JP2010004390A - Communication apparatus, key server and data - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a communication technology with which a combination of encrypted pieces to be distributed in a content distribution system is made unique for each communication apparatus and a degree of freedom in system construction is improved. <P>SOLUTION: When a node 51 receives a node ID sequence, a random number sequence and encrypted pieces from other nodes 50, 51, the node 51 correspondingly stores them. In a case where there is a piece request from the other node 51, the node 51 determines in terms of probability whether to perform encryption or not and when performing encryption, a random number and a private key are used to generate temporary symmetric keys, so that the encrypted pieces are further encrypted using the temporary symmetric keys. When encryption is not performed, the node 51 generates a substitutive random number. Then, the node transmits to the other node 51 a node ID of the node's own in addition to the node ID sequence stored correspondingly to the encrypted pieces, a random number generated by the node itself in addition to the random number sequence stored correspondingly to the encrypted pieces, and the encrypted pieces. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to a communication device that encrypts and transmits a plurality of pieces that are part of distribution data, or receives an encrypted piece, a key server that transmits a decryption key for decrypting the encrypted piece, and Regarding data.

  For example, a distribution method that distributes data using P2P (peer to peer) (referred to as P2P distribution) does not require a data distribution server having a huge storage and a large communication bandwidth, and is a distribution method with large cost merit. is there. Further, since a node receiving data distribution is expected to supply data from a plurality of nodes, high-speed data acquisition utilizing the bandwidth in download and upload is expected. As described above, the P2P data distribution has a great merit, but on the other hand, there is anxiety in safety from the viewpoint of data security such as copyright protection. The following is assumed as a general premise in considering data security such as copyright protection as well as P2P distribution. All terminal devices or nodes are not hacked. If this premise is denied, the terminal device cannot hold data that should be kept secret or perform processing that should be kept secret, and most security techniques and devices for ensuring security cannot be established.

  In P2P distribution, there is a content distribution system that distributes encrypted data, and a node that receives the data distribution acquires a decryption key for decrypting the data (distributed data). A major problem in data security in P2P distribution of such a system is that the combination of distribution data and a decryption key for decrypting the distribution data is single or small in number. In this case, it is assumed that a certain node is hacked and the decryption key is exposed. In this case, this decryption key can be used to decrypt most distribution data. One method for solving this problem is to individualize distribution data for each node.

  As a technique for individualizing distribution data for each node in P2P distribution, for example, a Marking method disclosed in Patent Document 1 is known. In this method, distribution data is divided into pieces, and encrypted with a key matrix to generate an encrypted piece. As a result, a piece group consisting of encrypted pieces encrypted in a matrix is generated. And such a piece group is distributed via a P2P network. One node connected to the P2P network acquires one encrypted piece from among a plurality of encrypted pieces encrypted in a matrix for each piece. As a result, it is expected that the combination of encrypted pieces obtained by encrypting each piece constituting the distribution data is statistically unique for each node.

USP 7165050

  However, in the technique of the above-mentioned Patent Document 1, it is only statistically expected that the combination of encrypted pieces is unique for each node. In order to realize the unique combination of the encrypted pieces for each node, for example, the following two methods are conceivable. One method is to devise a method for distributing encrypted pieces. One is a method in which a key server holding a decryption key for decrypting each encrypted piece restricts delivery of the decryption key. For example, there is a system in which a node obtains a decryption key by declaring a combination of encrypted pieces to a key server in order for a node to decrypt a distributed piece group. In this system, in order to prevent a replay attack due to redistribution of the decryption key, there is a method in which the key server rejects a combination of the already obtained decryption key and an encrypted piece with many duplicates. However, either method may significantly reduce the distribution efficiency of the encrypted piece from time to time, and may not be able to take full advantage of the P2P network. In the former method, the independence of the data protection and the data distribution method is lost, which may be a major limitation in system construction.

  The present invention has been made in view of the above, and it is possible to make each combination of encrypted pieces distributed in the content distribution system unique for each communication device, and to increase the degree of freedom in system construction. An object is to provide a communication device, a key server, and data that can be improved.

  In order to solve the above-described problems and achieve the object, the present invention is a communication device that encrypts and transmits a plurality of pieces that are part of data, and is uniquely assigned to the communication device A first storage means for storing identification information; a first encrypted piece that is a piece encrypted by another communication device; first device identification information assigned to the other communication device; The receiving means for receiving the first temporary information generated when the communication device transmits the piece, the first encrypted piece, the first device identification information, and the first temporary information are stored in association with each other. Second storage means, a determination means for determining whether or not to encrypt the first encrypted piece, and when the determination means determines to encrypt the first encrypted piece, Second temporary information that can be different First generating means for generating; second generating means for generating a temporary symmetric key using the second temporary information; and further encrypting the first encrypted piece using the temporary symmetric key to generate a second cipher An encryption unit that outputs an encrypted piece; and when the determination unit determines to encrypt the first encrypted piece, the second encrypted piece, the first device identification information, and the second device identification It comprises transmission means and transmission means for transmitting information, the first temporary information, and the second temporary information.

  In addition, the present invention is a communication device that encrypts a plurality of pieces that are a part of data and transmits the encrypted data to another communication device, and stores the device identification information assigned to the communication device. A first generation unit that generates temporary information that may be different for each generation; a second generation unit that generates a temporary symmetric key using the temporary information; and the piece is encrypted using the temporary symmetric key. An encryption unit that outputs an encrypted piece, a transmission unit that transmits the encrypted piece, the device identification information, and the temporary information to the other communication device.

  Further, the present invention is a communication device that receives a plurality of pieces that are a part of data, the first storage means for storing device identification information uniquely assigned to the own communication device, and another communication device Receiving the encrypted piece, which is an encrypted piece, the device identification information assigned to the other communication device, and the temporary information generated when the other communication device encrypts the piece. 1 receiving means, a second storage means for storing the received encrypted piece, the device identification information and the temporary information in association with each other, requesting a decryption key for decrypting the encrypted piece, and Transmitting means for transmitting to the key server a key request including the device identification information and the temporary information stored in association with the encrypted piece, and from the key server in response to the key request, A second receiving means for receiving each decryption key for decrypting the encryption performed on the data, and a decrypting means for decrypting the encrypted piece using each received decryption key. To do.

  Further, the present invention provides each of secret information assigned to each of a plurality of other communication devices that encrypt and transmit a plurality of pieces that are part of data, and device identification information assigned to each communication device. The first storage means for storing the information in association with each other, requesting a decryption key for decrypting the encrypted piece that is an encrypted piece, and the other communication devices that mediate the distribution of the encrypted piece Receiving means for receiving, from the communication device, a key request including the device identification information and information generated by each of the plurality of other communication devices, each of which is associated with temporary information that may be different for each generation; and the key request The secret information stored in association with each of the device identification information included in the information and the temporary information included in the key request in association with the device identification information. Characterized in that it comprises a key generating unit for generating a key, and transmitting means for transmitting each said decryption key to the communication device.

  Further, the present invention is data transmitted from a communication device that mediates distribution of a piece that is a part of distribution data, and is generated corresponding to each of a plurality of communication devices that mediate distribution of the piece. Encrypted using temporary information that can be different for each generation, device identification information assigned to each of the plurality of communication devices, and temporary symmetric keys generated using all or part of the temporary information. And an encrypted piece that is an associated piece.

