WO2005064843A1 - 素数算出装置及び方法並びに鍵発行システム - Google Patents
素数算出装置及び方法並びに鍵発行システム Download PDFInfo
- Publication number
- WO2005064843A1 WO2005064843A1 PCT/JP2004/019108 JP2004019108W WO2005064843A1 WO 2005064843 A1 WO2005064843 A1 WO 2005064843A1 JP 2004019108 W JP2004019108 W JP 2004019108W WO 2005064843 A1 WO2005064843 A1 WO 2005064843A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- prime
- information
- unit
- key
- candidate
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/10—Complex mathematical operations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F7/00—Methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F7/60—Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers
- G06F7/72—Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers using residue arithmetic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3006—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
- H04L9/3033—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters details relating to pseudo-prime or prime number generation, e.g. primality test
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2207/00—Indexing scheme relating to methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F2207/72—Indexing scheme relating to groups G06F7/72 - G06F7/729
- G06F2207/7204—Prime number generation or prime number testing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/08—Randomization, e.g. dummy operations or using noise
Definitions
- the present invention relates to a technique for maintaining information security based on the difficulty of factorization as a basis for security.
- the secret communication method is a method of performing communication without leaking communication contents to a person other than a specific communication partner.
- the digital signature method is a communication method that shows the validity of communication contents to a communication partner and proves the identity of a caller.
- an encryption scheme called a public key encryption scheme is used.
- the encryption key and the decryption key are different, and the decryption key is kept secret but the encryption key is made public.
- the decryption key that keeps the secret is called the secret key
- the encryption key that is made public is called the public key.
- the common key cryptography requires a key between the communication partners.Public key cryptography allows a communication partner to communicate only by having one unique key. The number of keys may be smaller than that of the common key encryption. In this way, public key cryptography is suitable for communicating with a large number of communication partners and is an indispensable fundamental technology.
- the prime factorization problem is described in Non-Patent Document 1, pages 144-151. It is elaborated.
- the public key and the secret key are calculated as follows.
- GCD (e, L) indicates the greatest common divisor of e and L.
- the ciphertext c is calculated by performing a cryptographic operation on the plaintext m using the public key integer e and integer n.
- A indicates a value obtained by multiplying A by X times when x> 0.
- a decryption operation is performed on the encrypted text c to calculate a decrypted text m ′.
- Prime number is generated.
- the generation of prime numbers is described in detail in Non-Patent Document 3 on pages 145-154.
- a prime generated by the stochastic prime generation method is a number that has a “high probability of being a prime” and is not necessarily 100% prime.
- the deterministic prime generation method surely generates numbers that are prime numbers.
- Non-Patent Document 2 describes the stochastic prime generation method and the deterministic prime generation method in detail. Hereinafter, the deterministic prime generation method will be described.
- a deterministic prime generation method using the Maurer method which can deterministically generate prime numbers, will be described.
- the Maurer method is described in detail in Non-Patent Document 3 at pages 152 to 153.
- a prime is generated by repeating the following steps.
- the prime number q of the bit size lenq is given!
- Step 1 Select a random number R of (lenq-1) bits. Note that the first bit of the random number R must be 1.
- Step 2 Calculate the number N by the following formula.
- Step 3 It is determined whether or not the force of which the number N is a prime is a prime if both the first and second determinations below are satisfied. Otherwise, it is determined that it is not a prime number.
- the number N is output as a prime number. If it is not a prime number, return to step 1 and repeat the process until a prime number is output.
- N of N 2 X q XR + l is a prime number, and if the results of the first judgment and the second judgment are true, N is always a prime number. Therefore, it can be determined deterministically that it is a prime number, and deterministic prime number generation becomes possible.
- a prime N of size 2 X lenq is generated based on a prime q of size lenq. Therefore, when a prime with a predetermined length is generated using a deterministic prime generation method based on the Maurer method, generation of a prime with a length equal to or less than the predetermined length is repeatedly performed. For example, when generating a 512-bit prime, a 16-bit prime is generated based on an 8-bit prime given in advance. Next, a 32-bit prime is generated based on the generated 16-bit prime. Next, a 64-bit prime is generated based on the generated 32-bit prime. Hereinafter, the same prime number generation is repeated to generate a 512-bit prime number.
- the second determination may be replaced with the following determination.
- the third determination method is described in detail in Non-Patent Document 4. Hereafter, this judgment method will be used.
- a user may generate a key or a key issuing server may issue a key to the user.
- a key is issued by a key issuing server
- the number of servers that issue keys to users is often one.
- the key issuing system may include a plurality of key management servers, and each of the plurality of key management servers may issue a key.
- Patent Document 1 Japanese Patent Application Laid-Open No. 2003-5644
- Non-Patent Document 1 Tatsuaki Okamoto and Kazuo Ota, ed., "Cryptography ⁇ Zero Knowledge Problem ⁇ Number Theory,” Kyoritsu Shuppan, 1990
- Non-Patent Document 2 Tatsuaki Okamoto, Hiroshi Yamamoto, “Contemporary Cryptography”, Industrial Books (1997)
- Non-Patent Document 3 A. Menezes, PC van Oorschot, SA Vanstone, "Handbook of applied cryptography, CRC Pres, 1997
- Non-Patent Document 4 Eiji Okamoto, "Introduction to Cryptography", Kyoritsu Shuppan, 1993, p. 21
- Non-Patent Document 5 Henri Cohen, A Course in Computational Algebraic
- the first and second key issuing servers do not check the issued RSA keys with each other. This is because there is a security problem if the issued RSA key is made public to other key issuing servers. Therefore, by chance, the first and second key issuing servers may generate the same public key and the same secret key for the first user and the second user.
- a third user can communicate with the first user using the public key for the first user.
- the first user can of course decrypt the ciphertext using his own secret key, but the second user can also use the own secret key to decrypt the ciphertext.
- the sentence can be decrypted.
- the public key of the RSA is calculated by the product of two different prime numbers, so that each prime power used in the generation of the public key is the first key issuing server. And the second key issuing server may be different.
- an object of the present invention is to provide a prime calculation device, a key issuing system, a prime calculation method, and a prime calculation program for calculating a prime while calculating a prime while avoiding duplication by simple management. I do.
- the present invention relates to a prime calculating apparatus which calculates a prime candidate N larger than a known prime q and determines a prime, wherein the prime storage device stores the known prime q.
- a step management information storage means for storing unique management information in a usage range of prime numbers, and a disturbance for reading the management information from the management information storage means and generating disturbance information R depending on the read management information.
- a candidate calculating means for reading a prime number q, and using the read prime number q and the generated perturbation information R to calculate a prime candidate N by N 2X perturbation information RX prime q + 1; a calculated prime number A prime number determining unit that determines whether or not the candidate N is a prime number; and an output unit that outputs the calculated prime number candidate N as a prime number when it is determined that the candidate N is a prime number.
- the prime number calculation device calculates the prime number candidate N using the disturbance information R generated depending on the unique management information. Therefore, the prime number candidate is calculated while avoiding duplication. Can be calculated.
- the use range of prime numbers is the range in which prime numbers are used based on the difficulty of factorization as a basis for security.
- the disturbance information generating unit combines the read-out management information with the generated random number r, a reading unit that reads the management information from the management information storage unit, a random number calculation unit that calculates a random number r.
- a combination unit may be included, and a calculation unit that calculates the disturbance information R based on a combination of the management information and the random number r may be included.
- the prime number calculating device generates the disturbance information R based on the combination of the management information and the random number r, so that the uniqueness based on the management information and the randomness based on the random number r are combined.
- the generated disturbance information can be generated.
- the operation unit may generate a disturbance information R by applying an injection function to the combined object.
- the prime number calculation device applies the injection function to the combination to generate the disturbance information R, so that the uniqueness of the combination is maintained by the properties of the injection function, In addition, it is possible to generate disturbance information having randomness due to the conversion of the bond strength.
- the injection function is an exclusive OR
- the arithmetic unit stores in advance predetermined key information, and performs an exclusive OR on the key information and the combination to perform a disturbance.
- Information R may be generated.
- the prime number calculating device can generate the disturbance information R by performing an exclusive OR operation on the combination and the predetermined key information.
- the prime calculation device calculates a prime candidate N having a bit length twice as long as the prime q.
- the random number calculating unit may calculate the random number r having a bit length obtained by subtracting V from the bit length of the prime number q and 1 from the bit length of the prime number q.
- the prime number calculating device calculates the bit length of the prime number q as well as the bit length of the management information, and calculates a random number r of a bit length obtained by subtracting 1, thereby obtaining a bit length twice the prime number q. It is possible to calculate a prime candidate N having
- the prime number calculating device determines whether or not the prime candidate N is a prime number using the first and second determining units, so that both the first and second determining units If the determination result is positive, the prime candidate N can be determined to be a prime.
- the prime calculation device determines whether or not the prime candidate N is a prime using the first and second determination units, so that both the first and second determination units If the determination result is positive, the prime candidate N can be determined to be a prime.
- the prime calculating device further generates the disturbance information R for the disturbance information generating means, the candidate calculating means, and the prime determining means until the prime determining means determines that the prime is a prime.
- it may include a repetition control means for controlling the calculation of the prime number candidate N and the determination.
- the prime calculation device performs the generation of the disturbance information R, the calculation of the prime candidate N, the determination of the prime, and the like until the repetition control means determines that the generated prime candidate is a prime. Is repeated, a prime number can always be output.
- next-stage prime candidate calculating means for calculating prime candidate N' based on 'X prime N + 1'; next-stage prime determining means for determining whether calculated prime candidate N 'is a prime; determining that prime is prime
- the next-stage output means for outputting the calculated prime candidate N ′ as a prime number, the next-stage random number calculation means, and the next-stage random number calculation means until the next-stage prime number determination means determines that it is a prime number.
- the candidate calculation means and the next-stage prime number determination means it may include a next-stage repetition control means for controlling the generation of the random number R ', the calculation of the prime number candidate N', and the determination. Good.
- the prime calculation device calculates the prime candidate N ′ using the prime N and the generated random number R ′, and determines whether the calculated prime candidate N ′ is a prime. Then, if it is a prime number, the calculated prime candidate N ′ can be output as a prime number.
- the number-of-graphies calculating device further includes a next-stage information storage means for storing a predetermined verification value, a next-stage random number generation means for generating a random number r ', and the random number r generated for the management information.
- N ′ 2 X disturbance information R, X prime N + verification value to calculate a prime candidate N ′, and a next-stage candidate calculating means for calculating a prime candidate N ′. Further, it is determined whether or not the calculated prime candidate N ′ is a prime number, and the output means further determines the calculated prime candidate N ′ when the prime candidate N ′ is determined to be a prime number. 'Is output as a prime number.
- the prime calculation device calculates the prime candidate N 'using the verification value, the prime N, and the disturbance information R' obtained by multiplying the management information by the random number r '. It is determined whether or not the prime candidate N ′ is a prime number, and if it is a prime number, the prime candidate N ′ can be output as a prime number. As a result, the result of subtracting the verification value from the prime N 'can generate a prime N' that is divisible by the management information.
- the prime number calculation device is a key generation device that generates a public key and a secret key of the RSA encryption, and the prime number calculation device further uses the calculated prime number N to publish the RSA encryption.
- a public key generating means for generating a key and a secret key generating means for generating a secret key of the RSA encryption using the generated public key may be included.
- the prime number calculation device generates the public key and the secret key of the RSA encryption key.
- the prime number calculating device can generate a public key by using the calculated prime number N, and can generate a secret key by using the generated public key.
- the public key generation means instructs the repetition control means to obtain a new prime number N ', and uses the prime number N and the newly obtained prime number N'.
- N prime number NX
- a number n is calculated by a prime number N ′
- a random number e is generated
- a set of the calculated number n and the generated random number is the public key.
- d l mod L is calculated, where L is the least common multiple of the prime number N-1 and the prime number N'-l, and the calculated d may be the secret key.
- the prime number calculating device calculates the number n using the prime numbers N and N ′, generates the random number e, generates the public key, and generates the generated random number e, Prime N—1 and prime
- a secret key can be generated from the least common multiple of N and ⁇ 1.
- the prime number calculating device is a key issuing server device that generates and issues an RSA private key and a public key to the terminal device, and the prime number calculating device further includes the generated private key.
- the prime number calculation device can output the generated secret key to the terminal device, and can publish the generated public key.
- the prime number calculating device further includes an identifier obtaining unit that obtains a terminal device identifier that uniquely identifies the terminal device, a management information generating unit that generates the management information including the obtained terminal device identifier, Writing means for writing the generated management information to the management information storage means.
- the prime number calculation device generates management information including the terminal device identifier and writes the generated management information to the management information storage means, so that unique management information can be stored.
- the prime number calculation device further includes a server identifier storage unit that previously stores a server identifier that uniquely identifies the prime number calculation device as a key issuing server device
- the management information generation unit includes: Furthermore, the server identifier is read from the server identifier storage means, and the management information further including the read server identifier is generated. It's a little to do.
- the prime number calculation device further generates management information including the server identifier, so that the uniqueness of the management information can be improved.
- the present invention is a prime calculating apparatus for calculating a prime larger than a known prime, comprising a prime calculating means for calculating an output prime having a bit length twice as long as a known input prime, and a known prime initial value. And a repetition control means for controlling the prime number calculation means to repeat the calculation a plurality of times, wherein the repetition control means performs the first calculation in the repetition,
- the prime initial value stored in the prime storage means is given as the input prime to the prime calculation means, and in the other calculations other than the first calculation of the repetition, the initial prime value is calculated in the previous calculation.
- An output prime is given to the prime calculation means as the input prime in the other calculation, and in any one of the plurality of calculations, the prime calculation means includes a unique number in a usage range of the prime.
- a management information storage unit for storing management information, a disturbance information generation unit for reading the management information from the management information storage unit, and generating disturbance information R depending on the read management information;
- a prime determining unit for determining whether or not the prime candidate N is a prime; an output unit for outputting the calculated prime candidate N as an output prime when the prime candidate N is determined to be a prime;
- the generation of the perturbation information R, the calculation of the prime number candidate N, and the determination are repeated for the disturbance information generation unit, the candidate calculation unit, and the prime number determination unit until it is determined by the unit to be a prime number.
- the prime output means of the prime calculating apparatus uses the disturbance information R generated depending on the unique management information in any one of the multiple calculations of the output prime. Since the prime candidate N is calculated, the prime candidate can be calculated while avoiding duplication.
- the prime number calculation means includes: an information storage unit storing a predetermined verification value; a random number generation unit generating a random number r ′;
- the prime number candidate N ′ is obtained by the output prime number calculated in the previous round + the verification value.
- a prime determination unit that determines whether the calculated prime candidate N ′ is a prime, and a prime that is calculated when the prime candidate N ′ is determined to be a prime.
- An output unit that outputs the candidate N ′ as a prime; and a random number generation unit that generates a random number r ′ to the random number generation unit, the candidate calculation unit, and the prime number determination unit until the prime determination unit determines that the candidate is prime.
- a repetition control unit that controls the calculation of the prime number candidate N ′ and the above-described determination to be repeated.
- the prime number calculating apparatus uses the verification value, the output prime number calculated in the immediately preceding round, and the disturbance information R 'obtained by multiplying the management information by the random number r', to calculate the prime number.
- the candidate N ' is calculated, and it is determined whether or not the calculated prime candidate N' is a prime number. If the calculated candidate N 'is a prime number, the prime candidate N' can be output as a prime number. As a result, the result of subtracting the verification value from the prime N 'can generate a prime N' that is divisible by the management information.
- the present invention is also a key issuing system including a key issuing server device that generates and issues an RSA private key and a public key to a terminal device and the terminal device.
- the server device includes: a prime calculating means for calculating a prime N larger than the known prime q; a public key generating means for generating a public key of the RSA encryption using the calculated prime N; and a generated public key.
- Secret key generation means for generating a secret key of RSA encryption, key output means for outputting the generated secret key to a terminal device, and public means for publishing the generated public key.
- the prime calculation means comprises: a prime storage unit storing a known prime q, a management information storage unit storing unique management information, and reading the management information from the management information storage unit. Disturbance information R depending on the read management information
- An output unit that outputs a prime number and the disturbance information generation unit, the candidate calculation unit, and the prime number determination unit until the prime number determination unit determines that the output is a prime number.
- a repetition control unit for controlling the generation of the disturbance information R, the calculation of the prime number candidate N, and the determination, wherein the terminal device receives the secret key,
- a key storage means for storing the secret key.
- the key issuing server device of the key issuing system calculates the prime number candidate N using the disturbance information R generated based on the unique management information.
- a prime candidate can be calculated. Since the terminal device receives and stores the secret key in the key issuing server device, the terminal device can store the secret key generated by the prime number N generated while avoiding duplication, that is, the secret key generated while avoiding duplication. .
- the key issuing system further includes a certificate issuing server device, and the key output means outputs the public key to the certificate issuing server device, and outputs the public key to the certificate issuing server.
- the device includes a storage unit that stores a secret key of the certificate issuing server device, an obtaining unit that obtains the public key, and the public key using the secret key of the certificate issuing server device.
- Certificate generating means for applying digital signature to public key information to generate signature data, and generating a public key certificate including at least the public key and the generated signature data, and a generated public key certificate And an output means for outputting to the key issuing server device.
- the key issuing system can use the certificate issuing server device to issue a public key certificate for the public key issued by the key issuing server device.
- FIG. 1 is a diagram showing an outline of an entire key issuing system 1.
- FIG. 2 is a block diagram showing a configuration of a key issuing server 100.
- FIG. 3 is a block diagram showing a configuration of a prime number generation unit 116.
- FIG. 4 is a diagram showing an example of a data structure of a control information table T100.
- FIG. 5 is a block diagram showing a configuration of a prime information generation unit 133.
- FIG. 6 is a block diagram showing a configuration of a certificate issuing server 200.
- FIG. 7 is a diagram showing an example of a data structure of a verification value table T200.
- FIG. 8 is a block diagram showing a configuration of a terminal device 300. [9] This is a flowchart showing an outline of the operation of the key issuing system 1.
- FIG. 10 is a flowchart showing an operation of a key request process in the key issuing system 1.
