JPH11239124A - Method and device for restoring secret key - Google Patents
Method and device for restoring secret keyInfo
- Publication number
- JPH11239124A JPH11239124A JP10040341A JP4034198A JPH11239124A JP H11239124 A JPH11239124 A JP H11239124A JP 10040341 A JP10040341 A JP 10040341A JP 4034198 A JP4034198 A JP 4034198A JP H11239124 A JPH11239124 A JP H11239124A
- Authority
- JP
- Japan
- Prior art keywords
- secret key
- divided
- sci
- storage
- key information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
Description
【0001】[0001]
【発明の属する技術分野】この発明は電気通信システム
や電子計算機等を利用して、秘密鍵等の機密性が要求さ
れる情報を回復復元可能に管理して回復する方法および
その装置に関する。BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a method and an apparatus for managing and recovering information that requires confidentiality, such as a secret key, using a telecommunication system or an electronic computer.
【0002】[0002]
【従来の技術】セキュリティを確保するために利用者は
公開鍵暗号における公開鍵および秘密鍵を保有し、その
秘密鍵を用い、機密性が要求されるデータに対する暗号
または復号化、セキュリティデータ作成者の本人性やデ
ータの完全性を保証する電子署名作成または検証を行
う。秘密鍵が第三者に漏洩することは、セキュリティの
確保された機密データの第三者による解読、第三者が利
用者になりすますことによる不正行為の実施、第三者に
とって有利なデータにセキュリティの確保されたデータ
を改ざんすることによる情報操作、を可能とする。この
ため、秘密鍵が第三者に漏洩しない様にする対策(外部
からの秘密鍵へのアクセスを防止するために、秘密鍵等
の情報に関してはブラックボックス化する等)が従来の
製品にも組み込まれている。しかしながらシステムダウ
ンや利用者の過失等を原因とする秘密鍵情報等の破損、
等に対する回復が実現されている製品はない。2. Description of the Related Art In order to ensure security, a user holds a public key and a secret key in public key cryptography, and uses the secret key to encrypt or decrypt data requiring confidentiality, and to prepare a security data creator. Create or verify a digital signature that guarantees the identity and data integrity of the Leakage of a private key to a third party can result in the decryption of confidential data that has been secured by a third party, conducting improper activities by impersonating the third party, and securing data that is advantageous to the third party. Information manipulation by falsifying the secured data. For this reason, measures to prevent the secret key from being leaked to third parties (eg, to prevent access to the secret key from the outside, to black box the information such as the secret key, etc.) are also applied to the conventional products. It has been incorporated. However, damage to private key information, etc. due to system down or negligence of the user,
There is no product that has achieved a recovery against such factors.
【0003】[0003]
【発明が解決しようとする課題】この発明は機密性の要
求される秘密鍵情報が第三者に漏洩することなく、確実
かつ安全に保管・復元可能となる機能を効率的にオンラ
インでも利用可能とする方法およびその装置を提供する
ことである。上記従来技術からも判る様に、秘密鍵情報
が第三者に漏洩することなく、秘密鍵のバックアップ
(回復時に同一秘密鍵を利用者に提供可能とすること)
を行う方式は実現されておらず、利用者は個々でバック
アップを行い、セキュリティ脅威(不正者など)からの
ガードを考慮するしかない(秘密情報等をFDやMO、
HD等にコピーして金庫等で管理する等)。According to the present invention, a function that can securely and safely store and restore secret key information requiring confidentiality without leaking to a third party can be efficiently used online. And a device therefor. As can be seen from the above prior art, a backup of the secret key without leaking the secret key information to a third party (the same secret key can be provided to the user at the time of recovery)
Has not been implemented, and users have to back up on their own and consider guarding against security threats (such as unauthorized persons).
Copy to HD and manage with safe etc.).
【0004】また、利用者の秘密鍵情報を信頼できる中
立機関が一元にバックアップをした(中立機関に利用者
の秘密鍵情報が漏洩しても中立機関は不正を行わないと
いう前提に基づく)としても、管理先のセキュリティが
破られると、システム全体(利用者全て)に危険が波及
するシステムクライシスが存在することとなる。さら
に、全ての利用者に対して信頼できる中立機関を構築す
ることは現実的に困難である(ライバル会社が運営する
中立機関に秘密鍵のバックアップを依頼する会社はない
であろう)。[0004] Further, it is assumed that a neutral organization that can trust the user's private key information backs up centrally (based on the assumption that even if the user's private key information is leaked to the neutral organization, the neutral organization does not perform wrongdoing). However, if the security of the management destination is broken, there is a system crisis in which danger spreads to the entire system (all users). In addition, it is practically difficult to build a neutral institution that is reliable for all users (no company would ask a neutral institution operated by a rival company to back up private keys).
【0005】この発明の目的は、秘密鍵回復方法を提供
することにより秘密鍵破損時の復旧処理が可能となるよ
うにしたものである。この発明の別の目的は、オンライ
ンで第三者に漏洩することなく確実かつ安全な秘密鍵供
託(秘密鍵を分割して秘密鍵保管装置に格納すること)
を実施できるようにしたものである。An object of the present invention is to provide a method for recovering a secret key, thereby enabling recovery processing when the secret key is damaged. Another object of the present invention is to securely and securely deposit a private key without leaking it to a third party online (divide the private key and store it in a private key storage device).
Can be implemented.
【0006】この発明の更に別の目的は、セキュリティ
化されたデータを解読可能とするようにしたものであ
る。この発明の更に別の目的は、セキュリティの仕組の
犯罪への利用を防止(犯罪を行うためにセキュリティ確
保された情報を解読可能)することである。この発明の
更に別の目的は、システムクライシスを解消し、一つの
セキュリティが破られたとしても(ある利用者の秘密鍵
が破られたとしても)その危険がシステム全体へと波及
することを許さないことである。A further object of the present invention is to make it possible to decrypt secure data. Still another object of the present invention is to prevent a security mechanism from being used for a crime (it is possible to decrypt information secured for performing a crime). Still another object of the present invention is to eliminate a system crisis and allow the danger of one security breach (even if a user's private key is breached) to spread to the entire system. That is not.
【0007】[0007]
【課題を解決するための手段】この発明は、利用者端末
によって秘密鍵・公開鍵の生成を実行可能とし、複数の
秘密鍵管理機関を用い利用者の秘密鍵情報を分割管理す
ることで第三者に漏洩することのない確実かつ安全な鍵
回復、セキュリティ確保された情報の解読等の処理を行
う事を特徴とする。According to the present invention, a private key and a public key can be generated by a user terminal, and the private key information of the user is divided and managed by using a plurality of private key management organizations. It is characterized by performing processes such as reliable and secure key recovery that does not leak to three parties, decryption of secured information, and the like.
【0008】この発明の秘密鍵回復方法は、利用者端末
で秘密鍵・公開鍵を生成し、秘密鍵の分割処理を行い、
分割された秘密鍵情報を複数の管理機構で保管し、秘密
鍵回復時には分割された秘密鍵情報の合成を行い、秘密
鍵の回復を実現する、以下の要素によって構成される秘
密鍵回復方法であって、第1の要素は図1に示すように
利用者端末11であり、利用者の秘密鍵・公開鍵を生成
し、秘密鍵を分割し、分割された秘密鍵を複数の秘密鍵
保管装置12に送信するための秘密鍵保管依頼装置1
3、分割された秘密鍵を受信し、分割された秘密鍵を合
成し、秘密鍵を回復するための秘密鍵復元装置14を備
える。According to the secret key recovery method of the present invention, a secret key and a public key are generated at a user terminal, and the secret key is divided.
Divided secret key information is stored by a plurality of management mechanisms, and at the time of secret key recovery, the divided secret key information is combined to realize secret key recovery. The first element is a user terminal 11 as shown in FIG. 1, which generates a private key / public key of the user, divides the private key, and stores the divided private key in a plurality of private keys. Private key storage request device 1 for transmission to device 12
3. It has a secret key recovery device 14 for receiving the split secret key, synthesizing the split secret key, and recovering the secret key.
