JP2008131057A - Device and method for generating encryption protocol, and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an encryption protocol generation device performing customization to appropriate authentication or key share protocol according to the environment and request conditions of a communicating party to generate an encryption protocol automatically. <P>SOLUTION: Environment condition data comprising security and performance requirements and requirement condition data are exchanged between terminals, and a basic protocol is generated based on the exchanged security requirements. Insufficient data is added to a generated basic protocol and overlapped data is deleted from the basic protocol to which the insufficient data has been added. The stored known data and a stored key are used to determine a key generation function for session key generation, and at least the details, algorithm, and data length of transfer data are determined based on the performance requirements for parameter setting. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to a cryptographic protocol generation apparatus, a cryptographic protocol generation method, and a program for automatically generating a cryptographic protocol used for providing a service via a network.

  In recent years, with remarkable progress of network technology represented by the Internet, various services using a computer are provided in many fields. Many of these services use an authentication protocol for authenticating users and a key exchange protocol for exchanging keys for encryption.

  However, in the past, one protocol was mostly implemented, and when the protocol was changed for each device, the protocol had to be individually implemented accordingly. In IPSEC and the like, it is possible to use a plurality of protocols, but it cannot be said that an optimum protocol is derived, and the number of protocols that can be executed is very limited to about two.

Furthermore, when a failure occurs in a communication processing unit (for example, SNMP communication processing unit) of a certain protocol while a plurality of protocols (for example, RPC and SNMP) coexist, a communication processing unit of another protocol (for example, RPC communication processing unit) There has also been proposed a protocol management system for a network that continues management by using (see, for example, Patent Document 1).
JP-A-8-191336

  However, in general, there are various environmental conditions and requirements for protocol optimization. Therefore, in order to provide a protocol that satisfies various conditions by a method of coexisting a plurality of protocols as in the above-described prior art, it is necessary to coexist an enormous number of protocols, which is not practical.

  A wide variety of protocols have been proposed so far, but in general, safety and convenience are in a trade-off relationship, and one protocol is not necessarily suitable for all devices.

  Accordingly, the present invention has been made in view of the above-described problems, and it is an encryption that automatically generates an encryption protocol by customizing to an optimum authentication or key sharing protocol according to the environment and requirements of the communication partner. An object of the present invention is to provide a protocol generation device, a cryptographic protocol generation method, and a program.

The present invention proposes the following items in order to solve the above-described problems.
(1) The present invention provides a cryptographic protocol generation device that automatically generates a cryptographic protocol according to various conditions between terminals when providing a service, and includes transmission data and data held without transmission , Received data and known data storage means for storing data that can be calculated from these data as known data (for example, equivalent to the known data storage section 60 in FIG. 1), and key storage means for storing keys (for example, FIG. 1). And a communication means for exchanging environmental condition data and request condition data consisting of security requirements and performance requirements between the terminals, and generating a basic protocol based on the exchanged security requirements. Basic protocol generation means (for example, equivalent to the basic protocol generation unit 20 in FIG. 1) and data that is lacking in the generated basic protocol are added. Data adding means (for example, equivalent to the data adding section 40 in FIG. 1) and data deleting means for deleting duplicate data from the basic protocol to which the missing data is added (for example, equivalent to the data deleting section 50 in FIG. 1) And a key generation function determination unit that determines a key generation function for generating a session key using the known data stored in the known data storage unit and the key stored in the key storage unit (for example, key generation in FIG. 1) Function setting unit 80) and parameter setting means for setting parameters by determining at least the details, algorithm, and data length of the transfer data based on the performance requirements (for example, corresponding to the parameter setting unit 90 in FIG. 1) And a cryptographic protocol generation apparatus characterized by comprising:

  According to this invention, the known data storage means stores transmission data, data held without transmission, reception data, and data that can be calculated from these data as known data, and the key storage means Is stored. The communication means exchanges environmental condition data and request condition data including security requirements and performance requirements between terminals. The basic protocol generating means generates a basic protocol based on the exchanged security requirements, the data adding means adds missing data to the generated basic protocol, and the data deleting means is based on the basic protocol to which the missing data is added. Remove duplicate data. The key generation function determining means determines a key generation function for generating a session key using the known data stored in the known data storage means and the key stored in the key storage means, and the parameter setting means is based on the performance requirements. Thus, parameters are set by determining at least the details, algorithm, and data length of the transfer data.

