JP2002111659A - File encryption system, file encryption program and storage medium having recorded data - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a file encryption system for extracting a personal key as a peculiar secret information of each user with an input of a user authentication information and a group key as a secret information of a group with a combination key obtained by collecting personal keys of the specified number of users. SOLUTION: This file encryption system comprises: an authentication key generating means 102 for generating an authentication key using a unidirectional Hash function from an input authentication information; an authentication means 103 for generating an authenticator using the unidirectional Hash function from the authentication key and then conducting the authentication; a personal key decoding means 104 for decoding with the authentication key the personal key stored as the key encrypted previously with the authentication key; a combination key generating means 105 for generating the combination key by combining the personal keys of k users belonging to the group, a group key decoding means 106 for decoding the previously stored group key with the combination key; and a file encrypting/decoding means 107 for encrypting/decoding a file with the group key.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a file encryption system and a recording medium on which a file encryption program is recorded. More particularly, a plurality of users mutually encrypt or decrypt a shared file (hereinafter referred to as "encryption / decryption"). Share the key for encryption / decryption to be able to
The present invention relates to a file encryption system, a file encryption program, and a recording medium that records data.

[0002]

2. Description of the Related Art Hitherto, a file encryption system of this kind has been used as a security method for protecting a computer from being stolen or lost or against unauthorized access to a file while ensuring file access by an authorized user. I have.

One example of a conventional file encryption system is
It is described in JP-A-2000-099385.
The file encryption system described in this publication generates a common group key in advance, distributes the group key to a computer of a user who wants to share the encrypted file, and encrypts the header information of the encrypted file with the group key. Session key (key used to encrypt file contents)
By embedding, a plurality of users having the same group key can mutually encrypt / decrypt a shared file.

[0004] In addition, Japanese Patent Laid-Open No.
Japanese Patent Publication No. 2 (1999) discloses an example of an encryption system. In the cryptographic system described in this publication, a secret key shared by a group is secretly shared into a plurality of partial keys, and each is kept secret by a user. Thus, encryption / decryption can be performed only after a predetermined number of partial keys are collected from a plurality of users in the group.

[0005]

An object of file encryption is to protect the confidentiality of information recorded on a non-volatile storage medium such as a magnetic disk which can be easily read / written. In the case of encrypting information on the communication line, the encryption key can be disposable for each session, but in the case of file encryption, after a certain period, for example, after several days or months. Or, since it must be decrypted some years later, the key used for the encryption must also be stored in a non-volatile storage medium.

[0006] Here, confidentiality cannot be ensured if the encryption key is recorded in the same storage medium as the encrypted information in a bare state. It is necessary to take measures such as encrypting the encryption key itself. Even in such a case, it is necessary to protect the confidentiality of the key used for encrypting the encryption key. Key storage is extremely important for security operations. When such important information is stored by a human, a secret sharing scheme such as a (k, n) threshold method is used to prevent unauthorized use. In the secret sharing scheme based on the (k, n) threshold method, the secret key is divided into n partial keys, and the original secret key can be restored by collecting any k from the n keys. If the number is small, the original secret key cannot be obtained at all.

However, even when the secret sharing scheme is used, the problem of confidentiality of a partial key stored by each user cannot be solved.

In addition, the secret sharing scheme is characterized in that, even if a specific partial key is collected in a predetermined number or more, the original secret key cannot be restored, and a predetermined number of partial keys including one or more different partial keys are not restored. The original private key can be recovered if collected. "

Further, the above secret sharing scheme requires an administrator (dealer) who generates a partial key and distributes the partial key to each user, and furthermore, it is necessary to collect and discard the partial key once distributed. There is a problem that it is not possible to flexibly cope with a change in the number of users in a group or an increase or decrease in the number of users, because it can only be performed by completely trusting users.

Japanese Patent Application Publication No. 2000-502827 discloses a technique of combining passwords corresponding to a selected group among hashed user passwords to form a password key for encrypting a file key. I have.

However, this conventional technique has a problem that an individual password cannot be changed unless members of the selected group are available. This is because changing the personal password involves changing the combination key, and reconstructing the combination key requires input of the password of the members of the selected group.

Further, when an individual belongs to a plurality of groups, it is necessary to arrange the selected groups of each belonging group. These have a problem that they obviously hinder the security requirement that the password must be changed frequently.

Further, there is the following problem based on the fact that the group configuration must be changed by the group member. (1) When creating a new group, all members who join the new group must gather and enter their own passwords. It has to be entered and it is complicated. (2) If a large number of members belonging to a group lose their passwords, it will be impossible to decrypt the encrypted file, or members of each group will be aware of all operations, including management operations that are rarely performed. There is a problem that must be.

[0014]

SUMMARY OF THE INVENTION Accordingly, an object of the present invention is to decrypt private information unique to each user, that is, a private key that has been encrypted and stored in an external storage device only by inputting user authentication information. The secret information of the group, that is, the encrypted group key stored in the external storage device is decrypted and extracted with a combination key obtained only after collecting a predetermined number of user's personal keys. The object of the present invention is to provide a file encryption system which can perform the following.

