JPH0196686A - Code key managing apparatus - Google Patents
Code key managing apparatusInfo
- Publication number
- JPH0196686A JPH0196686A JP62254274A JP25427487A JPH0196686A JP H0196686 A JPH0196686 A JP H0196686A JP 62254274 A JP62254274 A JP 62254274A JP 25427487 A JP25427487 A JP 25427487A JP H0196686 A JPH0196686 A JP H0196686A
- Authority
- JP
- Japan
- Prior art keywords
- specific information
- key
- encryption key
- switch
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000010586 diagram Methods 0.000 description 3
- 208000002193 Pain Diseases 0.000 description 1
- 230000036407 pain Effects 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
- 238000007789 sealing Methods 0.000 description 1
Abstract
Description
【発明の詳細な説明】
「産業上の利用分野」
この発明は暗号処理手段で信号を暗号化又は復号化する
ために用いる暗号鍵を管理する暗号鍵管理装置に関する
。DETAILED DESCRIPTION OF THE INVENTION "Field of Industrial Application" The present invention relates to a cryptographic key management device for managing cryptographic keys used for encrypting or decoding signals with cryptographic processing means.
「従来の技術」
暗号装置艦二おいては第3図に示すように暗号鍵保持手
段11に暗号鍵が保持され、暗号処理手段“12に第1
人力ボートから入力された信号は暗号鍵保持手段11で
保持されている暗号鍵で暗号化又は復号化されて暗号文
又は平文が出力信号として出力される。``Prior Art'' In the encryption device Kanji, as shown in FIG. 3, the encryption key is held in the encryption key holding means 11, and the
The signal input from the human-powered boat is encrypted or decrypted using the encryption key held by the encryption key holding means 11, and ciphertext or plaintext is output as an output signal.
この場合暗号装置管理者が必要に応じて、暗号*i持手
段11に蓄えられている暗号鍵を書き換えていた。従来
、暗号装置管理者とその他を区別する対策として、暗号
鍵を入力する第2人力ボートには特殊な暗号鍵書込装置
だけが接続できる形状にし、暗号鍵書込装置は、暗号装
置管理者が多大な努力を払って保管していた。暗号鍵書
込装置は、それが特殊な形状をしていることでコストが
高い。又暗号鍵書込装置が手(二人れば暗号装置管理者
でなくても暗号鍵を変更できる。このため仮に暗号装置
管理者でない者に暗号鍵を書き換えられて(暗号鍵破壊
)も復旧できるように、暗号装置管理者は暗号鍵を記憶
している必要があった。In this case, the encryption device administrator rewrites the encryption key stored in the encryption*i storage means 11 as necessary. Conventionally, as a measure to distinguish between the cryptographic device administrator and others, the second manual boat for inputting the cryptographic key was configured so that only a special cryptographic key writing device could be connected, and the cryptographic key writing device was only used by the cryptographic device administrator. took great pains to preserve it. The cryptographic key writing device is expensive because it has a special shape. In addition, if the encryption key writing device is not used manually (two people can change the encryption key even if they are not the encryption device administrator), therefore, even if the encryption key is rewritten (encryption key destroyed) by someone who is not the encryption device administrator, recovery is possible. The cryptographic device administrator was required to memorize the cryptographic key in order to be able to do so.
暗号鍵の記憶は一般に暗号装置管理者がメモ等に書くこ
とにより行われる。しかしこの状態では暗号鍵が他人に
盗まれる危険性・暗号装置管理者自身による暗号鍵忘却
の可能性が生じ、■盗まれた暗号鍵により暗号化したフ
ァイルの中身が盗まれる ■暗号鍵保持手段に蓄積され
ている暗号鍵が破壊されると、暗号化されているファイ
ル資産が利用不可能となる、等の危険性が生じる。The encryption key is generally stored by the administrator of the encryption device by writing it in a memo or the like. However, in this state, there is a risk that the encryption key will be stolen by someone else, and that the encryption device administrator himself may forget the encryption key. ■ The contents of the file encrypted with the stolen encryption key will be stolen. ■ Encryption key storage means. If the encryption keys stored in the computer are destroyed, there is a risk that the encrypted file assets will become unusable.