【0009】第2の要素は秘密鍵保管装置12であり、
分割された秘密鍵を受信し、分割された秘密鍵の格納を
行い、引き出し要求を受けて分割された秘密鍵の送信を
行うための複数の秘密鍵保管装置12を備える。秘密鍵
回復方法の処理は以下のステップで実施される。 ステップ1:秘密鍵保管依頼装置13は秘密鍵・公開鍵
を生成する。 ステップ2:秘密鍵保管依頼装置13は生成された秘密
鍵を複数に分割する。 ステップ3:秘密鍵保管依頼装置13は分割された秘密
鍵情報を秘密鍵保管装置12i毎用にセキュリティ確保
する。 ステップ4:秘密鍵保管依頼装置13はセキュリティ確
保された分割秘密鍵情報を各々秘密鍵保管装置12iに
送信する。 ステップ5:秘密鍵保管装置12iはセキュリティ確保
された分割秘密鍵情報のセキュリティ検証を行う。 ステップ6:秘密鍵保管装置12iはセキュリティ検証
された分割秘密鍵情報のセキュリティ確保を行う。 ステップ7:秘密鍵保管装置12iはセキュリティ確保
された分割秘密鍵情報を格納する。 ステップ8:秘密鍵保管装置12iは秘密鍵復元装置1
4の要求を受け、要求の正当性を検証した後、格納され
ているセキュリティ確保された分割秘密鍵情報のセキュ
リティ検証を行う。 ステップ9:秘密鍵保管装置12iはセキュリティ検証
された分割秘密鍵情報を秘密鍵復元装置14宛にセキュ
リティ確保し、送信する。 ステップ10:秘密鍵復元装置14は複数の秘密鍵保管
装置12iからセキュリティ確保された分割秘密鍵情報
を受信し、各々のセキュリティ検証を行う。 ステップ11:秘密鍵復元装置14はセキュリティ検証
された分割秘密鍵情報を合成し、秘密鍵を回復する。The second element is a secret key storage device 12,
A plurality of private key storage devices 12 are provided for receiving the divided private keys, storing the divided private keys, and transmitting the divided private keys in response to the withdrawal request. The processing of the secret key recovery method is performed in the following steps. Step 1: The secret key storage request device 13 generates a secret key / public key. Step 2: The secret key storage request device 13 divides the generated secret key into a plurality. Step 3: The secret key storage request device 13 secures the security of the divided secret key information for each secret key storage device 12i. Step 4: The secret key storage request device 13 transmits the divided secret key information whose security has been ensured to the secret key storage device 12i. Step 5: The secret key storage device 12i verifies the security of the divided secret key information that has been secured. Step 6: The private key storage device 12i secures the security of the divided private key information whose security has been verified. Step 7: The secret key storage device 12i stores the divided secret key information whose security is ensured. Step 8: The secret key storage device 12i is the secret key recovery device 1.
After receiving the request of No. 4 and verifying the validity of the request, the security verification of the stored divided private key information whose security is ensured is performed. Step 9: The secret key storage device 12i secures the security-verified divided secret key information to the secret key restoring device 14 and transmits it. Step 10: The secret key restoring device 14 receives the divided secret key information whose security is secured from the plurality of secret key storage devices 12i, and performs security verification of each. Step 11: The secret key restoring unit 14 combines the security-verified divided secret key information and recovers the secret key.
【0010】[0010]
【発明の実施の形態】実施例1 この実施例における秘密鍵・公開鍵は公開鍵暗号法にお
けるものであるとする。また、分割された秘密鍵情報の
暗号化は慣用暗号法におけるものであるとする。 (管理依頼)まず、秘密鍵保管依頼装置13は図2、図
4、図8に示すように公開鍵暗号法鍵生成部21で秘密
鍵Sc ・公開鍵Pc (公開鍵暗号法による)を生成し
(S1)、秘密鍵Sc の分割管理を行う複数(n個)の
秘密鍵保管装置12−1,12−2,…12−nの数に
応じ、秘密鍵分割部22で秘密鍵Sc を複数(n個)に
分割し(S2)、分割秘密鍵情報Sc1,Sc2,…Scnを
生成する。次に、分割秘密鍵情報Sc1,Sc2,…Scnを
秘密鍵保管装置12−1,12−2,…,12−n毎が
保有する鍵配送用公開鍵P1,P2,…,Pn(公開鍵
暗号法による)で暗号化処理部23において暗号化し、
暗号化分割秘密鍵情報P1(Sc1),P2(Sc2),…
Pn(Scn)を生成する(S3)。そして、暗号化分割
秘密鍵情報Pi(Sci)(i=1,2,…,n)を対応
する秘密鍵保管装置12iに送信する。つまりP1(S
c1)は12−1へ、P2(Sc2)は12−2へ、…、P
n(Scn)は12−nへ送信される(S4)。利用者端
末11の記憶部24には生成した秘密鍵Sc 、公開鍵P
c 、各秘密鍵保管装置12iの公開鍵Piが格納され
る。DESCRIPTION OF THE PREFERRED EMBODIMENTS Embodiment 1 It is assumed that a secret key and a public key in this embodiment are based on public key cryptography. It is also assumed that the encryption of the divided secret key information is based on conventional cryptography. (Management request) First, the secret key storage request device 13 generates a secret key Sc and a public key Pc (by public key cryptography) in the public key cryptography key generation unit 21 as shown in FIGS. (S1), the secret key division unit 22 divides the secret key Sc according to the number of a plurality (n) of secret key storage devices 12-1, 12-2,... It is divided into a plurality (n) (S2), and divided secret key information Sc1, Sc2,... Scn is generated. Next, the divided private key information Sc1, Sc2,... Scn is stored in each of the private key storage devices 12-1, 12-2,. Encryption) in the encryption processing unit 23,
Encrypted divided secret key information P1 (Sc1), P2 (Sc2),...
Pn (Scn) is generated (S3). Then, the encrypted divided secret key information Pi (Sci) (i = 1, 2,..., N) is transmitted to the corresponding secret key storage device 12i. That is, P1 (S
c1) goes to 12-1, P2 (Sc2) goes to 12-2, ..., P
n (Scn) is transmitted to 12-n (S4). The storage unit 24 of the user terminal 11 stores the generated private key Sc, public key P
c, the public key Pi of each secret key storage device 12i is stored.
【0011】分割された秘密鍵情報Sciは暗号化されて
秘密鍵保管装置12−iに送信されることにより、第三
者は分割された秘密鍵情報Sciを不正に取得することは
できず、つまり盗聴などにより暗号化された分割秘密情
報Pi(Sci)を取得したとしても、解読することがで
きない、第三者に秘密鍵情報Sc が漏洩することはな
い。また、秘密鍵Sc は複数に分割されて秘密鍵保管装
置12−iに送信されるため、一つの秘密鍵保管装置1
2−iだけの情報では秘密鍵Sc を構成することができ
ない、つまり秘密鍵保管装置12−iの管理者であって
も、n個に分割された秘密鍵情報Sciの一つしか知るこ
とができず、利用者の秘密鍵Sc を復元することは不可
能であり、悪用できない。 (分割鍵情報保管)(図2、図5、図9参照) 秘密鍵保管装置12−iは分割された秘密鍵情報Pi
(Sci)を受信すると(S1)、秘密鍵Si(公開鍵暗
号法による:Piと対応)を用い、受信した暗号化分割
秘密鍵情報Pi(Sci)の復号化を復号化処理部31で
行い(S2)、分割秘密鍵情報Sciを取得する。取得し
た分割秘密鍵情報Sciを保管用暗号化鍵Kki(慣用暗号
法による)で暗号化処理部32において暗号化し、保管
用分割秘密鍵情報Kki(Sci)を生成する(S3)。そ
して、保管用分割秘密鍵情報Kki(Sci)を記憶部36
に格納管理する(S4)。Since the divided secret key information Sci is encrypted and transmitted to the secret key storage device 12-i, a third party cannot illegally acquire the divided secret key information Sci. That is, even if the divided secret information Pi (Sci) encrypted by eavesdropping or the like is obtained, the secret key information Sc cannot be decrypted, and the secret key information Sc does not leak to a third party. Further, since the secret key Sc is divided into a plurality of pieces and transmitted to the secret key storage device 12-i, one secret key storage device 1
The secret key Sc cannot be constituted by the information of only 2-i. That is, even the administrator of the secret key storage device 12-i can know only one of the n pieces of secret key information Sci. Since it is impossible, it is impossible to recover the user's secret key Sc, and it cannot be abused. (Divided key information storage) (Refer to FIG. 2, FIG. 5, and FIG. 9) The secret key storage device 12-i transmits the divided secret key information Pi.
When (Sci) is received (S1), the received encrypted divided private key information Pi (Sci) is decrypted by the decryption processing unit 31 using the secret key Si (by public key cryptosystem: corresponding to Pi). (S2), obtain the divided secret key information Sci. The obtained divided private key information Sci is encrypted by the encryption processing unit 32 with the storage encryption key Kki (by the conventional encryption method), and the storage divided secret key information Kki (Sci) is generated (S3). The storage division private key information Kki (Sci) is stored in the storage unit 36.
Is stored and managed (S4).
【0012】秘密鍵保管装置12−iの公開鍵Piは第
三者が自由に取得可能なため、定期的に秘密鍵保管装置
12−iの秘密鍵・公開鍵の組を変更することが、より
強いセキュリティの実現には好ましい。秘密鍵保管装置
12−iの秘密鍵・公開鍵の組を変更可能とするため、
分割秘密鍵情報は各々の秘密鍵保管装置12−iのみが
知る保管用暗号化鍵Kkiで暗号化を行う。 (分割鍵情報引き出し)(図3、図6、図9参照) 秘密鍵復元装置14は秘密鍵保管装置12−1,12−
2,…,12−nに対し、分割秘密鍵情報送信要求を出
す。この要求を秘密鍵保管装置12−iが受信すると
(図6、S1)、秘密鍵保管装置12−iは要求先の正
当性を検証し(S2)、検証が正しければ記憶部36に
格納している保管用分割秘密鍵情報Kki(Sci)を取り
出す。保管用暗号化鍵Kkiを用い保管用分割秘密鍵情報
Kki(Sci)を復号化処理部34で復号化し、分割秘密
鍵情報Sciを取り出す(S3)。取り出した分割秘密鍵
情報Sciは秘密鍵復元装置14との間でのみ有効な転送
用暗号化鍵Ti(慣用暗号法による)を用い暗号化処理
部35で暗号化して転送用分割秘密鍵情報Ti(Sci)
を生成する(S4)。そして、生成したTi(Sci)を
秘密鍵復元装置14に送信する(S5)。Since the public key Pi of the secret key storage device 12-i can be freely obtained by a third party, it is necessary to periodically change the secret key / public key pair of the secret key storage device 12-i. This is preferable for realizing stronger security. In order to make it possible to change the set of the secret key and the public key of the secret key storage device 12-i,
The divided secret key information is encrypted with the storage encryption key Kki known only to each secret key storage device 12-i. (Extraction of divided key information) (See FIGS. 3, 6, and 9) The secret key recovery device 14 is a secret key storage device 12-1, 12-.