  Therefore, the environment condition data and request condition data consisting of security requirements and performance requirements are exchanged between terminals, and based on these, cryptographic protocols used for service provision are dynamically generated, or as necessary By changing, it is possible to customize the authentication or key sharing protocol according to the communication partner environment and execute the processing. In other words, depending on the other party's terminal to be connected, there is a request for providing a service with a small amount of calculation and the other party's terminal has a very high computing capacity, so there is no problem even if it takes some time, or Even in the case where the security of a required protocol differs depending on the type of service, it is not necessary to implement many protocols as in the conventional case by dynamically changing the protocol.

  (2) The present invention provides basic component storage means for storing a plurality of authentication protocol components and key sharing protocol components for the cryptographic protocol generation device of (1) (for example, the basic component storage unit of FIG. 1). 30), and the basic protocol generation unit generates the basic protocol by combining the authentication protocol components after combining the key sharing protocol components based on the exchanged security requirements. An encryption protocol generator characterized by this is proposed.

  According to the present invention, the basic component storage means stores a plurality of authentication protocol components and key sharing protocol components, respectively, and the basic protocol generation means uses the key sharing protocol based on the exchanged security requirements. After combining these components, a basic protocol is generated by combining components for the authentication protocol.

  In general, the key sharing protocol contains more data in the component than the authentication protocol. For this reason, as described above, the combination of the components for the key sharing protocol and the determination of the framework first make the processing more rational.

  (3) The present invention relates to the cryptographic protocol generation device according to (1) or (2), whether the security requirements are at least whether the terminal can be trusted, the presence / absence of a pre-shared key, the number of flows in the protocol, and availability Has proposed a cryptographic protocol generation device characterized by including various algorithm types.

  According to this invention, at least whether the terminal can be trusted, the presence / absence of a pre-shared key, the number of flows in the protocol, and the type of algorithm that can be used are security requirements. Protocol can be automatically generated.

  (4) The present invention proposes a cryptographic protocol generation apparatus characterized in that the performance requirements include at least a communication band, a terminal computing capability, and a key length for the cryptographic protocol generation apparatus of (1) to (3). is doing.

  According to the present invention, since at least the communication bandwidth, the computing capability of the terminal, and the key length are set as performance requirements, a protocol corresponding to the performance of each terminal can be automatically generated.

  (5) In the cryptographic protocol generation apparatus according to (2) to (4), the present invention further configures a component for authentication protocol and a component for key sharing protocol stored in the basic component storage means by the user. There has been proposed an encryption protocol generating apparatus characterized by comprising data setting means (for example, corresponding to the data set input unit 31 in FIG. 1) for arbitrarily setting data.

  According to the present invention, the apparatus further includes data setting means for the user to arbitrarily set the data constituting the authentication protocol component and the key sharing protocol component stored in the basic component storage means. Therefore, by providing such means, the number of components to be stored in the basic component storage unit can be reduced by optimizing the basic components and providing a degree of freedom in selection.

