WO2021029173A1 - Communication system - Google Patents

Communication system Download PDF

Info

Publication number
WO2021029173A1
WO2021029173A1 PCT/JP2020/027295 JP2020027295W WO2021029173A1 WO 2021029173 A1 WO2021029173 A1 WO 2021029173A1 JP 2020027295 W JP2020027295 W JP 2020027295W WO 2021029173 A1 WO2021029173 A1 WO 2021029173A1
Authority
WO
WIPO (PCT)
Prior art keywords
host device
key
host
public key
secret data
Prior art date
Application number
PCT/JP2020/027295
Other languages
French (fr)
Japanese (ja)
Inventor
宏一良 石井
Original Assignee
株式会社村田製作所
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 株式会社村田製作所 filed Critical 株式会社村田製作所
Priority to JP2021539172A priority Critical patent/JPWO2021029173A1/ja
Publication of WO2021029173A1 publication Critical patent/WO2021029173A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords

Definitions

  • the present invention relates to a communication system provided with a host device and a security device and performing encrypted communication of confidential data between these devices via a network.
  • Patent Document 1 Conventionally, as this communication system, for example, there is one disclosed in Patent Document 1.
  • a common key is exchanged after both the host device and the security device are authenticated by communication using a public key cryptosystem. That is, the host device generates a public key and a private key by cryptographic IP (Crypt IP), and transmits the generated public key to the HSM (hardware security module) which is a security device.
  • the HSM generates a random number by a random number generation circuit, encrypts the generated random number by a cryptographic IP using the received public key, and transmits the generated random number as challenge data to the host device.
  • the host device decrypts the received challenge data by the encrypted IP using the private key, generates the response data, and transmits it to the HSM.
  • the HSM verifies the received response data and confirms that the host device is a genuine communication device. After that, the HSM generates a random number by the random number generation circuit, encrypts the random number by the cryptographic IP using the common key, and transmits the random number to the host device. The host device decrypts the received encrypted random number using the common key shared with the HSM in advance.
  • the security device in order to conceal the encrypted key to be stored, it was necessary to configure one chip so as not to expose the encrypted key to the outside of the device. Therefore, the security device configured on one chip must redesign the internal memory that stores the confidential data peculiar to the device for each device to which the communication system is applied, and apply it. It becomes a custom product for each product to be manufactured, and the product cost of the communication system becomes high. Therefore, it is conceivable that the security device is provided with an external memory and the stored contents that change depending on the device to which the communication system is applied are stored in the external memory, but there is a risk of eavesdropping in the communication path between the security device and the external memory. There is.
  • the present invention has been made to solve such a problem, and it is possible to perform communication while maintaining confidentiality even if the memory capacity on the host device side is small, and a security device depending on the device to which the communication system is applied.
  • the purpose is to provide a communication system that does not require redesigning the internal memory on the side.
  • the present invention It is equipped with a host device that has confidential data and a security device that is connected to the host device via a network and generates and stores a public key and a private key used for encrypted communication with the host device by a random number generator.
  • the host device When storing the confidential data on the security device side, the host device encrypts the confidential data using the public key received from the security device and sends it to the security device, and the security device receives the encrypted data from the host device.
  • Confidential data is stored in an external memory and stored, When reading the confidential data stored in the external memory to the host device side, the host device encrypts the generated or acquired one-time pad key with the public key and sends it to the security device, and the security device sends it to the security device from the host device. Communication that decrypts the received one-time pad key with the private key, reads the secret data from the external memory, decrypts it with the private key, encrypts the decrypted secret data with the decrypted one-time pad key, and sends it to the host device. I configured the system.
  • the public key and private key used for encrypted communication between the host device and the security device are stored in the security device instead of being stored in the host device. Therefore, the memory capacity required for the host device is suppressed by the amount of the encryption key. Further, the secret data possessed by the host device is transmitted to the security device by encrypting the secret data with the public key. In addition, the confidential data stored in the external memory of the security device is encrypted by the one-time pad key supplied from the host device, transmitted from the security device side to the host device, and decrypted by the host device using the one-time pad key. Will be done.
  • the communication between the host device and the security device in the network is performed in a confidential state, and the communication between the security device and the external memory is not performed in the network, so that it is exposed to the threat of eavesdropping from the outside. Will not be.
  • the internal memory of the security device is redesigned to an appropriate one for each device to which the communication system is applied. The need is eliminated, the versatility of the security device is increased, and the product cost of the communication system is reduced.
  • the present invention It is equipped with a host device that has confidential data and a security device that is connected to the host device via a network and generates and stores a public key and a private key used for encrypted communication with the host device by a random number generator.
  • the security device stores the public key in external memory When storing the secret data on the security device side, the host device directly accesses the public key stored in the external memory, reads it from the external memory, and directly accesses the confidential data encrypted by the read public key. And store it in external memory When reading the confidential data stored in the external memory to the host device side, the host device directly accesses the external memory and encrypts the generated or acquired one-time pad key with the public key read from the external memory for security.
  • the security device decrypts the one-time pad key received from the host device with the private key, reads the secret data from the external memory, decrypts it with the private key, and decrypts the decrypted secret data.
  • a communication system that is encrypted with a pad key and transmitted to the host device is configured.
  • the public key and private key used for encrypted communication between the host device and the security device are stored in the security device instead of being stored in the host device. Therefore, the memory capacity required for the host device is suppressed by the amount of the encryption key.
  • the secret data of the host device is transmitted to the security device side
  • the public key stored in the external memory of the security device is directly read by the host device, and the secret data is encrypted by the public key in the host device. , It is done by writing directly to the external memory.
  • the encrypted secret data stored in the external memory is decrypted by the security device and then encrypted with the one-time pad key sent from the host device after being encrypted with the public key for security. It is transmitted from the device side to the host device, and is decrypted by the host device using the one-time pad key.
  • FIG. 5 is an operation sequence diagram when the secret data of the host device is directly written to the external memory of the security device in the communication system according to the third embodiment.
  • FIG. 1 is a block diagram showing a schematic configuration of a communication system 1A according to the first embodiment of the present invention.
  • the communication system 1A includes a host device (hereinafter referred to as HOST) 2 having confidential data D, and a hardware security module (hereinafter referred to as HSM) 4 which is interconnected with HOST 2 via a network 3.
  • HOST 2 is a personal computer (PC), a microcomputer (commonly known as a microcomputer), or the like, and is a main control device in a system such as communication processing or sensor processing via a network 3 or the like.
  • the HSM4 is a security device configured by aggregating security-related components among the components of HOST2, and generally, in a communication system interconnected by a network, concealment of data and packets transferred on the network. It establishes sex and safety.
  • the HSM4 is also called a security unit, a security module, or a hardware security unit.
  • HOST2 includes a device that controls HSM4, such as HSM that becomes HOST.
  • HOST 2 has a CPU 2a which is an arithmetic unit, a read-only memory (ROM) 2b, a temporary storage memory (RAM) 2c, a communication processing circuit 2d, and an OTP encryption function block 2e.
  • the secret data D is stored in the temporary storage memory 2c.
  • the OTP encryption function block 2e includes a public key encryption IP and a simple OTP encryption IP, and in the OTP encryption IP, a random number used in an encryption method called One Time Pad is generated by software as an OTP key.
  • the OTP encryption function block 2e does not necessarily have to include the OTP encryption IP, and may be configured to acquire an OTP key from another device. After using the public key and OTP key in HOST2, they can be deleted without saving.
  • the communication processing circuit 2d includes a transmission circuit and a reception circuit for communicating with other devices via the network 3.
  • the communication standard of the network 3 is SPI, CAN, I2C, UART, USB, Ethernet, Bluetooth (registered trademark), etc., and the type thereof does not matter.
  • the HSM 4 includes an internal memory 4a, a cryptographic processing IP (Crypto IP: encryption / decryption function) 4b, and a random number generator 4c inside, and has an external memory 5 outside.
  • the internal memory 4a includes a RAM and a ROM.
  • the external memory 5 is composed of an EEPROM called a programmable ROM, a flash ROM, a DDR used as a temporary storage memory and called a RAM, an RDRAM, a DRAM, an asynchronous DRAM, a SRAM, and the like.
  • the network 3 interposed between the HOST 2 and the HSM 4 has a risk of eavesdropping, but the HSM 4 and the external memory 5 are connected by a communication path other than the network 3 that is not available to the public.
  • Cryptographic processing IP4b is a functional block having a data encryption function and a decryption function necessary for encrypting communication in network 3, and uses random numbers generated by the random number generator 4c for encrypted communication with HOST2. Generate a public and private key to be used. The generated public key is stored and stored in the internal memory 4a or the external memory 5, and the private key is stored and stored in the internal memory 4a.
  • the cryptographic processing IP4b is composed of software or hardware, but in the present embodiment, the cryptographic processing IP4b is composed of hardware together with the random number generator 4c. Therefore, the HSM 4 is not provided with an arithmetic unit such as the CPU 2a in the HOST 2. Therefore, the HSM 4 is configured to be compact.
  • the random number generator 4c is composed of a physical random number source, and generates physical random numbers by heat-induced white noise, photon / electron shot noise, quantum noise, fan noise, and the like.
  • HOST2 When storing the secret data D on the HSM4 side, HOST2 requests the generation of the encryption key required for encrypted communication in step s1. This key generation request step s1 is not always necessary, and is not necessary when the key is automatically generated when the HSM 4 is started.
  • the HSM4 generates the public key and the private key in step s2 before receiving the secret data D from HOST2.
  • HOST2 requests HSM4 to transmit the public key generated by HSM4 in step s3.
  • the HSM 4 transmits the public key stored in the internal memory 4a or the external memory 5 to the HOST 2 via the network 3 in step s4. At this time, the public key may be eavesdropped on the network 3.
  • the HOST 2 that has received the public key encrypts the secret data D with the received public key in step s5, and transmits the encrypted secret data D as encrypted data to the HSM 4 via the network 3 in step s6.
  • the HSM 4 that has received the encrypted secret data D stores the received secret data D in the internal memory 4a or the external memory 5 in step s7 in a state of being encrypted with the public key.
  • HSM4 When HOST2 sends a memory selection command to HSM4 at the same time as transmission of secret data D in step s6 or in advance, HSM4 sends the received secret data D to either the internal memory 4a or the external memory 5. You can choose to save.
  • the secret data D is usually stored in the external memory 5.
  • the HSM 4 decrypts the received secret data D with the private key and then separately generates the decrypted secret data D. It may be re-encrypted with the public key, or the received secret data D may be further encrypted by using an encryption mode and stored in the internal memory 4a or the external memory 5.
  • FIG. 3 is an operation sequence diagram of a read process performed by transmitting the secret data D stored in the HSM 4 from the HSM 4 to the HOST 2.
  • the HOST2 When reading the secret data D stored in the internal memory 4a or the external memory 5 to the HOST2 side, the HOST2 generates an OTP key in step S11 by the OTP encryption function block 2e, or acquires an OTP key from another device. To do. The HOST2 then encrypts the generated or acquired OTP key in step s12 with the public key received from the HSM4. Then, the encrypted OTP key is transmitted to the HSM 4 in step s13 via the network 3. The HSM 4 reads the secret data D from the internal memory 4a or the external memory 5 in step s14, and decodes the secret data D in step s15 with the stored private key.
  • the OTP key received from HOST2 encrypted by the public key is decrypted in step s15 by the stored private key.
  • the HSM4 encrypts the decrypted secret data D with the decrypted OTP key to obtain OTP encrypted data, and transmits the OTP encrypted data to HOST2 in step s17.
  • the HOST 2 decrypts the OTP encrypted data received from the HSM 4 with the temporarily stored OTP key and reads out the secret data D.
  • the HOST 2 uses the public key received from the HSM 4 to store the secret data.
  • D is encrypted and transmitted to HSM4, and HSM4 stores and stores the encrypted secret data D received from HOST2 in the external memory 5.
  • the HOST2 when reading the secret data D stored in the external memory 5 to the HOST2 side, the HOST2 receives the generated or acquired OTP key from the HSM4 side as a public key. Encrypted by and transmitted to HSM4. The HSM4 decrypts the OTP key received from HOST2 with the private key, reads the secret data D from the external memory 5, decrypts it with the secret key, encrypts the decrypted secret data D with the decrypted OTP key, and transfers it to HOST2. Send.
  • the public key and the private key used for the encrypted communication between HOST 2 and HSM 4 are stored in HSM 4 instead of being stored in HOST 2. Therefore, the memory capacity of the memories 2b, 2c, etc. required for HOST 2 is suppressed by the amount of the encryption key. Further, although the encryption key generation process generally takes time, the HOST2 process is reduced by having the HSM4 take charge of this generation process. Further, HOST2 performs encryption processing of the secret data D in step s5 using the public key received from HSM4, but even if the public key is deleted after this encryption processing, it can be obtained from HSM4 again, so that the memory It is not necessary to save it in 2c or the like. If HOST2 saves the public key, it is not necessary to reacquire it from HSM4. Therefore, HOST2 may save the public key in order to increase the communication processing speed.
  • the transmission of the secret data D possessed by HOST2 to HSM4 is performed by transmitting the public key stored in HSM4 to HOST2 and encrypting the secret data D in HOST2 with the public key.
  • the secret data D stored in the external memory 5 of the HSM4 is encrypted by the OTP key supplied from the HOST2, transmitted from the HSM4 side to the HOST2, and decrypted by the OTP key in the HOST2.
  • the communication between the HOST 2 and the HSM 4 in the network 3 is performed in a secret state, and the communication between the HSM 4 and the external memory 5 is performed in the network 3. Because it is not done in, it is not exposed to the threat of eavesdropping from the outside. Further, by storing the stored contents of the confidential data D, which changes depending on the device to which the communication system 1A is applied, in the external memory 5, the internal memory 4a of the HSM4 is appropriately set for each device to which the communication system 1A is applied. It is no longer necessary to redesign the HSM4, the versatility of the HSM4 is increased, and the product cost of the communication system 1A is reduced.
  • the HSM 4 can store the secret data D received from the HOST 2 in the encrypted state in the external memory 5, so that the secret data D can be saved while maintaining the communication processing speed.
  • the private key when public key cryptography is used, the private key must be stored and managed in order to be decrypted, but when the private key is stored and managed in HOST2, the memory area of HOST2 is occupied. It will be.
  • the HOST2 only needs to temporarily store the OTP key. Therefore, it is not necessary to store and manage the OTP key in HOST2 and HSM4, and the encryption key only needs to be stored and managed in HSM4 for the public key and the private key. For this reason, the demand for security measures taken on the HOST2 side is reduced, and the security measures need to be focused on the HSM4 side, so that the development cost of the communication system 1A can be reduced.
  • the random number generator 4c in HSM4 is composed of a physical random number source called QRNG or TRNG.
  • QRNG physical random number source
  • the internal memory 4a of HSM4 needs a storage capacity to store the software, but when random numbers are generated by a physical random number source, a physical phenomenon occurs. Is used and the software is not used, so that the capacity for storing the software in the internal memory 4a of the HSM4 is not required.
  • an arithmetic unit such as a CPU for executing software is not required for the HSM4.
  • the random number generator 4c since the calculation time is not required to generate the random number by the physical random number source, the random number generator 4c generates the random number at a higher speed than the case where the random number is generated by software.
  • the random numbers generated by the software are related to each other, and it is easy to infer another random number from one random number, but the random numbers generated by the physical random number source are generated without mutual relation. , It is difficult to guess other random numbers from one random number, and the independence is high. Therefore, according to the random number generator 4c of the present embodiment, a high-quality private key and public key can be generated at high speed and with low power consumption without increasing the memory capacity of the internal memory 4a of the HSM4. Further, since the private key and the public key are generated and stored and managed inside the HSM4, the confidentiality of the data communication can be improved.
  • FIG. 4 is a block diagram showing a schematic configuration of the communication system 1B according to the second embodiment of the present invention.
  • the same or corresponding parts as those in FIG. 1 are designated by the same reference numerals, and the description thereof will be omitted.
  • Communication system 1B differs from communication system 1A according to the first embodiment only in that HOST 2 includes a second HOST 6 that is network-connected to each other via HOST 2.
  • the second HOST 6 is connected to the HOST 2 via a network 7 similar to the network 3.
  • Other configurations are the same as those of the communication system 1A according to the first embodiment.
  • the second HOST6 is a HOST that is different from the HOST2 and the HSM4 and is not directly connected to the HSM4, such as a server, a cloud, a PC different from the one constituting the HOST2, and an HSM different from the HSM4.
  • the secret data D possessed by HOST 2 is written from HOST 2 to the HSM 4 side as shown in the operation sequence diagram of FIG. 2, and HSM 4 is also written in the same manner as in the first embodiment.
  • the secret data D stored in is read from HSM4 to HOST2 as shown in the operation sequence diagram of FIG.
  • the secret data D possessed by HOST 2 is further transmitted to the second HOST 6.
  • the HOST2 When the secret data D is transmitted to the second HOST6, the HOST2 requests the generation of the encryption key required for the encrypted communication in step s21.
  • This key generation request step s21 is not always necessary, and is not necessary when the key is automatically generated when the HSM4 is started.
  • the HSM 4 generates the public key and the private key in step s22 before receiving the secret data D from the HOST 2.
  • the second HOST 6 has a second public key S and a second private key used for encrypted communication with the HOST 2, and transmits the second public key S to the HOST 2 in step s23 via the network 7.
  • the HOST 2 that has received the second public key S from the second HOST 6 transmits the received second public key S to the HSM 4 in step s24 via the network 3.
  • the second public key S may be eavesdropped on the networks 3 and 7.
  • the HSM 4 stores the received second public key S in the internal memory 4a or the external memory 5 in step s25.
  • HOST2 requests HSM4 to send the public key M generated and stored by HSM4.
  • the HSM 4 transmits the public key M stored in the internal memory 4a or the external memory 5 to the HOST 2 via the network 3 in step s26.
  • the HOST 2 that has received the public key M from the HSM 4 transmits the received public key M to the second HOST 6 in step s27 via the network 7.
  • the public key M may be eavesdropped on the networks 3 and 7.
  • the second HOST 6 stores the received public key M.
  • the key exchange between the public key M and the second public key S is performed between HOST 2 and the second HOST 6.
  • HOST2 does not store and manage the public key M and the second public key S
  • HSM4 does this.
  • the HOST2 When transmitting the secret data D to the second HOST6, the HOST2 requests the transmission of the public key M stored in the HSM4 in step s28.
  • the HSM 4 transmits the public key M to be stored in response to this request to the HOST 2 in step s29.
  • HOST2 Upon receiving the public key M, HOST2 encrypts the held secret data D with the public key M in step s30.
  • the HOST 2 may temporarily store one or both of the public key M and the second public key S in order to speed up the communication process.
  • the processing of steps s28 and s29 is arbitrary, and HOST2 encrypts the held secret data D with the stored public key M in step s30.
  • HOST2 transmits the secret data D encrypted with the public key M as the encrypted data M to the HSM 4 in step s31.
  • the HSM 4 decrypts the received encrypted data M with a private key stored as a pair with the public key M, and encrypts the decrypted secret data D with the second public key S received from the second HOST 6 and stored in step s32.
  • the secret data D encrypted with the second public key S is transmitted to HOST2 in step s33 as encrypted data S.
  • HOST 2 transmits the received encrypted data S as encrypted data to the second HOST 6 in step s34.
  • HOST2 When HOST2 temporarily stores the second public key S, HOST2 encrypts the secret data D held by the second public key S in step s30, and encrypts the data D without performing steps s31 to s33.
  • the data is immediately transmitted to the second HOST 6 in step s34.
  • steps s31 to s33 are arbitrary.
  • the second HOST 6 that has received the encrypted data is decrypted with the second private key stored in pairs with the second public key S, and the secret data D is acquired.
  • the HOST 2 receives the second public key S used for the encrypted communication with the second HOST 6 from the second HOST 6 and HSM4. Receives the public key M stored by the HSM 4 from the HSM 4 and transmits it to the second HOST 6. Then, when the secret data D is transmitted to the second HOST 6, the HOST 2 encrypts the secret data D with the second public key S and transmits it to the second HOST 6, or encrypts the secret data D with the public key M and sends it to the HSM 4. The data is transmitted, and the secret data D decrypted by the HSM 4 with the private key and encrypted with the second public key S is transmitted to the second HOST 6.
  • the same operation and effect as that of the communication system 1A according to the first embodiment is exhibited.
  • the public key M and the private key used for the encrypted communication between HSM4 and HOST2, and the second public key S used for the encrypted communication between HOST2 and the second HOST6 Is stored in HSM4 instead of being stored in HOST2. Therefore, the memory capacity required for HOST 2 is suppressed by the amount of these encryption keys.
  • the transmission of the secret data D possessed by the HOST 2 to the second HOST 6 is performed by the HOST 2 encrypting the secret data D with the second public key S.
  • the secret data D is once encrypted and transmitted from the HOST 2 to the HSM 4 by the public key M, decrypted by the HSM 4, and then the secret data D is encrypted by the second public key S. Therefore, according to the communication system 1B of the second embodiment, the communication in the networks 3 and 7 between the HOST 2 and the HSM 4 and the second HOST 6 is performed in a secret state. Therefore, according to the communication system 1B of the second embodiment, even if the memory capacity of the HOST 2 is small, the confidential data D of the HOST 2 can be transmitted to the second HOST 6 while maintaining the confidentiality.
  • the HSM 4 can directly read the secret data D from the external memory 5 and transmit it to the second HOST 6.
  • the HSM 4 is a private key that is stored as a pair with the public key M, and is a second public key that decodes the secret data D read from the external memory 5 and receives and stores the decoded secret data D from the second HOST 6.
  • the encryption is performed in step s32.
  • the secret data D encrypted with the second public key S is transmitted to HOST2 in step s33, and HOST2 transmits it to the second HOST6 in step s34.
  • HOST2 transmits it to the second HOST6 in step s34.
  • FIG. 6 is an operation sequence diagram when transmitting the secret data D possessed by the second HOST 6 to the HOST 2 in the above communication system 1B.
  • steps s21 to s27 are the same as those in the operation sequence diagram shown in FIG. 5, and in these processes, the public key M and the second public key S are exchanged between the HOST 2 and the second HOST 6.
  • the second HOST 6 encrypts the secret data D held by the exchanged public key M in step s41 and transmits the encrypted data to HOST2 in step s42.
  • the HOST 2 that has received the encrypted data transmits the received encrypted data to the HSM 4 in step s43.
  • HOST2 generates an OTP key in step S44 by the OTP encryption function block 2e, or acquires an OTP key from another device. Then, HOST2 requests the transmission of the public key M stored in HSM4 in step s45. The HSM 4 transmits the public key M to be stored in response to this request to the HOST 2 in step s46. Upon receiving the public key M, HOST2 encrypts the generated or acquired OTP key with the public key M in step s47. The HOST 2 may temporarily store the public key M in order to speed up the communication process. When the public key M is stored, the processing of steps s45 and s46 is arbitrary, and HOST2 encrypts the OTP key with the stored public key M in step s47.
  • HOST2 transmits the OTP key encrypted with the public key M to HSM4 in step s48.
  • the HSM4 decrypts the encrypted data received in step s43 and the encrypted OTP key received in step 48 with the private key stored in pair with the public key M in step s49, respectively.
  • the decrypted encrypted data is encrypted in step s50 with the decrypted OTP key.
  • the secret data D encrypted with the OTP key is transmitted to HOST2 in step s51 as OTP encrypted data.
  • the HOST 2 decrypts the OTP encrypted data received from the HSM 4 with the temporarily stored OTP key and reads out the secret data D.
  • the HOST 2 receives the second public key S used for the encrypted communication with the second HOST 6 from the second HOST 6 and HSM4. Receives the public key M stored by the HSM 4 from the HSM 4 and transmits it to the second HOST 6.
  • the HOST 2 receives the secret data D encrypted by the public key M from the second HOST 6 and transmits the secret data D to the HSM4, and the generated or acquired OTP key is transmitted from the HSM4. It is encrypted by the received public key M and transmitted to HSM4.
  • the HSM4 decrypts the secret data D and the OTP key received from HOST2 by the secret key, respectively, and transmits the secret data D encrypted by the decrypted OTP key to HOST2.
  • the transmission of the secret data possessed by the second HOST 6 to the HOST 2 is transmitted from the second HOST 6 to the HSM 4 via the HOST 2 after the secret data D is encrypted by the public key M.
  • the secret data D decrypted by HSM4 is encrypted by the OTP key received from HOST2 and transmitted from HSM4 to HOST2. Therefore, according to the communication system 1B of the second embodiment, even when the secret data D possessed by the second HOST 6 is transmitted to the HOST 2, the communication in the networks 3 and 7 between the HOST 2 and the HSM 4 and the second HOST 6 is in a secret state. It is done in.
  • the second HOST 6 maintains the confidentiality.
  • the secret data D to be possessed can be transmitted to HOST2.
  • FIG. 7 is a block diagram showing a schematic configuration of the communication system 1C according to the third embodiment of the present invention.
  • the same or corresponding parts as those in FIG. 1 are designated by the same reference numerals, and the description thereof will be omitted.
  • Communication system 1C differs from communication system 1A according to the first embodiment only in that HOST 2 is directly connected to the external memory 5 via a network 8 similar to network 3. Other configurations are the same as those of the communication system 1A according to the first embodiment.
  • the secret data D held by HOST 2 is directly transmitted and written to the external memory 5 of the HSM 4. That is, when the confidential data D held by HOST2 is stored on the HSM4 side, HOST2 requests the generation of the key required for encrypted communication in step s61.
  • This key generation request step s61 is not always necessary, and is not necessary when the key is automatically generated when the HSM 4 is started.
  • the HSM4 performs key generation of the public key and the private key in step s62. Then, the generated public key is saved in the external memory 5 in step s63.
  • HOST 2 directly accesses the public key stored in the external memory 5 and reads it from the external memory 5, and encrypts the secret data D in step s64 with the read public key. Then, the encrypted secret data D is directly accessed to the external memory 5 and saved in the external memory 5 in step s65.
  • the HOST 2 can also request in step s66 to transmit the public key generated by HSM4 to HSM4 after the key is generated in step s62 without reading the public key directly from the external memory 5.
  • the HSM 4 stores the public key in the external memory 5 in step s63, and transmits the public key to HOST 2 in step s67 via the network 3.
  • HOST2 encrypts the secret data D held by the public key received from HSM4 in step s64.
  • the HOST 2 can also transmit the encrypted secret data D as encrypted data to the HSM 4 in step s68 without directly storing the encrypted secret data D in the external memory 5.
  • the HSM 4 stores the received encrypted data in the external memory 5 or the internal memory 4a in step s69.
  • the reading of the encrypted data directly stored in the external memory 5 to HOST 2 is performed in the same manner as in the operation sequence diagram shown in FIG.
  • the HOST 2 directly accesses the external memory 5 in step s13 and directly transmits the OTP key encrypted in step s12 by the public key to the external memory 5 in step s13 instead of transmitting the OTP key encrypted in step s12 to the HSM 4 in step s13 via the network 3.
  • the OTP key encrypted in step s12 by the public key can be directly stored in the external memory 5.
  • the secret data D encrypted by the public key stored directly in the external memory 5 in step s65 is read from the external memory 5 by HSM4 in step s14 and decrypted in step s15 by the private key stored by HSM4.
  • the OTP key encrypted by the public key stored in the external memory 5 is read from the external memory 5 by the HSM 4 in step s15 and decrypted by the private key stored in the HSM 4.
  • the decrypted secret data D is encrypted by the decrypted OTP key to be OTP encrypted data, and the OTP encrypted data is transmitted to HOST 2 in step s17.
  • the HOST 2 decrypts the OTP encrypted data received from the HSM 4 with the temporarily stored OTP key and reads out the secret data D.
  • the HOST 2 is stored in the external memory 5 when the secret data D held by the HOST 2 is stored on the HSM4 side as shown in the operation sequence diagram shown in FIG.
  • the public key is directly accessed to the external memory 5 and read from the external memory 5, and the secret data D encrypted by the read public key is directly accessed to the external memory 5 and stored in the external memory 5.
  • the HOST2 directly accesses the external memory 5 and encrypts the generated or acquired OTP key with the public key read from the external memory 5.
  • the HSM4 decrypts the OTP key received from HOST2 with the private key, reads the secret data D from the external memory 5, decodes it with the private key, and decodes the decrypted secret data D with the OTP key. It is encrypted by and sent to HOST2.
  • the public key and the private key used for the encrypted communication between HOST2 and HSM4 are stored in HSM4 without being stored in HOST2. Therefore, the memory capacity required for HOST 2 is suppressed by the amount of the encryption key.
  • the public key stored in the external memory 5 of the HSM4 is directly read by the HOST2, and the secret data D is encrypted by the public key in the HOST2 to the outside. This is done by writing directly to memory 5. Further, the encrypted secret data D stored in the external memory 5 is decrypted by the HSM4, then encrypted with the OTP key sent from the HOST2 after being encrypted with the public key, and is encrypted from the HSM4 side. It is transmitted to HOST2 and decrypted by the OTP key in HOST2.
  • the communication between the HOST 2 and the external memory 5 in the network 8 is performed in a secret state, and the communication between the HSM 4 and the external memory 5 is not performed in the networks 3 and 8, so that the communication from the outside is performed. You are not exposed to the threat of eavesdropping. Further, by storing the storage contents that change depending on the device to which the communication system 1C is applied in the external memory 5, the internal memory 4a of the HSM 4 is redesigned to be appropriate for each device to which the communication system 1C is applied. The need is eliminated, the versatility of the HSM4 is increased, and the product cost of the communication system 1C is reduced.
  • the communication system 1C according to the third embodiment communication can be performed while maintaining confidentiality even if the memory capacity of HOST2 is small, and the internal memory 4a of the HSM4 is used by the device to which the communication system 1C is applied. It is possible to provide a communication system 1C that does not need to be redesigned, has high versatility, and reduces product cost. Further, unlike the communication system 1A according to the first embodiment, according to the communication system 1C according to the third embodiment, the encrypted secret data D can be stored in the external memory 5 without going through the HSM 4. Communication processing can be performed at high speed and with low power consumption.
  • the HOST 2 may be configured to encrypt the secret data D into homomorphic encryption by the public key read from the external memory 5.
  • Homomorphic encryption can perform a predetermined analysis such as AI (artificial intelligence) analysis in a state of being encrypted with a public key without performing decryption processing. Therefore, in this case, HOST2 eliminates the OTP encryption / decryption sequence without accessing HSM4, reads the confidential data D directly from the external memory 5 while maintaining confidentiality, and encrypts it with homomorphic encryption.
  • Predetermined analysis of the secret data D can be performed in a short time, that is, at high speed and with low power consumption.
  • the true data value of the secret data D requires an OTP encryption / decryption sequence as shown in the operation sequence diagram shown in FIG. 3, and the data read processing from the HSM 4 in the communication system 1A according to the first embodiment. It will follow the same sequence.
  • the HOST 2 and the external memory 5 are directly connected by the network 8 as in the communication system 1C according to the third embodiment.
  • encrypted data such as homomorphic encryption can be stored directly from HOST 2 via network 8 in external memory 5, or from external memory 5 directly to HOST 2 via network 8. It is possible to read encrypted data such as homomorphic encryption and perform a predetermined analysis at high speed and with low power consumption without using HSM4. Further, as shown in the operation sequence diagram shown in FIG. 3, the confidential data D stored in the external memory 5 can be read out to HOST 2 while maintaining confidentiality.

