JP5288901B2 - Key management server, terminal, communication system, key distribution method, key distribution program, key reception method, and key reception program - Google Patents

Description

  The present invention relates to, for example, a technique for distributing an encryption key and sharing an encryption key used when performing encrypted communication between a plurality of terminals.

  A plurality of communication devices share encryption algorithm keys, and perform electronic signatures and encryption of communication contents between communication devices, thereby preventing tapping of communication contents and detecting tampering. At this time, if a common key encryption algorithm is used as the encryption algorithm, all communication devices need to share the same common key. When using a public key encryption algorithm as an encryption algorithm, all communication devices need to have their own private key and the public key of another device. That is, it is necessary to share a secret key or a public key associated with a secret key between communication devices. At this time, if the same key is continuously used, the key may be leaked due to key analysis, key reading from a lost communication device, or the like, so it is necessary to update the shared key.

As a technique related to the updating of the shared key in the conventional multiple communication devices, there are the following techniques.
Patent Document 1 describes a key distribution system. In this key distribution system, users are grouped in a tree structure, and a group key shared within the group is generated by a key management server based on a user's new membership or withdrawal request. The group key is updated / distributed by encrypting with the user's personal key shared in advance between the key management server and each user.

  Patent Document 2 describes a key exchange system. In this key exchange system, a shared key is updated by exchanging key data between a gateway apparatus, which is a DHCP (Dynamic Host Configuration Protocol) server, and a communication terminal using a Diffie-Hellman key exchange system. In particular, in this key exchange system, the key data is transferred using the Diffie-Hellman key exchange method at the time of DHCP communication starting from a request for extension of network information to the gateway device by the communication terminal before the expiration of the network information. Replace it with a new one.

Patent Document 3 describes a key update method. In this key update method, a sequence of keys derived from each of n values created by repeatedly applying a one-way function to secret information in advance is generated in the reverse order of the created order, that is, the secret. It is used as a group key to be updated in order from a key derived from a value obtained by applying a one-way function n times to information. Thereby, in this key update method, if only the latest group key is held, information encrypted using the past group key can be decrypted.
JP 2006-203363 A JP 2001-292135 A JP 2000-244474 A

A conventional shared key update method in a plurality of communication devices has the following problems.
First, in the above key distribution system, the group key is updated, but when the updated group key generated by the key management server is distributed, the key management server and each user have shared in advance. Repeatedly use the person's personal key. Therefore, when the encrypted communication contents and the updated group key that is encrypted and distributed are obtained and recorded, and the user's personal key is successfully decrypted, the group key leaks from the decrypted personal key, There is a problem that all communication contents are eventually leaked.
In the key distribution system, the group key is updated only when a new membership or unsubscription request for a user who constitutes the group is generated. For this reason, when a new membership or unsubscription request of a user constituting the group does not occur, the same group key is repeatedly used, and there is a problem that it is easily exposed to a group key decryption attack.

The key exchange system uses a Diffie-Hellman key exchange method. For this reason, each of the gateway device and the communication terminal needs to perform a complex calculation including a prime number, and there is a problem that the processing load is high.
In addition, since the Diffie-Hellman key exchange method cannot authenticate the communication partner, that is, cannot confirm the validity, for example, there is a problem that it must be used in combination with a public key encryption algorithm.

  In the key update method, it is possible to derive all past group keys from the latest group key. Therefore, if the encrypted communication contents are obtained and recorded and the latest group key is successfully decrypted and obtained, all past group keys will be leaked, and finally all communication contents will be leaked. There is a problem.

  An object of the present invention is, for example, to perform key distribution (key sharing) that enables communication between highly secure communication devices while keeping the processing load on the communication devices low.

The key management server according to the present invention is, for example, a key management server that can communicate with a plurality of terminals.
A device key update command for instructing update of a device key used when the plurality of terminals receive a master key used for encryption processing of communication between the plurality of terminals, and is a current one by a predetermined one-way function A device key update instruction creating unit for creating a device key update instruction for instructing an update from the device key of the next generation to the device key of the next generation by the processing device;
And a data transmission unit that transmits the device key update command generated by the device key update command generation unit to a communication device using at least one of the plurality of terminals as a destination.

  According to the key distribution server according to the present invention, since the device key is updated, the master key can be distributed safely. In particular, since the device key is updated by a one-way function, even if the current device key leaks, the information communicated by the past device key does not leak. Further, according to the key distribution server according to the present invention, since the device key itself is not distributed, the device key is not leaked by intercepting communication. Furthermore, according to the key distribution server according to the present invention, since the device key itself is not distributed, it is not necessary to encrypt the communication information, that is, it is not necessary to perform a complicated encryption operation. Therefore, the processing load on the key management server and the terminal is low.

Embodiment 1 FIG.
FIG. 1 is a system configuration diagram according to the first embodiment.
In FIG. 1, the key management server 101 creates and distributes an encryption key (master key) used for communication between the communication devices 102, and instructs to update a master key shared between the communication devices 102 and a device key described later. Server. The communication device 102 is a device that communicates with another communication device 102 by performing encryption processing using a master key. A network 103 is a backbone network used as a communication path between the key management server 101 and the communication device 102 and between the communication devices 102.
The key management server 101 and the communication device 102 share a different encryption key (device key) for each communication device 102 in advance, and various command data can be encrypted between the key management server 101 and the communication device 102. It is possible to communicate after preventing falsification.
In the first embodiment, a master key or the like is distributed from the key management server 101 to the communication device 102 by updating the device key shared between the key management server 101 and the communication device 102 to a new device key at a predetermined timing. Increase safety.

First, an outline of an operation of updating a shared key (device key) between the key management server 101 and the communication device 102 by distributing a device key update command will be described.
The device key is updated by using a method of batch updating all device keys using the device key batch update command 600 and only a device key shared with a specific communication device 102 using the device key individual update command 700. There are two ways to update. Further, when the expiration date of the device key is described in these commands (device key batch update command 600, device key individual update command 700), the key management server 101 and the communication device 102 automatically change the device according to the expiration date. Update the key.

FIG. 2 is a diagram showing a data flow when all device keys are collectively updated in the system configuration shown in FIG.
The key management server 101 creates a command for instructing batch update of all device keys, adds a digital signature set for each communication device 102 to verify the validity of the command, and performs a device key batch update command 600. Create Next, the key management server 101 transmits a device key batch update command 600 to all the communication devices 102 via the network 103. Then, the key management server 101 updates all device keys. On the other hand, the communication device 102 receives the device key batch update command 600 via the network 103, verifies the electronic signature set included in the command, confirms the validity of the command, and updates the device key.

Next, a device key batch update command 600 distributed by the key management server 101 will be described with reference to FIG.
FIG. 3 is a diagram showing a data format of the device key batch update instruction 600 in FIG.
In FIG. 3, the device key batch update command 600 includes a data type 601, device key batch update command information 602, and an electronic signature set 603.
The data type 601 is a flag indicating that the type of command data is a device key batch update command. The device key batch update command information 602 is a specific instruction content for updating the device key in all the communication devices 102. The electronic signature set 603 is a set of individual electronic signatures 604 created for each communication device 102 as a destination in order to confirm that the device key batch update command 600 is a regular command created by the key management server 101. is there. The individual electronic signature 604 is an electronic signature that can be verified by each communication device 102.
The device key batch update command information 602 includes an updated generation number 611 and an expiration date 612. The updated generation number 611 is a generation number indicating which generation device key should be updated. The expiration date 612 is a date and time designated when an expiration date is set for the updated device key, and can be omitted when no expiration date is set.
The individual electronic signature 604 includes a device ID 621, a signature key generation number 622, and a signature value 623. The device ID 621 is a different value for each device indicating the communication device 102 to which the individual electronic signature 604 is targeted. The signature key generation number 622 is a generation number of a device key used when generating a signature. The signature value 623 is a signature applied to the data type 601 and the device key batch update command information 602 using the device key having the signature key generation number 622 corresponding to the communication device 102 having the device ID 621.

FIG. 4 is a diagram showing a data flow when only a specific device key is individually updated in the system configuration shown in FIG.
The key management server 101 creates a command for instructing the individual update of the device key of a specific communication device 102, adds an electronic signature for the corresponding communication device 102 to verify the validity of the command, An update instruction 700 is created. Next, the key management server 101 transmits a device key individual update command 700 to the corresponding communication device 102 via the network 103. Then, the key management server 101 updates the corresponding device key. On the other hand, the communication device 102 receives the device key individual update command 700 via the network 103, checks whether the command is addressed to itself, verifies the electronic signature included in the command, and confirms the validity of the command. Update the device key.

Next, the device key individual update command 700 distributed by the key management server 101 will be described with reference to FIG.
FIG. 5 is a diagram showing a data format of the device key individual update instruction 700 in FIG.
In FIG. 5, the device key individual update command 700 includes a data type 701, device key individual update command information 702, and an electronic signature 703.
The data type 701 is a flag indicating that the type of command data is a device key individual update command. The device key individual update command information 702 is specific instruction contents for updating the device key in the specific communication device 102. An electronic signature 703 is an electronic signature that can be verified by the corresponding communication device 102 and is created to confirm that the device key individual update command 700 is a regular command created by the key management server 101.
The device key individual update command information 702 includes a device ID 711, an updated generation number 712, and an expiration date 713. The device ID 711 is a different value for each device indicating the communication device 102 instructing device key update. The updated generation number 712 is a generation number indicating which generation device key should be updated. The expiration date 713 is a date and time designated when an expiration date is set for the updated device key, and can be omitted when no expiration date is set.
The electronic signature 703 includes a signature key generation number 721 and a signature value 722. The signature key generation number 721 is a generation number of a device key used when generating a signature. The signature value 722 is a signature applied to the data type 701 and the device key individual update command information 702 using the device key having the signature key generation number 721 corresponding to the communication device 102 having the device ID 711.

Next, the function of the key management server 101 in the first embodiment will be described with reference to FIGS.
FIG. 6 is a functional block diagram of the key management server 101 in the first embodiment. The key management server 101 includes an input interface 201, a data transmission unit 202, an update key generation unit 204 (device update key generation unit, master update key generation unit), a signature value calculation unit 206, a key management database 207, and a device key update instruction generation. The unit 208 is provided.
The input interface 201 receives an input by an operator of the key management server 101 via an input device.
The data transmission unit 202 transmits various command data created by the key management server 101 to the communication device 102 by the communication device via the network 103.
The update key generation unit 204 generates a next generation key from the current key using a one-way function.
The signature value calculation unit 206 generates a signature for the data to be signed by the processing device using the designated device key.
The key management database 207 stores (manages) all keys that the key management server 101 needs to manage in the storage device.
The device key update command creation unit 208 creates a device key batch update command 600 and a device key individual update command 700 by the processing device.

FIG. 7 is a diagram showing information stored in the key management database 207 inside the key management server 101 according to the first embodiment. The key management database 207 includes a device key management table 301.
The device key management table 301 is a combination of a device key shared between the key management server 101 and each communication device 102 with a device ID that identifies the communication device 102, a key generation number, and a key expiration date. Manage with. The key generation number is generation information indicating how many times the device key has been updated. For example, the first shared device key is set to 1 (first generation), and the device key is updated thereafter. Are incremented (+1) to 2 (second generation), 3 (third generation),.

Next, the function of the communication device 102 according to the first embodiment will be described with reference to FIGS.
FIG. 8 is a functional block diagram of the communication device 102 according to the first embodiment. The communication device 102 includes a data reception unit 401, an update key generation unit 403, a signature value verification unit 405, a management database 406, and a device key update command interpretation unit 407.
The data receiving unit 401 receives various command data transmitted from the key management server 101 via the network 103 by the communication device.
The update key generation unit 403 generates a next generation key from the current key using a one-way function.
The signature value verification unit 405 verifies the signature of the data to be signed and the signature value by the processing device using the designated key.
The management database 406 stores (manages) all information and keys that the communication device 102 needs to manage in the storage device.
The device key update command interpretation unit 407 interprets the device key batch update command 600 and the device key individual update command 700 received by the data reception unit 401 and causes the update key generation unit 403 to update the device key.

FIG. 9 is a diagram showing information stored in the management database 406 in the communication device 102 according to the first embodiment. The management database 406 includes a device ID management table 501 and a device key management table 502.
The device ID management table 501 manages the values of device IDs assigned to the devices so as to be different for each communication device 102.
The device key management table 502 manages device keys shared with the key management server 101 in combination with a key generation number and a key expiration date.

Next, the operation will be described.
First, the operation when the device keys are collectively updated will be described. FIG. 10 is a flowchart showing the operation of the communication system when the device keys are collectively updated.
In the device key batch update command creation process (S101), the device key update command creation unit 208 of the key management server 101 creates the device key batch update command 600. At this time, the signature value calculation unit 206 receives all device keys managed by the device key management table 301 of the key management database 207 as input, and inputs the signature value 623 for the data type 601 and the device key batch update command information 602 to the communication device 102. Generate every time.
In the data transmission process (S102), the data transmission unit 202 transmits the device key batch update command 600 to all the communication devices 102.
In the server-side device key update process (S103), the update key generation unit 204 updates all device keys with a one-way function after successfully transmitting the device key batch update command 600, and the device keys in the key management database 207 are updated. While storing in the management table 301, all the device keys before update are deleted.
In the data reception process (S104), the data reception unit 401 of the communication device 102 receives the device key batch update command 600. The device key update command interpretation unit 407 recognizes that the received information is the device key batch update command 600 based on the data type 601 of the device key batch update command 600.
In the signature determination process (S105), the signature value verification unit 405 selects the individual electronic signature 604 addressed to itself from the electronic signature set 603 using the device ID managed by the device ID management table 501 of the management database 406. The signature value verification unit 405 receives a device key managed by the device key management table 502 of the management database 406 as an input, calculates a signature value for the data type 601 and the device key batch update command information 602, and an individual electronic signature 604 addressed to itself. The validity of the device key batch update instruction 600 is confirmed in comparison with the signature value 623 of At this time, if the signature key generation number 622 of the device key used for the signature is newer than the generation number of the device key managed by the device key management table 502 of the management database 406, the signature value verification unit 405 temporarily creates a new generation. Is generated by the update key generation unit 403 and is confirmed by the generated key. On the other hand, when the signature key generation number 622 of the device key used for the signature is older than the generation number of the device key managed by the device key management table 502 of the management database 406, the signature value verification unit 405 determines that the signature is invalid. .
Here, the temporarily generated new generation key is a generation device key indicated by the generation number 622 of the device key used for the signature. That is, when the generation number 622 of the device key used for the signature is two generations newer than the generation number of the device key managed by the device key management table 502 of the management database 406, the update key generation unit 403 sets the one-way function to 2 Generate a new generation key by passing through. Also, “temporarily” means that if the validity of the device key batch update instruction 600 cannot be confirmed, the generated new generation key is deleted and the original generation key remains unchanged.
If the signature verification is successful (YES in S105), the device key update command interpretation unit 407 proceeds to (S106). On the other hand, if the signature verification fails (NO in S105), the device key update command interpretation unit 407 determines that the device key batch update command 600 is not valid, and ends the process.
In the terminal-side device key update process (S106), when the signature verification is successful, the update key generation unit 403 updates the device key using the same one-way function as the key management server 101, and the device key of the management database 406 While storing in the management table 502, the device key before update is deleted. When a new generation key is generated and confirmed in (S105), the device in the management database 406 is updated with the new generation key updated to the next generation or later generation as the updated device key. Stored in the key management table 502. That is, the generation device key indicated by the updated generation number 611 of the device key batch update instruction 600 is generated and stored in the device key management table 502 of the management database 406.