- FIG. 11 is a flowchart showing an operation of a key issuing process in the key issuing system 1. Continue to Figure 12.
- FIG. 12 is a flowchart showing an operation of a key issuing process in the key issuing system 1. Continued from Fig. 11 and continued to Fig. 13.
- FIG. 13 is a flowchart showing an operation of a key issuing process in the key issuing system 1. Continued from Figure 12 and continued to Figure 14.
- FIG. 14 is a flowchart showing an operation of a key issuing process in the key issuing system 1. Continued from Figure 13.
- FIG. 15 is a flowchart showing an operation of a prime number generation process.
- FIG. 18 is a flowchart showing an operation of a certificate issuing process in the key issuing system 1.
- FIG. 19 is a block diagram showing a configuration of a prime information generation unit 133A.
- FIG. 20 is a diagram showing an example of a data structure of a verification value table T250.
- FIG. 21 is a block diagram showing a configuration of a prime information generation unit 133B.
- FIG. 22 is a block diagram showing a configuration of a prime generation unit 116C.
- FIG. 23 is a diagram showing an example of a data structure of a control information table T150.
- FIG. 24 is a block diagram showing a configuration of a prime information generation unit 133C.
- FIG. 26 is a diagram showing an overview of the entire key issuing system 2.
- FIG. 27 is a block diagram showing a configuration of a key issuing server 1100.
- FIG. 28 is a diagram showing an example of the data structure of an issued key information table T1100.
- FIG. 29 is a block diagram showing a configuration of a key issuance audit server 1200.
- FIG. 30 is a diagram showing an example of a data structure of a verification value table T1200.
- FIG. 31 is a flowchart showing an operation outline of the key issuing system 2 at the time of key issuance.
- FIG. 32 is a flowchart showing an outline of operation of the key issuing system 2 at the time of key audit.
- FIG. 33 is a flowchart showing an operation of a certificate issuing process in the key issuing system 2.
- FIG. 34 is a flowchart showing an operation of a key information acquisition process in the key issuing system 2.
- FIG. 35 is a flowchart showing an operation of an audit process in the key issuing system 2.
- FIG. 36 is a flowchart showing the operation of a confirmation process.
- FIG. 37 is a diagram showing an operation of generating a 512-bit prime from an 8-bit prime.
- FIG. 38 is a block diagram showing a configuration of a prime number generation device 2100.
- FIG. 39 is a flowchart showing the operation of a prime number generation process.
- FIG. 40 is a flowchart showing the operation of a prime candidate generation process.
- FIG. 41 is a block diagram showing a configuration of a prime number generation device 2200.
- FIG. 42 is a block diagram showing a configuration of a prime number generation device 2300.
- FIG. 43 is a block diagram showing a configuration of a prime number generation device 2400.
- FIG. 44 is a block diagram showing a configuration of a prime number generation device 2500.
- FIG. 45 is a diagram showing an example of “IDI-Rl” as a result of embedding each bit forming a random number “R1” into a bit string of issue identifier information “IDI”.
- FIG. 46 is a flowchart showing the operation of the verification process.
- a key issuing system 1 according to a first embodiment of the present invention will be described. 1.1 Overview of key issuing system 1
- the key issuing system 1 includes key issuing servers 100, 101, and 102, and a certificate. Issued Sano 200 and terminal devices 300, 301, 302, 303, ..., 304, 305, 3
- the number of terminal devices is, for example, 1,000.
- the key issuing servers 100, 101 and 102 are managed by different companies.
- the terminal devices 300, 301,,, and 302 request the key issuing server 100 to issue a key
- the terminal devices 303,,, and 304 request the key issuing server 101 to issue a key
- the terminal device 305,..., 306 issues a key issuance request to the key issuing server 102. It is assumed that a secure communication path is established between the terminal devices 300, 301,..., 302 and the key issuing server 100.
- the key issuing server 100 Upon receiving the key issuance request from the terminal device 300, the key issuing server 100 generates a secret key and a public key in the RSA encryption, and sends the certificate issuing server 200 a public key certificate for the generated public key. Make an issuance request.
- the key length of each key to be generated is 1024 bits.
- certificate issuing server 200 Upon receiving a certificate issuance request from key issuing server 100, certificate issuing server 200 issues a public key certificate and transmits the issued public key certificate to key issuing server 100.
- key issuing server 100 When receiving the public key certificate from certificate issuing server 200, key issuing server 100 transmits the received public key certificate and the generated private key to terminal device 300.
- the terminal device 300 Upon receiving the public key certificate and the private key from the key issuing server 100, the terminal device 300 stores the received public key certificate and the private key.
- the user of the terminal device 400 first obtains the public key certificate of the terminal device 300 from the key issuing server 100, or obtains the public key certificate from the terminal device 300, Using the public key of 200, confirm the validity of the public key certificate If the public key certificate is determined to be an appropriate public key certificate, the obtained public key certificate is stored in the terminal device 400.
- the terminal device 400 encrypts the e-mail to be transmitted to the terminal device 300 using the public key included in the stored public key certificate, and transmits the encrypted e-mail to the terminal device 300 .
- terminal device 300 Upon receiving the encrypted e-mail from terminal device 400, terminal device 300 decrypts the encrypted e-mail using the stored secret key, and decrypts the decrypted e-mail. Is displayed.
- terminal devices 301, 302, and 302 are the same as the terminal device 300, and a description thereof will be omitted.
- key issuing servers 101 and 102 are the same as the key issuing server 100, and thus the description is omitted.
- the terminal device 300 is used as a representative of each terminal device, and the key issuing server 100 is used as a representative of each key issuing server.
- the key issuing server 100 includes an identifier storage unit 110, a secret key storage unit 111, a public key storage unit 112, a certificate storage unit 113, a control unit 114, an identifier generation unit 115, and a prime number generation unit. 116, a key determination unit 117, a key generation unit 118, an information acquisition unit 119, a reception unit 120, and a transmission unit 121.
- the key issuing server 100 is, specifically, a computer system including a microprocessor, a ROM, a RAM, a hard disk unit, a display unit, a keyboard, a mouse, and the like.
- a computer program is stored in the RAM or the hard disk unit. By operating in accordance with the microprocessor power and the computer program, the key issuing server 100 achieves its function.
- the key issuing servers 101 and 102 have the same configuration as the key issuing server 100, and a description thereof will be omitted.
- the identifier storage unit 110 stores issue identifier information having a bit size of 126 bits or less. And has a region for The bit size of the issue identifier information is, for example, 64 bits.
- the secret key storage unit 111 has a prime storage area for storing two prime numbers used in generating a secret key, and a secret key storage area for storing the secret key generated by the key generation unit 118. have.
- the public key storage unit 112 has an area for storing the public key generated by the key generation unit 118.
- the certificate storage unit 113 has an area for storing a public key certificate issued by the certificate issuing server.
- the control unit 114 has a server identifier storage area 130 and a terminal information storage area 131, as shown in FIG.
- the server identifier storage area 130 stores a server identifier for identifying the server in advance.
- the key issuing server 100 stores SIDA
- the key issuing server 101 stores SIDB
- the key issuing server 102 stores SIDC.
- the server server identifier of the key issuing server 100 will be described as “SID”.
- the bit size of the server identifier is 31 bits.
- the terminal information storage area 131 has an area for storing a terminal identifier for identifying a terminal device that has issued a key issuance request.
- the terminal identifier is, for example, a serial number of the terminal device.
- the bit size of the serial number is set to 32 bits.
- the control unit 114 Upon receiving key issue request information indicating a key issuance request and the terminal identifier “TID” of the terminal device 300 from the terminal device 300 via the receiving unit 120, the control unit 114 receives the received terminal identifier “TID”. Is written to the terminal information storage area 131. The control unit 114 outputs to the identifier generation unit 115 the command to generate the issue identifier information and the received terminal identifier “TID”.
- the control unit 114 transmits the public key certificate “ Upon receiving “Cert”, the received public key certificate “Cert” is written into the certificate storage unit 113.
- the control unit 114 outputs, to the information acquisition unit 119, a distribution start command for starting the process of distributing the secret key and the public key certificate to the terminal device 300 that has issued the key.
- the identifier generation unit 115 acquires the server identifier “SID” stored in the server identifier storage area.
- the symbol “II” is a bit or byte concatenation. By setting the least significant bit of the issue identifier information “IDI” to “1”, the issue identifier information “IDI” is always odd, and its bit size is 64 bits.
- the identifier generation unit 115 writes the generated issue identifier information “IDI” to the identifier storage unit 110, and outputs a prime number generation start command to the prime number generation unit 116.
- the prime generation unit 116 has a repetition control unit 132 and a prime information generation unit 133.
- the prime generation unit 116 generates a 512-bit prime from the 8-bit prime, and outputs the generated 512-bit prime to the key determination unit 117.
- the repetition control unit 132 temporarily stores an initial value storage area preliminarily storing an 8-bit prime number and the bit size of the prime number (that is, “8”), and a prime number received from the prime information generation unit 133. And a temporary storage area for storing the information.
- repetition control section 132 includes repetition counter 135 for counting the number of repetitions of the operation of prime information generation section 133, and the number of primes output to key determination section 117, ie, generation And an output counter 136 for counting the number of times of output of the 512-bit prime number. Note that the initial values of the repetition counter 135 and the output counter 136 are each “1”.
- the repetition control unit 132 has a control information table T100 shown in FIG. Control information
- the table T100 stores one or more sets of the number of times and the control information. The number of times corresponds to the value of the repetition counter 135.
- the control information indicates a type of a method of generating a prime generated by the prime information generation unit 133.
- repetition control section 132 Upon receiving a prime number generation start command from identifier generation section 115, repetition control section 132 controls prime information generation section 133 to generate a prime number. Upon receiving a prime number from the prime information generation unit 133, based on the values of the repetition counter 135 and the output counter 136, the prime generation instruction to the prime information generation unit 133 and the received prime number are again sent to the key determination unit 117. Output to either
- repetition control section 132 Upon receiving the prime number generation start command from identifier generation section 115, repetition control section 132 sets repetition counter 135 and output counter 136 to “1”, respectively.
- the repetition control unit 132 Upon receiving the prime number from the prime information generation unit 133, the repetition control unit 132 adds “1” to the value of the repetition counter 135 and determines whether or not the addition result is “7”.
- the repetition control unit 132 judges whether or not the force of the output counter 136 is 1. If it is determined to be 1, the repetition control unit 132 outputs the received prime number as a prime number “pl” to the key determination unit 117, adds “1” to the value of the output counter 136, and repeats. Set the value of counter 135 to “1”. If it is determined that it is not 1, that is, it is 2 or more, the repetition control unit 132 sets the received prime to the prime “p2” and outputs the prime “p2” and the determination start instruction to the key determination unit 117. .
- the bit size of the received prime is calculated, and the repetition control unit 132 temporarily stores the received prime and the calculated bit size in the temporary storage area. To memorize.
- the repetition control unit 132 receives the prime number generation start instruction, adds “1” to each value of the repetition counter 135 and the output counter 136, and then receives the prime number received from the prime number information generation unit 133 and its bit size. Is temporarily stored, and after adding “1” to the output counter 136 and setting the value of the repetition counter 135 to “1”, the repetition control unit 132 The operation of is performed.
- the repetition control unit 132 determines whether or not the value of the repetition counter 135 is “1”. Is one When it is determined that the prime number and its bit size are read from the initial value storage area, and when it is determined that they are not 1, the bit size "8 X (2 '(11-1 )) "And its prime number. That is, when the repetition control unit 132 determines that the value of the repetition counter 135 is not 1, it reads the immediately preceding prime number and its bit size from the temporary storage area.
- “n” is the value of the repetition counter. Thereby, the repetition control unit 132 reads the previously generated prime number and its bit size from the temporary storage area.
- the repetition control unit 132 reads a prime number consisting of “16” bits, and if the value of the repetition counter 135 is “3”, , "31" bits.
- the value of the repetition counter 135 is between “2” and “6”, a prime number consisting of “16” bits, a prime number consisting of “32” bits, a prime number consisting of “64” bits, and “128” bits And a prime number consisting of "256" bits.
- Control information corresponding to the value of repetition counter 135 is read from control information table T100, and it is determined whether the read control information is “information C”.
- the repetition control unit 132 If it is determined to be “information C”, the repetition control unit 132 generates first information including the read prime number and its bit size, and the control information, and generates the generated first information as a prime number. Output to the information generation unit 133.
- the repetition control unit 132 acquires the issue identification information “IDI” from the identifier storage unit 110 and sets the bit size rienlD I of the acquired issue identifier information “IDI”. Is generated, and second information including the read prime number and its bit size, control information, issue identifier information "IDI” and its bit size "lenIDI” is generated, and the generated second information is replaced with the prime information Output to the generation unit 133.
- repetition control section 132 when receiving a regeneration command for regenerating a prime number from key determination section 117, repetition control section 132 adds “1” to the value of output counter 136, and The value is set to “1”, and the operation after the operation of determining whether or not the force of the repetition counter 135 is 1 is performed.
- the prime information generating unit 133 includes an information control unit 140, a random number generating unit 141, a prime candidate generating unit 142, a first prime determining unit 143, and a second prime determining unit 144.
- the prime information generation unit 133 generates a prime having a bit size twice as large as that of the prime received from the repetition control unit 132. For example, when an 8-bit prime is received, a 16-bit prime is generated, and when a 16-bit prime is received, a 32-bit prime is generated.
- the information control section 140 has an information storage area for storing the first information and the second information.
- the information control unit 140 assigns the first verification value “cl l” and the second verification value “cl2” assigned by the certificate issuing server 200 and used when generating a prime number based on the control information “information A”. It has a verification value storage area stored in advance.
- the information control unit 140 When the information control unit 140 receives, from the repetition control unit 132, first information including the prime “q”, the prime bit size “lenq”, and the control information, the received first information is Write to storage area. That is, the prime “q”, the prime bit size “lenq”, and the control information (in this case, “information C”) are written.
- the information control unit 140 receives, from the repetition control unit 132, a first number consisting of a prime number “q”, a prime bit size “lenq”, control information, issue identifier information “IDI”, and its bit size “lenIDI”.
- a first number consisting of a prime number “q”, a prime bit size “lenq”, control information, issue identifier information “IDI”, and its bit size “lenIDI”.
- the received second information is written to the information storage area. That is, the prime number “q”, the prime bit size “lenq”, the control information, the issue identifier information “IDI”, and the bit size “lenIDI” are written.
- information control section 140 After writing the received information, information control section 140 outputs a first generation instruction indicating a random number generation instruction to random number generation section 141.
- information control section 140 When receiving the prime number from second prime number determination section 144, information control section 140 outputs the received prime number to repetition control section 132.
- the information control unit 140 When receiving the number-of-reads command to read the value of the output counter 136 from the prime candidate generation unit 142, the information control unit 140 reads the value of the output counter 136 of the repetition control unit 132. The information control unit 140 outputs the read value to the prime candidate generation unit 142. ⁇ Random number generation unit 141>
- the random number generation unit 141 When receiving a first generation instruction from the information control unit 140 from the information control unit 140, the random number generation unit 141 reads out control information stored in the information storage area of the information control unit 140. The random number generation unit 141 determines whether or not the read control information power is “information C”.
- the random number generation unit 141 reads out rienqj stored in the information storage area of the information control unit 140, and reads the random number “R1” consisting of (lenq ⁇ 1) bits. Is generated, and the generated random number “R1” and the read control information are output to the prime candidate generation unit 142. Here, the most significant bit of the random number “R1” is 1.
- Non-patent document 2 details the random number generation method.
- the random number generation unit 141 reads rienqj and “lenIDI” stored in the information storage area of the information control unit 140, and (lenq-lenIDI-1 ) Generate a random number “R1” composed of bits, and output the generated random number “R1” and the read control information to the prime candidate generation unit 142.
- the most significant bit of the random number “R1” is 1.
- the random number generating unit 141 when receiving a second generation instruction to generate a random number again from one of the first prime number determining unit 143 and the second prime number determining unit 144, stores the control information in the information storage area. And the above operation is performed.
- the prime candidate generation unit 142 has a generation information storage area for storing the generated information, and a function storage area for preliminarily storing the function “f” which is an injection.
- the encryption function of symmetric key cryptography is generally bijective.
- the symbol "II" is a bit or byte concatenation.
- Enc (K, XIIY) is "Enc (K, X
- Y) K XOR X
- An example of the common cipher is DES. When DES is used, the key length is 128 bits. At this time, the prime candidate generation unit 142 stores the predetermined key “ ⁇ ”.
- the prime candidate generation unit 142 determines whether or not the bit size “lenN” of the generated number “N” matches “lenq”, and if it determines that it matches, the prime candidate generation unit 142 142 outputs the generated number “N” to the first prime number determination unit 143, and stores the received random number “R1” as “R” in the generation information storage area.
- the prime candidate generation unit 142 When judging that it is not “control information power ⁇ information C”, the prime candidate generation unit 142 reads the prime “q” and the issue identifier information “IDI” from the information storage area of the information control unit 140. The prime candidate generation unit 142 determines whether or not the control information is “information B”.
- the prime candidate generation unit 142 determines whether or not the bit size “lenN” of the generated number “N” is “2 ⁇ lenqj”.
- the prime candidate generation unit 142 If it is determined that the number is “2 X lenq”, the prime candidate generation unit 142 outputs the generated number “N” to the first prime determination unit 143, and stores the generated number “R” in the generation information storage area.
- the prime candidate generation unit 142 multiplies the random number “R1” received from the random number generation unit 141 by 2, sets the result to “R1”, and again Generate the numbers "R" and "N”.
- the prime candidate generation unit 142 reads the first verification value “c 11” from the verification value storage area of the information control unit 140.
- the prime candidate generation unit 142 reads the second verification value “c12” from the verification value storage area of the information control unit 140. Note that the operation when the first verification value “cll” is read is the same as the operation when the second verification value “cl2” is read, and therefore, the operation is described below as the verification value “c”. .
- the number “N” generated at this time is a prime candidate.
- Non-Patent Document 5 describes the calculation method in detail. Hereinafter, “w” when the first verification value “cl 1” is used is expressed as “wl”, and “w” when the second verification value is used is expressed as “w2j”.