Another object of the present invention is that a group key encrypted and stored in an external storage device cannot be decrypted even if a predetermined number of personal keys of a user defined as a guest are collected. Another object of the present invention is to provide a file encryption system that can collect and obtain a predetermined number of users' personal keys including one or more users other than the above and decrypt them with a combination key obtained for the first time.

Still another object of the present invention is to add / delete a user or a group, and use a system management group which uses a group key for encrypting / decrypting a personal key of each user and a group key of each group. It is an object of the present invention to provide a file encryption system capable of controlling a change in system configuration information such as a configuration change.

In order to achieve the above object, the present invention decrypts an encrypted personal key by using an authentication key generated by using a hash function from input user authentication information, The encrypted group key is decrypted using the combination key generated using the personal keys of a plurality of predetermined users belonging to the same group, and the file is encrypted / decrypted using the decrypted group key. It decrypted.

According to the present invention, a predetermined user belonging to the same group is defined as a guest, and a combination generated using personal keys of a plurality of predetermined users including personal keys of users other than the guest belonging to the same group. The encrypted group key can now be decrypted using only the key.

Further, in these cases, the personal key of each user and the group key of each group deposited in the system management group are encrypted / decrypted with the group key of the system management group, and are encrypted with the group key of the system management group. The change control of the system configuration information is performed using the decrypted personal key or group key.

Here, the type of system configuration control corresponds to, for example, user addition, user deletion, group addition, group deletion, change of the user configuration in a group, and the like.

More specifically, the first file encryption system of the present invention provides an authentication key generation means (102 in FIG. 1) for generating an authentication key from input authentication information by calculation using a one-way hash function. ) And an authentication unit (103 in FIG. 1) for generating an authenticator by calculation using a one-way hash function from the authentication key and comparing the generated authenticator with an authenticator stored in an external storage device in advance. A personal key decrypting means (104 in FIG. 1) for decrypting a personal key, which is previously encrypted with an authentication key and stored in an external storage device, with an authentication key; Combination key generation means (1 in FIG. 1) for generating a combination key by combining
05), and a group key decrypting means for decrypting a group key encrypted with each of the _n C _k combination keys that can be generated and stored in advance in an external storage device with a combination key of arbitrary k users ( 1) and file encryption / decryption means (107 in FIG. 1) for encrypting / decrypting a file with a group key.
That is, the personal key that is encrypted and stored in the external storage device can be decrypted and extracted only by inputting the user's authentication information, and the secret information of the group, that is, the encrypted private key that is stored in the external storage device can be obtained. A group key can be decrypted and extracted with a combination key obtained only after collecting a predetermined number of user's personal keys, and the file is encrypted / decrypted with the group key.

With the above configuration, the secret state of each user's personal key can be ensured.

[0023] The second file encryption system of the present invention defines the m people in the user n humans as a guest, without the combination of a combination in the user n human k's in guest m human k's _n C _k - _m C _k pieces encrypted with each combination key, the group key stored in advance in the external storage device is decrypted with any user k's combination key including the user one or more other guests The group key decrypting means (106 in FIG. 3) is replaced with the group key decrypting means (106 in FIG. 1) of the first file encryption system of the present invention, and the encrypted group key stored in the external storage device is replaced with the group key decrypting means. Even if a predetermined number of personal keys of users defined as guests are gathered, they cannot be decrypted, and a group obtained only by gathering personal keys of a predetermined number of users including one or more non-guest users can be obtained. It operates so that it can be decrypted and extracted with the matching key.

Thus, more detailed access right management can be performed within the same group, and illegality within the group can be prevented.

Further, in the third file encryption system of the present invention, a system management group for using a group key for encrypting / decrypting a personal key of each user and a group key of each group is provided, and the system configuration information is changed. The system configuration control means (108 in FIG. 5) for performing control is the first type of the present invention.
Alternatively, a user or a group can be added or deleted by a system management group that is added to the second file encryption system and uses the group key to encrypt / decrypt each user's personal key and each group's group key. The operation is performed so that change control of system configuration information such as configuration change can be performed.

With the above configuration, the personal key and the group key can be deposited to the system management group, and the system management group can cope with the change to the system configuration information.

Thus, the security function can be improved while flexibly responding to changes in the system configuration information.

In this specification, the recording medium is, for example,
In addition to hard disk (HD), DVD-RAM, flexible disk (FD), CD-ROM, etc., RAM
And a memory such as a ROM.

The means does not simply mean a physical means, but also includes a case where the function of the means is realized by software. Further, even if the function of one means is realized by two or more physical means,
The function of one or more means may be realized by one physical means.

Further, the invention of the above system can be realized as a program for causing a computer to realize a predetermined function or a recording medium on which the program is recorded. Also,
The above invention is also realized as data used when a computer realizes a predetermined function or a recording medium on which the data is recorded.