A split secret key information transmission request is issued to 2,..., 12-n. When this request is received by the secret key storage device 12-i (FIG. 6, S1), the secret key storage device 12-i verifies the validity of the request destination (S2), and if the verification is correct, stores it in the storage unit 36. Then, the stored divided private key information Kki (Sci) is extracted. Using the storage encryption key Kki, the storage division secret key information Kki (Sci) is decrypted by the decryption processing unit 34, and the division secret key information Sci is extracted (S3). The extracted divided secret key information Sci is encrypted by the encryption processing unit 35 using the transfer encryption key Ti (by a conventional encryption method) effective only with the secret key restoring device 14, and is transferred. (Sci)
Is generated (S4). Then, the generated Ti (Sci) is transmitted to the secret key recovery device 14 (S5).
【0013】秘密鍵回復要求時とは、利用者側の秘密鍵
Sc が利用不可能なことを示すため利用者の公開鍵Pc
を使用した暗号化を行うことはできない。そのため分割
された秘密鍵情報Sciを暗号化する転送用暗号化鍵Ti
は秘密鍵復元装置14と秘密鍵保管装置12−iの間で
決定する必要がある。 (鍵復元)(図3、図7、図10参照) 秘密鍵復元装置14は全ての秘密鍵保管装置12−1,
12−2,…,12−nから転送用分割秘密鍵情報Ti
(Sci)を受信し(S1)、転送用分割秘密鍵情報Ti
(Sci)を転送用暗号化鍵Tiを用い復号化処理部25
で復号化し、分割秘密鍵情報Sc1,Sc2,…,Scnを取
り出す(S2)。そして取り出した分割秘密鍵情報Sc
1,Sc2,…,Scnの合成を合成部26で行い、秘密鍵
Sc を復元する(S3)。復元した秘密鍵Sc を用い公
開鍵Pc との組の正当性を比較部27で検証し、検証が
正しければ秘密鍵回復処理が完了したものとする(S
4)。実施例2 ここでは公開鍵暗号法に代わり楕円DH等による公開鍵
理論に基づいた鍵配送方法が利用されたものとする。 (管理依頼)まず、秘密鍵保管依頼装置13は秘密鍵S
c 、公開鍵Pc (公開鍵暗号法による)を生成し、秘密
鍵の分割管理を行う複数(n個)の秘密鍵保管装置12
−1,12−2,…,12−nの数に応じ、秘密鍵Sc
を複数(n個)に分割し、分割秘密鍵情報Sc1,Sc2,
…, Scnを生成する。次に、秘密鍵保管装置12−1,
12−2,…,12−n毎に対応した暗号化用鍵R1,
R2, …, Rn(慣用暗号法による)を生成し、分割秘
密鍵情報Sc1,Sc2, …, Scnの暗号化をそれぞれ行い
暗号化分割秘密鍵情報R1(Sc1),R2(Sc2),
…,Rn(Scn)を生成する。また、秘密鍵保管装置1
2−1,12−2,…,12−n毎に保有する公開鍵P
1,P2,…,Pnと秘密鍵Sc を用い各秘密鍵保管装
置12−1,12−2,…,12−nとの共有鍵Ss1,
Ss2,…,Ssn(楕円DH演算による)を生成し、共有
鍵Ss1,Ss2,…,Ssnを用い対応する暗号化用鍵R
1,R2,…,Rnの暗号化を行い、配送用暗号化鍵情
報Ss1(R1),Ss2(R2),…,Ssn(Rn)を生成
する。そして、暗号化分割秘密鍵情報Ri(Sci)と配
送用暗号化鍵情報Ssi(Ri)の組を対応する秘密鍵保
管装置12−iに送信する。 (分割鍵情報保管)秘密鍵保管装置12−iは秘密鍵S
i(公開鍵暗号法による:Piと対応)と秘密鍵保管依
頼装置13の公開鍵Pc を用い、共有鍵Ssiを生成す
る。次に、共有鍵Ssiを用い受信した配送用暗号化鍵情
報Ssi(Ri)の復号化を行い、暗号化用鍵Riを取り
出す。取り出した暗号化用鍵Riを用い受信した暗号化
分割秘密鍵情報Ri(Sci)の復号化を行い、分割秘密
鍵情報Sciを取得する。そして、取得した分割秘密鍵情
報Sciを保管用暗号化鍵Kki(慣用暗号法による)で暗
号化し、保管用分割秘密鍵情報Kki(Sci)の生成を行
い、保管用分割秘密鍵情報Kki(Sci)を格納管理す
る。 (分割鍵情報引き出し)実施例1と同じ処理がなされ
る。 (鍵復元)実施例1と同じ処理がなされる。実施例3 ここでは、実施例1、実施例2に対し電子署名機能を付
与した実施例を説明する。 (管理依頼)秘密鍵分割処理までは実施例1、実施例2
と同じ処理がなされる。At the time of a secret key recovery request, the user's public key Pc is used to indicate that the user's private key Sc is unavailable.
Cannot be used for encryption. Therefore, the transfer encryption key Ti for encrypting the divided secret key information Sci
Must be determined between the secret key recovery device 14 and the secret key storage device 12-i. (Key recovery) (refer to FIGS. 3, 7, and 10) The secret key recovery device 14 includes all the secret key storage devices 12-1,
12-2,..., And 12-n, transfer division secret key information Ti
(Sci) is received (S1), and the transfer division secret key information Ti
(Sci) using the transfer encryption key Ti
, And extracts the divided secret key information Sc1, Sc2,..., Scn (S2). And the extracted secret key information Sc
The combination of 1, Sc2,..., Scn is performed by the combining unit 26, and the secret key Sc is restored (S3). Using the restored private key Sc, the validity of the pair with the public key Pc is verified by the comparing unit 27. If the verification is correct, it is determined that the secret key recovery processing has been completed (S
4). Embodiment 2 Here, it is assumed that a key distribution method based on a public key theory using an ellipse DH or the like is used instead of the public key cryptography. (Management request) First, the secret key storage request device 13
c, a plurality of (n) private key storage devices 12 for generating a public key Pc (based on public key cryptography) and performing private key division management.
-1, 12-2,..., 12-n, the secret key Sc
Is divided into a plurality (n) of divided secret key information Sc1, Sc2,
…, Generate Scn. Next, the secret key storage device 12-1,
12-2,..., 12-n
, Rn (according to the conventional cryptography), and encrypts the divided secret key information Sc1, Sc2,..., Scn, respectively, and executes the encrypted divided secret key information R1 (Sc1), R2 (Sc2),
.., Rn (Scn) are generated. Also, the secret key storage device 1
2-1, 12-2,..., 12-n
, Pn and a secret key Sc, a shared key Ss1, a shared key Ss1 with each of the secret key storage devices 12-1, 12-2,.
Ss2,..., Ssn (by the elliptic DH calculation), and the corresponding encryption key R using the shared keys Ss1, Ss2,.
, Rn are generated to generate distribution encryption key information Ss1 (R1), Ss2 (R2),..., Ssn (Rn). Then, a pair of the encrypted divided secret key information Ri (Sci) and the delivery encryption key information Ssi (Ri) is transmitted to the corresponding secret key storage device 12-i. (Division key information storage) The secret key storage device 12-i uses the secret key S
A shared key Ssi is generated using i (by public key cryptography: corresponding to Pi) and the public key Pc of the secret key storage request device 13. Next, the received encryption key information for transmission Ssi (Ri) is decrypted using the shared key Ssi, and the encryption key Ri is extracted. Using the extracted encryption key Ri, the received encrypted divided secret key information Ri (Sci) is decrypted to obtain the divided secret key information Sci. Then, the obtained divided secret key information Sci is encrypted with the storage encryption key Kki (by the conventional encryption method), the storage division secret key information Kki (Sci) is generated, and the storage division secret key information Kki (Sci ) Is stored and managed. (Extraction of divided key information) The same processing as in the first embodiment is performed. (Key recovery) The same processing as in the first embodiment is performed. Embodiment 3 Here, an embodiment in which an electronic signature function is added to Embodiments 1 and 2 will be described. (Management request) Example 1 and Example 2 up to secret key division processing
The same processing as that described above is performed.