  In addition, the present invention generates pieces of temporary information that can be different for each of a plurality of communication devices corresponding to each of a plurality of communication devices that mediate the distribution of encrypted pieces that are pieces that are part of distribution data. A key request for requesting a decryption key for decrypting an encrypted piece that is encrypted with each temporary symmetric key generated using a part of the temporary information is transmitted from the communication apparatus to the key server. The device identification information assigned to each of the plurality of communication devices and the temporary information generated corresponding to each of the plurality of communication devices in association with each other. To do.

  The combination of encrypted pieces distributed in the content distribution system can be made unique for each communication device, and the degree of freedom in system construction can be improved.

  Exemplary embodiments of a communication device, a key server, and data according to the present invention are explained in detail below with reference to the accompanying drawings.

(1) Configuration <Configuration of content distribution system>
FIG. 1 is a diagram showing a configuration of a data distribution system according to the present embodiment. In the data distribution system according to the present embodiment, a plurality of nodes 50, 51A to 51B are connected via a P2P network NT. Although not shown, other nodes can also be connected via the P2P network NT. Each node 50, 51 </ b> A to 51 </ b> B is connected to the key server 53. Each of the nodes 50 and 51A to 51B holds a node ID, which is device identification information uniquely assigned to each node, and a secret key as assignment information uniquely assigned to each node. The node IDs assigned to the nodes 50, 51A to 51B are ID # 0, ID # 1, and ID # 2, respectively, and the secret keys are s_0, s_1, and s_2, respectively. Of the nodes 50 and 51A to 51B, the node 50 is a distribution start node serving as a data distribution base, and holds data to be distributed (referred to as distribution data). The distribution data may be plaintext or already encrypted ciphertext. For example, the distribution data may be video data protected by some DRM (Digital Right Management) System as encryption. The key server 53 holds a secret key assigned to each of the nodes 50 and 51A to 51B. Hereinafter, when it is not necessary to distinguish the nodes 51A to 51B, they are simply referred to as the node 51.

  Here, the hardware configuration of each device including the nodes 50 and 51 and the key server 53 will be described. Each device is a control device such as a CPU (Central Processing Unit) that controls the entire device, a storage device such as a ROM (Read Only Memory) or a RAM (Random Access Memory) that stores various data and various programs, and a variety of devices. It has an external storage device such as an HDD (Hard Disk Drive) or CD (Compact Disk) drive device that stores data and various programs, and a bus that connects them, and has a hardware configuration that uses a normal computer. ing. Each device includes a display device that displays information, an input device such as a keyboard and a mouse that accepts user instruction input, and a communication I / F (interface) that controls communication with an external device. Connected by

<Configuration of distribution start node>
Next, in the hardware configuration described above, various functions realized when the CPU of the node 50 that is the distribution start node executes various programs stored in the storage device or the external storage device will be described. FIG. 2 is a diagram illustrating a functional configuration of the node 50. The node 50 includes a unique information storage unit 500, a random number generation unit 501, a symmetric key generation unit 502, a piece encryption unit 503, a piece generation unit 504, a data transmission unit 505, and a transmission request reception unit 506. Have. The unique information storage unit 500 is reserved as a storage area in an external storage device such as an HDD of the node 50, for example. The entity of the random number generation unit 501, the symmetric key generation unit 502, the piece generation unit 504, the piece encryption unit 503, the data transmission unit 505, and the transmission request reception unit 506 is determined when the CPU of the node 50 executes the program. It is generated on a storage device such as a RAM. Note that distribution data is stored in advance in the external storage device of the node 50.

  The unique information storage unit 500 stores the node ID and secret key assigned to the node 50. The piece unit 504 divides the distribution data into a plurality of pieces. The data size at the time of division is not particularly limited, but is assumed to be predetermined. The transmission request receiving unit 506 receives a piece request for requesting the piece divided by the piece forming unit 504 from the other node 51. When the transmission request reception unit 506 receives a piece request, the random number generation unit 501 generates a random number that is temporary information that can be different for each occurrence. The temporary information only needs to be a value that can be different every time it is generated at the node, and is, for example, a random number, a time stamp, a communication sequence number, a counter value unique to the node, or a time variant parameter. The Time Variant Parameter is described in, for example, the document ISO9798-1.

The symmetric key generation unit 502 generates a temporary symmetric key by the function F using the random number generated by the random number generation unit 501 and the secret key stored in the unique information storage unit 500. This can be expressed by the following formula.
k_0 = F (s_0, r_0)

  Note that the function F is a one-way function, a common key encryption, or a pseudo-random number generator, and even if a secret key or random number that is an input value is known, a temporary symmetric key that is an output value cannot be estimated from these. is there. The temporary symmetric key is a function F, and it is sufficient that the relationship between the input value and the output value of the function F is uniquely determined. For example, it may be a hash function such as SHA-1 or SHA256, such as AES, Hiercrypt. Or a pseudo-random number generator such as Mersenne twister. A value obtained by combining a random number and a secret key may be input to the hash function. In the common key cryptosystem, the random number may be encrypted with a secret key, or the secret key may be encrypted with a random number. In the common key cryptosystem, the random number may be decrypted with the secret key, or the secret key may be decrypted with the random number. A value obtained by combining a random number and a secret key may be input to the pseudo-random number generator.

  The piece encryption unit 503 encrypts the piece using the temporary symmetric key generated by the symmetric key generation unit 502 and outputs an encrypted piece. The temporary symmetric key is also an encryption key used for encryption, and is also a decryption key for decrypting the encryption performed on the encrypted piece. The data transmission unit 505 outputs the node ID stored in the unique information storage unit 500, the random number generated by the random number generation unit 501, and the piece encryption unit 503 to the other node 51 that has transmitted the piece request. And send the encrypted piece.

<Configuration of nodes other than the distribution start node>
Next, various functions realized when the CPU of the node 51 other than the distribution start node executes various programs stored in the storage device or the external storage device will be described. FIG. 3 is a diagram illustrating a functional configuration of the node 51. The node 51 includes a unique information storage unit 510, a random number generation unit 511, a symmetric key generation unit 512, a piece encryption unit 513, a data reception unit 514, a data transmission unit 515, a transmission request reception unit 516, The data storage unit 517, the transmission request transmission unit 518, the key request transmission unit 519, the piece decryption unit 520, the encryption determination unit 521, and the random number alternative generation unit 522 are included. The unique information storage unit 510 and the data storage unit 517 are reserved as storage areas in an external storage device such as an HDD of the node 51, for example. Random number generation unit 511, symmetric key generation unit 512, piece encryption unit 513, data transmission unit 515, transmission request reception unit 516, data reception unit 514, key request transmission unit 519, piece decryption unit 520 The entities of the encryption determination unit 521 and the random number alternative generation unit 522 are generated on a storage device such as a RAM when the CPU of the node 51 executes the program.

