JPS60223248A - Open key delivery system - Google Patents
Open key delivery systemInfo
- Publication number
- JPS60223248A JPS60223248A JP59076869A JP7686984A JPS60223248A JP S60223248 A JPS60223248 A JP S60223248A JP 59076869 A JP59076869 A JP 59076869A JP 7686984 A JP7686984 A JP 7686984A JP S60223248 A JPS60223248 A JP S60223248A
- Authority
- JP
- Japan
- Prior art keywords
- key
- open
- register
- cipher
- public key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
Abstract
Description
【発明の詳細な説明】
+a)発明の技術分野
本発明は、公開鍵配送を行う、米国商務省標準局制定の
データ暗号化規格(以下DESと称ず)を用いた暗号通
信方式の改良に関する。[Detailed Description of the Invention] +a) Technical Field of the Invention The present invention relates to an improvement in an encrypted communication method using the data encryption standard (hereinafter referred to as DES) established by the U.S. Department of Commerce Bureau of Standards, which performs public key distribution. .
(b)技術の背景
オンライン化したデータ通信網の拡大に伴い通信を暗号
化する問題が大きく取り上げられるようになった。又暗
号鍵の配送をデータ伝送と同一の伝送路を使って暗号通
信開始時に行うことで、鍵管理から解放出来る公開鍵配
送方式がよく用いられる。(b) Background of the Technology With the expansion of online data communication networks, the issue of encrypting communications has become a hot topic. Also, a public key distribution method is often used, which can relieve the burden of key management by distributing the encryption key at the start of encrypted communication using the same transmission path as the data transmission.
暗号化を行う通信システムにつき、第一図に示す例を用
い、ホストコンピュータ1側から暗号化して送信する場
合を例にとり説明すると、ホストコンピュータ1よりの
平文は暗号装置2にて暗号化され、モデム3.伝送路4
.モデム5を介して暗号装置6に送られ、暗号装置6に
て復号化され元の平文となりデータ端末7に入力される
。A communication system that performs encryption will be explained using the example shown in FIG. 1, taking as an example a case where the host computer 1 encrypts and transmits the data. Plaintext from the host computer 1 is encrypted by the encryption device 2, Modem 3. Transmission line 4
.. The data is sent to the encryption device 6 via the modem 5, decrypted by the encryption device 6, and input into the data terminal 7 as the original plain text.
このようにして暗号化通信が行なわれる。Encrypted communication is performed in this way.
(C1従来技術と問題点
従来の公開鍵配送方式では、例えば、第一図の暗号装置
2より公開鍵X = M”m o d nを送り、暗号
装置6より公開鍵Y=MImodnを送り、暗号装置2
.6では基本鍵に=M”modnをめこの基本鍵を用い
てDBS演算部で暗号化複合化演算を行っている。(C1 Prior Art and Problems In the conventional public key distribution system, for example, the cryptographic device 2 in Figure 1 sends the public key X = M''mod n, the cryptographic device 6 sends the public key Y = MImodn, Encryption device 2
.. In No. 6, the DBS operation unit performs encryption and decryption operations using this basic key with =M''modn as the basic key.
但しM、nは定数、α、βば秘密の鍵である。However, M and n are constants, and α and β are secret keys.
この場合、例えば、第二図に示す如く、DBS演算部を
用いた暗号装M8を伝送路4に並列に接続し、暗号装置
8では、暗号装置2よりの公開鍵Xを受信するようにし
、公開鍵Z = M’m o d nを送ると暗号装置
2では基本鍵K A = M” m o d nを作る
。この時暗号装置8で基本鍵KAを作れば、暗号装置2
.8間で暗号通信が出来るようになる。In this case, for example, as shown in FIG. 2, an encryption device M8 using a DBS calculation unit is connected in parallel to the transmission line 4, and the encryption device 8 receives the public key X from the encryption device 2. When the public key Z = M'm o d n is sent, the cryptographic device 2 creates a basic key KA = M'' m o d n.At this time, if the cryptographic device 8 creates the basic key KA, the cryptographic device 2
.. Encrypted communication becomes possible within 8 seconds.
但しγは秘密の鍵である。However, γ is a secret key.
即ち暗号袋W2では、送られてきた暗号文は暗号装置6
よりのものか暗号装置8よりのものが判らないので、相
手方の認証が出来ない。That is, in the encryption bag W2, the sent cipher text is sent to the encryption device 6.
It is not possible to authenticate the other party because it is not known whether the other party is the original or the one from the encryption device 8.
従来の公開鍵配送方式では以上のように認証が出来ない
欠点がある。Conventional public key distribution methods have the disadvantage that authentication cannot be performed as described above.
Td)発明の目的
本発明の目的は上記の欠点に鑑み、認証性を持たせるこ
とが出来る公開鍵配送方式の提供にある。Td) Object of the Invention In view of the above-mentioned drawbacks, an object of the present invention is to provide a public key distribution system that can provide authentication.