  (6) The present invention is a cryptographic protocol generation method for automatically generating a cryptographic protocol according to various conditions between terminals when providing a service, and includes security requirements and performance requirements between the terminals. A first step (for example, equivalent to step S101 in FIG. 5) for exchanging environmental condition data and request condition data, and a second step (for example, FIG. 5) for generating a basic protocol based on the exchanged security requirements. In step S102 and S103), the third step for adding data deficient in the generated basic protocol (for example, corresponding to step S104 in FIG. 5), and the basic protocol in which the deficient data is added. Fourth step of deleting data (for example, corresponding to step S105 in FIG. 5), stored known data and storage A fifth step (for example, corresponding to step S106 in FIG. 5) for determining a key generation function for generating a session key using the determined key, and at least the details of the transfer data based on the performance requirement And a sixth step (for example, corresponding to step S107 in FIG. 5) for setting a parameter by determining the data length and the algorithm.

  According to the present invention, environmental condition data and request condition data including security requirements and performance requirements are exchanged between terminals, and a basic protocol is generated based on the exchanged security requirements. Then, add the deficient data to the generated basic protocol, delete the duplicate data from the basic protocol that added the deficient data, and generate the session key using the stored known data and the stored key The key generation function is determined, and the parameters are set by determining at least the details, algorithm, and data length of the transfer data based on the performance requirements.

  Therefore, the environment condition data and request condition data consisting of security requirements and performance requirements are exchanged between terminals, and based on these, cryptographic protocols used for service provision are dynamically generated, or as necessary By changing, it is possible to customize the authentication or key sharing protocol according to the communication partner environment and execute the processing.

  (7) The present invention relates to the cryptographic protocol generation method according to (6), wherein the second step is stored after combining the components for the stored key agreement protocol based on the exchanged security requirements. A cryptographic protocol generation method characterized by generating a basic protocol by combining the authentication protocol components.

  According to the present invention, based on the exchanged security requirements, the stored key sharing protocol components are combined, and then the stored authentication protocol component is combined to generate the basic protocol.

  In general, the key sharing protocol contains more data in the component than the authentication protocol. For this reason, as described above, the combination of the components for the key sharing protocol and the determination of the framework first make the processing more rational.

  (8) The present invention is a program for causing a computer to execute a cryptographic protocol generation method for automatically generating a cryptographic protocol according to various conditions between terminals when providing a service. A first step (for example, corresponding to step S101 in FIG. 5) for exchanging environmental condition data and request condition data including security requirements and performance requirements, and a first step for generating a basic protocol based on the exchanged security requirements. 2 steps (for example, corresponding to steps S102 and S103 in FIG. 5), a third step for adding data that is insufficient to the generated basic protocol (for example, equivalent to step S104 in FIG. 5), and the insufficient data A fourth step (for example, step S1 in FIG. 5) for deleting duplicate data from the basic protocol to which is added And a fifth step (for example, corresponding to step S106 in FIG. 5) of determining a key generation function for generating a session key using the stored known data and the stored key. In order to cause the computer to execute at least a sixth step (for example, corresponding to step S107 in FIG. 5) for setting parameters by determining at least the details, algorithm, and data length of the transfer data based on the performance requirements The program is proposed.

  According to the present invention, environmental condition data and request condition data including security requirements and performance requirements are exchanged between terminals, and a basic protocol is generated based on the exchanged security requirements. Then, add the deficient data to the generated basic protocol, delete the duplicate data from the basic protocol that added the deficient data, and generate the session key using the stored known data and the stored key The key generation function is determined, and the parameters are set by determining at least the details, algorithm, and data length of the transfer data based on the performance requirements.

  Therefore, the environment condition data and request condition data consisting of security requirements and performance requirements are exchanged between terminals, and based on these, cryptographic protocols used for service provision are dynamically generated, or as necessary By changing, it is possible to customize the authentication or key sharing protocol according to the communication partner environment and execute the processing.

  (9) According to the present invention, in the program of (8), after the second step combines the stored components for the key sharing protocol based on the exchanged security requirements, the stored authentication is performed. We have proposed a program characterized by generating a basic protocol by combining protocol components.

  According to the present invention, based on the exchanged security requirements, the stored key sharing protocol components are combined, and then the stored authentication protocol component is combined to generate the basic protocol.