[0031]

Next, embodiments of the present invention will be described in detail with reference to the drawings. Here, FIG. 1 is a block diagram showing a configuration of the first exemplary embodiment of the present invention.

Referring to FIG. 1, in a first embodiment of the present invention, a server device 100, a plurality of client devices 200, 210, 220,.
00 and a communication path 400 for connecting these devices. Some or all of the client device and the file server may be incorporated in the server device.

The server device 100 includes a server control unit 10
1, an authentication key generation unit 102, an authentication unit 103, a personal key decryption unit 104, and a combination key generation unit 105
, A group key decryption means 106 and a file encryption / decryption means 107. On the magnetic disk 110 of the server device 100, a user information table 111 and a group information table 112 are recorded.

Client devices 200, 210, 22
0,... Indicate client control means 201,
211, 221 and so on. File server 3
., Files 311, 312, 313,... To be encrypted / decrypted are stored in the magnetic disk 310.

Each of these means operates as follows. The server control means 101 communicates with the client devices 200, 210, 220,.
The entire operation of the server device 100 is controlled. The authentication key generation means 102 generates an authentication key by calculation using a one-way hash function based on the authentication information received from the server control means 101. The authentication information is stored in the client control means 201, 211, 221 when the user logs on.
Are input to the server control means 101.

The authentication means 103 includes an authentication key generation means 102
Generates an authenticator by calculation using a one-way hash function based on the generated authentication key, and compares the authenticator with the authenticator stored in the user information table 111 in the magnetic disk 110 to authenticate the user. Do.

The personal key decryption means 104 is encrypted with the authentication key and stored in the user information table 11 in the magnetic disk 110.
1 is decrypted with the authentication key generated by the authentication key generation means 102.

The combination key generation means 105 collects a predetermined number of personal keys obtained by the personal key decryption means 104, and combines these personal keys to generate a combination key.

The group key decryption means 106 decrypts the group key encrypted by the combination key and stored in the group information table 112 in the magnetic disk 110 with the combination key obtained by the combination key generation means 105.

The file encrypting / decrypting means 107 stores the file 3 in the magnetic disk 310 of the file server 300.
.., Group key decryption means 1
Encrypt or decrypt with the group key obtained in 06.

Client control means 201, 211, 2
, Are dialogues with the user and the server device 10
The communication with 0 is performed.

Next, the overall operation of this embodiment will be described in detail with reference to FIGS.

FIG. 2 is a diagram showing a specific example of the details of the user information table 111 and the group information table 112 and a procedure for obtaining a group key from authentication information of a plurality of users.

The user information table 111 stores, for all users managed by the system, the user identifier of each user, and the corresponding authenticator and encrypted personal key (111 in FIG. 2). The encrypted personal key is obtained by encrypting a personal key unique to the user using a value obtained by hashing the authentication information of the user with a one-way hash function as a key (authentication key). This is a value obtained by further hashing the key used for the conversion with a one-way hash function. The authentication information of the user may be any information, such as a password, IC card information, and fingerprint information, as long as it can confirm the identity of the user.

In the group information table 112, for all groups managed by the system, the group identifier of each group, the corresponding user list, the threshold,
User combination information and an encrypted group key are stored (112 in FIG. 2). The user list includes the user identifiers of all users belonging to the group. The threshold is the number of people who need agreement when encrypting / decrypting the file. The user combination information indicates, by a user identifier, a combination for selecting the threshold value k from all the users n in the group, and therefore, there are a total of _n C _k groups in one group. It should be noted that an arbitrary combination smaller than _n C _k pairs may be set as the combination of the threshold value k. The encrypted group key is obtained by encrypting a group key unique to a group with a combination key obtained by combining personal keys of k users indicated in the user combination information. The group key is used as a key for encrypting / decrypting a file shared between users in the same group. For generating the combination key, for example, a combination method is possible in which the individual keys of the threshold k users are connected and a value obtained by hashing the individual keys with a one-way hash function is used as the combination key. In the following description, this method is used.

First, k users who want to encrypt or decrypt a file first have client devices 200 and 21 of each user.
At 0, 220,..., A logon request operation to a specific group in the system is performed. The logon request includes a user identifier, authentication information, and a group identifier.
Are transmitted to the server control means 101 of the server apparatus 100 and passed to the authentication key generation means 102.

Next, the authentication key generation means 102 hashes the authentication information received from the server control means 101 with a one-way hash function, and uses the value as an authentication key (1 in FIG. 2).
02).

Further, the authentication means 103 hashes the authentication key generated by the authentication key generation means 102 with a one-way hash function, and uses the value as an authenticator to store the authenticator of the user stored in the user information table 111. (103 in FIG. 2). This makes it possible to determine whether or not the correct authentication information has been input. If the correct authentication information has been input, the authenticator matches and the logon is permitted, and the operation proceeds to the subsequent operations. If the authenticators do not match, the logon rejection is notified to the client device that requested logon, and the subsequent operations are stopped. Note that the user information table 111
Also, according to the information in the group information table 112, if the user identifier specified in the logon request does not exist, if the specified group identifier does not exist, or if the specified user is not a user in the specified group, logon is rejected. The subsequent operation is stopped.

