AU764405B2 - Enciphering method, deciphering method and certifying method - Google Patents

Enciphering method, deciphering method and certifying method Download PDF

Info

Publication number
AU764405B2
AU764405B2 AU69973/01A AU6997301A AU764405B2 AU 764405 B2 AU764405 B2 AU 764405B2 AU 69973/01 A AU69973/01 A AU 69973/01A AU 6997301 A AU6997301 A AU 6997301A AU 764405 B2 AU764405 B2 AU 764405B2
Authority
AU
Australia
Prior art keywords
information
entity
attribute information
key
predetermined
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
AU69973/01A
Other versions
AU6997301A (en
Inventor
Kazuomi Oishi
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Canon Inc
Original Assignee
Canon Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from AU18980/97A external-priority patent/AU1898097A/en
Application filed by Canon Inc filed Critical Canon Inc
Publication of AU6997301A publication Critical patent/AU6997301A/en
Application granted granted Critical
Publication of AU764405B2 publication Critical patent/AU764405B2/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Landscapes

  • Storage Device Security (AREA)

Description

1 CFO 12049 bvS Au ENCIPHERING METHOD, DECIPHERING METHOD AND CERTIFYING METHOD BACKGROUND OF THE INVENTION Field of the Invention The present invention relates to an enciphering method, a deciphering method and a certifying method, and more particularly to an enciphering method, a deciphering method and a certifying method adapted for use in various information services.
Related Background Art The ciphers can be generally classified into (A) common ciphers and public key ciphers.
The common cipher employs a same key secretly owned by the transmitter and the receiver, and is also called the common key cipher or the secret key cipher.
In the public key cih r the enciphering key and the deciphering key are mutually different, and the enciphering key is made publicly open while the 20 deciphering key is held secret. In the following there will be given an explanation on the public key cipher, with respect to features, protocol, (c) representative example, and RSA cipher as a specific example thereof.
Features of the public key cipher 1. Since the enciphering key and the deciphering key are different and the enciphering key can be made 2 public, it is not necessary to deliver the enciphering key in secret and the key delivery is made easier.
2. Since the enciphering key of each user is made public, each user is only required to maintain the deciphering key secret.
3. There can be realized a certifying function allowing the receiver to confirm that the transmitter of the transmitted message is not false and that the transmitted message has not been tampered with.
Protocol of the public key cipher For a message M to be communicated, with a public enciphering key k P (hereinafter called public key) for defining an enciphering operation E(k
P
M) and a secret deciphering key k s for defining a deciphering operation D(ks, the public key cipher algorithm in the first place satisfies the following two conditions: f the public key k is known, the c hring operation E(k
P
M) can be easily calculated. Also if the secret key ks is known, the deciphering operation 20 D(ks, M) can be easily calculated.
In case the secret key k s is not known, even if the above-mentioned public key k P and the calculating procedure C E(k
P
M) for the above-mentioned enciphering operation E are known, the determination of the message M is difficult in consideration of the *eo. amount of calculation.
•The secret communication can be realized by 3 satisfying the following condition in addition to the foregoing conditions and The enciphering operation E(k
P
M) can be defined for all the messages (plain texts) M and there stands a relation: D(ks, E(k
P
M
Thus, since the k P is made public, anybody can execute the calculation of the enciphering operation E(k
P
but the restoration of the message M through the deciphering operation D(k s E(k
P
can only be made by the person who has the secret key k s On the other hand, the certified communication can be realized by satisfying the following condition in addition to the foregoing conditions and D(k s M) can be defined for all the messages (plain texts) M and there stands a relation: -I I-.P I, S hA M The deciphering operation D(ks, M) can be calculated only by the proper holder of the secret key 20 ks, and, even if another person pretends to be such proper holder of the secret key ks by calculating D(ks', M) with a false secret key ks', the receiver can confirm that the received information is false since E(k
P
D(ks', M. Also if D(k s M) is tampered with, there results E(k
P
D(ks, M, so that the receiver S. can confirm that the received information is improper.
In the following there will be shown the protocols 4 of secret communication, certified communication and secret communication with signature from a transmitter A to a receiver B by the public key cipher, wherein the transmitter A is assumed to have a secret key kSA and a public key kP, and the receiver B is assumed to have a secret key kSB and a public key kPB.
Secret communication The secret communication of a message (plain text) M from the transmitter A to the receiver B is executed in the following procedure.
At first, in a step 1, the transmitter A enciphers the message M with the public key kPB of the receiver B and sends the cipher text C to the receiver B, wherein: C E(kPB, M).
Then, in a step 2, the receiver B deciphers the received cipher text C with his own secret key kSB to obtain the original plain text M by: M D(kSB, C).
Since the public key kPB of the receiver B is made 20 public to unspecified plural persons, the secret communication to the receiver B can be made not only by the transmitter A but also by any other person.
Certified communication The certified communication of a message (plain text) M from the transmitter A to the receiver B is executed in the following procedure.
At first, in a step 1i, the transmitter A generates 5 a transmission text S with his secret key kS, of the receiver A and sends it to the receiver B, wherein: S D(kS, M).
The transmission text S mentioned above is called a signature text, and the operation of obtaining such signature text S is called signing.
