file encrypted by the encryption processing program 130 is dropped in the processing window 300, the encryption processing program 130 indicates the position where the encryption file is dropped. Regardless of whether the file before encryption when the encrypted file is created corresponds to the dropped area (first drop area 310 or second drop area 320), it is stored in the encrypted file. The authentication information input method is specified based on the identified identifier, the process of accepting the user input of the authentication information according to the specified authentication information input method, the process of generating the secret key from the user input, and the secret key Since the electronic device executes the process of decrypting the encrypted file, the process of decrypting the encrypted file Kicking it is possible to improve the convenience.

  In the first embodiment, since the encryption processing program 130 includes the encryption processing unit 140 and the decryption processing unit 142, both encryption processing and decryption processing can be executed. Here, the encryption processing program 130 may be configured to include only the encryption processing unit 140 or only the decryption processing unit 142. In this case, the cryptographic processing program 130 can execute only the encryption processing or only the decryption processing.

Second embodiment:
FIG. 10 is an explanatory diagram illustrating the external storage device 102 and the electronic device 200 according to the second embodiment. Compared with the external storage device 100 of the first embodiment, the external storage device 102 of the second embodiment is provided with a device identifier 180, and the cryptographic processing program 130 further includes a device identification unit 144. The point is different. The device identifier 180 is an identification mark for identifying the external storage device 102. The device identifier preferably includes, for example, either a VID (vendor ID) or a vendor name. The vendor ID is a code given from a specific organization for each company or company that manufactured the external storage device 102. When the external storage device 102 is a USB device, the VID is issued from the USB Implementers Forum. The vendor name is the name of the company or company that manufactured the external storage device 102. The illustrated VID (vendor ID) and vendor name are examples of a device identifier, and the device identifier is not limited to the VID (vendor ID) and the vendor name as long as it is a code that can identify the device. The device identification unit 144 acquires the device identifier 180 from the external storage device 102 and determines whether or not the device identifier 180 is legitimate.

  FIG. 11 is an operation flowchart in the second embodiment. Compared with the operation flowchart in the first embodiment shown in FIG. 2, it further differs in that it includes steps S112, S114, and S118, but the other steps are the same. In FIG. 11, steps S120 to S140, step S150 (encryption), and step S220 (decryption) in FIG. 2 are illustrated and simplified as step S116. Hereinafter, differences from the operation flowchart shown in FIG. 2 will be described.

  In step S112, the device identification unit 144 acquires the device identifier 180 of the external storage device 102. In step S114, the device identification unit 144 determines whether or not the device identifier 180 matches a predetermined list of device identifiers. If they match, the device identifier 180 and the external storage device 102 are authentic, and the cryptographic processing program 130 proceeds to step S116 and executes steps S120 to S140 in FIG. Depending on the determination result, encryption (step S150) or decryption (step S220) is executed. That is, the operations after step S120 are the same as the operations in the first embodiment. On the other hand, if the device identifiers do not match in step S114, the device identifier 180 and the external storage device 102 are not authentic, so the cryptographic processing program 130 proceeds to step S118 and displays the processing window 300 (FIG. 3). Quit the program without

  According to the second embodiment, even if the cryptographic processing program 130 is illegally copied, the device identifier 180 does not match unless the legitimate external storage device 102 is connected, so the cryptographic processing program ends, Encryption processing and decryption processing cannot be executed. That is, the meaning of creating an unauthorized copy is lost, and the spread of unauthorized copies can be suppressed.

  In the present embodiment, the secret key cannot be generated from the user input unless the cryptographic processing program 130 can be activated. Here, when the encrypted file is sent by e-mail or the like, for example, if the user who receives the encrypted file decrypts the authorized external storage device 102 is not connected to the electronic device 200, the encryption processing program 130 It cannot be activated and a private key cannot be generated from user input. In this case, in order to decrypt the encrypted file into a plain text file, it is necessary to decrypt the secret key. However, in general, it takes an enormous amount of time to decrypt the secret key. In the present embodiment, the processing environment in the process of decrypting the file is limited by determining whether the device identifier 180 matches. Therefore, when the device identifier 180 matches, the user can easily decrypt the encrypted file by performing user input. However, when the device identifier 180 does not match, the encryption processing program 130 does not start. The user cannot perform user input and cannot easily decrypt the encrypted file. As a result, security can be increased. That is, it is possible to improve both user convenience and security.

Third embodiment:
FIG. 12 is an operation flowchart according to the third embodiment. In the first and second embodiments, an example in which one file is dragged and dropped in the drop area is described. In the third embodiment, two or more files are selected and dragged and dropped in the drop area. explain. Note that the configuration of the external storage device in the third embodiment is the same as the configuration of the external storage device 100 in the first embodiment. However, the configuration of the external storage device in the third embodiment may be the same as the configuration of the external storage device 102 in the second embodiment.

  In the third embodiment, first, the processing of steps S100 to S130 described in FIG. 2 is executed. If the configuration of the external storage device is the same as that of the external storage device 102 in the second embodiment, steps S112, S114, and S118 are executed as described with reference to FIG.

  In step S300, it is determined whether the number of files dragged and dropped into the drop area is 2 or more. If the number of dropped files is 2 or more, the cryptographic processing program 130 proceeds to step S310. If the number of dropped files is not two or more, that is, one, the cryptographic processing program 130 proceeds to step S305, and performs encryption in accordance with step S140 shown in FIG. 2 and the result (step S150). ) Or decryption (step S220). The processing in this case is the same as in the first embodiment. In step S310, the cryptographic processing program 130 acquires the file processing order from the OS 225. The file processing order may differ depending on the OS, but as an example, the first file is the file pointed to by the cursor at the start of dragging, and the second and subsequent files are in alphabetical order.