Next, the personal key decryption means 104 uses the authentication key generated by the authentication key
The client decrypts the encrypted personal key of the user stored in 11 (104 in FIG. 2) and notifies the client device that has requested logon of logon permission. Since the correct authentication key is generated from the correct authentication information, the personal key is also correctly decrypted.

After the user logs on, the user performs a file encryption / decryption request operation using the client devices 200, 210, 220,... Of each user. The file encryption / decryption request includes an encryption / decryption type indicating whether to perform encryption or decryption, and a target file name, is input by the client control unit 201, and is input by the client control unit 201. And passed to the combination key generation means 105.

Here, the file encryption / decryption request requires the agreement of k users.
This can be done by permitting k-1 other users. Specifically, first, one of the users who wants to encrypt or decrypt the file is the requester, and in addition to the encryption / decryption type and the target file name, the user k-1 users who want to have permission are requested. The user identifier is input from the client device and sent to the server device.

Here, the server device has a confirmation means (not shown), and the server device refers to the designated k-1 user identifiers by this confirmation means, and makes each user the same as the requester. Check if you are logged on to the group. If each user is not logged on to the same group as the requester, the requester is notified of the file encryption / decryption rejection to the client device, and the subsequent operations are stopped. Next, the server device transmits the encryption / decryption type, the target file name, and the user identifier of the requester to each of the client devices on which the designated k-1 users are logged on. Each user who becomes an authorizer confirms the request content received from the server device with each client device, inputs a response as to whether to permit, and transmits the response to the server device. The server device is k-
If the permission of one person is obtained, the process proceeds to the subsequent operation. If the permission is not obtained, the client apparatus of the requester is notified of the refusal of file encryption / decryption, and the subsequent operation is stopped. In addition,
Each user's permission may involve entry of each user's own authentication information.

The combination key generation means 105 performs file encryption / decryption of the private key obtained by the personal key generation means 104.
The personal keys of the k users who made the decryption requests are concatenated, hashed by a one-way hash function, and the value is used as a combination key (105 in FIG. 2).

The group key decryption means 106 obtains an encrypted group key corresponding to the combination of the k users from the group information table 112 in accordance with the user identifiers of the k users who made the file encryption / decryption requests and the group identifier of the logged-on user. Is extracted and decrypted with the combination key generated by the combination key generation means 105 (106 in FIG. 2).

Finally, file encryption / decryption means 107
.., From the files 311, 312, 313,... In the magnetic disk 310 of the file server 300 using the group key decrypted by the group key decryption means 106. A corresponding file is selected, and the file is encrypted or decrypted according to the encryption / decryption type. As a method of file encryption / decryption, a method of encrypting a file content with a session key (random number) at the time of encryption and recording a session key encrypted with a group key in a header portion of the encrypted file may be used. good.

Next, the effect of the present embodiment will be described.

In the present embodiment, the secret information unique to each user, that is, the personal key encrypted and stored in the external storage device can be decrypted and extracted only by inputting the user's authentication information. , That is, the group key encrypted and stored in the external storage device can be decrypted and extracted with a combination key obtained only after collecting a predetermined number of user's personal keys. The file is encrypted with a group key, the group key is encrypted with a combination key obtained by synthesizing the personal keys of k users out of n users, and the personal keys are encrypted with the authentication keys of each user, and each is stored on a magnetic disk. I have. The authentication key is a hash value of the authentication information, and the authentication information is external information obtained only from the user. Also, an authenticator for personal identification is stored on the magnetic disk. This authenticator is a hash value of the authentication key, and uses a one-way hash function. I can't get it either. Therefore, even if all the recorded contents of the magnetic disk existing in the system are directly read due to fraud, the fraudster cannot obtain information other than his / her personal key,
It is possible to protect the confidentiality of the encrypted file as long as no more than k insiders gather and collude.

Next, a second embodiment of the present invention will be described in detail with reference to the drawings.

FIG. 3 is a block diagram showing the configuration of the second embodiment of the present invention. In the present embodiment, the group key decryption means 106 of the server device 100 and the group information table 11 recorded on the magnetic disk 110 of the server device 100 in the first embodiment shown in FIG.
2 is replaced by another.

FIG. 4 is a diagram showing details of the user information table 111 and the group information table 112 and a specific example of a procedure for obtaining a group key from authentication information of a plurality of users.

The group key decryption means 10 in this embodiment
6 defines m out of n users as guests, and encrypts each of _n C _{k −m} C _k combination keys _obtained by excluding the combination of k out of m users from the combination of k out of n users. The operation is such that the group key stored in the group information table 112 in the magnetic disk 110 is decrypted by a combination key of k arbitrary users including one or more users other than the guest.