Abstract

Provided is a communication system with which communication can be performed with confidentiality maintained, even if the memory capacity of a host device is low, with which the design of internal memory in a security device does not need to be redesigned depending on the equipment being utilized, and which is highly versatile and has reduced manufacturing costs. In a communication system 1A, when confidential data D are to be stored to an HSM 4 side, a host 2 encrypts the confidential data using a public key and sends the encrypted confidential data D to the HSM 4, and the HSM 4 stores the received encrypted confidential data D in an external memory 5. Further, when the confidential data D stored in the external memory 5 are to be read to the host 2 side, the host 2 encrypts an OTP key using the public key, and sends the encrypted OTP key to the HSM 4. The HSM 4 decrypts the received OTP key using a private key, reads the confidential data D from the external memory 5 and decrypts the same using the private key, encrypts the decrypted confidential data D using the decrypted OTP key, and sends the encrypted confidential data D to the host 2.

Description

通信システムCommunications system
 本発明は、ホスト装置とセキュリティ装置とを備えてこれら装置間でネットワークを介して秘匿データの暗号化通信を行う通信システムに関するものである。 The present invention relates to a communication system provided with a host device and a security device and performing encrypted communication of confidential data between these devices via a network.
 従来、この通信システムとしては、例えば、特許文献1に開示されたものがある。 Conventionally, as this communication system, for example, there is one disclosed in Patent Document 1.
 同文献の図8に記載された通信システムでは、公開鍵暗号方式を用いた通信によってホスト装置とセキュリティ装置との双方を認証した後に、共通鍵の交換が行われる。すなわち、ホスト装置は、暗号IP(Crypt IP)によって公開鍵と秘密鍵を生成し、生成した公開鍵をセキュリティ装置であるHSM(ハードウエアセキュリティーモジュール)へ送信する。HSMは、乱数発生回路によって乱数を生成し、生成した乱数を受信した公開鍵を使って暗号IPによって暗号化し、ホスト装置へチャレンジデータとして送信する。ホスト装置は、受信したチャレンジデータを、秘密鍵を用いて暗号IPによって復号化し、レスポンスデータを生成してHSMへ送信する。HSMでは、受信したレスポンスデータを検証し、ホスト装置が真正な通信装置であることを確認する。その後、HSMは、乱数発生回路によって乱数を生成し、共通鍵を使って暗号IPによって乱数を暗号化して、ホスト装置に送信する。ホスト装置は、受信した暗号化された乱数を、事前にHSMと共有している共通鍵を用いて復号化する。 In the communication system described in FIG. 8 of the same document, a common key is exchanged after both the host device and the security device are authenticated by communication using a public key cryptosystem. That is, the host device generates a public key and a private key by cryptographic IP (Crypt IP), and transmits the generated public key to the HSM (hardware security module) which is a security device. The HSM generates a random number by a random number generation circuit, encrypts the generated random number by a cryptographic IP using the received public key, and transmits the generated random number as challenge data to the host device. The host device decrypts the received challenge data by the encrypted IP using the private key, generates the response data, and transmits it to the HSM. The HSM verifies the received response data and confirms that the host device is a genuine communication device. After that, the HSM generates a random number by the random number generation circuit, encrypts the random number by the cryptographic IP using the common key, and transmits the random number to the host device. The host device decrypts the received encrypted random number using the common key shared with the HSM in advance.
特開2016-158204号公報Japanese Unexamined Patent Publication No. 2016-15824
 しかしながら、特許文献1に開示された従来の通信システムでは、ホスト装置側およびセキュリティ装置側の両方に、公開鍵、秘密鍵および共通鍵といった暗号鍵を保存しなくてはならなかった。したがって、ホスト装置側およびセキュリティ装置側の両方に、CPUやROM・RAM、および暗号IP(Crypt IP)を搭載する必要があった。このため、暗号鍵の情報量が大きくなる耐量子計算機暗号(PQC)などを用いた通信システムでは、ホスト装置の内部メモリの容量が小さいと、暗号鍵を保存しておく領域が足りなくなる。 However, in the conventional communication system disclosed in Patent Document 1, cryptographic keys such as a public key, a private key, and a common key must be stored on both the host device side and the security device side. Therefore, it is necessary to mount a CPU, ROM / RAM, and an encrypted IP (Crypt IP) on both the host device side and the security device side. Therefore, in a communication system using quantum computer encryption (PQC) or the like in which the amount of information of the encryption key is large, if the capacity of the internal memory of the host device is small, the area for storing the encryption key becomes insufficient.
 また、セキュリティ装置では、保存する暗号鍵を秘匿するため、装置外に暗号鍵を晒さないように1チップに構成する必要があった。したがって、1チップに構成されるセキュリティ装置は、通信システムが適用される機器毎に、その機器に特有の秘匿データを記憶する内部メモリを適切なものに設計し直さなくてはならなず、適用される製品毎にカスタム品となって通信システムの製品コストが高くなってしまう。そのため、セキュリティ装置に外部メモリを備え、通信システムが適用される機器によって変わる記憶内容を外部メモリに保存することが考えられるが、セキュリティ装置と外部メモリとの間の通信路において、盗聴されるおそれがある。一方、この盗聴を防止するため、外部メモリに暗号IPを持たせてセキュリティ装置と外部メモリとの間の通信を暗号化すると、セキュリティ装置側における暗号IPの負担が大きくなって、セキュリティ装置側のメモリ容量が増大してしまう。 In addition, in the security device, in order to conceal the encrypted key to be stored, it was necessary to configure one chip so as not to expose the encrypted key to the outside of the device. Therefore, the security device configured on one chip must redesign the internal memory that stores the confidential data peculiar to the device for each device to which the communication system is applied, and apply it. It becomes a custom product for each product to be manufactured, and the product cost of the communication system becomes high. Therefore, it is conceivable that the security device is provided with an external memory and the stored contents that change depending on the device to which the communication system is applied are stored in the external memory, but there is a risk of eavesdropping in the communication path between the security device and the external memory. There is. On the other hand, in order to prevent this eavesdropping, if the external memory has an encrypted IP to encrypt the communication between the security device and the external memory, the burden of the encrypted IP on the security device side becomes large, and the security device side The memory capacity will increase.
 本発明は、このような課題を解消するためになされたもので、ホスト装置側のメモリ容量が少なくても秘匿性を保った通信が行えて、しかも、通信システムが適用される機器によってセキュリティ装置側の内部メモリを設計し直す必要の無い通信システムを提供することを目的とする。 The present invention has been made to solve such a problem, and it is possible to perform communication while maintaining confidentiality even if the memory capacity on the host device side is small, and a security device depending on the device to which the communication system is applied. The purpose is to provide a communication system that does not require redesigning the internal memory on the side.
 このために、本発明は、
秘匿データを有するホスト装置と、ホスト装置とネットワークで相互に接続される、ホスト装置との暗号化通信に用いる公開鍵および秘密鍵を乱数生成器によって生成して保管するセキュリティ装置とを備え、
秘匿データのセキュリティ装置側への保管時、ホスト装置は、セキュリティ装置から受信した公開鍵を使って秘匿データを暗号化してセキュリティ装置へ送信し、セキュリティ装置は、ホスト装置から受信した暗号化された秘匿データを外部メモリに記憶して保管し、
外部メモリに保管された秘匿データのホスト装置側への読み出し時、ホスト装置は、生成したまたは取得したワンタイムパッド鍵を公開鍵によって暗号化してセキュリティ装置へ送信し、セキュリティ装置は、ホスト装置から受信したワンタイムパッド鍵を秘密鍵によって復号化し、秘匿データを外部メモリから読み出して秘密鍵によって復号化し、復号化した秘匿データを復号化したワンタイムパッド鍵によって暗号化してホスト装置へ送信する通信システムを構成した。 To this end, the present invention
It is equipped with a host device that has confidential data and a security device that is connected to the host device via a network and generates and stores a public key and a private key used for encrypted communication with the host device by a random number generator.
When storing the confidential data on the security device side, the host device encrypts the confidential data using the public key received from the security device and sends it to the security device, and the security device receives the encrypted data from the host device. Confidential data is stored in an external memory and stored,
When reading the confidential data stored in the external memory to the host device side, the host device encrypts the generated or acquired one-time pad key with the public key and sends it to the security device, and the security device sends it to the security device from the host device. Communication that decrypts the received one-time pad key with the private key, reads the secret data from the external memory, decrypts it with the private key, encrypts the decrypted secret data with the decrypted one-time pad key, and sends it to the host device. I configured the system.
 本構成によれば、ホスト装置とセキュリティ装置との間の暗号化通信に用いられる公開鍵および秘密鍵は、ホスト装置に記憶されずにセキュリティ装置に記憶される。このため、ホスト装置に必要とされるメモリ容量は暗号鍵の分だけ抑制される。また、ホスト装置が有する秘匿データのセキュリティ装置への送信は、秘匿データが公開鍵によって暗号化されて行われる。また、セキュリティ装置の外部メモリに保管された秘匿データは、ホスト装置から供給されるワンタイムパッド鍵によって暗号化されてセキュリティ装置側からホスト装置へ送信され、ホスト装置でワンタイムパッド鍵によって復号化される。 According to this configuration, the public key and private key used for encrypted communication between the host device and the security device are stored in the security device instead of being stored in the host device. Therefore, the memory capacity required for the host device is suppressed by the amount of the encryption key. Further, the secret data possessed by the host device is transmitted to the security device by encrypting the secret data with the public key. In addition, the confidential data stored in the external memory of the security device is encrypted by the one-time pad key supplied from the host device, transmitted from the security device side to the host device, and decrypted by the host device using the one-time pad key. Will be done.
 したがって、ホスト装置とセキュリティ装置との間のネットワークにおける通信は秘匿状態で行われ、また、セキュリティ装置と外部メモリとの間の通信は、ネットワークで行われないために、外部からの盗聴脅威に晒されることはない。また、通信システムが適用される機器によって変わる秘匿データの記憶内容を外部メモリに保存しておくことで、通信システムが適用される機器毎に、セキュリティ装置の内部メモリを適切なものに設計し直す必要は無くなり、セキュリティ装置の汎用性が高まって通信システムの製品コストが低減されるようになる。このため、ホスト装置のメモリ容量が少なくても秘匿性を保った通信が行えて、しかも、通信システムが適用される機器によってセキュリティ装置の内部メモリを設計し直す必要の無い、汎用性が高くて製品コストが低減される通信システムを提供することができる。 Therefore, the communication between the host device and the security device in the network is performed in a confidential state, and the communication between the security device and the external memory is not performed in the network, so that it is exposed to the threat of eavesdropping from the outside. Will not be. In addition, by storing the stored contents of confidential data that change depending on the device to which the communication system is applied in the external memory, the internal memory of the security device is redesigned to an appropriate one for each device to which the communication system is applied. The need is eliminated, the versatility of the security device is increased, and the product cost of the communication system is reduced. Therefore, even if the memory capacity of the host device is small, communication can be performed with confidentiality, and the internal memory of the security device does not need to be redesigned depending on the device to which the communication system is applied, which is highly versatile. It is possible to provide a communication system in which the product cost is reduced.
 また、本発明は、
秘匿データを有するホスト装置と、ホスト装置とネットワークで相互に接続される、ホスト装置との暗号化通信に用いる公開鍵および秘密鍵を乱数生成器によって生成して保管するセキュリティ装置とを備え、
セキュリティ装置は公開鍵を外部メモリに保管し、
秘匿データのセキュリティ装置側への保管時、ホスト装置は、外部メモリに保管された公開鍵を外部メモリに直接アクセスして外部メモリから読み出し、読み出した公開鍵によって暗号化した秘匿データを外部メモリに直接アクセスして外部メモリに保管し、
外部メモリに保管された秘匿データのホスト装置側への読み出し時、ホスト装置は、外部メモリに直接アクセスして外部メモリから読み取った公開鍵により、生成したまたは取得したワンタイムパッド鍵を暗号化してセキュリティ装置へ送信し、セキュリティ装置は、ホスト装置から受信したワンタイムパッド鍵を秘密鍵によって復号化し、秘匿データを外部メモリから読み出して秘密鍵によって復号化し、復号化した秘匿データを復号化したワンタイムパッド鍵によって暗号化してホスト装置へ送信する通信システムを構成した。 In addition, the present invention
It is equipped with a host device that has confidential data and a security device that is connected to the host device via a network and generates and stores a public key and a private key used for encrypted communication with the host device by a random number generator.
The security device stores the public key in external memory
When storing the secret data on the security device side, the host device directly accesses the public key stored in the external memory, reads it from the external memory, and directly accesses the confidential data encrypted by the read public key. And store it in external memory
When reading the confidential data stored in the external memory to the host device side, the host device directly accesses the external memory and encrypts the generated or acquired one-time pad key with the public key read from the external memory for security. One-time transmission to the device, the security device decrypts the one-time pad key received from the host device with the private key, reads the secret data from the external memory, decrypts it with the private key, and decrypts the decrypted secret data. A communication system that is encrypted with a pad key and transmitted to the host device is configured.
 本構成によっても、ホスト装置とセキュリティ装置との間の暗号化通信に用いられる公開鍵および秘密鍵は、ホスト装置に記憶されずにセキュリティ装置に記憶される。このため、ホスト装置に必要とされるメモリ容量は暗号鍵の分だけ抑制される。また、ホスト装置が有する秘匿データのセキュリティ装置側への送信は、セキュリティ装置の外部メモリに記憶される公開鍵がホスト装置によって直接読み出され、ホスト装置において秘匿データが公開鍵によって暗号化されて、外部メモリに直接書き込まれることで行われる。また、外部メモリに保管された暗号化された秘匿データは、セキュリティ装置によって復号化された後、ホスト装置から公開鍵で暗号化されて送られて来るワンタイムパッド鍵で暗号化されて、セキュリティ装置側からホスト装置へ送信され、ホスト装置でワンタイムパッド鍵によって復号化される。 Even with this configuration, the public key and private key used for encrypted communication between the host device and the security device are stored in the security device instead of being stored in the host device. Therefore, the memory capacity required for the host device is suppressed by the amount of the encryption key. Further, when the secret data of the host device is transmitted to the security device side, the public key stored in the external memory of the security device is directly read by the host device, and the secret data is encrypted by the public key in the host device. , It is done by writing directly to the external memory. In addition, the encrypted secret data stored in the external memory is decrypted by the security device and then encrypted with the one-time pad key sent from the host device after being encrypted with the public key for security. It is transmitted from the device side to the host device, and is decrypted by the host device using the one-time pad key.