「問題点を解決するための手段」
この発明によれば特定情報が特定情報保持手段に保持さ
れ、この特定情報と外部から入力された情報とが特定情
報比較手段で比較される。一方物理鍵により制御される
物理鍵スイッチが設けられ、この物理鍵スイツチ情報と
、特定情報比較手段の比較出力とが暗号鍵書込み制御手
段に入力され、物理鍵スイッチがオンで、かつ比較出力
が一致の場合は暗号鍵保持手段に保持される暗号鍵の書
き込みを許可する。"Means for Solving Problems" According to the present invention, specific information is held in the specific information holding means, and this specific information and information input from the outside are compared by the specific information comparing means. On the other hand, a physical key switch controlled by a physical key is provided, and this physical key switch information and the comparison output of the specific information comparison means are input to the encryption key writing control means, and when the physical key switch is on and the comparison output is If they match, writing of the encryption key held in the encryption key holding means is permitted.
このようにこの発明によれば物理鍵により物理鍵スイッ
チをオンとし、かつ特定情報比較手段で一致が得られた
時のみ暗号鍵保持手段に対する書き込みが可能になるた
め、暗号装置管理者以外のものによる暗号鍵の書き込み
は困難となる。As described above, according to the present invention, writing to the encryption key holding means is possible only when the physical key is turned on by the physical key and a match is obtained by the specific information comparison means, so that it is possible for anyone other than the encryption device administrator to write to the encryption key holding means. It becomes difficult to write the encryption key using
「実施例」
第1図はこの発明による暗号鍵管理装置の実施例を示し
、第3図と対応する部分には同一符号を付けである。Embodiment FIG. 1 shows an embodiment of an encryption key management device according to the present invention, and parts corresponding to those in FIG. 3 are given the same reference numerals.
この発明によれば特定情報保持手段21に特定情報が保
持されている。その特定情報は特定情報比較手段22で
第3人力ボートから入力される情報と比較され、その一
致不一致を示す比較出力が暗号鍵書込み制御手段23へ
供給される。−万物理鍵24により制御される物理鍵ス
イッチ25が設けられ、その物理鍵スイッチ25のスイ
ッチ情報も暗号鍵書込み制御手段23へ供給される。According to this invention, specific information is held in the specific information holding means 21. The specific information is compared with the information input from the third human-powered boat by the specific information comparing means 22, and a comparison output indicating whether the information matches or does not match is supplied to the encryption key writing control means 23. - A physical key switch 25 controlled by a physical key 24 is provided, and switch information of the physical key switch 25 is also supplied to the encryption key write control means 23.
暗号鍵書込み制御手段は入力された物理鍵スイッチ25
のスイッチ情報がオンで、かつ特定情報比較手段22か
ら入力された比較出力が一致の場合のみ、暗号鍵保持手
段11に書き込みを可能とする。なお主電源が切れても
暗号鍵保持手段11の暗号鍵が保持されるように暗号鍵
保持用電池26が設けられている。The encryption key writing control means is the input physical key switch 25.
Only when the switch information is on and the comparison output input from the specific information comparing means 22 is a match, writing to the encryption key holding means 11 is enabled. Note that an encryption key holding battery 26 is provided so that the encryption key in the encryption key holding means 11 is held even if the main power is turned off.