- the prime candidate generation unit 142 reads the bit size “lenq” of the prime “q” from the information storage area of the information control unit 140, and checks whether the bit size of the generated number “N” is “2 ⁇ lenqj”. Determine whether or not.
- the prime candidate generation unit 142 If it is determined to be “2Xlenq”, the prime candidate generation unit 142 outputs the generated number “N” to the first prime determination unit 143, and stores the generated number “R” in the generation information storage area. .
- the prime candidate generation unit 142 multiplies the random number "R1" received from the random number generation unit 141 by 2, sets the result to "R1", and again calculates the number "R1". Generate "R” and "N”. K 1st prime judgment unit 143>
- the first prime determination unit 143 determines whether the following expression is satisfied, using the received number “N”.
- 2 '(N-1) indicates 2 to the power of N-1.
- the first prime determining unit 143 When determining that the equation (eql) holds, the first prime determining unit 143 outputs the number “N” to the second prime determining unit 144.
- the first prime determination unit 143 When determining that the equation (eql) does not hold, the first prime determination unit 143 outputs a second generation instruction to the random number generation unit 141.
- the second prime number determination unit 144 When receiving the number “N” from the first prime number determination unit 143, the second prime number determination unit 144 reads the number “R” stored in the generation information storage area of the prime candidate generation unit 142.
- the second prime determination unit 144 determines whether the following equation is satisfied, using the numbers “N” and “R”.
- the second prime determining unit 144 determines that the equation (eq2) holds, the second prime determining unit 144 sets the number “N” as a prime “N” to the repetition controlling unit 132 via the information controlling unit 140. Output.
- the second prime determining unit 144 When determining that the equation (eq2) does not hold, the second prime determining unit 144 outputs a second generation instruction to the random number generating unit 141.
- the key determination unit 117 has a prime storage area for storing the two primes “pl” and “p2” received from the prime generation unit 116.
- the key determination section 117 Upon receiving the prime numbers “pl” and “p2” from the prime number generation section 116, the key determination section 117 stores the received prime numbers “p1” and “p2” in the prime storage area.
- the key judgment unit 117 Upon receiving the judgment start command from the prime generation unit 116, the key judgment unit 117 stores it in the prime storage area and judges whether the two primes “pl” and “p2” match. I do. If it is determined that they match, the stored prime “p2” is deleted, and a regeneration instruction is output to the repetition control unit 132.
- the two prime numbers "pl" and "p2" It writes to the prime storage area of key storage section 111 and outputs a key generation start command to key generation section 118.
- the key “PK” is written into the public key storage unit 112.
- Key generation section 118 outputs a request start instruction to start request processing of the public key certificate to information acquisition section 119.
- the information acquisition unit 119 Upon receiving the request start command from the key generation unit 118, the information acquisition unit 119 issues the issue identifier information “IDI” from the identifier storage unit 110, the public key “PK” from the public key storage unit 112, and the server of the control unit 114.
- the server identifier and the server identifier are read from the identifier storage area 130, respectively.
- the information acquisition unit 119 transmits the read issue identifier information “IDI”, the public key “PK”, the server identifier, and the certificate issuance request information for requesting the issuance of the public key certificate via the transmission unit 121. Sent to certificate issuing server 200.
- the information acquisition unit 119 Upon receiving the distribution start instruction from the control unit 114, the information acquisition unit 119 stores the secret key "SK" stored in the secret key storage unit 111 and the certificate storage unit 113.
- the public key certificate “Cert” and the terminal identifier stored in the terminal information storage area of the control unit 114 are read, and the read private key “SK” and public key certificate “Cert” are read.
- the receiving unit 120 receives information from the certificate issuing server 200 and the terminal device 300 via the Internet, and outputs the received information to the control unit 114.
- the transmitting unit 121 Upon receiving the issuance identifier information “IDI”, the public key “PK”, the server identifier, and the certificate issuance request information from the information acquisition unit 119, the transmitting unit 121 issues the received information to a certificate issuing unit. Send to line server 200.
- the transmitting unit 121 receives the secret key “SK” and the public key certificate “Cert” from the information obtaining unit 119, and transmits the received information to the terminal device 300.
- the certificate issuance server 200 Upon receiving the certificate issuance request information from the key issuance servers 100, 101, and 102, the certificate issuance server 200 issues a public key certificate and issues the issued public key certificate to the key issuance server that has been requested to issue it. Send to
- the certificate issuing server 200 includes a secret key storage unit 210, an issued public key storage unit 211, an issued identifier information storage unit 212, a public key certificate storage unit 213, and an issued public key confirmation. It comprises a unit 214, a public key certificate generation unit 215, a certificate acquisition unit 216, a reception unit 217, and a transmission unit 218.
- the certificate issuing server 200 is, specifically, a computer system including a microprocessor, a ROM, a RAM, a hard disk unit, a display unit, a keyboard, a mouse, and the like.
- a computer program is stored in the RAM or the hard disk unit. By operating according to the microprocessor power and the computer program, the certificate issuing server 200 achieves its function.
- the private key storage unit 210 reserves the private key “SKCA” that only the certificate issuing server 200 has. I remember.
- the issued public key storage unit 211 has an area for storing the public key “PK” received from the key issuing server 100.
- the issuance identifier information storage unit 212 has an area for storing the issuance identifier information “IDI” received from the key issuing server 100!
- the public key certificate storage unit 213 has an area for storing the issued public key certificate “Cert”.
- the issued public key confirmation unit 214 has a server information storage area 220 and a confirmation information storage area 221.
- the server information storage area 220 has an area for storing a server identifier for identifying a key issuing server that has issued a public key certificate issuance request.
- the confirmation information storage area 221 has a verification value table T200.
- the verification value table T200 has an area for storing one or more sets of a server identifier, a first verification value, and a second verification value.
- the server identifier is an identifier for identifying the key issuing server. “SIDA” indicates the key issuing server 100, “SIDB” indicates the key issuing server 101, and “SIDB” indicates the key issuing server 102. Show.
- the first verification value and the second verification value are verification values assigned to the key issuing server indicated by the associated server identifier.
- the server identifier of the key issuing server 100 will be described as “SID”.
- the issuing public key confirmation unit 214 receives the issuing identifier information "IDI”, the public key "PK”, the server identifier, and the certificate issuing request information from the key issuing server 100 via the receiving unit 217. Receive.
- the issuance public key confirmation unit 214 stores the received server identifier in the server information storage area 22. Write to 0.
- the issued public key confirmation unit 214 reads the corresponding first verification value "c11" and second verification value "c12" using the received server identifier.
- the issuance public key confirmation unit 214 uses the received public key “PK” and the issuance identifier information “IDI” to determine whether the public key “PK” is generated using the issuance identifier information “IDI”. Check.
- the issuance public key confirmation unit 214 calculates “n ⁇ (cl ⁇ Xcl2)” and verifies whether or not it is divisible by the calculation result power “IDI”. Thereby, it is possible to confirm whether or not the public key “PK” is generated using the issuance identifier information “IDJ”.
- the issuance public key confirmation unit 214 determines that “ ⁇ — (cl l X cl2)” is divisible by “IDI”, the public key “PK” is generated using the issuance identifier information “IDI”. If ⁇ ⁇ — (cl l X cl2) ”is not divisible by“ IDI ”, the public key“ PK ”is generated using the issue identifier information“ IDI ”, It is judged.
- the issued public key checking unit 214 stores the received public key “PK” in the issued public key storage unit 211. Then, the issue identifier information is written to the issue identifier information storage unit 212, respectively.
- the issued public key confirmation unit 214 outputs a public key certificate generation start instruction to the public key certificate generation unit 215.
- the issuance public key confirmation unit 214 determines that the public key “ ⁇ ” has not been generated using the issuance identifier information “IDI”, the process ends.
- the public key certificate generation unit 215 Upon receiving the instruction to start generating the public key certificate from the issued public key confirmation unit 214, the public key certificate generation unit 215 publishes the secret key “SKCA” from the secret key storage unit 210 and the issued public key storage unit 211.
- the key “PK” is read and the issue identifier information “IDI” is read from the issue identifier information storage unit 212.
- the public key certificate generation unit 215 generates a public key certificate “” using the read private key “SKCA”, public key “PK” and issue identifier information “IDI”.
- Sig (K, D) is signature data when a secret key “K” is used for data “D”.
- the symbol “II” is a concatenation of bits or bytes.
- Public key certificate generation section 215 writes the generated public key certificate "Cert" to public key certificate storage section 213, and sends a transmission start instruction of public key certificate "Cert" to certificate acquisition section 216. Output.
- the certificate acquisition unit 216 Upon receiving the instruction to start transmitting the public key certificate “Cert” from the public key certificate generation unit 215, the certificate acquisition unit 216 stores the public key certificate “Cert” from the public key certificate storage unit 213 and The server identifier is read from the information storage area 220, and the read public key certificate “Cert” is transmitted to the key issuing server 100 corresponding to the read server identifier via the transmission unit 218.
- Receiving section 217 receives the information from key issuing server 100 and outputs the received information to issued public key confirming section 214.
- the transmitting unit 218 receives the information from the certificate obtaining unit 216, and transmits the received information to the key issuing server 100.
- the terminal device 300 includes a secret key storage unit 310, a public key certificate storage unit 311, a control unit 312, a reception unit 313, a radio unit 314, a baseband signal processing unit 315, and a speaker 316. , A microphone 317 and a display unit 318.
- the terminal device 300 is a mobile phone.
- the terminal device 300 is, specifically, a computer system including a microprocessor, ROM, RAM, a hard disk unit, a display unit, a keyboard, a mouse, and the like. A computer program is stored in the RAM or the hard disk unit. The terminal device 300 achieves its functions by operating according to the microprocessor power and the computer program. [0112] Note that the terminal devices 301, ..., 302, 303, ..., 304, 305, ..., 306 have the same configuration as that of the terminal device 300, and a description thereof will be omitted.
- the key issuance request information and the terminal identifier are transmitted from the terminal devices 301,..., 302 to the key issuance server 100, the key issuance request information from the terminal devices 303,.
- the public key certificate storage unit 311 has an area for storing a public key certificate “Cert” of a public key corresponding to the private key issued by the key issuing server 100!
- the control unit 312 has a terminal identifier storage area 320 as shown in FIG.
- the control unit 312 also has a mail storage area for storing the encrypted e-mails.
- the terminal identifier storage area 320 stores a terminal identifier “TID” for identifying the device in advance. .
- control unit 312 Upon receiving the key issuance request instruction from receiving unit 313, control unit 312 reads terminal identifier "TID" from terminal identifier storage area 320.
- the control unit 312 transmits the key issuance request information and the read terminal identifier “TID” to the key issuance server 100 via the baseband signal processing unit 315 and the wireless unit 314.
- the control unit 312 Upon receiving the secret key “SK” and the public key certificate “Cert” from the key issuing server 100 via the radio unit 314 and the baseband signal processing unit 315, the control unit 312 The key “SK” is written into the private key storage unit 310 and the public key certificate “Cert” is written into the public key certificate storage unit 311.
- control unit 312 Upon receiving the encrypted e-mail from the terminal device 400 via the wireless unit 314 and the baseband signal processing unit 315, the control unit 312 stores the received encrypted e-mail in the mail. Write to area.
- the control unit 312 Upon receiving the display command of the encrypted e-mail from the reception unit 313, the control unit 312 transmits the secret key “SK” from the secret key storage unit 310 and the encrypted e-mail from the mail storage area. Using the read secret key “SK”, the encrypted electronic mail is decrypted, and the decrypted electronic mail (hereinafter, simply referred to as “electronic mail”) is output to the display unit 318.
- Receiving section 313 outputs a display command to control section 312 when receiving an instruction to display the encrypted e-mail by a user operation.
- the radio section 314 includes an antenna 319 and transmits and receives radio signals.
- the baseband signal processing unit 315 performs signal processing for outputting a signal received from the wireless unit 314 to the speaker 316 and signal processing for outputting audio received from the microphone 317 to the wireless unit 314.
- the baseband signal processing unit 315 Upon receiving the key issuance request information and the terminal identifier from the control unit 312, the baseband signal processing unit 315 transmits the received key and key issuance request information and the terminal identifier to the key issuing server via the wireless unit 314. Send to 100.
- baseband signal processing section 315 When receiving the private key and the public key certificate from key issuing server 100 via wireless section 314, baseband signal processing section 315 outputs the received private key and public key certificate to control section 312.
- Baseband signal processing section 315 transmits a private key and a public key certificate from key issuing server 100.
- the private key and the public key certificate are received via the wireless unit 314, the private key and the public key certificate are output to the control unit 312.
- the baseband signal processing unit 315 When receiving the encrypted e-mail from the terminal device 400 via the radio unit 314, the baseband signal processing unit 315 outputs the received encrypted e-mail to the control unit 312.
- Speaker 316 outputs the signal processed by baseband signal processing section 315 as sound.
- Microphone 317 receives the voice of the user and outputs the received voice to baseband signal processing section 315.
- Display unit 318 displays the e-mail received from control unit 312.
- the terminal device 300 transmits the key issuance request information and the terminal identifier “TID” to the key issuance server 100 in the key request process (step S5).
- the certificate issuance server 200 Upon receiving the issue identifier information "IDI” and the public key “PK”, the certificate issuance request information, and the server identifier "SID”, the certificate issuance server 200 discloses the certificate in the certificate issuance process.
- key It is determined whether the prime numbers “pl” and “p2” included in the secret key “SK” corresponding to “PK” have been generated using the issue identifier information “IDI”, and if the determination result is positive, the public key Generate a public key certificate “” for “PK”.
- the certificate issuing server 200 transmits the generated public key certificate “Cert” to the key issuing server 100 (Step S15).
- the terminal device 300 Upon receiving the private key “SK” and the public key certificate “Cert” from the key issuing server 100 in the key request process, the terminal device 300 converts the received private key “SK” and public key certificate “Cert”. Save and shut down the system.
- the receiving unit 313 of the terminal device 300 receives an instruction of a key issuance request by a user's operation (step S100).
- the control unit 312 of the terminal device 300 acquires the terminal identifier "TID" from the terminal identifier storage area 320 (Step S105).
- the control unit 312 of the terminal device 300 transmits the key issuance request information and the obtained terminal identifier “TID” to the key issuance server 100 via the baseband signal processing unit 315 and the wireless unit 314 (Step S 110).
- the control unit 312 of the terminal device 300 receives the secret key “SK” and the public key certificate “Cert” from the key issuing server 100 via the radio unit 314 and the baseband signal processing unit 315 (step S 115).
- the control unit 312 writes the received secret key “SK” into the secret key storage unit 310 (step S120), and writes the public key certificate “Cert” into the public key certificate storage unit 311 (step S125).
- the control unit 114 of the key issuing server 100 Upon receiving the key issue request information and the terminal identifier “TID” of the terminal device 300 from the terminal device 300 via the receiving unit 120 (step S200), the control unit 114 of the key issuing server 100 receives the received terminal identifier. “TID” is written to the terminal information storage area 131, and the command to generate the issue identifier information and the received terminal identifier “TID” are output to the identifier generator 115 (step S205).
- the identifier generation unit 115 Upon receiving the command to generate issue identifier information and the terminal identifier "TID" from the control unit 114, the identifier generation unit 115 acquires the server identifier "SID" stored in the server identifier storage area. I do. The identifier generation unit 115 generates issue identifier information “IDI” from the acquired server identifier “SID”, the received terminal identifier “TID” and the number “1”, and generates the generated issue identifier information “IDI”. The data is written to the identifier storage unit 110, and a prime generation command is output to the prime generation unit 116 (step S210).
- repetition control section 132 When receiving a prime number generation start instruction from identifier generation section 115, repetition control section 132 sets repetition counter 135 and output counter 136 to “1”, respectively (step S215). The repetition control unit 132 determines whether or not the force of the repetition counter 135 is 1 (step S220).
- repetition control section 132 If it is determined to be 1 ("YES” in step S220), repetition control section 132 reads the prime number and its bit size from the initial value storage area (step S225), and determines that it is not 1. In this case (“NO” in step S220), the bit size "8 X (2" (11-1)) "and its prime number, that is, the previously generated prime number and its bit size are read from the temporary storage area ( Step S230). That is, when the repetition control unit 132 determines that the value of the repetition counter 135 is not 1, it reads the previously generated prime number and its bit size from the temporary storage area.
- “n” is the value of the repetition counter.
- Control information corresponding to the value of repetition counter 135 is read from control information table T100 (step S235), and it is determined whether or not the read control information power is "information C" (step S). 240).
- the repetition control unit The 132 If it is determined to be "information C"("YES” in step S240), the repetition control unit The 132 generates first information including the read prime and its bit size, and the control information, and outputs the generated first information to the prime information generating unit 133 (Step S245).
- repetition control section 132 acquires issue identifier information “IDI” from identifier storage section 110 and acquires The bit size “lenIDI” of the issue identifier information “IDI” is calculated, and the read prime number and its bit size, control information, and the second information including the issue identifier information “IDI” and its bit size “lenIDI” are obtained.
- the generated second information is output to the prime information generation unit 133 (step S250).
- the prime information generation unit 133 generates a prime by the prime generation processing, and outputs the generated prime to the repetition control unit 132 (step S255).
- the repetition control unit 132 Upon receiving a prime number from the prime information generation unit 133, the repetition control unit 132 adds “1” to the value of the repetition counter 135 (step S260), and determines whether or not the addition result power is 7 or not. (Step S265).
- repetition control section 132 calculates the bit size of the received prime number (step S270), and sets the received prime number And the calculated bit size are temporarily stored (step S275), and the process returns to step S220.
- repetition control section 132 determines whether the value of output counter 136 is 1 or not (step S280).
- the received prime is output as a prime “pl” to the key determination unit 117 (step S285), and “1” is added to the value of the output counter 136 (step S290), and “1” is added to the value of the repetition counter 135. Is set (step S295), and the process returns to step S220.
- step SNO If it is determined that it is not 1, that is, it is 2 or more (“NO” in step SNO), the repetition control unit 132 sets the received prime number as the prime number “p2”, and sets the prime number “p2” and the determination start instruction as the key. The result is output to the determination unit 117 (step S300).