  In step S320, the cryptographic processing program 130 executes step S140 shown in FIG. 2 for the first file and encryption (step S150) or decryption (step S220) according to the result. After step S330, the second and subsequent files are selected and processed in order. In step S330, the file determination unit 136 determines whether the processing target file is an encrypted file from the extension of the processing target file. If the file to be processed is not an encrypted file, the process proceeds to step S340. If the file to be processed is an encrypted file, the process proceeds to step S360.

  In step S340, it is determined whether or not the process for the first file in step S320 is a process for encrypting the file. This determination is made by setting a flag if the process for the first file is a process for encrypting the file, and lowering the flag if the process is not an encryption process, that is, a process for decrypting the file. It can be easily determined depending on whether it is down or down. This determination may be performed by either the encryption processing unit 140 that encrypts the second and subsequent files or the decryption processing unit 142 that performs the decryption. If the first process is the process of encrypting the file in step S340, the process proceeds to step S350.

  In step S350, the encryption processing unit 140 encrypts the file to be processed with the secret key used in the process of encrypting the first file, and stores it in the storage folder 150 (FIG. 1). On the other hand, if it is determined in step S340 that the first process is not a process for encrypting a file (a process for decrypting a file), the process proceeds to step S395. In this case, neither processing for encrypting nor decrypting the file is performed on the target file. In step S395, it is determined whether or not all files have been processed. This determination may be performed, for example, by either the encryption processing unit 140 or the decryption processing unit 142 that performs decryption. If all the files have not been processed, the process returns to step S330. If all the files have been processed, the process ends.

  If the file to be processed is an encrypted file in step S330, the process proceeds to step S360. In step S360, it is determined whether the process for the first file in step S320 is a process for decrypting the file. Contrary to step S340, when the flag is lowered, it can be easily determined that the process of the first file is a process of decrypting the file. If the process of the first file is a process of decrypting the file, the process proceeds to step S370, and if the process of the first file is not a process of decrypting the file, that is, if the process is to encrypt the file. Then, the process proceeds to step S395 without performing the process of encrypting or decrypting the file.

  The file to be processed in step S370 is an encrypted file according to the determination in step S330. In step S370, the authentication information input unit 134 uses the authentication information input method stored in the encrypted file to indicate the authentication information input method used by the encrypted file to be processed. Get input. Then, the authentication information input method obtained from the identifier of the encrypted file to be processed is compared with the authentication information input method performed in step S320. If they match, the process proceeds to step S380. The process proceeds to step S395 without performing encryption or decryption. This is because if the authentication information input method does not match, the secret key used in step S320 cannot be decrypted, and it is not necessary to move to step S380.

  In step S380, the decryption processing unit 142 compares the hash value of the secret key used in step S320 with the hash value stored in the encrypted file to be processed, and determines whether or not the secret keys match. Determine. If the secret keys match, the process proceeds to step S390. If the secret keys do not match, the process proceeds to step S395 without encrypting or decrypting the file.

  In step S390, the decryption processing unit 142 decrypts the encrypted file using the secret key used in step S320, and stores the decrypted file in the storage folder 150 as in step S270 of FIG.

  Note that the process for the first file is a decryption process, but since the secret key is different, if the decryption of the first file results in an error, the cryptographic processing program 130 inputs the authentication information used in the decryption of the first file. The second and subsequent files may be processed with the method and secret key valid. In this case, for the second and subsequent encrypted files, in steps S370 and 380, the authentication information input method and secret key used in the processing for the first file are the authentication information input method and secret key of the target encrypted file. Compared with However, the cryptographic processing program 130 may be configured to end the subsequent processing when the decryption of the first file results in an error.

  FIG. 13 is an explanatory diagram illustrating an example of drag and drop of a plurality of files to the first drop area according to the third embodiment. In the example shown in FIG. pdf and mnop. pdf. Two files called bufenc are selected, dragged to the first drop area 310 and dropped. At this time, the cursor 242 moves to ijkl. Dragging is started in the state where pdf is pointed and dragged to the first drop area 310. In this case, the file to be processed first is ijkl. pdf. In step S320 of FIG. 12, the ijkl. A pdf encryption process is performed.

  The second file is mnop. pdf. bufenc. Since this file is an encrypted file from the extension, it is determined as “Y” in step S330 of FIG. 12, and the process proceeds to step S360. Since the first process is the encryption process, the determination in step S360 is “N”, and mnop. pdf. No processing is performed on bufenc, and the process proceeds to step S395. In the example shown in FIG. 13, since the third and subsequent files do not exist, the cryptographic processing program 130 ends the processing.

  FIG. 14 is an example of a screen displayed on the display unit after the encryption or decryption process of the third embodiment. As can be seen from a comparison between FIG. 13 and FIG. 14, ijkl.encrypted in the folder SecureLockMobile 2 of the window 500. pdf. An encrypted file called bufenc is generated.

  FIG. 15 is an explanatory diagram illustrating an example of drag and drop of a plurality of files to the first drop region according to the third embodiment. In the example shown in FIG. pdf and mnop. pdf. bufenc, qrst. doc. Three files called “bufenc” are selected, dragged to the first drop area 310 and dropped. At this time, the cursor 242 moves to mnop. pdf. Dragging is started in the state where bufenc is pointed and dragged to the first drop area 310. In this case, the file to be processed first is mnop. pdf. bufenc. In step S320 in FIG. 12, mnop. pdf. A bufenc decoding process is performed.