Next, an operation when only a specific device key is updated will be described. FIG. 11 is a flowchart showing the operation of the communication system when only a specific device key is updated.
In the device key individual update command creation process (S201), the device key update command creation unit 208 of the key management server 101 creates the device key individual update command 700. At this time, the signature value calculation unit 206 receives the device key of the corresponding communication device 102 managed by the device key management table 301 of the key management database 207 as an input, and the signature value 722 for the data type 701 and the device key individual update command information 702. Is generated.
In the data transmission process (S202), the data transmission unit 202 transmits the device key individual update command 700 to the corresponding communication device 102.
In the server-side device key update process (S203), the update key generation unit 204 updates the corresponding device key with a one-way function after successfully transmitting the device key individual update command 700, and the device in the key management database 207 The device key is stored in the key management table 301 and the device key before update is deleted.
In the data reception process (S204), the data reception unit 401 of the communication device 102 receives the device key individual update command 700. The device key update command interpreter 407 recognizes that the received information is the device key individual update command 700 based on the data type 701 of the device key individual update command 700.
In the destination determination process (S205), the device key update command interpretation unit 407 checks whether the device ID managed in the device ID management table 501 of the management database 406 matches the device ID 711 included in the device key individual update command 700. Then, it is confirmed whether the device key individual update instruction 700 is addressed to itself.
If the device key individual update command 700 is addressed to itself (YES in S205), the device key update command interpretation unit 407 proceeds to (S206). On the other hand, if the device key individual update command 700 is not addressed to itself (NO in S205), the device key update command interpretation unit 407 ignores the device key individual update command 700 and ends the processing.
In the signature determination process (S206), when the device key individual update instruction 700 is addressed to itself, the signature value verification unit 405 receives the device key managed in the device key management table 502 of the management database 406 as an input, and the data type 701. The signature value for the device key individual update command information 702 is calculated, and compared with the signature value 722 of the device key individual update command 700, the validity of the device key individual update command 700 is confirmed. When the validity of the device key individual update instruction 700 is confirmed, if the signature key generation number 721 of the device key used for signature is newer than the generation number of the device key managed in the device key management table 502 of the management database 406, the signature The value verification unit 405 causes the update key generation unit 403 to temporarily generate a new generation key for confirmation. If the signature key generation number 721 of the device key used for the signature is older than the generation number of the device key managed by the device key management table 502 of the management database 406, the signature value verification unit 405 determines that the signature is invalid.
If the signature verification is successful (YES in S206), the device key update command interpretation unit 407 proceeds to (S207). On the other hand, if the signature verification fails (NO in S206), the device key update command interpretation unit 407 determines that the device key individual update command 700 is not valid, and ends the process.
In the terminal-side device key update process (S207), when the signature verification is successful, the update key generation unit 403 updates the device key using the same one-way function as that of the key management server 101, and the device key of the management database 406 While storing in the management table 502, the device key before update is deleted.

Next, the operation when the key management server 101 and the communication device 102 automatically update the device key according to the expiration date of the device key will be described.
The key management server 101 manages device keys together with expiration dates in the device key management table 301 of the key management database 207. When the expiration date has passed, the update key generation unit 204 updates the device key, stores it in the device key management table 301 of the key management database 207, and deletes the corresponding device key before update.
Similarly, the communication device 102 manages the device key together with the expiration date in the device key management table 502 of the management database 406. When the expiration date has passed, the update key generation unit 403 updates the device key, stores it in the device key management table 502 of the management database 406, and deletes the device key before update.

  As described above, since the key management server 101 updates the key (device key) shared in advance with the communication device 102, communication by decryption of the pre-shared key resulting from repeated use of the pre-shared key. Content leakage can be prevented. In addition, when the device key is updated, the updated key itself is not distributed via the network 103, so that leakage of communication contents due to decryption of the device key that is encrypted and distributed can be prevented. Since it calculates electronic signature values using pre-shared device keys and renews keys using one-way functions, it is combined with complex operations such as Diffie-Hellman key exchange and public key encryption algorithms. The device key can be updated without using it. Since the device key is updated using the one-way function and the device key before the update is deleted, it is possible to prevent leakage of past communication contents due to the decryption of the latest device key.

Embodiment 2. FIG.
In the second embodiment, distribution of the encryption key (master key) used for encrypted communication between the communication devices 102 by distributing the master key distribution command 800 from the key management server 101, and the key management server 101 and the communication device The update of the shared key (device key) used for encrypted communication between the terminals 102 will be described.

First, an overview of operations of master key distribution and device key update by distribution of the master key distribution command 800 will be described.
The key management server 101 generates an encryption key (master key) that is used when the communication devices 102 perform encrypted communication with each other, encrypts it with the device key of the communication device 102 that uses the key, and corresponds as a master key distribution command 800. Transmit to the communication device 102. Necessary when the communication device 102 that has received the master key distribution command 800 detects that a generation shift has occurred in the device key shared with the key management server 101 when verifying the validity of the master key distribution command 800 The device key is updated according to the process. Furthermore, when the expiration date of the master key is described in these instructions, the key management server 101 and the communication device 102 automatically update the master key according to the expiration date.

FIG. 12 is a diagram showing a data flow when distributing a master key used for encryption between communication devices 102 in the system configuration shown in FIG.
The key management server 101 creates a command for instructing distribution of a master key used for encrypted communication between specific communication devices 102, and a signature value for the corresponding communication device 102 to verify the validity of the command. To create a master key distribution command 800. Next, the key management server 101 transmits a master key distribution command 800 to the corresponding communication device 102 via the network 103. Then, the key management server 101 stores the corresponding master key. On the other hand, the communication device 102 receives the master key distribution command 800 via the network 103, checks whether the command is addressed to itself, verifies the signature value included in the command, and confirms the validity of the command. Get the master key.

Next, a master key distribution command 800 distributed by the key management server 101 will be described with reference to FIG.
FIG. 13 is a diagram showing a data format of the master key distribution command 800 in FIG.
In FIG. 13, a master key distribution command 800 includes a data type 801, a recipient device ID 802, master key distribution command information (after encryption) 803, a device key generation number 804, and a signature value 805.
The data type 801 is a flag indicating that the type of command data is a master key distribution command. The receiver device ID 802 is a device ID indicating the communication device 102 to which the master key is distributed by this command. Master key distribution command information (after encryption) 803 is content obtained by encrypting the master key distribution command information (before encryption) 811 with the device key of the corresponding communication device 102. The device key generation number 804 is the generation number of the device key used when generating the encryption and signature. The signature value 805 indicates the device key of the device key generation number 804 corresponding to the communication device 102 of the receiver device ID 802 in order to confirm that the master key distribution command 800 is a regular command created by the key management server 101. This is a signature applied to the data type 801, the recipient device ID 802, and the master key distribution command information (after encryption) 803.
Master key distribution command information (before encryption) 811 is information obtained by decrypting the master key distribution command information (after encryption) 803 with the device key, and is the contents of the master key used for encryption between the communication devices 102. . The master key distribution command information (before encryption) 811 includes a master key ID 821, a user device ID 822, a master key 823, and an expiration date 824.
The master key ID 821 is a value uniquely assigned by the key management server 101 for each master key. The user device ID 822 is a set of values different for each device, indicating two or more communication devices 102 using the master key 823. The master key 823 is a first generation master key having a master key ID 821. The expiration date 824 is a date and time specified when an expiration date is set in the master key 823, and can be omitted when no expiration date is set.

Next, the function of the key management server 101 in the second embodiment will be described with reference to FIGS.
FIG. 14 is a functional block diagram of the key management server 101 in the second embodiment. The key management server 101 according to the second embodiment includes an initial key generation unit 203, an encryption unit 205, and a master key distribution command creation unit 209 in addition to the key management server 101 according to the first embodiment.
The initial key generation unit 203 has a random number generation function, and generates a first generation key by the processing device.
The encryption unit 205 encrypts predetermined information with respect to the data to be encrypted, using the specified device key, by the processing device.
The master key distribution command creating unit 209 creates a master key distribution command 800 by the processing device.

FIG. 15 is a diagram showing information stored in the key management database 207 inside the key management server 101 according to the second embodiment. The key management database 207 according to the second embodiment includes a master key management table 302 in addition to the key management database 207 according to the first embodiment.
The master key management table 302 is generated and distributed in the key management server 101, and the master key used for encryption between the communication devices 102 is used to indicate the master device ID, the key generation number, and the communication device 102 that uses the key. Managed by a combination of the user device ID and the key expiration date.

Next, the function of the communication device 102 according to the second embodiment will be described with reference to FIGS.
FIG. 16 is a functional block diagram of the communication device 102 according to the second embodiment. The communication device 102 according to the second embodiment includes a decryption unit 404 and a master key distribution command interpretation unit 408 in addition to the communication device 102 according to the first embodiment.
The decrypting unit 404 decrypts the encrypted data by the processing device using the designated key.
The master key distribution command interpretation unit 408 interprets the master key distribution command 800 received by the data reception unit 401 by the processing device, and stores the first generation master key in the management database 406.

FIG. 17 is a diagram showing information stored in the management database 406 in the communication device 102 according to the second embodiment. The management database 406 in the second embodiment includes a master key management table 503 in addition to the management database 406 in the first embodiment.
The master key management table 503 includes a master key shared with other communication devices 102, a master key ID, a key generation number, and a user device ID indicating all communication devices 102 using the key. It is managed in combination with the set and key expiration date.

Next, the operation will be described. FIG. 18 is a flowchart showing the operation of the communication system when the master key is distributed.
In the master key generation process (S301), the initial key generation unit 203 of the key management server 101 generates a master key and stores it in the key management database 207.
Then, the key management server 101 repeatedly performs the following operation on the communication device 102 that uses the generated master key, and transmits a master key distribution command 800 to all of the corresponding communication devices 102.
In the master key distribution command creation process (S302), the master key distribution command creation unit 209 creates the master key distribution command 800. At this time, the encryption unit 205 encrypts the master key distribution command information (before encryption) 811 by using the device key of the corresponding communication device 102 managed by the device key management table 301 of the key management database 207 to obtain the master key. Distribution command information (after encryption) 803 is created. The signature value calculation unit 206 receives the device key of the corresponding communication device 102 managed by the device key management table 301 of the key management database 207, and receives the data type 801, the recipient device ID 802, and master key distribution command information (after encryption). A signature value 805 for 803 is calculated.
In the data transmission process (S303), the data transmission unit 202 transmits a master key distribution command 800 to the corresponding communication device 102.
In the data reception process (S304), the data reception unit 401 of the communication device 102 receives the master key distribution command 800. Based on the data type 801 of the master key distribution command 800, the master key distribution command interpretation unit 408 recognizes that the received information is the master key distribution command 800.
In the destination determination process (S305), the master key distribution command interpretation unit 408 checks whether the device ID managed in the device ID management table 501 of the management database 406 matches the recipient device ID 802 included in the master key distribution command 800. Then, it is confirmed whether or not the master key distribution instruction 800 is addressed to itself.
If the master key distribution command 800 is addressed to itself (YES in S305), the master key distribution command interpretation unit 408 proceeds to (S306). On the other hand, if the master key distribution command 800 is not addressed to itself (NO in S305), the master key distribution command interpretation unit 408 ignores the master key distribution command 800 and ends the processing.
In the signature determination processing (S306), when the master key distribution command 800 is addressed to itself, the signature value verification unit 405 receives the device type managed in the device key management table 502 of the management database 406 as an input and receives the data type 801. The signature value for the user device ID 802 and the master key distribution command information (after encryption) 803 is calculated, and compared with the signature value 805 of the master key distribution command 800, the validity of the master key distribution command 800 is confirmed. When the validity of the master key distribution command 800 is confirmed, if the generation number 804 of the device key used for the signature is newer than the generation number of the device key managed in the device key management table 502 of the management database 406, the signature value verification unit In step 405, the update key generation unit 403 is used to temporarily generate and confirm a new generation key. If the generation number 804 of the device key used for the signature is older than the generation number of the device key managed by the device key management table 502 of the management database 406, the signature value verification unit 405 determines that the signature is invalid.
If the signature verification is successful (YES in S306), the master key distribution command interpretation unit 408 proceeds to (S307). On the other hand, if the signature verification fails (NO in S306), the master key distribution command interpretation unit 408 determines that the master key distribution command 800 is not valid, and ends the process.
In the master key storage process (S307), when the signature verification is successful, the decryption unit 404 decrypts the master key distribution command information (after encryption) 803. Then, the master key distribution command interpretation unit 408 stores the master key 823 extracted from the master key distribution command information (before encryption) 811 in the master key management table 503 of the management database 406.
In the terminal-side device key update process (S308), when the signature is verified, if the device key is temporarily updated to a new generation key and the verification is successful, the update key generation unit 403 generates the signature when verifying the signature. A new generation key is stored in the device key management table 502 of the management database 406 as a new device key, and the device key before update is deleted.

Next, the operation when the key management server 101 and the communication device 102 automatically update the master key according to the expiration date of the master key will be described.
The key management server 101 manages the master key together with the expiration date in the master key management table 302 of the key management database 207. When the expiration date has passed, the update key generation unit 204 updates the master key, stores it in the master key management table 302 of the key management database 207, and deletes the corresponding master key before update.
Similarly, in the communication device 102, the master key is managed together with the expiration date in the master key management table 503 of the management database 406. When the expiration date has passed, the update key generation unit 403 updates the master key, stores it in the master key management table 503 of the management database 406, and deletes the master key before update.