  The unique information storage unit 510 stores the node ID and secret key assigned to the node 51. The configuration of the transmission request receiving unit 516 is the same as the configuration of the transmission request receiving unit 506 included in the node 50 described above. The transmission request transmission unit 518 transmits a piece request for requesting a piece to the node 50 or another node 51. The data reception unit 514 transmits at least the encrypted piece in which the piece is encrypted and the transmission of the encrypted piece from the node 50 or another node 51 to which the transmission request transmission unit 518 has transmitted the piece request. A node ID sequence including each node ID assigned to one other node 50, 51 and a random number sequence including each random number generated by the other node 50, 51 are received. This random number includes a random number used to generate a temporary symmetric key used for encryption of the piece and a randomly generated random number (referred to as an alternative random number). The latter will be described later. The data storage unit 517 stores the node ID sequence, the random number sequence, and the encrypted piece received by the data reception unit 514 in association with each other. When the transmission request reception unit 516 receives a piece request from another node 51, the encryption determination unit 521 determines whether to encrypt the transmission target encrypted piece according to a predetermined probability. The predetermined probability value is stored in, for example, an external storage device. The random number generation unit 511 generates a random number when the encryption determination unit 521 determines to encrypt the encrypted piece to be transmitted. When the encryption determination unit 521 determines that the encrypted piece to be transmitted is encrypted, the symmetric key generation unit 512 receives the random number generated by the random number generation unit 511 and the secret key stored in the unique information storage unit 510. A temporary symmetric key is generated using the function F described above. The piece encryption unit 513 is stored in the data storage unit 517 using the temporary symmetric key generated by the temporary symmetric key generation unit 512 when the encryption determination unit 521 determines that the encrypted piece to be transmitted is encrypted. One encrypted piece is further encrypted, and a new encrypted piece is output.

  When the encryption determining unit 521 determines that the encrypted piece to be transmitted is not encrypted, the random number alternative generation unit 522 stores a node string associated with the encrypted piece and stored in the data storage unit 517, and An alternative random number is generated by the function F using the secret key stored in the unique information storage unit 510.

For example, it is assumed that node ID string ID # 0,..., ID # (j−1) (j is an integer of 1 or more) is stored in the data storage unit 517 of the node 51A. The unique information storage unit 510 stores a secret key s_1. The alternative random number generated here is expressed as follows as r_1.
r_1 = F (s_1, ID # 0,…, ID # (j-1))
The function F is a one-way function, a common key encryption, or a pseudo-random number generator, and cannot secrete a secret key or a node string that is an input value from a random number that is an output result.

  The data transmission unit 515 transmits the following data according to the determination result of the encryption determination unit 521 to the other node 51 that has transmitted the piece request received by the transmission request reception unit 516. When the encryption determining unit 521 determines that the encrypted piece to be transmitted is encrypted, the data to be transmitted is associated with the node ID string stored in the data storage unit 517 in association with the encrypted piece, and the unique information A new node ID sequence including the node ID stored in the storage unit 510 and a new random number generated by the random number generation unit 511 in addition to the random number sequence associated with the encrypted piece and stored in the data storage unit 517 Random number sequence and a new encrypted piece output by the piece encryption unit 513. The data transmitted when the encryption determining unit 521 determines that the encrypted piece to be transmitted is not encrypted is unique in addition to the node ID string stored in the data storage unit 517 in association with the encrypted piece. The alternative node ID generated by the random number alternative generation unit 522 in addition to the new node ID sequence including the node ID stored in the information storage unit 510 and the random number sequence associated with the encrypted piece and stored in the data storage unit 517 A new random number sequence including a random number and the encrypted piece stored in the data storage unit 517. When the encrypted piece is not stored in the data storage unit 517, even if the transmission request receiving unit 516 receives the piece request, the piece encryption unit 513 does not output the encrypted piece, and the data transmission unit 515 does not send the encrypted piece.

  Here, the node ID sequence, the random number sequence, and the encrypted piece transmitted from the nodes 50 and 51 will be specifically described. In addition, although the node ID and the random number transmitted together with this from the node 50 to one encrypted piece are one each, here, for convenience of explanation, these may be described as a node sequence and a random number sequence, respectively. . Here, a case will be described in which the encrypted piece is transmitted from the node 50 to the node 51A, the encrypted piece is transmitted from the node 51A to the node 51B, and the key request is transmitted from the node 51B to the key server 53. In this case, the node 51A performs encryption and the node 51A does not perform encryption. First, the former case will be described. For example, in response to a piece request from the node 51A for a piece P, the node 50 generates a temporary symmetric key k_0 using a random number r_0 and a secret key s_0, and encrypts the piece P using this to encrypt the piece P Suppose that piece EP (k_0) P is output. Then, it is assumed that the node 50 transmits the encrypted piece EP (k_0) P together with the node ID ID # 0 and the random number r_0 to the node 51A. FIG. 4 is a diagram schematically illustrating information transmitted from the node 50 to the node 51A. The node 51A stores the node ID ID # 0, the random number r_0, and the encrypted piece E (k_0) P in the data storage unit 517 in association with each other. Note that the data storage unit 517 stores each node ID string and each random number string in a state where the correspondence between the node ID and the random number generated by the node to which the node ID is assigned is held.

  When the node 51A transmits an encrypted piece for the piece P in response to the piece request from the node 51B, the node 51A generates a random number r_1, generates a temporary symmetric key k_1 using this and the secret key s_1, Assume that the encrypted piece E (k_0) P is further encrypted using this and the encrypted piece E (k_1) E (k_0) P is output. E (k_1) E (k_0) P indicates that the piece P is encrypted with the temporary symmetric keys k_0 and k_1 in order. At this time, the node 51A is assigned to the node 51B and is stored in the unique information storage unit 510 in addition to the node ID ID # 0 stored in the data storage unit 517 and assigned to the node 50. In addition to the node ID ID # 1, the random number r_0 stored in the data storage unit 517, the random number r_1 generated by itself and the encrypted piece E (k_1) E (k_0) P are transmitted. FIG. 5 is a diagram schematically showing information transmitted from the node 51A to the node 51B. The node 51B stores the node ID string ID # 0, ID # 1, the random number string r_0, r_1, and the encrypted piece E (k_1) E (k_0) P in association with each other in the data storage unit 517.

  Next, a case where the node 51A does not perform encryption will be described. In this case, when the node 51A transmits an encrypted piece for the piece P in response to the piece request from the node 51B, an alternative random number is generated as described above as the random number r_1. In this case, the node 51A does not encrypt the piece P, and stores the unique information in addition to the node ID ID # 0 assigned to the node 50 stored in the data storage unit 517 for the node 51B. Node IDID # 1 assigned to itself, stored in unit 510, random number r_1 generated by itself in addition to random number r_0 stored in data storage unit 517, and encrypted piece E (k_0) P Send. FIG. 6 is a diagram schematically illustrating information transmitted from the node 51A to the node 51B. The node 51B associates the node ID string ID # 0, ID # 1, the random number string r_0, r_1, and the encrypted piece E (k_0) P and stores them in the data storage unit 517.

  In this way, the node 51 selectively performs further encryption on the encrypted piece by deciding whether or not to encrypt the encrypted piece according to a predetermined probability. Send the encrypted piece. At this time, the node 51 mediates the distribution of the encrypted piece, and mediates the distribution of the encrypted piece from the node 50 that is the distribution start node as the distribution path of the encrypted piece. The node ID sequence including the node IDs of the nodes 50 and 51 and the random number sequence including the random numbers generated by the nodes 50 and 51 are transmitted to the other nodes 51 together with the encrypted pieces. The node 51 that has received these can determine the distribution route of the encrypted piece by the node ID string, but it is difficult to determine which node has encrypted the encrypted piece.