In the group information table 112, a guest list corresponding to each group is additionally stored for all groups managed by the system (1 in FIG. 4).
12). The guest list includes a user identifier of a user defined as a guest among all users belonging to the group. The user combination information indicates, by a user identifier, a combination excluding the combination of selecting k guests from m guests among the combinations of selecting the threshold k users from all n users of the group. There are a total of _n C _{k -m} C _k pairs in the group. Only the encrypted group key corresponding to the user combination information is stored.

In this embodiment, until the combination key generation means 105 generates the combination key by combining the individual keys of the k users who made the file encryption / decryption requests.
The operation is the same as that of the first embodiment (102 to 1 in FIG. 3).
05).

Thereafter, the group key decrypting means 106 refers to the guest list in the group information table 112, and if all k users who have issued the file encryption / decryption request are guests in the group to which the user is logged on. Notifies the client device of the requester of the refusal of file encryption / decryption, and stops the subsequent operations. If there are at least one non-guest user among k people,
In accordance with the user identifiers of the k users who made the file encryption / decryption requests and the group identifier of the logged-on user, an encryption group key corresponding to the combination of these k users is extracted from the group information table 112 and generated by the combination key generation unit 105. Decrypted with the combined key.

Finally, the file encryption / decryption means 107
.., From the files 311, 312, 313,... In the magnetic disk 310 of the file server 300 using the group key decrypted by the group key decryption means 106. A corresponding file is selected, and the file is encrypted or decrypted according to the encryption / decryption type. (107 in FIG. 3).

In the present embodiment, the group key encrypted and stored in the external storage device cannot be decrypted even if a predetermined number of personal keys of the user defined as the guest are collected, and the group key other than the guest cannot be decrypted. Personal keys of a predetermined number of users including one or more users can be collected and decrypted with a combination key obtained for the first time to be extracted. A group key for encrypting a file is encrypted with each of the _n C _{k -m} C _k combination keys _obtained by excluding the combination of k users out of n users and the combination of k guests out of m users. Since the stored files are stored, even if k or more internal fraudsters gather and collude, as long as users other than the guest are not included in the internal fraudsters, the confidentiality of the encrypted file can be protected.

Next, a third embodiment of the present invention will be described in detail with reference to the drawings.

FIG. 5 is a block diagram showing the configuration of the third embodiment of the present invention. In this embodiment, the system configuration control means 108 of the server device 100 is added to the second embodiment shown in FIG. 3, and the user information table 11 recorded on the magnetic disk 110 of the server device 100 is added.
1 and the group information table 112 are replaced with another one.

In the present embodiment, there is provided a system management group for using the group key for encrypting / decrypting the personal key of each user and the group key of each group. It operates to control the change of system configuration information such as addition / deletion of a group and change of a user configuration of a group.

FIG. 6 is a diagram showing a specific example of the procedure for obtaining the group key of the system management group from the details of the user information table 111 and the group information table 112 and the authentication information of a plurality of users in the system management group.

In the user information table 111, a management encryption personal key corresponding to each user is additionally stored for all users managed by the system (1 in FIG. 6).
11). The encrypted personal key for management is obtained by encrypting a personal key unique to a user with a group key of the system management group.

In the group information table 112, a management encryption group key corresponding to each group is additionally stored for all groups managed by the system (112 in FIG. 6). The management encryption group key is obtained by encrypting the group key unique to the group with the group key of the system management group. Note that the group information table also stores information on the system management group as with other groups, but the management encryption group key of the system management group may not be stored.

In this embodiment, the operation of file encryption / decryption performed by a group other than the system management group is as follows.
The operation is similar to that of the second embodiment (102 to 1 in FIG. 5).
07).

In this embodiment, the operation of the system configuration control performed by the system management group is added. The procedure for obtaining the group key of the system management group from the authentication information of a plurality of users of the system management group is as follows. The operation is almost the same as that of the second embodiment (102 to 10 in FIG. 6).
5). The difference from the second embodiment is that the request from the user of the system management group is not a file encryption / decryption request but a system configuration control request.

The system configuration control request includes the type of configuration control and additional information corresponding to the type. The types of configuration control include, for example, user addition, user deletion, group addition, group deletion, and change of the user configuration in a group. The additional information is, for example, a user identifier or authentication information of a user to be added in the case of adding a user.

The system configuration control unit 108 uses the group key decrypted by the group key decryption unit 106 to perform various operations specified by the system configuration control request, that is, various operations related to the user information table 111 and the group information table 112. Do. Hereinafter, some typical examples of the configuration control performed by the system configuration control unit 108 will be described. (1) Addition of User Information of a new user is additionally registered in the user information table. Here, a random number is generated for the personal key of the user to be added.