【0014】秘密鍵保管依頼装置13は、生成された分
割秘密鍵情報Sc1,Sc2,…,Scnに対し、秘密鍵保管
依頼装置13が保有する電子署名用秘密鍵DSIuを用
い電子署名を付与し、電子署名付き分割秘密鍵情報DS
Iu(Sc1),DSIu(Sc2),…,DSIu(Sc
n)を生成する。そして、電子署名付き分割秘密鍵情報
を実施例1、実施例2における分割秘密鍵情報と同様に
取り扱い、同じ処理(暗号化、送信等)がなされる。 (分割鍵情報保管)情報を受信し、復号化するまでは実
施例1、実施例2と同じ処理がなされる。The secret key storage requesting device 13 assigns an electronic signature to the generated divided secret key information Sc1, Sc2,..., Scn using the electronic signature secret key DSIu held by the secret key storage requesting device 13. , Divided private key information DS with electronic signature
Iu (Sc1), DSIu (Sc2),..., DSIu (Sc
Generate n). Then, the divided secret key information with the electronic signature is handled in the same manner as the divided secret key information in the first and second embodiments, and the same processing (encryption, transmission, and the like) is performed. (Divided key information storage) The same processing as in the first and second embodiments is performed until the information is received and decrypted.
【0015】秘密鍵保管装置12−iは、復号化処理を
することで取得される電子署名付き分割秘密鍵情報DS
Iu(Sci)を、秘密鍵保管依頼装置13の電子署名用
公開鍵DPIuを用い署名検証を行う。検証結果が正し
い(秘密鍵保管依頼装置13の正当性の確認、受信情報
の完全性の確認)場合、分割秘密鍵情報Sciを実施例
1、実施例2と同様に暗号化し保管する。 (分割鍵情報引き出し)保管用分割秘密鍵情報を復号化
するまでは、実施例1、実施例2と同じ処理がなされ
る。The secret key storage device 12-i receives the digital signature-added divided secret key information DS obtained by performing the decryption process.
The signature verification of Iu (Sci) is performed using the digital signature public key DPIu of the secret key storage request device 13. When the verification result is correct (confirmation of the validity of the secret key storage requesting device 13 and confirmation of the integrity of the received information), the divided secret key information Sci is encrypted and stored as in the first and second embodiments. (Extraction of Divided Key Information) The same processing as in the first and second embodiments is performed until the divided private key information for storage is decrypted.
【0016】秘密鍵保管装置12−iは、取り出した分
割秘密鍵情報Sciに対し、秘密鍵保管装置12−iが保
有する電子署名用秘密鍵DSKuiを用い電子署名を付
与し、電子署名付き分割秘密鍵情報DSKui(Sci)
を生成する。そして、電子署名付き分割秘密鍵情報DS
Kui(Sci)を実施例1、実施例2における分割秘密
鍵情報と同様に取り扱い、同じ処理(暗号化、送信等)
がなされる。 (鍵復元)情報を受信し、復号化するまでは実施例1、
実施例2と同じ処理がなされる。The secret key storage device 12-i assigns an electronic signature to the extracted divided secret key information Sci using the electronic signature secret key DSKui held by the secret key storage device 12-i, and performs the division with the electronic signature. Secret key information DSKui (Sci)
Generate Then, the divided private key information DS with the electronic signature
Kui (Sci) is handled in the same manner as the divided secret key information in the first and second embodiments, and the same processing (encryption, transmission, etc.)
Is made. Embodiment 1 until the (key restoration) information is received and decrypted.
The same processing as in the second embodiment is performed.
【0017】秘密鍵復元装置14は、取り出した電子署
名付き分割秘密鍵情報DSKui(Sci)を秘密鍵保管
装置12−iの電子署名用公開鍵DPKuiを用い署名
検証を行う。検証結果が正しい(秘密鍵保管装置12−
iの正当性の確認、受信情報の完全性の確認)場合、実
施例1、実施例2と同様に合成を行い、秘密鍵Sc を復
元する。復元した秘密鍵Sc を用い公開鍵Pc との組の
正当性を検証し、検証が正しければ秘密鍵回復処理が完
了したものとする。実施例4 ここでは、実施例1と実施例2、実施例3で用いる秘密
鍵分割方法として、排他的論理和(XOR:Exclu
sive OR)を利用した分割方法が使用されたもの
とする。 (管理依頼)秘密鍵分割処理までは実施例1、実施例
2、実施例3と同じ処理がなされる。The secret key restoring unit 14 verifies the signature of the extracted divided secret key information DSKui (Sci) with the electronic signature by using the public key DPKui for the electronic signature of the secret key storage unit 12-i. The verification result is correct (the secret key storage device 12-
In the case of confirming the validity of i and confirming the integrity of the received information), the combining is performed as in the first and second embodiments, and the secret key Sc is restored. Using the restored secret key Sc, the validity of the pair with the public key Pc is verified, and if the verification is correct, the secret key recovery processing is completed. Embodiment 4 Here, as a secret key dividing method used in Embodiments 1, 2, and 3, an exclusive OR (XOR: Exclu) is used.
It is assumed that a splitting method using an “active OR” is used. (Management request) The same processing as in the first, second, and third embodiments is performed up to the secret key division processing.
【0018】秘密鍵Sc の分割処理に排他的論理和を利
用する。分割は以下の関係式を満たす。 Sc =Sc1 XOR Sc2 XOR…XOR Scn 秘密鍵保管依頼装置13は複数(n個)の秘密鍵保管装
置12−1,12−2,…,12−nの数より一つ少な
い(n−1個)の乱数Tr1,Tr2,…,Trn-1を生成す
る。まず、秘密鍵Sc と乱数Tr1との排他的論理和を計
算し、計算結果Cr1を生成する。乱数Tr1は分割秘密鍵
情報Sc1とされ、次に計算結果Cr1と乱数Tr2との排他
的論理和を計算し、計算結果Cr2を生成する。乱数Tr2
を分割秘密鍵情報Sc2とし、次に計算結果Cr2と乱数T
r3を用い計算を繰り返す。順に計算を繰り返し、最終的
に計算結果Crn-2と乱数Trn-1を用い排他的論理和を計
算し、計算結果Crn-1を生成する。乱数Trn-1は分割秘
密鍵情報Scn-1とし、計算結果Crn-1を分割秘密鍵情報
Scnとする。上述の処理は以下の関係式で表わされる。Exclusive OR is used for the process of dividing the secret key Sc. The division satisfies the following relational expression. Sc = Sc1 XOR Sc2 XOR... XOR Scn The secret key storage request device 13 is one less (n-1) than the number of the plurality (n) of secret key storage devices 12-1, 12-2,. ) Are generated. First, the exclusive OR of the secret key Sc and the random number Tr1 is calculated to generate a calculation result Cr1. The random number Tr1 is used as the divided secret key information Sc1, and then the exclusive OR of the calculation result Cr1 and the random number Tr2 is calculated to generate the calculation result Cr2. Random number Tr2
Is the divided secret key information Sc2, and the calculation result Cr2 and the random number T
Repeat the calculation using r3. The calculation is repeated in order, and finally an exclusive OR is calculated using the calculation result Crn-2 and the random number Trn-1, thereby generating a calculation result Crn-1. The random number Trn-1 is set as the divided secret key information Scn-1, and the calculation result Crn-1 is set as the divided secret key information Scn. The above processing is represented by the following relational expression.
【0019】 以下、秘密鍵分割処理後は実施例1、実施例2、実施例
3と同じ処理がなされる。[0019] Hereinafter, after the secret key division processing, the same processing as in the first, second, and third embodiments is performed.
【0020】ここで重要なのは、各秘密鍵保管装置12
−iに送られる分割秘密鍵情報の価値を均一化したこと
である。分割された秘密鍵情報を全て取得しない限り秘
密鍵Sc の復元が可能とならないためには、分割秘密鍵
情報Sc-i の価値を均一化しなくてはならない。例えば
最後の分割処理の結果だけから秘密鍵を復元できるとす
ると、最後の分割処理結果を格納している(一つ、もし
くは少数の)秘密鍵保管機関が秘密鍵に対するセキュリ
ティの根底となってしまい、第三者による攻撃や秘密鍵
保管機構の結託等による危険が生じ易くなる恐れがあ
る。What is important here is that each secret key storage device 12
-The value of the divided secret key information sent to i is made uniform. In order that the secret key Sc cannot be restored unless all the divided secret key information is obtained, the value of the split secret key information Sc-i must be equalized. For example, if the secret key can be recovered only from the result of the last split processing, the (one or a small number) private key storage agency that stores the result of the last split processing becomes the basis of security for the secret key. There is a possibility that danger due to an attack by a third party, collusion of a secret key storage mechanism, or the like may easily occur.
【0021】この実施例では分割秘密鍵情報の価値を均
一化する分割方法の一つとして、排他的論理和を利用し
た分割方法を説明している。分割した情報の価値を均一
化することのできる分割方法であれば、他の分割方法で
もこの発明の目的である鍵回復を安全に実現するために
適応できる。 (分割鍵情報管理)実施例1、実施例2、実施例3と同
じ処理がなされる。 (分割鍵情報引き出し)実施例1、実施例2、実施例3
と同じ処理がなされる。 (鍵復元)秘密鍵合成処理までは実施例1、実施例2、
実施例3と同じ処理がなされる。In this embodiment, as one of the division methods for equalizing the value of the divided secret key information, a division method using exclusive OR is described. Any other division method that can equalize the value of the divided information can be applied to safely realize key recovery, which is the object of the present invention. (Division key information management) The same processing as in the first, second, and third embodiments is performed. (Divided key information extraction) Embodiment 1, Embodiment 2, Embodiment 3
The same processing as that described above is performed. (Key restoration) Up to the secret key synthesis processing, the first and second embodiments,
The same processing as in the third embodiment is performed.