  Returning to the description of FIG. The key request transmission unit 519 transmits to the key server 53 a key request for requesting a decryption key for decrypting the encrypted piece stored in the data storage unit 517. Here, the key request transmitting unit 519 transmits the node ID sequence and random number sequence stored in the data storage unit 517 corresponding to the encrypted piece to the key server 53 by including them in the key request. For example, the node 51B receives a key request for requesting a decryption key for decrypting the encrypted piece E (k_1) E (k_0) P shown in FIG. 5 output when the node 51A performs encryption. When transmitting to the server 53, the key request transmission unit 519 of the node 51B transmits a key request including the node ID string ID # 0, ID # 1 and the random number string r_0, r_1. FIG. 7 is a diagram schematically showing information transmitted from the node 51B to the key server 53. As shown in FIG. Also, the node 51B sends a key request to the key server 53 for requesting a decryption key for decrypting the encrypted piece E (k_0) P shown in FIG. 6 output when the node 51A does not perform encryption. Also in the case of transmission, as shown in FIG. 7, the key request transmission unit 519 of the node 51B transmits a key request including the node ID string ID # 0, ID # 1 and the random number string r_0, r_1. As described above, when the node 51 requests the key server 53 for a decryption key for decrypting the encrypted piece, the node 51 indicates the distribution path of the encrypted piece, with the node 50 that is the distribution start node as a base point. The node ID string including the node IDs of the nodes 50 and 51 that mediate the distribution of the encrypted pieces and the random number string including the random numbers generated by the nodes 50 and 51 are transmitted to the key server 53. At the time of these transmissions, the key request transmission unit 519 performs transmission while maintaining the correspondence between each node ID and the random number generated by the node to which each node ID is assigned.

  The piece decryption unit 520 receives the temporary symmetric key transmitted from the key server 53 in response to the key request transmitted from the key request transmission unit 519 as a decryption key, and decrypts the encrypted piece using the temporary symmetric key. For example, in the above-described example, when the node 51A performs encryption, the node 51B transmits the temporary request transmitted from the key server 53 in response to the key request including the node ID string and the random number string illustrated in FIG. Symmetric keys k_0 and k_1 are received. In other words, each decryption key for decrypting each encryption performed at least once on the piece is received. FIG. 8 is a diagram schematically showing information transmitted from the key server 53 to the node 51B. Piece P is decrypted with the temporary symmetric key shown in FIG. On the other hand, when the node 51A has not performed encryption, the node 51B receives the temporary symmetric key k_0 transmitted from the key server 53 in response to the key request including the node ID sequence and the random number sequence illustrated in FIG. Receive. FIG. 9 is a diagram schematically showing information transmitted from the key server 53 to the node 51B. In this way, the node 51 obtains a decryption key for decrypting each encryption according to the encryption selectively performed on the encrypted piece from the key server 53. Note that how the key server 53 generates the temporary symmetric key will be described later.

  Note that the order in which the node 51 obtains each of the plurality of pieces from which node and from which node is not particularly limited, but as described above, the node 51 encrypts each of the plurality of pieces. Each encrypted piece is acquired from the other nodes 50 and 51 by a piece request. Further, the node 51 receives each temporary symmetric key from the key server 53 by a key request for each encrypted piece, and obtains the distribution data described above by decrypting each encrypted piece.

<Key server configuration>
Next, various functions realized when the CPU of the key server 53 executes various programs stored in the storage device or the external storage device will be described. FIG. 10 is a diagram illustrating a functional configuration of the key server 53. The key server 53 includes a secret key storage unit 530, a data reception unit 531, an encryption skip determination unit 532, a temporary symmetric key generation unit 533, and a data transmission unit 534. The secret key storage unit 530 is secured as a storage area in an external storage device such as an HDD of the key server 53, for example. The entities of the data receiving unit 531, the encryption skip determining unit 532, the temporary symmetric key generating unit 533, and the data transmitting unit 534 are generated on a storage device such as a RAM when the CPU program of the key server 53 is executed. Is.

  The secret key storage unit 530 stores the secret key assigned to each node 50, 51 in association with the node ID assigned to each node 50, 51. The data receiving unit 531 requests a decryption key for decrypting the encrypted piece, and receives a key request including the above-described node ID sequence and random number sequence from the node 51.

The encryption skip determination unit 532 reads out the secret key stored in the secret key storage unit 530 in association with each node ID included in the node ID string included in the key request received by the data reception unit 531. Then, it is determined whether or not the following check expression is satisfied for each random number included in the random number sequence included in the key request. For example, each node ID included in the node ID column is ID # 0,..., ID # (j), and each node IDID # m (0 ≦ m ≦ j) corresponds to r_m and s_m, respectively. To do. In this case, the temporary symmetric key generation unit 533 determines whether or not the following check expression holds for all random numbers r_m (0 ≦ m ≦ j).
r_ m = F (s_m, ID # 0,…, ID # m) ... (inspection formula)

  In addition, when the node 51 generates a random number alternatively when distributing the encrypted piece, the above-described checking formula is established. That is, whether or not each random number is related to encryption of the encrypted piece is determined by the check expression.

The temporary symmetric key generation unit 533 generates the decryption key k_m using the function F for all random numbers m for which the above-described check expression is not satisfied. This can be expressed by the following formula. The function F is the same as that used when the node 51 described above generates a temporary symmetric key. Therefore, here, the temporary symmetric key is restored by the function F using the temporary information and the secret key.
k_m = F (s_ m, r_ m)

  On the other hand, the node 51 that has generated a random number that satisfies the above-described check expression mediates the distribution of the encrypted piece but does not perform encryption. For this reason, no decryption key is generated for the random number.

  The data transmission unit 534 transmits the temporary symmetric key generated as the decryption key by the temporary symmetric key generation unit 533 to the node 51 that has transmitted the key request received by the data reception unit 531. For example, in the above example, when the node 51A performs encryption, the key server 53 is as shown in FIG. 8 in response to the key request including the node ID string and the random number string shown in FIG. Then, temporary symmetric keys k_0, k_1 are obtained for the random numbers r_0, r_1 and transmitted to the node 51B. Further, when the node 51A does not perform encryption, the key server 53 sets the random number r_0 as shown in FIG. 9 in response to the key request including the node ID sequence and the random number sequence shown in FIG. Only for this, the temporary symmetric key k_0 is obtained and transmitted to the node 51B. Thus, the number of temporary symmetric keys as a decryption key for decrypting an encrypted piece in which one piece is encrypted differs depending on the number of times of encryption performed selectively for the piece. This number may be one or plural. Each symmetric key for decrypting each encryption performed on the piece is transmitted to the node 51B, so that the node 51B can completely decrypt the encryption of the encrypted piece. .