As the user identifier, the user identifier specified in the user addition request is registered. The management encryption personal key is
The personal key is encrypted and registered with the group key of the system management group. The authenticator and the encrypted personal key are created and registered from the authentication information specified in the user addition request. Specifically, a personal key is encrypted using a value obtained by hashing the authentication information with a one-way hash function as a key (authentication key) to obtain an encrypted personal key, and the key used for encrypting the personal key is further unidirectionally encrypted. The value hashed by the hash function is used as the authenticator. (2) Delete User Deletes the information of the specified user from the user information table. Further, all information of the designated user is deleted from the group information table. Specifically, the user identifier of the designated user is deleted from the user list of all groups, and all the combination information and the encryption group key including the designated user are also deleted. If the number of system management groups is less than the threshold value k or if there is no user other than the guest, the system configuration cannot be controlled thereafter. Reject. (3) Addition of group Information of a new group is additionally registered in the group information table. Here, a random number is generated for the group key of the group to be added.

As the group identifier and the threshold, the group identifier and the threshold specified in the group addition request are registered. The management encryption group key is registered by encrypting the group key with the group key of the system management group. The user list, guest list, user combination information, and encryption group key are empty. (4) Delete group Deletes the information of the specified group from the group information table. If the system management group is deleted, the system configuration control cannot be performed thereafter. Therefore, in the case of the request, the request is rejected. (5) Changing the user configuration of a group Changes information about a specified group in a group information table and controls assignment of users belonging to the specified group. The group user configuration change request includes the group identifier of the group to be changed, the user identifiers (user list) of all the users who newly form the group, and the user identifiers (guest list) of the users who are to be guests. Before changing the group information table, the group key of the designated group is managed from the management encryption group key of the group information table, and the user key of the designated user is managed from the management encryption personal key of the user information table. And decrypt it temporarily with the group key of the user group. In the case of the user configuration change for the system management group itself, the group key has already been decrypted by the group key decryption means 106 without extracting the group key from the management encryption group key.

The user list and the guest list are updated to the user list and the guest list specified by the group user configuration change request. The user combination information is _n C _k − excluding the combination of selecting k users from the m guests included in the specified guest list among the combinations of selecting the threshold k users from the n users included in the specified user list. Update to _m C _k pieces of combination information. The encrypted group key is updated to an encrypted group key corresponding to the new user combination information. A new encrypted group key can be created by combining k personal keys corresponding to the combination information to generate a combination key, and encrypting the group key with this key.

Note that regarding the system management group,
If the number of users is less than the threshold value k or if there is no user other than the guest, the system configuration cannot be controlled thereafter. Therefore, in the case of a request corresponding to this condition, the request is rejected.

As described above, the user configuration of the group can be freely changed without changing the personal key or the group key at all. If the request includes a threshold value, the threshold value can be easily changed.

In the present embodiment, the group key cannot be decrypted even if a predetermined number of personal keys of the user defined as the guest are collected, and the group key cannot be decrypted by a predetermined number of users including one or more users other than the guest. A mechanism that can be decrypted and extracted with a combination key obtained only after collecting keys,
The same applies to the system management group. Therefore, even if users belonging to the system management group collude with less than k people, or even collide with more than k people, unless the users other than the guest are included in the internal unauthorized person, the encrypted personal key is encrypted. And the security of the group key can be protected.

Further, in this embodiment, the change of the system configuration information such as addition / deletion of a user or a group and a change of the user configuration of a group can be flexibly performed by the system management group.

In the present embodiment, at the start of system operation, at least information of a system management group composed of k users including at least one non-guest user is registered in the user information table and the group information table. It should just be done.

This embodiment is an application of the second embodiment, but can be applied to the first embodiment except for the operation relating to the guest.

FIG. 7 is a block diagram showing the configuration of the fourth embodiment of the present invention. Referring to FIG. 7, a fourth embodiment of the present invention provides a server device 100, a plurality of client devices 200, 210, 220,..., A file server 300, and a communication path connecting these devices. 4
00 and a recording medium 120 in which a file encryption program is recorded. This recording medium 500 may be a magnetic disk, a semiconductor memory, or another recording medium.

The program for file encryption recorded on the recording medium 500 is read by the server device 100 and controls the operation of the server device 100 to thereby control the operation of the server device 100 to generate the authentication key generating means shown in FIGS. 1, 3 and 5. 102, authentication means 10
3. Personal key decryption means 104, combination key generation means 10
5. The respective processes of the group key decryption means 106, the file encryption / decryption means 107, and the system configuration control means 108 are executed to realize the functions of the first to third embodiments, respectively.

According to the present invention, as an effect of providing a personal key, a user's own password can be changed only by individual authority without cooperation of other users belonging to the same group. That is, when the personal password is changed, the personal key can be decrypted based on the current password, so that the decrypted personal key can be re-encrypted with the new password. Further, since the personal key is invariable, it is not necessary to change the combination key based on the password change.

Further, by depositing a personal key and a group key to the system management group, based on the fact that the group configuration can be changed only by a predetermined number of members of the system management group, the following is considered regarding the flexibility of system operation. Has the effect of

(1) As an effect of personal key escrow to the system management group, the user does not need to attend the change of the belonging group at all. User addition and group addition are separated, and when changing a group or creating a new group,
This is because it is only necessary to assign a registered existing user to a group.