  In general, the key sharing protocol contains more data in the component than the authentication protocol. For this reason, as described above, the combination of the components for the key sharing protocol and the determination of the framework first make the processing more rational.

  According to the present invention, it is possible to automatically customize an authentication protocol and a key sharing protocol and automatically generate a protocol optimal for the environment.

Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.
Note that the constituent elements in the present embodiment can be appropriately replaced with existing constituent elements and the like, and various variations including combinations with other existing constituent elements are possible. Therefore, the description of the present embodiment does not limit the contents of the invention described in the claims.

<Configuration of cryptographic protocol generation device>
As shown in FIG. 1, the cryptographic protocol generation apparatus according to the present embodiment includes a communication unit 10, a basic protocol generation unit 20, a basic component storage unit 30, a data set input unit 31, a data addition unit 40, The data deletion unit 50, the known data storage unit 60, the key storage unit 70, the key generation function determination unit 80, and the parameter determination unit 90 are configured.

  The communication unit 10 manages communication for exchanging environmental condition data and request condition data including security requirements and performance requirements between entities (terminals). Here, the security requirements are: 1) Whether the entity (terminal) is reliable or not 2) Necessity of security of attacker model (for example, Known key attack, Forward Security, Unknown key share attack), 3 ) Presence / absence of pre-shared key, 4) Number of flows, 5) Types of available algorithms, etc. The performance requirements include 1) communication band (allowable data size of 1 flow, 2) computing capacity of entity (terminal), 3) key length, and the like. The communication band is given as the maximum data length that can be transmitted and received in each flow. The computing capability of the entity (terminal) is given as a discrete value classified into classes (for example, HIGH, MIDIUM, LOW).

  The basic protocol generation unit 20 generates a basic protocol in the communication unit 10 based on the exchanged security requirements. The basic protocol is a key sharing protocol component based on the security requirements exchanged using the authentication protocol component and the key sharing protocol component stored in the basic component storage unit 30 described later. After the combination, the authentication protocol component is combined and generated. Here, the component refers to a group of data.

  The basic component storage unit 30 is a storage unit that stores a plurality of authentication protocol components and key sharing protocol components. Details of the basic component for the authentication protocol and the basic component for the key sharing protocol will be described later. The data set input unit 31 is an input unit that allows the user to arbitrarily set data constituting the authentication protocol component and the key sharing protocol component stored in the basic component storage unit 30. In addition, regarding the data setting, the user may be able to individually set rules regarding which data to select.

  The data adding unit 40 adds data that is insufficient to the basic protocol generated by the basic protocol generating unit 20. Specifically, for example, if the protocol includes a temporary public key and private key, it is necessary to send the public key. In this case, the sending of the temporary public key is added to the flow before the data generated with the temporary public key is transmitted. The temporary public key must be sent with a signature or MAC attached. That is, when X is a temporary public key and F (X) is a message authenticator generation function or signature function, selection of F (X) depends on the presence / absence of a pre-shared key.

  The data deletion unit 50 deletes duplicate data from the basic protocol to which the missing data is added. Specifically, as an example, it is performed by checking the isomorphism of each flow in the protocol. Here, isomorphism means that the data exchanged in the flow is in the same format. Specifically, this is the case when the data type is the same, the function configuration is the same, and the like.

  The known data storage unit 60 stores transmission data, data held without transmission, reception data, and data that can be calculated from these data as known data. The key storage unit 70 stores a key.

  The key generation function determination unit 80 determines a key generation function for calculating a session key, and is held by the known data stored in the known data storage unit 60 and the entity (terminal) stored in the key storage unit 70. It consists of a key. As a calculation method of the key generation function, 1) a method using the random number Random ′ as it is, 2) a method using exclusive OR with two random numbers (for example, Random (+) Random ′), 3 There is a method (for example, E (Random, Random ′)) that inputs two random numbers into a one-way function, and which one to select depends on security requirements.