(2) Operation <Distribution start node: distribution processing>
Next, a procedure of processing performed in the data distribution system according to the present embodiment will be described. First, the procedure of the distribution process performed by the node 50 that is the distribution start node will be described with reference to FIG. The node 50 divides the distribution data into a plurality of pieces (step S1). When the node 50 receives a piece request for requesting a piece from another node 51 (step S2: YES), the node 50 generates a random number r_0 (step S3). Next, the node 50 generates a symmetric key k_0 by the function F using the random number r_0 and the secret key s_0 stored in the unique information storage unit 500 (step S4). Then, the node 50 encrypts the piece P to be transmitted using the symmetric key generated in step S4, and outputs the encrypted piece E (k_0) P (step S5). In addition, how to determine the piece to be transmitted is not particularly limited. Then, the node 50, for example, as shown in FIG. 4 with respect to the other node 51 that has transmitted the piece request received in step S2, node IDID # 0 stored in the unique information storage unit 500, The random number r_0 generated in step S4 and the encrypted piece E (k_0) P output in step S5 are transmitted (step S6). Thereafter, the process returns to step S2, and the node 50 waits for reception of a new piece request. Note that the piece requests received in step S2 are not necessarily the same node 51, and the pieces P requested by the piece requests are not necessarily the same piece. Further, the random number generated in step S3 basically differs for each process in step S3.

<Reception processing>
Next, a reception process procedure in which the node 51 receives an encrypted piece from the node 50 or another node 51 will be described with reference to FIG. The node 51 transmits a piece request for requesting a piece to the node 50 or another node 51 (step S10). Next, the node 51 receives the node ID string, the random number string, and the encrypted piece from the node 50 or the other node 51 that is the partner that transmitted the piece request in step S10 (step S11). Then, the node 51 stores the node ID sequence, random number sequence, and encrypted piece received in step S11 in association with each other (step S12).

  When the node 51 transmits a piece request to the node 50, the node ID sequence, random number sequence, and encrypted piece shown in FIG. Here, although not shown in the figure, a node connected to the P2P network NT, where f is an integer equal to or greater than 1, will be generalized and described. For convenience of explanation, the node ID of the node is ID # f. The node to which the node ID ID # f is assigned is the node ID column ID # for the piece P as shown in FIG. 13 from the node to which the (f-1) th node IDID # (f-1) is assigned. 0, ..., ID # (f-1), random numbers r_0, ..., r_ {f-1} and encrypted pieces E (k_ {t}) ... E (k_0) P are received. However, t is an integer satisfying 1 ≦ t ≦ f−1. This means that the encrypted piece is not necessarily (f-1) times encrypted but the number of times of encryption. Depending on the node ID string ID # 0,..., ID # (f-1), it is specified by which node the encrypted piece was encrypted and transmitted, so that the delivery path of the encrypted piece is indicated. Become.

<Nodes other than the distribution start node: distribution processing>
Next, the procedure of the distribution process performed by the nodes 51 other than the distribution start node will be described with reference to FIG. When receiving a piece request for requesting a piece from another node 51 (step S20: YES), the node 51 determines whether or not to encrypt the encrypted piece to be transmitted according to a predetermined probability (step S21). . When the node 51 determines to encrypt the encrypted piece to be transmitted (step S21: YES), the node 51 generates a random number (step S22). Next, the node 51 generates a temporary symmetric key by the function F using the random number generated in step S22 and the secret key stored in the unique information storage unit 510 (step S23). The node 51 uses the temporary symmetric key generated in step S23 to further encrypt an encrypted piece that is an encrypted piece obtained by encrypting a piece P and is stored in the data storage unit 517, and newly The encrypted piece is output (step S24). Thereafter, the node 51 transmits the unique information in addition to the node ID stored in the data storage unit 517 in association with the encrypted piece to be transmitted to the other node 51 that has transmitted the piece request received in step S20. A new node ID sequence including the node ID stored in the storage unit 510 and a new random number including the random number generated in step S22 in addition to the random number sequence associated with the encrypted piece and stored in the data storage unit 517 The sequence and the new encrypted piece output in step S24 are transmitted (step S25).

  On the other hand, when the node 51 determines in step S21 that the encrypted piece to be transmitted is not encrypted (step S21: NO), the node string stored in the data storage unit 517 in association with the encrypted piece. Then, an alternative random number is generated by the function F using the secret key stored in the unique information storage unit 510 (step S26). After that, the node 51 does not perform the encryption performed in step S24, and is an encrypted piece to be transmitted to the other node 51 that has transmitted the piece request received in step S20, and the data storage unit 517. And a new node ID string including a node ID stored in the unique information storage unit 510 in addition to the node ID stored in the data storage unit 517 in association with the encrypted piece, In addition to the random number sequence associated with the encrypted piece and stored in the data storage unit 517, a new random number sequence including the alternative random number generated in step S26 is transmitted (step S27).

  For example, as shown in FIG. 15, the node assigned with the node ID ID # f described above has a piece P as shown in FIG. 15 with respect to the node assigned with the (f + 1) th node IDID # (f + 1). Node ID string ID # 0, ..., ID # (f-1), ID # f, random number string r_0, ..., r_f, and encrypted piece E (k_t ') ... E (k_0) P To do. However, t ′ is an integer of 1 ≦ t ′ ≦ f. This means that the encrypted piece has been encrypted not necessarily f times but less.

<Decryption process>
Next, a procedure of a decryption process in which the node 51 acquires a decryption key from the key server 53 and decrypts the encrypted piece using the decryption key will be described with reference to FIG. The node 51 reads the node ID sequence and random number sequence associated with the encrypted piece stored in the data storage unit 517 (Step S30), requests a decryption key for decrypting the encrypted piece, A key request including the node ID sequence and random number sequence is transmitted to the key server 53 (step S31). Next, the node 51 receives the temporary symmetric key transmitted from the key server 53 in response to the key request transmitted in step S30 as a decryption key (step S32), and decrypts the encrypted piece using the temporary symmetric key. (Step S33).

  For example, the node to which the above-described node ID ID # (f + 1) is assigned, with respect to the key server 53, as shown in FIG. 17, the node ID string ID # 0,. f-1), ID # f, and a random number sequence r_0,..., r_ {f-1}, r_f are transmitted. Then, the node receives temporary symmetric keys k_0,..., K_t ′ for the piece P from the key server 53 as shown in FIG. 18, and uses them to encrypt the encrypted piece E (k_t ′). (k_0) P is decoded to obtain piece P. In this way, each node 51 can decrypt the encryption performed for the piece by obtaining all the temporary symmetric keys for decrypting the encryption performed for each piece, It becomes possible to completely decrypt the encrypted piece. In this way, each node 51 receives each temporary symmetric key from the key server 53 by a key request for each encrypted piece in which each of the plurality of pieces is encrypted, and decrypts each encrypted piece, The above distribution data can be obtained.

<Key server: Key transmission processing>
Next, a procedure of key transmission processing in which the key server 53 transmits a decryption key in response to a key request from the node 51 will be described with reference to FIG. When the key server 53 requests a decryption key for decrypting the encrypted piece and receives a key request including the node ID string and the random number string from the node 51 (step S40: YES), the key server 53 is included in the received key request. The secret key associated with each node ID included in the node ID string and stored in the secret key storage unit 530 is read for each node ID (step S41). Then, the key server 53 determines, for each of all random numbers included in the random number sequence, whether or not the above-described check expression is established by the function F using the random number and the secret key corresponding to the random number. (Step S42). Then, the key server 53 generates a temporary symmetric key as a decryption key by the function F for each node ID using the random numbers for all the node IDs for which the check expression is not satisfied and the secret key read in step S41 (step S43). . Next, the key server 53 transmits the temporary symmetric key generated as the decryption key in step S43 to the node 51 that transmitted the key request received in step S40 (step S44).