Then, in a step 2, the receiver B executes the restoring conversion of the signature text S with the public key kPA of the transmitter A, thereby obtaining the original plain text M by: M E(kPA, S) By the confirmation that the restored plain text M mentioned above constitutes a meaningful message, it is certified that the above-mentioned plain text M has certainly been transmitted from the transmitter A.
Since the public key of the transmitter A is made public to the unspecified plural persons, the signature text of the transmitter A can be certified not only by S the receiver B but also any other person. Such 20 certification is called digital signature.
Signed secret communication "The signed secret communication of a message (plain text) M from the transmitter A to the receiver B is executed in the following procedure.
At first, in a step 1, the transmitter A prepares a signed text S by signing the message M with the secret key kSA of the transmitter A, wherein: 6 S D(ksA, M).
Then the transmitter A enciphers the signed text S with the public key kP, of the receiver B and sends the cipher text C to the receiver B, wherein: C E(kPB, S).
Then, in a step 2, the receiver B deciphers the cipher text C with the secret key kSB of the receiver B to obtain the signed text S by: S D(ks, C).
Also the receiver B executes the restoring conversion of the signed text S with the public key kP, of the transmitter A, thereby obtaining the original plain text M by: M E(kPA, S).
By the confirmation that the restored plain text M mentioned above constitutes a meaningful message, it is certified that the above-mentioned plain text M has certainly been transmitted from the transmitter A.
The order of applications of the functions in the 20 foregoing steps of the signed secret communication may also be inverted. More specifically, in addition to "the above-mentioned procedure: Step 1: C E(kPs, D(kSA, M)) Step 2: M E(kPA, D(kSB, C)) the signed secret communication can also be realized by S. the following procedure: Step 1: C D(kSA, E(kP,, M)) 7 Step 2: M D(kSB, E(kPA, C)) Specific example of public key cipher As it is difficult to explain the individual cipher systems, in the following there will be explained the RSA cipher system as a specific example.
The RSA cipher was invented by Rivest, Shamir and Adleman of MIT and was named after their names.
The RSA cipher is presently one of the most promising public key ciphers. In the following there will be explained the basic principle of the RSA cipher, in the order key generation, (2) enciphering and deciphering.
Key generation The public key and the secret key are determined by the following algorithm.
1. Mutually different large prime numbers p, q are arbitrarily selected and the product n thereof is calculated by: n pq 20 2. The least common multiple L of and (q-l) is calculated, and there is selected an arbitrary integer e, which is relatively prime to thus calculated e least common multiple L and is smaller than the least Scommon multiple by: L LCM((p-1), GCD(e, L) 1 1 e L 8 wherein LCM indicates the least common multiple and GCD indicates the greatest common divisor.
3. The following congruence equation is solved, based on the arbitrary integer e and the least common multiple L determined in the foregoing step 2: ed l(modL) The values n) thus determined are used as the enciphering key while those n) are used as the deciphering key, in which e and n are the public keys while d is the secret key.
Enciphering For a plain text M and a cipher text C, the enciphering algorithm E is represented by: C E(M) Memodn wherein each of the plain text M and the cipher text C is an integer between 0 and n-1. If the original message is larger than the integer n, it is divided into blocks of a size n and the enciphering or the deciphering is applied in succession to such blocks.
20 Deciphering The deciphering algorithm D is represented by: •M D(C) Cdmodn In case of deciphering the plain text M enciphered by the above-mentioned enciphering algorithm E(M) Memodn: D(C) (Me)d ed M(modn) so that the original plain text M can be obtained.
9 Based on the above-explained principle, the public key can be disclosed for example in a telephone directory and it is no longer necessary to maintain a key individually with each of the unspecified plural persons. Therefore, in contrast to the secret key cipher system in which a key has to be secretly shared by the partners of communication prior to the execution of the communication, the public key cipher system has an advantage that the management and use of the keys are easier.
However, most public key cipher systems are unable, because of the structural limitation thereof, to select arbitrary public keys, so that the public key has merely been a number which is meaningless to the persons concerned.
On the other hand, a serious problem will arise unless the proper correlation is maintained between the key and the corresponding entity (entity of communication which is the user or the computer).
:06 20 More specifically there will result a situation where a document intended for a person A is erroneously o~ooo delivered to a person B, or a situation of "pretense" where a signature intended to be obtained from a person A is obtained from another person B.
oo 25 However, as long as the public key is a number meaningless to the involved persons, the correlation between an entity and its public key cannot be verified between an entity and its~ public key cannot be verified 10 directly by other arbitrary entities, so that the keys have be managed by a key list to be publicized by a reliable organization.
On the other hand, "the cipher system and the signature method based on ID", capable of employing as ID (personalized identification information such as name or address) as the public key, has been proposed for example by A. Shamir, "Identity-based cryptosystems and signature schemes", Proc. of Crypto '84, 1984 and by T. Okamoto and A. Shiraishi, "Safe user verifying method by single management information", IN83-92, 1984.
Such systems, having a structure allowing to use the ID of the entity as the public key, allows the user to understand the public key as the ID information.
Since the correctness of the public key can be understood in easier manner in comparison with other public key cipher systems, signature schemes, secret key cipher systems or identification systems, there can 20 be dispensed with the list of the keys.