  The second file is ijkl. pdf. Since the second file is not an encrypted file from the extension, it is determined as “N” in step S330 of FIG. 12, and the process proceeds to step S340. Since the first process is a decoding process, the determination in step S340 is “N”, and ijkl. The pdf proceeds to step S395 without any processing. In the example shown in FIG. 13, the third file qrst. doc. Since bufenc exists, the cryptographic processing program 130 shifts the processing to step S330.

  The third file is qrst. doc. bufenc. Since this file is an encrypted file from the extension, it is determined as “Y” in step S330 of FIG. 12, and the process proceeds to step S360. Since the first process is the decoding process, the determination in step S360 is “Y”, and the process proceeds to step S370. In step S370, the authentication information input unit 134 determines that mnop. pdf. Based on the identifier indicating the authentication information input method stored in bufenc, the authentication information input method used to input the authentication information in the encrypted file to be processed is acquired. Then, the mnop. pdf. The bufenc authentication information input method and mnop. pdf. The authentication information input method of bufenc is compared. If they match, the process proceeds to step S380, and if not, the process proceeds to step S395. Here, mnop. pdf. bufenc authentication information input method, mnop. pdf. It is assumed that the authentication information input method of bufenc matches. In this case, the cryptographic processing program 130 proceeds to step S380.

  In step S380, the decryption processing unit 142 determines that the first file mnop. pdf. The hash value of the secret key stored in bufenc and the file qrst. doc. The hash value of the secret key stored in bufenc is compared to determine whether the secret key matches. If the secret keys match, the process proceeds to step S390. If the secret keys do not match, the process proceeds to step S395. Here, mnop. pdf. The hash value of the secret key stored in bufenc, qrst. doc. Assume that the hash value of the secret key stored in bufenc matches and the secret key matches. In this case, the cryptographic processing program 130 proceeds to step S390. In step S390, the decryption processing unit 142 determines that the first file mnop. pdf. Using the secret key used in the decryption process of bufenc, the file qrst. doc. The bufenc is decrypted and stored in the storage folder 150 as in step S270 of FIG.

  FIG. 16 is an example of a screen displayed on the display unit after the encryption or decryption process according to the third embodiment. As can be seen from a comparison between FIG. 15 and FIG. 16, the mnop. pdf and qrst. Two files of doc are newly generated. The second file ijkl. Since pdf is not encrypted, ijkl. pdf. A file named bufenc has not been generated.

  FIG. 17 is an explanatory diagram illustrating an example of drag and drop of a folder to the first drop area according to the third embodiment. In the encryption processing program 130, even when the folder containing the file, not the file itself, is dragged and dropped into the drop area (first drop area 310 or second drop area 320), encryption or decryption can be performed. . The cryptographic processing program 130 acquires the file processing order from the OS 225 in step S310 of FIG. In this case, since the cursor is pointing to the folder and not the file at the start of dragging, the file processing order is the alphabetical order of the file.

  In the example shown in FIG. 17, a folder called images is selected and dragged and dropped into the first drop area. In a folder called images, two files pic01. jpg and pic02. 2 files of jpg are included, and the first file is pic01. jpg and the second file is pic02. jpg.

  In step 320 of FIG. 12, the first file pic01. Jpg is subjected to the determination in step S140 of FIG. 2 and the encryption process (step S150) or the decryption process (step S220) according to the result. Specifically, the first file pic01. Since jpg is determined as an unencrypted file from the extension in step S140, the encryption process (step S150 in FIG. 2) is performed and stored in the storage folder 150 (FIG. 1). In step S330, the second file pic02. Since jpg is determined not to be an encrypted file from the extension, the process proceeds to step S340. The first file pic01. Since the process for jpg is an encryption process, the determination in step S340 is “Y”, and the process proceeds to step S350. In step S350, the encryption processing unit 140 executes the first file pic01. For jpg, the encryption process is performed using the same secret key as that used for the encryption process, and the encrypted file after encryption is stored in the storage folder 150.

  FIG. 18 is an example of a screen displayed on the display unit after encryption or decryption processing when a folder is dropped. As can be seen from a comparison between FIG. 17 and FIG. 18, a child folder named “images” is formed in the folder “SecureLockMobile2” that is the storage folder 150 of the window 500, and pic01. jpg. bufenc and pic02. jpg. An encrypted file called bufenc is generated. As described above, when a folder is dragged and dropped, the dragged and dropped folder is formed in the storage folder 150, and the processed folder is moved from the storage folder 150 to the location specified by the relative path including the formed folder. A file is stored. In this way, the storage folder 150 can be configured with a folder structure before encryption processing, and thus it is possible to prevent the user from losing sight of the encrypted file or generating an encrypted file with the same file name. .

As described above, according to the third embodiment, when a plurality of files are dropped in one of the plurality of drop areas, the encryption processing program 130 performs the following processing, so that the plurality of files are encrypted and decrypted. Convenience can be improved.
(Ai) When the first file is not encrypted by the encryption processing program 130, the first file is encrypted.
(A-ii) For the second and subsequent files,
If the file is not encrypted by the encryption processing program 130, the file is encrypted using the same secret key used in the process (ai).
When the file is an encrypted file encrypted by the encryption processing program 130, neither encryption nor decryption is performed. (Bi) An encrypted file in which the first file is encrypted by the encryption processing program 130 In the case of, the first file is decrypted.
(B-ii) For the second and subsequent files,
If the file is an encrypted file encrypted by the encryption processing program, the file is decrypted using the same secret key used in the process (b-i).
If the file is not a file encrypted by the encryption processing program 130, the file is neither encrypted nor decrypted.

Fourth embodiment:
FIG. 19 is an example of a screen displayed on the display unit when the cryptographic processing program in the fourth embodiment is started. The first drop region 310 of the processing window 300 in the fourth embodiment has a plurality of small regions (small drop regions 310s, 310m, 310w) that can be identified by the naked eye, and the second drop region 320 is identified by the naked eye. It has a plurality of possible small areas (small drop areas 320s, 320m, 320w). The small drop areas 310s, 310m, and 310w may be color-coded by gradation, for example.