  As described above, the key management server 101 distributes a master key using a key (device key) shared in advance with the communication device 102, and the device between the key management server 101 and the communication device 102. Correct any conflicts in key generation. Therefore, even if the communication device 102 has failed to receive the device key batch update command 600 or the device key individual update command 700, the communication device 102 updates the device key and performs communication by decrypting the pre-shared key resulting from repeated use of the pre-shared key. Content leakage can be prevented.

Embodiment 3 FIG.
In the third embodiment, the update of the encryption key (master key) used for encrypted communication between the communication devices 102 by the distribution of the master key batch update instruction 900 or the master key individual update instruction 1000 from the key management server 101 is performed. The update of a shared key (device key) used for encrypted communication between the key management server 101 and the communication device 102 will be described.

First, an outline of operations of updating a shared key (master key) and a device key between communication devices 102 by distributing a master key update command will be described.
There are two ways to update the master key: a method of batch updating all master keys using the master key batch update command 900 and a method of updating only a specific master key using the master key individual update command 1000. When the communication device 102 that has received the master key batch update instruction 900 or the master key individual update instruction 1000 verifies the legitimacy of these instructions, a generation shift has occurred in the device key shared with the key management server 101. If a device key is detected, device key update processing is performed as necessary. Furthermore, when the expiration date of the master key is described in these instructions, the key management server 101 and the communication device 102 automatically update the master key according to the expiration date.

FIG. 19 is a diagram showing a data flow when all the master keys are collectively updated in the system configuration shown in FIG.
The key management server 101 creates a command for instructing batch update of all master keys, adds a digital signature set for each communication device 102 to verify the validity of the command, and performs a master key batch update command 900. Create Next, the key management server 101 transmits a master key batch update command 900 to all the communication devices 102 via the network 103. Then, the key management server 101 updates all master keys. On the other hand, the communication device 102 receives the master key batch update command 900 via the network 103, verifies the digital signature set included in the command, confirms the validity of the command, and updates the master key. When verifying the validity of the master key batch update instruction 900, if it is detected that a generation shift has occurred in a device key shared with the key management server 101, a device key update process is performed as necessary.

Next, a master key batch update instruction 900 distributed by the key management server 101 will be described with reference to FIG.
FIG. 20 is a diagram showing a data format of the master key batch update instruction 900 in FIG.
20, the master key batch update command 900 includes a data type 901, master key batch update command information 902, and a digital signature set 903.
The data type 901 is a flag indicating that the type of command data is a master key batch update command. The master key batch update command information 902 is specific instruction contents for updating the master key in all the communication devices 102. An electronic signature set 903 is a set of individual electronic signatures 904 created for each communication device 102 as a destination in order to confirm that the master key batch update command 900 is a regular command created by the key management server 101. is there. The individual electronic signature 904 is an electronic signature that can be verified by each communication device 102.
The master key batch update command information 902 includes an updated generation number 911 and an expiration date 912. The updated generation number 911 is a generation number indicating which generation master key should be updated. The expiration date 912 is a date and time designated when an expiration date is set for the updated master key, and can be omitted when no expiration date is set.
The individual electronic signature 904 includes a device ID 921, a signature key generation number 922, and a signature value 923. The device ID 921 is a different value for each device indicating the communication device 102 to which the individual electronic signature 904 is targeted. The signature key generation number 922 is a generation number of a device key used when generating a signature. The signature value 923 is a signature applied to the data type 901 and the master key batch update command information 902 using the device key with the signature key generation number 922 corresponding to the communication device 102 with the device ID 921.

FIG. 21 is a diagram showing a data flow when only a specific master key is individually updated in the system configuration shown in FIG.
The key management server 101 creates a command for instructing individual update of a specific master key, adds a digital signature set for the corresponding communication device 102 to verify the validity of the command, and generates a master key individual update command 1000. Create Next, the key management server 101 transmits a master key individual update command 1000 to the corresponding communication device 102 via the network 103. Then, the key management server 101 updates the corresponding master key. On the other hand, the communication device 102 receives the master key individual update command 1000 via the network 103, checks whether the command is addressed to itself, verifies the electronic signature set included in the command, and confirms the validity of the command. Confirm and update the master key. When verifying the validity of the master key individual update instruction 1000, if it is detected that a generation shift has occurred in a device key shared with the key management server 101, device key update processing is performed as necessary.

Next, the master key individual update command 1000 distributed by the key management server 101 will be described with reference to FIG.
FIG. 22 is a diagram showing a data format of the master key individual update instruction 1000 in FIG.
In FIG. 22, the master key individual update instruction 1000 includes a data type 1001, master key individual update instruction information 1002, and an electronic signature set 1003.
The data type 1001 is a flag indicating that the type of command data is a master key individual update command. The master key individual update command information 1002 is specific instruction contents for updating a specific master key. An electronic signature set 1003 is a set of individual electronic signatures 1004 created for each destination communication device 102 in order to confirm that the master key individual update command 1000 is a regular command created by the key management server 101. is there. The individual electronic signature 1004 is an electronic signature that can be verified by each communication device 102. Here, since the master key individual update command is transmitted to all the communication devices 102 using the same master key, there are a plurality of destinations and a plurality of signature values 1023.
The master key individual update command information 1002 includes a master key ID 1011, an updated generation number 1012, and an expiration date 1013. The master key ID 1011 indicates a master key for instructing key update, and is a different value for each key. The updated generation number 1012 is a generation number indicating which generation master key should be updated. The expiration date 1013 is a date and time designated when an expiration date is set for the updated master key, and can be omitted when no expiration date is set.
The individual electronic signature 1004 includes a device ID 1021, a signature key generation number 1022, and a signature value 1023. The device ID 1021 is a value different for each device indicating the communication device 102 to which the individual signature 1004 is targeted. A signature key generation number 1022 is a generation number of a device key used when generating a signature. The signature value 1023 is a signature applied to the data type 1001 and the master key individual update command information 1002 using the device key having the signature key generation number 1022 corresponding to the communication device 102 having the device ID 1021.

Next, the function of the key management server 101 in the third embodiment will be described with reference to FIG.
FIG. 23 is a functional block diagram of the key management server 101 in the third embodiment. The key management server 101 according to the third embodiment includes a master key update instruction creation unit 210 in addition to the key management server 101 according to the second embodiment.
The master key update command creation unit 210 creates a master key batch update command 900 and a master key individual update command 1000 by the processing device.
The key management database 207 in the third embodiment is the same as the key management database 207 in the second embodiment.

Next, based on FIG. 24, the function of the communication apparatus 102 in Embodiment 3 is demonstrated.
FIG. 24 is a functional block diagram of the communication device 102 according to the third embodiment. The communication device 102 according to the third embodiment includes a master key update command interpretation unit 409 in addition to the communication device 102 according to the second embodiment.
The master key update command interpreter 409 interprets the master key batch update command 900 and the master key individual update command 1000 received by the data receiver 401 by the processing device, and causes the update key generator 403 to update the master key.
The management database 406 in the third embodiment is the same as the management database 406 in the second embodiment.

Next, the operation will be described.
First, the operation when the master key is collectively updated will be described. FIG. 25 is a flowchart showing the operation of the communication system when the master key is updated all at once.
In the master key batch update command creation process (S401), the master key update command creation unit 210 of the key management server 101 creates a master key batch update command 900. At this time, the signature value calculation unit 206 receives all device keys managed by the device key management table 301 of the key management database 207 as input, and inputs the signature value 923 for the data type 901 and master key batch update command information 902 to the communication device 102. Generate every time.
In the data transmission process (S402), the data transmission unit 202 transmits the master key batch update instruction 900 to all the communication devices 102.
In the server-side master key update process (S403), after successful transmission of the master key batch update command 900, the update key generation unit 204 updates all master keys using a one-way function, and the master of the key management database 207 While storing in the key management table 302, all the master keys before update are deleted.
In the data reception process (S404), the data reception unit 401 of the communication device 102 receives the master key batch update instruction 900. The master key update command interpretation unit 409 recognizes that the received information is the master key batch update command 900 based on the data type 901 of the master key batch update command 900.
In the signature determination process (S405), the signature value verification unit 405 selects the individual electronic signature 904 addressed to itself from the electronic signature set 903 using the device ID managed by the device ID management table 501 of the management database 406. The signature value verification unit 405 receives a device key managed by the device key management table 502 of the management database 406 as an input, calculates a signature value for the data type 901 and the master key batch update command information 902, and an individual electronic signature 904 addressed to itself. Compared with the signature value 923, the validity of the instruction is confirmed. At this time, if the generation number 922 of the device key used for the signature is newer than the generation number of the device key managed by the device key management table 502 of the management database 406, the signature value verification unit 405 temporarily stores the update key generation unit 403. Generate a new generation key and confirm it. On the other hand, when the generation number 922 of the device key used for the signature is older than the generation number of the device key managed by the device key management table 502 of the management database 406, the signature value verification unit 405 determines that the signature is invalid.
If the signature verification is successful (YES in S405), the master key update command interpretation unit 409 proceeds to (S406). On the other hand, if the signature verification fails (NO in S405), the master key update command interpretation unit 409 determines that the master key batch update command 900 is not valid and ends the processing.
In the terminal-side master key update process (S406), when the signature verification is successful, the update key generation unit 403 is stored in the master key management table 503 of the management database 406 by the same one-way function as the key management server 101. All the master keys are updated and stored in the master key management table 503 of the management database 406, and the master key before the update is deleted.
In the terminal-side device key update process (S407), when the signature is verified, if the device key is temporarily updated to a new generation key and the verification is successful, the update key generation unit 403 generates the signature when verifying the signature. A new generation key is stored in the device key management table 502 of the management database 406 as a new device key, and the device key before update is deleted.

Next, an operation when only a specific master key is updated will be described. FIG. 26 is a flowchart showing the operation of the communication system when only a specific master key is updated.
In the master key individual update command creation process (S501), the master key update command creation unit 210 of the key management server 101 creates the master key individual update command 1000. The signature value calculation unit 206 receives the device key of the destination communication device 102 managed by the device key management table 301 of the key management database 207 as an input, and inputs the signature value 1023 for the data type 1001 and master key individual update command information 1002 to the communication device 102. Generate every time.
In the data transmission process (S502), the data transmission unit 202 transmits the master key individual update command 1000 to the corresponding communication device 102. The corresponding communication device 102 is a communication device 102 that uses (uses) the master key to be updated.
In the server-side device key update process (S503), after successful transmission of the master key individual update command 1000, the update key generation unit 204 updates the corresponding master key using a one-way function, and the master of the key management database 207 The master key is stored in the key management table 302 and the corresponding master key before update is deleted.
In the data reception process (S504), the data reception unit 401 of the communication device 102 receives the master key individual update command 1000. The master key update command interpretation unit 409 recognizes that the received information is the master key individual update command 1000 based on the data type 1001 of the master key individual update command 1000.
In the destination determination process (S505), the master key update command interpretation unit 409 determines whether the master key ID managed in the master key management table 503 of the management database 406 matches the master key ID 1011 included in the master key individual update command 1000. Check to see if the master key individual update command 1000 is addressed to you.
When the master key individual update command 1000 is addressed to itself (YES in S505), the master key update command interpretation unit 409 proceeds to (S506). On the other hand, when the master key individual update command 1000 is not addressed to itself (NO in S505), the master key update command interpretation unit 409 ignores the master key individual update command 1000 and ends the processing.
In the signature determination process (S506), when the master key individual update instruction 1000 is addressed to itself, the signature value verification unit 405 uses the device ID managed by the device ID management table 501 of the management database 406 to set the electronic signature set. From 1003, the individual electronic signature 1004 addressed to the user is selected. The signature value verification unit 405 receives the device key managed by the device key management table 502 of the management database 406 as an input, calculates a signature value for the data type 1001 and the master key individual update command information 1002, and from the master key individual update command 1000 The validity of the command is confirmed by comparing with the selected signature value 1023. When the validity of the master key individual update instruction 1000 is confirmed, if the device key generation number 1022 used for the signature is newer than the device key generation number managed in the device key management table 502 of the management database 406, the signature value verification is performed. The unit 405 causes the update key generation unit 403 to temporarily generate a new generation key for confirmation. When the generation number 1022 of the device key used for the signature is older than the generation number of the device key managed by the device key management table 502 of the management database 406, the signature value verification unit 405 determines that the signature is invalid.
If the signature verification is successful (YES in S506), the master key update command interpretation unit 409 proceeds to (S507). On the other hand, if the signature verification fails (NO in S506), the master key update command interpretation unit 409 determines that the master key individual update command 1000 is not valid and ends the processing.
In the terminal-side master key update process (S507), when the signature verification is successful, the update key generation unit 403 updates the corresponding master key using the same one-way function as that of the key management server 101, and the management database 406 The master key is stored in the master key management table 503 and the master key before update is deleted.
In the terminal-side device key update process (S508), when the signature is verified, if the device key is temporarily updated to a new generation key and the verification is successful, the update key generation unit 403 generates the signature when verifying the signature. A new generation key is stored in the device key management table 502 of the management database 406 as a new device key, and the device key before update is deleted.

Next, the operation when the key management server 101 and the communication device 102 automatically update the master key according to the expiration date of the master key will be described.
The key management server 101 manages the master key together with the expiration date in the master key management table 302 of the key management database 207. When the expiration date has passed, the update key generation unit 204 updates the master key, stores it in the master key management table 302 of the key management database 207, and deletes the corresponding master key before update.
Similarly, in the communication device 102, the master key is managed together with the expiration date in the master key management table 503 of the management database 406. When the expiration date has passed, the update key generation unit 403 updates the master key, stores it in the master key management table 503 of the management database 406, and deletes the master key before update.

  As described above, the communication device 102 updates the key (master key) shared in advance with the other communication devices 102 in accordance with an instruction from the key management server 101. This is due to repeated use of the pre-shared key. It is possible to prevent leakage of communication contents due to the decryption of the pre-shared key. Further, when updating the master key, the key itself to be updated is not distributed via the network 103, so that it is possible to prevent leakage of communication contents due to decryption of the master key that is encrypted and distributed. Since it calculates electronic signature values using pre-shared device keys and renews keys using one-way functions, it is combined with complex operations such as Diffie-Hellman key exchange and public key encryption algorithms. The master key can be updated without using it. Since the master key is updated using the one-way function and the master key before the update is deleted, it is possible to prevent leakage of past communication contents due to the decryption of the latest master key. Furthermore, since a device key generation conflict between the key management server 101 and the communication device 102 is corrected, the communication device 102 fails to receive the master key batch update command 900 or the master key individual update command 1000. Even if it is, it is possible to update the device key and prevent leakage of communication contents due to the decryption of the pre-shared key due to repeated use of the pre-shared key.