As an example of the "ID-based cipher systems" S"mentioned above, there will be explained, in the following, the system proposed by S. Tsujii, T. Ito and K. Kurosawa, "ID-based cryptosystems using discrete S 25 logarithm problem" Elect. Lett., Vol. 23, No. 24, 1988.
Preparation At first, in a step 1, the center publicizes 11 n-dimensional vectors: a (al, a 2 an) h h 2 hn) h i galmodp (1 5 1 5 n) based on a prime number p, an original element g of a Galois field GF(p) and a Galois field GF(p), and a onedimensional function f.
Then, in a step 2, an entity i registers its ID:
ID
i (Xi 1 xi2, Xik) (k xiE{O, 1} (i 5 1 5 k) at the center.
Then, in a step 3, the center determines a modified ID: EID A f (IDi) (Yil, Yi 2 Yin) yilE{0, 1) (i I 1 5 n) and calculates a secret key Si of the entity i: Si ajyijmodp EIDi- a mod p and sends it to the entity i through a safe •communication path.
Enciphering The transmitting entity j at first determines an 0 25 arbitrary integer k, which is a secret of the transmitter only. Then it enters the ID of the receiving entity i into the enciphering apparatus, 12 which generates EIDj according to the foregoing function and calculates the product Z i of the elements hl, for which the corresponding yi, is 1, among the elements h, namely: S N Yil Zi= i h imodp 1=1 Zi can in fact be represented by:
N
E il Zi= 9g=1 gs mod p The transmitting entity j prepares a cipher text: C (gk, MZik)mod p from a plain text M according to the ElGamal cipher 15 system, and sends the cipher text to the receiving entity i.
Deciphering The receiving entity i calculates the Si-th power of the first term gk of the received cipher text C to S. 20 obtain: (gk)Si (gSi)k Z i mod p and divides the second term with Zik to obtain the plain text M.
In the following, as an example of the "ID-based signature scheme", there will be explained a system proposed by A. Fiat and A. Shamir, "How to prove yourself: practical solution to identification and 13 signature problems", Proc. Of Crypt '86, 1986.
System preparation The center selects prime numbers p and q, and publicizes the product N thereof and a one-directional function f for converting an arbitrary character train into N).
An entity A receives a secrecy SAj for its identifier I' from the center. The center confirms the correctness of IA of the entity, then determines: IDA f wherein j is a small parameter, then calculates: s Aj= 1 I DAjmo dN and transfers it to the entity A (for the purpose of 15 simplicity, representation is made as j 1, 2, 3, k).
Generation of signature The entity A signs the plain text M.
In a step 1, the entity A generates random numbers: Y1, Yt E[O, N) and calculates: x i yi 2 mod N Then, in a step 2, the entity A calculates: 25 f x1, x t and takes the initial kt bits as the value of ei, wherein: 14 (1 5 i 5 t, 1 j k) In a next step 3, the entity A calculates: yi= ri I1 SAj modN (i e ij =l and takes IA, M, ei and y, as the digital signature.
Verification of signature An entity B, receiving A, M, eij and y i calculates: IDAj= f(IAj) (1 k), zi= y n IDj mod N (1 <i t) ei=l and confirms that the initial kt bits of f(M, zi) coincide with eij.
In the following, there will be explained, as an 15 example of the "ID-based shared key (key delivery) system", a system proposed by E. Okamoto, "ID-based key delivery system", ISEC88-6, 1988.
Preparation The center generates a modulus n, a public key e 20 and a secret key d. The center is assumed to be reliable and d is maintained as the secret of the center.
Entry of user The center transfers (IDx, Sx, n, e, g) to a user 25 X, wherein g is a constant, and s, is represented by: sx IDX d mod n Generation of work key 15 In the following it is assumed that a key is generated between entities A and B. In a step 1, the entity A generates a random number rA and sends: XA sA grA mod n to the entity B, which similarly generates a random number r B and provides the entity A with: x sg grB mod n In a step 2, the entity A obtains: WKAB (IDBXeB)r gerA rBmod n while the entity B obtains: WKA (IDA XeA)rB ge'rA*rBmod n In the following, as an example of the "ID-based identification confirmation system", there will be explained the foregoing system proposed by A. Fiat and 15 A. Shamir, "How to prove yourself: practical solution to identification and signature problems", Proc. Of Crypt '86, 1986.
System preparation This is the same as that described in connection 20 with "ID-based signature scheme" Confirmation of identity An entity A proves that it is truly A, to another entity B.
In a step 1, the entity A sends I A to the other entity B.
Then, in a step 2, the other entity B calculates f(IA, j) (j 1, 2, k).
16 Then, following steps 3 to 6 are repeated from i 1 to i t.
In the step 3, the entity A generates a random number r i E[0, n) and sends x i ri 2 mod n to the other entity B.
In the step 4, the other entity B sends a random binary vector (eil, ek) to the entity A.
In the step 5, the entity A sends, to the other entity B: i =ri SAj mod N ei=l In the step 6, the other entity B confirms: X" i IDAjmodN 15 eij=1 However, the pretense may not be unavoidable even if the ID is taken as the public key. For example, in case of effect communication by exchanging the ID with a business partner, there can be considered a case where the given ID is not of such business partner itself but of another similar person or of an entirely different person.
Stated differently, even in the "ID-based cipher systems and signature schemes", though the public key has an understandable meaning, the adequacy of the given ID cannot be securely identified from the ID -17alone. Consequently the proper correspondence between the entity providing the public key (ID) and the provided public key (ID) is still not guaranteed, as in other public key systems.
Thus, a need clearly exists for the provision of an enciphering method, a deciphering method and a certifying method allowing secure confirmation of the correspondence between the entity itself and its public key, thereby preventing so-called pretense.