  In the fourth embodiment, the encryption strength in the encryption process differs depending on which small block area the file is dragged and dropped. Specifically, if the file is dropped in the small drop area 310m, the encryption strength is strong when the small drop area 310s file is dropped, and the small drop area 310w file is dropped. The encryption strength is weak. Here, since it is necessary to use a plurality of encryption processing units 140 and decryption processing units 142 in order to change the encryption strength with an algorithm, it is preferable to change the encryption strength according to the key length of the secret key. For example, the key length when a file is dropped into the small drop area 320s with the strongest cryptographic strength is 256 bits, the key length when the file is dropped into the small drop area 320m with an intermediate cryptographic strength is 192 bits, and the cryptographic strength The key length when a file is dropped in the small drop area 320s having a weak key may be 128 bits. If the key length is long, it is difficult to decrypt the secret key. On the other hand, if the key length is short, there is an advantage that it takes less time to encrypt and decrypt the file. The key length is an example, and the key length may be 512 bits, 384 bits, or 256 bits.

  The operation flowchart in this embodiment is the same as that shown in FIG. However, the following points are different in processing contents. In step S190, the key length of the generated secret key varies depending on which small drop area of each drop area (first drop area 310, second drop area 320) the file is dropped. Further, in the encryption process in step 200, the key length is written into the encrypted file after encryption. A code indicating the key length may be used instead of the key length. In the generation of the secret key (secret key) in step S250, the secret key generation unit 138 obtains the key length from the encrypted file, and generates the secret key corresponding to the key length from the user input of the authentication information. . Therefore, the user does not need to be aware of the key length at the time of decryption.

  Generally, if the encryption strength is increased, the processing time for encryption and decryption takes longer. According to the fourth embodiment, the user can select or decide whether to increase the encryption strength or the encryption strength is weak but the processing time is short although the processing time is required. Security can be improved.

-Fifth embodiment:
FIG. 20 is an example of a screen displayed on the display unit when the cryptographic processing program according to the fifth embodiment is started. In the first to fourth embodiments, the first drop region 310 and the second drop region 320 of the processing window 300 are independent without overlapping, but in the fifth embodiment, the first drop region 310 and the second drop region 320 are independent. The drop region 320 partially overlaps to form an overlap region 315.

  FIG. 21 is an operation flowchart according to the fifth embodiment. Here, a case where one file is dragged and dropped will be described as an example. First, steps S100 to S140 in FIG. 2 are executed. Based on the determination result of step S140, the process proceeds to step S500 or S580. Specifically, when it is determined that the encrypted file encrypted by the encryption processing program 130 is dropped in the drop area (regardless of the first drop area 310, the second drop area 320, and the overlapping area 315). The process proceeds to step S580, and if it is determined that the file not encrypted by the encryption processing program 130 has been dropped in the drop area, the process proceeds to step S500.

  Step S500 includes steps S505 to S570, and a process for encrypting the file is performed. In step S505, the authentication information input unit 134 determines whether the area where the file is dropped is the overlapping area 315 (FIG. 20). In the case of the overlapping area 315, the process proceeds to step S520, and when it is not the overlapping area 315 (the first drop area 310 that does not overlap the second drop area 320 or the second drop area that does not overlap the first drop area 310) 320), the process proceeds to step S510. When the process moves to step S510, it is the same as the case where an unencrypted file is dragged and dropped into the first drop area 310 or the second drop area 320 in the first embodiment, and step S150 in FIG. The process of encrypting the file is executed.

  In step S520, the authentication information input unit 134 displays the first authentication information input window 600 (FIG. 5) corresponding to the first drop region 310, which is the first drop region in the overlapping region 315, on the display unit 240, A user input (first user input) of the first authentication information is accepted. In step S530, the authentication information input unit 134 displays the second authentication information input window 700 (FIG. 6) corresponding to the second drop region 320, which is the next drop region in the overlapping region 315, on the display unit 240, A user input (second user input) of the second authentication information is accepted. In step S540, the authentication information input unit 134 determines whether authentication information (user input) corresponding to all drop areas forming the overlapping area 315 has been completed. If authentication information (user input) corresponding to all drop areas forming the overlapping area 315 is not completed, the process proceeds to step S530, and if completed, the process proceeds to step S550.

  In step S550, the secret key generation unit 138 generates one secret key from the user input of all the authentication information input in steps S520 and S530. In steps S560 and S570, as in steps S200 and S210 of FIG. 2, the file encryption processing and the storage of the encrypted file in the storage folder 150 (FIG. 1) are performed.

  If it is determined in step S140 that the encrypted file encrypted by the encryption processing program 130 has been dropped in the drop area (regardless of the first drop area 310, the second drop area 320, and the overlapping area 315), Processing for decrypting the file in step S580 is executed. The process of decoding the file in step S580 is substantially the same as the process of decoding the file in step S220 shown in FIG. 2 except for the points described below. The authentication information input unit 134 identifies one or a plurality of authentication information input methods from an identifier that is stored in the encrypted file and indicates which authentication information input method is used. And the user input by all the specified authentication information input methods is received. The secret key generation unit 138 generates one secret key from the user input of all input authentication information as in step S550. The other processes are the same as the decoding process in step S220 in FIG.