- step S285 Upon receiving the prime “pl” from repetition controller 132 in step S285, key determination unit 117 stores the received prime “pl” in the prime storage area. The key determination unit 117 proceeds to step S300 Upon receiving “p2” and the determination start command from the repetition control unit 132, the received prime “p2” is stored in the prime storage area. The key determination unit 117 determines whether or not the two prime numbers “pl” and “p2” stored in the prime storage area match each other (step S305).
- step S305 a regeneration instruction is output to the repetition control unit 132 (“YES” in step S305), and the repetition control unit 132 Upon receiving a regeneration command for generating a prime again from the determination unit 117, the above-described steps S290 and S295 are performed, and the process returns to step S220.
- the two stored primes “pl” and “p2” are written to the prime storage area of the secret key storage 111 and a key generation start instruction is sent to the key generator 118.
- the key generation unit 118 receives the key generation instruction from the key determination unit 117 (“NO” in step S305)
- the key generation unit 118 stores the two prime numbers stored in the prime number storage area of the secret key storage unit 111.
- a public key “PK” is generated as a key, and the generated public key “PK” is written to the public key storage unit 112 (step S320).
- the information acquisition unit 119 Upon receiving the request start command from the key generation unit 118, the information acquisition unit 119 issues the issue identifier information “IDI” from the identifier storage unit 110, the public key “PK” from the public key storage unit 112, and the server of the control unit 114.
- the server identifier is read from the identifier storage area 130 (step S335).
- the information acquisition unit 119 transmits the read issue identifier information “IDI”, the public key “PK”, the server identifier, and the certificate issuance request information for requesting issuance of the public key certificate via the transmission unit 121.
- the certificate is sent to the certificate issuing server 200 (step S340).
- control unit 114 When the control unit 114 receives the public key certificate “Cert” from the certificate issuing server 200 via the receiving unit 120, the control unit 114 writes the received public key certificate “Cert” into the certificate storage unit 113. And outputs a distribution start instruction to the information acquisition unit 119 (step S345).
- the information acquisition unit 119 Upon receiving the distribution start command from the control unit 114, the information acquisition unit 119 receives the secret key “SK” stored in the secret key storage unit 111 and the public key certificate stored in the certificate storage unit 113.
- the certificate “Cert” and the terminal identifier stored in the terminal information storage area of the control unit 114 are read (step S350), respectively, and the read private key “SK” and public key certificate “Certj” are read. Is transmitted to the terminal device 300 corresponding to the read terminal identifier via the transmitting unit 121 (step S355).
- the information control unit 140 receives the prime number “q”, the prime bit size “lenq”, the first information including the control information and the prime “q”, and the prime bit size “lenq” from the repetition control unit 132.
- the received information is written to the information storage area, and an instruction to generate a random number is issued.
- the first generation instruction shown is output to random number generation section 141 (step S400).
- the random number generation unit 141 Upon receiving a first generation instruction indicating an instruction to generate a random number from the information control unit 140, the random number generation unit 141 reads the control information stored in the information storage area of the information control unit 140. Then, it is determined whether the read control information is “information C” or not (step S410).
- the random number generation unit 141 reads “lenq” stored in the information storage area of the information control unit 140 (step S415). ), A random number “R1” consisting of (lenq ⁇ 1) bits is generated, and the generated random number “R1” and the read control information are output to the prime candidate generation unit 142 (step S420). Here, the most significant bit of the random number “R1” is “1”.
- Non-patent document 2 details the random number generation method.
- the random number generation unit 141 stores the "lenq” and "lens” stored in the information storage area of the information control unit 140.
- lenIDI (Step S425), generates a random number “R1” composed of (lenq-lenIDI-1) bits, and outputs the generated random number “R1” and the read control information to the prime candidate generation unit 142 (Step S425).
- the most significant bit of the random number “R1” is 1.
- the prime candidate generation unit 142 performs the prime candidate generation process to generate a random number "R" and a number that is a prime candidate.
- Step S435 the generated random number “R” is stored in the generation information storage area, and the generated number “N” is output to the first prime number determination unit 143.
- the first prime number determining unit 143 determines whether or not the force that satisfies the above-described equation (eql) is used using the received number “N” (step S440). ).
- the first prime number determining unit 143 converts the number "N" into the first number.
- step S440 Output to the 2 prime determination unit 144 (“YES” in step S440), and when the second prime determination unit 144 receives the number “N” from the first prime determination unit 143, the generation information storage area of the prime candidate generation unit 142 Is read, and it is determined whether or not the above equation (eq2) holds (step S445).
- the number “N” is output as a prime number “N” to the repetition control unit 132 via the information control unit 140 (step S450).
- the first prime number determination unit 143 When determining that the equation (eql) does not hold, the first prime number determination unit 143 outputs a second generation instruction to the random number generation unit 141 (“NO” in step S440), and the second prime number determination unit 1
- step S445 determines that the equation (eq2) is not satisfied, outputs a second generation instruction to the random number generation unit 141 (“NO” in step S445), and the random number generation unit 141 Department
- the prime candidate candidate generation unit 142 determines whether the bit size “lenN” of the generated number “N” matches “lenq” (step S520). Y ES ”), the prime candidate generation unit 142 outputs the generated number“ N ”to the first prime determination unit 143, and stores the received random number“ R1 ”as“ R ”in the generation information storage area. (Step S595).
- step S520 If it is determined that they do not match ("NO” in step S520), the prime candidate generation unit 142 multiplies the random number "R1" received from the random number generation unit 141 by 2, and outputs the result to "R1" (Step S525), and returns to Step S515.
- the prime candidate generation unit 142 If it is determined that the control information is not “information C” (“NO” in step S505), the prime candidate generation unit 142 returns the prime “q” and the issue identifier from the information storage area of the information control unit 140. The information "IDI” is read (step S530). The prime candidate generation unit 142 determines whether the control information is “information B” or not (step S535).
- the prime candidate generation unit 142 determines whether or not the bit size "lenN" of the generated number "N" is "2 X lenqj" (step S550).
- the prime candidate generation unit 142 outputs the generated number“ N ”to the first prime determination unit 143, and outputs the generated number“ R Is stored in the generation information storage area (step S595).
- step S550 When it is determined that "2 X lenqj is not satisfied (" NO "in step S550), the prime candidate generation unit 142 multiplies the random number" R1 "received from the random number generation unit 141 by 2, The result is Rl ”(step S555), and returns to step S540.
- Prime number candidate generating section 142 outputs the number read instruction to information control section 140 and receives the value of output counter 136 from information control section 140.
- the prime candidate generation unit 142 determines whether or not the received power is “l” (step S565).
- the prime candidate generation unit 142 reads the first verification value “cl l” from the verification value storage area of the information control unit 140. Is read out (step S570).
- the prime candidate generation unit 142 reads the verification value storage area of the information control unit 140 The second verification value “cl2” is read (step S580).
- the prime candidate generation unit 142 reads the bit size “lenq” of the prime “q” from the information storage area of the information control unit 140, and checks whether the bit size of the generated number “N” is “2 X lenqj”. Judgment is made (step S590).
- the prime candidate generation unit 142 outputs the generated number“ N ”to the first prime determination unit 143, and outputs the generated number“ R Is stored in the generation information storage area (step S595).
- step S590 If it is determined that "2 X lenqj is not satisfied (" NO "in step S590), the prime candidate generation unit 142 multiplies the random number" R1 "received from the random number generation unit 141 by 2, The result is set to “Rl” (step S600), and the process returns to step S560. (6) Certificate issuance processing
- the issued public key confirmation unit 214 of the certificate issuing server 200 transmits the issued identifier information "IDI”, the public key "PK”, the server identifier, and the certificate from the key issuing server 100 via the receiving unit 217. Receive the issuance request information (step S650).
- the issuance public key confirmation unit 214 writes the received server identifier into the server information storage area 220 (Step S655).
- the issued public key confirmation unit 214 reads the corresponding first verification value "c11" and second verification value "c12" using the received server identifier (step S660).
- the issuance public key confirmation unit 214 uses the read first verification value “c11” and second verification value “c12”, the received public key “PK”, and the issuance identifier information “IDI” to make public. It is checked whether the key “PK” is generated using the issue identifier information “IDI” (step S660).
- the issued public key confirmation unit 214 determines that "n— (cl l X cl2)" is divisible by “IDI", that is, the public key "PK” is determined by using the issuance identifier information "IDI”. If it is determined that the public key has been generated (“YES” in step S660), the issued public key confirmation unit 214 sends the received public key “PK” to the issued public key storage unit 211 and the issued identifier information to the issued identifier information storage unit. 212, and the issued public key confirmation unit 214 outputs a public key certificate generation start instruction to the public key certificate generation unit 215 (step S665).
- step S660 If the issuance public key confirmation unit 214 determines that the public key "PK" is not generated using the issuance identifier information "IDI" ("YES” in step S660), the process proceeds to step S660.
- the public key certificate generation unit 215 Upon receiving the public key certificate generation start instruction from the issued public key confirmation unit 214, the public key certificate generation unit 215 ends the secret key “SKCA” from the private key storage unit 210 and issues the issued public key storage unit 211. Then, the public key “PK” is read, and the issue identifier information “IDI” is read from the issue identifier information storage unit 212 (step S670).
- the public key certificate generation unit 215 generates a public key certificate “” using the read secret key “SKCA”, public key “PK”, and issue identifier information “IDI”, and generates the generated public key certificate “”.
- Key certificate The certificate “Cert” is written into the public key certificate storage unit 213, and a transmission start instruction of the public key certificate “” is output to the certificate acquisition unit 216 (step S675).
- the certificate acquisition unit 216 Upon receiving the instruction to start transmitting the public key certificate “Cert” from the public key certificate generation unit 215, the certificate acquisition unit 216 stores the public key certificate “Cert” from the public key certificate storage unit 213 and The server identifier is read from the information storage area 220, and the read public key certificate “Cert” is transmitted to the key issuing server 100 corresponding to the read server identifier via the transmission unit 218 (step S680).
- the first primality determining unit 143 and the second primality determining unit 144 of the prime information generation unit 133 are Pocklington determinations.
- the Pocklington judgment is described in detail on page 144 of Non-Patent Document 1 and Non-Patent Document 4. The following is a brief description.
- the prime information generation unit 133 can output the number “N” as a prime number.
- bit size of the random number “R1" is (lenq-lenIDI-1)
- bit size of the number “R” is (lenq-1)
- bit size of most of the number “N” is (2 X lenq).
- the bit size may be (2 X lenq-1) depending on values such as the prime number “q” and the issue identifier information “IDI”.
- the prime candidate generation unit 142 multiplies R1 by 2 and newly sets R1 as R1, thereby setting the bit size of the generated number “N” to (2 X lenq). It can be set as follows.
- the certificate issuing server 200 checks whether or not “n-cllXcl2” is divisible by “IDI”, thereby confirming whether the key issuing server has correctly generated the ID using the issued identifier information IDI. can do.
- bit size of "IDI” is “lenIDI” and the bit size of "R1" is (lenq-lenlDI-1)
- bit size of "R1” is (lenq-lenlDI-1)
- bit size may be (2 ⁇ lenq ⁇ 1).
- the prime number generation unit 142 sets the bit size of “N1” to “2Xlenql” by multiplying “R1” by 2 and treating it as “R1”. Can be.
- the key issuing system 1 can obtain information on the terminal that has performed the unauthorized operation from the secret key by the following confirmation method.
- the secret keys "pl" and "p2" of the fraudulent terminal were found.
- an improper pursuer for example, an administrator of the certificate issuing server 200 has a correspondence table between the issue identifier information and the terminal.
- Both “pl-cll” and “p2-cl2” are divisible by the issue identifier information “IDI”. Therefore, GCD (pl-cll, P2 -cl2) is divisible by issue identifier information. Therefore, by examining the prime factors of GCD (pl-cll, p2-cl2), the fraudster can limit the possible issuance identifier information and know the issuance identifier information, that is, help identify the terminal. It becomes.
- two verification values that is, a first verification value and a second verification value are used.
- generation of a prime number when one verification value is used will be described.
- the prime information generation unit in the key issuing server and the issued public key confirmation unit in the certificate issuing server are different.
- the prime information generation unit 133A and the issued public key confirmation unit 214A in the present modification will be described.
- the components described in the first embodiment are used.
- the prime information generation unit 133A includes an information control unit 140A, a random number generation unit 141A, a prime candidate generation unit 142A, a first prime determination unit 143A, and a second prime determination unit 144A.
- the prime information generation unit 133A generates a prime whose bit size is twice the bit size of the prime received from the repetition control unit 132.
- the information control unit 140A has an information storage area for storing the first information and the second information.
- the information control unit 140A stores in advance a verification value "cl" assigned by the certificate issuing server 200 and used for generating a prime number based on the control information "information A". It has a value storage area.
- the information control unit 140A Upon receiving the first information including the prime number “q”, the prime number bit size “lenq”, and the control information from the repetition control unit 132, the information control unit 140A stores the received first information in the information storage area. Write. That is, the prime “q”, the prime bit size "lenq”, and the control information (in this case, "information C") are written.
- the information control unit 140A sends, from the repetition control unit 132, the prime “q”, the bit size “lenq” of the prime, the control information, the issue identifier information "IDI”, and the bit size "lenIDI”.
- the received second information is written to the information storage area. That is, the prime number “q”, the bit size “lenq” of the prime number, control information, issue identifier information “IDI”, and the bit size “lenIDI” are written.
- the information control unit 140A After writing the received information, the information control unit 140A outputs a random number generation instruction. (1) It outputs a generation instruction to the random number generation unit 141A.
- information control section 140A When receiving the prime number from second prime number determination section 144A, information control section 140A outputs the received prime number to repetition control section 132.
- the random number generation unit 141A is the same as the random number generation unit 141A shown in the first embodiment, and thus the description is omitted.
- the prime candidate generation unit 142A has a generation information storage area for storing the generated information, and a function storage area for preliminarily storing the function “f” which is an injection.
- the encryption function of symmetric key cryptography is generally bijective.
- the symbol "II" is a bit or byte concatenation.
- Enc (K, XIIY) is "Enc (K, X
- Y) K XOR X
- An example of the common cipher is DES. When DES is used, the key length is 128 bits.
- the prime candidate generation unit 142A determines whether or not the received control information is "information C".
- the prime candidate generation unit 142A determines whether the control information is “information B” or not.
- the prime candidate generation unit 142A determines whether or not the generated number “N” has a bit size “lenN” of “2 ⁇ lenqj”.
- the prime candidate generation unit 142A If it is determined to be “2 X lenq”, the prime candidate generation unit 142A outputs the generated number “N” to the first prime determination unit 143A, and stores the generated number “R” in the generation information storage area.
- the prime candidate generation unit 142A multiplies the random number "R1" received from the random number generation unit 141A by 2, sets the result to "R1", and again Generate the numbers "R” and "N”.
- the prime candidate generation unit 142A reads the verification value "cl" from the verification value storage area of the information control unit 140A.
- the prime candidate generation unit 142A reads the bit size “lenq” of the prime “q” from the information storage area of the information control unit 140A, and determines whether the bit size of the generated number “N” is “2 ⁇ lenqj”. to decide.
- the prime candidate generation unit 142A When determining that the number is "2 X lenq”, the prime candidate generation unit 142A outputs the generated number "N” to the first prime determination unit 143A, and outputs the generated number "R” to the generation information. Store in storage area If it is determined that the number is not “2 X lenq”, the prime candidate generation unit 142A multiplies the random number “R1” received from the random number generation unit 141A by 2 and sets the result to “R1”. Generates “R” and “N”.
- the first primality determining unit 143A is the same as the first primality determining unit 143 described in the first embodiment, and a description thereof will not be repeated.
- the second primality determining unit 144A is the same as the second primality determining unit 144 shown in the first embodiment, and a description thereof will be omitted.
- the issued public key confirmation unit 214A has a server information storage area 220A and a confirmation information storage area 221A.
- the server information storage area 220A has an area for storing a server identifier for identifying a key issuing server that has issued a public key certificate issuance request.
- the confirmation information storage area 221A has a verification value table T250 as shown in FIG.
- the verification value table T250 has an area for storing one or more sets of a server identifier and a verification value.
- the server identifier is an identifier for identifying the key issuing server. “SIDA” indicates the key issuing server 100, “SIDB” indicates the key issuing server 101, and “SID B” indicates the key issuing server 102. .
- the verification value is a verification value assigned to the key issuing server indicated by the associated server identifier.
- the server identifier of the key issuing server 100 will be described as “SID”.
- the issuance public key confirmation unit 214A receives the issue identifier information "IDI”, the public key "PK”, the server identifier, the certificate issuance request information from the key issuing server 100 via the reception unit 217. Receive.
- the issuance public key confirmation unit 214A writes the received server identifier into the server information storage area 220 #.
- the issuing public key confirmation unit 214A uses the received server identifier to generate a corresponding verification value. Read "cl”.
- the issued public key confirmation unit 214A uses the received public key “PK” and the issued identifier information “IDI” to determine whether the public key “PK” was generated using the issued identifier information “IDI”. Check.
- the confirmation method verifies whether or not it is divisible by "n- (cl)" 2J force "IDI”. As a result, it is possible to confirm whether or not the public key “PK” is generated using the issue identifier information “IDI”.
- the issuance public key confirmation unit 214A determines that “n— (cl) '2” is divisible by “IDI”, the public key “PK” is generated using the issuance identifier information “IDI”. If it is determined that “n— (c 1) '2” is not divisible by “IDI”, a public key “PK” is generated using the issue identifier information “IDI”, and Judge.
- the issue public key confirmation unit 214A stores the received public key “PK” in the issue public key storage unit.
- the issue identifier information is written in the issue identifier information storage unit 212.
- Issued public key confirmation section 214A outputs a public key certificate generation start instruction to public key certificate generation section 215.
- the issuance public key confirmation unit 214A ends the process.
- the prime candidate generation processing according to the present modified example will be described only on points different from the prime candidate generation processing shown in the first embodiment.
- the operation flow of the key issuance process and the prime number generation process is the same as in the first embodiment, and a description thereof will not be repeated.
- step S565 the prime candidate generation unit 142A
- step S580 the prime candidate generation unit 142A
- the certificate issuing process according to this modified example will be described only on the points different from the certificate issuing process shown in the first embodiment.