SUMMARY OF THE INVENTION In accordance with an aspect of the present invention, there is provided an encrypting method comprising: a first step, of inputting as a key, predetermined information associated with attribute information of an entry; a second step, of inputting the attribute information of the entity; a third step, of normalizing the attribute information input in said second step to be subject to a comparison processing so as to obtain a predetermined size of the attribute information; a fourth step, of comparing the attribute information normalized in said third step and attribute information obtained based on the key input in said first step; and 20 a fifth step, of, when said fourth step results in the attribute information provided in said third step being identical with the attribute information obtained based on the input S•key, encrypting information to be communicated by using the key.
In accordance with another aspect of the present invention, there is provided a decoding method comprising: a first step, of inputting as a key, predetermined information associated with attribute information of an entry; S"a second step, of inputting the attribute information of the entity; a third step, of normalizing the attribute information input in said second step to be subject to a comparison processing so as to obtain a predetermined size of the attribute information; oo. a fourth step, of comparing the attribute information normalized in said third step and attribute information obtained based on the key input in said first step; and a fifth step, of, when said fourth step results in the attribute information provided in said third step being identical with the attribute information obtained based on the input key, encrypting information to be communicated by using the key.
[R;\LIBPP]02887.doc:avc -18- In accordance with another aspect of the present invention, there is provided a certifying method for judging adequacy of an entity by comparing predetermined information, correlated with attribute information of the entity, with attribute information of the entity obtained by separately observing the attribute of said entity, wherein the separately observed attribute information is normalized prior to the comparison so as to obtain a predetermined size of the attribute information.
In accordance with another aspect of the present invention, there is provided a computer-readable storage medium for storing a program for executing an encrypting method, said encrypting method comprising: a first step, of inputting as a key, predetermined information associated with attribute information of an entry; a second step, of inputting the attribute information of the entity; a third step, of normalizing the attribute information input in said second step to be subject to a comparison processing so as to obtain a predetermined size of the attribute information; a fourth step, of comparing the attribute information normalized in said third step and attribute information obtained based on the key input in said first step; and a fifth step, of, when said fourth step results in the attribute information provided in said third step being identical with the attribute information obtained based on the input 0 20 key, encrypting information to be communicated by using the key.
The present invention will become fully apparent from the following detailed description of the embodiments, to be taken in conjunction with the attached drawings.
BRIEF DESCRIPTION OF THE DRAWINGS Fig. 1 is a schematic view showing the concept of an embodiment of the present invention; Fig. 2 is a schematic view showing an embodiment in which the concept shown in Fig. 1 is applied to the confirmation of identity; Fig. 3 is a schematic view showing an embodimentin which the concept shown S30 in Fig. 1 is applied to the enciphering; and Fig. 4 is a view showing a hardware configuration of an enciphering apparatus utilizing the concept of the present invention.
[R:\LIBPP]02887.dc:aVC 18a- DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Now the present invention will be clarified in detail by embodiments thereof, with reference to the attached drawings.
At first an embodiment will be explained with reference to a concept view shown in Fig. 1. In Fig. 1, there are shown an entity 11 that can be a user or a terminal device of various types, and a recording medium 12 (hereinafter called data carrier) such as an IC card, held by the entity 11.
[R:\LIBPP]02887.doc:avc 19 The present embodiment employs attribute information B n 1 specific to the entity 11 as the public key K 11 to be employed in one or plurality of the "IDbased enciphering system", "ID-based signature system", "ID-based shared key system" and "ID-based identification system" explained in the foregoing, and the center of the system records the above-mentioned attribute information B 11 in the data carrier 12 after the confirmation of the correspondence between the attribute information B 11 and the entity 11. In case the entity 11 is a user (person), the attribute information mentioned above can be the information on the biophysical (biomedical) features of such entity (user).
15 Consequently, in verifying the public key K 11 of the entity 11, the verifier reads the public key K 11 namely the attribute information B 11 of the entity Ii, o from the data carrier 12 provided by the entity 11 by means of a reader 13, then observes the attribute 20 information of the entity 11 by an observing device 14 *o and compares thus obtained information, thereby confirming that the entity 11 is the proper (true) •go• owner of the carrier 12 or that the biophysical attribute information recorded on the data carrier 12 25 is the public key of the entity 11 and being allowed to proceed to various subsequent operations.
The result B 11 of the above-mentioned observation 20 is compressed in conversion means 16 with a onedirectional function such as a Hush function to obtained a converted value h(B 1 and it is verified whether the value is equal to the attribute information B1 of the entity 11, read from the data carrier 12.
In this case, the above-mentioned attribute information B 11 is obtained by a conversion process similar to that in the converting means 16. In such case, data indicating the processing method (for example data indicating the kind of the function) are recorded in the data carrier 12 and are informed to the converter 16.