  As described above, according to the fifth embodiment, the plurality of drop areas 310 and 320 partially overlap to form the overlap area 315, and the cryptographic processing program 130 includes N pieces of overlap (N is 2 or more). When a file to be encrypted is dropped on the overlapping part (overlapping area 315) of the drop area of the fifth embodiment (N = 2 in the fifth embodiment), N corresponding to the N drop areas Since the electronic apparatus 200 executes a process of accepting user input of N pieces of authentication information by the authentication information input method and a process of generating one secret key from the N pieces of authentication information, the user input of the authentication information Are difficult to decipher, and the convenience and security of file encryption can be improved.

-Sixth embodiment:
FIG. 22 is an explanatory diagram illustrating the external storage device 106 and the electronic device 200 according to the sixth embodiment. The external storage device 106 of the sixth embodiment is different from the external storage device 100 of the first embodiment in that it includes a file size acquisition unit 146. The file size acquisition unit 146 acquires the file size of the file dropped in one of the drop areas (first drop area 310 and second drop area 320).

  FIG. 23 is an operation flowchart according to the sixth embodiment. The processing up to step S130 is the same as the processing in the first embodiment. In step S600, the file size acquisition unit 146 acquires the file size of the dropped file.

  In step S610, if the file size acquired in step S600 is greater than or equal to the predetermined size, the encryption processing unit 140 proceeds to step S620, and the file size is less than the predetermined size. In step S640, the process proceeds to step S640. Here, when there are a plurality of files dropped in the drop area (the first drop area 310 and the second drop area 320), the file size is the sum of the file sizes of the plurality of files. In step S640, the process proceeds to step S300 in FIG.

  In step S620, since the encryption processing program 130 takes time to encrypt or decrypt the file, the display unit 240 (see FIG. 6) indicates that the number of files to be processed should be reduced or the capacity to be processed should be reduced. 22). The cryptographic processing program 130 waits for the user's consent to cancel the processing, moves to step S630, and stops the processing. In step S620, if the user's consent is not input, the encryption processing program 130 waits until the consent is input without executing the encryption or decryption processing.

  As described above, according to the sixth embodiment, the cryptographic processing program 130 acquires the file size of a file dropped in any of the plurality of drop areas 310 and 320, and the file size is equal to or larger than a predetermined size. In this case, before accepting the user input by the authentication information input method, the number of files to be processed by the user is reduced, or the display unit 240 displays that the processing capacity should be reduced by reducing the capacity to be processed. Accept consent to cancel. That is, when the file size of the dropped file is large, it is expected that it takes time to perform encryption or decryption processing. In such a case, even if the encryption or decryption process is executed, it takes time, so the process may be canceled in the middle, and then the user may reduce the number of files and perform encryption or decryption again. When the file size to be processed is large in this way, a warning that the process takes time is issued, and the process is stopped with the user's consent. Since the user knows in advance that encryption and decryption will take time, the usability will be improved and the convenience in encryption and decryption will be improved rather than the user ending after starting the encryption or decryption process. Can do. Note that the same processing may be performed not only in the file size but also when the number of files is large. This is because even if the total file size is the same, if the number of files is large, processing time is required.

  In the sixth embodiment, the processed file is stored in the storage folder 150 of the external storage device 106. Here, the processed file size is calculated from the file size obtained in step S600, and when the processed file size is larger than the free capacity of the storage unit 120 of the external storage device 106, a message to that effect is displayed. It may be displayed on the part 240 and the process may be stopped. This is because the processed file cannot be stored in the storage unit 120 of the external storage device 106.

  In the description of the first to sixth embodiments, the encryption method (encryption algorithm) in the encryption program is not described. That is, in the first to sixth embodiments, the encryption method is not limited to a specific encryption method. In the first to sixth embodiments, for example, common key (secret key) encryption schemes such as AES (Advanced Encryption Standard), DES (Data Encryption Standard), 3DES, IDEA (International Data Encryption Algorithm) can be used. It is. The encryption method may be a public key encryption method such as RSA or elliptic curve encryption. In the case of the public key cryptosystem, one of the encryption key and the decryption key (usually the encryption key) is made public and the other (the decryption key) is kept secret. good. Note that the public key cryptosystem has a longer key length than the common key (secret key) scheme when it is desired to obtain the same encryption strength as that of the common key (secret key) scheme. The decoding process takes time. Therefore, it is preferable to use a common key (secret key) encryption method. Here, for example, since the encryption strength can be changed by changing only the key length (128 bits, 192 bits, 256 bits), AES is preferably used as the encryption method.

・ Modification:
In the first to sixth embodiments, the drop area formed in the processing window 300 has been described as an example having two drop areas of the first drop area 310 and the second drop area 320. There may be three or more regions. In this case, NFC (Near Field Communication) or biometric authentication can be used as the authentication information input method in addition to the password method and the pattern method.

  In each of the above embodiments, when the electronic device 200 has a plurality of connectors 270 and a plurality of external storage devices 100 are connected to the electronic device 200, the storage location of the encrypted file and the decrypted file is This is the storage folder 150 of the external storage device 100 where the activated cryptographic processing program 130 was located. For example, when the first external storage device 100 having the first cryptographic processing program 130 and the second external storage device 100 having the second cryptographic processing program 130 are connected to the electronic device 200, When a file is dropped on the first processing window created by the first cryptographic processing program 130, the encrypted file is stored in the first storage folder 150 of the first external storage device 100, and the second When a file is dropped on the second processing window created by the cryptographic processing program 130, the encrypted file is stored in the second storage folder 150 of the second external storage device 100. Similarly, when the file is decrypted, the decrypted file is stored in the storage folder 150 of the external storage device 100 in which the activated cryptographic processing program 130 is located.

  In each of the above embodiments, the user manages the password and the pattern, but does not manage the secret key itself, and the secret key cannot be taken out even if the password or the pattern is known. Less is.