Embodiment 4 FIG.
In the fourth embodiment, update of an encryption key (master key) used for encrypted communication between communication devices 102 by exchanging device communication data 1100 between the communication devices 102 will be described.

First, an outline of the operation of updating the shared key (master key) between the communication devices 102 by exchanging the communication data 1100 between devices will be described.
FIG. 27 is a diagram showing a data flow when the master key is updated by exchanging the inter-device communication data 1100 in the system configuration shown in FIG.
When the communication devices 102 communicate with each other, the device communication data 1100 is encrypted and an electronic signature is added to prevent wiretapping and tampering by a third party. The sender-side communication device 102 performs encryption and generation of an electronic signature using a master key shared with the receiver-side communication device 102 to create device-to-device communication data 1100. Next, the communication device 102 on the sender side transmits the inter-device communication data 1100 to the communication device 102 on the receiver side via the network 103. On the other hand, the communication device 102 on the receiver side receives the inter-device communication data 1100 via the network 103, and uses the master key shared with the communication device 102 on the sender side to perform decryption or digital signature. Perform verification. At this time, the communication device 102 on the receiver side uses the master key generation information included in the inter-device communication data 1100 to determine whether or not the master key generation matches with the communication device 102 on the sender side. Confirm that the master key is updated if there is a generation gap.

Next, the inter-device communication data 1100 exchanged by the communication device 102 will be described with reference to FIG.
FIG. 28 is a diagram showing a data format of the inter-device communication data 1100 in FIG.
In FIG. 28, inter-device communication data 1100 includes protected communication content 1101, master key information 1102, and signature value 1103.
The protected communication content 1101 is the content of data exchanged between the communication devices 102. When it is necessary to prevent eavesdropping, the protected communication content 1101 is encrypted using the master key indicated by the master key information 1102. If it is sufficient to prevent tampering, the protected communication content 1101 may not be encrypted. The master key information 1102 is information for designating a master key used for encryption of the protected communication content 1101 and an electronic signature. The signature value 1103 is a signature applied to the protected communication content 1101 using the master key indicated by the master key information 1102.
The master key information 1102 includes a master key ID 1111, a master key generation number 1112, and an expiration date 1113. The master key ID 1111 indicates a master key used for encryption or electronic signature, and is a different value for each key. The master key generation number 1112 is a generation number indicating the current generation of the master key with the master key ID 1111. The expiration date 1113 is a date and time indicating the expiration date set for the master key with the master key ID 1111 and the master key generation number 1112, and can be omitted if no expiration date is set.

Next, functions of the communication device 102 according to the fourth embodiment will be described with reference to FIG.
FIG. 29 is a functional block diagram of the communication device 102 according to the fourth embodiment. In addition to the communication device 102 according to the third embodiment, the communication device 102 according to the fourth embodiment includes an inter-device communication unit 402, an inter-device communication data creation / interpretation unit 410 (master key generation information communication unit), a signature value generation unit 411, An encryption unit 412 is provided.
The inter-device communication unit 402 exchanges data with other communication devices 102 by the communication device via the network 103.
The inter-device communication data creation / interpretation unit 410 creates inter-device communication data 1100 by the processing device. Also, the inter-device communication data creation / interpretation unit 410 interprets the inter-device communication data 1100 received from the other communication device 102 by the processing device, and causes the update key generation unit 403 to update the master key as necessary.
The signature value generation unit 411 generates a signature for the data to be signed using a designated key and creates a signature value by the processing device.
The encryption unit 412 encrypts the data to be encrypted by the processing device using the specified key.
The management database 406 in the fourth embodiment is the same as the management database 406 in the second to third embodiments.

Next, the operation will be described. FIG. 30 is a flowchart showing the operation of the communication system when the master key is updated by exchanging the inter-device communication data 1100.
In the inter-device communication data creation process (S601), the inter-device communication data creation / interpretation unit 410 of the communication device 102 on the sender side creates the inter-device communication data 1100. The signature value generation unit 411 receives the master key shared with the destination communication device 102 managed by the master key management table 503 of the management database 406 as an input, and generates a signature value 1103 for the protected communication content 1101. When encryption is performed, the encryption unit 412 encrypts the protected communication content 1101 with the master key shared with the destination communication device 102 managed by the master key management table 503 of the management database 406 as an input.
In the data transmission process (S602), the inter-device communication unit 402 transmits the inter-device communication data 1100 to the communication device 102 of the communication partner.
In the data reception process (S603), the inter-device communication unit 402 of the communication device 102 on the receiver side receives the inter-device communication data 1100.
In the master key search process (S604), the inter-device communication data creation / interpretation unit 410 searches for a master key that matches the master key ID 1111 from the master key managed by the master key management table 503 of the management database 406.
If a master key that matches the master key ID 1111 is found (YES in S604), the inter-device communication data creation / interpretation unit 410 proceeds to (S605). On the other hand, if a master key that matches the master key ID 1111 is not found (NO in S604), the master key update command interpretation unit 409 ignores the inter-device communication data 1100 and ends the process.
In the decryption signature determination process (S605), when the protected communication content 1101 is encrypted, the decryption unit 404 specifies the master key and decrypts the protected communication content 1101. The signature value verification unit 405 calculates the signature value for the protected communication content 1101 using the master key as input, and the communication content is not falsified as compared with the signature value 1103 of the inter-device communication data 1100. Confirm. If the generation number 1112 of the master key used for the signature or encryption is newer than the generation number of the master key managed in the master key management table 503 of the management database 406 when decryption or signature verification is performed, the signature value verification unit In step 405, the update key generation unit 403 temporarily generates a new generation key for confirmation. When the generation number 1112 of the master key used for signature or encryption is older than the generation number of the master key managed by the master key management table 503 of the management database 406, the signature value verification unit 405 determines that the signature is invalid.
If the signature verification is successful (YES in S605), the inter-device communication data creation / interpretation unit 410 proceeds to (S606). On the other hand, if the signature verification fails (NO in S605), the inter-device communication data creation / interpretation unit 410 determines that the inter-device communication data 1100 is not valid, and ends the process.
In the master key update process (S606), if the signature is successfully verified, and the master key is temporarily updated to a new generation key at the time of verifying the signature, an update key is generated. The unit 403 stores the new generation key generated at the time of signature verification as a new master key in the master key management table 503 of the management database 406 and deletes the master key before update.

  As described above, in the communication device 102, even if there is no instruction from the key management server 101, the master key generation is inconsistent between the communication devices 102 due to the exchange of data between the communication devices 102. Correct if it occurs. Therefore, even if the communication device 102 fails to receive the master key batch update command or the master key individual update command, the master key can be updated. Therefore, it is possible to prevent leakage of communication contents due to the decryption of the pre-shared key due to repeated use of the pre-shared key. Further, when updating the master key, the key itself to be updated is not distributed via the network 103, so that it is possible to prevent leakage of communication contents due to decryption of the master key that is encrypted and distributed. Calculation of digital signature value using pre-shared master key and key update using one-way function, combined use with complicated calculation such as Diffie-Hellman key exchange method and public key encryption algorithm The master key can be updated without the need for the password. Since the master key is updated using the one-way function and the master key before the update is deleted, it is possible to prevent leakage of past communication contents due to the decryption of the latest master key.

Embodiment 5 FIG.
In the fifth embodiment, a shared key (used for encrypted communication between the key management server 101 and the communication device 102 by transferring a device key batch update command received from the key management server 101 between the communication devices 102 ( Device key update will be described.

First, an outline of the operation of updating the shared key (device key) between the key management server 101 and the communication device 102 by transferring the device key batch update command received from the key management server 101 will be described.
FIG. 31 is a diagram showing a data flow when the master key is updated by transferring the device key batch update command 600 in the system configuration shown in FIG.
When the communication device 102 receives the device key batch update command 600 transmitted from the key management server 101, the communication device 102 temporarily stores these commands in the communication device 102. The communication device 102 transfers the stored device key batch update command 600 to the other communication device 102 when exchanging data with the other communication device 102 or at an arbitrary timing.
The communication device 102 that has received the device key batch update command 600 transferred from the other communication device 102 verifies the digital signature set included in the device key batch update command 600 in the same manner as when received from the key management server 101. Then, the validity of the device key batch update instruction 600 is confirmed, and the device key is updated. The device key batch update command 600 may be temporarily stored in the communication device 102 and further transferred to another communication device 102.

Next, functions of the communication device 102 according to the fifth embodiment will be described with reference to FIG.
FIG. 32 is a functional block diagram of the communication device 102 according to the fifth embodiment. The communication device 102 according to the fifth embodiment includes a device key update command transfer unit 421 (device key device-to-device communication unit) in addition to the communication device 102 according to the fourth embodiment.
The device key update command transfer unit 421 temporarily stores the received device key batch update command 600 in the communication device 102 and transfers it to the other communication device 102 by the communication device.
The management database 406 in the fifth embodiment is the same as the management database 406 in the second to fourth embodiments.

Next, the operation will be described. FIG. 33 is a flowchart showing the operation of the communication system when the device key is updated by transferring the device key batch update command 600.
In the device key batch update command storage process (S701), when the transfer source communication device 102 receives the device key batch update command 600 transmitted from the key management server 101, the procedure described in the first embodiment (( The validity of the command is confirmed according to S104) to (S106), and the device key is updated. Thereafter, the device key update command transfer unit 421 of the transfer source communication device 102 temporarily stores the received device key batch update command 600 in the communication device 102 (storage device).
In the data transfer process (S702), when communication occurs with another communication device 102, the device-to-device communication unit 402 transmits a device key batch update command 600 to the communication device 102 of the communication partner. Alternatively, the device key update command transfer unit 421 newly starts communication with another communication device 102 at an arbitrary timing, and sends the device key batch update command 600 to the communication device 402 as the communication partner. 102 to be transmitted.
In the transfer data reception process (S703), the inter-device communication unit 402 of the transfer destination communication device 102 receives the device key batch update command 600. The device key update command transfer unit 421 recognizes that the received information is the device key batch update command 600 based on the data type 601 of the device key batch update command 600.
In the transfer data interpretation process (S 704), the device key update command transfer unit 421 delivers the received device key batch update command 600 to the device key update command interpretation unit 407 and performs the same process as when received from the key management server 101 ( (S105) and (S106)) are performed. Further, the device key update command transfer unit 421 may temporarily store the transferred device key batch update command 600 in the communication device 102.

  As described above, the communication device 102 updates the key (device key) shared beforehand with the key management server 101 by transferring the device key batch update command 600 between the communication devices 102. Therefore, it is possible to prevent leakage of communication contents due to decryption of the pre-shared key due to repeated use of the pre-shared key (device key). In addition, when the device key is updated, the updated key itself is not distributed via the network 103, so that leakage of communication contents due to decryption of the device key that is encrypted and distributed can be prevented. Since it calculates electronic signature values using pre-shared device keys and renews keys using one-way functions, it is combined with complex operations such as Diffie-Hellman key exchange and public key encryption algorithms. The device key can be updated without using it. Since the device key is updated using the one-way function and the device key before the update is deleted, it is possible to prevent leakage of past communication contents due to the decryption of the latest device key. Further, since the device key generation is inconsistent between the key management server 101 and the communication device 102, it is corrected. Therefore, the communication device 102 fails to receive the device key batch update command 600 and the device key individual update command 700. Even if it is, it is possible to update the device key and prevent leakage of communication contents due to the decryption of the pre-shared key due to repeated use of the pre-shared key.

Embodiment 6 FIG.
In the sixth embodiment, the encryption key (master key) used for encrypted communication between the communication devices 102 by transferring the master key batch update command 900 received from the key management server 101 between the communication devices 102. The update of will be described.

First, an outline of the operation of updating the shared key (master key) between the communication devices 102 by transferring the master key batch update command 900 received from the key management server 101 will be described.
FIG. 34 is a diagram showing a data flow when the master key is updated by transferring the master key batch update command 900 in the system configuration shown in FIG.
When the communication device 102 receives the master key batch update command 900 transmitted from the key management server 101, the communication device 102 temporarily stores these commands in the communication device 102. The communication device 102 transfers the stored master key batch update command 900 to the other communication device 102 when exchanging data with the other communication device 102 or at an arbitrary timing.
The communication device 102 that has received the master key batch update command 900 transferred from another communication device 102 verifies the electronic signature set included in the master key batch update command 900 in the same manner as when received from the key management server 101. Then, the validity of the master key batch update instruction 900 is confirmed, and the master key is updated. The master key batch update instruction 900 may be temporarily stored in the communication device 102 and further transferred to another communication device 102.

Next, functions of the communication device 102 according to the sixth embodiment will be described with reference to FIG.
FIG. 35 is a functional block diagram of communication device 102 according to the sixth embodiment. The communication device 102 according to the sixth embodiment includes a master key update command transfer unit 422 (master key device communication unit) in addition to the communication device 102 according to the fifth embodiment.
The master key update command transfer unit 422 temporarily stores the received master key batch update command 900 in the communication device 102 and transfers it to the other communication device 102 by the communication device.
The management database 406 in the sixth embodiment is the same as the management database 406 in the second to fifth embodiments.

Next, the operation will be described. FIG. 36 is a flowchart showing the operation of the communication system when the master key is updated by transferring the master key batch update instruction 900.
In the master key batch update command storage process (S801), when the transfer source communication device 102 receives the master key batch update command 900 transmitted from the key management server 101, the procedure described in the third embodiment (( The legitimacy of the instruction is confirmed according to (S403) to (S407)), the master key is updated, and the device key is updated as necessary. Thereafter, the master key update command transfer unit 422 of the transfer source communication device 102 temporarily stores the received master key batch update command 900 in the communication device 102 (storage device).
In the data transfer process (S802), when communication occurs with another communication device 102, the device-to-device communication unit 402 transmits a master key batch update command 900 to the communication device 102 of the communication partner. Alternatively, the master key update command transfer unit 422 newly starts communication with another communication device 102 at an arbitrary timing, and sends a master key batch update command 900 to the communication device of the communication partner. 102 to be transmitted.
In the transfer data reception process (S803), the inter-device communication unit 402 of the transfer destination communication device 102 receives the master key batch update command 900. Based on the data type 901 of the master key batch update command 900, the master key update command transfer unit 422 recognizes that the received information is the master key batch update command 900.
In the transfer data interpretation process (S804), the master key update command transfer unit 422 passes the received master key batch update command 900 to the master key update command interpretation unit 409, and performs the same processing as when received from the key management server 101 ( (S405) to (S407) are performed. Further, the master key update command transfer unit 422 may temporarily store the transferred master key batch update command 900 in the communication device 102.