By constituting the attribute information B 11 with the data obtained by compressing the biophysical feature of a person, the data of a large data amount, such as the data of the face of the persun, can also be stored in the carrier 12 such as an IC card. Also the comparison of such compressed data allows to reduce the 20 time required therefor.
In the above-explained embodiment, the attribute information B 11 itself is employed as the public key K 11 but such public key K 11 may become undesirably known by secret observation of the attribute information. In 25 such case, the public key K 11 may be obtained by applying a process of a predetermined algorithm to the attribute information Bi.
21 In such case, the public key K 11 cannot be obtained from the attribute information B 11 as long as the abovementioned algorithm remains secret, so that the secret nature of the public key K 11 can be satisfactorily maintained.
In the following there will be explained, with reference to Fig. 2, a more specific embodiment utilizing the above-explained concept for the personal identification. In Fig. 2 there are shown a first entity 21, a second entity 22, a data carrier 23 storing the public key provided by the second entity 22, a computer 24, and a display The data carrier 23, provided as the public key by the second entity 22, is a recording medium such as a magnetic card, an IC card, a floppy disk or a CD-ROM.
It is assumed, in the present embodiment, that the biophysical attribute information of the entity is the face (or photographic data thereof) of the entity and that the data carrier 23 is a floppy disk.
20 System preparation The center (not shown) selects prime numbers p, q, and publicizes the product N thereof, a one-directional function f for converting an arbitrary character train into N) and a program for displaying the 25 photographic data of the face.
The entity A, joining the system, receives secret sAj corresponding to such facial photographic data from 22 the center in the following manner.
The center confirms that the above-mentioned entity A and the facial photographic data IA have a proper correspondence, then determines: IDAj f(I
A
j) wherein j is a small parameter, and calculates: sAj= 1 I DAjmo dN (for the purpose of simplicity representation is made as j 1, k).
Then the above-mentioned secret sAj is transferred to the entity A by any method that is available only to the entity A (for example by storage in an IC card of which the secret code number is only known to the 15 entity The entity A retains the facial photographic data I, stored in its data carrier.
Confirmation of public key o: In the following there will be explained the procedure, to be executed by the entity 21, for 20 confirming the identity of the second entity 22 that has undergone a procedure similar to the aboveexplained one for the entity A.
The first entity 21 receives the data carrier 23 from the second entity 22, and confirms that the public 25 key provided therein properly corresponds to the second entity 22 itself in the following manner.
The first entity 21 read the public key (facial 23 photographic-data) IA by a floppy disk drive connected to the computer 24, and displays such data on the display 25 by the facial photographic data displaying program. Then the first entity itself visually compares such display with the face of the second entity 22. In this manner the first entity 21 itself can securely judge whether the second entity 22 properly corresponds to the public key (facial photographic data) provided thereby.
Confirmation of identity In an embodiment in which the concept of the present embodiment is applied to the identity confirming method explained above, the ID is the biophysical attribute information of the entity, and 15 any physical attribute information enabling direct onsite confirmation by human observation can be employed as the public key.
0 In addition to the facial photograph, there may be employed, for example, the handwriting, fingerprint, palm print or voice print, which can be directly confirmed by persons, utilizing an image displaying program or a voice reproducing program on the computer o* 24, and such data are recorded as the public key in the data carrier 23.
Also such principle is applicable not only to the ID-based identification system but naturally also to the ID-based enciphering system, the ID-based signature 24 system, or the ID-based shared key system, or plurality thereof.
In the following there will be explained, with reference to Fig. 3, another embodiment in which the concept of the present invention is applied to an enciphering system. This embodiment employs an input device instead of the human eyes.
In Fig. 3, there are shown a first entity 31, a second entity 32, a data carrier 33 recording the public key provided by the second entity 32, a computer 34, a display 35 and an input device 36.
The present embodiment employs the fingerprint and an IC card instead of the facial photograph and the floppy disk in the foregoing embodiment.
15 System preparation In a step 1, the center publicizes n-dimensional vectors: a (al, a2, an) h h 2 i 20 h, gamodp (1 1 n) defined by a prime number p, an original element g of a Galois field GF(p) and a Galois field GF(p), also a one-directional function f and a fingerprint comparing program.
25 In a step 2, an entity i, joining the system, registers its fingerprint data:
ID
i (Xil, xi2, Xk) 25 wherein: (k xiE{0, 1) (i s 1 5 k) at the center.
Then, in a step 3, the center confirms the correspondence between the entity i and its fingerprint data IDi, then determines:
EID
i A f(ID,) (Y 11 Yi 2 Yin) (2) yniE{O, 1) (i 5 1 S n) also calculates the secret key Si of the entity -i: Si- ajyijmodp SEIDi a mod p and sends it to the entity i through a safe communication path.
In a step 4, the entity i stores the fingerprint data IDi, in its data carrier.
Confirmation of public key Now there will be explained the case of cipher 20 communication by the first entity 31, with the second entity 32 that has undergone a process similar to the above-explained one for the entity i.
The first entity 31 receives the data carrier (ID card) 33 and confirms that the public key provided 25 therein properly corresponds to the second entity 32 itself, in the following manner.