(e)発明の構成
上記の目的は、公開鍵を暗号化して配送し合い、各暗号
装置では復号化することにより公開鍵をめ、該公開鍵よ
り基本鍵を生成するようにした本発明の構成により達成
される。(e) Structure of the Invention The above object is to provide the present invention, in which a public key is encrypted and distributed, each encryption device decrypts the public key to obtain the public key, and generates a basic key from the public key. This is achieved through configuration.
即ち、公開鍵を暗号化する鍵は、第三者は知らないので
、第三者が例えば伝送路に並列に暗号装置を接続しても
、送られてくる暗号化された公開鍵より公開鍵はめられ
ず、従って基本鍵もめられず、第三者との暗号通信は出
来ないので当事者同士でのみ認証性を持たせることが出
来る。In other words, since a third party does not know the key that encrypts the public key, even if a third party connects an encryption device in parallel to the transmission path, the encrypted public key that is sent to the third party cannot be used. Since the basic key cannot be accessed, and encrypted communication with a third party is not possible, authentication can only be achieved between the parties involved.
(f)発明の実施例 以下本発明の一実施例につき図に従って説明する。(f) Examples of the invention An embodiment of the present invention will be described below with reference to the drawings.
第三図は本発明の実施例の暗号装置のブロック図である
。FIG. 3 is a block diagram of an encryption device according to an embodiment of the present invention.
図中10は暗号化部、11は復号化部、12はキーソー
ス、13は鍵発生器、14はマイクロプロセッサ、15
.244!セlzクタ、16.20は入力レジスタ、1
7.21は鍵レジスタ、18゜22はDBS演算部、1
9.23は出力レジスタを示す。In the figure, 10 is an encryption unit, 11 is a decryption unit, 12 is a key source, 13 is a key generator, 14 is a microprocessor, 15
.. 244! cellz vector, 16.20 is input register, 1
7.21 is the key register, 18°22 is the DBS calculation unit, 1
9.23 indicates the output register.
第一図の暗号装置2と6では構成は、同じであるので、
第三図は暗号装置2の場合として説明する。Since the configurations of encryption devices 2 and 6 in Figure 1 are the same,
The case of the cryptographic device 2 will be explained in FIG.
先づ鍵発生器13より公開鍵Xを送ると、セレクタ15
はこれを選択し、人力レジスタ16を介してDBS演算
部18に人力する。First, when the public key X is sent from the key generator 13, the selector 15
selects this and manually inputs it to the DBS calculation unit 18 via the manual register 16.
この時鍵発生器13は暗号鍵KH= M’m o d
nを作り、鍵レジスタ17を介してDBS演算部18に
送る。但しεは認証用の秘密の鍵であり、対向暗号装置
2.6でもっている。At this time, the key generator 13 generates the encryption key KH=M'm o d
n is created and sent to the DBS calculation unit 18 via the key register 17. However, ε is a secret key for authentication, which is held by the opposite encryption device 2.6.
DBS演算部18では、入力する公開!!Xを暗号鍵に
、にて暗号化してXとなし、相手局に送信する。The DBS calculation unit 18 inputs the public! ! Using X as the encryption key, encrypt it as X and send it to the other station.
一方相手局よりは、暗号鍵ルにて公開鍵Yを暗号化して
Yとなし送信されるので、この暗号化された公開鍵Yは
入力レジスタ20を介し、DBS演算部22に入力する
。On the other hand, the other station encrypts the public key Y using an encryption key and transmits it as Y, so this encrypted public key Y is input to the DBS calculation unit 22 via the input register 20.
この時鍵発生器13よりは鍵レジスタ21を介して暗号
鍵Kが送られているので、DBS演算部22はこの暗号
鍵Kにて復号化して、公開鍵Yをめ出力レジスタ23を
介しセレクタ24にて選択されて、鍵発生器13に入力
する。At this time, since the encryption key K is sent from the key generator 13 via the key register 21, the DBS calculation unit 22 decrypts it with this encryption key K, receives the public key Y, and sends it to the selector via the output register 23. 24 and input to the key generator 13.
鍵発生器13では公開鍵Y及びα、nより基本鍵Kを生
成し、この基本鍵Kを鍵レジスタ17゜21を介してD
BS演算部18.22に入力する。The key generator 13 generates a basic key K from the public key Y, α, and n, and this basic key K is sent to D via the key register 17゜21.
It is input to the BS calculation section 18.22.
次に第一図の、ホストコンピュータlよす送うれてきた
平文はセレクタ15にて選択され入力レジスタ16を介
してDES演算部18に入力し、基本鍵Kにて暗号化さ
れ、出力レジスタ19を介して相手局に送信される。Next, the plain text sent from the host computer l in FIG. is sent to the other station via.