(2) Even if a large number of members belonging to the group lose their passwords and the encrypted file cannot be decrypted, the effect of the group key escrow to the system management group is that the previously encrypted file cannot be decrypted. Be able to decrypt. Further, the group can be reconstructed by the operation of changing the configuration information of the management group, and the previously encrypted file can be decrypted.

(3) General group members only need to know file encryption / decryption and password change operations, and management group members only need to know configuration information change operations. Convenience can be improved.

[0093]

As described above, the first embodiment according to the present invention is described.
The effect of this is that the secret information unique to each user, that is, the private key that has been encrypted and stored in the external storage device can be decrypted and extracted only by inputting the authentication information of the user, and the secret information of the group, that is, An object of the present invention is to enable a group key that is encrypted and stored in an external storage device to be decrypted and extracted with a combination key obtained only after a predetermined number of user private keys are collected. As a result, the confidentiality of the personal key can be maintained, and the confidentiality of the encrypted file can be protected unless k or more internal fraudsters gather and collude.

The reason is that a file is encrypted with a group key, a group key is encrypted with a combination key obtained by combining personal keys of k users out of n users, and a personal key is encrypted with an authentication key of each user. Is stored in the external storage device. The authentication key is a hash value of the authentication information, and the authentication information is external information obtained only from the user. Furthermore, an authenticator for performing personal identification is stored in an external storage device. This authenticator is a hash value of the authentication key, and uses a one-way hash function. Because you cannot get it.

The second effect is that the group key encrypted and stored in the external storage device cannot be decrypted even if a predetermined number of personal keys of the user defined as the guest are collected, and the group key other than the guest cannot be decrypted. An object of the present invention is to collect personal keys of a predetermined number of users including one or more users, and to decrypt and extract the personal keys with a combination key obtained for the first time. This allows
Even if k or more internal fraudsters gather and collude, as long as users other than the guest are not included in the internal fraudster, the confidentiality of the encrypted file can be protected.

The reason is that a group key for encrypting a file is composed of _n C _{k -m} C _k combination keys _obtained by excluding a combination of k of n users and a combination of k of m guests. This is because the data is encrypted and stored in the external storage device.

The third effect is that the system management group uses the group key for encrypting / decrypting the personal key of each user and the group key of each group, such as addition / deletion of users and groups, and change of the user configuration of the group. It is to be able to control change of system configuration information. Thereby, it is possible to flexibly cope with a change in the user of the group or an increase or decrease in the number of users. In addition, users who belong to the system management group collide with less than k users,
Even if more than k people gather and collude, the confidentiality of the encrypted personal key or group key can be protected unless users other than the guest are included in the insider.

The reason is that the group key of the system management group that encrypts the personal key and the group key is also the same as the other group keys, from the combination of k out of n users belonging to the system management group and m guests. This is because each of the _n C _{k -m} C _k combination keys excluding the combination of medium k persons is encrypted and stored in the external storage device. key)
Is distributed to each user by distributing
This is because the group key is encrypted / decrypted by collecting the individual keys of each user.

[Brief description of the drawings]

FIG. 1 is a block diagram showing a configuration of a first exemplary embodiment of the present invention.

FIG. 2 is a diagram showing details of a user information table and a group information table and a specific example of a procedure for obtaining a group key from authentication information of a plurality of users according to the first embodiment of the present invention.

FIG. 3 is a block diagram showing a configuration of a second exemplary embodiment of the present invention.

FIG. 4 is a diagram illustrating a detailed example of a user information table and a group information table and a procedure for obtaining a group key from authentication information of a plurality of users according to the second embodiment of the present invention.

FIG. 5 is a block diagram showing a configuration of a third exemplary embodiment of the present invention.

FIG. 6 shows a specific example of a procedure for obtaining a group key of the system management group from the details of the user information table and the group information table and the authentication information of a plurality of users of the system management group in the third embodiment of the present invention. FIG.

FIG. 7 is a block diagram showing a configuration of a fourth exemplary embodiment of the present invention.

[Explanation of symbols]

REFERENCE SIGNS LIST 100 server apparatus 101 server control means 102 authentication key generation means 103 authentication means 104 personal key decryption means 105 combination key generation means 106 group key decryption means 107 file encryption / decryption means 108 system configuration control means 110 magnetic disk 111 of server apparatus 111 user Information table 112 Group information table 200, 210, 220,... Client device 201, 211, 221... Client control means 300 File server 310 File server magnetic disk 311, 312, 313,. Road 500 Recording medium

Claims (9)