  In each of the embodiments described above, when the user wants to encrypt or decrypt a file, the user has sent the file to the drop area by dragging and dropping the file to the drop area (for example, the first drop area 310). Instead of dragging and dropping the file, the user may send the file to the drop area by copying the file and attaching it to the drop area. Specifically, the user copies the file and then pastes (pastes) the file into the drop area. The drop area is an attachment area for a file to be attached. Note that, in the order of files to be processed when a plurality of files are selected, the first file to be processed is the file selected first at the time of copying, and the second and subsequent files are in alphabetical order. Also, when folders are selected, they are in alphabetical order. In addition, the user may cut the file and then paste (paste) the file in the drop area. When a file is cut, not copied, and the file is encrypted or decrypted, the file before encryption or decryption is deleted. However, if the file cannot be encrypted or decrypted due to, for example, a large file size, or cannot be decrypted because the secret key is different, the file before encryption or before decryption shall not be deleted. Is preferred.

  In each of the embodiments described above, the cryptographic processing program 130 is stored in the external storage device 100, but may be stored in a storage medium. In this case, the cryptographic processing program 130 becomes executable when copied or installed from the storage medium to the storage unit 120 of the external storage device 100. Here, the storage medium is a medium for storing data, and is also called “storage medium” or “recording medium”. Many storage media write data magnetically and optically. The former includes, for example, a flexible disk, and the latter includes, for example, a CD-ROM and an MO disk. The storage medium also includes a memory card and the external storage device of the present embodiment.

  Further, the cryptographic processing program 130 may be acquired via a network such as downloading from a website of a company that sells the external storage device 100 or receiving it by e-mail.

  In each of the above embodiments, when the cryptographic processing program 130 is executed, the cryptographic processing program 130 may be activated after being copied to the storage unit 220 of the electronic device 200. When the storage folder 150 is stored in a location other than the storage unit 120 of the external storage device 100, the external storage device 100 can be removed from the electronic device 200 even when the cryptographic processing program is being activated.

  The present invention is not limited to the above-described embodiment, and can be realized with various configurations without departing from the spirit of the present invention. For example, the technical features of the embodiments corresponding to the technical features in each embodiment described in the summary section of the invention are intended to solve part or all of the above-described problems, or part of the above-described effects. Or, in order to achieve the whole, it is possible to replace or combine as appropriate. Further, if the technical feature is not described as essential in the present specification, it can be deleted as appropriate.

DESCRIPTION OF SYMBOLS 100 ... External storage device 102 ... External storage device 106 ... External storage device 110 ... Control part 120 ... Storage part 130 ... Encryption processing program 132 ... Processing window formation part 134 ... Authentication information input part 136 ... File determination part 138 ... Secret key generation Unit 140 ... Encryption processing unit 142 ... Decryption processing unit 144 ... Device identification unit 146 ... File size acquisition unit 150 ... Storage folder 160 ... Interface 170 ... Connector 180 ... Device identifier 200 ... Electronic device 210 ... CPU
DESCRIPTION OF SYMBOLS 220 ... Memory | storage part 225 ... Operating system 230 ... Input part 240 ... Display part 242 ... Cursor 260 ... Interface 270 ... Connector 300 ... Processing window 310 ... 1st drop area 310m ... Small drop area 310s ... Small drop area 310w ... Small drop area 311 ... Image pattern 315 ... Overlapping area 320 ... Second drop area 320m ... Small drop area 320s ... Small drop area 320w ... Small drop area 321 ... Image pattern 330 ... Status bar 340 ... Path 400 ... Window 500 ... Window 600 ... First Authentication information input window 610 ... Identification information input section 620 ... Complete button 630 ... Clear button 700 ... Second authentication information input window 710 ... Identification information input section 720 ... Complete button 30 ... clear button 5130 ... icon 5150 ... icon

Claims (25)