 したがって、ホスト装置と外部メモリとの間のネットワークにおける通信は秘匿状態で行われ、また、セキュリティ装置と外部メモリとの間の通信はネットワークで行われないために外部からの盗聴脅威に晒されることはない。また、通信システムが適用される機器によって変わる記憶内容を外部メモリに保存しておくことで、通信システムが適用される機器毎に、セキュリティ装置の内部メモリを適切なものに設計し直す必要は無くなり、セキュリティ装置の汎用性が高まって通信システムの製品コストが低減されるようになる。このため、本構成によっても、ホスト装置のメモリ容量が少なくても秘匿性を保った通信が行えて、しかも、通信システムが適用される機器によってセキュリティ装置の内部メモリを設計し直す必要の無い、汎用性が高くて製品コストが低減される通信システムを提供することができる。 Therefore, communication between the host device and the external memory in the network is performed in a confidential state, and communication between the security device and the external memory is not performed in the network, so that the user is exposed to an eavesdropping threat from the outside. There is no. In addition, by storing the storage contents that change depending on the device to which the communication system is applied in the external memory, it is not necessary to redesign the internal memory of the security device to an appropriate one for each device to which the communication system is applied. , The versatility of the security device is increased, and the product cost of the communication system is reduced. Therefore, even with this configuration, it is possible to perform communication while maintaining confidentiality even if the memory capacity of the host device is small, and it is not necessary to redesign the internal memory of the security device depending on the device to which the communication system is applied. It is possible to provide a communication system with high versatility and reduced product cost.
 本発明によれば、上記のように、ホスト装置のメモリ容量が少なくても秘匿性を保った通信が行えて、しかも、通信システムが適用される機器によってセキュリティ装置の内部メモリを設計し直す必要の無い、汎用性が高くて製品コストが低減される通信システムを提供することができる。 According to the present invention, as described above, it is necessary to perform communication while maintaining confidentiality even if the memory capacity of the host device is small, and to redesign the internal memory of the security device depending on the device to which the communication system is applied. It is possible to provide a communication system that is highly versatile and has a reduced product cost.
本発明の第1の実施形態による通信システムの概略構成を示すブロック図である。It is a block diagram which shows the schematic structure of the communication system by 1st Embodiment of this invention. 第1の実施形態による通信システムにおいてホスト装置の有する秘匿データがセキュリティ装置へ書き込まれるときの動作シーケンス図である。It is an operation sequence diagram when the secret data possessed by a host device is written to a security device in the communication system according to the first embodiment. 第1の実施形態による通信システムにおいてセキュリティ装置に保管される秘匿データがホスト装置に読み出されるときの動作シーケンス図である。It is an operation sequence diagram when the secret data stored in the security device is read out to the host device in the communication system by 1st Embodiment. 本発明の第2の実施形態による通信システムの概略構成を示すブロック図である。It is a block diagram which shows the schematic structure of the communication system by 2nd Embodiment of this invention. 第2の実施形態による通信システムにおいてホスト装置の有する秘匿データが第2ホスト装置へ送信されるときの動作シーケンス図である。It is an operation sequence diagram when the secret data possessed by a host device is transmitted to the second host device in the communication system according to the second embodiment. 第2の実施形態による通信システムにおいて第2ホスト装置の有する秘匿データがホスト装置へ送信されるときの動作シーケンス図である。It is an operation sequence diagram when the secret data possessed by the 2nd host apparatus is transmitted to the host apparatus in the communication system by 2nd Embodiment. 本発明の第3の実施形態による通信システムの概略構成を示すブロック図である。It is a block diagram which shows the schematic structure of the communication system by 3rd Embodiment of this invention. 第3の実施形態による通信システムにおいてホスト装置の有する秘匿データがセキュリティ装置の外部メモリへ直接書き込まれるときの動作シーケンス図である。FIG. 5 is an operation sequence diagram when the secret data of the host device is directly written to the external memory of the security device in the communication system according to the third embodiment.
 次に、本発明による通信システムを実施するための形態について、説明する。 Next, a mode for implementing the communication system according to the present invention will be described.
 図1は、本発明の第1の実施形態による通信システム1Aの概略構成を示すブロック図である。 FIG. 1 is a block diagram showing a schematic configuration of a communication system 1A according to the first embodiment of the present invention.
 通信システム1Aは、秘匿データDを有するホスト装置(以下、HOSTと記す)2と、HOST2とネットワーク3で相互に接続されるハードウエアセキュリティーモジュール(以下、HSMと記す)4とを備える。HOST2はパーソナルコンピュータ(PC)やマイクロコンピュータ(通称マイコン)などであり、ネットワーク3等を介する通信処理やセンサ処理等のシステムにおける主制御装置となる。HSM4は、HOST2の構成要素のうちのセキュリティに関する構成要素が集約されて構成されるセキュリティ装置であり、一般的に、ネットワークで相互接続される通信システムにおいてネットワーク上で転送されるデータやパケットの秘匿性や安全性を確立するものである。HSM4は、セキュリティユニットやセキュリティーモジュール、ハードウエアセキュリティーユニットと呼ばれたりもする。また、HOST2には、HOSTとなるHSM等の、HSM4をコントロールするものが含まれる。 The communication system 1A includes a host device (hereinafter referred to as HOST) 2 having confidential data D, and a hardware security module (hereinafter referred to as HSM) 4 which is interconnected with HOST 2 via a network 3. HOST 2 is a personal computer (PC), a microcomputer (commonly known as a microcomputer), or the like, and is a main control device in a system such as communication processing or sensor processing via a network 3 or the like. The HSM4 is a security device configured by aggregating security-related components among the components of HOST2, and generally, in a communication system interconnected by a network, concealment of data and packets transferred on the network. It establishes sex and safety. The HSM4 is also called a security unit, a security module, or a hardware security unit. Further, HOST2 includes a device that controls HSM4, such as HSM that becomes HOST.
 HOST2は、演算装置であるCPU2a、読み出し専用メモリ(ROM)2b、一時記憶メモリ(RAM)2c、通信処理回路2dおよびOTP暗号機能ブロック2eを有する。本実施形態では秘匿データDは一時記憶メモリ2cに記憶されている。OTP暗号機能ブロック2eは、公開鍵暗号IPおよび簡単なOTP暗号IPを備え、OTP暗号IPでは、ワンタイムパッド(One Time Pad)という暗号方式に使われる乱数をOTP鍵としてソフトウエアで生成する。OTP暗号機能ブロック2eは必ずしもOTP暗号IPを備える必要は無く、他の装置からOTP鍵を取得するように構成してもよい。公開鍵やOTP鍵はHOST2で使用した後、保存することなく、削除することができる。通信処理回路2dは、ネットワーク3を介して他の装置と通信するために送信回路および受信回路を備える。ネットワーク3の通信規格は、SPIや、CAN、I2C、UART、USB、Ethernet、Bluetooth(登録商標)等であり、その種類は問わない。 HOST 2 has a CPU 2a which is an arithmetic unit, a read-only memory (ROM) 2b, a temporary storage memory (RAM) 2c, a communication processing circuit 2d, and an OTP encryption function block 2e. In the present embodiment, the secret data D is stored in the temporary storage memory 2c. The OTP encryption function block 2e includes a public key encryption IP and a simple OTP encryption IP, and in the OTP encryption IP, a random number used in an encryption method called One Time Pad is generated by software as an OTP key. The OTP encryption function block 2e does not necessarily have to include the OTP encryption IP, and may be configured to acquire an OTP key from another device. After using the public key and OTP key in HOST2, they can be deleted without saving. The communication processing circuit 2d includes a transmission circuit and a reception circuit for communicating with other devices via the network 3. The communication standard of the network 3 is SPI, CAN, I2C, UART, USB, Ethernet, Bluetooth (registered trademark), etc., and the type thereof does not matter.
 HSM4は、内部メモリ4a、暗号処理IP(Crypto IP:暗号・復号機能)4bおよび乱数生成器4cを内部に備え、外部に外部メモリ5を有する。内部メモリ4aはRAMおよびROMを含んで構成される。外部メモリ5は、プログラマブルROMと呼ばれるEEPROMやフラッシュROM、一時記憶メモリとして使われてRAMと呼ばれるDDRや、RDRAM、SDRAM、非同期DRAM、SRAMなどから構成される。HOST2およびHSM4間に介在するネットワーク3は盗聴の危険があるが、HSM4および外部メモリ5間はこのようなネットワーク3でない、公衆に供されない通信路で接続される。 The HSM 4 includes an internal memory 4a, a cryptographic processing IP (Crypto IP: encryption / decryption function) 4b, and a random number generator 4c inside, and has an external memory 5 outside. The internal memory 4a includes a RAM and a ROM. The external memory 5 is composed of an EEPROM called a programmable ROM, a flash ROM, a DDR used as a temporary storage memory and called a RAM, an RDRAM, a DRAM, an asynchronous DRAM, a SRAM, and the like. The network 3 interposed between the HOST 2 and the HSM 4 has a risk of eavesdropping, but the HSM 4 and the external memory 5 are connected by a communication path other than the network 3 that is not available to the public.
 暗号処理IP4bは、ネットワーク3における通信の暗号化に必要なデータの暗号化機能および復号化機能を有する機能ブロックであり、乱数生成器4cによって生成される乱数を用いてHOST2との暗号化通信に用いられる公開鍵および秘密鍵を生成する。生成された公開鍵は内部メモリ4aまたは外部メモリ5に、秘密鍵は内部メモリ4aに、記憶され、保管される。暗号処理IP4bはソフトウエアまたはハードウエアで構成されるが、本実施形態では暗号処理IP4bは乱数生成器4cと共にハードウエアで構成される。したがって、HSM4の内部にはHOST2におけるCPU2aのような演算装置は備えない。このため、HSM4は小型に構成される。乱数生成器4cは物理乱数源から構成され、熱によるホワイトノイズや、光子・電子のショットノイズ、量子ノイズ、ファンノイズなどによって物理乱数を生成する。 Cryptographic processing IP4b is a functional block having a data encryption function and a decryption function necessary for encrypting communication in network 3, and uses random numbers generated by the random number generator 4c for encrypted communication with HOST2. Generate a public and private key to be used. The generated public key is stored and stored in the internal memory 4a or the external memory 5, and the private key is stored and stored in the internal memory 4a. The cryptographic processing IP4b is composed of software or hardware, but in the present embodiment, the cryptographic processing IP4b is composed of hardware together with the random number generator 4c. Therefore, the HSM 4 is not provided with an arithmetic unit such as the CPU 2a in the HOST 2. Therefore, the HSM 4 is configured to be compact. The random number generator 4c is composed of a physical random number source, and generates physical random numbers by heat-induced white noise, photon / electron shot noise, quantum noise, fan noise, and the like.
 このような構成において、HOST2が有する秘匿データDをHSM4に保管するため、図2に示される動作シーケンス図のように、秘匿データDがHOST2からHSM4へ送信される書き込み処理が行われる。なお、動作シーケンス図は図の上方から下方に向かって時間が経過するものとする。また、以下に説明する各動作シーケンスは、HOST2におけるCPU2aの、メモリ2bに記憶されたコンピュータプログラムにしたがう簡単な通信アルゴリズムのソフトウエア処理で実行される。 In such a configuration, in order to store the secret data D possessed by HOST 2 in HSM 4, the writing process in which the secret data D is transmitted from HOST 2 to HSM 4 is performed as shown in the operation sequence diagram shown in FIG. In the operation sequence diagram, it is assumed that time elapses from the upper part to the lower part of the diagram. Further, each operation sequence described below is executed by software processing of a simple communication algorithm according to a computer program stored in the memory 2b of the CPU 2a in the HOST 2.
 秘匿データDのHSM4側への保管時、HOST2は暗号化通信に必要となる暗号鍵の生成依頼をステップs1で行う。この鍵生成依頼のステップs1は必ずしも必要で無く、HSM4の起動時に自動で鍵が生成される場合には不要である。HSM4は、HOST2から秘匿データDを受け取る前に、公開鍵および秘密鍵の鍵生成をステップs2で行う。HOST2は、HSM4へHSM4が生成した公開鍵を送信するようにステップs3で要求する。HSM4はこの要求に応じて内部メモリ4aまたは外部メモリ5に保管する公開鍵をHOST2へネットワーク3を介してステップs4で送信する。このとき、公開鍵はネットワーク3で盗聴されても構わない。 When storing the secret data D on the HSM4 side, HOST2 requests the generation of the encryption key required for encrypted communication in step s1. This key generation request step s1 is not always necessary, and is not necessary when the key is automatically generated when the HSM 4 is started. The HSM4 generates the public key and the private key in step s2 before receiving the secret data D from HOST2. HOST2 requests HSM4 to transmit the public key generated by HSM4 in step s3. In response to this request, the HSM 4 transmits the public key stored in the internal memory 4a or the external memory 5 to the HOST 2 via the network 3 in step s4. At this time, the public key may be eavesdropped on the network 3.
 公開鍵を受信したHOST2は、受信した公開鍵によって秘匿データDをステップs5で暗号化し、暗号化した秘匿データDを暗号データとしてネットワーク3を介してHSM4へステップs6で送信する。暗号化した秘匿データDを受信したHSM4は、受信した秘匿データDを公開鍵で暗号化された状態で、内部メモリ4aまたは外部メモリ5にステップs7で保存する。 The HOST 2 that has received the public key encrypts the secret data D with the received public key in step s5, and transmits the encrypted secret data D as encrypted data to the HSM 4 via the network 3 in step s6. The HSM 4 that has received the encrypted secret data D stores the received secret data D in the internal memory 4a or the external memory 5 in step s7 in a state of being encrypted with the public key.
 なお、HOST2が、ステップs6で秘匿データDの送信と同時にまたは予め、メモリ選択コマンドをHSM4へ送っておくことで、HSM4は、受信した秘匿データDを内部メモリ4aか外部メモリ5かのいずれに保存するかを選択できる。秘匿データDは通常は外部メモリ5に保存される。 When HOST2 sends a memory selection command to HSM4 at the same time as transmission of secret data D in step s6 or in advance, HSM4 sends the received secret data D to either the internal memory 4a or the external memory 5. You can choose to save. The secret data D is usually stored in the external memory 5.
 また、HSM4は、受信した秘匿データDを内部メモリ4aまたは外部メモリ5にステップs7で保存する際、受信した秘匿データDを秘密鍵で復号化した後、復号化した秘匿データDを別に生成した公開鍵で暗号化し直したり、また、受信した秘匿データDを暗号モードを使用するなどしてさらに暗号化して、内部メモリ4aまたは外部メモリ5に保存するようにしてもよい。 Further, when the received secret data D is stored in the internal memory 4a or the external memory 5 in step s7, the HSM 4 decrypts the received secret data D with the private key and then separately generates the decrypted secret data D. It may be re-encrypted with the public key, or the received secret data D may be further encrypted by using an encryption mode and stored in the internal memory 4a or the external memory 5.
 図3は、HSM4に保管された秘匿データDがHSM4からHOST2へ送信されて行われる読み出し処理の動作シーケンス図である。 FIG. 3 is an operation sequence diagram of a read process performed by transmitting the secret data D stored in the HSM 4 from the HSM 4 to the HOST 2.