[Claims] 1. An authentication key generating means for generating an authentication key from input authentication information by a calculation using a one-way hash function, and an authentication key being calculated from the authentication key by a calculation using a one-way hash function. An authentication means for performing authentication by generating and comparing with an authenticator stored in the storage device in advance, and decrypting a private key encrypted in advance with the authentication key and stored in the storage device with the authentication key Personal key decryption means; combination key generation means for generating a combination key by combining k personal keys of n users belonging to the group; and _n C _k combination keys that can be generated as a combination key Group key decryption means for decrypting a group key encrypted in advance and stored in a storage device in advance with a combination key of k arbitrary users; File encryption system and a file encryption / decryption means for encrypting / decrypting Le. 2. An authentication key generating means for generating an authentication key from input authentication information by a calculation using a one-way hash function, and an authentication key is calculated from the authentication key by a calculation using a one-way hash function. An authentication means for performing authentication by generating and comparing with an authenticator stored in the storage device in advance, and decrypting a private key encrypted in advance with the authentication key and stored in the storage device with the authentication key Personal key decryption means; combination key generation means for generating a combination key by combining the personal keys of k of n users belonging to the group; m of n users being defined as guests; medium k Personality _n C _k combinations excluding a combination in the guest m human k's - are encrypted with respective _m C _k-number of combining the key, a group key stored in advance in the storage device, the gate A group key decryption unit for decrypting with a combination key of k arbitrary users including one or more users other than the group, and a file encryption / decryption unit for encrypting / decrypting a file with the decrypted group key Encryption system. 3. A system configuration control means for controlling change of system configuration information using a group key of a system management group used for encrypting / decrypting a personal key of each user and a group key of each group. The file encryption system according to claim 1, further comprising: 4. An authentication key generation process for generating an authentication key from input authentication information by calculation using a one-way hash function, and an authentication key is calculated from the authentication key by calculation using a one-way hash function. An authentication process for generating and comparing the authenticator by comparing it with an authenticator stored in the storage device in advance; and decrypting the personal key encrypted in advance with the authentication key and stored in the storage device with the authentication key. A personal key decryption process; a combination key generation process for generating a combination key by combining the personal keys of k users out of n users belonging to the group; and _n C _k combination keys that can be generated as a combination key A group key decryption process for decrypting a group key encrypted in advance and stored in a storage device in advance with a combination key of arbitrary k users; and a file decryption process using the decrypted group key. A recording medium recording a program for executing encryption Le / decryption file encryption / decryption process and to the computer. 5. An authentication key generation process for generating an authentication key from input authentication information by calculation using a one-way hash function, and an authentication key is generated from the authentication key by calculation using a one-way hash function. An authentication process for generating and comparing the authenticator by comparing it with an authenticator stored in the storage device in advance; and decrypting the personal key encrypted in advance with the authentication key and stored in the storage device with the authentication key. A personal key decryption process, a combination key generation process of generating a combination key by combining the personal keys of k users out of n users belonging to the group, and defining m of n users as guests and n users medium k Personality _n C _k combinations excluding a combination in the guest m human k's - are encrypted with respective _m C _k-number of combining the key, a group key stored in advance in the storage device, the gate A group key decryption process for decrypting with a combination key of arbitrary k users including one or more users other than the user, and a file encryption / decryption process for encrypting / decrypting a file with the decrypted group key. A recording medium on which a program to be executed is recorded. 6. A system configuration control process for controlling change of system configuration information using a group key of a system management group used for encrypting / decrypting a personal key of each user and a group key of each group. 6. A recording medium according to claim 4, wherein a program for further executing the program is recorded. 7. A computer-readable recording medium recording key data for encrypting / decrypting a file, wherein the key data is recorded in a user information table and a group information table formed on the recording medium. The user information table includes an encrypted personal key area that records the personal key of each user, which is encrypted using an authentication key generated using a one-way hash function from the authentication information of each user; An authenticator area storing an authenticator generated from the key using a one-way hash function, wherein the group information table is encrypted using a combination key generated by synthesizing the personal key. An encrypted group key area in which the encrypted group key is recorded, and the encrypted group key is an individual of k of n users belonging to the group. A computer-readable recording medium recording key data for encrypting / decrypting a file, wherein the recording medium is encrypted using a combination key generated by combining a human key. 8. A key data for encrypting / decrypting a file.
Data on a computer-readable recording medium
The key data is stored in a user information table formed on the recording medium.
And the user information table is stored in the user information table based on the authentication information of each user.
Using an authentication key generated using a directional hash function
Recording the personal key of each user encrypted by encryption
A one-way hash function from the private key area and the authentication key
An authenticator area that records the authenticator generated by using
The group information table is generated by synthesizing the personal key.
Group encrypted using the generated combination key
An encrypted group key area in which keys are recorded, wherein the encrypted group key is used to authenticate m out of n users.
Is defined as a list, and from the combination of k / n users
Excluding combinations of k of m guests_nC_k− _mC_kPieces
Characterized by being encrypted with each combination key
The key data for encrypting / decrypting the file is
A computer-readable recording medium that has been recorded. 9. The user information table includes a management encrypted personal key area in which a personal key of each user encrypted using a group key of a predetermined management group is recorded. 9. A file according to claim 7, wherein the file has a management encryption group key area in which a group key encrypted by using a group key of a predetermined management group is recorded. Computer-readable recording medium recording key data for use.