【0022】秘密鍵復元装置14は以下の関係式を利用
し、分割秘密鍵情報Sc1,Sc2,…,Scnから秘密鍵S
c を合成する。 Sc =Sc1 XOR Sc2 XOR…XOR Scn 以下、秘密鍵合成処理後は実施例1、実施例2、実施例
3と同じ処理がなされる。The secret key restoring device 14 uses the following relational expression to derive the secret key S from the divided secret key information Sc1, Sc2,.
Combine c. Sc = Sc1 XOR Sc2 XOR... XOR Scn Hereinafter, after the secret key combining process, the same processes as those of the first, second, and third embodiments are performed.
【0023】上述では利用者端末11に秘密鍵保管依頼
装置13と秘密鍵復元装置14とを設けたが、これら装
置13と14とは別個に設けてもよい。In the above description, the secret key storage request device 13 and the secret key recovery device 14 are provided in the user terminal 11, but these devices 13 and 14 may be provided separately.
【0024】[0024]
【発明の効果】以上述べたように、この発明では秘密情
報を分割して複数の機関で管理する事により、安全に秘
密情報を保管することを可能とし、鍵回復機能の実現を
可能とした。As described above, according to the present invention, secret information can be safely stored by dividing secret information and managed by a plurality of organizations, and a key recovery function can be realized. .
【図1】この発明の基本処理概要を示す図。FIG. 1 is a diagram showing an outline of a basic process of the present invention.
【図2】秘密鍵保管依頼の基本処理を示す図。FIG. 2 is a view showing basic processing of a secret key storage request.
【図3】秘密鍵復元の基本処理を示す図。FIG. 3 is a view showing basic processing of secret key restoration.
【図4】秘密鍵保管依頼における秘密鍵保管依頼装置の
処理手順を示す流れ図。FIG. 4 is a flowchart showing a processing procedure of a secret key storage request device in a secret key storage request.
【図5】秘密鍵保管依頼における秘密鍵保管装置の処理
手順を示す流れ図。FIG. 5 is a flowchart showing a processing procedure of a secret key storage device in a secret key storage request.
【図6】秘密鍵復元における秘密鍵保管装置の処理手順
を示す流れ図。FIG. 6 is a flowchart showing a processing procedure of the secret key storage device in secret key restoration.
【図7】秘密鍵復元における秘密鍵復元装置の処理手順
を示す流れ図。FIG. 7 is a flowchart showing a processing procedure of the secret key restoration device in the secret key restoration.
【図8】秘密鍵保管依頼装置の実施例の機能構成を示す
図。FIG. 8 is a diagram showing a functional configuration of an embodiment of a secret key storage request device.
【図9】秘密鍵保管装置の実施例の機能構成を示す図。FIG. 9 is a diagram showing a functional configuration of an embodiment of a secret key storage device.
【図10】秘密鍵復元装置の実施例の機能構成を示す
図。FIG. 10 is a diagram illustrating a functional configuration of an embodiment of a secret key recovery device.
【図11】秘密鍵保管依頼の他の処理例を示す流れ図。FIG. 11 is a flowchart showing another processing example of a secret key storage request.
【図12】秘密鍵保管の他の処理例を示す流れ図。FIG. 12 is a flowchart showing another example of processing for storing a secret key.
Claims (13)
鍵暗号法における秘密鍵・公開鍵を生成し、 その秘密鍵を複数(n個)に分割し、 これら分割された秘密鍵情報を、格納する複数(n個)
の秘密鍵保管装置(秘密鍵保管機関)用に各々、暗号化
する(以後、セキュリティ確保と称す)ことで各配送用
分割秘密鍵情報を生成し、 各秘密鍵保管装置に対し対応する配送用分割秘密鍵情報
を送り、 上記秘密鍵保管装置は受け付けた配送用分割秘密鍵情報
を、復号化して、(以後、セキュリティ検証と称す)分
割秘密鍵情報を取得し、 分割秘密鍵情報に対し、セキュリティ確保を施した保管
用分割秘密鍵情報を生成し、 その保管用分割秘密鍵情報を保管し、 上記利用者端末の秘密鍵復元装置(保管依頼者)からの
分割秘密鍵情報引き出し要求を受け、 保管していた保管用分割秘密鍵情報のセキュリティ検証
を行って、分割秘密鍵情報を復元し、 その分割秘密鍵情報を上記秘密鍵復元装置に対しセキュ
リティ確保した転送用分割秘密鍵情報を生成し、 上記秘密鍵復元装置に対し上記転送用分割秘密鍵情報を
送り、 上記秘密鍵復元装置は複数の秘密鍵保管装置から転送用
分割秘密鍵情報を受け付け、 その転送用分割秘密鍵情報のセキュリティ検証を行っ
て、分割秘密鍵情報を取得し、 これら複数の分割秘密鍵情報を合成し、 秘密鍵を復元することを特徴とする秘密鍵回復方法。1. A secret key storage request device of a user terminal generates a secret key / public key in public key cryptography, divides the secret key into a plurality (n), and divides the divided secret key information. , Multiple to store (n)
For each private key storage device (secret key storage organization), encryption (hereinafter referred to as security assurance) is performed to generate each delivery divided secret key information, and the corresponding private key storage device The divided secret key information is transmitted, and the secret key storage device decrypts the received divided secret key information for delivery to obtain the divided secret key information (hereinafter, referred to as security verification). Generates divided private key information for security with security secured, stores the divided private key information for storage, and receives a request for extracting the divided private key information from the private key restoration device (storage requester) of the user terminal. A security verification of the stored divided private key information is performed to restore the divided private key information, and the divided private key information is transferred to the private key restoring device. Generating the information, sending the transfer division secret key information to the secret key restoration apparatus, the secret key restoration apparatus receiving the transfer division secret key information from the plurality of secret key storage apparatuses, A secret key recovery method comprising: verifying information security; obtaining divided secret key information; synthesizing the plurality of divided secret key information; and restoring the secret key.
(n個)に分割する際に排他的論理和を利用した分割方
法を用いた分割を行い、 分割された秘密鍵情報が全てそろわないと秘密鍵が回復
可能とならないことを特徴とする請求項1記載の秘密鍵
回復方法。2. The secret key storage requesting apparatus performs a division using an exclusive OR method when dividing a secret key into a plurality of (n) pieces, and obtains all pieces of the divided secret key information. 2. The secret key recovery method according to claim 1, wherein the secret key is not recoverable without the secret key.
守られ、第三者が不正侵入することができない安全なネ
ットワーク上に配置され、 受け付けた分割秘密鍵情報を安全に保管することを保証
し、 受け付けた分割秘密鍵情報の機密性を第三者に対して確
保することを保証し、 第三者による破壊行為等の不正に対して分割秘密鍵情報
が脅威にさらされる事がないことを保証することを特徴
とする請求項1又は2記載の秘密鍵回復方法。3. The secret key storage device is protected by a firewall or the like, is placed on a secure network where a third party cannot intrude, and ensures that the received divided secret key information is stored safely. Guarantees that the confidentiality of the received divided secret key information will be ensured to third parties, and that the divided secret key information will not be exposed to threats against unauthorized acts such as vandalism by third parties. 3. The secret key recovery method according to claim 1, wherein
の秘密鍵保管装置Kui(i=1,2,…,n)に保管依
頼する秘密鍵保管依頼装置であって、 上記n個の秘密鍵保管装置Kuiの各公開鍵Piを記憶す
る記憶手段と、 公開鍵暗号法による秘密鍵Scと公開鍵Pcを生成する
鍵生成手段と、 上記秘密鍵Scを、n個の分割秘密鍵情報Sciに分割す
る分割手段と、 上記n個の分割秘密鍵情報Sciを上記n個の公開鍵Pi
でそれぞれ暗号化して暗号化分割情報Pi(Sci)を生
成する暗号化手段と、 上記暗号化分割情報Pi(Sci)を対応する上記秘密鍵
保管装置Kuiへ送信する手段と、 上記各手段を順次制御し、上記記憶手段に対する読出
し、書込みなどを行う制御手段とを具備する秘密鍵保管
依頼装置。4. The number of secret keys Sc (n is an integer of 2 or more)
And a storage means for storing the public keys Pi of the n private key storage devices Kui, wherein the storage requests are stored in the private key storage devices Kui (i = 1, 2,..., N). Key generating means for generating a secret key Sc and a public key Pc by public key cryptography; dividing means for dividing the secret key Sc into n pieces of divided secret key information Sci; Sci is converted to the above n public keys Pi
Encrypting means for generating encrypted divided information Pi (Sci), transmitting the encrypted divided information Pi (Sci) to the corresponding secret key storage device Kui, and A secret key storage requesting apparatus comprising: a control unit that controls and performs reading, writing, and the like on the storage unit.