The first entity 31 reads the public key 26 (fingerprint in this case) from the data carrier 33, utilizing an IC card reader connected to the computer 34. At the same time, the fingerprint of the second entity 32 is scanned by the input device 36 (for example a surface irregularity detector) connected to the computer 34, and thus scanned fingerprint of the second entity 32 is compared with the fingerprint data read as the public key by the fingerprint comparing program of the computer 34. Such procedure allows to judge whether the second entity 32 properly corresponds to the public key (fingerprint data) provided by the second entity 32.
Cipher communication The first entity 31 executes the cipher communication with the second entity 32, by a procedure similar to that for the entity j in the "ID-based enciphering system" explained in the foregoing.
In the present embodiment, the biophysical attribute information of the entity constitutes the 20 public key, and any attribute information allowing confirmation of the entity itself through the use of any device can be utilized as the public key.
In addition to the fingerprint explained above, there may be employed, for example, the palm print, handwriting, voice print, iris pattern or retina pattern may be selected as the public key. Such palm print, handwriting, voice print, iris pattern or retina 27 pattern can be directly confirmed by an input device, such as a surface irregularity sensor, a pen tablet, a microphone or a camera, connected to the computer 34, and the data carrier 33 stores the data, obtained with such input device and suitably converted if necessary, as the public key. In case of rewriting the abovementioned attribute information, there is preferably employed a security measure such as entry of a password representing the entity itself.
Also such principle is applicable not only to the ID-based enciphering system but naturally also to the ID-based signature system, the ID-based shared key system or the ID-based identification system, or plurality thereof.
In any of the foregoing embodiments, if the biophysical attribute information has a large data S.amount, the public key may be obtained by reducing the data amount of such information by a known compression function indicated as in Fig. 1 (for example a one- 20 directional function for projecting the input into a smaller random size).
Fig. 4 shows an example of the hardware configuration in which the concept of the present invention is applied to an enciphering apparatus or the 25 like.
As shown in Fig. 4, the apparatus is composed of a microcomputer consisting of a CPU i, a ROM 2 and a RAM 28 3 connected by a data bus 4.
There are also provided biophysical attribute information input means 5 such as an IC card reader or a scanner for entering the biophysical attribute information, display means 6 for displaying various information on an image display area, sound generation means 7 for generating various sound information, and a camera 8 for observing the entity.
The ROM 2 is used for storing various programs constituting function means of the above-mentioned units, while the RAM 3 is used for temporarily storing various data and as the work memory of the CPU i.
The CPU 1 mechanically, optically or magnetically detects and recognizes the medium, such as an IC card, storing such attribute information, detects the attribute information by the biophysical attribute :eoee o input means 5, also observes the entity by the camera 8 and executes a process of conversion and/or comparison according to the programs or algorithms stored in the S 20 ROM 2.
The camera 8 is adapted to normalize the phototaken data so as to obtain a predetermined size within the imaging angle, and the above-mentioned algorithm of comparison is adapted to absorb the 25 fluctuation in size within a predetermined range, in the data obtained from the camera 8.
In such configuration, the microcomputer 29 consisting of the CPU i, ROM 2, RAM 3 and data bus 4 constitutes conversion means (converter) for compressing the biophysical attribute information of the entity, observation means (observing device) for observing the biophysical attribute information of the entity, comparison means (reader) for comparison with the key information provided as thekey of the entity, judgment means (comparator) for judging the adequacy of the correspondence between the biophysical attribute information of the entity and the key information, and verification means for verifying whether the key information read from the medium storing the key information is equal to the observed biophysical attribute information of the entity, thereby providing an enciphering apparatus, a signing apparatus, a key sharing apparatus or an identity confirming apparatus utilizing the concept of the present invention.
SAlso in the present embodiment, in case the attribute information read from the carrier does not 20 coincide with the data through the camera 8, such situation may be displayed on the display means 6, and, in consideration of the possibility of an improper use, the entity photographed by the camera 8 and the time of **.operation may be stored in the memory 3 or may be 25 transmitted as a warning to another location through an unrepresented network. In this manner the system can prevent the trouble and can assist the survey of a 30 crime.
As explained in the foregoing, the present invention, utilizing the attribute information specific to the entity or the information obtained by suitable compression and/or conversion as the key or a key corresponding to such information, enables direct confirmation of the correspondence between the entity and the key through the physical attribute information mentioned above. Thus the present invention enables secure communication with the true entity person and can securely prevent pretense by any other third person. Also, even between the entities in mutual distant locations, the correspondence between the unseen entity and his public key can be confirmed as long as the communication line between the entities and the devices thereof are reliable.
Sany widely different4- embodiments of the present invention may be constructed without departing from the spirit and scope of the present invention. It should 20 be understood that the present invention is not limited to the specific embodiments described in the specification, except as defined in the appended **claims.