  As described above, the communication device 102 updates the key (master key) shared in advance with the other communication devices 102 by transferring the master key batch update command 900 between the communication devices 102. Therefore, it is possible to prevent leakage of communication contents due to the decryption of the pre-shared key due to repeated use of the pre-shared key (master key). Further, when updating the master key, the key itself to be updated is not distributed via the network 103, so that it is possible to prevent leakage of communication contents due to decryption of the master key that is encrypted and distributed. Since it calculates electronic signature values using pre-shared device keys and renews keys using one-way functions, it is combined with complex operations such as Diffie-Hellman key exchange and public key encryption algorithms. The master key can be updated without using it. Since the master key is updated using the one-way function and the master key before the update is deleted, it is possible to prevent leakage of past communication contents due to the decryption of the latest master key. Further, since the device key generation is inconsistent between the key management server 101 and the communication device 102, it is corrected. Therefore, the communication device 102 fails to receive the device key batch update command 600 and the device key individual update command 700. Even if it is, it is possible to update the device key and prevent leakage of communication contents due to the decryption of the pre-shared key due to repeated use of the pre-shared key.

Embodiment 7 FIG.
In the first to sixth embodiments described above, the common key encryption algorithm is used to prevent eavesdropping and falsification of commands transmitted from the key management server 101 to the communication device 102. Then, encryption using a device key which is a common key shared by the key management server 101 and each communication device 102 and calculation of a signature value are performed. In the seventh embodiment, the key management server 101 and the communication device by distributing the device key update command when the public key encryption algorithm is used for the encryption of the command transmitted from the key management server 101 to the communication device 102 and the calculation of the signature value. The update of the device key with 102 will be described.

First, an outline of the operation of updating the device key between the key management server 101 and the communication device 102 by distributing the device key update command will be described. Here, the device key is a device secret key that is a secret key of each communication device 102 and a device public key that is paired with the device secret key. On the other hand, the secret key and the public key of the key management server 101 are called a server secret key and a server public key.
As in the first embodiment, the device key is updated by a method of batch updating all device keys using the device key batch update command 1200 and a specific communication device 102 using the device key individual update command 1300. There are two ways to update only the device key shared between them. Further, when the expiration date of the device key is described in these commands (device key batch update command 1200, device key individual update command 1300), the key management server 101 and the communication device 102 automatically perform the device according to the expiration date. Update the key.

FIG. 37 is a diagram showing a data flow when all device keys are updated collectively in the system configuration shown in FIG.
The key management server 101 creates a command for instructing batch update of all device keys, and each communication device 102 assigns an electronic signature for verifying the validity of the command using a server private key, and collects device keys. An update instruction 1200 is created. Next, the key management server 101 transmits a device key batch update command 1200 to all the communication devices 102 via the network 103. Then, the key management server 101 updates all device public keys. On the other hand, the communication device 102 receives the device key batch update command 1200 via the network 103, verifies the electronic signature included in the command, confirms the validity of the command, and compares the device secret key and the device public key. Update.

FIG. 38 is a diagram showing a data format of the device key batch update instruction 1200.
Based on FIG. 38, a part of the device key batch update command 1200 distributed by the key management server 101 will be described that is different from the device key batch update command 600.
The device key batch update instruction 1200 has one electronic signature 1203. In other words, the device key batch update command 600 has a different individual electronic signature for each communication device 102, but the device key batch update command 1200 has one electronic signature 1203 that is common to all the communication devices 102. .
Since the electronic signature 1203 is common to all the communication devices 102, it does not have a device ID. The signature value 1222 of the electronic signature 1203 is a signature applied using a server private key that is a private key of the key management server 101.

FIG. 39 is a diagram showing a data flow when only a specific device key is individually updated in the system configuration shown in FIG.
The key management server 101 creates a command for instructing the individual update of the device key of a specific communication device 102, and gives the electronic signature for verifying the validity of the command by the corresponding communication device 102 using the server private key. The device key individual update instruction 1300 is created. Next, the key management server 101 transmits a device key individual update command 1300 to the corresponding communication device 102 via the network 103. Then, the key management server 101 updates the corresponding device public key. On the other hand, the communication device 102 receives the device key individual update command 1300 via the network 103, checks whether the command is addressed to itself, verifies the electronic signature included in the command, and confirms the validity of the command. The device private key and the device public key are updated.

FIG. 40 is a diagram showing a data format of the device key individual update instruction 1300.
Based on FIG. 40, the device key individual update command 1300 distributed by the key management server 101 will be described with respect to differences from the device key individual update command 700. FIG.
The signature value 1322 of the device key individual update instruction 1300 is a signature applied using a server secret key that is a secret key of the key management server 101.

Next, the function of the key management server 101 in the seventh embodiment will be described with reference to FIGS. 41 and 42. FIG.
FIG. 41 is a functional block diagram of the key management server 101 in the seventh embodiment. The key management server 101 includes an input interface 201, a data transmission unit 202, an update key generation unit 2204, an electronic signature generation unit 2206, a key management database 2207, and a device key update instruction creation unit 2208. The input interface 201 and the data transmission unit 202 have the same functions as the key management server 101 in the first embodiment.
The update key generation unit 2204 generates the next generation device public key from the current device public key by a processing method using a predetermined method. A method for generating the next generation device public key from the current device public key will be described later.
The electronic signature generation unit 2206 generates a signature for the data to be signed using a server private key.
The key management database 2207 stores (manages) all keys that need to be managed by the key management server 101 in the seventh embodiment in the storage device.
The device key update command creation unit 2208 creates a device key batch update command 1200 and a device key individual update command 1300 by the processing device.

FIG. 42 is a diagram showing information stored in the key management database 2207 inside the key management server 101 according to the seventh embodiment. The key management database 2207 includes a server public key pair management table 3301, a device public key management table 3302, a device seed management table 3303, and a server seed management table 3304.
The server public key pair management table 3301 manages a public key pair of the key management server 101, that is, a server private key and a server public key, in combination with a key generation number and a key expiration date.
The device public key management table 3302 manages the device public key of each communication device 102 with a combination of a device ID that identifies the communication device 102, a key generation number, and a key expiration date.
The device seed management table 3303 manages a device key generation seed that becomes an input (seed) to a function for generating a key of a public key cryptosystem when a device public key is generated. The device key generation seed managed by the device seed management table 3303 is shared in advance with each communication device 102.
The server seed management table 3304 manages a server key generation seed that becomes an input (seed) to a function for generating a key of a public key cryptosystem when generating a server private key and a server public key. The server key generation seed managed by the server seed management table 3304 is shared with each communication device 102 in advance.

Next, based on FIG. 43 and FIG. 44, the function of the communication apparatus 102 in Embodiment 7 is demonstrated.
FIG. 43 is a functional block diagram of the communication device 102 according to the seventh embodiment. The communication device 102 includes a data reception unit 401, an update key generation unit 4403, an electronic signature verification unit 4405, a management database 4406, and a device key update command interpretation unit 4407. The data receiving unit 401 has the same function as that of the communication device 102 in the first embodiment.
The update key generation unit 4403 generates the next generation device private key from the current device private key by the processing device using a predetermined method, and also generates the next generation device public key from the current device public key by the processing device. To do. A method of generating the next generation device secret key / device public key from the current device secret key / device public key will be described later.
The electronic signature verification unit 4405 verifies the signature of the data to be signed and the signature value by the processing device using the server public key.
The management database 4406 stores (manages) all information and keys that the communication device 102 needs to manage in the storage device.
The device key update command interpretation unit 4407 interprets the device key batch update command 1200 and the device key individual update command 1300 received by the data reception unit 401 and causes the update key generation unit 403 to update the device secret key and the device public key.

FIG. 44 is a diagram showing information stored in the management database 4406 in the communication device 102 according to the seventh embodiment. The management database 4406 includes a device ID management table 501, a server public key management table 5501, a device public key pair management table 5502, a device seed management table 5303, and a server seed management table 5304.
The server public key management table 5501 manages the server public key in combination with the key generation number and the key expiration date.
The device public key pair management table 5502 manages a device public key pair, that is, a device public key and a device secret key, in combination with a key generation number and a key expiration date.
The device seed management table 5303 manages a device key generation seed that becomes an input (seed) to a function for generating a key of a public key cryptosystem when generating a device secret key and a device public key. The device key generation seed managed by the device seed management table 5303 is shared with the key management server 101 in advance.

Next, the operation will be described.
First, the operation when the device keys are collectively updated will be described. FIG. 45 is a flowchart showing the operation of the communication system when the device keys are collectively updated.
In the device key batch update command creation process (S901), the device key update command creation unit 2208 of the key management server 101 creates a device key batch update command 1200. At this time, the electronic signature generation unit 2206 receives the server private key managed by the server public key pair management table 3301 of the key management database 2207 and generates a signature value 1222 for the data type 1201 and the device key batch update command information 1202. .
In the data transmission process (S902), the data transmission unit 202 transmits a device key batch update command 1200 to all the communication devices 102.
In the server-side device key update process (S903), the update key generation unit 2204 succeeds in transmitting the device key batch update command 1200 and then manages all the devices managed in the device seed management table 3303 of the key management database 2207 using a one-way function. The device key generation seed is updated, and each updated device key generation seed is input to a function for generating a key of a predetermined public key cryptosystem to generate a new device public key. The update key generation unit 2204 stores the generated device public key in the device public key management table 3302 of the key management database 2207 and deletes all previous device public keys.
In the data reception process (S904), the data reception unit 401 of the communication device 102 receives the device key batch update command 1200. The device key update command interpretation unit 4407 recognizes that the received information is the device key batch update command 1200 based on the data type 1201 of the device key batch update command 1200.
In the signature determination process (S905), the electronic signature verification unit 4405 receives the server public key managed by the server public key management table 5501 of the management database 4406, verifies the signature value 1222 of the electronic signature 1203, and collects device keys. The validity of the update instruction 1200 is confirmed. At this time, if the signature key generation number 1221 of the server private key used for the signature is older than the generation number of the server public key managed in the server public key management table 5501 of the management database 4406, the electronic signature verification unit 4405 Judge as signature.
If the signature verification is successful (YES in step S905), the device key update command interpretation unit 4407 proceeds to (S906). On the other hand, if the signature verification fails (NO in step S905), the device key update command interpretation unit 4407 determines that the device key batch update command 1200 is not valid and ends the process.
In the terminal-side device key update process (S906), when the signature verification is successful, the update key generation unit 4403 manages the device seed management table 5303 of the management database 4406 using the same one-way function as the key management server 101. The device key generation seed is updated, and each updated device key generation seed is input to a function for generating a key of a predetermined public key cryptosystem to generate a new device secret key and device public key. The update key generation unit 4403 stores the generated device secret key and device public key in the device public key pair management table 5502 of the management database 4406, and deletes the device secret key and device public key before update.

Next, an operation when only a specific device key is updated will be described. FIG. 46 is a flowchart showing the operation of the communication system when only a specific device key is updated.
In the device key individual update command creation process (S1001), the device key update command creation unit 2208 of the key management server 101 creates a device key individual update command 1300. At this time, the electronic signature generation unit 2206 receives the server private key managed by the server public key pair management table 3301 of the key management database 2207 and generates a signature value 1322 for the data type 1301 and the device key individual update command information 1302. .
In the data transmission process (S1002), the data transmission unit 202 transmits the device key individual update command 1300 to the corresponding communication device 102.
In the server-side device key update process (S1003), the update key generation unit 2204 successfully manages the device seed management table 3303 of the key management database 2207 using the one-way function after successfully transmitting the device key individual update command 1300. The device key generation seed shared with the communication device 102 is updated, and a new device public key is generated based on the updated device key generation seed. The update key generation unit 2204 stores the generated device public key in the corresponding communication device 102 column of the device public key management table 3302 of the key management database 2207 and deletes the previous device public key.
In the data reception process (S1004), the data reception unit 401 of the communication device 102 receives the device key individual update command 1300. The device key update command interpretation unit 4407 recognizes that the received information is the device key individual update command 1300 based on the data type 1301 of the device key individual update command 1300.
In the destination determination process (S1005), the device key update command interpretation unit 4407 checks whether the device ID managed in the device ID management table 501 of the management database 4406 matches the device ID 1311 included in the device key individual update command 1300. Thus, it is confirmed whether the device key individual update instruction 1300 is addressed to itself.
If the device key individual update command 1300 is addressed to itself (YES in S1005), the device key update command interpretation unit 4407 proceeds to (S1006). On the other hand, if the device key individual update command 1300 is not addressed to itself (NO in S1005), the device key update command interpretation unit 4407 ignores the device key individual update command 1300 and ends the processing.
In the signature determination process (S1006), when the device key individual update instruction 1300 is addressed to itself, the electronic signature verification unit 4405 receives the server public key managed by the server public key management table 5501 of the management database 4406 as an input, and The signature value 1322 of the individual key update instruction 1300 is verified to confirm the validity of the individual device key update instruction 1300. When the validity of the device key individual update instruction 1300 is confirmed, the signature key generation number 1321 of the server private key used for signature is older than the generation number of the server public key managed by the server public key management table 5501 of the management database 4406. In this case, the electronic signature verification unit 4405 determines that the signature is invalid.
If the signature verification is successful (YES in S1006), the device key update command interpretation unit 4407 proceeds to (S1007). On the other hand, if the signature verification fails (NO in S1006), the device key update command interpretation unit 4407 determines that the device key individual update command 1300 is not valid, and ends the processing.
In the terminal-side device key update process (S1007), when the signature verification is successful, the update key generation unit 4403 generates a device key managed by the device seed management table 5303 using the same one-way function as the key management server 101. The seed is updated, and the updated device key generation seed is input to a function for generating a key of a predetermined public key cryptosystem to generate a new device secret key and device public key. The update key generation unit 4403 stores the generated device secret key and device public key in the device public key pair management table 5502 of the management database 4406, and deletes the device secret key and device public key before update.