の秘密鍵保管装置Kui(i=1,2,…,n)に保管依
頼する秘密鍵保管依頼装置であって、 上記n個の秘密鍵保管装置Kuiの各公開鍵Piを記憶す
る記憶手段と、 公開鍵暗号法による秘密鍵Scと公開鍵Pcを生成する
鍵生成手段と、 上記秘密鍵Scをn個の分割秘密鍵情報Sciに分割する
分割手段と、 n個の暗号化用鍵Riを生成する手段と、 上記n個の分割秘密鍵情報Sciを上記n個の暗号化用鍵
Ri の対応するものでそれぞれ暗号化して暗号化分割秘
密鍵情報Ri(Sci)を生成する暗号化手段と、 上記秘密鍵Scと、上記n個の公開鍵Piとを用いてn
個の共有鍵Ssiをそれぞれ生成する手段と、 上記n個の共有鍵Ssiで上記n個の暗号化用鍵Riの対
応するものをそれぞれ暗号化して配送用暗号化鍵情報S
si(Ri)を生成する手段と、 上記暗号化分割秘密鍵情報Ri(Sci)と上記配送用暗
号化鍵情報Ssi(Ri)との組を対応する上記秘密鍵保
管装置Kuiへそれぞれ送信する手段と、 上記各手段を順次制御し、上記記憶手段に対する読出
し、書込みなどを行う制御手段とを具備する秘密鍵保管
依頼装置。5. N secret keys Sc (n is an integer of 2 or more)
And a storage means for storing the public keys Pi of the n private key storage devices Kui, wherein the storage requests are stored in the private key storage devices Kui (i = 1, 2,..., N). Key generating means for generating a secret key Sc and a public key Pc by public key cryptography, dividing means for dividing the secret key Sc into n pieces of divided secret key information Sci, and n encrypting keys Ri. Generating means for encrypting each of the n pieces of divided secret key information Sci with a corresponding one of the n encryption keys Ri to generate encrypted divided secret key information Ri (Sci); Using the secret key Sc and the n public keys Pi, n
Means for generating a plurality of shared keys Ssi, respectively, and encrypting a corresponding one of the n encryption keys Ri with the n shared keys Ssi, and encrypting the delivery encryption key information S
means for generating si (Ri); means for transmitting a set of the encrypted divided secret key information Ri (Sci) and the delivery encryption key information Ssi (Ri) to the corresponding secret key storage device Kui. And a control means for sequentially controlling each of the means and reading and writing the storage means.
秘密鍵保管依頼装置が保有する電子署名用秘密鍵でそれ
ぞれ電子署名を付与する手段を備え、その電子署名が付
与された分割秘密鍵情報Sciに対し上記暗号化手段の実
行がなされることを特徴とする請求項4又は5記載の秘
密鍵保管依頼装置。6. A means for assigning an electronic signature to each of said divided secret key information Sci with an electronic signature private key held by said secret key storage requesting device, wherein said divided secret key to which said electronic signature is attached is provided. 6. The secret key storage request device according to claim 4, wherein the encryption unit is executed for the information Sci.
生成する手段と、i=1に対し、Cri=Sc XOR
Tri,Sci=Triを演算し(XORは排他的論理和演
算)、1<i<nに対し、Cri=Cri-1 XOR Tr
i,Sci=Triを演算し、i=nに対しSci=Tri,Sc
i=Cri-1とする手段とよりなることを特徴とする請求
項4乃至6の何れかに記載の秘密鍵保管依頼装置。7. The dividing means includes: means for generating n-1 random numbers Tri; and, for i = 1, Cri = Sc XOR
Operate Tri, Sci = Tri (XOR is exclusive OR operation), and for 1 <i <n, Cri = Cri-1 XOR Tr
i, Sci = Tri, and Sci = Tri, Sc for i = n
7. The secret key storage request device according to claim 4, comprising means for setting i = Cri-1.
鍵の保管を依頼されて、これを保管し、秘密鍵復元装置
からの要求で保管した分割秘密鍵を提供する秘密鍵保管
装置であって、 秘密鍵Si、保管用暗号化鍵Kki、転送用暗号化鍵Ti
を記憶する記憶手段と、 上記秘密保管依頼装置から暗号化分割秘密鍵情報Pi
(Sci)を受信する手段と、 上記受信された暗号化分割秘密鍵情報を上記秘密鍵Si
で復号して分割秘密鍵情報Sciを得る復号手段と、 上記分割秘密鍵情報Sciを上記保管用暗号化鍵Kkiで暗
号化して保管用分割秘密鍵情報Kki(Sci)を得る手段
と、 上記保管用分割秘密鍵情報Kki(Sci)を上記記憶手段
に格納する手段と、 上記秘密鍵復元装置から分割秘密鍵情報送信要求を受信
する手段と、 上記分割秘密鍵情報送信要求を受信すると、その分割秘
密鍵情報送信要求の要求先の正当性を検証する手段と、 その検証が正しければ、上記記憶手段に格納されている
保管用分割秘密鍵情報Kki(Sci)を取出す手段と、 その取出された保管用分割秘密鍵情報Kki(Sci)を保
管用暗号化鍵Kkiを用いて復号して分割秘密鍵情報Sci
を得る手段と、 その分割秘密鍵情報Sciを上記転送用暗号化鍵Tiで暗
号化して転送用分割秘密鍵情報Ti(Sci)を生成する
手段と、 その転送用分割秘密鍵情報Ti(Sci)を上記秘密鍵復
元装置へ送信する手段と、 上記各手段を順次制御し、上記記憶手段に対し読出し、
書込みなどを行う制御手段と、 を具備する秘密鍵保管装置。8. A secret key storage device which is requested by a secret key storage requesting device to store a divided private key, stores the divided private key, and provides the divided private key stored in response to a request from the private key restoring device. , Secret key Si, storage encryption key Kki, transfer encryption key Ti
Storage means for storing encrypted divided secret key information Pi from the secret storage request device.
(Sci) receiving means, and the received encrypted divided secret key information as the secret key Si.
Decrypting means for obtaining the divided private key information Sci by decrypting the encrypted private key information Sci; means for encrypting the divided private key information Sci with the storage encryption key Kki to obtain the stored divided private key information Kki (Sci); Means for storing divided private key information Kki (Sci) for use in the storage means, means for receiving a divided secret key information transmission request from the secret key restoring device, Means for verifying the validity of the request destination of the secret key information transmission request; means for extracting the storage division secret key information Kki (Sci) stored in the storage means if the verification is correct; The storage division secret key information Kki (Sci) is decrypted using the storage encryption key Kki, and the division secret key information Sci is decrypted.
Means for encrypting the divided secret key information Sci with the transfer encryption key Ti to generate the divided secret key information for transfer Ti (Sci); and the divided secret key information for transfer Ti (Sci) Means for transmitting to the secret key restoring device, and sequentially controlling the respective means, reading out from the storage means,
Control means for performing writing and the like;
鍵の保管を依頼されて、これを保管し、秘密鍵復元装置
からの要求で保管した分割秘密鍵を提供する秘密鍵保管
装置であって、 秘密鍵Si、上記秘密鍵保管依頼装置の公開鍵Pc、保
管用暗号化鍵Kki、転送用暗号化鍵Tiを記憶する記憶
手段と、 上記秘密鍵保管依頼装置から、暗号化分割秘密鍵情報R
i(Sci)と配送用暗号化鍵情報Ssi(Ri)の組を受
信する手段と、 上記秘密鍵Siと、上記公開鍵Pcとを用いて共有鍵S
siを生成する手段と、 上記共有鍵Ssiを用いて上記受信した配送用暗号化鍵情
報Ssi(Ri)を復号して暗号化用鍵Riを得る手段
と、 上記暗号化用鍵Riを用いて上記受信した暗号化分割秘
密鍵情報Ri(Sci)を復号して分割秘密鍵情報Sciを
得る手段と、 上記分割秘密鍵情報Sciを上記保管用暗号化鍵Kkiで暗
号化して保管用分割秘密鍵情報Kki(Sci)を得る手段
と、 上記保管用分割秘密鍵情報Kki(Sci)を上記記憶手段
に格納する手段と、 上記秘密鍵復元装置から分割秘密鍵情報送信要求を受信
する手段と、 上記分割秘密鍵情報送信要求を受信すると、その分割秘
密鍵情報送信要求の要求先の正当性を検証する手段と、 その検証が正しければ、上記記憶手段に格納されている
管理用分割秘密鍵情報Kki(Sci)を取出す手段と、 その取出された保管用分割秘密鍵情報Kki(Sci)を保
管用暗号化鍵Kkiを用いて復号して分割秘密鍵情報Sci
を得る手段と、 その分割秘密鍵情報Sciを上記転送用暗号化鍵Tiで暗
号化して転送用分割秘密鍵情報Ti(Sci)を生成する
手段と、 その転送用分割秘密鍵情報Ti(Sci)を上記秘密鍵復
元装置へ送信する手段と、 上記各手段を順次制御し、上記記憶手段に対し読出し、
書込みなどを行う制御手段と、 を具備する秘密鍵保管装置。9. A secret key storage device which is requested by a secret key storage requesting device to store a divided private key, stores the divided private key, and provides the divided private key stored in response to a request from the private key restoring device. Storage means for storing the secret key Si, the public key Pc of the secret key storage requesting device, the storage encryption key Kki, and the transfer encryption key Ti; Information R
means for receiving a set of i (Sci) and delivery encryption key information Ssi (Ri), a shared key S using the secret key Si and the public key Pc.
means for generating si; means for decrypting the received delivery encryption key information Ssi (Ri) using the shared key Ssi to obtain an encryption key Ri; and means for using the encryption key Ri. Means for decrypting the received encrypted divided secret key information Ri (Sci) to obtain divided secret key information Sci; and encrypting the divided secret key information Sci with the storage encryption key Kki to store the divided secret key for storage. Means for obtaining information Kki (Sci); means for storing the storage division secret key information Kki (Sci) in the storage means; means for receiving a division secret key information transmission request from the secret key restoration device; Upon receiving the divided secret key information transmission request, means for verifying the validity of the request destination of the divided secret key information transmission request, and if the verification is correct, management divided secret key information Kki stored in the storage means (Sci) means to extract The retrieved storage private key information Kki (Sci) is decrypted using the storage encryption key Kki, and the divided private key information Sci is obtained.