Claims (32)

1. An encrypting method comprising: a first step, of inputting as a key, predetermined information associated with attribute information of an entry; a second step, of inputting the attribute information of the entity; a third step, of normalizing the attribute information input in said second step to be subject to a comparison processing so as to obtain a predetermined size of the attribute information; a fourth step, of comparing the attribute information normalized in said third step and attribute information obtained based on the key input in said first step; and a fifth step, of, when said fourth step results in the attribute information provided in said third step being identical with the attribute information obtained based on the input key, encrypting information to be communicated by using the key.
2. A method according to claim 1, wherein said attribute information of the entity is information indicating a physical feature of said entity.
3. A method according to claim 1, wherein said predetermined information is 20 information obtained by applying a predetermined process to said attribute information, thereby reducing an information amount thereof. .00.
4. A method according to claim 3, wherein said predetermined process employs a one-directional function.
A method according to claim 3, wherein said predetermined information and information indicating said predetermined process are recorded in a single recording medium. 0.00 30
6. A method according to claim 1, wherein said predetermined information is used g :*as a public key in a public key cipher system.
7. A method according to claim 6, wherein said predetermined information is recorded in a portable recording medium and is obtained by reading said medium. (R:\LIBPP]02887.doc: avc -32-
8. A method according to claim 6, wherein said entity is an entity at a destination of communication, and the attribute of said entity corresponding to said predetermined information is separately observed and the information obtained by said observation is compared with said predetermined information.
9. A method according to claim 5, wherein said predetermined information and information indicating said predetermined process are recorded in a single recording medium, and information obtained by processing the information, obtained by observation, according to the information indicating said predetermined process is compared with said predetermined information.
A method according to claim 1, wherein said predetermined information is used as a secret key in a public key cipher system.
11. A method according to claim 10, wherein said entity is an enciphering entity, and is adapted to operate with a secret key obtained by applying a predetermined process to said attribute information and a public key corresponding to said secret key.
12. A method according to claim 10, wherein information corresponding to a public 20 key is recorded in a portable recording medium.
°13. A decoding method comprising: o°#o a first step, of inputting as a key, predetermined information associated with attribute information of an entry; a second step, of inputting the attribute information of the entity; a third step, of normalizing the attribute information input in said second step to be subject to a comparison processing so as to obtain a predetermined size of the attribute information; S a fourth step, of comparing the attribute information normalized in said third step and attribute information obtained based on the key input in said first step; and a fifth step, of, when said fourth step results in the attribute information provided in said third step being identical with the attribute information obtained based on the input key, encrypting information to be communicated by using the key. [R:\LIBPP]02887.dC:avc 33
14. A method according to claim 13, wherein said attribute information of the entity is information indicating a physical feature of said entity.
A method according to claim 14, wherein said predetermined information is information obtained by applying a predetermined process to said attribute information, thereby reducing an information amount thereof.
16. A method according to claim 15, wherein said predetermined process employs a one-directional function. I0
17. A method according to claim 16, wherein said predetermined information and information indicating said predetermined process are recorded in a single recording medium.
18. A method according to claim 13, wherein said predetermined information is used as a public key in a public key cipher system.
19. A method according to claim 18, wherein said predetermined information is °recorded in a portable recording medium and is obtained by reading said medium.
20. A method according to claim 19. wherein said entity is an entity at a source of Scommunication, and the attribute of said entity corresponding to said predetermined information is separately observed and the information obtained by said observation is compared with said predetermined information.
21. A method according to claim 15, wherein said predetermined information and 0information indicating said predetermined process are recorded in a single recording "medium, and information obtained by processing the information, obtained by 0:0. observation, according to the information indicating said predetermined process is 30 compared with said predetermined information.
22. A method according to claim 13, wherein said predetermined information is used as a secret key in a public key cipher system. [RALI BPPJ28s7.doc:avc -34-
23. A method according to claim 22, wherein said entity is a deciphering entity, and is adapted to operate with a secret key obtained by applying predetermined process to said attribute information and a public key corresponding to said secret key.
24. A method according to claim 23, wherein the information corresponding to said public key is recorded in advance in a portable recording medium.
A certifying method for judging adequacy of an entity by comparing predetermined information, correlated with attribute information of the entity, with attribute information of the entity obtained by separately observing the attribute of said entity, wherein the separately observed attribute information is normalized prior to the comparison so as to obtain a predetermined size of the attribute information.
26. A method according to claim 25, wherein said predetermined information is used as a public key in deciphering in a public key cipher system, and said entity is the entity at a source of communication.
27. A method according to claim 25, wherein said predetermined information is used as a public key in enciphering in a public key cipher system, and said entity is the entity at 20 a destination of communication.
28. A computer-readable storage medium for storing a program for executing an encrypting method, said encrypting method comprising: a first step, of inputting as a key, predetermined information associated with attribute information of an entry; a second step, of inputting the attribute information of the entity; a third step, of normalizing the attribute information input in said second step to 0o~ be subject to a comparison processing so as to obtain a predetermined size of the attribute information; a fourth step, of comparing the attribute information normalized in said third step S"and attribute information obtained based on the key input in said first step; and a fifth step, of, when said fourth step results in the attribute information provided in said third step being identical with the attribute information obtained based on the input key, encrypting information to be communicated by using the key. [R:\LIBPP]0288Tdoc:avc
29. An encrypting method substantially as described herein in relation to any one embodiment with reference to the drawings.
A decoding method substantially as described herein in relation to any one embodiment with reference to the drawings.
31. A certifying method substantially as described herein in relation to any one embodiment with reference to the drawings.
32. A computer-readable storage medium substantially as described herein in relation to any one embodiment with reference to the drawings. DATED this Twenty-fifth Day of June, 2003 Canon Kabushiki Kaisha Patent Attorneys for the Applicant SPRUSON FERGUSON f [R:\LIBPP]02887.doc:avc
AU69973/01A 1996-04-19 2001-09-10 Enciphering method, deciphering method and certifying method Ceased AU764405B2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP8-098668 1996-04-19
AU18980/97A AU1898097A (en) 1996-04-19 1997-04-18 Enciphering method, deciphering method and certifying method