第2図に示すように箱27内に、暗号鍵保持手段11、
暗号処理手段12、特定情報保持手段21、特定情報比
較手段22、暗号鍵書込み制御手段23、物理鍵スイッ
チ25を入れて密閉し、箱27からは電源スイッチ28
、物理鍵24の鍵穴301電源コード29、データ入出
力ボート31のみを外部(=あられす。このようにして
暗号鍵保持手段11に蓄積されている暗号鍵及び特定情
報保持手段21に蓄積されている特定情報を直接読み出
せないようにする。この箱27による密閉の他に、例え
ば暗号鍵、特定情報をLSI中に蓄積し、そのLSIを
パッケージ中に収容してもよい。As shown in FIG. 2, inside the box 27, the encryption key holding means 11
The cryptographic processing means 12, the specific information holding means 21, the specific information comparing means 22, the encryption key writing control means 23, and the physical key switch 25 are put in and sealed, and the power switch 28 is inserted from the box 27.
, the keyhole 301 of the physical key 24, the power cord 29, and the data input/output port 31 are removed from the outside. In addition to sealing with the box 27, for example, the encryption key and specific information may be stored in an LSI, and the LSI may be housed in a package.
このようにすると物理鍵と特定情報とが共に盗まれた場
合に、暗号鍵保持手段11の暗号鍵の値は変えられる可
能性があるが、暗号装置が箱27内に密閉されているた
め、暗号鍵の値を読み出すことはできない、従って暗号
化されたファイルなどの情報の秘密は守られる。In this way, if both the physical key and specific information are stolen, the value of the encryption key in the encryption key holding means 11 may be changed, but since the encryption device is sealed inside the box 27, The value of the encryption key cannot be read out, so encrypted files and other information remain confidential.
「発明の効果」
以上述べたよう(二二の発明によれば暗号鍵書替え制御
が行われるため、他人による暗号鍵の不容易な改ざんが
禁止される。例えば物理鍵の場合、改ざんを図る者は暗
号鍵24の複製を作る必要があるので、そのためには多
大の努力を必要とする。``Effects of the Invention'' As stated above (according to the 22nd invention, encryption key rewriting control is performed, so easy tampering of the encryption key by another person is prohibited.For example, in the case of a physical key, a person who attempts to tamper with it) Since it is necessary to make a copy of the encryption key 24, this requires a great deal of effort.
また暗号装置の特定情報を知る権利を有しない者が、特
定情報を総当たりで見つけようとする場合、例えば64
ビツト長のとき、確率的には264通りの約半分は試す
必要があるので、1回の試行時間を17420秒と仮定
すると、(264X 10 ’)/(2X365X24
X3600) 〜30万年となる。このため特定情報を
知らない者が、暗号装置を解析して捜すことに殆ど不可
能となる。In addition, if a person who does not have the right to know the specific information of the encryption device tries to find the specific information by brute force, for example, 64
In the case of bit length, it is necessary to try about half of the 264 ways in terms of probability, so assuming that one trial time is 17420 seconds, (264X 10') / (2X365X24
X3600) ~300,000 years. This makes it almost impossible for someone who does not know the specific information to analyze and search for the cryptographic device.
しかもこのような暗号鍵24と、特定情報との両者が鍵
改ざん者の手に渡らなければ暗号鍵を改ざんすることは
できないため、その改ざんは著しく困難となる。Moreover, since the encryption key cannot be tampered with unless both the encryption key 24 and the specific information fall into the hands of a person tampering with the key, it is extremely difficult to tamper with the encryption key.
暗号装置管理者が管理するものは特定情報と物理鍵とで
あるから、特殊な装置を必要としないで容易に実現でき
る。Since what the cryptographic device manager manages is the specific information and the physical key, it can be easily implemented without requiring any special equipment.