 内部メモリ4aまたは外部メモリ5に保管された秘匿データDのHOST2側への読み出し時、HOST2は、OTP暗号機能ブロック2eによってOTP鍵をステップS11で生成する、または、他の装置からOTP鍵を取得する。その後、HOST2は、生成したまたは取得したOTP鍵を、HSM4から受け取った公開鍵によってステップs12で暗号化する。そして、暗号化したOTP鍵をネットワーク3を介してステップs13でHSM4へ送信する。HSM4は、秘匿データDを内部メモリ4aまたは外部メモリ5からステップs14で読み出して、保管する秘密鍵によってステップs15で復号化する。また、公開鍵によって暗号化されたHOST2から受信したOTP鍵を、保管する秘密鍵によってステップs15で復号化する。そして、HSM4は、ステップs16において、復号化した秘匿データDを復号化したOTP鍵によって暗号化してOTP暗号データとし、そのOTP暗号データをHOST2へステップs17で送信する。HOST2は、一時的に記憶するOTP鍵により、HSM4から受信したOTP暗号データを復号化して秘匿データDを読み出すこととなる。 When reading the secret data D stored in the internal memory 4a or the external memory 5 to the HOST2 side, the HOST2 generates an OTP key in step S11 by the OTP encryption function block 2e, or acquires an OTP key from another device. To do. The HOST2 then encrypts the generated or acquired OTP key in step s12 with the public key received from the HSM4. Then, the encrypted OTP key is transmitted to the HSM 4 in step s13 via the network 3. The HSM 4 reads the secret data D from the internal memory 4a or the external memory 5 in step s14, and decodes the secret data D in step s15 with the stored private key. Further, the OTP key received from HOST2 encrypted by the public key is decrypted in step s15 by the stored private key. Then, in step s16, the HSM4 encrypts the decrypted secret data D with the decrypted OTP key to obtain OTP encrypted data, and transmits the OTP encrypted data to HOST2 in step s17. The HOST 2 decrypts the OTP encrypted data received from the HSM 4 with the temporarily stored OTP key and reads out the secret data D.
 このように第1の実施形態の通信システム1Aでは、図2の動作シーケンス図に示すように、秘匿データDのHSM4側への保管時、HOST2は、HSM4から受信した公開鍵を使って秘匿データDを暗号化してHSM4へ送信し、HSM4は、HOST2から受信した暗号化された秘匿データDを外部メモリ5に記憶して保管する。 As described above, in the communication system 1A of the first embodiment, as shown in the operation sequence diagram of FIG. 2, when the secret data D is stored on the HSM4 side, the HOST 2 uses the public key received from the HSM 4 to store the secret data. D is encrypted and transmitted to HSM4, and HSM4 stores and stores the encrypted secret data D received from HOST2 in the external memory 5.
 また、図3の動作シーケンス図に示すように、外部メモリ5に保管された秘匿データDのHOST2側への読み出し時、HOST2は、生成したまたは取得したOTP鍵を、HSM4側から受け取った公開鍵によって暗号化してHSM4へ送信する。HSM4は、HOST2から受信したOTP鍵を秘密鍵によって復号化し、秘匿データDを外部メモリ5から読み出して秘密鍵によって復号化し、復号化した秘匿データDを復号化したOTP鍵によって暗号化してHOST2へ送信する。 Further, as shown in the operation sequence diagram of FIG. 3, when reading the secret data D stored in the external memory 5 to the HOST2 side, the HOST2 receives the generated or acquired OTP key from the HSM4 side as a public key. Encrypted by and transmitted to HSM4. The HSM4 decrypts the OTP key received from HOST2 with the private key, reads the secret data D from the external memory 5, decrypts it with the secret key, encrypts the decrypted secret data D with the decrypted OTP key, and transfers it to HOST2. Send.
 したがって、第1の実施形態の通信システム1Aによれば、HOST2とHSM4との間の暗号化通信に用いられる公開鍵および秘密鍵は、HOST2に記憶されずにHSM4に記憶される。このため、HOST2に必要とされるメモリ2b,2c等のメモリ容量は暗号鍵の分だけ抑制される。また、暗号鍵の生成処理は一般に時間がかかるが、この生成処理をHSM4が担うことで、HOST2の処理が軽減される。また、HOST2は、HSM4から受信した公開鍵を使ってステップs5で秘匿データDの暗号化処理を行うが、この暗号化処理後には公開鍵を削除しても、再度HSM4から取得できるため、メモリ2c等に保存しておく必要はない。なお、HOST2が公開鍵を保存しておけばHSM4からの再取得は不要なため、通信処理速度を上げるためにHOST2が公開鍵を保存するようにしてもよい。 Therefore, according to the communication system 1A of the first embodiment, the public key and the private key used for the encrypted communication between HOST 2 and HSM 4 are stored in HSM 4 instead of being stored in HOST 2. Therefore, the memory capacity of the memories 2b, 2c, etc. required for HOST 2 is suppressed by the amount of the encryption key. Further, although the encryption key generation process generally takes time, the HOST2 process is reduced by having the HSM4 take charge of this generation process. Further, HOST2 performs encryption processing of the secret data D in step s5 using the public key received from HSM4, but even if the public key is deleted after this encryption processing, it can be obtained from HSM4 again, so that the memory It is not necessary to save it in 2c or the like. If HOST2 saves the public key, it is not necessary to reacquire it from HSM4. Therefore, HOST2 may save the public key in order to increase the communication processing speed.
 また、HOST2が有する秘匿データDのHSM4への送信は、HSM4に記憶される公開鍵がHOST2に送信され、HOST2において秘匿データDが公開鍵によって暗号化されて、行われる。また、HSM4の外部メモリ5に保管された秘匿データDは、HOST2から供給されるOTP鍵によって暗号化されてHSM4側からHOST2へ送信され、HOST2でOTP鍵によって復号化される。 Further, the transmission of the secret data D possessed by HOST2 to HSM4 is performed by transmitting the public key stored in HSM4 to HOST2 and encrypting the secret data D in HOST2 with the public key. Further, the secret data D stored in the external memory 5 of the HSM4 is encrypted by the OTP key supplied from the HOST2, transmitted from the HSM4 side to the HOST2, and decrypted by the OTP key in the HOST2.
 したがって、HOST2に公開鍵および秘密鍵を保存していなくても、HOST2とHSM4との間のネットワーク3における通信は秘匿状態で行われ、また、HSM4と外部メモリ5との間の通信はネットワーク3で行われないために外部からの盗聴脅威に晒されることはない。また、通信システム1Aが適用される機器によって変わる秘匿データDの記憶内容を外部メモリ5に保存しておくことで、通信システム1Aが適用される機器毎に、HSM4の内部メモリ4aを適切なものに設計し直す必要は無くなり、HSM4の汎用性が高まって通信システム1Aの製品コストが低減されるようになる。 Therefore, even if the public key and the private key are not stored in the HOST 2, the communication between the HOST 2 and the HSM 4 in the network 3 is performed in a secret state, and the communication between the HSM 4 and the external memory 5 is performed in the network 3. Because it is not done in, it is not exposed to the threat of eavesdropping from the outside. Further, by storing the stored contents of the confidential data D, which changes depending on the device to which the communication system 1A is applied, in the external memory 5, the internal memory 4a of the HSM4 is appropriately set for each device to which the communication system 1A is applied. It is no longer necessary to redesign the HSM4, the versatility of the HSM4 is increased, and the product cost of the communication system 1A is reduced.
 このため、HOST2のメモリ容量が少なくても秘匿性を保った通信が行えて、しかも、通信システム1Aが適用される機器によってHSM4の内部メモリ4aを設計し直す必要の無い、汎用性が高くて製品コストが低減される通信システム1Aを提供することができる。また、HSM4は、HOST2から受信した秘匿データDを暗号化された状態で外部メモリ5に保存しておくことで、通信処理速度を維持したまま秘匿データDを保存することができる。 Therefore, even if the memory capacity of HOST2 is small, communication can be performed while maintaining confidentiality, and the internal memory 4a of HSM4 does not need to be redesigned by the device to which the communication system 1A is applied, which is highly versatile. It is possible to provide the communication system 1A in which the product cost is reduced. Further, the HSM 4 can store the secret data D received from the HOST 2 in the encrypted state in the external memory 5, so that the secret data D can be saved while maintaining the communication processing speed.
 また、一般的に公開鍵暗号を使うと、復号化するために秘密鍵を保存・管理しなくてはならないが、HOST2に秘密鍵を保存・管理することとすると、HOST2のメモリ領域を占有することになる。しかし、本実施形態のようにHSM4からHOST2への秘匿データDの暗号化送信にOTP鍵を使うことで、HOST2は一時的にOTP鍵を記憶しておくだけでよくなる。したがって、HOST2やHSM4でOTP鍵を保存・管理する必要がなくなり、暗号鍵はHSM4で公開鍵および秘密鍵を保存・管理するだけでよくなる。このため、HOST2側で講じられるセキュリティ対策の要求度は減り、HSM4側で重点的にセキュリティ対策を講じればよくなるため、通信システム1Aの開発コストを低減することができる。 In general, when public key cryptography is used, the private key must be stored and managed in order to be decrypted, but when the private key is stored and managed in HOST2, the memory area of HOST2 is occupied. It will be. However, by using the OTP key for the encrypted transmission of the secret data D from the HSM4 to the HOST2 as in the present embodiment, the HOST2 only needs to temporarily store the OTP key. Therefore, it is not necessary to store and manage the OTP key in HOST2 and HSM4, and the encryption key only needs to be stored and managed in HSM4 for the public key and the private key. For this reason, the demand for security measures taken on the HOST2 side is reduced, and the security measures need to be focused on the HSM4 side, so that the development cost of the communication system 1A can be reduced.
 また、第1の実施形態の通信システム1Aでは、HSM4における乱数生成器4cがQRNGやTRNGと呼ばれる物理乱数源から構成される。コンピュータプログラムのソフトウエアによって乱数が生成される場合、HSM4の内部メモリ4aはそのソフトウエアを保存するために記憶容量が必要とされるが、物理乱数源によって乱数が生成される場合には物理現象が利用され、ソフトウエアが用いられないので、HSM4の内部メモリ4aにソフトウエアを記憶する容量は必要とされない。しかも、ソフトウエアを実行するためのCPU等の演算装置はHSM4に必要とされない。また、物理乱数源による乱数の生成には演算時間が必要とされないため、乱数生成器4cでは、ソフトウエアによって乱数を生成する場合に比較して、高速に乱数が生成される。 Further, in the communication system 1A of the first embodiment, the random number generator 4c in HSM4 is composed of a physical random number source called QRNG or TRNG. When random numbers are generated by computer program software, the internal memory 4a of HSM4 needs a storage capacity to store the software, but when random numbers are generated by a physical random number source, a physical phenomenon occurs. Is used and the software is not used, so that the capacity for storing the software in the internal memory 4a of the HSM4 is not required. Moreover, an arithmetic unit such as a CPU for executing software is not required for the HSM4. Further, since the calculation time is not required to generate the random number by the physical random number source, the random number generator 4c generates the random number at a higher speed than the case where the random number is generated by software.
 さらに、ソフトウエアによって生成される乱数は相互に関連性が生じて、一の乱数から他の乱数が推測されやすいが、物理乱数源によって生成される乱数は相互の関連性が無く生成されるため、一の乱数から他の乱数が推測され難く、独立性が高い。このため、本実施形態の乱数生成器4cによれば、HSM4の内部メモリ4aのメモリ容量を増加させることなく、高速にしかも低消費電力で高品質の秘密鍵および公開鍵が生成される。また、秘密鍵および公開鍵の生成と共にその保存・管理がHSM4の内部で行われるため、データ通信の秘匿性を上げることができる。 Furthermore, the random numbers generated by the software are related to each other, and it is easy to infer another random number from one random number, but the random numbers generated by the physical random number source are generated without mutual relation. , It is difficult to guess other random numbers from one random number, and the independence is high. Therefore, according to the random number generator 4c of the present embodiment, a high-quality private key and public key can be generated at high speed and with low power consumption without increasing the memory capacity of the internal memory 4a of the HSM4. Further, since the private key and the public key are generated and stored and managed inside the HSM4, the confidentiality of the data communication can be improved.
 次に、本発明の第2の実施形態による通信システムについて説明する。 Next, the communication system according to the second embodiment of the present invention will be described.
 図4は、本発明の第2の実施形態による通信システム1Bの概略構成を示すブロック図である。なお、同図において図1と同一または相当する部分には同一符号を付してその説明は省略する。 FIG. 4 is a block diagram showing a schematic configuration of the communication system 1B according to the second embodiment of the present invention. In the figure, the same or corresponding parts as those in FIG. 1 are designated by the same reference numerals, and the description thereof will be omitted.
 通信システム1Bは、HOST2にHOST2を介して相互にネットワーク接続される第2HOST6を備える点だけが、第1の実施形態による通信システム1Aと相違する。第2HOST6はネットワーク3と同様なネットワーク7を介してHOST2と接続されている。その他の構成は第1の実施形態による通信システム1Aと同様である。 Communication system 1B differs from communication system 1A according to the first embodiment only in that HOST 2 includes a second HOST 6 that is network-connected to each other via HOST 2. The second HOST 6 is connected to the HOST 2 via a network 7 similar to the network 3. Other configurations are the same as those of the communication system 1A according to the first embodiment.
 第2HOST6は、サーバーやクラウド、HOST2を構成するものと別のPC、HSM4と別のHSM等の、HOST2およびHSM4とは別の、HSM4と直接つながらないHOSTである。この通信システム1BにおけるHOST2とHSM4との間でも、第1の実施形態と同様に、HOST2が有する秘匿データDが図2の動作シーケンス図に示すようにHOST2からHSM4側に書き込まれ、また、HSM4に保管された秘匿データDが図3の動作シーケンス図に示すようにHSM4からHOST2に読み出される。第2の実施形態では、さらに、図5の動作シーケンス図に示すように、HOST2が有する秘匿データDが第2HOST6へ送信される。 The second HOST6 is a HOST that is different from the HOST2 and the HSM4 and is not directly connected to the HSM4, such as a server, a cloud, a PC different from the one constituting the HOST2, and an HSM different from the HSM4. Also between HOST 2 and HSM 4 in this communication system 1B, the secret data D possessed by HOST 2 is written from HOST 2 to the HSM 4 side as shown in the operation sequence diagram of FIG. 2, and HSM 4 is also written in the same manner as in the first embodiment. The secret data D stored in is read from HSM4 to HOST2 as shown in the operation sequence diagram of FIG. In the second embodiment, as shown in the operation sequence diagram of FIG. 5, the secret data D possessed by HOST 2 is further transmitted to the second HOST 6.
 秘匿データDの第2HOST6への送信時、HOST2は暗号化通信に必要となる暗号鍵の生成依頼をステップs21で行う。この鍵生成依頼のステップs21は必ずしも必要で無く、HSM4の起動時に自動で鍵が生成される場合には不要である。HSM4は、HOST2から秘匿データDを受け取る前に、公開鍵および秘密鍵の鍵生成をステップs22で行う。 When the secret data D is transmitted to the second HOST6, the HOST2 requests the generation of the encryption key required for the encrypted communication in step s21. This key generation request step s21 is not always necessary, and is not necessary when the key is automatically generated when the HSM4 is started. The HSM 4 generates the public key and the private key in step s22 before receiving the secret data D from the HOST 2.
 第2HOST6は、HOST2との暗号化通信に用いる第2公開鍵Sおよび第2秘密鍵を有しており、第2公開鍵Sをネットワーク7を介してステップs23でHOST2へ送信する。第2公開鍵Sを第2HOST6から受信したHOST2は、受信した第2公開鍵Sをネットワーク3を介してステップs24でHSM4へ送信する。このとき、第2公開鍵Sはネットワーク3,7で盗聴されても構わない。HSM4は受信した第2公開鍵Sを内部メモリ4aまたは外部メモリ5にステップs25で保存する。 The second HOST 6 has a second public key S and a second private key used for encrypted communication with the HOST 2, and transmits the second public key S to the HOST 2 in step s23 via the network 7. The HOST 2 that has received the second public key S from the second HOST 6 transmits the received second public key S to the HSM 4 in step s24 via the network 3. At this time, the second public key S may be eavesdropped on the networks 3 and 7. The HSM 4 stores the received second public key S in the internal memory 4a or the external memory 5 in step s25.