  In the above description, the key management server 101 holds a device key generation seed for generating a device key (device secret key, device public key). That is, in the above description, the key management server 101 generates the device public key, but the device secret key is also generated together with the device public key. That is, the key management server 101 can know the device secret key that is the secret key of the communication device 102. However, here, it is assumed that the key management server 101 can be trusted. Therefore, it is assumed that the key management server 101 does not misuse the device secret key and security is maintained. Note that the key management server 101 deletes the device secret key as soon as it is generated, and prevents the device secret key from leaking.

Further, the key management server 101 may not generate a device public key, so that the key management server 101 cannot generate a device secret key. In this case, since the key management server 101 does not generate a device public key, it is not necessary to hold a device key generation seed. Accordingly, since the key management server 101 cannot generate the device secret key, the security of the device secret key is increased.
In order to realize this, it is necessary to transmit the device public key generated by the communication device 102 that has received the device key update command to the key management server 101. That is, the key management server 101 does not generate a device public key by itself, but acquires a device public key generated by the communication device 102.
That is, in the server side device key update process (S903) (S1003), the key management server 101 does not update the device public key. Instead, after a new device public key is generated in the terminal-side device key update process (S906) (S1007), the device public key is transmitted from the communication device 102 to the key management server 101. At this time, the device public key to be transmitted may be tampered with by signing with the device private key before update. Since the device public key is public information, it is not necessary to encrypt it. In this case, communication from the communication device 102 to the key management server 101 is required.

In the above description, the device key generation seed is used as an input to a function for generating a key of a predetermined public key cryptosystem. However, the device secret key may be used as an input to a function that generates a key of a predetermined public key cryptosystem. In this case, since only the communication device 102 holds the device secret key, it is necessary to transmit the device public key generated by the communication device 102 to the key management server 101.
Regarding the update of the server private key and the server public key, the server management key 101 uses the server private key as an input to a function for generating a key of a predetermined public key cryptosystem, and uses the server private key and the server public key. After the update, the updated server public key is transmitted to each communication device 102.

Next, an operation when the device key and the server key are automatically updated in the key management server 101 and the communication device 102 according to the expiration date will be described.
The key management server 101 manages the device public key together with the expiration date in the device public key management table 3302 of the key management database 2207. When the expiration date has passed, the update key generation unit 2204 updates the device public key, stores it in the device public key management table 3302 of the key management database 2207, and deletes the corresponding device public key before update. The key management server 101 manages the server secret key and the server public key together with the expiration date in the server public key pair management table 3301 of the key management database 2207. When the expiration date has passed, the update key generation unit 2204 updates the server private key and the server public key, stores them in the server public key pair management table 3301 of the key management database 2207, and sets the server private key before the update. Delete the server public key. Further, the key management server 101 distributes the updated device public key to all the communication devices 102.
Similarly, the communication device 102 manages the device secret key and the device public key together with the expiration date in the device public key pair management table 5502 of the management database 4406. When the expiration date has passed, the update key generation unit 4403 updates the device secret key and device public key, stores them in the device public key pair management table 5502 of the management database 4406, and also updates the device secret key and device before update. Delete the public key.

  As described above, even when the public key encryption algorithm is used for communication between the key management server 101 and the communication device 102, the same effect as in the first embodiment can be obtained.

Embodiment 8 FIG.
In the eighth embodiment, communication devices 102 communicate with each other by distributing a master key distribution command 1400 when a public key encryption algorithm is used for encryption of a command transmitted from the key management server 101 to the communication device 102 or calculation of a signature value. The distribution of the encryption key (master key) used in the encrypted communication and the update of the device secret key and the device public key will be described.

First, an outline of master key distribution and device key update operations by distribution of the master key distribution command 1400 will be described.
The key management server 101 generates an encryption key (master key) used when the communication devices 102 perform encrypted communication with each other, encrypts it with the device public key of the communication device 102 that uses the key, and serves as a master key distribution command 1400. Transmit to the corresponding communication device 102. When the communication device 102 that has received the master key distribution command 1400 verifies the validity of the master key distribution command 1400 and detects that a generation shift has occurred in the device private key and the device public key, To update the device private key and device public key. Furthermore, when the expiration date of the master key is described in these instructions, the key management server 101 and the communication device 102 automatically update the master key according to the expiration date.

FIG. 47 is a diagram showing a data flow when distributing a master key used for encryption between communication devices 102 in the system configuration shown in FIG.
The key management server 101 creates a command for instructing distribution of a master key used for encrypted communication between specific communication devices 102, and an electronic signature for the corresponding communication device 102 to verify the validity of the command. To create a master key distribution instruction 1400. Next, the key management server 101 transmits a master key distribution command 1400 to the corresponding communication device 102 via the network 103. Then, the key management server 101 stores the corresponding master key. On the other hand, the communication device 102 receives the master key distribution command 1400 via the network 103, checks whether the command is addressed to itself, verifies the electronic signature included in the command, and confirms the validity of the command. Get the master key.

FIG. 48 is a diagram showing a data format of the master key distribution instruction 1400.
Based on FIG. 48, the master key distribution command 1400 distributed by the key management server 101 will be described with respect to differences from the master key distribution command 800. FIG.
The master key distribution instruction 1400 includes a device key generation number 1404 and a server key generation number 1406. The device key generation number 1404 is the generation number of the device public key used when encrypting the master key distribution command information 1403. The server key generation number 1406 is a generation number of the server secret key used when calculating the signature value.

Next, functions of the key management server 101 in the eighth embodiment will be described with reference to FIGS. 49 and 50. FIG.
FIG. 49 is a functional block diagram of the key management server 101 according to the eighth embodiment. The key management server 101 according to the eighth embodiment includes an initial key generation unit 203, an encryption unit 2205, and a master key distribution command creation unit 2209 in addition to the key management server 101 according to the seventh embodiment. The initial key generation unit 203 is the same as the function of the second embodiment.
The encryption unit 2205 encrypts the content of the data to be encrypted by the processing device using the specified device public key.
The master key distribution command creating unit 2209 creates a master key distribution command 1400 by the processing device.

FIG. 50 is a diagram showing information stored in the key management database 2207 inside the key management server 101 according to the eighth embodiment. The key management database 2207 in the eighth embodiment includes a master key management table 302 in addition to the key management database 2207 in the seventh embodiment.
The master key management table 302 in the eighth embodiment is the same as the master key management table 302 in the key management database 207 of the key management server 101 in the second embodiment.

Next, functions of the communication device 102 according to the eighth embodiment will be described with reference to FIGS.
FIG. 51 is a functional block diagram of the communication device 102 according to the eighth embodiment. The communication device 102 according to the eighth embodiment includes a decryption unit 4404 and a master key distribution command interpretation unit 4408 in addition to the communication device 102 according to the seventh embodiment.
The decrypting unit 4404 decrypts the encrypted data by the processing device using the designated key.
The master key distribution command interpretation unit 4408 interprets the master key distribution command 800 received by the data reception unit 401 and stores the first generation master key in the management database 4406.

FIG. 52 is a diagram showing information stored in the management database 4406 in the communication device 102 according to the eighth embodiment. The management database 4406 according to the eighth embodiment includes a master key management table 503 in addition to the management database 4406 according to the seventh embodiment.
The master key management table 503 in the eighth embodiment is the same as the master key management table 503 in the management database 406 of the communication device 102 in the second embodiment.

Next, the operation will be described. FIG. 53 is a flowchart showing the operation of the communication system when the master key is distributed.
In the master key generation process (S1101), the initial key generation unit 203 of the key management server 101 generates a master key and stores it in the key management database 2207.
Then, the key management server 101 repeatedly performs the following operation on the communication device 102 that uses the generated master key, and transmits a master key distribution command 1400 to all of the corresponding communication devices 102.
In the master key distribution command creation process (S1102), the master key distribution command creation unit 2209 creates the master key distribution command 1400. At this time, the encryption unit 2205 encrypts the master key distribution command information (before encryption) 1411 using the device public key of the communication device 102 managed by the device public key management table 3302 of the key management database 2207, Master key distribution command information (after encryption) 1403 is created. The electronic signature generation unit 2206 receives the server private key managed by the server public key pair management table 3301 of the key management database 2207 and inputs the data type 1401, recipient device ID 1402, and master key distribution command information (after encryption) 1403. A signature value 1405 is calculated.
In the data transmission process (S1103), the data transmission unit 202 transmits a master key distribution command 1400 to the corresponding communication device 102.
In the data reception process (S1104), the data reception unit 401 of the communication device 102 receives the master key distribution command 1400. Based on the data type 1401 of the master key distribution command 1400, the master key distribution command interpretation unit 4408 recognizes that the received information is the master key distribution command 1400.
In the destination determination process (S1105), the master key distribution command interpretation unit 4408 checks whether the device ID managed in the device ID management table 501 of the management database 4406 matches the recipient device ID 1402 included in the master key distribution command 1400. Then, it is confirmed whether or not the master key distribution command 1400 is addressed to itself.
If the master key distribution command 1400 is addressed to itself (YES in S1105), the master key distribution command interpretation unit 4408 proceeds to (S1106). On the other hand, when the master key distribution command 1400 is not addressed to itself (NO in S1105), the master key distribution command interpretation unit 4408 ignores the master key distribution command 1400 and ends the processing.
In the signature determination process (S1106), when the master key distribution command 1400 is addressed to itself, the electronic signature verification unit 4405 receives the server public key managed by the server public key management table 5501 of the management database 4406 as an input, and distributes the master key. The signature value 1405 of the instruction 1400 is verified to confirm the validity of the master key distribution instruction 1400. When the validity of the master key distribution command 1400 is confirmed, the server key generation number 1406 of the server private key used for the signature is older than the generation number of the server public key managed by the server public key management table 5501 of the management database 4406 The electronic signature verification unit 4405 determines that the signature is invalid.
If the signature verification is successful (YES in S1106), the master key distribution command interpretation unit 4408 proceeds to (S1107). On the other hand, if the signature verification fails (NO in S1106), the master key distribution command interpretation unit 4408 determines that the master key distribution command 1400 is not valid and ends the processing.
In the master key storage process (S1107), when the signature verification is successful, the decryption unit 4404 decrypts the master key distribution command information (after encryption) 1403 using the device secret key. Then, the master key distribution command interpretation unit 4408 stores the master key extracted from the master key distribution command information (before encryption) 1411 in the master key management table 503 of the management database 4406. When decrypting, if the device key generation number 1404 of the device public key used for encryption is newer than the generation number of the device private key managed in the device public key pair management table 5502 of the management database 4406, the decrypting unit 4404 Then, the new generation device secret key and device public key are temporarily generated by the update key generation unit 4403 and decrypted. When the device key generation number 1404 of the device public key used for encryption is older than the generation number of the device private key managed by the device public key pair management table 5502 of the management database 4406, the decrypting unit 4404 distributes an illegal master key. The instruction 1400 is determined.
In the terminal-side device key update process (S1108), when a new generation device secret key is generated and decrypted in (S1107), the new generation device secret key and the device public key are updated. And the device public key are stored in the device public key pair management table 5502 of the management database 4406, and the device secret key and device public key before update are deleted.

  The method for updating the master key according to the expiration date is the same as the method of the second embodiment.

  As described above, even when the public key encryption algorithm is used for communication between the key management server 101 and the communication device 102, the same effect as that of the second embodiment can be obtained.

Embodiment 9 FIG.
In the ninth embodiment, a master key batch update instruction 1500 or a master key individual update instruction 1600 when a public key encryption algorithm is used for encryption of a command transmitted from the key management server 101 to the communication device 102 or calculation of a signature value. Update of the encryption key (master key) used for encrypted communication between the communication devices 102 by distribution will be described.

First, an outline of an operation of updating a shared key (master key) between the communication devices 102 by distributing a master key update command will be described.
There are two ways to update the master key: a method of batch updating all master keys using the master key batch update command 1500 and a method of updating only a specific master key using the master key individual update command 1600. Furthermore, when the expiration date of the master key is described in these instructions, the key management server 101 and the communication device 102 automatically update the master key according to the expiration date.

FIG. 54 is a diagram showing a data flow when all the master keys are collectively updated in the system configuration shown in FIG.
The key management server 101 creates a command for instructing batch update of all master keys, adds an electronic signature for each communication device 102 to verify the validity of the command, and outputs a master key batch update command 1500. create. Next, the key management server 101 transmits a master key batch update command 1500 to all the communication devices 102 via the network 103. Then, the key management server 101 updates all master keys. On the other hand, the communication device 102 receives the master key batch update instruction 1500 via the network 103, verifies the electronic signature included in the instruction, confirms the validity of the instruction, and updates the master key.

FIG. 55 is a diagram showing a data format of the master key batch update instruction 1500.
Based on FIG. 55, a description will be given of the master key batch update command 1500 distributed by the key management server 101, which is different from the master key batch update command 900. FIG.
The master key batch update instruction 1500 includes one electronic signature 1503. In other words, the master key batch update instruction 900 includes the individual electronic signature 904 that is different for each communication device 102, but the master key batch update command 1500 includes one electronic signature 1503 that is common to all the communication devices 102. Yes.
Since the electronic signature 1503 is common to all the communication devices 102, the device ID is not provided. A signature value 1522 of the electronic signature 1503 is a signature applied using a server private key that is a private key of the key management server 101.

FIG. 56 is a diagram showing a data flow when only a specific master key is individually updated in the system configuration shown in FIG.
The key management server 101 creates a command for instructing individual update of a specific master key, adds an electronic signature for the communication device 102 to verify the validity of the command, and outputs a master key individual update command 1600. create. Next, the key management server 101 transmits a master key individual update command 1600 to the corresponding communication device 102 via the network 103. Then, the key management server 101 updates the corresponding master key. On the other hand, the communication device 102 receives the master key individual update command 1600 via the network 103, checks whether the command is addressed to itself, verifies the electronic signature included in the command, and confirms the validity of the command. Then, the master key is updated.

FIG. 57 is a diagram showing a data format of the master key individual update instruction 1600.
Based on FIG. 57, a description will be given of the master key individual update command 1600 distributed by the key management server 101, which is different from the master key individual update command 1000. FIG.
The master key individual update instruction 1600 includes one electronic signature 1603. In other words, the master key individual update command 1000 includes an individual electronic signature 1004 that differs for each communication device 102, but the master key individual update command 1600 includes one electronic signature 1603 that is common to all the communication devices 102. Yes.
Since the electronic signature 1603 is common to all the communication devices 102, no device ID is provided. A signature value 1622 of the electronic signature 1603 is a signature applied using a server secret key that is a secret key of the key management server 101.