一方相手局にて基本@1Kにて暗号化された暗号文は入
力レジスタ20を介しDES演算部22に入力し、基本
鍵Kにて復号化され元の平文となり、出力レジスタ23
を介し、セレクタ24にて選択され、第一図のホストコ
ンピュータ1に送られる。On the other hand, the ciphertext encrypted with basic@1K at the other station is input to the DES calculation unit 22 via the input register 20, decrypted with the basic key K, and becomes the original plaintext, which is output to the output register 23.
is selected by the selector 24 and sent to the host computer 1 shown in FIG.
尚以上の制御はコンピュータ14にて行われる。The above control is performed by the computer 14.
又キーソース12よりは定数M、n秘密の鍵α。Also, from the key source 12, constant M and n secret key α.
認証用の鍵εを鍵発生器13に与えている。An authentication key ε is given to the key generator 13.
この場合第三者が第二図に示す如く暗号装置8を伝送路
4に並列に接続し、暗号装置2よりの暗号化された公開
鍵Xうを受信しても暗号鍵にトを知らないので、公開鍵
Xをめることが出来ず又公開鍵Zを暗号化して送信して
もこの暗号化する鍵は暗号鍵にと異なるので、暗号装置
2では公開鍵Zをめることが出来ないので共に基本鍵K
Aを作ることが出来ず、暗号通信を行うことが出来ない
。In this case, a third party connects the encryption device 8 in parallel to the transmission path 4 as shown in Figure 2, and even if he receives the encrypted public key X from the encryption device 2, he does not know the encryption key. Therefore, the public key Since there is no basic key K
A cannot be created and encrypted communication cannot be performed.
従って暗号通信が出来るのは第一図の暗号装置6に限ら
れるので、対向暗号装置2,6間で認証性を持たせるこ
とが出来る。Therefore, since encrypted communication is only possible with the encrypting device 6 shown in FIG. 1, it is possible to provide authentication between the opposing encrypting devices 2 and 6.
(g)1発明の効果
以上詳細に説明せる如く本発明によれば、公開鍵配送方
式の対向暗号装置間で認証性を持たせることができる効
果がある。(g) Effects of the First Invention As explained in more detail, the present invention has the effect of providing authentication between opposing cryptographic devices using the public key distribution method.
第一図は暗号通信システムの一例のブロック図、第二図
は従来の公開鍵配送方式では認証性を持たせることが出
来ない説明用のブロック図、第三図は本発明の実施例の
暗号装置のブロック図である。
図中1はコンピュータ、2,6.8は暗号装置、3.5
はモデム、4は伝送路、lOは暗号化部、11は複合化
部、12はキーソース、13は鍵発生器、14はマイク
ロプロセッサ、15.24はセレクタ、16.20は入
力レジスタ、17,21は鍵レジスタ、18.22はD
BS演算部、l手続補正書(自発)
昭和 年 月 11
60.5.2、
特許庁長官殿
+、 qt tlの表示
昭和3−7年持許願第’、IIJど7跨3 補止をする
各
事f1との閏II 持n’r出QfJ人住所 神奈用県
川崎山中)6)1メ1.・j・1(i中1015番地お
よび図面の簡単な説明の−
8補正の内容別紙の通り
(1) 明細書の特許請求の範囲の欄を下記の通り補正
する。
「公開鍵を暗号化して配送し合い、各暗号装置では復号
化することにより公開鍵をめ、該公開(2)同一*sg
i頁第11行目乃至第13行目を下記の通り補正する。
床発明は、米国商務省標準局制定のデータ暗号化規格(
以下DESと称す)を用いた暗号通信方式の公開鍵配送
方式に関する司
(3)同書第5頁第13行目及び@14行目のrKJを
rKbJと補正する。
(4)同書第6頁第15行目及び第18行目のrKJを
rKbjと補正する。
(5) 同書第7頁第15行目の[複合化部Jを「複合
化部」と補正する。Figure 1 is a block diagram of an example of a cryptographic communication system, Figure 2 is a block diagram for explaining that authentication cannot be achieved using the conventional public key distribution method, and Figure 3 is a block diagram of an example of a cryptographic communication system according to the present invention. FIG. 2 is a block diagram of the device. In the figure, 1 is a computer, 2, 6.8 is a cryptographic device, 3.5
is a modem, 4 is a transmission line, IO is an encryption unit, 11 is a decryption unit, 12 is a key source, 13 is a key generator, 14 is a microprocessor, 15.24 is a selector, 16.20 is an input register, 17 , 21 is the key register, 18.22 is D
BS Computing Department, Procedural Amendment (Voluntary) May 11, 1939 60.5.2, Commissioner of the Japan Patent Office+, qt tl indication No. 1923-1939 Showa 3-7 Permanent Application No. 1, IIJ 7 3 Supplement. Leap II with each thing f1 QfJ person address Kanayo prefecture Kawasaki Yamanaka) 6) 1 me 1.・j・1 (address 1015 in i and a brief description of the drawings - 8 Contents of the amendment As shown in the attached sheet (1) The claims column of the specification is amended as follows. ``The public key is encrypted. They are distributed to each other, and each encryption device decrypts it to obtain the public key, and the public (2) same *sg
The 11th to 13th lines of page i are corrected as follows. The floor invention was based on the data encryption standard established by the U.S. Department of Commerce Bureau of Standards (
(3) rKJ on page 5, line 13 and @line 14 of the same book is corrected to rKbJ. (4) Correct rKJ on page 6, line 15 and line 18 of the same book to rKbj. (5) On page 7, line 15 of the same book, [Compounding section J is amended to read "compounding section."