  The parameter determination unit 90 sets parameters by determining at least the details, algorithm, and data length of the transfer data based on the performance requirements received by the communication unit 10. Thus, a customized protocol definition file is generated.

<Basic components of authentication protocol>
Next, basic components of the authentication protocol will be described with reference to FIGS.
The basic components of the authentication protocol are configured as shown in FIGS. Here, FIG. 2 shows a case where the entity (terminal) A authenticates the entity (terminal) B, and FIG. 3 shows a configuration when the entity (terminal) B authenticates the entity (terminal) A. . Accordingly, when mutual authentication is performed, an authentication protocol is configured by combining the above two components. In the figure, X and Y represent arbitrary data (a plurality of data), and the authentication processing function in the authentication protocol is composed of permanent data such as X and Y and a long-term key.

  Here, as an example, the configurations of X and Y are roughly classified into the following three combinations. That is, (X, Y) = (Random, F (Random)), (F ^ -1 (Random), Random), (*, F (Time)). Then, an appropriate component is selected from these.

  Here, Random is a random number, Time is information such as time information and counter information that can be verified by both, and * indicates no data.

  F (X) is a function that only entity (terminal) B can calculate for X, or a function that only entities (terminals) A and B can calculate. For F (X), 1) a message authenticator generation function, 2) a signature function, 3) a common key encryption algorithm, or the like is selected according to the environment parameters. For F ^ -1 (X), 1) a common key encryption algorithm, 2) a public key encryption algorithm, or the like is selected. Which is selected is determined from security requirements.

  In addition, when F ^ -1 (X) is selected, the function F must be reversible. Therefore, (F ^ -1 (Random), Random) cannot be selected in an environment where common key encryption and public key encryption cannot be used. Conversely, (Random, F (Random)), (*, F (Time)) cannot be selected in an environment where the MAC function, signature function, and common key encryption cannot be used.

<Basic components of key agreement protocol>
Next, basic components of the key sharing protocol will be described with reference to FIG.
The basic components of the key sharing protocol are configured as shown in FIG. Here, X and Y represent arbitrary data (a plurality of data), and Y is a data (set) that is dynamically generated during execution of the protocol in the entity (terminal) A and is not included in the transmission data. It is. Z1 and Z2 indicate data generated by each entity (terminal) and held without being transmitted.

  The key sharing processing function in the key sharing protocol is composed of permanent data such as X, Y and long-term key. Depending on the security requirements, data may be exchanged with each other to generate a session key. Under such conditions, it is configured by combining two of the above components. Similarly, the three-way key sharing can be configured by combining two or more components.

  Here, as an example, the configurations of X and Y are roughly classified into the following three combinations. That is, (X, Y, Z1, Z2) = (Random, F (Random, G (Random ')), Random', *), (Random, F (Random, Random '), Random', *), ( H (random), H (Random '), Random', Random)

  Here, F (X) is a function that only entity (terminal) A can calculate for X, or a function that only entities (terminal) A and B can calculate. G (X) is a function that only entity (terminal) B can calculate for X, or a function that only entities (terminals) A and B can calculate. Furthermore, H (X) is a function that anyone can calculate, but it is a function that is difficult to obtain X from H (X). For a certain function H ′ (X), H ′ (X1, H (X2)) = H ′ (X2, H (X1)) is satisfied.

  For F (X), 1) a message authenticator generation function, 2) a signature function, 3) a common key encryption algorithm, or the like is selected according to the environment parameters. For G (X), 1) a common key encryption algorithm, 2) a public key encryption algorithm, or the like is selected.