Next, the function of the key management server 101 in the ninth embodiment will be described with reference to FIG.
FIG. 58 is a functional block diagram of the key management server 101 in the ninth embodiment. The key management server 101 according to the ninth embodiment includes a master key update command creation unit 2210 in addition to the key management server 101 according to the eighth embodiment.
The master key update command creation unit 2210 creates a master key batch update command 1500 and a master key individual update command 1600 by the processing device.
The key management database 2207 in the ninth embodiment is the same as the key management database 2207 in the eighth embodiment.

Next, functions of the communication device 102 according to the ninth embodiment will be described with reference to FIG.
FIG. 59 is a functional block diagram of the communication device 102 according to the ninth embodiment. The communication device 102 according to the ninth embodiment includes a master key update command interpretation unit 4409 in addition to the communication device 102 according to the eighth embodiment.
The master key update command interpretation unit 4409 interprets the master key batch update command 1500 and the master key individual update command 1600 received by the data reception unit 401 and updates the master key by the processing device.
The management database 4406 in the ninth embodiment is the same as the management database 4406 in the eighth embodiment.

Next, the operation will be described.
First, the operation when the master key is collectively updated will be described. FIG. 60 is a flowchart showing the operation of the communication system when the master key is updated all at once.
In the master key batch update command creation process (S1201), the master key update command creation unit 2210 of the key management server 101 creates a master key batch update command 1500. The electronic signature generation unit 2206 receives the server private key managed by the server public key pair management table 3301 of the key management database 2207, and generates a signature value 1522 for the data type 1501 and the master key batch update command information 1502.
In the data transmission process (S1202), the data transmission unit 202 transmits a master key batch update instruction 1500 to all the communication devices 102.
In the server-side master key update process (S1203), after successful transmission of the master key batch update command 1500, the update key generation unit 2204 updates all the master keys and stores them in the master key management table 302 of the key management database 2207. Store all the master keys before updating. The master key is updated by passing a predetermined one-way function as in the third embodiment.
In the data reception process (S1204), the data reception unit 401 of the communication device 102 receives the master key batch update instruction 1500. The master key update command interpretation unit 4409 recognizes that the received information is the master key batch update command 1500 based on the data type 1501 of the master key batch update command 1500.
In the signature determination process (S1205), the electronic signature verification unit 4405 receives the server public key managed by the server public key management table 5501 of the management database 4406, verifies the signature value 1522 of the electronic signature 1503, and collects the master key collectively. The validity of the update instruction 1500 is confirmed. At this time, if the signature key generation number 1521 of the server private key used for the signature is older than the generation number of the server public key managed in the server public key management table 5501 of the management database 4406, the electronic signature verification unit 4405 Judge as signature.
If the signature verification is successful (YES in S1205), the master key update command interpretation unit 4409 proceeds to (S1206). On the other hand, if the signature verification fails (NO in S1205), the master key update command interpretation unit 4409 determines that the master key batch update command 1500 is not valid and ends the process.
In the terminal-side master key update process (S1206), when the signature verification is successful, the update key generation unit 4403 updates all the master keys stored in the master key management table 503 of the management database 406, and updates the management database 406. The master key is stored in the master key management table 503 and the master key before update is deleted.

Next, an operation when only a specific master key is updated will be described. FIG. 61 is a flowchart showing the operation of the communication system when only a specific master key is updated.
In the master key individual update command creation process (S1301), the master key update command creation unit 2210 of the key management server 101 creates the master key individual update command 1600. The electronic signature generation unit 2206 receives the server private key managed by the server public key pair management table 3301 of the key management database 2207, and generates a signature value 1622 for the data type 1601 and master key individual update command information 1602.
In the data transmission process (S1302), the data transmission unit 202 transmits a master key individual update command 1600 to the corresponding communication device 102.
In the server-side device key update process (S1303), after successful transmission of the master key individual update command 1600, the update key generation unit 2204 updates the corresponding master key and stores it in the master key management table 302 of the key management database 2207. Store and delete the corresponding master key before update.
In the data reception process (S1304), the data reception unit 401 of the communication device 102 receives the master key individual update command 1600. The master key update command interpretation unit 4409 recognizes that the received information is the master key individual update command 1600 based on the data type 1601 of the master key individual update command 1600.
In the destination determination process (S1305), the master key update command interpretation unit 4409 determines whether the master key ID managed in the master key management table 503 of the management database 4406 matches the master key ID 1611 included in the master key individual update command 1600. Check to see if the master key individual update command 1600 is addressed to you.
If the master key individual update command 1600 is addressed to itself (YES in S1305), the master key update command interpretation unit 4409 proceeds to (S1306). On the other hand, if the master key individual update command 1600 is not addressed to itself (NO in S1305), the master key update command interpretation unit 4409 ignores the master key individual update command 1600 and ends the processing.
In the signature determination process (S1306), when the master key individual update instruction 1600 is addressed to itself, the electronic signature verification unit 4405 receives the server public key managed by the server public key management table 5501 of the management database 4406 as an input, and receives the master key. The signature value 1622 of the key individual update instruction 1600 is verified to confirm the validity of the master key individual update instruction 1600. When the validity of the master key individual update instruction 1600 is confirmed, the signature key generation number 1621 of the server private key used for the signature is older than the generation number of the server public key managed by the server public key management table 5501 of the management database 4406. In this case, the electronic signature verification unit 4405 determines that the signature is invalid.
If the signature verification is successful (YES in S1306), the master key update command interpretation unit 4409 proceeds to (S1307). On the other hand, if the signature verification fails (NO in S1306), the master key update command interpretation unit 4409 determines that the master key individual update command 1600 is not valid, and ends the process.
In the terminal-side master key update process (S1307), when the signature verification is successful, the update key generation unit 4403 updates the corresponding master key, stores it in the master key management table 503 of the management database 4406, and before updating. Delete the master key.

  The method for updating the master key according to the expiration date is the same as the method of the third embodiment.

  As described above, even when the public key encryption algorithm is used for communication between the key management server 101 and the communication device 102, the same effect as that of the third embodiment can be obtained.

Embodiment 10 FIG.
In the tenth embodiment, communication of inter-device communication data 1100 between communication devices 102 when a public key encryption algorithm is used for encryption of a command transmitted from the key management server 101 to the communication device 102 or calculation of a signature value. An update of the master key by, update of the device key (device secret key, device public key) by transfer of the device key batch update command 1200, and update of the master key by transfer of the master key batch update command 1500 will be described.

  The update of the master key by exchanging the inter-device communication data 1100 can be realized by the same operation as that described in the fourth embodiment even when a public key encryption algorithm is used.

The update of the device key (device secret key, device public key) by the transfer of the device key batch update instruction 1200 is performed from “the procedure described in the first embodiment ((S104)” in (S701) described in the fifth embodiment ( (S106) ”is replaced with“ (S904) to (S906) ”described in the seventh embodiment, and“ ((S105) and (S106)) ”in (S704) is replaced with“ ((S905) ”. (S906)) ”, the method described in the fifth embodiment can be applied.
Similarly, the master key update by transferring the master key batch update instruction 1500 is performed by the “procedure described in the third embodiment (from (S405) to (S407))” in (S801) described in the sixth embodiment. , “Procedure described in Embodiment 9 (from (S1205) to (S1206))” is replaced with “((S405) to (S407))” in (S804) as “((S1205) to (S1206)”. The method described in Embodiment 6 can be applied. In the sixth embodiment, the device key may be updated by transferring the master key batch update instruction 900. However, in the tenth embodiment, the device key (device secret key, The device public key is not updated.

  As described above, even when the public key encryption algorithm is used for communication between the key management server 101 and the communication device 102, the same effect as in the fourth to sixth embodiments can be obtained.

Embodiment 11 FIG.
In the above embodiment, as shown in FIG. 1, when the key management server 101 and the communication device 102 are connected via the network 103 and data is distributed from the key management server 101 to the communication device 102 via the network 103. explained. In the eleventh embodiment, a data distribution method from the key management server 101 to the communication device 102 will be described.

FIG. 62 is a system configuration diagram when the key management server 101 distributes data to each communication device 102 by one-way communication using satellite communication.
In FIG. 62, the key management server 101 distributes data to be distributed (device key batch update command 600 or the like) from the communication satellite 105 to the communication device 102 via the ground station 104. The ground station 104 is a relay facility for transmitting various data transmitted from the key management server 101 to each communication device 102 through the communication satellite 105. The communication satellite 105 is a satellite facility that transmits various data relayed from the ground station 104 to each communication device 102. The network 103 is a backbone network used as a communication path for communication between the communication devices 102.
That is, the key management server 101 broadcasts various data from the communication satellite 105 to each communication device 102 by one-way communication. That is, the key management server 101 unilaterally transmits various data to each communication device 102 via the communication satellite 105.

FIG. 63 is a system configuration diagram when the key management server 101 distributes data to each communication device 102 by one-way communication using terrestrial broadcasting.
In FIG. 63, the key management server 101 distributes data to be distributed (device key batch update command 600 and the like) from the terrestrial broadcasting facility 106 to the communication device 102. The terrestrial broadcasting facility 106 is a broadcasting facility that transmits various data transmitted from the key management server 101 to each communication device 102. The network 103 is a backbone network used as a communication path for communication between the communication devices 102.
That is, the key management server 101 broadcasts various data from the terrestrial broadcasting facility 106 to each communication device 102 by one-way communication. That is, the key management server 101 unilaterally transmits various data to each communication device 102.

FIG. 64 is a system configuration diagram when the key management server 101 distributes data to each communication device 102 using a communication path capable of bidirectional communication.
In FIG. 64, the key management server 101 distributes data to be distributed (device key batch update command 600 and the like) from the Internet broadcast facility 107 to the communication device 102 via the Internet network 108. The Internet broadcasting facility 107 is a broadcasting facility that transmits various data transmitted from the key management server 101 to each communication device 102 via the Internet network 108. The Internet network 108 is a backbone network used as a communication path for communication between the communication devices 102 and communication between the communication device 102 and the Internet broadcast facility 107.
That is, the key management server 101 broadcasts various data from the Internet broadcast facility 107 to each communication device 102 by bidirectional communication.

FIG. 65 is a diagram illustrating an example of hardware resources of the key management server 101 and the communication device 102 in the above embodiment.
In FIG. 65, the key management server 101 and the communication device 102 include a CPU 1911 (also referred to as a central processing unit, a central processing unit, a processing unit, an arithmetic unit, a microprocessor, a microcomputer, and a processor) that executes a program. . The CPU 1911 is connected to the ROM 1913, the RAM 1914, the LCD 1901 (Liquid Crystal Display), the keyboard 1902 (K / B), the communication board 1915, and the magnetic disk device 1920 via the bus 1912, and controls these hardware devices. Instead of the magnetic disk device 1920, a storage device such as an optical disk device or a memory card read / write device may be used.

  The ROM 1913 and the magnetic disk device 1920 are an example of a nonvolatile memory. The RAM 1914 is an example of a volatile memory. The ROM 1913, the RAM 1914, and the magnetic disk device 1920 are examples of a storage device (memory). The keyboard 1902 and the communication board 1915 are examples of input devices. The communication board 1915 is an example of a communication device. Further, the LCD 1901 is an example of a display device.

  An operating system 1921 (OS), a window system 1922, a program group 1923, and a file group 1924 are stored in the magnetic disk device 1920 or the ROM 1913. Programs in the program group 1923 are executed by the CPU 1911, operating system 1921, and window system 1922.

The program group 1923 includes “input interface 201”, “data transmission unit 202”, “initial key generation unit 203”, “update key generation unit 204”, “encryption unit 205”, “signature value calculation” in the above description. Unit 206 ”,“ key management database 207 ”,“ device key update command creation unit 208 ”,“ master key distribution command creation unit 209 ”,“ master key update command creation unit 210 ”,“ data reception unit 401 ”,“ device ” Communication unit 402 ”,“ update key generation unit 403 ”,“ decryption unit 404 ”,“ signature value verification unit 405 ”,“ management database 406 ”,“ device key update command interpretation unit 407 ”,“ master key distribution command interpretation ” Section 408 "," master key update command interpretation section 409 "," inter-device communication data creation / interpretation section 410 "," signature value generation section 411 "," encryption section 412 ", etc. Software and programs and other programs that perform the functions Akira is stored. The program is read and executed by the CPU 1911.
The file group 1924 includes “device key batch update command 600”, “device key individual update command 700”, “master key distribution command 800”, “master key batch update command 900”, “master key individual update” in the above description. Command 1000 ”,“ Inter-device communication data 1100 ”,“ Device key batch update command 1200 ”,“ Device key individual update command 1300 ”,“ Master key distribution command 1400 ”,“ Master key batch update command 1500 ”,“ Master key ” Information such as “individual update instruction 1600”, data, signal values, variable values, and parameters are stored as items of “file” and “database”. The “file” and “database” are stored in a recording medium such as a disk or a memory. Information, data, signal values, variable values, and parameters stored in a storage medium such as a disk or memory are read out to the main memory or cache memory by the CPU 1911 via a read / write circuit, and extracted, searched, referenced, compared, and calculated. Used for the operation of the CPU 1911 such as calculation / processing / output / printing / display. Information, data, signal values, variable values, and parameters are temporarily stored in the main memory, cache memory, and buffer memory during the operation of the CPU 1911 for extraction, search, reference, comparison, calculation, processing, output, printing, and display. Is remembered.
In addition, the arrows in the flowchart in the above description mainly indicate input / output of data and signals, and the data and signal values are recorded in a memory of the RAM 1914 and other recording media such as an optical disk. Data and signals are transmitted online via a bus 1912, signal lines, cables, or other transmission media.

  In addition, what is described as “to part” in the above description may be “to circuit”, “to device”, “to device”, “to means”, and “to function”. It may be “step”, “˜procedure”, “˜processing”. In addition, what is described as “˜device” may be “˜circuit”, “˜device”, “˜device”, “˜means”, “˜function”, and “˜step”, “ ~ Procedure "," ~ process ". Furthermore, what is described as “to process” may be “to step”. That is, what is described as “to part” may be realized by firmware stored in the ROM 1913. Alternatively, it may be implemented only by software, or only by hardware such as elements, devices, substrates, and wirings, by a combination of software and hardware, or by a combination of firmware. Firmware and software are stored in a recording medium such as the ROM 1913 as a program. The program is read by the CPU 1911 and executed by the CPU 1911. That is, the program causes a computer or the like to function as the “˜unit” described above. Alternatively, the computer or the like is caused to execute the procedures and methods of “to part” described above.