  For example, the key server 53 responds to a key request including a node ID string and a random number string as illustrated in FIG. 17 for the piece P with respect to the node to which the node ID ID # (f + 1) described above is assigned. , Temporary symmetric keys k_0,..., K_t ′ as shown in FIG.

  According to the above configuration, a combination of encrypted pieces acquired by a certain node is unique to the distribution route and the distribution time, and can be surely unique. In addition, when a node transmits an encrypted piece, encryption over the encrypted piece is selectively performed according to a predetermined probability. The random number sequence sent by the node together with the encrypted piece includes not only the random number used for generating the temporary symmetric key used for encryption but also an alternative random number generated when encryption is not performed. Is included. This makes it difficult for the node that has received the encrypted piece together with this random number sequence to determine which node on the distribution path of the encrypted piece has been encrypted with which temporary symmetric key. . According to such a configuration, the uniqueness of each node can be reliably increased for each combination of encrypted pieces acquired by each node without special measures regarding the distribution method in P2P distribution. Can be improved. Furthermore, it becomes possible to maintain the independence between the data protection and the data distribution method, and the degree of freedom in system construction can be improved.

  For example, it is assumed that each node 51 has acquired all encrypted pieces obtained by encrypting each of a plurality of pieces. There are various delivery routes for each encrypted piece. Therefore, if the encrypted pieces are different, there is a high possibility that the delivery route is different. Therefore, there is a high possibility that the combination of node IDs associated with each encrypted piece is different. Further, when the delivery paths of different encrypted pieces are the same, the combination of node IDs associated with each encrypted piece is the same, but the random numbers corresponding to each node are different. Also, whether each node performs encryption may differ for each encrypted piece and for each transmission.

For example, it is assumed that the distribution data is divided into N pieces of P1 to PN (N: an integer of 2 or more). At this time, it is assumed that the node to which the node ID ID # f described above is assigned stores the following data in association with the piece P1, for example.
Node ID string: ID # 0, ID # 1,…, ID # (f-1)
Random number sequence: r_0, r_1,…, r_ {f-1}
Encryption piece: E (k_t) ... E (k_0) P1

In addition, it is assumed that the node stores the following data in association with each other, assuming that the encrypted piece is received i-th instead of f-th for another piece P2.
Node ID string: ID # 0, ID '# 1,…, ID'# (i-1)
Random number sequence: r_0, r´_1,…, r´_ {i-1}
Encryption piece: E (W '_ {k´_t´}) ... E (k´_1) E (k_0) P2
ID '# 1, ..., ID'# (i-1) is a series of node IDs different from ID # 1, ..., ID # (j-1). R_0, r′_1,..., R ′ _ {i-1} are random numbers generated by the nodes assigned with the node IDs of ID ′ # 1,…, ID ′ # (i-1). Yes, each one is different. Further, k_0 is a temporary symmetric key generated by the node 50, and k′_1,..., K′_t ′ are among the nodes to which the respective node IDID # 1,…, ID # (j−1) are assigned. A temporary symmetric key generated by (t′-1) nodes.

  As described above, even in the same node, the temporary symmetric key necessary for decrypting the encrypted piece is different for each piece. Also, if the nodes are different, the temporary symmetric keys necessary for decrypting each encrypted piece are different even if they are the same piece. Even if the delivery route of the same piece is the same, it is probabilistic that which node is encrypting the encrypted piece is different, so the encryption state of the encrypted piece is different for each. . Therefore, if the nodes are different, the combination of the encrypted pieces is different for each of the plurality of pieces. That is, the combination of encrypted pieces obtained by encrypting all pieces constituting the distribution data can be surely different for each node. Therefore, according to the present embodiment, it is possible to reliably increase the uniqueness of each node with respect to the combination of encrypted pieces acquired by each node.

  In addition, when a node sends an encrypted piece to another node, encryption is selectively performed according to a predetermined probability, thereby reducing the number of times encryption is performed and reducing the processing burden of encryption performed by the node. And the processing load for decrypting the encrypted piece can be reduced. In addition, the processing load for the key server 53 to generate a temporary symmetric key for decrypting the encryption key can be reduced.

[Modification]
Note that the present invention is not limited to the above-described embodiment as it is, and can be embodied by modifying the constituent elements without departing from the scope of the invention in the implementation stage. Moreover, various inventions can be formed by appropriately combining a plurality of constituent elements disclosed in the embodiment. For example, some components may be deleted from all the components shown in the embodiment. Furthermore, constituent elements over different embodiments may be appropriately combined. Further, various modifications as exemplified below are possible.

<Modification 1>
In the above-described embodiment, various programs executed in each node 50 may be stored on a computer connected to a network such as the Internet and provided by being downloaded via the network. In addition, the program is recorded in a computer-readable recording medium such as a CD-ROM, a flexible disk (FD), a CD-R, a DVD (Digital Versatile Disk) in a file in an installable or executable format. You may comprise so that it may provide. In this case, the program is loaded onto the main storage device (for example, RAM) by being read from the recording medium at each node 50 and executed, and each unit described in the functional configuration is generated on the main storage device. The The same applies to various programs executed by the key server 53.

  In the above-described embodiment, all or part of the units described in the functional configuration of each node 50 may be configured by hardware. The same applies to all or some of the components described in the functional configuration of the key server 53.

<Modification 2>
In the embodiment described above, the node ID may be information that can uniquely identify each node, and may be, for example, the IP address, MAC address, or URL of each node.

<Modification 3>
In the data distribution system of the embodiment described above, the number of distribution start nodes may be plural. Further, the number of other nodes connected to the P2P network NT is not particularly limited.

<Modification 4>
In the above-described embodiment, a plurality of pieces may be requested by one piece request. In this case, the nodes 50 and 51 may transmit the pair of the encrypted piece, the node ID sequence, and the random number sequence to the other nodes 51 that transmitted the piece request as described above for each of the plurality of pieces.

  In the above-described embodiment, the nodes 50 and 51 are configured to transmit the encrypted piece in response to the piece request. However, the present invention is not limited to this, and the other nodes 51 may receive the piece request without receiving the piece request. The ID node sequence and the random number sequence may be transmitted together with the encrypted piece.

<Modification 5>
In the above-described embodiment, the node 51 sends a key request for decrypting each encrypted piece when the encrypted pieces are acquired and stored in the data storage unit 517 for all pieces constituting the distribution data. You may make it transmit to the key server 53. FIG. Alternatively, the node 51 sends a key request for decrypting the encrypted piece stored in the data storage unit 517 to the key server even if the encrypted pieces are not acquired for all pieces constituting the distribution data. You may make it transmit to 53. Further, the node 51 may request a decryption key for decrypting one encrypted piece by one key request, or request each decryption key for decrypting a plurality of encrypted pieces. You may do it.