Means for encrypting the divided secret key information Sci with the transfer encryption key Ti to generate the divided secret key information for transfer Ti (Sci); and the divided secret key information for transfer Ti (Sci) Means for transmitting to the secret key restoring device, and sequentially controlling the respective means, reading out from the storage means,
Control means for performing writing and the like;
は上記秘密鍵保管依頼装置の電子署名が付加されたもの
であって、上記秘密鍵保管依頼装置の電子署名用公開鍵
を用いて上記復号された電子署名付分割秘密鍵情報Sci
に対する署名検証を行う手段を備え、 その署名検証に合格すると、上記電子署名付分割秘密鍵
情報Sciに対する上記保管用暗号化鍵Kkiによる上記暗
号化が行われることを特徴とする請求項8又は9記載の
秘密鍵保管装置。10. The decrypted divided secret key information Sci is obtained by adding an electronic signature of the secret key storage requesting device, and using the public key for electronic signature of the secret key storage requesting device. Decrypted divided private key information Sci with electronic signature
10. A means for verifying the signature of the electronic signature, and if the signature verification is passed, the encryption is performed on the divided private key information Sci with the electronic signature using the storage encryption key Kki. Private key storage device as described.
管装置Kui(i=1,2,…,n)から分割秘密鍵を受
取り、秘密鍵Scを復元する秘密鍵復元装置であって、 公開鍵Pc、n個の転送用暗号化鍵Tiを格納する記憶
手段と、 上記n個の秘密鍵保管装置Kuiに分割秘密鍵情報送信要
求を行う手段と、 上記n個の秘密鍵保管装置Kuiから転送用分割秘密鍵情
報Ti(Sci)を受信する手段と、 上記各転送用分割秘密鍵情報Ti(Sci)を対応する上
記転送用暗号化鍵Tiを用いて復号して分割秘密鍵情報
Sciを得る手段と、 これらn個の分割秘密鍵情報Sciを合成して秘密鍵Sc
を得る手段と、 その合成された秘密鍵Scを用いて上記公開鍵Pcとの
組の正当性を検証する手段と、 上記各手段を順次制御し、上記記憶手段に対する読出
し、書込みなどを行う制御手段とを具備する秘密鍵復元
装置。11. A secret key restoring device that receives divided secret keys from n (n is an integer of 2 or more) secret key storage devices Kui (i = 1, 2,..., N) and restores a secret key Sc. Storage means for storing a public key Pc and n transfer encryption keys Ti; means for making a request for transmission of divided secret key information to the n secret key storage devices Kui; Means for receiving the transfer divided secret key information Ti (Sci) from the storage device Kui; and decrypting each of the transfer divided secret key information Ti (Sci) using the corresponding transfer encryption key Ti to thereby divide the divided secret key information Ti (Sci). Means for obtaining key information Sci; and combining the n divided secret key information Sci to obtain a secret key Sc.
Means for verifying the validity of the set with the public key Pc using the combined secret key Sc; control for sequentially controlling the means and reading and writing to the storage means Secret key recovery apparatus comprising:
開鍵DPKuiも格納されており、 上記復号された分割秘密鍵情報Sciにはそれぞれ秘密鍵
保管装置Kuiの電子署名が付加されており、 上記復号された電子署名は分割秘密鍵情報Sciのそれぞ
れを対応する電子署名用公開鍵DPKuiを用いてそれぞ
れ署名検証をする手段と、 このn個の検証結果が全て正しい場合に上記分割秘密鍵
情報の合成を行うことを特徴とする請求項11記載の秘
密鍵復元装置。12. The storage means also stores n digital signature public keys DPKui, and the decrypted divided secret key information Sci is appended with an electronic signature of the secret key storage device Kui. Means for verifying each of the decrypted electronic signatures with each of the divided secret key information Sci using the corresponding digital signature public key DPKui; and, when all n verification results are correct, the divided secret key The secret key restoration device according to claim 11, wherein information is synthesized.
段は上記n個の分割秘密鍵情報Sciを排他的論理和演算
して行う手段であることを特徴とする請求項11又は1
2記載の秘密鍵復元装置。13. The method according to claim 11, wherein the means for synthesizing the divided secret key information Sci is means for performing an exclusive OR operation on the n pieces of divided secret key information Sci.
2. The secret key recovery device according to item 2.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| JP10040341A JPH11239124A (en) | 1998-02-23 | 1998-02-23 | Method and device for restoring secret key |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| JP10040341A JPH11239124A (en) | 1998-02-23 | 1998-02-23 | Method and device for restoring secret key |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| JPH11239124A true JPH11239124A (en) | 1999-08-31 |
Family
ID=12577938
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| JP10040341A Pending JPH11239124A (en) | 1998-02-23 | 1998-02-23 | Method and device for restoring secret key |
Country Status (1)
| Country | Link |
|---|---|
| JP (1) | JPH11239124A (en) |
Cited By (27)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2002084269A (en) * | 2000-09-07 | 2002-03-22 | Hitachi Ltd | Recovery method for private key and storage method |
| JP2005295570A (en) * | 2004-04-02 | 2005-10-20 | Microsoft Corp | Method and system which restore private data protected with password through communication network without exposing private data |
| JP2014022882A (en) * | 2012-07-17 | 2014-02-03 | Oki Electric Ind Co Ltd | Common key synthesis device, communication device, key sharing calculation consigned device, calculation consigned device, key sharing system, and communication system |
| US9094205B2 (en) | 2012-08-31 | 2015-07-28 | Freescale Semiconductor, Inc. | Secure provisioning in an untrusted environment |
| US9100189B2 (en) | 2012-08-31 | 2015-08-04 | Freescale Semiconductor, Inc. | Secure provisioning in an untrusted environment |
| US9100174B2 (en) | 2012-08-31 | 2015-08-04 | Freescale Semiconductor, Inc. | Secure provisioning in an untrusted environment |
| US9129536B2 (en) | 2012-08-31 | 2015-09-08 | Freescale Semiconductor, Inc. | Circuit for secure provisioning in an untrusted environment |
| US9430658B2 (en) | 2014-12-16 | 2016-08-30 | Freescale Semiconductor, Inc. | Systems and methods for secure provisioning of production electronic circuits |
| CN107533616A (en) * | 2015-03-02 | 2018-01-02 | 销售力网络公司 | System and method for making data safety |
| CN108352015A (en) * | 2016-02-23 | 2018-07-31 | 恩链控股有限公司 | The anti-loss storage of Secure for the system combination wallet management system based on block chain and encryption key transfer |
| JP2019507539A (en) * | 2016-01-20 | 2019-03-14 | マスターカード インターナシヨナル インコーポレーテツド | Method and system for providing and storing distributed cryptographic keys by elliptic curve cryptography |
| US11120437B2 (en) | 2016-02-23 | 2021-09-14 | nChain Holdings Limited | Registry and automated management method for blockchain-enforced smart contracts |
| US11126976B2 (en) | 2016-02-23 | 2021-09-21 | nChain Holdings Limited | Method and system for efficient transfer of cryptocurrency associated with a payroll on a blockchain that leads to an automated payroll method and system based on smart contracts |
| US11182782B2 (en) | 2016-02-23 | 2021-11-23 | nChain Holdings Limited | Tokenisation method and system for implementing exchanges on a blockchain |
| US11194898B2 (en) | 2016-02-23 | 2021-12-07 | nChain Holdings Limited | Agent-based turing complete transactions integrating feedback within a blockchain system |
| US11308486B2 (en) | 2016-02-23 | 2022-04-19 | nChain Holdings Limited | Method and system for the secure transfer of entities on a blockchain |
| US11349645B2 (en) | 2016-02-23 | 2022-05-31 | Nchain Holdings Ltd. | Determining a common secret for the secure exchange of information and hierarchical, deterministic cryptographic keys |
| US11356280B2 (en) | 2016-02-23 | 2022-06-07 | Nchain Holdings Ltd | Personal device security using cryptocurrency wallets |
| US11368292B2 (en) | 2020-07-16 | 2022-06-21 | Salesforce.Com, Inc. | Securing data with symmetric keys generated using inaccessible private keys |
| US11373152B2 (en) | 2016-02-23 | 2022-06-28 | nChain Holdings Limited | Universal tokenisation system for blockchain-based cryptocurrencies |
| US11410145B2 (en) | 2016-02-23 | 2022-08-09 | nChain Holdings Limited | Blockchain-implemented method for control and distribution of digital content |
| US11455378B2 (en) | 2016-02-23 | 2022-09-27 | nChain Holdings Limited | Method and system for securing computer software using a distributed hash table and a blockchain |
| US11522686B2 (en) | 2020-07-16 | 2022-12-06 | Salesforce, Inc. | Securing data using key agreement |
| US11606219B2 (en) | 2016-02-23 | 2023-03-14 | Nchain Licensing Ag | System and method for controlling asset-related actions via a block chain |
| US11625694B2 (en) | 2016-02-23 | 2023-04-11 | Nchain Licensing Ag | Blockchain-based exchange with tokenisation |
| US11727501B2 (en) | 2016-02-23 | 2023-08-15 | Nchain Licensing Ag | Cryptographic method and system for secure extraction of data from a blockchain |
| US11972422B2 (en) | 2016-02-23 | 2024-04-30 | Nchain Licensing Ag | Registry and automated management method for blockchain-enforced smart contracts |
-
1998
- 1998-02-23 JP JP10040341A patent/JPH11239124A/en active Pending