An external storage device connected to an electronic device,
Stores cryptographic processing programs,
When the cryptographic processing program is started on the OS of the electronic device with the external storage device connected to the electronic device,
A process of displaying a processing window including a plurality of pasting areas to which a file to be encrypted is sent on the display unit of the electronic device;
When the file to be encrypted is sent to any one of the plurality of pasting areas, the display includes an input window for performing user input of authentication information by a predetermined authentication information input method for each pasting area And a process for receiving a user input of the authentication information,
Generating a secret key from user input of the authentication information;
A process of encrypting a file sent to any one of the plurality of pasting areas using the secret key, and giving an identifier capable of identifying the authentication information input method to the encrypted file after encryption;
Processing for storing the encrypted file in the external storage device;
An external storage device that causes the electronic device to execute the operation. The external storage device according to claim 1, further comprising:
A device identifier for identifying the external storage device;
The cryptographic processing program is:
Processing to obtain the device identifier before processing to display the processing window;
When the device identifier is predetermined, the processing window is displayed. When the device identifier is not predetermined, the encryption processing program is terminated without displaying the processing window. When,
An external storage device that causes the external storage device to execute. The external storage device according to claim 1, wherein the cryptographic processing program further includes:
When the encrypted file encrypted by the encryption processing program is sent in the processing window, the position where the encrypted file is sent is sent to the file when the encrypted file is created. Regardless of whether or not it corresponds to a paste-in area, the authentication information input method is specified based on the identifier of the encrypted file, and user input of the authentication information according to the specified authentication information input method is accepted Processing,
Generating the secret key from a user input of the authentication information;
A process of decrypting the encrypted file using the secret key;
A process of storing a decrypted file obtained by decrypting the encrypted file in the external storage device;
An external storage device that causes the electronic device to execute the operation. The external storage device according to claim 3,
When a plurality of files are sent to one of the plurality of pasting areas,
The cryptographic processing program is:
(Ai) When the first file determined according to a predetermined rule among the plurality of files is a file that is not encrypted by the encryption processing program, it is determined for each pasting area. Receiving the user input of the authentication information by the authentication information input method, generating the secret key from the user input of the authentication information, and executing encryption of the first file using the secret key;
(A-ii) For each file other than the first file among the plurality of files, if the file is not encrypted by the encryption processing program, the process of (ai) A process that encrypts the file using the same secret key that is used in the above, and when the file is an encrypted file encrypted by the encryption processing program, does not perform encryption or decryption; and
(Bi) When the first file is an encrypted file encrypted by the encryption processing program, a user input of the authentication information is accepted by an authentication information input method predetermined for each pasting area. Generating the secret key from a user input of the authentication information, and performing decryption of the first file using the secret key;
(B-ii) For each file other than the first file among the plurality of files, when the file is an encrypted file encrypted by the encryption processing program, A process in which the file is decrypted using the same secret key used in the process, and if the file is not a file encrypted by the cryptographic processing program, the file is neither encrypted nor decrypted. ,
An external storage device that causes the electronic device to execute the operation. The external storage device according to any one of claims 1 to 4,
The cryptographic processing program is:
A process of forming the plurality of pasting regions such that each of the plurality of pasting regions has a plurality of small regions that can be identified by the naked eye;
When a file to be encrypted is sent to any one of the plurality of small areas, encryptions having different encryption strengths are obtained depending on the small area to which the file to be encrypted is sent. Processing to generate the secret key according to an encryption method;
An external storage device that causes the electronic device to execute the operation. An external storage device according to any one of claims 1 to 5,
The plurality of crushed areas partially overlap,
The cryptographic processing program is:
When a file to be encrypted is sent to an overlapping portion of N overlapping areas (N is an integer equal to or greater than 2) that overlap each other, N authentication information input methods corresponding to the N overlapping areas are used. A process of accepting user input of N pieces of authentication information;
Generating one of the secret keys from user input of the N pieces of authentication information;
An external storage device that causes the electronic device to execute the operation. The external storage device according to any one of claims 1 to 6,
The cryptographic processing program is:
Processing for obtaining a file size of a file sent to any one of the plurality of pasting areas;
If the file size is greater than or equal to a predetermined size, a message is displayed indicating that the encryption or decryption process cannot be executed before accepting the user input of the authentication information by the authentication information input method. Processing to accept consent to stop processing to decrypt or decrypt,
To the electronic device,
An external storage device that causes the electronic device to stop processing when the consent is obtained. The external storage device according to any one of claims 1 to 7,
The file is sent to the pasting area (i) after the file is copied or cut, the file is pasted into the pasting area, or (2) the file is dragged and dropped. Being dropped in the crushed area,
External storage device. A cryptographic processing method,
On the display unit of the electronic device, a processing window including a plurality of pasting areas for sending a file to be encrypted is displayed.
When the file to be encrypted is sent to any one of the plurality of pasting areas, the display includes an input window for performing user input of authentication information by a predetermined authentication information input method for each pasting area And accepting user input of the authentication information,
Generating a secret key from user input of the authentication information;
Encrypting a file sent to one of the plurality of pasting areas using the secret key, and giving an identifier that can identify the authentication information input method to the encrypted file after encryption,
Storing the encrypted file in an external storage device;
Cryptographic processing method. The cryptographic processing method according to claim 9, comprising:
The external storage device has a device identifier for identifying the external storage device,
Obtaining the device identifier;
If the device identifier is predetermined, the processing window is displayed; if the device identifier is not predetermined, the encryption processing method is terminated without displaying the processing window;
Cryptographic processing method. The cryptographic processing method according to claim 9 or 10, further comprising:
When the encrypted file encrypted by the encryption processing method is sent in the processing window, the position at which the encrypted file is sent is sent to the file when the encrypted file is created. The authentication information input method is specified based on the identifier of the encrypted file regardless of whether or not it corresponds to the paste-in area, and user input of the authentication information according to the specified authentication information input method is accepted ,
Generating the secret key from user input of the authentication information;
Decrypting the encrypted file using the secret key;
Storing the decrypted file obtained by decrypting the encrypted file in the external storage device;
Cryptographic processing method. The cryptographic processing method according to claim 11, comprising:
When a plurality of files are sent to one of the plurality of pasting areas,
(Ai) When the first file determined according to a predetermined rule among the plurality of files is a file that has not been encrypted by the encryption processing method, it is determined for each pasting area. Receiving the user input of the authentication information by the authentication information input method, generating the secret key from the user input of the authentication information, executing the encryption of the first file using the secret key,