- step S660 the issued public key confirmation unit 214A reads a verification value (for example, "cl") corresponding to the received server identifier, and in step S670, reads the verification value "cl” Using the public key “PK” and the issue identifier information “IDI”, it is confirmed whether or not “PK” is generated from “IDI”.
- a verification value for example, "cl”
- IDI issue identifier information
- the prime information generation unit in the key issuing server and the issued public key confirmation unit in the certificate issuing server are different.
- the following describes the prime information generation unit 133B and the issued public key confirmation unit 214B in the present modification.
- the components described in the first embodiment are used.
- the prime information generation unit 133B includes an information control unit 140B, a random number generation unit 141B, a prime candidate generation unit 142B, a first prime determination unit 143B, and a second prime determination unit 144B.
- the prime information generation unit 133B generates a prime having a bit size twice as large as that of the prime received from the repetition control unit 132.
- the information control unit 140B has an information storage area for storing the first information and the second information. [0201]
- the information control unit 140B has a verification value storage area in which a verification value "1" used for generating a prime number based on the control information "information A" is stored in advance. .
- the information control unit 140B Upon receiving the first information including the prime number “q”, the prime number bit size “lenq”, and the control information from the repetition control unit 132, the information control unit 140B stores the received first information in the information storage area. Write. That is, the prime “q”, the prime bit size “lenq”, and the control information (in this case,
- the information control unit 140B sends, from the repetition control unit 132, the prime "q", the bit size "lenq” of the prime, the control information, the issue identifier information "IDI”, and the bit size "lenIDI”.
- the prime "q" the bit size "lenq" of the prime
- the control information the control information
- the issue identifier information "IDI” the issue identifier information
- the bit size "lenIDI” When receiving the second information consisting of, the received second information is written to the information storage area.
- the prime "q" the bit size "lenq" of the prime
- the information control unit 140B After writing the received information, the information control unit 140B issues a second instruction to generate a random number.
- information control section 140B When receiving the prime number from second prime number determination section 144B, information control section 140B outputs the received prime number to repetition control section 132.
- the random number generation unit 141B is the same as the random number generation unit 141B described in the first embodiment, and thus the description is omitted.
- the prime candidate generation unit 142B has a generation information storage area for storing the generated information, and a function storage area for storing the injection function “f” in advance.
- the prime candidate generation unit 142B determines whether or not the received control information is “information C”.
- the prime candidate generation unit 142B reads the prime "q” from the information storage area of the information control unit 140B.
- the prime candidate generating unit 142B determines whether or not the bit size “lenN” of the generated number “N” matches “lenq”.
- the unit 142B outputs the generated number “N” to the first prime number judgment unit 143B, and receives the random number “R1
- the prime candidate generation unit 142B If it is determined that the control information is not “information C”, the prime candidate generation unit 142B reads the prime “q” and the issue identifier information “IDI” from the information storage area of the information control unit 140B. The prime candidate generation unit 142B determines whether or not the power is the control information power S “information B”.
- the prime candidate generation unit 142B transmits the received random number "
- the prime candidate generation unit 142B determines whether or not the bit size "lenN" of the generated number "N" is "2 X lenqj".
- the prime candidate generation unit 142B If it is determined that the number is “2 X lenq”, the prime candidate generation unit 142B outputs the generated number “N” to the first prime determination unit 143B, and stores the generated number “R” in the generation information storage area.
- the prime candidate generation unit 142B multiplies the random number "R1" received from the random number generation unit 141B by 2, sets the result as “R1”, and again Generate the numbers "R” and "N”.
- the prime candidate generation unit 142B stores the verification value "1" from the verification value storage area of the information control unit 140B.
- the last item “1” is the verification value.
- the prime candidate generation unit 142B determines the bit size "lenq" of the prime “q” by the information control unit 140B. It is read from the information storage area, and it is determined whether or not the bit size of the generated number “N” is “2 ⁇ lenqj”.
- the prime candidate generation unit 142B If it is determined that the number is “2 X lenq”, the prime candidate generation unit 142B outputs the generated number “N” to the first prime determination unit 143B, and stores the generated number “R” in the generation information storage area.
- the prime candidate generation unit 142B multiplies the random number "R1" received from the random number generation unit 141B by 2 and sets the result to "R1" again. Generate the numbers "R” and "N”.
- the first primality determining unit 143B is the same as the first primality determining unit 143 described in the first embodiment, and a description thereof will not be repeated.
- the second primality determining unit 144B is the same as the second primality determining unit 144 shown in the first embodiment, and a description thereof will not be repeated.
- the issued public key confirmation unit 214B has a server information storage area 220B and a confirmation information storage area 221B.
- the server information storage area 220B has an area for storing a server identifier that identifies a key issuing server that has issued a public key certificate issuance request.
- the confirmation information storage area 221B stores a verification value “1” that is a fixed value.
- the issuance public key confirmation unit 214B receives the issuance identifier information “IDI”, the public key “PK”, the server identifier, and the certificate issuance request information from the key issuing server 100 via the reception unit 217. .
- the issued public key confirmation unit 214B writes the received server identifier into the server information storage area 220 #.
- the issue public key confirmation unit 214B reads the verification value “1” from the confirmation information storage area 221B.
- the issuance public key confirmation unit 214B compares the received public key “ ⁇ ” and the issuance identifier information “IDI”. To confirm whether the public key “PK” is generated using the issue identifier information “IDI”.
- the confirmation method verifies whether or not it is divisible by "n-verification value", that is, "n-1" force “IDI”. Thereby, it is possible to confirm whether or not the public key “PK” has been generated using the issue identifier information “IDI”.
- the issuance public key confirmation unit 214B determines that the public key “PK” has been generated using the issuance identifier information “IDI”. If it is determined that “n ⁇ 1” is not divisible by “IDI”, the public key “PK” is generated using the issue identifier information “IDI” and is determined to be!
- the issue public key confirmation unit 214B stores the received public key “PK” in the issue public key storage unit.
- the issue identifier information is written in the issue identifier information storage unit 212.
- Issued public key confirmation section 214B outputs a public key certificate generation start instruction to public key certificate generation section 215.
- the issuance public key confirmation unit 214B ends the process.
- the prime candidate generation processing according to the present modified example will be described only on points different from the prime candidate generation processing shown in the first embodiment.
- the operation flow of the key issuance process and the prime number generation process is the same as in the first embodiment, and a description thereof will not be repeated.
- the prime candidate generation unit 142B After executing the steps S500 and S560 shown in FIGS. 16 and 17, the prime candidate generation unit 142B skips the step S565 and reads the verification value “1” in the step S570.
- the last term in calculating the number “N” is the verification value.
- the prime candidate generation processing according to the present modification is performed irrespective of the value of the output counter.
- the number “N” is generated using “q” and the number “R”.
- the certificate issuing process according to this modified example will be described only on the points different from the certificate issuing process shown in the first embodiment.
- step S660 the issued public key confirmation unit 214B reads the verification value "1", and in step S670, reads the verification value "1", the public key "PK”, and the issued identifier information "IDI”. Check if "PK” is generated from “IDI”.
- the certificate issuing server can confirm whether the key issuing server has correctly generated the issued identifier information IDI.
- the prime number generation unit in the key issuing server and the issued public key confirmation unit in the certificate issuing server are different.
- the prime number generation unit 116C and the issued public key confirmation unit 214C in the present modification will be described. Note that, for the other components, the components shown in the first embodiment are used.
- the bit size of the server identifier is 15 bits
- the bit size of the terminal identifier of the terminal device is 16 bits
- the bit size of the issue identifier information is 32 bits.
- the prime generation unit 116C includes a repetition control unit 132C and a prime information generation unit 133C.
- the prime generation unit 116C generates a 512-bit prime from the 8-bit prime, and outputs the generated 512-bit prime to the key determination unit 117.
- the repetition control unit 132C temporarily stores the prime received from the initial value storage area in which the prime consisting of 8 bits and the bit size of the prime (that is, “8”) are stored in advance, and the prime information generation unit 133C. And a temporary storage area for temporarily storing.
- the repetition control unit 132C counts the repetition counter 135C that counts the number of repetitions of the operation of the prime information generation unit 133C, and counts the number of primes output to the key determination unit 117, that is, the number of output of the generated 512-bit prime. And an output counter 136C. Note that the initial values of the repetition counter 135C and the output counter 136C are respectively “1”.
- Repeat control section 132C has control information table T150 shown in FIG.
- the control information table T150 stores one or more sets of the number of times and the control information. The number of times corresponds to the value of the repetition counter 135C.
- the control information indicates the type of a method of generating a prime generated by the prime information generation unit 133C.
- the repetition control unit 132C controls the prime information generation unit 133C to generate a prime number.
- a prime generation instruction is sent to the prime information generation unit 133C again, and the received prime is transmitted to the key judgment unit 117. Output to either
- repetition control section 132C Upon receiving the prime number generation start instruction from identifier generation section 115, repetition control section 132C sets repetition counter 135C and output counter 136C to “1”.
- the repetition control unit 132C Upon receiving a prime number from the prime information generation unit 133C, the repetition control unit 132C Add "1" to the value of the data 135C, and determine whether or not the addition result is 7.
- the repetition control unit 132C judges whether the value of the output counter 136C is 1 or not. If it is determined to be 1, the repetition control unit 132C outputs the received prime as a prime “pl” to the key determination unit 117, and adds "1" to the value of the output counter 136C, Set the value of the repetition counter 135C to “1”. If it is determined that it is not 1, that is, it is 2 or more, repetition control section 132C sets the received prime to prime “p2”, and outputs a prime “p2” and a determination start instruction to key determination section 117.
- the repetition control unit 132C receives the prime number generation start instruction, adds ⁇ 1 '' to each value of the repetition counter 135C and the output counter 136C, and then calculates the prime number received by the prime information generation unit 133C. After temporarily storing the bit size and after adding "1" to the output counter 136C and setting the value of the repetition counter 135C to "1", the repetition is performed. The control unit 132C performs the following operation.
- the repetition control unit 132C determines whether or not the force of the repetition counter 135C is 1, which is the force. If it is determined to be 1, the repetition control unit 132C reads the 8-bit prime number and its bit size from the initial value storage area, and if it is not 1, it reads the bit size "8" from the temporary storage area. X (2 "(11-1))" and its prime number. That is, when it is determined that the value of the repetition counter 135C is not 1, the repetition control unit 132C reads the previously generated prime number and its bit size from the temporary storage area. Here, “n” is the value of the repetition counter.
- Control information corresponding to the value of repetition counter 135C is read from control information table T150, and it is determined whether or not the read control information is "information C".
- the repetition control unit 132C If it is determined to be “information C”, the repetition control unit 132C generates first information including the read prime number and its bit size and the control information, and generates the generated first information as prime information Output to generator 133C.
- the repetition control unit 132C acquires the issue identification information “IDI” from the identifier storage unit 110, and sets the bit size rienlD of the acquired issue identifier information “IDI”. I '', and generates second information including the read prime number and its bit size, control information, issue identifier information “IDI” and its bit size “lenIDI”, and generates the second information as a prime number Output to information generation unit 133C.
- repetition control section 132C upon receiving a regeneration instruction for regenerating a prime number from key determination section 117, repetition control section 132C adds "1" to the value of output counter 136C and repeats counter of repetition counter 135C. Set the value to “1” and perform the operation after the operation to judge whether the value of the repetition counter 135C is 1 or not.
- the prime information generation unit 133C includes an information control unit 140C, a random number generation unit 141C, a prime candidate generation unit 142C, a first prime determination unit 143C, and a second prime determination unit 144C.
- the prime information generation unit 133C generates a prime whose bit size is twice the bit size of the prime received also by the repetition control unit 132C. For example, when an 8-bit prime is received, a 16-bit prime is generated, and when a 16-bit prime is received, a 32-bit prime is generated.
- each component will be described assuming that the received prime number is a prime number “q” and its bit size is “lenq”.
- the information control unit 140C has an information storage area for storing the first information and the second information.
- the information control unit 140C previously stores a prime “qg” and a bit size “lenqg” assigned by the certificate issuing server 200 and used when generating a prime based on the control information “information AB”. It has an assigned prime storage area.
- the bit size of the prime “qg” is, for example, “64” bits.
- the information control unit 140C Upon receiving the first information including the prime “q”, the prime bit size "len q”, and the control information from the repetition controller 132C, the information control unit 140C converts the received first information. Write to the information storage area. That is, the prime “q”, the prime bit size “lenq”, and the control information (in this case, "information C") are written.
- the information control unit 140C includes, from the repetition control unit 132C, a prime “q”, a bit size “len q” of the prime, control information, issue identifier information “IDI”, and a bit size “lenIDI”.
- the received second information is written to the information storage area. That is, the prime “q”, the prime bit size "lenq”, the control information, the issue identifier information "IDI”, and the bit size “lenIDI” are written.
- information control section 140C After writing the received information, information control section 140C outputs a first generation instruction indicating a random number generation instruction to random number generation section 141C.
- information control section 140C When receiving the prime number from second prime number determination section 144C, information control section 140C outputs the received prime number to repetition control section 132C.
- the information control unit 140C reads the value of the output counter 136C of the repetition control unit 132C when receiving the number-of-times read instruction to read the value of the output counter 136C from the prime candidate generation unit 142C.
- Information control section 140C outputs the read value to prime candidate generation section 142C.
- the random number generation unit 141C Upon receiving the first generation instruction indicating the instruction to generate a random number, the random number generation unit 141C reads out the control information stored in the information storage area of the information control unit 140C. The random number generation unit 141C determines whether or not the read control information is “information C”.
- the random number generation unit 141C reads rienqj stored in the information storage area of the information control unit 140C, and includes (lenq-1) bits. A random number "R1" is generated, and the generated random number “R1” and the read control information are output to the prime candidate generation unit 142C. Here, the most significant bit of the random number “R1” is 1.
- Non-patent document 2 details the random number generation method.
- the random number generation unit 141C stores ienqj stored in the information storage area of the information control unit 140C in the assigned prime storage area! And “lenqg” are read, respectively. Using the read “lenq” and “le nqg”, the random number generation unit 141C generates a random number “R1” composed of (lenq ⁇ 2 ⁇ lenqg ⁇ 1) bits, and reads the generated random number “R1”. The control information is output to the prime candidate generation unit 142C. Where the random number The most significant bit of “R 1” is 1.
- the random number generation unit 141C stores the control information in information. Read from the area and perform the above operation.
- the prime candidate generation unit 142C includes: a generation information storage area for storing the generated information; a prime generation function “gp” for uniquely generating a prime from the issue identifier information “IDI” and the prime “qg”; And a function storage area in which the function “f” is stored in advance.
- the prime candidate generation unit 142C When defining the function “gp” in this way, if the functions “qg” and “f” are held, the prime candidate generation unit 142C performs the prime number generation function with respect to the issue identifier information “IDI”. , The same prime can be generated. At this time, if the bit size of “IDI” and the bit size of “qg” are “32” bit and “64” bit, respectively, the bit size of “gp (IDI, qg)” is 128 bit It becomes.
- the prime candidate generation unit 142C determines whether or not the received control information is "information C".
- the prime candidate generation unit 142C reads the prime “q” from the information storage area of the information control unit 140C.
- the prime candidate generation unit 142C determines whether or not the bit size “lenN” of the generated number “N” matches “lenq”, and if it determines that it matches, the prime candidate generation unit 142C
- the obtained number “N” is output to the first prime number determination unit 143C, and the received random number “R1” is stored in the generation information storage area as “R”.
- the prime candidate generation unit 142C determines the prime “primary” from the information storage area of the information control unit 140C. “qg” and issue identifier information “IDI”, and read a prime “qg” from the allocated prime storage area, respectively.
- the prime candidate generation unit 142C determines whether or not the bit size "lenN" of the generated number "N" is "2 X lenqj".
- the prime candidate generation unit 142C If it is determined to be “2 X lenq”, the prime candidate generation unit 142C outputs the generated number “N” to the first prime determination unit 143C, and generates the received random number “R1” as “R”. Store it in the information storage area.
- the prime candidate generation unit 142C multiplies the random number "R1" received from the random number generation unit 141C by 2, sets the result to "R1", and again Generates the number "N”.
- the first primality determining unit 143C is the same as the first primality determining unit 143 shown in the first embodiment, and a description thereof will not be repeated.
- the second primality determining unit 144C is the same as the first primality determining unit 144 shown in the first embodiment, and a description thereof will not be repeated.
- the issue public key confirmation unit 214C has a server information storage area 220C and a confirmation information storage area 221C.
- the server information storage area 220C has an area for storing a server identifier for identifying a key issuing server that has been requested to issue a public key certificate.
- the confirmation information storage area 221C stores the same prime number “qg” and its bit size “lenqg” assigned to the key issuing server 100, and the same as the prime number generating function and unijection function stored in the key issuing server 100.
- the functions “gp” and “f” are stored in advance.
- the issuance public key confirmation unit 214C writes the received server identifier into the server information storage area 220C.
- the issued public key confirmation unit 214C uses the received public key "PK” and the issued identifier information "IDI” to generate a public key "PK” generated using the issued identifier information "IDI”. Check if it is correct.
- the issuance public key confirmation unit 214C uses the received issuance identifier information “IDI”, the stored prime numbers “qg”, and the functions “gp” and “f” to generate the prime numbers “gp (IDI, qg) ”and writes the generated prime prime“ gp (IDI, qg) ”to the confirmation information storage area 221C.
- the method of generating the prime number “gp (IDI, qg)” is the same as the method described above, and thus the description is omitted.
- the prime number “gp (IDI, qg)” generated by the issued public key confirmation unit 214C is the same as the prime number “pIDI” generated by the prime candidate generation unit 142C of the key issuing server. Power.
- the issue public key confirmation unit 214C reads the prime “gp (IDI, qg)” stored in the confirmation information storage area 221C, and “n ⁇ 1” replaces the read prime “gp (IDI, qg) ”. This makes it possible to confirm whether or not the public key “PK” is generated using the issue identifier information “IDI”.
- Issued public key confirmation unit 214C determines that “nl” is divisible by prime “gp (IDI, qg)”. If the public key "PK” is determined to have been generated using the issue identifier information "IDI” and "n-1" is not divisible by the prime number “gp (IDI, qg)” Then, it is determined that the public key “PK” is generated using the issue identifier information “IDI”.