 HOST2は、HSM4へHSM4が生成して保管する公開鍵Mを送信するように要求する。HSM4はこの要求に応じて内部メモリ4aまたは外部メモリ5に保管する公開鍵MをHOST2へネットワーク3を介してステップs26で送信する。公開鍵MをHSM4から受信したHOST2は、受信した公開鍵Mをネットワーク7を介してステップs27で第2HOST6へ送信する。このとき、公開鍵Mはネットワーク3,7で盗聴されても構わない。第2HOST6は受信した公開鍵Mを保存する。 HOST2 requests HSM4 to send the public key M generated and stored by HSM4. In response to this request, the HSM 4 transmits the public key M stored in the internal memory 4a or the external memory 5 to the HOST 2 via the network 3 in step s26. The HOST 2 that has received the public key M from the HSM 4 transmits the received public key M to the second HOST 6 in step s27 via the network 7. At this time, the public key M may be eavesdropped on the networks 3 and 7. The second HOST 6 stores the received public key M.
 ここまでの処理により、HOST2と第2HOST6との間で公開鍵Mと第2公開鍵Sとの鍵交換が行われる。ただし、HOST2は、公開鍵Mおよび第2公開鍵Sの保存・管理は行わず、HSM4がこれを行う。なお、公開鍵Mおよび第2公開鍵Sを使う公開鍵暗号方式に置き換えて、HOST2と第2HOST6との間で共通鍵を使用する共通鍵暗号方式を使って暗号化通信を行うことも可能である。この際も、HOST2は共通鍵を保存・管理せず、HSM4がこれを行う。 By the processing up to this point, the key exchange between the public key M and the second public key S is performed between HOST 2 and the second HOST 6. However, HOST2 does not store and manage the public key M and the second public key S, and HSM4 does this. It is also possible to replace the public key cryptosystem that uses the public key M and the second public key S with the public key cryptosystem that uses the common key between HOST2 and the second HOST6 for encrypted communication. is there. Also in this case, HOST2 does not store and manage the common key, and HSM4 does this.
 秘匿データDの第2HOST6への送信時、HOST2は、HSM4が保管する公開鍵Mの送信をステップs28で要求する。HSM4はこの要求に応じて保管する公開鍵Mをステップs29でHOST2へ送信する。公開鍵Mを受信したHOST2は、保有する秘匿データDをステップs30において公開鍵Mで暗号化する。HOST2は、通信処理の迅速化のため、公開鍵Mおよび第2公開鍵Sの一方または双方を一時的に記憶しておく場合がある。公開鍵Mを記憶している場合には、ステップs28,s29の処理は任意となり、HOST2は、記憶している公開鍵Mで、保有する秘匿データDをステップs30において暗号化する。 When transmitting the secret data D to the second HOST6, the HOST2 requests the transmission of the public key M stored in the HSM4 in step s28. The HSM 4 transmits the public key M to be stored in response to this request to the HOST 2 in step s29. Upon receiving the public key M, HOST2 encrypts the held secret data D with the public key M in step s30. The HOST 2 may temporarily store one or both of the public key M and the second public key S in order to speed up the communication process. When the public key M is stored, the processing of steps s28 and s29 is arbitrary, and HOST2 encrypts the held secret data D with the stored public key M in step s30.
 次に、HOST2は、公開鍵Mで暗号化した秘匿データDを暗号データMとしてステップs31でHSM4へ送信する。HSM4は受信した暗号データMを公開鍵Mとペアで保管する秘密鍵で復号化し、復号化した秘匿データDを第2HOST6から受信して保管する第2公開鍵Sでステップs32において暗号化する。そして、第2公開鍵Sで暗号化した秘匿データDを暗号データSとしてステップs33でHOST2へ送信する。HOST2は、受信した暗号データSを暗号データとしてステップs34で第2HOST6へ送信する。 Next, HOST2 transmits the secret data D encrypted with the public key M as the encrypted data M to the HSM 4 in step s31. The HSM 4 decrypts the received encrypted data M with a private key stored as a pair with the public key M, and encrypts the decrypted secret data D with the second public key S received from the second HOST 6 and stored in step s32. Then, the secret data D encrypted with the second public key S is transmitted to HOST2 in step s33 as encrypted data S. HOST 2 transmits the received encrypted data S as encrypted data to the second HOST 6 in step s34.
 HOST2が第2公開鍵Sを一時的に記憶している場合には、HOST2は、保有する秘匿データDを第2公開鍵Sでステップs30において暗号化し、ステップs31~s33を行うことなく、暗号データとして直ちにステップs34で第2HOST6へ送信する。この場合、ステップs31~s33は任意のものとなる。暗号データを受信した第2HOST6は、第2公開鍵Sとペアで記憶する第2秘密鍵で復号化し、秘匿データDを取得することとなる。 When HOST2 temporarily stores the second public key S, HOST2 encrypts the secret data D held by the second public key S in step s30, and encrypts the data D without performing steps s31 to s33. The data is immediately transmitted to the second HOST 6 in step s34. In this case, steps s31 to s33 are arbitrary. The second HOST 6 that has received the encrypted data is decrypted with the second private key stored in pairs with the second public key S, and the secret data D is acquired.
 このように第2の実施形態の通信システム1Bでは、図5の動作シーケンス図に示すように、HOST2は、第2HOST6との暗号化通信に用いる第2公開鍵Sを第2HOST6から受信してHSM4に送信して保管させ、HSM4が保管する公開鍵MをHSM4から受信して第2HOST6へ送信する。そして、秘匿データDの第2HOST6への送信時、HOST2は、秘匿データDを第2公開鍵Sによって暗号化して第2HOST6へ送信する、または、公開鍵Mによって秘匿データDを暗号化してHSM4へ送信し、HSM4が秘密鍵で復号化して第2公開鍵Sで暗号化した秘匿データDを第2HOST6へ送信する。 As described above, in the communication system 1B of the second embodiment, as shown in the operation sequence diagram of FIG. 5, the HOST 2 receives the second public key S used for the encrypted communication with the second HOST 6 from the second HOST 6 and HSM4. Receives the public key M stored by the HSM 4 from the HSM 4 and transmits it to the second HOST 6. Then, when the secret data D is transmitted to the second HOST 6, the HOST 2 encrypts the secret data D with the second public key S and transmits it to the second HOST 6, or encrypts the secret data D with the public key M and sends it to the HSM 4. The data is transmitted, and the secret data D decrypted by the HSM 4 with the private key and encrypted with the second public key S is transmitted to the second HOST 6.
 このような第2の実施形態の通信システム1Bによれば、第1の実施形態による通信システム1Aと同様な作用効果が奏される。さらに、第2の実施形態の通信システム1Bによれば、HSM4とHOST2との暗号化通信に用いる公開鍵Mおよび秘密鍵、並びに、HOST2と第2HOST6との暗号化通信に用いる第2公開鍵Sは、HOST2に記憶されずに、HSM4に記憶される。このため、HOST2に必要とされるメモリ容量はこれら暗号鍵の分だけ抑制される。 According to the communication system 1B of the second embodiment as described above, the same operation and effect as that of the communication system 1A according to the first embodiment is exhibited. Further, according to the communication system 1B of the second embodiment, the public key M and the private key used for the encrypted communication between HSM4 and HOST2, and the second public key S used for the encrypted communication between HOST2 and the second HOST6. Is stored in HSM4 instead of being stored in HOST2. Therefore, the memory capacity required for HOST 2 is suppressed by the amount of these encryption keys.
 また、HOST2が有する秘匿データDの第2HOST6への送信は、HOST2により、第2公開鍵Sによって秘匿データDが暗号化されて行われる。または、HOST2から一旦HSM4へ秘匿データDが公開鍵Mによって暗号化されて送信され、HSM4で復号化された後、第2公開鍵Sで秘匿データDが暗号化されて行われる。したがって、第2の実施形態の通信システム1Bによれば、HOST2とHSM4と第2HOST6との間のネットワーク3,7における通信は秘匿状態で行われる。このため、第2の実施形態の通信システム1Bによれば、HOST2のメモリ容量が少なくても、秘匿性を保って、HOST2が有する秘匿データDを第2HOST6へ送信することができる。 Further, the transmission of the secret data D possessed by the HOST 2 to the second HOST 6 is performed by the HOST 2 encrypting the secret data D with the second public key S. Alternatively, the secret data D is once encrypted and transmitted from the HOST 2 to the HSM 4 by the public key M, decrypted by the HSM 4, and then the secret data D is encrypted by the second public key S. Therefore, according to the communication system 1B of the second embodiment, the communication in the networks 3 and 7 between the HOST 2 and the HSM 4 and the second HOST 6 is performed in a secret state. Therefore, according to the communication system 1B of the second embodiment, even if the memory capacity of the HOST 2 is small, the confidential data D of the HOST 2 can be transmitted to the second HOST 6 while maintaining the confidentiality.
 なお、上記の通信システム1Bにおいて、外部メモリ5に記憶された公開鍵Mで暗号化された秘匿データDを第2HOST6へ送信する場合、HOST2と第2HOST6との間で公開鍵Mと第2公開鍵Sとの鍵交換をステップs23~s27で行った後、HSM4が、外部メモリ5から秘匿データDを直接読み出すことで、第2HOST6へ送信することもできる。この場合、HSM4は、公開鍵Mとペアで保管する秘密鍵で、外部メモリ5から読み出した秘匿データDを復号化し、復号化した秘匿データDを第2HOST6から受信して保管する第2公開鍵Sで、ステップs32において暗号化する。そして、第2公開鍵Sで暗号化した秘匿データDをステップs33でHOST2へ送信し、HOST2がステップs34で第2HOST6へ送信する。このような処理を行うことで、通信システム1Bの通信処理速度を上げることも可能になる。 In the above communication system 1B, when the secret data D encrypted with the public key M stored in the external memory 5 is transmitted to the second HOST 6, the public key M and the second public key M are released between the HOST 2 and the second HOST 6. After the key exchange with the key S is performed in steps s23 to s27, the HSM 4 can directly read the secret data D from the external memory 5 and transmit it to the second HOST 6. In this case, the HSM 4 is a private key that is stored as a pair with the public key M, and is a second public key that decodes the secret data D read from the external memory 5 and receives and stores the decoded secret data D from the second HOST 6. In S, the encryption is performed in step s32. Then, the secret data D encrypted with the second public key S is transmitted to HOST2 in step s33, and HOST2 transmits it to the second HOST6 in step s34. By performing such processing, it is possible to increase the communication processing speed of the communication system 1B.
 図6は、上記の通信システム1Bにおいて、第2HOST6が有する秘匿データDをHOST2へ送信する際の動作シーケンス図である。 FIG. 6 is an operation sequence diagram when transmitting the secret data D possessed by the second HOST 6 to the HOST 2 in the above communication system 1B.
 ステップs21~s27までの処理は図5に示す動作シーケンス図と同様であり、これらの処理で、HOST2と第2HOST6との間で公開鍵Mと第2公開鍵Sとの鍵交換が行われる。鍵交換後、第2HOST6は、交換した公開鍵Mで保有する秘匿データDをステップs41で暗号化し、暗号データとしてステップs42でHOST2へ送信する。暗号データを受信したHOST2は、受信した暗号データをステップs43でHSM4へ送信する。 The processes from steps s21 to s27 are the same as those in the operation sequence diagram shown in FIG. 5, and in these processes, the public key M and the second public key S are exchanged between the HOST 2 and the second HOST 6. After the key exchange, the second HOST 6 encrypts the secret data D held by the exchanged public key M in step s41 and transmits the encrypted data to HOST2 in step s42. The HOST 2 that has received the encrypted data transmits the received encrypted data to the HSM 4 in step s43.
 また、HOST2は、OTP暗号機能ブロック2eによってOTP鍵をステップS44で生成する、または、他の装置からOTP鍵を取得する。そして、HOST2は、HSM4が保管する公開鍵Mの送信をステップs45で要求する。HSM4はこの要求に応じて保管する公開鍵Mをステップs46でHOST2へ送信する。公開鍵Mを受信したHOST2は、生成したまたは取得したOTP鍵をステップs47において公開鍵Mで暗号化する。HOST2は、通信処理の迅速化のため、公開鍵Mを一時的に記憶しておく場合がある。公開鍵Mを記憶している場合には、ステップs45,s46の処理は任意となり、HOST2は、記憶している公開鍵Mで、OTP鍵をステップs47において暗号化する。 Further, HOST2 generates an OTP key in step S44 by the OTP encryption function block 2e, or acquires an OTP key from another device. Then, HOST2 requests the transmission of the public key M stored in HSM4 in step s45. The HSM 4 transmits the public key M to be stored in response to this request to the HOST 2 in step s46. Upon receiving the public key M, HOST2 encrypts the generated or acquired OTP key with the public key M in step s47. The HOST 2 may temporarily store the public key M in order to speed up the communication process. When the public key M is stored, the processing of steps s45 and s46 is arbitrary, and HOST2 encrypts the OTP key with the stored public key M in step s47.
 次に、HOST2は、公開鍵Mで暗号化したOTP鍵をステップs48でHSM4へ送信する。HSM4は、ステップs43で受信した暗号データ、および、ステップ48で受信した暗号化されたOTP鍵を、公開鍵Mとペアで保管する秘密鍵でそれぞれステップs49において復号化する。そして、復号化した暗号データを復号化したOTP鍵でステップs50で暗号化する。そして、OTP鍵で暗号化した秘匿データDをOTP暗号データとして、ステップs51でHOST2へ送信する。HOST2は、一時的に記憶するOTP鍵により、HSM4から受信したOTP暗号データを復号化して秘匿データDを読み出すこととなる。 Next, HOST2 transmits the OTP key encrypted with the public key M to HSM4 in step s48. The HSM4 decrypts the encrypted data received in step s43 and the encrypted OTP key received in step 48 with the private key stored in pair with the public key M in step s49, respectively. Then, the decrypted encrypted data is encrypted in step s50 with the decrypted OTP key. Then, the secret data D encrypted with the OTP key is transmitted to HOST2 in step s51 as OTP encrypted data. The HOST 2 decrypts the OTP encrypted data received from the HSM 4 with the temporarily stored OTP key and reads out the secret data D.
 このように第2の実施形態の通信システム1Bでは、図6の動作シーケンス図に示すように、HOST2は、第2HOST6との暗号化通信に用いる第2公開鍵Sを第2HOST6から受信してHSM4に送信して保管させ、HSM4が保管する公開鍵MをHSM4から受信して第2HOST6へ送信する。第2HOST6が有する秘匿データDのHOST2への送信時、HOST2は、公開鍵Mによって暗号化された秘匿データDを第2HOST6から受信してHSM4へ送信し、生成したまたは取得したOTP鍵をHSM4から受信した公開鍵Mによって暗号化してHSM4へ送信する。HSM4は、HOST2から受信した秘匿データDおよびOTP鍵をそれぞれ秘密鍵によって復号化し、復号化したOTP鍵によって暗号化した秘匿データDをHOST2に送信する。 As described above, in the communication system 1B of the second embodiment, as shown in the operation sequence diagram of FIG. 6, the HOST 2 receives the second public key S used for the encrypted communication with the second HOST 6 from the second HOST 6 and HSM4. Receives the public key M stored by the HSM 4 from the HSM 4 and transmits it to the second HOST 6. When the secret data D possessed by the second HOST 6 is transmitted to the HOST 2, the HOST 2 receives the secret data D encrypted by the public key M from the second HOST 6 and transmits the secret data D to the HSM4, and the generated or acquired OTP key is transmitted from the HSM4. It is encrypted by the received public key M and transmitted to HSM4. The HSM4 decrypts the secret data D and the OTP key received from HOST2 by the secret key, respectively, and transmits the secret data D encrypted by the decrypted OTP key to HOST2.
 したがって、第2の実施形態の通信システム1Bによれば、第2HOST6が有する秘匿データのHOST2への送信は、公開鍵Mによって秘匿データDが暗号化されて第2HOST6からHOST2を介してHSM4へ送信され、HSM4で復号化された秘匿データDがHOST2から受信されるOTP鍵によって暗号化されて、HSM4からHOST2へ送信されることで、行われる。したがって、第2の実施形態の通信システム1Bによれば、第2HOST6が有する秘匿データDをHOST2へ送信する場合にも、HOST2とHSM4と第2HOST6との間のネットワーク3,7における通信は秘匿状態で行われる。このため、第2の実施形態の通信システム1Bによれば、第2HOST6が有する秘匿データDをHOST2へ送信する場合にも、HOST2のメモリ容量が少なくても、秘匿性を保って、第2HOST6が有する秘匿データDをHOST2へ送信することができる。 Therefore, according to the communication system 1B of the second embodiment, the transmission of the secret data possessed by the second HOST 6 to the HOST 2 is transmitted from the second HOST 6 to the HSM 4 via the HOST 2 after the secret data D is encrypted by the public key M. Then, the secret data D decrypted by HSM4 is encrypted by the OTP key received from HOST2 and transmitted from HSM4 to HOST2. Therefore, according to the communication system 1B of the second embodiment, even when the secret data D possessed by the second HOST 6 is transmitted to the HOST 2, the communication in the networks 3 and 7 between the HOST 2 and the HSM 4 and the second HOST 6 is in a secret state. It is done in. Therefore, according to the communication system 1B of the second embodiment, even when the confidential data D of the second HOST 6 is transmitted to the HOST 2, even if the memory capacity of the HOST 2 is small, the second HOST 6 maintains the confidentiality. The secret data D to be possessed can be transmitted to HOST2.