Claims (1)
することにより公開鍵をめ、該公開鍵より基本鍵を化成
するようこしたことを特徴とする公開鍵配送方式。A public key distribution system characterized in that a public key is encrypted and distributed, each encryption device decrypts it to obtain a public key, and generates a basic key from the public key.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| JP59076869A JPS60223248A (en) | 1984-04-17 | 1984-04-17 | Open key delivery system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| JP59076869A JPS60223248A (en) | 1984-04-17 | 1984-04-17 | Open key delivery system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| JPS60223248A true JPS60223248A (en) | 1985-11-07 |
Family
ID=13617647
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| JP59076869A Pending JPS60223248A (en) | 1984-04-17 | 1984-04-17 | Open key delivery system |
Country Status (1)
| Country | Link |
|---|---|
| JP (1) | JPS60223248A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2002529013A (en) * | 1998-10-23 | 2002-09-03 | クゥアルコム・インコーポレイテッド | Application registration method, device, wireless device, and home system for wireless system |
| JP2007181123A (en) * | 2005-12-28 | 2007-07-12 | Ntt Communications Kk | Digital certificate exchange method, terminal device, and program |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPS5873257A (en) * | 1981-10-13 | 1983-05-02 | ウエスターン・エレクトリツク・カムパニー・インコーポレーテツド | Encoding device |
-
1984
- 1984-04-17 JP JP59076869A patent/JPS60223248A/en active Pending
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPS5873257A (en) * | 1981-10-13 | 1983-05-02 | ウエスターン・エレクトリツク・カムパニー・インコーポレーテツド | Encoding device |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2002529013A (en) * | 1998-10-23 | 2002-09-03 | クゥアルコム・インコーポレイテッド | Application registration method, device, wireless device, and home system for wireless system |
| JP4689830B2 (en) * | 1998-10-23 | 2011-05-25 | クゥアルコム・インコーポレイテッド | Application registration method, apparatus, wireless apparatus and home system for wireless system |
| JP2007181123A (en) * | 2005-12-28 | 2007-07-12 | Ntt Communications Kk | Digital certificate exchange method, terminal device, and program |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US5815573A (en) | Cryptographic key recovery system | |
| CN1682479B (en) | Method and device for efficient encryption and authentication for data processing systems | |
| CN104735070B (en) | A kind of data sharing method between general isomery encryption cloud | |
| JP2001251287A (en) | Confidential transmitting method using hardware protection inside secret key and variable pass code | |
| CN115567326B (en) | Data transaction method and device based on block chain | |
| JPH10327141A (en) | Method and device for enciphering/deciphering data | |
| CN1981477A (en) | Method of providing digital certificate functionality | |
| JPS60223248A (en) | Open key delivery system | |
| JP2001111539A (en) | Cryptographic key generator and cryptographic key transmitting method | |
| CN112737783B (en) | Decryption method and device based on SM2 elliptic curve | |
| JPH11231776A (en) | Method and device for issuing certificate | |
| JP3176610B2 (en) | Password management method | |
| CN101500147B (en) | Digital television receiving control method and apparatus based on bi-directional network | |
| JP2004347636A (en) | Ticket processing system and method therefor | |
| JP2001285278A (en) | Encryption communication method and encryption communication system | |
| JP2002063139A (en) | Terminal equipment and server device and terminal authenticating method | |
| JPS63176043A (en) | Secret information communicating system | |
| JP2680426B2 (en) | Authentication method | |
| JPH11168461A (en) | Method and equipment for communicating information | |
| KR102589792B1 (en) | System for providing electronic notarization service based on chained reciprocity | |
| Chaudhary et al. | A security solution for the transmission of confidential data and efficient file authentication based on DES, AES, DSS and RSA | |
| JPH0373633A (en) | Cryptographic communication system | |
| JP2003309544A (en) | Cipher key delivery apparatus | |
| KR19980067310A (en) | Impossible communication method | |
| JPH0897813A (en) | Method and equipment for communication |