- the issued public key confirmation unit 214C stores the received public key “PK” in the issued public key storage unit.
- the issue identifier information is written in the issue identifier information storage unit 212.
- the issued public key confirmation unit 214C outputs a public key certificate generation start instruction to the public key certificate generation unit 215.
- the issuance public key confirmation unit 214C ends the process when determining that the public key “ ⁇ ” is generated using the issuance identifier information “IDI”.
- the prime number generation processing according to the present modification will be described only on points different from the prime number generation processing shown in the first embodiment.
- the flow of the key issuing process is the same as in the first embodiment, and a description thereof will not be repeated.
- step S425 of the prime number generation process shown in FIG. 15 the random number generation unit 141C stores “lenq” stored in the information storage area of the information control unit 140C in the allocated prime number storage area. Then, rienqgj is changed to be read.
- step S430 the random number generation unit 141C generates a random number “R1” composed of (lenq ⁇ 2 ⁇ lenqg ⁇ 1) bits using the read “lenq” and “le nqg”, and generates the generated random number.
- the number “R1” and the read control information are changed to be output to the prime candidate generation unit 142C.
- the most significant bit of the random number “R1” is 1.
- the prime candidate generation unit 142C determines whether the received control information is “information C” (step S700). Step S705).
- the prime candidate candidate The component 142C reads the prime “q” from the information storage area of the information control unit 140C (step S710).
- the prime candidate generation unit 142C determines whether or not the bit size “lenN” of the generated number “N” matches the “lenq” (step S720), and if it determines that it matches, (step S720). (“YES”), the prime candidate generation unit 142C outputs the generated number “N” to the first prime determination unit 143C, and stores the received random number “R1” as “R” in the generation information storage area (step S755).
- step S720 If it is determined that they do not match ("NO” in step S720), the prime candidate generation unit 142C multiplies the random number "R1" received from the random number generation unit 141 by 2, and divides the result by "R1" (Step S725), and the process returns to Step S715.
- step S705 If it is determined that the control information is not “information C” (“NO” in step S705), that is, if it is determined that the control information is “information AB”, the prime candidate generation unit 142C outputs the information
- the prime “q” and the issue identifier information “IDI” are read from the information storage area of the control unit 140C, and the prime “qg” is read from the allocated prime storage area (step S730).
- the prime candidate generation unit 142C uses the read issue identifier information "IDI” and the prime “qg” and the functions "f" and “gp” stored in the function storage area to perform the above-described processing.
- a prime “pIDI gp (IDI, qg)” is generated by the method described in (1), and the generated prime “pIDI” is stored in the generation information storage area (step S735).
- the prime candidate generation unit 142C determines whether or not the generated number "N" has a bit size "lenN" of "2 X lenqj" (step S745).
- the prime candidate generation unit 142C outputs the generated number" N "to the first prime determination unit 143C, and outputs the random number" R1 ". It is stored in the generated information storage area as “R” (step S755).
- step S745 If it is determined that "2 X lenqj is not satisfied (" NO "in step S745), the prime candidate Generation unit 142C multiplies the random number “R1” received from random number generation unit 141C by 2, sets the result to “R1” (step S750), and returns to step S740.
- the certificate issuing process according to this modified example will be described only on the points different from the certificate issuing process shown in the first embodiment.
- the issuance public key confirmation unit 214C uses the received issuance identifier information “ID I”, the stored prime numbers “qg”, and the functions “gp” and “f” in step S660 to generate a prime number. Generate “gp (IDI, qg)” and change it to write to confirmation information storage area 221C.
- the issued public key confirmation unit 214C reads the prime number “gp (IDI, qg)”, receives the received public key “PK” and issued identifier information “IDI”, and reads the read prime “gp (IDI, , Qg) ”to confirm whether the public key“ PK ”is generated using the issue identifier information“ IDI ”.
- the uniqueness of the prime generated by the prime generator 116C is satisfied. That is, since different issue identifier information is generated for each terminal device, the generated prime numbers are also different due to the one-shot nature of the function “f” used for generating the prime numbers. As a result, a different secret key and a corresponding public key can be assigned to each terminal device.
- the certificate issuing server can confirm whether the key issuing server has correctly generated the issuance identifier information IDI.
- pl 2Xql XpIDIXRll + 1
- p2 2Xq2XpIDIXR12 + l
- the key issuing server stores two prime numbers “qgl” and “qg2” in advance and uses the prime number “qgl” to generate the prime number “pl” and the prime number “p2” to generate the prime number “p2”. “Qg2” may be used.
- the force used when "pIDI” used for generating prime numbers “pl” and “p2” is the same is not limited to this.
- the value of “c” used to generate the prime “pl” and the value of “c” used to generate the prime “p2” are set differently, and the primes “pl” and “p2” are generated. In this case, the values of “pIDI” may be different.
- a key issuing system 2 according to a second embodiment of the present invention will be described focusing on differences from the key issuing system 1 in the first embodiment.
- the key issuing system 2 includes a key issuing server 1100, 1101, 1102, a key issuing audit server 1200, a terminal device 1300, 1301, ..., 1302, 1303, ..., 1304, 1305, ⁇ ⁇ ⁇ , 1306.
- the number of terminal devices is, for example, 1,000.
- Key issuing servers 1100, 1101 and 1102 are managed by different companies.
- Terminal devices 1300, 1301, ..., 1302 request key issuance server 1100 to issue a key
- terminal devices 1303, ..., 1304 request key issuance server 1101 to issue a key.
- 1306 make a key issuance request to the key issuance server 1102. It is assumed that a secure communication path is established between the terminal devices 1300, 1301,..., 1302 and the key issuing server 1100. Also, the terminal devices 1303,..., 1304 and the key issuing server 1101 and the terminal devices 1305,. Shall be established.
- the key issuing server 1100 Upon receiving a key issuance request from the terminal device 1300, the key issuing server 1100 generates a secret key and a public key in RSA encryption. Further, key issuing server 1100 generates a public key certificate for the generated public key, and transmits the generated public key certificate and secret key to terminal device 1300.
- the key length of each generated key is 1024 bits.
- the key issuing server 1100 When the key issuing server 1100 receives, from the key issuing audit server 1200, issued key request information for requesting issued public key and issue identifier information, the issued public key and public key generation information are generated.
- the issued key information including the issued identifier information used for the key is transmitted to the key issuance audit server 1200.
- the key issuing audit server 1200 Upon receiving the issued public key information from the key issuing server 1100, the key issuing audit server 1200 audits the validity of the issued public key and displays the audit result.
- the terminal device 1300 Upon receiving the public key certificate and the private key from the key issuing server 1100, the terminal device 1300 stores the received public key certificate and the private key.
- the user of the terminal device 1400 first obtains the public key certificate of the terminal device 1300 from the key issuing server 1100 or obtains the public key certificate from the terminal device 1300, and the key issuing server 1100 has The public key certificate “C—PK” used to confirm the validity of the public key certificate is used to confirm the validity of the public key certificate and determine that the certificate is valid.
- the obtained public key certificate is stored in the terminal device 1400.
- the terminal device 1400 encrypts an e-mail to be transmitted to the terminal device 1300 using the public key included in the stored public key certificate, and transmits the encrypted e-mail to the terminal device 1300. I do.
- terminal device 1300 When terminal device 1300 receives the encrypted e-mail from terminal device 1400, terminal device 1300 decrypts the encrypted e-mail using the stored secret key, and decrypts the decrypted e-mail. View the email.
- terminal apparatuses 1301, ..., 1302 are the same as terminal apparatus 1300, and therefore description thereof is omitted. Abbreviate.
- the key issuing servers 1101 and 1102 are the same as the key issuing server 1100, and a description thereof will be omitted.
- the terminal device 1300 is used as a representative of each terminal device, and the key issuing server 1100 is used as a representative of each key issuing server.
- the key issuing server 1100 includes an identifier storage unit 1110, a secret key storage unit 1111, a public key storage unit 1112, a certificate storage unit 1113, a control unit 1114, an identifier generation unit 1115, and a prime generation unit 1116. , A key determination unit 1117, a key generation unit 1118, an information acquisition unit 1119, a reception unit 1120, a transmission unit 1121, a certificate generation unit 1122, a certificate private key storage unit 1123, and an issued key information storage unit 1124. Tepuru.
- the key issuing server 1100 is, specifically, a computer system including a microprocessor, a ROM, a RAM, a hard disk unit, a display unit, a keyboard, a mouse, and the like.
- a computer program is stored in the RAM or the hard disk unit.
- the key issuing servers 1101 and 1102 have the same configuration as the key issuing server 1100, and a description thereof will be omitted.
- the identifier storage unit 1110 has an area for storing issue identifier information having a bit size of 126 bits or less.
- the bit size of the issue identifier information is, for example, 64 bits.
- the secret key storage unit 1111 has a prime storage area and a secret key storage area, similarly to the secret key storage unit 1111 in the first embodiment.
- the public key storage unit 1112 has an area for storing a public key, similarly to the public key storage unit 112 in the first embodiment.
- Certificate storage unit 1113 has an area for storing a public key certificate generated by the certificate issuing server and issued by the server.
- the certificate private key storage 1123 stores in advance a certificate private key “C-SK” used when generating a public key certificate.
- control unit 1114 has a server identifier storage area 1130 and a terminal information storage area 1131.
- the server identifier storage area 1130 stores a server identifier for identifying the server in advance.
- the key issuing server 1100 stores SIDA
- the key issuing server 1101 stores SID B
- the key issuing server 1102 stores SIDC.
- the server server identifier of the key issuing server 1100 will be described as “SID”.
- the bit size of the server identifier is 31 bits.
- the terminal information storage area 1131 has an area for storing a terminal identifier for identifying a terminal device that has issued a key issuance request.
- the terminal identifier is, for example, a serial number of the terminal device.
- the bit size of the serial number is set to 32 bits.
- the control unit 1114 When receiving the key issue request information and the terminal identifier “TID” of the terminal device 1300 from the terminal device 1300 via the receiving unit 1120, the control unit 1114 transfers the received terminal identifier “TID” to the terminal information storage area 1131. Write. The control unit 1114 outputs the generation instruction of the issuance identifier information and the received terminal identifier “TID” to the identifier generation unit 1115.
- control unit 1114 Upon receiving the issued key request information from key issuance audit server 1200 via receiving unit 1120, control unit 1114 outputs a key information obtaining command to information obtaining unit 1119.
- the identifier generation unit 1115 is the same as the identifier generation unit 115 in the first embodiment, and a description thereof will be omitted.
- the prime generating unit 1116 generates a 512-bit prime in the same manner as the method of generating a prime by the prime generating unit 116 in the first embodiment. (9) Key judgment unit 1117
- Key determination section 1117 is the same as key determination section 117 in the first embodiment, and a description thereof will not be repeated.
- the key “PK” is written into the public key storage unit 112.
- the key generation unit 118 outputs a public key certificate generation instruction to the certificate generation unit 1122.
- the certificate generation unit 1122 Upon receiving the public key certificate generation instruction from the key generation unit 1118, the certificate generation unit 1122 discloses the certificate private key “C—SK” from the certificate private key storage unit to the public key storage unit 1112.
- the key “PK” is read, and the issue identifier information “IDI” is read from the identifier storage unit 1110, respectively.
- the certificate generation unit 1122 generates a public key certificate "" using the read secret key “C-SK”, public key “PK”, and issue identifier information "IDI".
- Sig (K, D) is signature data when a secret key “K” is used for data “D”.
- the symbol “II” is a concatenation of bits or bytes.
- the certificate generation unit 1122 writes the generated public key certificate "Cert” to the certificate storage unit 1113. And outputs a distribution start instruction of the public key certificate “Cert” to the information acquisition unit 1119. (12) Information acquisition unit 1119
- the information acquisition unit 1119 Upon receiving the distribution start command from the certificate generation unit 1122, the information acquisition unit 1119 stores the secret key “SK” stored in the secret key storage unit 1111 in the certificate storage unit 1113.
- the public key certificate “Cert” and the terminal identifier stored in the terminal information storage area 1131 of the control unit 1114 are read, and the read private key “SK” and the read public key certificate “Cert” are read. Is transmitted to the terminal device 1300 corresponding to the read terminal identifier via the transmitting unit 1121.
- the information acquisition unit 1119 Upon receiving the key information acquisition command from the control unit 1114, the information acquisition unit 1119 reads out all issued key information from the issued key information storage unit 1124. The information acquisition unit 1119 reads the server identifier from the server identifier storage area 1130 of the control unit 1114, and transmits all the read issued key information and the read server identifier to the key issuance audit server 1200 via the transmission unit 1121.
- the issued key information storage unit 1124 has an issued key information table T1100 as shown in FIG.
- the issued key information table T1100 has an area for storing one or more sets of issued public keys and issued identifier information.
- the issued public key is a public key issued by the key issuing server, and the issued identifier information includes a public key and a public key used for generating a secret key corresponding to the public key. This is the bespoke information.
- the key issuing server 1100 can accumulate the issued public key and the issued issue identifier information.
- the issued key information storage unit 1124 is used to store the issued history, which is issued public key information, and is therefore a non-volatile memory (for example, a hard disk or the like) that does not lose data even when the power is turned off. ).
- the receiving unit 1120 receives information from the key issuance audit server 1200 and the terminal device 1300, and outputs the received information to the control unit 1114.
- the transmission unit 1121 receives the secret key “SK” and the public key certificate “Cert” from the information acquisition unit 1119, and transmits the received information to the terminal device 1300.
- the transmitting unit 1121 Upon receiving one or more issued key information and the server identifier from the information acquiring unit 1119, the transmitting unit 1121 transmits the received one or more issued key information and the server identifier to the key issuance audit server 1200. .
- the key issuance audit server 1200 includes a confirmation information storage unit 1210, an issued key information storage unit 1211, a control unit 1212, an issued public key confirmation unit 1213, a reception unit 1214, an audit result output unit 1215, a reception It comprises a unit 1216 and a transmission unit 1217.
- the key issuance audit server 1200 is, specifically, a computer system including a microprocessor, a ROM, a RAM, a hard disk unit, a display unit, a keyboard, a mouse, and the like.
- a computer program is stored in the RAM or the hard disk unit.
- the confirmation information storage unit 1210 has a verification value table T1200 as shown in FIG.
- the verification value table T1200 has an area for storing one or more sets of a server identifier, a first verification value, and a second verification value.
- the server identifier identifies the key issuing server. "SIDA" indicates the key issuing server 1100, "SIDB” indicates the key issuing server 1101, and "SIDB” indicates the key issuing server 1102.
- the first verification value and the second verification value are verification values assigned to the key issuing server indicated by the associated server identifier.
- the server identifier of the key issuing server 1100 will be described as “SID”.
- the issued key information storage unit 1211 has an area for storing one or more issued key information transmitted from the key issuing server 1100.
- the control unit 1212 has a server information storage area 1220 as shown in FIG.
- the server information storage area 220 has an area for storing a server identifier that identifies a key issuing server that has been requested to issue a public key certificate.
- the control unit 1212 receives the audit start command to start the public key audit and the server identifier to be monitored (here, “SID”) from the reception unit 1214, and then issues the issued key request information. , And transmits it to the key issuing server 1100 corresponding to the server identifier via the transmitting unit 1217.
- SID server identifier to be monitored
- the control unit 1212 writes the server identifier received from the reception unit 1214 into the server information storage area 1220.
- the control unit 1212 receives one or more issued key information and a server identifier from the key issuing server 1100 via the receiving unit 217.
- the control unit 1212 determines whether or not the received server identifier matches the server identifier stored in the server information storage area.
- control unit 1212 If it is determined that they match, the control unit 1212 writes the received one or more issued key information to the issued key information storage unit 1211, and stores the audit start instruction and the received server identifier in the issued public key. Output to confirmation unit 1213.
- control unit 1212 ends the processing.
- the issuing public key confirmation unit 1213 receives the audit start command and the server identifier from the control unit 1212. When the server identifier is received, the corresponding first verification value “cl l” and second verification value “c 12” are read from the confirmation information storage unit 1210 using the received server identifier.
- the issued public key confirmation unit 1213 reads out one issued key information from the unread issued key information from the issued key information storage unit 1211.
- the issuing public key confirmation unit 1213 uses the public key “PK” and the issuing identifier information “IDI” included in the read issued key information, and the first verification value “cl l” and the second verification value “cl2”. Then, it is checked whether the public key “PK” is generated using the issue identifier information “IDI”.
- the checking method is the same as that of the first embodiment, and thus the description is omitted.
- the issuance public key confirmation unit 1213 determines that “n— (cl l X cl2)” is divisible by “IDI”, the public key “PK” is generated using the issuance identifier information “IDI”. If ⁇ ⁇ — (cl l X cl2) ”is not divisible by“ IDI ”, the public key“ PK ”is generated using the issue identifier information“ IDI ”, Then, the read issue identifier information “IDI” is temporarily stored.
- Issued public key confirmation unit 1213 determines whether or not unread issued key information exists. If it determines that unread issued key information exists, the above operation is repeated. When it is determined that there is no unread issued key information, it is determined whether or not the temporarily stored issued identifier information exists.
- the issue public key confirmation unit 1213 concatenates all the stored issue identifiers, generates an illegal issue identifier information group, and generates The group of illegal issuance identifiers output to the audit result output unit 1215.
- the issued public key confirmation unit 1213 issues a valid message indicating that the validity of all public keys has been confirmed. The message is output to the audit result output unit 1215.
- Receiving unit 1214 receives an instruction to start an audit and a server identifier of a key issuing server to be audited by a user operation, and outputs an audit start command and a server identifier to control unit 1212. [0302] (6) Audit result output section 1215
- the audit result output unit 1215 Upon receiving the unauthorized issue identifier information group from the issued public key confirmation unit 1213, the audit result output unit 1215 outputs the received unauthorized issue identifier information group to the monitor 1250.
- the audit result output unit 1215 Upon receiving the valid message from the issued public key confirmation unit 1213, the audit result output unit 1215 outputs the received valid message to the monitor 1250.
- the monitor 1250 displays the information received from the audit result output unit 1215.