 次に、本発明の第3の実施形態による通信システムについて説明する。 Next, the communication system according to the third embodiment of the present invention will be described.
 図7は、本発明の第3の実施形態による通信システム1Cの概略構成を示すブロック図である。なお、同図において図1と同一または相当する部分には同一符号を付してその説明は省略する。 FIG. 7 is a block diagram showing a schematic configuration of the communication system 1C according to the third embodiment of the present invention. In the figure, the same or corresponding parts as those in FIG. 1 are designated by the same reference numerals, and the description thereof will be omitted.
 通信システム1Cは、HOST2がネットワーク3と同様なネットワーク8を介して外部メモリ5と直接接続される点だけが、第1の実施形態による通信システム1Aと相違する。その他の構成は第1の実施形態による通信システム1Aと同様である。 Communication system 1C differs from communication system 1A according to the first embodiment only in that HOST 2 is directly connected to the external memory 5 via a network 8 similar to network 3. Other configurations are the same as those of the communication system 1A according to the first embodiment.
 第3の実施形態では、図8の動作シーケンス図に示すように、HOST2が保有する秘匿データDがHSM4の外部メモリ5に直接送信されて書き込まれる。すなわち、HOST2が保有する秘匿データDのHSM4側への保管時、HOST2は暗号化通信に必要となる鍵の生成依頼をステップs61で行う。この鍵生成依頼のステップs61は必ずしも必要で無く、HSM4の起動時に自動で鍵が生成される場合には不要である。HSM4は、公開鍵および秘密鍵の鍵生成をステップs62で行う。そして、生成した公開鍵をステップs63で外部メモリ5に保存する。 In the third embodiment, as shown in the operation sequence diagram of FIG. 8, the secret data D held by HOST 2 is directly transmitted and written to the external memory 5 of the HSM 4. That is, when the confidential data D held by HOST2 is stored on the HSM4 side, HOST2 requests the generation of the key required for encrypted communication in step s61. This key generation request step s61 is not always necessary, and is not necessary when the key is automatically generated when the HSM 4 is started. The HSM4 performs key generation of the public key and the private key in step s62. Then, the generated public key is saved in the external memory 5 in step s63.
 HOST2は、外部メモリ5に保管された公開鍵を外部メモリ5に直接アクセスして外部メモリ5から読み出し、読み出した公開鍵によって秘匿データDをステップs64で暗号化する。そして、暗号化した秘匿データDを外部メモリ5に直接アクセスしてステップs65で外部メモリ5に保存する。 HOST 2 directly accesses the public key stored in the external memory 5 and reads it from the external memory 5, and encrypts the secret data D in step s64 with the read public key. Then, the encrypted secret data D is directly accessed to the external memory 5 and saved in the external memory 5 in step s65.
 なお、HOST2は、公開鍵を外部メモリ5から直接読み出さずに、ステップs62で鍵生成が行われた後、HSM4へHSM4が生成した公開鍵を送信するようにステップs66で要求することもできる。この場合、HSM4は、この要求に応じて、公開鍵を外部メモリ5にステップs63で保管すると共に、ネットワーク3を介して公開鍵をHOST2へステップs67で送信する。HOST2はHSM4から受信した公開鍵によって保有する秘匿データDをステップs64で暗号化する。 Note that the HOST 2 can also request in step s66 to transmit the public key generated by HSM4 to HSM4 after the key is generated in step s62 without reading the public key directly from the external memory 5. In this case, in response to this request, the HSM 4 stores the public key in the external memory 5 in step s63, and transmits the public key to HOST 2 in step s67 via the network 3. HOST2 encrypts the secret data D held by the public key received from HSM4 in step s64.
 また、HOST2は、暗号化した秘匿データDを外部メモリ5に直接保存せずに、暗号化した秘匿データDを暗号データとしてステップs68でHSM4へ送信することもできる。この場合、HSM4は、受信した暗号データを外部メモリ5または内部メモリ4aにステップs69で保存する。 Further, the HOST 2 can also transmit the encrypted secret data D as encrypted data to the HSM 4 in step s68 without directly storing the encrypted secret data D in the external memory 5. In this case, the HSM 4 stores the received encrypted data in the external memory 5 or the internal memory 4a in step s69.
 また、外部メモリ5に直接保存された暗号データのHOST2への読み出しは、図3に示す動作シーケンス図と同様に行われる。この場合、HOST2は、公開鍵によってステップs12で暗号化したOTP鍵を、ネットワーク3を介してステップs13でHSM4へ送信する代わりに、ステップs13で外部メモリ5に直接アクセスして外部メモリ5に直接送信して、公開鍵によってステップs12で暗号化したOTP鍵を外部メモリ5に直接保存することができる。外部メモリ5にステップs65で直接保存された公開鍵によって暗号化された秘匿データDは、ステップs14でHSM4によって外部メモリ5から読み出されて、HSM4が保管する秘密鍵によってステップs15で復号化される。また、外部メモリ5に保存された公開鍵によって暗号化されたOTP鍵は、ステップs15でHSM4によって外部メモリ5から読み出されて、HSM4が保管する秘密鍵によって復号化される。そして、ステップs16において、復号化された秘匿データDが復号化されたOTP鍵によって暗号化されてOTP暗号データとされ、そのOTP暗号データはHOST2へステップs17で送信される。HOST2は、一時的に記憶するOTP鍵により、HSM4から受信したOTP暗号データを復号化して秘匿データDを読み出すこととなる。 Further, the reading of the encrypted data directly stored in the external memory 5 to HOST 2 is performed in the same manner as in the operation sequence diagram shown in FIG. In this case, the HOST 2 directly accesses the external memory 5 in step s13 and directly transmits the OTP key encrypted in step s12 by the public key to the external memory 5 in step s13 instead of transmitting the OTP key encrypted in step s12 to the HSM 4 in step s13 via the network 3. Then, the OTP key encrypted in step s12 by the public key can be directly stored in the external memory 5. The secret data D encrypted by the public key stored directly in the external memory 5 in step s65 is read from the external memory 5 by HSM4 in step s14 and decrypted in step s15 by the private key stored by HSM4. To. Further, the OTP key encrypted by the public key stored in the external memory 5 is read from the external memory 5 by the HSM 4 in step s15 and decrypted by the private key stored in the HSM 4. Then, in step s16, the decrypted secret data D is encrypted by the decrypted OTP key to be OTP encrypted data, and the OTP encrypted data is transmitted to HOST 2 in step s17. The HOST 2 decrypts the OTP encrypted data received from the HSM 4 with the temporarily stored OTP key and reads out the secret data D.
 このように第3の実施形態による通信システム1Cでは、図8に示す動作シーケンス図のように、HOST2が保有する秘匿データDのHSM4側への保管時、HOST2は、外部メモリ5に保管された公開鍵を外部メモリ5に直接アクセスして外部メモリ5から読み出し、読み出した公開鍵によって暗号化した秘匿データDを外部メモリ5に直接アクセスして外部メモリ5に保存する。また、外部メモリ5に保管された秘匿データDのHOST2側への読み出し時、HOST2は、外部メモリ5に直接アクセスして外部メモリ5から読み取った公開鍵により、生成したまたは取得したOTP鍵を暗号化してHSM4へ送信し、HSM4は、HOST2から受信したOTP鍵を秘密鍵によって復号化し、秘匿データDを外部メモリ5から読み出して秘密鍵によって復号化し、復号化した秘匿データDを復号化したOTP鍵によって暗号化してHOST2へ送信する。 As described above, in the communication system 1C according to the third embodiment, the HOST 2 is stored in the external memory 5 when the secret data D held by the HOST 2 is stored on the HSM4 side as shown in the operation sequence diagram shown in FIG. The public key is directly accessed to the external memory 5 and read from the external memory 5, and the secret data D encrypted by the read public key is directly accessed to the external memory 5 and stored in the external memory 5. Further, when the secret data D stored in the external memory 5 is read to the HOST2 side, the HOST2 directly accesses the external memory 5 and encrypts the generated or acquired OTP key with the public key read from the external memory 5. The HSM4 decrypts the OTP key received from HOST2 with the private key, reads the secret data D from the external memory 5, decodes it with the private key, and decodes the decrypted secret data D with the OTP key. It is encrypted by and sent to HOST2.
 このような第3の実施形態による通信システム1Cによっても、HOST2とHSM4との間の暗号化通信に用いられる公開鍵および秘密鍵は、HOST2に記憶されずにHSM4に記憶される。このため、HOST2に必要とされるメモリ容量は暗号鍵の分だけ抑制される。 Even with the communication system 1C according to the third embodiment, the public key and the private key used for the encrypted communication between HOST2 and HSM4 are stored in HSM4 without being stored in HOST2. Therefore, the memory capacity required for HOST 2 is suppressed by the amount of the encryption key.
 また、HOST2が有する秘匿データDのHSM4側への送信は、HSM4の外部メモリ5に記憶される公開鍵がHOST2によって直接読み出され、HOST2において秘匿データDが公開鍵によって暗号化されて、外部メモリ5に直接書き込まれることで行われる。また、外部メモリ5に保管された暗号化された秘匿データDは、HSM4によって復号化された後、HOST2から公開鍵で暗号化されて送られて来るOTP鍵で暗号化されて、HSM4側からHOST2へ送信され、HOST2でOTP鍵によって復号化される。したがって、HOST2と外部メモリ5との間のネットワーク8における通信は秘匿状態で行われ、また、HSM4と外部メモリ5との間の通信は、ネットワーク3,8で行われないために、外部からの盗聴脅威に晒されることはない。また、通信システム1Cが適用される機器によって変わる記憶内容を外部メモリ5に保存しておくことで、通信システム1Cが適用される機器毎に、HSM4の内部メモリ4aを適切なものに設計し直す必要は無くなり、HSM4の汎用性が高まって通信システム1Cの製品コストが低減されるようになる。 Further, in the transmission of the secret data D possessed by the HOST 2 to the HSM4 side, the public key stored in the external memory 5 of the HSM4 is directly read by the HOST2, and the secret data D is encrypted by the public key in the HOST2 to the outside. This is done by writing directly to memory 5. Further, the encrypted secret data D stored in the external memory 5 is decrypted by the HSM4, then encrypted with the OTP key sent from the HOST2 after being encrypted with the public key, and is encrypted from the HSM4 side. It is transmitted to HOST2 and decrypted by the OTP key in HOST2. Therefore, the communication between the HOST 2 and the external memory 5 in the network 8 is performed in a secret state, and the communication between the HSM 4 and the external memory 5 is not performed in the networks 3 and 8, so that the communication from the outside is performed. You are not exposed to the threat of eavesdropping. Further, by storing the storage contents that change depending on the device to which the communication system 1C is applied in the external memory 5, the internal memory 4a of the HSM 4 is redesigned to be appropriate for each device to which the communication system 1C is applied. The need is eliminated, the versatility of the HSM4 is increased, and the product cost of the communication system 1C is reduced.
 このため、第3の実施形態による通信システム1Cによっても、HOST2のメモリ容量が少なくても秘匿性を保った通信が行えて、しかも、通信システム1Cが適用される機器によってHSM4の内部メモリ4aを設計し直す必要の無い、汎用性が高くて製品コストが低減される通信システム1Cを提供することができる。また、第1の実施形態による通信システム1Aと異なり、第3の実施形態による通信システム1Cによれば、HSM4を介さずに外部メモリ5に暗号化された秘匿データDを保存することができるため、高速にかつ低消費電力に通信処理が行える。 Therefore, even with the communication system 1C according to the third embodiment, communication can be performed while maintaining confidentiality even if the memory capacity of HOST2 is small, and the internal memory 4a of the HSM4 is used by the device to which the communication system 1C is applied. It is possible to provide a communication system 1C that does not need to be redesigned, has high versatility, and reduces product cost. Further, unlike the communication system 1A according to the first embodiment, according to the communication system 1C according to the third embodiment, the encrypted secret data D can be stored in the external memory 5 without going through the HSM 4. Communication processing can be performed at high speed and with low power consumption.
 また、第3の実施形態による通信システム1Cにおいて、HOST2が、外部メモリ5から読み出した公開鍵によって秘匿データDを準同型暗号に暗号化するように構成してもよい。準同型暗号は、公開鍵で暗号化された状態で、復号化処理を行うことなく、例えばAI(人工知能)解析等の所定の解析が行える。このため、この場合、HOST2は、HSM4とアクセスすることなく、OTP暗号・復号のシーケンスを排除して、外部メモリ5から秘匿データDを秘匿性を保って直接読み出して、準同型暗号で暗号化された秘匿データDについて所定の解析を短時間で、つまり高速に、かつ低消費電力に行うことができる。ただし、秘匿データDの真のデータ値は、図3に示す動作シーケンス図のように、OTP暗号・復号のシーケンスが必要となり、第1の実施形態による通信システム1AにおけるHSM4からのデータ読み出し処理と同じシーケンスをたどることとなる。 Further, in the communication system 1C according to the third embodiment, the HOST 2 may be configured to encrypt the secret data D into homomorphic encryption by the public key read from the external memory 5. Homomorphic encryption can perform a predetermined analysis such as AI (artificial intelligence) analysis in a state of being encrypted with a public key without performing decryption processing. Therefore, in this case, HOST2 eliminates the OTP encryption / decryption sequence without accessing HSM4, reads the confidential data D directly from the external memory 5 while maintaining confidentiality, and encrypts it with homomorphic encryption. Predetermined analysis of the secret data D can be performed in a short time, that is, at high speed and with low power consumption. However, the true data value of the secret data D requires an OTP encryption / decryption sequence as shown in the operation sequence diagram shown in FIG. 3, and the data read processing from the HSM 4 in the communication system 1A according to the first embodiment. It will follow the same sequence.
 また、第2の実施形態による通信システム1Bのように第2HOST6を備える場合においても、この第3の実施形態による通信システム1Cと同様にHOST2と外部メモリ5との間を直接ネットワーク8で接続することで、図8に示す動作シーケンス図のように、HOST2からネットワーク8を介して直接外部メモリ5に準同型暗号等の暗号データを保存したり、外部メモリ5から直接ネットワーク8を介してHOST2に準同型暗号等の暗号データを読み出して、HSM4を介さずに高速にかつ低消費電力に所定の解析を行うことができる。また、図3に示す動作シーケンス図のように、外部メモリ5に記憶された秘匿データDを秘匿性を保ってHOST2に読み出すことができる。 Further, even when the second HOST 6 is provided as in the communication system 1B according to the second embodiment, the HOST 2 and the external memory 5 are directly connected by the network 8 as in the communication system 1C according to the third embodiment. As a result, as shown in the operation sequence diagram shown in FIG. 8, encrypted data such as homomorphic encryption can be stored directly from HOST 2 via network 8 in external memory 5, or from external memory 5 directly to HOST 2 via network 8. It is possible to read encrypted data such as homomorphic encryption and perform a predetermined analysis at high speed and with low power consumption without using HSM4. Further, as shown in the operation sequence diagram shown in FIG. 3, the confidential data D stored in the external memory 5 can be read out to HOST 2 while maintaining confidentiality.
 1A,1B,1C…通信システム
 2…ホスト装置(HOST)
 2a…CPU
 2b…読み出し専用メモリ(ROM)
 2c…一時記憶メモリ(RAM)
 2d…通信処理回路
 2e…OTP暗号機能ブロック
 3,7,8…ネットワーク
 4…ハードウエアセキュリティーモジュール(HSM:セキュリティ装置)
 4a…内部メモリ
 4b…暗号処理IP
 4c…乱数生成器
 5…外部メモリ
 6…第2ホスト装置(第2HOST) 1A, 1B, 1C ... Communication system 2 ... Host device (HOST)
2a ... CPU
2b ... Read-only memory (ROM)
2c ... Temporary storage memory (RAM)
2d ... Communication processing circuit 2e ... OTP encryption function block 3, 7, 8 ... Network 4 ... Hardware security module (HSM: Security device)
4a ... Internal memory 4b ... Cryptographic processing IP
4c ... Random number generator 5 ... External memory 6 ... 2nd host device (2nd HOST)