<Processing of cryptographic protocol generation device>
Next, the processing of the cryptographic protocol generation device will be described with reference to FIG.
First, as the processing in the previous stage (hereinafter referred to as the first phase), both terminals determine which one starts the protocol first, the communication speed (S) currently used, their own computing power (P), Data for information exchange is generated from the security level, the validity period of the shared key, and the request conditions (for example, with partner authentication and with key sharing) input from the application. Then, the created data is exchanged. Furthermore, basic data necessary for protocol generation is constructed from the exchanged data. For example, the communication speed and the expiration date of the shared key are set to the lower value in principle. As a rule, the security level is adjusted to the higher one. The processing speed holds processing speed information of both parties. As for the request condition, whether or not the other party requests authentication is set, and if either one desires key sharing, it is set to have key sharing. The result of setting under the above conditions is checked against the security policy to determine whether it is acceptable. Then, by exchanging data obtained by encoding the determined basic data, it is confirmed that each other holds similar basic data.

  Then, the environmental parameters acquired in the first phase are interpreted and separated into security requirements and performance requirements (step S101). Next, based on the security requirements, the basic protocol generation unit 20 executes the process of selecting the key sharing protocol work frame by combining the components for the key sharing protocol stored in the basic component storage unit 30 (step S102). ). Further, the basic protocol generation unit 20 executes the authentication protocol work frame selection process by combining the authentication protocol components stored in the basic component storage unit 30 (step S103).

  Subsequently, by transmitting a public key or the like, the data adding unit 40 executes a missing data adding process (step S104), and the data deleting unit 50 executes a duplicate data deleting process (step S105). Further, the key generation function determination unit 80 executes a key generation function creation process using the known data stored in the known data storage unit 60 and the key stored in the key storage unit 70 (step S106).

  Then, the parameter setting unit 90 determines parameters such as the details, algorithm, and data length of the transfer data using the information related to the performance requirement, performs customization, and outputs a protocol definition file (step S107).

  In step S107, if the required performance requirement cannot be satisfied (for example, the communication bandwidth requirement cannot be satisfied due to the large number of protocols), the security requirement level is lowered, for example. The processes from step S102 to step S107 are performed again. For example, if the required performance requirements cannot be satisfied even if the processing is performed with the security requirement level sequentially lowered, an error is output and the processing is terminated.

  As described above, according to the present embodiment, environmental condition data and request condition data including security requirements and performance requirements are exchanged between terminals, and based on these, the encryption protocol used for service provision is changed. By dynamically generating or changing as necessary, processing can be executed by customizing to an optimum authentication or key sharing protocol according to the communication partner environment. Therefore, the cryptographic protocol generation apparatus of the present embodiment can be widely applied to the entire system design for services that perform authentication and key exchange. For example, the present invention can be applied to an authentication protocol in the Internet business and an optimal authentication / key sharing protocol in a mobile / ubiquitous environment.

  The cryptographic protocol generation device of the present invention is realized by recording the processing of the cryptographic protocol generation device on a computer-readable recording medium, causing the cryptographic protocol generation device to read and execute the program recorded on the recording medium. be able to. The computer system here includes an OS and hardware such as peripheral devices.

  Further, the “computer system” includes a homepage providing environment (or display environment) if a WWW (World Wide Web) system is used. The program may be transmitted from a computer system storing the program in a storage device or the like to another computer system via a transmission medium or by a transmission wave in the transmission medium. Here, the “transmission medium” for transmitting the program refers to a medium having a function of transmitting information, such as a network (communication network) such as the Internet or a communication line (communication line) such as a telephone line.

  The program may be for realizing a part of the functions described above. Furthermore, what can implement | achieve the function mentioned above in combination with the program already recorded on the computer system, and what is called a difference file (difference program) may be sufficient.

  The embodiment of the present invention has been described in detail with reference to the drawings. However, the specific configuration is not limited to this embodiment, and includes a design and the like within a scope not departing from the gist of the present invention.

It is a block diagram of the encryption protocol production | generation apparatus which concerns on this embodiment. It is a figure which shows the basic component of the authentication protocol which concerns on this embodiment. It is a figure which shows the basic component of the authentication protocol which concerns on this embodiment. It is a figure which shows the basic component of the key sharing protocol which concerns on this embodiment. It is a processing flow of the encryption protocol production | generation apparatus which concerns on this embodiment.