- the receiving unit 1216 Upon receiving one or more issued key information and the server identifier from the key issuing server 1100, the receiving unit 1216 outputs the received one or more issued key information and the server identifier to the control unit 1212. .
- the transmitting unit 1217 Upon receiving the issued key request information from the control unit 1212, the transmitting unit 1217 transmits the received issued key request information to the key issuing server 1100.
- the terminal device 1300 is the same as the terminal device 300 according to the first embodiment, and a description thereof will not be repeated.
- terminal devices 1301, 1301, 1302, 1303, 1304, 1305, 1306, and 1306 are the same as those of the terminal device 300, and therefore description thereof is omitted. .
- the following is an outline of the operation when the key issuing server 1100 issues a key to the terminal device 1300.
- issued key information is described as an issued key information group. ⁇ Overview of operation at key issuance>
- the terminal device 1300 Upon receiving a key issuance request instruction from the user, the terminal device 1300 transmits key issuance request information and a terminal identifier “TID” to the key issuance server 100 (step S1000).
- the key issuance server 1100 Upon receiving the key issuance request information and the terminal identifier “TID” from the terminal device 1300, the key issuance server 1100 generates a private key and a public key in a key issuance process (step S1005), and issues a certificate. The process issues a public key certificate for the public key generated in step S1005, and transmits the issued public key certificate and the secret key generated in step S1005 to the terminal device 1300 (step S1010). )
- the terminal device 1300 Upon receiving the private key “SK” and the public key certificate “Cert” from the key issuing server 1100, the terminal device 1300 stores the received private key “SK” and the public key certificate “Cert” (S Step S 1015).
- the key issuance audit server 1200 transmits the issued key request information to the key issuance server 1100 in the auditing process (step S1050).
- the key issuing server 1100 transmits the issued key information group acquired in the key information acquiring process and the server identifier to the key issuing audit server 1200 (Step S1055).
- steps S200 and S325 shown in FIGS. 11, 12 and 13 are also executed.
- step S330 after the change is executed finish.
- the certificate generation unit 1122 Upon receiving the public key certificate generation instruction from the key generation unit 1118, the certificate generation unit 1122 discloses the certificate private key “C—SK” from the certificate private key storage unit to the public key storage unit 1112.
- the key “PK” and the issue identifier information “IDI” are read from the identifier storage unit 1110, respectively (step S1100).
- the certificate generation unit 1122 generates a public key certificate "" using the read secret key “C-SK”, public key “PK” and issue identifier information "IDI”, and generates the generated public key certificate.
- the key certificate “Certj” is written into the certificate storage unit 1113, and a distribution start instruction of the public key certificate “Cert” is output to the information acquisition unit 1119 (step S1105).
- the information acquisition unit 1119 Upon receiving the distribution start command from the certificate generation unit 1122, the information acquisition unit 1119 stores the secret key “SK” stored in the secret key storage unit 1111 in the certificate storage unit 1113.
- the public key certificate “Cert” and the terminal identifier stored in the terminal information storage area of the control unit 1114 are read, and the read private key “SK” and the read public key certificate “Cert” are respectively read. Is transmitted to the terminal device 1300 corresponding to the read terminal identifier via the transmitting unit 1121 (step S1110).
- the obtained public key “PK” and the issued identifier information “IDI” are written as a set in the issued key information storage unit 1124 (step S1115).
- the control unit 1114 of the key issuing server 1100 When receiving the issued key request information from the key issuing audit server 1200 via the receiving unit 1120, the control unit 1114 of the key issuing server 1100 outputs a key information acquisition command to the information acquiring unit 1119 (step S 1200). Upon receiving the key information acquisition command from the control unit 1114, the information acquisition unit 1119 of the key issuing server 1100 reads out all issued key information from the issued key information storage unit 1124 (Step S1205).
- the information acquisition unit 1119 reads the server identifier from the server identifier storage area 1130 of the control unit 1114, and transmits the read issued key information group and the server identifier to the key issuance audit server 1200 via the transmission unit 1121. (Step S1210).
- the reception unit 1214 of the key issuance audit server 1200 receives an instruction to start an audit and a server identifier of the key issuance server to be audited by a user operation, and then issues an audit start instruction and a server identifier to the control unit. Output to 1212 (step S1300).
- the control unit 1212 upon receiving the audit start command for starting the public key audit and the server identifier to be monitored (here, “SID”) from the reception unit 1214, transmits the issued key request information. Then, it transmits to the key issuing server 1100 corresponding to the server identifier via the transmitting unit 1217 (step S1305).
- the control unit 1212 writes the server identifier received from the reception unit 1214 into the server information storage area 1220 (Step S1310).
- the control unit 1212 receives one or more issued key information and a server identifier from the key issuing server 1100 via the receiving unit 217 (Step S1315).
- the control unit 1212 determines whether the received server identifier matches the server identifier stored in the server information storage area (Step S1320).
- control unit 1212 determines
- the received one or more issued key information is written into the issued key information storage unit 1211, and the audit start command and the received server identifier are output to the issued public key confirmation unit 1213 (step S1325).
- the issuing public key confirmation unit 1213 confirms the validity of the public key in the confirmation processing, and displays the result on the monitor 1250. [0319] If it is determined that they do not match ("NO" in step S1320), control unit 1212 ends the process.
- the issuing public key confirmation unit 1213 uses the received server identifier to correspond to the first verification value "cl l" and the second verification value.
- the verification value “c 12” is read from the confirmation information storage unit 1210 (step S1400).
- the issued public key confirmation unit 1213 reads out one unread issued key information from the issued key information storage unit 1211 (step S1405).
- the issued public key confirmation unit 1213 checks the public key "PK” and the issued identifier information "IDI" included in the read issued key information, the first verification value “cl l", and the second verification value “cl2". It is checked whether or not the public key “PK” has been generated using the issue identifier information “IDI” (step S1410). Note that the checking method is the same as that of the first embodiment, and thus the description is omitted.
- the issuance public key confirmation unit 1213 determines that “n— (cl l X cl2)” is not divisible by “IDI”, that is, determines that the public key is invalid (Step S1410). "NO")
- the read issue identifier information “IDI” is temporarily stored (step S1415).
- issuance public key confirmation unit 1213 determines that “n— (cl l X cl2)” is divisible by “IDI”, that is, determines that the public key is valid (“YE in step S1410”).
- step S1415 are omitted.
- the issued public key confirmation unit 1213 determines whether or not unread issued key information exists (step S1420). If it determines that unread issued key information exists (step S14).
- step S1425 it is determined whether or not the temporarily stored issue identifier information exists.
- the issue public key confirmation unit 1213 concatenates all the stored issue identifiers, generates an illegal issue identifier information group, and outputs the generated illegal issue identifier information group to an audit result. It is displayed on the monitor 1250 via the unit 1215 (step S1430).
- the issue public key confirmation unit 1213 confirms the validity of all public keys. Is displayed on the monitor 1250 via the audit result output unit 1215 (step S1435).
- the prime information generating unit 133 of the prime generating unit 116 of the key issuing server 100 shown in the above-described first embodiment repeats the operation shown in FIG. 37 to convert the 8-bit prime to the 512-bit prime. Generate.
- the prime information generation unit 133 generates a 16-bit prime from the 8-bit prime (step S1700), generates a 32-bit prime from the generated 16-bit prime (step S1705), and thereafter sequentially generates a 32-bit prime.
- a 64-bit prime from a prime, a 128-bit prime from a 64-bit prime, and a 128-bit prime also generate 256-bit primes (steps S1710, S1715, and S1720), and finally from the generated 256-bit prime A 516-bit prime is generated (step S17 25).
- the prime number generation unit 116 generates control information "information
- step S1720 the prime generation unit 116 uses the injection function “f” so that the generated prime is unique to the issue identifier information “IDI” based on the control information “information B”.
- V generates a 256-bit prime.
- step S1725 the prime generating unit 116 generates a 512-bit prime with the issue identifier information "IDI" embedded therein so that the validity of the generated prime can be confirmed based on the control information "information A”. Generate.
- the key issuing server 100 can generate different secret keys and public keys for each terminal device by using the injection function “f”. Also, at the key issuing server 100, 25
- 6-bit prime power is also used when generating a 512-bit prime number. Since the information “IDI” is embedded, the certificate issuing server 200 can confirm the validity of the public key using the generated public key and the issued identifier information.
- the key issuing server 1100 generates a different secret key and public key for each terminal device by using the injection function "f". can do. Also, when the key issuing server 1100 generates a 512-bit prime from a 256-bit prime, the generated prime has the issue identifier information “IDI” embedded therein. The validity of the public key can be confirmed using the generated public key and the issue identifier information.
- the key issuing server 100 can use the injection function “f” to compare prime numbers that do not match even if the prime numbers are generated multiple times. It is possible to generate a provable prime number.
- the key issuing server 100 embeds the issue identifier information “IDI” in the generated prime, so that the certificate issuing server 200 determines whether the key is issued correctly. You can check this by checking for a card that is divisible by "IDI”.
- ⁇ 1 ⁇ 1
- the user A finds that one of the prime numbers of the user B is equal to pAl by calculating GCD (pAl, nB), and as a result, by calculating nBZpAl, pB2 Can also be obtained.
- the RSA cipher uses security factor decomposition as the basis of security, so once the factor is known, it can be easily decrypted. Therefore, user A can decrypt the encrypted text using user B's public key. Similarly, user B can decrypt the encrypted text using user A's public key.
- prime numbers when prime numbers are generated a plurality of times, the prime numbers may possibly match. This significantly reduces the security of the encryption. By comparing the issued prime number (secret key) with the issued prime number, it can be confirmed that they do not match.
- the issued public key is often managed by a key issuing server. Private keys are often deleted because they have high confidentiality. Therefore, it is necessary to manage newly issued prime numbers (secret keys). Furthermore, if the number of issues is as large as 1 billion, the time to compare is large and impractical.
- the present invention has been described based on the first and second embodiments and the first, second, and third modified examples of the generation of prime numbers.
- the present invention is, of course, not limited to the above embodiments. The following cases are also included in the present invention.
- the issuance identifier information "IDI" is made up of a concatenation of the server identifier, the terminal identifier, and the number "1", but is not limited to this.
- the IDI may be generated using the server identifier and the issue identifier “PID” generated by the counter.
- the issue identifier “PID” is an odd number assigned from 1 to the issue order.
- the identifier generation unit 115 easily generates a different prime each time by incrementing the number “2” each time a prime is issued (generated).
- an injection function when generating a 16-bit prime from an 8-bit prime, an injection function may be applied.
- an injection function may be applied.
- a bijective function may be applied when generating a 64-bit prime from a 32-bit prime.
- apply a bijective function when generating a 128-bit prime from a 64-bit prime.
- the number of bits of the issue identifier "IDI" is smaller than the number of bits of the prime number "q" used for input, and the number of bits of the random number “R1" is (lenq-lenlDI-1) bits.
- the number of bits of the number “R” is (lenq-1) bits.
- the prime generator 116 in the first embodiment may be a single prime generator. At this time, when the issue identifier information “IDI” and its bit size “lenIDI” are given, the prime number generation device adds the given “IDI” and its bit size “lenIDI” to the previously stored 8-bit data. Generates a 512-bit prime from the prime.
- the prime generating unit 1116 in the second embodiment may be a single prime generating device.
- the prime number generation unit 116 includes a first prime number generation unit that generates a 128-bit prime number from an 8-bit prime number stored in advance, and a 512-bit prime number A second prime generation unit for generating a prime may be included. Further, the first prime number generation unit and the second prime number generation unit may be each a separate prime number generation device! ,.
- the first prime generation unit generates a 128-bit prime from an 8-bit prime in the same manner as in the related art.
- Patent Document 1 and Non-Patent Document 3 describe the conventional method in detail.
- FIG. 38 shows an example of the configuration of the second prime number generation unit.
- the second prime number generation unit will be described as one prime number generation device 2100.
- the prime generator 2100 receives the prime “ql”, its bit size “lenql” (here, the bit size is 128 bits), issue identifier information “IDI”, and its bit size “lenIDI”. Output a prime "N” consisting of (4 X lenql) bits. Note that the prime generation device 2100 shown here generates the prime “N” without using the first and second verification values shown in the first embodiment.
- the prime number generation device 2100 includes a reception unit 2101 and a reception information storage unit 2102. , A prime seed generation unit 2103, a random number generation unit 2104, a prime candidate generation unit 2105, a first prime determination unit 2106, and a second prime determination unit 2107.
- the prime number generation device 2100 is, specifically, a computer system including a microprocessor, a ROM, a RAM, a hard disk unit, a display unit, a keyboard, a mouse, and the like.
- a computer program is stored in the RAM or the hard disk unit. By operating in accordance with the microprocessor power and the computer program, the prime number generation device 2100 achieves its function.
- the reception information storage unit 2102 stores the prime number “ql” given when generating the prime number “N”, the bit size “lenql” of the prime number “q1”, the issue identifier information “IDI”, and the bit size of the issue identifier information “ with an area to store "lenIDI”! /
- the receiving unit 2101 transmits the prime number “ql”, the bit size “lenql (for example, 128 bits)” of the prime number “ql”, the issue identifier information “IDI”, and the bit size “lenIDI” of the issue identifier information to an external device (for example, The received prime number “ql”, its bit size, rienq 1 ”, issue identifier information“ IDI ”and its bit size“ lenIDI ”are written to the reception information storage unit 2102.
- Receiving section 2101 outputs the received information to prime seed generating section 2103.
- the prime number seed generation unit 2103 performs the same operation as the operation performed when the control information device is “information B” in the prime number generation unit 116 shown in the first embodiment. Description is omitted. Here, it is assumed that a 256-bit prime “q2” is generated from a 128-bit prime “ql”.
- the prime seed generation unit 2103 outputs the generated prime "q2" to the prime candidate generation unit 2105.
- the random number generation unit 2104 Upon receiving the first generation instruction from the prime candidate generation unit 2105, the random number generation unit 2104 converts the bit size “lenql” of the prime “ql” and the bit size “lenIDI” of the issue identifier information “IDI”. , From the reception information storage unit 2102.
- the random number generation unit 2104 uses the read bit sizes “lenql” and “lenIDI” to calculate (2
- the random number generation unit 2104 outputs the generated random number “R1” to the prime candidate generation unit 2105.
- the random number generation unit 2104 reads out each bit size, and Perform the operation.
- the prime candidate generation unit 2105 has a generation information storage area for storing the generated number.
- the prime candidate generation unit 2105 Upon receiving the prime number “q2” from the prime seed generation unit 2103, the prime candidate generation unit 2105 outputs a first generation instruction to the random number generation unit 2104.
- the prime candidate generation unit 2105 Upon receiving the random number “R1” from the random number generation unit 2104, the prime candidate generation unit 2105 reads out the issue identifier information “IDI” stored in the reception information storage unit 2102.
- the prime candidate generation unit 2105 reads the bit size “lenql” of the prime “ql” from the reception information storage unit 2102, and determines whether the bit size of the generated number “N” is “4 ⁇ lenql” Judge.
- the prime candidate generation unit 2105 outputs the generated number “N” to the first prime determination unit 2106, and stores the generated number “R” in the generation information storage area.
- the prime candidate generation unit 2105 multiplies the random number "R1" received from the random number generation unit 2104 by 2, sets the result as "R1", and again The above operation is performed to generate the numbers “R” and “N”. The prime candidate generation unit 2105 repeats the above operation until the bit size of the number “N” becomes “4 ⁇ lenql”.
- first primality determining section 2106 is the same as that of first primality determining section 143 shown in the first embodiment, and a description thereof will not be repeated.
- the operation of the second primality determining unit 2107 is the same as the operation of the second primality determining unit 144 shown in the first embodiment, and a description thereof will be omitted.
- the second prime determination unit 2107 determines that the generated number "N" is a prime number
- the second prime determination unit 2107 outputs the generated number "N" as a prime number "N”.
- the prime generation device 2100 receives the prime “ql”, the bit size "lenq 1" of the prime “ql”, the issue identifier information "IDI”, and the bit size "lenIDI” of the issue identifier information in the accepting unit 2101. Write the received information to the reception information storage unit 2102 (Step S2000) The prime generation apparatus 2100 generates a prime “q2” using the information received in Step S2000 in the prime seed generation unit 2103. (Step S 2005).
- the random number generation unit 2100 uses the bit sizes "lenql” and “lenIDI” received in step S2000 to generate a random number "R1 Is generated (step S2010).
- the most significant bit of the random number “R1” is 1.
- the prime candidate generation unit 2105 issues the issue identifier information “IDI” received in step S2000, the prime “q2” generated in step S2005, and the random number “ By performing a prime candidate generation process using “R1”, numbers “R” and “N” are generated (step S2015).
- the prime number generator 2100 Using the number “N” generated in step S2015, the prime number determination unit 2106 determines whether or not the above equation (eql) is satisfied (step S2020).
- step S2020 If it is determined that the equation (eql) holds ("YES” in step S2020), the prime generating apparatus 2100 causes the second prime determining unit 2107 to output the number generated in step S2015 Using “R” and “N”, it is determined whether or not the above equation (eq2) is satisfied (step S2025).
- the prime generating apparatus 2100 When it is determined that the equation (eq2) is satisfied and! / Is satisfied ("YES" in step S2025), the prime generating apparatus 2100 outputs the number "N” as a prime “N” and ends the process. (Step S2030).
- step S2020 When it is determined that the equation (eql) is not satisfied ("NO” in step S2020), and when it is determined that the equation (eq2) is satisfied and! / ⁇ is not satisfied (step S2025). Return to step S2010 and perform the process again.
- step S2015 of the prime generation processing will be described with reference to the flowchart shown in FIG.
- the prime candidate generation unit 2105 generates the prime “q” generated in step S2005 of the prime generation process.
- step S2050 and the number“ R ”generated in step S2050 to generate a number“ N ”(step
- the prime candidate generation unit 2105 determines whether or not the bit size of the generated number “N” is “4 X lenql” (step S 2060).
- step S2060 If it is determined to be “4 X lenql” (“YES” in step S2060), the process ends. If it is determined that “4 X lenq 1” is not true! (“NO” in step S 2060)
- step S2050 As “R1” (step S2065).