(A-ii) For each file other than the first file among the plurality of files, when the file is not encrypted by the encryption processing method, the process of (ai) When the file is encrypted using the same secret key used in the above, and the file is an encrypted file encrypted by the encryption processing method, neither encryption nor decryption is performed,
(Bi) When the first file is an encrypted file encrypted by the encryption processing method, accepting user input of the authentication information by an authentication information input method predetermined for each pasting area , Generating the secret key from user input of the authentication information, performing decryption of the first file using the secret key,
(B-ii) For each file other than the first file among the plurality of files, when the file is an encrypted file encrypted by the encryption processing method, Decrypting the file using the same secret key used in the processing, and if the file is not a file encrypted by the encryption processing method, the file is neither encrypted nor decrypted;
Cryptographic processing method. The cryptographic processing method according to any one of claims 9 to 12,
Forming the plurality of pasting regions such that each of the plurality of pasting regions has a plurality of small regions that can be identified by the naked eye;
When a file to be encrypted is sent to any one of the plurality of small areas, encryptions having different encryption strengths are obtained depending on the small area to which the file to be encrypted is sent. A private key is generated according to the encryption method,
Cryptographic processing method. The cryptographic processing method according to any one of claims 9 to 13,
The plurality of drop areas partially overlap,
When a file to be encrypted is sent to an overlapping portion of N overlapping areas (N is an integer equal to or greater than 2) that overlap each other, N authentication information input methods corresponding to the N overlapping areas are used. Accept user input of N authentication information,
One secret key is generated from user input of the N pieces of authentication information.
Cryptographic processing method. The encryption processing method according to any one of claims 9 to 14,
Obtaining the file size of the file sent to one of the plurality of crushed areas;
If the previous file size is greater than or equal to a predetermined size, a message is displayed indicating that the encryption or decryption process cannot be executed before accepting the user input of the authentication information by the authentication information input method. Accepting consent to stop processing
If the consent is obtained, the process is stopped.
Cryptographic processing method. The cryptographic processing method according to any one of claims 9 to 15,
The file is sent to the pasting area (i) after the file is copied or cut, the file is pasted into the pasting area, or (2) the file is dragged and dropped. Being dropped in the crushed area,
Cryptographic processing method. A cryptographic processing program,
A process of displaying a processing window including a plurality of pasting areas to which a file to be encrypted is sent on the display unit of the electronic device;
When the file to be encrypted is sent to any one of the plurality of pasting areas, the display includes an input window for performing user input of authentication information by a predetermined authentication information input method for each pasting area And a process for receiving a user input of the authentication information,
Generating a secret key from user input of the authentication information;
A process of encrypting a file sent to any one of the plurality of pasting areas using the secret key, and giving an identifier capable of identifying the authentication information input method to the encrypted file after encryption;
Processing for storing the encrypted file in the external storage device;
A cryptographic processing program for causing the electronic device to execute. The cryptographic processing program according to claim 17, further comprising:
The external storage device has a device identifier for identifying the external storage device,
The cryptographic processing program is:
Processing to obtain the device identifier;
When the device identifier is predetermined, the processing window is displayed. When the device identifier is not predetermined, the encryption processing program is terminated without displaying the processing window. When,
A cryptographic processing program for causing the external storage device to execute. The cryptographic processing program according to claim 17 or 18, further comprising:
When the encrypted file encrypted by the encryption processing program is sent in the processing window, the position where the encrypted file is sent is sent to the file when the encrypted file is created. Regardless of whether or not it corresponds to a paste-in area, the authentication information input method is specified based on the identifier of the encrypted file, and user input of the authentication information according to the specified authentication information input method is accepted Processing,
Generating the secret key from a user input of the authentication information;
A process of decrypting the encrypted file using the secret key;
A process of storing a decrypted file obtained by decrypting the encrypted file in the external storage device;
A cryptographic processing program for causing the electronic device to execute. The cryptographic processing program according to claim 19,
When a plurality of files are dropped in one of the plurality of drop areas,
(Ai) When the first file determined according to a predetermined rule among the plurality of files is a file that is not encrypted by the encryption processing program, it is determined for each pasting area. Receiving the user input of the authentication information by the authentication information input method, generating the secret key from the user input of the authentication information, and executing encryption of the first file using the secret key;
(A-ii) For each file other than the first file among the plurality of files, if the file is not encrypted by the encryption processing program, the process of (ai) A process that encrypts the file using the same secret key that is used in the above, and when the file is an encrypted file encrypted by the encryption processing program, does not perform encryption or decryption; and
(Bi) When the first file is an encrypted file encrypted by the encryption processing program, a user input of the authentication information is accepted by an authentication information input method predetermined for each pasting area. Generating the secret key from a user input of the authentication information, and performing decryption of the first file using the secret key;
(B-ii) For each file other than the first file among the plurality of files, when the file is an encrypted file encrypted by the encryption processing program, A process in which the file is decrypted using the same secret key used in the process, and if the file is not a file encrypted by the cryptographic processing program, the file is neither encrypted nor decrypted. ,
A cryptographic processing program for causing the electronic device to execute. A cryptographic processing program according to any one of claims 17 to 20, comprising:
A process of forming the plurality of pasting regions such that each of the plurality of pasting regions has a plurality of small regions that can be identified by the naked eye;
When a file to be encrypted is sent to any one of the plurality of small areas, encryptions having different encryption strengths are obtained depending on the small area to which the file to be encrypted is sent. Processing to generate the secret key according to an encryption method;
A cryptographic processing program for causing the electronic device to execute. A cryptographic processing program according to any one of claims 17 to 21,
The plurality of crushed areas partially overlap,
When a file to be encrypted is sent to an overlapping portion of N overlapping areas (N is an integer equal to or greater than 2) that overlap each other, N authentication information input methods corresponding to the N overlapping areas are used. A process of accepting user input of N pieces of authentication information;
Generating one of the secret keys from user input of the N pieces of authentication information;
A cryptographic processing program for causing the electronic device to execute. A cryptographic processing program according to any one of claims 17 to 22,
Processing for obtaining a file size of a file sent to any one of the plurality of pasting areas;
If the file size is greater than or equal to a predetermined size, a message is displayed indicating that the encryption or decryption process cannot be executed before accepting the user input of the authentication information by the authentication information input method. Processing to accept consent to stop processing to decrypt or decrypt,
To the electronic device,
An encryption processing program for causing the electronic device to stop processing when the consent is obtained. A cryptographic processing program according to any one of claims 17 to 23, wherein
The file is sent to the pasting area (i) after the file is copied or cut, the file is pasted into the pasting area, or (2) the file is dragged and dropped. Being dropped in the crushed area,
Cryptographic processing program.   A storage medium storing the cryptographic processing program according to any one of claims 17 to 24.

Images