Claims (6)

  1.  秘匿データを有するホスト装置と、前記ホスト装置とネットワークで相互に接続される、前記ホスト装置との暗号化通信に用いる公開鍵および秘密鍵を乱数生成器によって生成して保管するセキュリティ装置とを備え、
     前記秘匿データの前記セキュリティ装置側への保管時、前記ホスト装置は、前記セキュリティ装置から受信した前記公開鍵を使って前記秘匿データを暗号化して前記セキュリティ装置へ送信し、前記セキュリティ装置は、前記ホスト装置から受信した暗号化された前記秘匿データを外部メモリに記憶して保管し、
     前記外部メモリに保管された前記秘匿データの前記ホスト装置側への読み出し時、前記ホスト装置は、生成したまたは取得したワンタイムパッド鍵を前記公開鍵によって暗号化して前記セキュリティ装置へ送信し、前記セキュリティ装置は、前記ホスト装置から受信した前記ワンタイムパッド鍵を前記秘密鍵によって復号化し、前記秘匿データを前記外部メモリから読み出して前記秘密鍵によって復号化し、復号化した前記秘匿データを復号化した前記ワンタイムパッド鍵によって暗号化して前記ホスト装置へ送信する
     通信システム。     A host device having confidential data and a security device connected to the host device via a network to generate and store a public key and a private key used for encrypted communication with the host device by a random number generator. ,
    When the secret data is stored on the security device side, the host device encrypts the secret data using the public key received from the security device and transmits the confidential data to the security device, and the security device receives the security device. The encrypted secret data received from the host device is stored in an external memory and stored.
    At the time of reading the secret data stored in the external memory to the host device side, the host device encrypts the generated or acquired one-time pad key with the public key and transmits it to the security device. The security device decrypts the one-time pad key received from the host device with the private key, reads the secret data from the external memory, decrypts with the private key, and decodes the decrypted secret data. A communication system that is encrypted by the one-time pad key and transmitted to the host device.
  2.  秘匿データを有するホスト装置と、前記ホスト装置とネットワークで相互に接続される、前記ホスト装置との暗号化通信に用いる公開鍵および秘密鍵を乱数生成器によって生成して保管するセキュリティ装置とを備え、
     前記セキュリティ装置は前記公開鍵を外部メモリに保管し、
     前記秘匿データの前記セキュリティ装置側への保管時、前記ホスト装置は、前記外部メモリに保管された前記公開鍵を前記外部メモリに直接アクセスして前記外部メモリから読み出し、読み出した前記公開鍵によって暗号化した前記秘匿データを前記外部メモリに直接アクセスして前記外部メモリに保管し、
     前記外部メモリに保管された前記秘匿データの前記ホスト装置側への読み出し時、前記ホスト装置は、前記外部メモリに直接アクセスして前記外部メモリから読み取った前記公開鍵により、生成したまたは取得したワンタイムパッド鍵を暗号化して前記セキュリティ装置へ送信し、前記セキュリティ装置は、前記ホスト装置から受信した前記ワンタイムパッド鍵を前記秘密鍵によって復号化し、前記秘匿データを前記外部メモリから読み出して前記秘密鍵によって復号化し、復号化した前記秘匿データを復号化した前記ワンタイムパッド鍵によって暗号化して前記ホスト装置へ送信する
     通信システム。     A host device having confidential data and a security device connected to the host device via a network to generate and store a public key and a private key used for encrypted communication with the host device by a random number generator. ,
    The security device stores the public key in an external memory and
    When the secret data is stored on the security device side, the host device directly accesses the external memory, reads the public key stored in the external memory, reads it from the external memory, and encrypts it with the read public key. The secret data is directly accessed to the external memory and stored in the external memory.
    When reading the secret data stored in the external memory to the host device side, the host device directly accesses the external memory and is generated or acquired by the public key read from the external memory. The pad key is encrypted and transmitted to the security device, and the security device decrypts the one-time pad key received from the host device by the private key, reads the secret data from the external memory, and reads the secret key. A communication system that decrypts and encrypts the decrypted secret data with the decrypted one-time pad key and transmits the decrypted data to the host device.
  3.  前記ホスト装置は、前記外部メモリから読み出した前記公開鍵によって前記秘匿データを準同型暗号に暗号化することを特徴とする請求項2に記載の通信システム。 The communication system according to claim 2, wherein the host device encrypts the secret data into homomorphic encryption by the public key read from the external memory.
  4.  前記乱数生成器は物理乱数源から構成されることを特徴とする請求項1から請求項3のいずれか1項に記載の通信システム。 The communication system according to any one of claims 1 to 3, wherein the random number generator is composed of a physical random number source.
  5.  前記セキュリティ装置に前記ホスト装置を介して相互にネットワーク接続される第2ホスト装置をさらに備え、
     前記ホスト装置は、前記第2ホスト装置との暗号化通信に用いる第2公開鍵を前記第2ホスト装置から受信して前記セキュリティ装置に送信して保管させ、前記セキュリティ装置が保管する前記公開鍵を前記セキュリティ装置から受信して前記第2ホスト装置へ送信し、
     前記秘匿データの前記第2ホスト装置への送信時、前記ホスト装置は、前記秘匿データを前記第2公開鍵によって暗号化して前記第2ホスト装置へ送信する、または、前記公開鍵によって前記秘匿データを暗号化して前記セキュリティ装置へ送信し、前記セキュリティ装置が前記秘密鍵で復号化して前記第2公開鍵で暗号化した前記秘匿データを前記第2ホスト装置へ送信する
     請求項1から請求項4のいずれか1項に記載の通信システム。     The security device is further provided with a second host device that is network-connected to each other via the host device.
    The host device receives the second public key used for encrypted communication with the second host device from the second host device, transmits the second public key to the security device, and stores the public key, which is stored by the security device. Is received from the security device and transmitted to the second host device.
    When the secret data is transmitted to the second host device, the host device encrypts the secret data with the second public key and transmits the secret data to the second host device, or the secret data is transmitted with the public key. 1 to 4 that encrypts the data and transmits it to the security device, and the security device transmits the confidential data that is decrypted by the private key and encrypted by the second public key to the second host device. The communication system according to any one of the above.
  6.  前記セキュリティ装置に前記ホスト装置を介して相互にネットワーク接続される秘匿データを有する第2ホスト装置をさらに備え、
     前記ホスト装置は、前記第2ホスト装置との暗号化通信に用いる第2公開鍵を前記第2ホスト装置から受信して前記セキュリティ装置に送信して保管させ、前記セキュリティ装置が保管する前記公開鍵を前記セキュリティ装置から受信して前記第2ホスト装置へ送信し、
     前記第2ホスト装置が有する前記秘匿データの前記ホスト装置への送信時、前記ホスト装置は、前記公開鍵によって暗号化された前記秘匿データを前記第2ホスト装置から受信して前記セキュリティ装置へ送信し、生成したまたは取得したワンタイムパッド鍵を前記公開鍵によって暗号化して前記セキュリティ装置へ送信し、前記セキュリティ装置は、前記ホスト装置から受信した前記秘匿データおよび前記ワンタイムパッド鍵をそれぞれ前記秘密鍵によって復号化し、復号化した前記ワンタイムパッド鍵によって暗号化した前記秘匿データを前記ホスト装置に送信する
     請求項1から請求項5のいずれか1項に記載の通信システム。     The security device is further provided with a second host device having confidential data connected to each other via the host device.
    The host device receives the second public key used for encrypted communication with the second host device from the second host device, transmits the second public key to the security device, and stores the public key, which is stored by the security device. Is received from the security device and transmitted to the second host device.
    When the secret data possessed by the second host device is transmitted to the host device, the host device receives the secret data encrypted by the public key from the second host device and transmits the secret data to the security device. Then, the generated or acquired one-time pad key is encrypted by the public key and transmitted to the security device, and the security device secretly transmits the secret data received from the host device and the one-time pad key, respectively. The communication system according to any one of claims 1 to 5, wherein the secret data decrypted by a key and encrypted by the decrypted one-time pad key is transmitted to the host device.
PCT/JP2020/027295 2019-08-09 2020-07-13 Communication system WO2021029173A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2021539172A JPWO2021029173A1 (en) 2019-08-09 2020-07-13