Explanation of symbols

DESCRIPTION OF SYMBOLS 10 ... Communication part 20 ... Basic protocol production | generation part 30 ... Basic component storage part 31 ... Data set input part 40 ... Data addition part 50 ... Data deletion part 60 ... Known data Storage unit 70 ... Key storage unit 80 ... Key generation function determination unit 90 ... Parameter determination unit

Claims (9)

A cryptographic protocol generation device that automatically generates a cryptographic protocol according to various conditions between terminals when providing a service,
Transmission data, data held without transmission, reception data, and known data storage means for storing data that can be calculated from these data as known data;
Key storage means for storing the key;
A communication means for exchanging environmental condition data and requirement data consisting of security requirements and performance requirements between the terminals;
Basic protocol generation means for generating a basic protocol based on the exchanged security requirements;
A data adding means for adding data lacking in the generated basic protocol;
Data deleting means for deleting duplicate data from the basic protocol to which the missing data is added;
A key generation function determination unit that determines a key generation function for generating a session key using the known data stored in the known data storage unit and the key stored in the key storage unit;
Based on the performance requirements, parameter setting means for setting parameters by determining at least the details and algorithm of the transfer data, the data length;
A cryptographic protocol generation apparatus comprising: Basic component storage means for storing a plurality of authentication protocol components and key sharing protocol components, respectively.
The basic protocol generation unit generates a basic protocol by combining the authentication protocol components after combining the key sharing protocol components based on the exchanged security requirements. 2. The cryptographic protocol generation device according to 1.   3. The security requirement according to claim 1, wherein the security requirements include at least whether the terminal is reliable, presence / absence of a pre-shared key, the number of flows in a protocol, and types of algorithms that can be used. Cryptographic protocol generator.   The cryptographic protocol generation apparatus according to any one of claims 1 to 3, wherein the performance requirement includes at least a communication band, a computing capacity of a terminal, and a key length.   3. The apparatus according to claim 2, further comprising data setting means for allowing a user to arbitrarily set data constituting an authentication protocol component and a key sharing protocol component stored in the basic component storage means. The cryptographic protocol generation apparatus according to claim 4. A cryptographic protocol generation method that automatically generates a cryptographic protocol according to the conditions of each other when providing a service,
A first step of exchanging environmental condition data and requirement data consisting of security requirements and performance requirements between the terminals;
A second step of generating a basic protocol based on the exchanged security requirements;
A third step of adding missing data to the generated basic protocol;
A fourth step of deleting duplicate data from the basic protocol to which the missing data is added;
A fifth step of determining a key generation function for generating a session key using the stored known data and the stored key;
A sixth step of setting parameters by determining at least the details and algorithm of the transfer data and the data length based on the performance requirements;
A cryptographic protocol generation method characterized by comprising:   The second step combines the stored key sharing protocol components based on the exchanged security requirements, and then combines the stored authentication protocol components to generate a basic protocol. The cryptographic protocol generation method according to claim 6. A program for causing a computer to execute a cryptographic protocol generation method for automatically generating a cryptographic protocol according to various conditions between terminals when providing a service,
A first step of exchanging environmental condition data and requirement data consisting of security requirements and performance requirements between the terminals;
A second step of generating a basic protocol based on the exchanged security requirements;
A third step of adding missing data to the generated basic protocol;
A fourth step of deleting duplicate data from the basic protocol to which the missing data is added;
A fifth step of determining a key generation function for generating a session key using the stored known data and the stored key;
A sixth step of setting parameters by determining at least the details and algorithm of the transfer data and the data length based on the performance requirements;
A program that causes a computer to execute.   The second step combines the stored key sharing protocol components based on the exchanged security requirements, and then combines the stored authentication protocol components to generate a basic protocol. The program according to claim 8.

Images