第1図はこの発明の実施例を示すブロック図、第2図は
暗号装置を箱中に密閉収容した外観を示す図、第3図は
従来の暗号装置を示すブロック図である。
特許出願人 日本電信電話株式会社
代 理 人 草 野 卓871
固
オ 2 囮FIG. 1 is a block diagram showing an embodiment of the present invention, FIG. 2 is a diagram showing the appearance of a cryptographic device sealed in a box, and FIG. 3 is a block diagram showing a conventional cryptographic device. Patent applicant: Nippon Telegraph and Telephone Corporation Agent: Taku Kusano 871
Hard o 2 decoy
Claims (1)
処理手段で入力信号を暗号化又は復号化する暗号装置に
おいて、 特定情報を保持する特定情報保持手段と、 その特定情報保持手段に保持された特定情報と外部から
入力された情報とを比較する特定情報比較手段と、 物理鍵により制御される物理鍵スイッチと、その物理鍵
スイッチのスイッチ情報と上記特定情報比較手段の比較
出力とが入力され、そのスイッチ情報がオンでかつその
比較出力が一致の場合に上記暗号鍵保持手段に保持する
暗号鍵の書き込みを許可する暗号鍵書込み制御手段とを
具備する暗号鍵管理装置。(1) In a cryptographic device that encrypts or decrypts an input signal with a cryptographic processing means using a cryptographic key held in a cryptographic key holding means, a specific information holding means that holds specific information; A specific information comparing means for comparing the held specific information and information inputted from the outside; a physical key switch controlled by a physical key; and a comparison output of the switch information of the physical key switch and the specific information comparing means; an encryption key management device, comprising an encryption key write control means for permitting writing of the encryption key held in the encryption key holding means when the switch information is on and the comparison output is a match.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| JP62254274A JPH0196686A (en) | 1987-10-07 | 1987-10-07 | Code key managing apparatus |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| JP62254274A JPH0196686A (en) | 1987-10-07 | 1987-10-07 | Code key managing apparatus |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| JPH0196686A true JPH0196686A (en) | 1989-04-14 |
Family
ID=17262693
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| JP62254274A Pending JPH0196686A (en) | 1987-10-07 | 1987-10-07 | Code key managing apparatus |
Country Status (1)
| Country | Link |
|---|---|
| JP (1) | JPH0196686A (en) |
-
1987
- 1987-10-07 JP JP62254274A patent/JPH0196686A/en active Pending
Non-Patent Citations (1)
| Title |
|---|
| UNIX SYSTEM V¡-ð´áÞ¤a¬¨þáup¡a®j´b2¸¨ÞÞ-þ3.0=1986 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR0138770B1 (en) | Electronic keying scheme for locking data | |
| US5416841A (en) | Cryptography system | |
| US4588991A (en) | File access security method and means | |
| US5796824A (en) | Storage medium for preventing an irregular use by a third party | |
| CN100508448C (en) | Content processing apparatus and content protection program | |
| NO985275D0 (en) | Procedure for storing and using sensitive information in a security module and an associated security module | |
| GB2462442A (en) | A remote server centrally controls access to data stored in a data container in an encrypted form | |
| JPH08328962A (en) | System composed of terminal equipment and memory card connected to the same | |
| JP3239842B2 (en) | Software unauthorized use prevention system | |
| US20090077390A1 (en) | Electronic file protection system having one or more removable memory devices | |
| KR970007583A (en) | Method and apparatus for safely storing detectable information on relatively insecure storage media | |
| EP2037392A1 (en) | A system and method of protecting content of an electronic file using a computer | |
| JPH1115738A (en) | Data accumulator having encryption function | |
| JPH04245368A (en) | Electronic file cabinet system | |
| US20090077377A1 (en) | System and method of protecting content of an electronic file for sending and receiving | |
| JPH0196686A (en) | Code key managing apparatus | |
| JPS62134679A (en) | Encryption document generator/reader | |
| JPS63182758A (en) | Information memory | |
| JPH07182112A (en) | Data processor having secret protecting function | |
| JPH04182885A (en) | Ic card with secrecy protecting function | |
| JP4574108B2 (en) | Data protection device | |
| JPH043224A (en) | Method for managing soft module by ic card | |
| JP3797531B2 (en) | System for preventing unauthorized copying of digital data | |
| JPH11187007A (en) | Ciphering and deciphering device and its method | |
| JPH09274584A (en) | Enciphering device |