<Modification 6>
In the above-described embodiment, the piece symmetric key is a temporary symmetric key that is both an encryption key and a decryption key for decrypting the encryption. However, the encryption key used for encrypting the piece may be different from the decryption key for decrypting the encryption performed on the encrypted piece.

  In the above-described embodiment, each time the nodes 50 and 51 transmit the encrypted piece stored in the data storage unit 517 to another node 51, the nodes 50 and 51 generate a random number. However, the nodes 50 and 51 may generate random numbers according to the number of times of transmission of encrypted pieces, for example, instead of generating random numbers each time. For example, the nodes 50 and 51 may generate a new random number every time the encrypted piece is transmitted a predetermined number of times (for example, 5 times). The timing at which the nodes 50 and 51 generate random numbers may be when a piece request is received from another node 51, or may be every predetermined time.

  Further, in the above-described embodiment, when the node 51 encrypts the encrypted piece stored in the data storage unit 517 and transmits the encrypted piece to the other node 51, a part of the encrypted piece of data is not the whole. The data may be encrypted. In this case, the data encrypted by each node 51 that mediates the distribution of the encrypted piece is overlapped with the data encrypted by the other node 51 that also mediates the distribution of the encrypted piece. The node 51 may encrypt part of the data of the encrypted piece. According to such a configuration, it is possible to reduce the processing load related to encryption performed by each node 51, and it is possible to suppress the influence when the decryption key is exposed by duplicating the encrypted part. become.

<Modification 7>
In the above-described embodiment, the node ID string and the random number string that the node 51 transmits to the other nodes 51 together with the encrypted pieces are not limited to the forms illustrated in FIGS. For example, a form in which a set of a node ID and a random number corresponding to the node ID is shown for each node ID, such as (ID # 0, r_0), (ID # 1, r_1)... (ID # f, r_f) It may be.

<Modification 8>
In the above-described embodiment, the secret key is used as the secret information uniquely assigned to each of the nodes 50 and 51. However, the present invention is not limited to this.

  In the above embodiment, the secret key is uniquely assigned to each of the nodes 50 and 51. However, the present invention is not limited to this. For example, the same secret key may be assigned to some of the nodes 50 and 51.

<Modification 9>
In the above-described embodiment, the above-described encrypted piece, node ID string, and random number string may be distributed in the form of package data. In this case, the package data may be recorded on a computer-readable recording medium and provided to the node, or may be configured to be downloaded to the node via the server. In response to the piece request, the node that has acquired the package data, in the same manner as in the above-described embodiment, an encrypted piece that is selectively encrypted with respect to the encrypted piece included in the package data; The node ID included in the package data and its own node ID, the random number sequence included in the package data, and the random number generated by itself may be transmitted to other nodes.

<Modification 10>
In the above-described embodiment, the node 50 that is the distribution start node may selectively perform encryption according to a predetermined probability in the same manner as the node 51 when transmitting the encrypted piece. In this case, the node 50 may be configured to have the same functions as the encryption determination unit numbering determination unit 521 and the random number alternative generation unit 522 included in the node 51 described above.

In the above-described embodiment, the probability that the node 51 selectively performs encryption is predetermined, but this may be variable. For example, the probability may be changed according to the number of times the distribution of the encrypted piece is mediated (referred to as the number of vias), or a fixed value and a variable value may be used properly. Specifically, for example, the node 51 counts the number of node IDs included in the node ID string stored in the data storage unit 517 in association with the encrypted piece to be transmitted. This value is the number of times sd_a passes through the encrypted piece. When the number of times of passing sd_a is equal to or less than a predetermined number of times sd_s (for example, 10 times), the node 51 determines whether or not to encrypt using “1” which is a fixed value as a probability. In addition, when the number of times of passing sd_a is larger than the predetermined number of times sd_s, the node 51 obtains a probability by the following equation, for example, and determines whether or not to perform encryption.
Probability = 1 / (sd_a-sd_s)

  According to such a configuration, when the number of times the encrypted piece is passed is relatively small, the protection of the encrypted piece can be prioritized by increasing the degree of encryption. On the other hand, when the number of times the encrypted piece passes is relatively large, the reduction of the processing load can be prioritized by reducing the degree of encryption. Thus, the convenience of the provider of distribution data can be improved by appropriately controlling the state of encryption overlap.

It is a figure which shows the structure of the data delivery system concerning 1st Embodiment. It is a figure which illustrates the functional structure of the node 50 concerning the embodiment. It is a figure which illustrates the functional structure of the node 51 concerning the embodiment. It is a figure which shows typically the information transmitted to the node 51A from the node 50 concerning the embodiment. It is a figure which shows typically the information transmitted to the node 51B from the node 51A concerning the embodiment. It is a figure which shows typically the information transmitted to the node 51B from the node 51A concerning the embodiment. It is a figure which shows typically the information transmitted to the key server 53 from the node 51B concerning the embodiment. It is a figure which shows typically the information transmitted to the node 51B from the key server 53 concerning the embodiment. It is a figure which shows typically the information transmitted to the node 51B from the key server 53 concerning the embodiment. It is a figure which illustrates the functional structure of the key server 53 concerning the embodiment. It is a flowchart which shows the procedure of the delivery process which the node 50 which is a delivery start node concerning the embodiment performs. 4 is a flowchart showing a procedure of a reception process in which a node 51 according to the embodiment receives an encrypted piece from a node 50 or another node 51. It is a figure which shows typically the information received by the node concerning the embodiment. It is a flowchart which shows the procedure of the delivery process which nodes 51 other than the delivery start node concerning the embodiment perform. It is a figure which shows typically the information which the node concerning the embodiment transmits. 4 is a flowchart showing a procedure of a decryption process in which a node 51 according to the embodiment acquires a decryption key from a key server 53 and decrypts an encrypted piece using the decryption key. It is a figure which shows typically the information which the node concerning the embodiment transmits. It is a figure which shows typically the symmetric key which the node concerning the embodiment receives. 4 is a flowchart showing a procedure of key transmission processing in which the key server 53 according to the embodiment transmits a decryption key in response to a key request from a node 51.

Explanation of symbols

50, 51, 51A, 51B Node 53 Key server 500 Unique information storage unit 501 Random number generation unit 502 Temporary symmetric key generation unit 503 Piece encryption unit 504 Piece generation unit 505 Data transmission unit 506 Transmission request reception unit 510 Unique information storage unit 511 Random number generator 512 Temporary symmetric key generator 513 Piece encryption unit 514 Data reception unit 515 Data transmission unit 516 Transmission request reception unit 517 Data storage unit 518 Transmission request transmission unit 519 Key request transmission unit 520 Piece decryption unit 521 Encryption determination unit 530 Secret key storage unit 531 Data reception unit 532 Encryption skip determination unit 533 Temporary symmetric key generation unit 534 Data transmission unit NT P2P network

Claims (22)