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
AU18980/97A Division AU1898097A (en) 1996-04-19 1997-04-18 Enciphering method, deciphering method and certifying method

Publications (2)

Publication Number Publication Date
AU6997301A AU6997301A (en) 2001-11-08
AU764405B2 true AU764405B2 (en) 2003-08-21

Family

ID=27768019

Family Applications (1)

Application Number Title Priority Date Filing Date
AU69973/01A Ceased AU764405B2 (en) 1996-04-19 2001-09-10 Enciphering method, deciphering method and certifying method

Country Status (1)

Country Link
AU (1) AU764405B2 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5469509A (en) * 1993-12-30 1995-11-21 Monster Cable International, Ltd. Car audio system with high signal output
WO1996008093A1 (en) * 1994-09-07 1996-03-14 Mytec Technologies Inc. Biometric controlled key generation
US5528231A (en) * 1993-06-08 1996-06-18 Bull Cp8 Method for the authentication of a portable object by an offline terminal, and apparatus for implementing the process

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5528231A (en) * 1993-06-08 1996-06-18 Bull Cp8 Method for the authentication of a portable object by an offline terminal, and apparatus for implementing the process
US5469509A (en) * 1993-12-30 1995-11-21 Monster Cable International, Ltd. Car audio system with high signal output
WO1996008093A1 (en) * 1994-09-07 1996-03-14 Mytec Technologies Inc. Biometric controlled key generation

Also Published As

Publication number Publication date
AU6997301A (en) 2001-11-08

Similar Documents

Publication Publication Date Title
EP0802654B1 (en) Enciphering method, deciphering method and certifying method
US7188362B2 (en) System and method of user and data verification
US8543825B2 (en) Method and apparatus for input of coded image data
US8325994B2 (en) System and method for authenticated and privacy preserving biometric identification systems
JP5201136B2 (en) Anonymous authentication system and anonymous authentication method
US6940976B1 (en) Generating user-dependent RSA keys
US20050005136A1 (en) Security method and apparatus using biometric data
CN111294203B (en) Information transmission method
US7693279B2 (en) Security method and apparatus using biometric data
CN114900304A (en) Digital signature method and apparatus, electronic device, and computer-readable storage medium
US20040153652A1 (en) Method, apparatus, system, and program for creating ring signature
JPH09147072A (en) Personal authentication system, personal authentication card and center equipment
CN114499887A (en) Signature key generation and related methods, systems, computer devices, and storage media
JP2006524352A (en) Identity-based encryption method and apparatus based on biometrics
US6928163B1 (en) Methods, systems and computer program products for generating user-dependent RSA values without storing seeds
AU764405B2 (en) Enciphering method, deciphering method and certifying method
GB2421407A (en) Generating a shared symmetric key using identifier based cryptography
JPS62216447A (en) Message validation communication system
JPS62254543A (en) Electronic transaction system
JP3862397B2 (en) Information communication system
JP3548538B2 (en) Video input device and video input system
JP2002330129A (en) Coding device, decoder and communication system
Janbandhu et al. A new biometric based Signature system
CN116318717A (en) Electronic file certification method, system, terminal and medium based on trusted timestamp
Janbandhu et al. Modified Private Key Generation for Biometric Signatures

Legal Events

Date Code Title Description
FGA Letters patent sealed or granted (standard patent)