System Configuration. The figure which showed the flow of the data at the time of updating all the device keys collectively. The figure which showed the data format of the device key batch update instruction 600. The figure which showed the flow of the data at the time of updating only a specific device key separately. The figure which showed the data format of the device key separate update instruction 700. FIG. FIG. 3 is a functional block diagram of the key management server 101 in the first embodiment. FIG. 3 is a diagram showing a key management database 207 inside the key management server 101 according to the first embodiment. FIG. 3 is a functional block diagram of the communication device 102 according to the first embodiment. 3 is a diagram showing a management database 406 inside the communication device 102 according to Embodiment 1. FIG. The flowchart which shows operation | movement of the communication system in the case of updating a device key collectively. The flowchart which shows operation | movement of the communication system in the case of updating only a specific device key. The figure which showed the flow of the data at the time of distributing the master key used for the encryption between the communication apparatuses 102. FIG. The figure which showed the data format of the master key distribution instruction 800. FIG. 10 is a functional block diagram of the key management server 101 in the second embodiment. The figure which shows the key management database 207 inside the key management server 101 in Embodiment 2. FIG. FIG. 4 is a functional block diagram of communication device 102 according to Embodiment 2. 6 is a diagram showing a management database 406 inside the communication device 102 according to Embodiment 2. FIG. The flowchart which shows operation | movement of the communication system in the case of delivering a master key. The figure which showed the flow of the data at the time of updating all the master keys collectively. The figure which showed the data format of the master key batch update instruction 900. The figure which showed the data flow at the time of updating only a specific master key separately. The figure which showed the data format of the master key separate update instruction 1000. FIG. 10 is a functional block diagram of the key management server 101 in the third embodiment. FIG. 10 is a functional block diagram of communication device 102 according to Embodiment 3. The flowchart which shows operation | movement of the communication system in the case of updating a master key collectively. The flowchart which shows operation | movement of the communication system in the case of updating only a specific master key. The figure which showed the data flow at the time of updating a master key by exchange of the communication data 1100 between apparatuses. The figure which showed the data format of the communication data 1100 between apparatuses. FIG. 10 is a functional block diagram of communication device 102 according to the fourth embodiment. The flowchart which shows operation | movement of the communication system in the case of updating a master key by exchange of the communication data 1100 between apparatuses. The figure which showed the data flow at the time of updating a master key by transferring the device key batch update command 600. FIG. 10 is a functional block diagram of communication device 102 according to the fifth embodiment. The flowchart which shows operation | movement of the communication system in the case of updating a master key by transferring the device key batch update command 600. The figure which showed the data flow at the time of updating a master key by transferring the master key batch update instruction 900. FIG. 18 is a functional block diagram of a communication device 102 in a sixth embodiment. The flowchart which shows operation | movement of the communication system in the case of updating a master key by transferring the master key batch update instruction 900. The figure which showed the flow of the data at the time of updating all the device keys collectively. The figure which showed the data format of the device key batch update instruction 1200. The figure which showed the flow of the data at the time of updating only a specific device key separately. The figure which showed the data format of the device key separate update instruction 1300. FIG. FIG. 20 is a functional block diagram of the key management server 101 in the seventh embodiment. FIG. 20 shows a key management database 2207 inside the key management server 101 in the seventh embodiment. FIG. 18 is a functional block diagram of communication device 102 according to the seventh embodiment. FIG. 18 shows a management database 4406 inside the communication device 102 in the seventh embodiment. The flowchart which shows operation | movement of the communication system in the case of updating a device key collectively. The flowchart which shows operation | movement of the communication system in the case of updating only a specific device key. The figure which showed the flow of the data at the time of distributing the master key used for the encryption between the communication apparatuses 102. FIG. The figure which showed the data format of the master key distribution instruction 1400. FIG. FIG. 20 is a functional block diagram of the key management server 101 in the eighth embodiment. FIG. 19 shows a key management database 2207 inside the key management server 101 in the eighth embodiment. FIG. 20 is a functional block diagram of a communication device 102 according to an eighth embodiment. FIG. 20 shows a management database 4406 inside the communication device 102 in the eighth embodiment. The flowchart which shows operation | movement of the communication system in the case of delivering a master key. The figure which showed the flow of the data at the time of updating all the master keys collectively. The figure which showed the data format of the master key batch update instruction 1500. The figure which showed the data flow at the time of updating only a specific master key separately. The figure which showed the data format of the master key separate update instruction 1600. FIG. FIG. 25 is a functional block diagram of the key management server 101 in the ninth embodiment. FIG. 20 is a functional block diagram of communication device 102 according to the ninth embodiment. The flowchart which shows operation | movement of the communication system in the case of updating a master key collectively. The flowchart which shows operation | movement of the communication system in the case of updating only a specific master key. The system block diagram in case the key management server 101 delivers data to each communication apparatus 102 by the one-way communication using satellite communication. The system block diagram in case the key management server 101 delivers data to each communication apparatus 102 by the one-way communication using terrestrial broadcasting. FIG. 3 is a system configuration diagram when the key management server 101 distributes data to each communication device 102 using a communication path capable of bidirectional communication. The figure which shows an example of the hardware resource of the key management server 101 and the communication apparatus 102.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 101 Key management server, 102 Communication apparatus, 201 Input interface, 202 Data transmission part, 203 Initial key generation part, 204, 2204 Update key generation part, 205, 2205 Encryption part, 206 Signature value calculation part, 2206 Digital signature generation part 207, 2207 Key management database, 208, 2208 Device key update command creation unit, 209, 2209 Master key distribution command creation unit, 210, 2210 Master key update command creation unit, 401 Data reception unit, 402 Inter-device communication unit, 403 , 4403 Update key generation unit, 404, 4404 Decryption unit, 405 Signature value verification unit, 4405 Electronic signature verification unit, 406, 4406 Management database, 407, 4407 Device key update command interpretation unit, 408, 4408 Master key distribution command interpretation unit , 409, 4409 Master key update command interpretation unit, 410 Inter-device communication data creation interpretation unit, 411 Signature value generation unit, 412 Encryption unit, 421 Device key update command transfer unit, 422 Master key update command transfer unit, 600, 1200 Device key batch update Command, 700, 1300 Device key individual update command, 800, 1400 Master key distribution command, 900, 1500 Master key batch update command, 1000, 1600 Master key individual update command, 1100 Inter-device communication data.

Claims (22)

In a key management server that can communicate with multiple terminals,
A device key update command for instructing update of a device key used when the plurality of terminals receive a master key used for encryption processing of communication between the plurality of terminals, and is a current one by a predetermined one-way function A device key update instruction creating unit for creating a device key update instruction for instructing an update from the device key of the next generation to the device key of the next generation by the processing device;
A master key distribution command for distributing a master key to any one of the plurality of terminals, wherein a master key distribution command including the current generation information of a device key to be managed is generated by the processing device The creation department;
A device key update command created by the device key update command creation unit is transmitted by a communication device with at least one of the plurality of terminals as a destination, and a master key distribution command created by the master key distribution command creation unit is transmitted A key management server, comprising: a data transmission unit configured to transmit by a communication device with a terminal using the master key as a destination . The key management server further includes:
When the data transmission unit transmits a device key update command, the processing device generates the next generation device key from the current device key using the predetermined one-way function, and also generates the next generation device key. The key management server according to claim 1, further comprising a device update key generation unit that deletes the current device key. The device update key generation unit, when an expiration date is attached to a device key to be managed, generates a next generation device key from the current device key after the expiration date. 2. The key management server according to 2. The key management server further includes:
A master key update instruction creating unit for creating a master key update instruction for instructing an update from the current master key to the next generation master key by a predetermined one-way function by the processing unit;
One of the master key update instruction the master key update instruction creation unit creates the preceding claims, characterized in that it comprises a data transmission unit for transmitting a communication device as a destination terminal to use the master key to 3 Key management server described in 1. The key management server according to claim 4 , wherein the master key update command creating unit creates the master key update command by including the current generation information of the device key to be managed. The key management server further includes:
When the data transmission unit transmits a master key update command, when the next generation master key is generated from the current master key by the processing device using a predetermined one-way function, and the next generation master key is generated the key management server according to claim 4 or 5, characterized in that it comprises a master update key generation unit for deleting the current master key. The master update key generation unit generates a next generation master key from the current master key after the expiration date when the expiration date is attached to the master key to be managed. 6. The key management server according to 6 . A device key update command for instructing update of a device key used when receiving a master key used for encryption processing of communication with other terminals from the key management server. A generation of a current device key managed by the key management server, which is a master key distribution command for distributing a master key while receiving a device key update command for instructing an update to a device key via a communication device A data receiver that receives a master key distribution command including information via a communication device ;
In accordance with the device key update command received by the data receiver, the processing device generates a next generation device key from the current device key using a predetermined one-way function, and the master key using the predetermined one-way function. A terminal comprising: an update key generation unit that updates a current device key up to a generation indicated by generation information included in a distribution command . The terminal according to claim 8 , wherein when the next generation device key is generated, the update key generation unit deletes the current device key. The update key generation unit, if the expiration date is assigned to the device key for managing, Beyond the expiration date, claim 8 from the current device key and generating a device key of the next generation Or the terminal of 9 . The terminal
The terminal according to any one of claims 8 to 10, further comprising a device key device communication unit that transmits the device key update command received by the data receiving unit to another terminal via a communication device. The data receiving unit receives a master key update instruction that instructs to update the master key transmitted by the key management server,
The update key generation unit in accordance with the master key update instruction to any of the current master key by a predetermined one-way function from claim 8, wherein generating a master key of the next generation until 11 The listed terminal. The terminal according to claim 12 , wherein when the next generation master key is generated, the update key generation unit deletes the current master key. The data receiving unit receives a master key update command including generation information of a current device key managed by the key management server;
The terminal according to claim 12 or 13 , wherein the update key generation unit updates the current device key up to a generation indicated by generation information included in the master key update command by a predetermined one-way function. The terminal
The terminal according to any one of claims 12 to 14, further comprising a master key inter-device communication unit that transmits a master key update command received by the data receiving unit to another terminal via a communication device. The update key generation unit, if the expiration date is assigned to the master key for managing, Beyond the expiration date, claim 8 from the current master key and generating a master key of the next generation The terminal in any one of 15 to 15 . When receiving predetermined communication information from another terminal, the current generation information in the other terminal of the master key used for communication with the other terminal is received together with the predetermined communication information via a communication device. It has a master key generation information communication unit,
The update key generation unit according to claim and updates the current master key by a predetermined one-way function to the generation indicated by the generation information of the master key generation information for the current communication unit receives a master key 8 The terminal in any one of from 16 . In a communication system comprising a key management server and a plurality of terminals,
The key management server
A device key update command for instructing update of a device key used when the plurality of terminals receive a master key used for encryption processing of communication between the plurality of terminals, and is a current one by a predetermined one-way function A device key update instruction creating unit that creates a device key update instruction for updating from the device key of the next generation to the device key of the next generation by the processing device;
A master key distribution command for distributing a master key to any one of the plurality of terminals, wherein a master key distribution command including the current generation information of a device key to be managed is generated by the processing device The creation department;
A device key update command created by the device key update command creation unit is transmitted by a communication device with at least one of the plurality of terminals as a destination, and a master key distribution command created by the master key distribution command creation unit is transmitted A data transmission unit for transmitting by a communication device with a terminal using the master key as a destination ,
The terminal
A data receiver that receives the device key update command and the master key distribution command transmitted by the data transmitter via a communication device;
In accordance with the device key update command received by the data receiver, the processing device generates a next generation device key from the current device key using a predetermined one-way function, and the master key using the predetermined one-way function. A communication system, comprising: an update key generation unit that updates a current device key up to a generation indicated by generation information included in a distribution command . In a key distribution method in a key management server that can communicate with a plurality of terminals,
A device key update instruction for instructing an update of a device key used when the processing device receives a master key used for encryption processing of communication between the plurality of terminals by the plurality of terminals. A device key update instruction creating step for creating a device key update instruction for instructing an update from the current device key to the next generation device key by a sex function;
Master key distribution for generating a master key distribution command including a current generation information of a device key to be managed, which is a master key distribution command for the processing device to distribute a master key to any one of the plurality of terminals An instruction creation step;
The communication device transmits the device key update command created in the device key update command creation step with at least one of the terminals as a destination , and the master key distribution command created in the master key distribution command creation step A key transmission method comprising: a data transmission step of transmitting a message to a terminal using the master key as a destination . In a key distribution program in a key management server that can communicate with a plurality of terminals,
A device key update command for instructing update of a device key used when the plurality of terminals receive a master key used for encryption processing of communication between the plurality of terminals, and is a current one by a predetermined one-way function A device key update instruction creation process for creating a device key update instruction for instructing an update from the device key of the next generation to the next generation device key;
A master key distribution instruction for generating a master key distribution instruction for distributing a master key to any one of the plurality of terminals, the master key distribution instruction including current generation information of a device key to be managed; ,
The device key update command created by the device key update command creation process is transmitted to at least one of the plurality of terminals as a destination , and the master key distribution command created by the master key distribution command creation process is sent to the master key A key distribution program that causes a computer to execute a data transmission process for transmitting a terminal that uses the terminal as a destination . A device key update command for instructing update of a device key used when the communication device receives from the key management server a master key used for encryption processing of communication with other terminals, from the current device key A device key update command for instructing an update to the next generation device key and a master key distribution command for distributing the master key, and the generation information of the current device key managed by the key management server A data receiving step for receiving a master key distribution instruction including :
In accordance with the device key update command received in the data receiving step, the processing device generates a next generation device key from the current device key using a predetermined one-way function, and uses the master device using the predetermined one-way function. A key reception method comprising: an update key generation step of updating a current device key up to a generation indicated by generation information included in a key distribution command . A device key update command for instructing update of a device key used when receiving a master key used for encryption processing of communication with other terminals from the key management server. A master key distribution command for receiving a device key update command for instructing an update to a device key and distributing a master key, and including a generation key information of a current device key managed by the key management server A data reception process for receiving a distribution command ;
In accordance with the device key update command received in the data reception process, the next generation device key is generated from the current device key by a predetermined one-way function, and the master key distribution command is generated by the predetermined one-way function. A key receiving program that causes a computer to execute update key generation processing for updating a current device key up to a generation indicated by included generation information .

Images