- bit size of the prime number which is the secret key to be generated is set to 512 bits.
- the present invention is not limited to this. It may be 1024 bits or 2048 bits.
- the prime generated by the first prime generator is not limited to 128 bits.
- the prime seed generation unit 2103 described above may be a single prime generation device.
- the prime number generation device 2200 in this case will be described.
- the prime generation device 2200 converts the prime “q”, its bit size “lenq” (here, the bit size is 128 bits), issue identifier information “IDI”, and its bit size “lenIDI”. If given, outputs a prime "N” consisting of (2 X lenq) bits.
- the prime generation device 2200 includes a reception unit 2201, a reception information storage unit 2202, a random number generation unit 2203, a prime candidate generation unit 2204, a first prime determination unit 2205, and a second prime determination unit. It is composed of 2206.
- the prime number generation device 2200 is, specifically, a computer system including a microprocessor, ROM, RAM, a hard disk unit, a display unit, a keyboard, a mouse, and the like.
- a computer program is stored in the RAM or the hard disk unit. By operating in accordance with the microprocessor power and the computer program, the prime number generation device 2200 achieves its function.
- the reception information storage unit 2202 stores the prime number “q” given when generating the prime number “N”, the bit size “lenq” of the prime number “q”, the issue identifier information “IDI”, and the bit size “1” of the issue identifier information. It has an area to store enlDIj.
- the receiving unit 2201 transmits the prime number “q”, the bit size “lenq” of the prime number “q”, the issue identifier information “IDI”, and the bit size “lenIDI” of the issue identifier information to the outside (for example, the first prime).
- the receiving unit 2201 writes the received prime “q”, its bit size “lenq”, issue identifier information “IDI” and its bit size rienlDIj to the reception information storage unit 2202.
- Receiving section 2201 outputs a start instruction to start processing to prime candidate generating section 2204.
- the random number generation unit 2203 Upon receiving the first generation instruction to generate a random number from the prime candidate generation unit 2204, the random number generation unit 2203 receives the bit size “lenq” of the prime number “q” and the bit size of the issue identifier information “IDI”. “LenIDI” is read from the reception information storage unit 2202.
- the random number generation unit 2203 uses the read bit sizes "lenq” and “lenIDI” to generate a random number "R1" of (len q-lenlDI-1) bits. Here, the most significant bit of the random number “R1” is “1”.
- Non-patent document 2 details the random number generation method.
- the random number generation unit 2203 outputs the generated random number “R1” to the prime candidate generation unit 2204. Also, upon receiving a second generation instruction to generate a random number again from any of the first prime number determination unit 2205 and the second prime number determination unit 2206, the random number generation unit 2203 reads out each bit size, and Perform the operation.
- the prime candidate generation unit 2204 has a function storage area that stores a function “f” that is an injection in advance, and a generation information storage area that stores a number generated using the function “f”. You. Upon receiving the start instruction from the reception unit 2201, the prime candidate generation unit 2204 outputs the first generation instruction to the random number generation unit 2203.
- the prime candidate generation unit 2204 determines whether or not the bit size of the generated number “N” is “2 ⁇ lenq”.
- the prime candidate generation unit 2204 outputs the generated number “N” to the first prime determination unit 2205, and stores the generated number “R” in the generation information storage area.
- the prime candidate generation unit 2204 multiplies the random number "R1" received from the random number generation unit 2203 by 2, and sets the result to "R1". Again, the above To generate numbers “R” and “N” that satisfy the above equation.
- the prime candidate generation unit 2204 repeats the above operation until the bit size of the generated number “N” becomes “2 ⁇ lenq”.
- the operation of the first primality determining unit 2205 is the same as that of the first primality determining unit 143 shown in the first embodiment, and a description thereof will not be repeated.
- the operation of the second primality determining unit 2206 is the same as the operation of the second primality determining unit 144 shown in the first embodiment, and a description thereof will be omitted.
- the second prime number determination unit 2206 outputs the generated number "N” as a prime number "N” when determining that the generated number "N” is a prime number.
- step S2000 the prime generating apparatus 2200 sets the prime "q", the bit size "lenq” of the prime "q”, the issue identifier information "IDI”, and the bit size "lenIDI” of the issue identifier information by a user operation. It is changed so that the received information is written to the received information storage unit 2202.
- step S2000 the prime generating apparatus 2200 omits step S2005 and executes the modified step S2010 as follows.
- step S2010 the prime number generation device 2200 changes to generate a (lenq-lenlDI-1) -bit random number "R1".
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Mathematical Physics (AREA)
- Mathematical Optimization (AREA)
- Computational Mathematics (AREA)
- Pure & Applied Mathematics (AREA)
- Mathematical Analysis (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- General Engineering & Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Algebra (AREA)
- Databases & Information Systems (AREA)
- Software Systems (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/582,803 US7634084B2 (en) | 2003-12-26 | 2004-12-21 | Prime calculation device, method, and key issuing system |
EP04807465A EP1699160A1 (en) | 2003-12-26 | 2004-12-21 | Prime calculation device, method, and key issuing system |
JP2005516589A JP4668795B2 (ja) | 2003-12-26 | 2004-12-21 | 素数算出装置、鍵発行システム及び素数算出方法 |
Applications Claiming Priority (6)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2003-433903 | 2003-12-26 | ||
JP2003433904 | 2003-12-26 | ||
JP2003433903 | 2003-12-26 | ||
JP2003-433904 | 2003-12-26 | ||
JP2004023796 | 2004-01-30 | ||
JP2004-023796 | 2004-01-30 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2005064843A1 true WO2005064843A1 (ja) | 2005-07-14 |
Family
ID=34743474
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2004/019108 WO2005064843A1 (ja) | 2003-12-26 | 2004-12-21 | 素数算出装置及び方法並びに鍵発行システム |
PCT/JP2004/019110 WO2005064844A1 (ja) | 2003-12-26 | 2004-12-21 | 素数算出装置及び方法並びに鍵発行システム |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2004/019110 WO2005064844A1 (ja) | 2003-12-26 | 2004-12-21 | 素数算出装置及び方法並びに鍵発行システム |
Country Status (6)
Country | Link |
---|---|
US (2) | US7634084B2 (ja) |
EP (2) | EP1699161A1 (ja) |
JP (2) | JP4668796B2 (ja) |
KR (2) | KR20060129302A (ja) |
TW (2) | TW200527925A (ja) |
WO (2) | WO2005064843A1 (ja) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2020141425A (ja) * | 2020-06-10 | 2020-09-03 | エヌ・ティ・ティ・コミュニケーションズ株式会社 | 端末装置、鍵提供システム、鍵生成方法及びコンピュータプログラム |
Families Citing this family (25)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1741222B1 (en) * | 2004-04-30 | 2011-02-23 | Research In Motion Limited | System and method for securing data |
US7953978B2 (en) * | 2006-09-07 | 2011-05-31 | International Business Machines Corporation | Key generation and retrieval using key servers |
US8472620B2 (en) * | 2007-06-15 | 2013-06-25 | Sony Corporation | Generation of device dependent RSA key |
FR2946207A1 (fr) * | 2009-05-28 | 2010-12-03 | Proton World Internat Nv | Protection d'une generation de nombres premiers pour algorithme rsa |
US8971530B2 (en) * | 2009-06-24 | 2015-03-03 | Intel Corporation | Cryptographic key generation using a stored input value and a stored count value |
JP2011123356A (ja) * | 2009-12-11 | 2011-06-23 | Oki Semiconductor Co Ltd | 素数生成装置、素数生成方法、及び素数生成プログラム |
US20120297187A1 (en) * | 2011-05-17 | 2012-11-22 | Google Inc. | Trusted Mobile Device Based Security |
JP5848106B2 (ja) * | 2011-11-28 | 2016-01-27 | ルネサスエレクトロニクス株式会社 | 半導体装置及びicカード |
WO2013088065A1 (fr) * | 2011-12-15 | 2013-06-20 | Inside Secure | Procede de generation de nombres premiers prouves adapte aux cartes a puce |
KR101493212B1 (ko) * | 2012-10-31 | 2015-02-23 | 삼성에스디에스 주식회사 | 아이디 기반 암호화, 복호화 방법 및 이를 수행하기 위한 장치 |
US8897450B2 (en) * | 2012-12-19 | 2014-11-25 | Verifyle, Inc. | System, processing device, computer program and method, to transparently encrypt and store data objects such that owners of the data object and permitted viewers are able to view decrypted data objects after entering user selected passwords |
US20140344319A1 (en) * | 2013-05-14 | 2014-11-20 | Daljit Singh Jandu | Algorithm for primality testing based on infinite, symmetric, convergent, continuous, convolution ring group |
US9860235B2 (en) * | 2013-10-17 | 2018-01-02 | Arm Ip Limited | Method of establishing a trusted identity for an agent device |
US10069811B2 (en) | 2013-10-17 | 2018-09-04 | Arm Ip Limited | Registry apparatus, agent device, application providing apparatus and corresponding methods |
GB2533511B (en) * | 2013-10-17 | 2021-02-03 | Arm Ip Ltd | Method of establishing a trusted identity for an agent device |
US9307405B2 (en) | 2013-10-17 | 2016-04-05 | Arm Ip Limited | Method for assigning an agent device from a first device registry to a second device registry |
CN103580858B (zh) * | 2013-11-06 | 2017-01-04 | 北京华大信安科技有限公司 | Rsa算法私钥元素获取方法及获取装置 |
GB2529838B (en) | 2014-09-03 | 2021-06-30 | Advanced Risc Mach Ltd | Bootstrap Mechanism For Endpoint Devices |
GB2530028B8 (en) | 2014-09-08 | 2021-08-04 | Advanced Risc Mach Ltd | Registry apparatus, agent device, application providing apparatus and corresponding methods |
GB2540989B (en) | 2015-08-03 | 2018-05-30 | Advanced Risc Mach Ltd | Server initiated remote device registration |
GB2540987B (en) | 2015-08-03 | 2020-05-13 | Advanced Risc Mach Ltd | Bootstrapping without transferring private key |
WO2018174112A1 (ja) * | 2017-03-21 | 2018-09-27 | 渡辺浩志 | ネットワーク上の装置認証技術 |
KR101918741B1 (ko) | 2017-08-21 | 2018-11-14 | 국방과학연구소 | 안전소수 판별 방법 |
GB2574613B (en) * | 2018-06-12 | 2020-07-22 | Advanced Risc Mach Ltd | Device, system, and method of generating and handling cryptographic parameters |
US11475134B2 (en) | 2019-04-10 | 2022-10-18 | Arm Limited | Bootstrapping a device |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH07121107A (ja) * | 1993-10-28 | 1995-05-12 | Nec Corp | 鍵生成方法および装置 |
WO1999052241A2 (en) * | 1998-04-08 | 1999-10-14 | Citibank, N.A. | Generating rsa moduli including a predetermined portion |
EP1026851A1 (en) * | 1999-02-03 | 2000-08-09 | Hewlett-Packard Company | Composite cryptographic keys |
US6687375B1 (en) * | 1999-06-02 | 2004-02-03 | International Business Machines Corporation | Generating user-dependent keys and random numbers |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO1996031034A1 (en) * | 1995-03-27 | 1996-10-03 | Stefanus Alfonsus Brands | System for ensuring that the blinding of secret-key certificates is restricted, even if the issuing protocol is performed in parallel mode |
JP3835896B2 (ja) * | 1997-07-30 | 2006-10-18 | 富士通株式会社 | 素数生成装置,B−smooth性判定装置及び記録媒体 |
JP3518672B2 (ja) * | 1998-11-27 | 2004-04-12 | 村田機械株式会社 | 素数生成装置及び暗号システム |
US6940976B1 (en) * | 1999-06-02 | 2005-09-06 | International Business Machines Corporation | Generating user-dependent RSA keys |
JP2002207426A (ja) * | 2001-01-10 | 2002-07-26 | Sony Corp | 公開鍵証明書発行システム、公開鍵証明書発行方法、および電子認証装置、並びにプログラム記憶媒体 |
JP4102090B2 (ja) | 2001-04-17 | 2008-06-18 | 松下電器産業株式会社 | 情報セキュリティ装置、素数生成装置及び素数生成方法 |
TWI244610B (en) | 2001-04-17 | 2005-12-01 | Matsushita Electric Ind Co Ltd | Information security device, prime number generation device, and prime number generation method |
GB2384403B (en) * | 2002-01-17 | 2004-04-28 | Toshiba Res Europ Ltd | Data transmission links |
-
2004
- 2004-12-21 WO PCT/JP2004/019108 patent/WO2005064843A1/ja active Application Filing
- 2004-12-21 JP JP2005516591A patent/JP4668796B2/ja not_active Expired - Fee Related
- 2004-12-21 KR KR1020067014930A patent/KR20060129302A/ko not_active Application Discontinuation
- 2004-12-21 US US10/582,803 patent/US7634084B2/en active Active
- 2004-12-21 US US10/582,999 patent/US7706528B2/en active Active
- 2004-12-21 WO PCT/JP2004/019110 patent/WO2005064844A1/ja active Application Filing
- 2004-12-21 EP EP04807467A patent/EP1699161A1/en not_active Withdrawn
- 2004-12-21 KR KR1020067013868A patent/KR20060126705A/ko not_active Application Discontinuation
- 2004-12-21 EP EP04807465A patent/EP1699160A1/en not_active Withdrawn
- 2004-12-21 JP JP2005516589A patent/JP4668795B2/ja active Active
- 2004-12-24 TW TW093140531A patent/TW200527925A/zh unknown
- 2004-12-24 TW TW093140530A patent/TW200531495A/zh unknown
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH07121107A (ja) * | 1993-10-28 | 1995-05-12 | Nec Corp | 鍵生成方法および装置 |
WO1999052241A2 (en) * | 1998-04-08 | 1999-10-14 | Citibank, N.A. | Generating rsa moduli including a predetermined portion |
EP1026851A1 (en) * | 1999-02-03 | 2000-08-09 | Hewlett-Packard Company | Composite cryptographic keys |
US6687375B1 (en) * | 1999-06-02 | 2004-02-03 | International Business Machines Corporation | Generating user-dependent keys and random numbers |
Non-Patent Citations (2)
Title |
---|
"Fast Generation of Secure RSA-Moduli with Almost Maximal Diversity", LECTURE NOTES IN COMPUTER SCIENCE, vol. 434, 1990, pages 636 - 641, XP008112863 * |
"Generation of RSA Keys That Are Guaranteed to be Unique for Each User", COMPUTER SECURITY, vol. 19, no. 3, 2000, pages 282 - 286, XP004222170 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2020141425A (ja) * | 2020-06-10 | 2020-09-03 | エヌ・ティ・ティ・コミュニケーションズ株式会社 | 端末装置、鍵提供システム、鍵生成方法及びコンピュータプログラム |
Also Published As
Publication number | Publication date |
---|---|
JP4668796B2 (ja) | 2011-04-13 |
US7634084B2 (en) | 2009-12-15 |
EP1699161A1 (en) | 2006-09-06 |
KR20060126705A (ko) | 2006-12-08 |
WO2005064844A1 (ja) | 2005-07-14 |
KR20060129302A (ko) | 2006-12-15 |
US20070143388A1 (en) | 2007-06-21 |
US7706528B2 (en) | 2010-04-27 |
JPWO2005064844A1 (ja) | 2007-12-20 |
TW200527925A (en) | 2005-08-16 |
TW200531495A (en) | 2005-09-16 |
EP1699160A1 (en) | 2006-09-06 |
US20070121934A1 (en) | 2007-05-31 |
JP4668795B2 (ja) | 2011-04-13 |
JPWO2005064843A1 (ja) | 2007-12-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2005064843A1 (ja) | 素数算出装置及び方法並びに鍵発行システム | |
EP0786178B1 (en) | Secret-key certificates | |
JP4731686B2 (ja) | 秘密鍵の妥当性および確認 | |
US20100100724A1 (en) | System and method for increasing the security of encrypted secrets and authentication | |
EP0503119A1 (en) | Public key cryptographic system using elliptic curves over rings | |
JP2013140402A (ja) | 公開鍵を検証可能に生成する方法及び装置 | |
JPWO2013014778A1 (ja) | 暗号化処理装置および認証方法 | |
US8370633B2 (en) | Apparatus, method, and computer instructions for generating a substitute signature key pair | |
CN113660087B (zh) | 一种基于有限域的sm9标识密码算法硬件实现系统 | |
AU2011283888B2 (en) | Authentication device, authentication method, and program | |
JP2014515125A (ja) | データの暗号化のための方法、コンピュータ・プログラム、および装置 | |
US7130422B2 (en) | Information security device, prime number generation device, and prime number generation method | |
Yang et al. | A provably secure and efficient strong designated verifier signature scheme | |
CN110266478B (zh) | 一种信息处理方法、电子设备 | |
JP2002217898A (ja) | 擬似乱数生成システム | |
JP4102090B2 (ja) | 情報セキュリティ装置、素数生成装置及び素数生成方法 | |
Schartner | Random but system-wide unique unlinkable parameters | |
KR100368204B1 (ko) | 정규 기저를 이용한 역원 계산 알고리즘 | |
JP2000200038A (ja) | 素数生成方法及び装置並びにrsa暗号化方法及び記録媒体 | |
Koshiba | On sufficient randomness for secure public-key cryptosystems | |
Jeng et al. | A blind signature scheme based on elliptic curve cryptosystem | |
CN115606148A (zh) | 与椭圆曲线操作相关的信息泄漏减轻 | |
Kaderali | Foundations and applications of cryptology | |
JPH0548599A (ja) | 秘密通信用ネツトワークシステム |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 200480038935.3 Country of ref document: CN |
|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2005516589 Country of ref document: JP |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2007121934 Country of ref document: US Ref document number: 10582803 Country of ref document: US |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWW | Wipo information: withdrawn in national office |
Ref document number: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2004807465 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 1020067013868 Country of ref document: KR |
|
WWP | Wipo information: published in national office |
Ref document number: 2004807465 Country of ref document: EP |
|
WWP | Wipo information: published in national office |
Ref document number: 1020067013868 Country of ref document: KR |
|
WWP | Wipo information: published in national office |
Ref document number: 10582803 Country of ref document: US |