Cited By (38)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2002084269A (en) * | 2000-09-07 | 2002-03-22 | Hitachi Ltd | Recovery method for private key and storage method |
| JP2005295570A (en) * | 2004-04-02 | 2005-10-20 | Microsoft Corp | Method and system which restore private data protected with password through communication network without exposing private data |
| JP2014022882A (en) * | 2012-07-17 | 2014-02-03 | Oki Electric Ind Co Ltd | Common key synthesis device, communication device, key sharing calculation consigned device, calculation consigned device, key sharing system, and communication system |
| US9129536B2 (en) | 2012-08-31 | 2015-09-08 | Freescale Semiconductor, Inc. | Circuit for secure provisioning in an untrusted environment |
| US9100189B2 (en) | 2012-08-31 | 2015-08-04 | Freescale Semiconductor, Inc. | Secure provisioning in an untrusted environment |
| US9100174B2 (en) | 2012-08-31 | 2015-08-04 | Freescale Semiconductor, Inc. | Secure provisioning in an untrusted environment |
| US9094205B2 (en) | 2012-08-31 | 2015-07-28 | Freescale Semiconductor, Inc. | Secure provisioning in an untrusted environment |
| US9430658B2 (en) | 2014-12-16 | 2016-08-30 | Freescale Semiconductor, Inc. | Systems and methods for secure provisioning of production electronic circuits |
| CN107533616A (en) * | 2015-03-02 | 2018-01-02 | 销售力网络公司 | System and method for making data safety |
| JP2018507652A (en) * | 2015-03-02 | 2018-03-15 | セールスフォース ドット コム インコーポレイティッド | System and method for securing data |
| CN107533616B (en) * | 2015-03-02 | 2021-03-12 | 销售力网络公司 | System and method for securing data |
| US11664990B2 (en) | 2016-01-20 | 2023-05-30 | Mastercard International Incorporated | Method and system for distributed cryptographic key provisioning and storage via elliptic curve cryptography |
| JP2019507539A (en) * | 2016-01-20 | 2019-03-14 | マスターカード インターナシヨナル インコーポレーテツド | Method and system for providing and storing distributed cryptographic keys by elliptic curve cryptography |
| JP2022046643A (en) * | 2016-01-20 | 2022-03-23 | マスターカード インターナシヨナル インコーポレーテツド | Method and system for distributed cryptographic key provisioning and storage via elliptic curve cryptography |
| US10848308B2 (en) | 2016-01-20 | 2020-11-24 | Mastercard International Incorporated | Method and system for distributed cryptographic key provisioning and storage via elliptic curve cryptography |
| US11194898B2 (en) | 2016-02-23 | 2021-12-07 | nChain Holdings Limited | Agent-based turing complete transactions integrating feedback within a blockchain system |
| US11373152B2 (en) | 2016-02-23 | 2022-06-28 | nChain Holdings Limited | Universal tokenisation system for blockchain-based cryptocurrencies |
| US11182782B2 (en) | 2016-02-23 | 2021-11-23 | nChain Holdings Limited | Tokenisation method and system for implementing exchanges on a blockchain |
| US11120437B2 (en) | 2016-02-23 | 2021-09-14 | nChain Holdings Limited | Registry and automated management method for blockchain-enforced smart contracts |
| CN108352015B (en) * | 2016-02-23 | 2022-02-01 | 恩链控股有限公司 | Secure multi-party loss-resistant storage and encryption key transfer for blockchain based systems in conjunction with wallet management systems |
| JP2019509648A (en) * | 2016-02-23 | 2019-04-04 | エヌチェーン ホールディングス リミテッドNchain Holdings Limited | Secure multi-party loss-tolerant storage and transfer of cryptographic keys for blockchain-based systems in conjunction with wallet management systems |
| US11308486B2 (en) | 2016-02-23 | 2022-04-19 | nChain Holdings Limited | Method and system for the secure transfer of entities on a blockchain |
| US11349645B2 (en) | 2016-02-23 | 2022-05-31 | Nchain Holdings Ltd. | Determining a common secret for the secure exchange of information and hierarchical, deterministic cryptographic keys |
| US11347838B2 (en) | 2016-02-23 | 2022-05-31 | Nchain Holdings Ltd. | Blockchain implemented counting system and method for use in secure voting and distribution |
| US11356280B2 (en) | 2016-02-23 | 2022-06-07 | Nchain Holdings Ltd | Personal device security using cryptocurrency wallets |
| US11972422B2 (en) | 2016-02-23 | 2024-04-30 | Nchain Licensing Ag | Registry and automated management method for blockchain-enforced smart contracts |
| US11126976B2 (en) | 2016-02-23 | 2021-09-21 | nChain Holdings Limited | Method and system for efficient transfer of cryptocurrency associated with a payroll on a blockchain that leads to an automated payroll method and system based on smart contracts |
| US11410145B2 (en) | 2016-02-23 | 2022-08-09 | nChain Holdings Limited | Blockchain-implemented method for control and distribution of digital content |
| US11455378B2 (en) | 2016-02-23 | 2022-09-27 | nChain Holdings Limited | Method and system for securing computer software using a distributed hash table and a blockchain |
| US11936774B2 (en) | 2016-02-23 | 2024-03-19 | Nchain Licensing Ag | Determining a common secret for the secure exchange of information and hierarchical, deterministic cryptographic keys |
| US11606219B2 (en) | 2016-02-23 | 2023-03-14 | Nchain Licensing Ag | System and method for controlling asset-related actions via a block chain |
| US11621833B2 (en) | 2016-02-23 | 2023-04-04 | Nchain Licensing Ag | Secure multiparty loss resistant storage and transfer of cryptographic keys for blockchain based systems in conjunction with a wallet management system |
| US11625694B2 (en) | 2016-02-23 | 2023-04-11 | Nchain Licensing Ag | Blockchain-based exchange with tokenisation |
| CN108352015A (en) * | 2016-02-23 | 2018-07-31 | 恩链控股有限公司 | The anti-loss storage of Secure for the system combination wallet management system based on block chain and encryption key transfer |
| US11727501B2 (en) | 2016-02-23 | 2023-08-15 | Nchain Licensing Ag | Cryptographic method and system for secure extraction of data from a blockchain |
| US11755718B2 (en) | 2016-02-23 | 2023-09-12 | Nchain Licensing Ag | Blockchain implemented counting system and method for use in secure voting and distribution |
| US11522686B2 (en) | 2020-07-16 | 2022-12-06 | Salesforce, Inc. | Securing data using key agreement |
| US11368292B2 (en) | 2020-07-16 | 2022-06-21 | Salesforce.Com, Inc. | Securing data with symmetric keys generated using inaccessible private keys |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JPH11239124A (en) | Method and device for restoring secret key | |
| TWI722116B (en) | Secure multiparty loss resistant storage and transfer of cryptographic keys for blockchain based systems in conjunction with a wallet management system | |
| US11451386B2 (en) | Method and system for many-to-many symmetric cryptography and a network employing the same | |
| KR0151217B1 (en) | Fair cryptosystems and the method of use | |
| JP4774492B2 (en) | Authentication system and remote distributed storage system | |
| US6230269B1 (en) | Distributed authentication system and method | |
| KR100734162B1 (en) | Method and apparatus for secure distribution of public/private key pairs | |
| EP0403656B1 (en) | Communication equipment | |
| US20110145576A1 (en) | Secure method of data transmission and encryption and decryption system allowing such transmission | |
| Yasin et al. | Cryptography based e-commerce security: a review | |
| JP2006333520A (en) | Multi-step digital signature method and system | |
| KR20010067966A (en) | System and method of software-based commercial key escrow for pki environment | |
| Zhang et al. | Towards thwarting template side-channel attacks in secure cloud deduplications | |
| Poduval et al. | Secure file storage on cloud using hybrid cryptography | |
| JPH11298470A (en) | Key distribution method and system | |
| Dey et al. | Privileged authenticity in reconstruction of digital encrypted shares | |
| EP1125393A4 (en) | System and method of sending and receiving secure data with a shared key | |
| CN112187456B (en) | Key hierarchical management and collaborative recovery system and method | |
| Kaushik et al. | Secure cloud data using hybrid cryptographic scheme | |
| CN115412236A (en) | Method for key management and password calculation, encryption method and device | |
| CN111008837A (en) | Block chain account private key recovery method and device, computer equipment and storage medium | |
| Reddy et al. | Data Storage on Cloud using Split-Merge and Hybrid Cryptographic Techniques | |
| KR102328896B1 (en) | Crypto Key distribution and recovery method for 3rd party managed system | |
| Kacsmar et al. | Mind the gap: Ceremonies for applied secret sharing | |
| KR102329580B1 (en) | Crypto Key distribution and recovery method for multiple 3rd parties managed systems |