A communication device that encrypts and transmits a plurality of pieces that are part of data,
First storage means for storing device identification information assigned to the communication device;
The first encrypted piece that is a piece encrypted by another communication device, the first device identification information assigned to the other communication device, and the first generated when the other communication device encrypts Receiving means for receiving temporary information;
Second storage means for storing the first encrypted piece, the first device identification information, and the first temporary information in association with each other;
Determining means for determining whether to encrypt the first encrypted piece;
A first generating unit that generates second temporary information that may differ for each generation when the determining unit determines to encrypt the first encrypted piece;
Second generation means for generating a temporary symmetric key using the second temporary information;
Encryption means for further encrypting the first encrypted piece using the temporary symmetric key and outputting a second encrypted piece;
If it is determined by the determining means to encrypt the first encrypted piece, the second encrypted piece, the first device identification information, the second device identification information, the first temporary information, A communication apparatus comprising: a transmission unit that transmits the second temporary information. When it is determined by the determining means that the first encrypted piece is not encrypted, further comprising third generating means for generating third temporary information using at least the first device identification information,
When the determining means determines that the first encrypted piece is not encrypted by the determining means, the transmitting means, the first device identification information, the second device identification information, and the The communication apparatus according to claim 1, wherein the first temporary information and the third temporary information are transmitted. The first storage means further stores secret information assigned to the communication device,
3. The communication apparatus according to claim 1, wherein the second generation unit generates the temporary symmetric key using the second temporary information and the secret information. The said 2nd production | generation means produces | generates the said temporary symmetric key with a one-way function, a common key encryption, or a pseudorandom number generator using the said 2nd temporary information and the said secret information. The communication apparatus as described in. When the determination unit determines that the first encrypted piece is not encrypted, the third generation unit uses the second device identification information and the secret information to generate a one-way function, a common key encryption The communication apparatus according to claim 3, wherein the third temporary information is generated by a pseudo random number generator. The said determination means determines whether the said 1st encryption piece is encrypted according to a predetermined | prescribed probability, when transmitting the said 1st encryption piece. The communication device according to one item. The determination means determines whether to encrypt the first encrypted piece according to a probability that the smaller the number of times the delivery of the first encrypted piece is mediated, the smaller the number and the larger the number, the larger the number. The communication apparatus according to claim 6. Request receiving means for receiving a piece request for requesting the piece;
The first generation unit generates the second temporary information when the piece request is received and when the determination unit determines to encrypt the first encrypted piece. Item 8. The communication device according to any one of Items 1 to 7. A communication device that encrypts and transmits a plurality of pieces that are part of data to another communication device,
First storage means for storing device identification information assigned to the communication device;
First generation means for generating temporary information that may differ for each generation;
Second generation means for generating a temporary symmetric key using the temporary information;
Encryption means for encrypting the piece using the temporary symmetric key and outputting an encrypted piece;
A communication apparatus comprising: a transmission unit configured to transmit the encrypted piece, the apparatus identification information, and the temporary information to the other communication apparatus. The first storage means further stores secret information assigned to the communication device,
The communication device according to claim 9, wherein the second generation unit generates the temporary symmetric key using the temporary information and the secret information. The said 2nd production | generation means produces | generates the said temporary symmetric key with a one-way function, a common key encryption, or a pseudorandom number generator using the said temporary information and the said secret information. Communication equipment. Second storage means for storing the data;
The communication apparatus according to claim 9, further comprising a dividing unit that divides the data into a plurality of pieces. Request receiving means for receiving a piece request for requesting the piece;
The communication device according to claim 9, wherein the first generation unit generates the temporary information when the piece request is received. A communication device that receives a plurality of pieces that are part of data,
First storage means for storing device identification information assigned to the communication device;
An encrypted piece that is a piece encrypted by another communication device, device identification information assigned to the other communication device, and temporary information generated when the other communication device encrypts the piece; First receiving means for receiving
Second storage means for storing the received encrypted piece, the device identification information, and the temporary information in association with each other;
A request for requesting a decryption key for decrypting the encrypted piece, and transmitting a key request including the device identification information and the temporary information stored in association with the encrypted piece to the key server Means,
Second receiving means for receiving each decryption key for decrypting the encryption performed on the piece from the key server in response to the key request;
A communication apparatus comprising: decryption means for decrypting the encrypted piece using each received decryption key. The encrypted pieces are each encrypted by a temporary symmetric key generated by the other communication device using at least the temporary information,
The second receiving means receives the decryption key which is the temporary symmetric key from the key server,
15. The communication apparatus according to claim 14, wherein the decryption unit decrypts the encrypted piece using each decryption key that is the received temporary symmetric key. The encrypted piece is encrypted by a temporary symmetric key generated by the other communication device using the temporary information and secret information assigned to the other communication device,
16. The communication apparatus according to claim 15, wherein the second receiving unit receives a decryption key that is the temporary symmetric key from the key server. The secret information assigned to each of a plurality of other communication devices that encrypt and transmit a plurality of pieces that are part of the data and the device identification information assigned to each communication device are stored in association with each other. 1 storage means;
Requesting a decryption key for decrypting an encrypted piece, which is an encrypted piece, and the device identification information and the plurality of other communications of the plurality of other communication devices that mediate delivery of the encrypted piece Receiving means for receiving, from the communication device, a key request that includes information generated by each apparatus and includes temporary information that can be different for each generation;
Using the secret information stored in association with the device identification information included in the key request, and the temporary information included in the key request in association with the device identification information, Key generation means for generating each of the decryption keys;
A key server comprising: transmission means for transmitting each of the decryption keys to the communication device. The key generation means includes
Using the secret information stored in association with the device identification information included in the key request and the temporary information included in the key request in association with the device identification information, Determining means for determining whether each of the temporary information relates to encryption performed on the encrypted piece;
Using the temporary information for which the determination result of the determination means is positive, and the secret information stored in association with the device identification information included in the key request in association with the temporary information The key server according to claim 17, further comprising generation means for generating each of the decryption keys. The determination means uses each device identification information included in the key request and the secret key information associated with one device identification information to generate a one-way function, common key encryption, or pseudo-random number generation. Depending on whether the value obtained by the device matches the temporary information associated with the device identification information and included in the key request, the temporary information is encrypted by the encryption performed on the encrypted piece. 19. The key server according to claim 18, wherein it is determined whether or not it is involved. The generation means uses a temporary symmetric key generated by a one-way function, a common key encryption, or a pseudo-random number generator using the temporary information for which the determination result of the determination means is positive and the secret key information. The decryption key, which is the temporary symmetric key, is generated by restoring the symmetric key using the one-way function, the common key cryptography, or the pseudo-random number generator. The key server according to one item. Data transmitted from a communication device that mediates distribution of pieces that are part of distribution data,
Temporary information that is generated corresponding to each of the plurality of communication devices that mediate the distribution of the pieces, and that may be different for each generation, device identification information that is assigned to each of the plurality of communication devices, and all or part thereof Data that includes an encrypted piece that is an encrypted piece that is encrypted using a temporary symmetric key that is generated using the temporary information. Temporary information that can be different for each generation is generated corresponding to each of a plurality of communication devices that mediate the distribution of an encrypted piece that is a piece that is part of the distribution data, and all or part of the temporary information Data transmitted from the communication device to the key server together with a key request for requesting a decryption key for decrypting an encrypted piece, each encrypted piece using each temporary symmetric key generated using ,
Data including device identification information assigned to each of the plurality of communication devices and the temporary information generated corresponding to each of the plurality of communication devices in association with each other.

Images