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2019-148153 2019-08-09
JP2019148153 2019-08-09

Publications (1)

Publication Number Publication Date
WO2021029173A1 true WO2021029173A1 (en) 2021-02-18

Family

ID=74569408

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2020/027295 WO2021029173A1 (en) 2019-08-09 2020-07-13 Communication system

Country Status (2)

Country Link
JP (1) JPWO2021029173A1 (en)
WO (1) WO2021029173A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116055207A (en) * 2023-01-31 2023-05-02 深圳市圣驼储能技术有限公司 Encryption method and system for communication data of Internet of things

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2000050363A (en) * 1998-07-28 2000-02-18 Kodo Ido Tsushin Security Gijutsu Kenkyusho:Kk Encryption communication system
JP2004341502A (en) * 2003-04-24 2004-12-02 Matsushita Electric Ind Co Ltd Parameter generation apparatus, encryption system, decryption system, encryption apparatus, decryption apparatus, encryption method, decryption method, and program thereof
JP2007085009A (en) * 2005-09-20 2007-04-05 Connect Technologies Corp Key opening/closing system
US20180332011A1 (en) * 2017-05-11 2018-11-15 Microsoft Technology Licensing, Llc Secure cryptlet tunnel
JP2019036903A (en) * 2017-08-21 2019-03-07 三菱電機株式会社 Transmission apparatus, reception apparatus, map editing apparatus, and vehicle control apparatus

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108140334B (en) * 2015-10-09 2021-03-23 三菱电机株式会社 Confidential search system, management device, confidential search method, and recording medium
JP6894678B2 (en) * 2016-08-02 2021-06-30 キヤノン株式会社 Information processing equipment, its control method, and programs

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2000050363A (en) * 1998-07-28 2000-02-18 Kodo Ido Tsushin Security Gijutsu Kenkyusho:Kk Encryption communication system
JP2004341502A (en) * 2003-04-24 2004-12-02 Matsushita Electric Ind Co Ltd Parameter generation apparatus, encryption system, decryption system, encryption apparatus, decryption apparatus, encryption method, decryption method, and program thereof
JP2007085009A (en) * 2005-09-20 2007-04-05 Connect Technologies Corp Key opening/closing system
US20180332011A1 (en) * 2017-05-11 2018-11-15 Microsoft Technology Licensing, Llc Secure cryptlet tunnel
JP2019036903A (en) * 2017-08-21 2019-03-07 三菱電機株式会社 Transmission apparatus, reception apparatus, map editing apparatus, and vehicle control apparatus

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116055207A (en) * 2023-01-31 2023-05-02 深圳市圣驼储能技术有限公司 Encryption method and system for communication data of Internet of things
CN116055207B (en) * 2023-01-31 2023-10-03 深圳市圣驼储能技术有限公司 Encryption method and system for communication data of Internet of things

Also Published As

Publication number Publication date
JPWO2021029173A1 (en) 2021-02-18

Similar Documents

Publication Publication Date Title
CN107070657B (en) Secure chip and application processor and operating method thereof
JP3999655B2 (en) Method and apparatus for access control with leveled security
CN107659406B (en) Resource operation method and device
US7424615B1 (en) Mutually authenticated secure key exchange (MASKE)
CN111541725B (en) Block chain all-in-one machine, password acceleration card thereof, and key management method and device
CN110138772A (en) A kind of communication means, device, system, equipment and storage medium
EP2923458B1 (en) Method, system and device for securely transferring content between devices within a network
KR102364652B1 (en) APPARATUS AND METHOD FOR AUTHENTICATING IoT DEVICE BASED ON PUF USING WHITE-BOX CRYPTOGRAPHY
CN111464564B (en) Data high-speed encryption and decryption method and device based on symmetric cryptographic algorithm
CN109428867A (en) A kind of message encipher-decipher method, network equipment and system
JP5047638B2 (en) Ciphertext decryption right delegation system
JP6473876B2 (en) Secure network communication method
WO2021029173A1 (en) Communication system
JP4794970B2 (en) Secret information protection method and communication apparatus
KR101246818B1 (en) Method for encryption of Finance transaction data
EP3163841A1 (en) A method, system, server, client and application for sharing digital content between communication devices within an internet network
Hall-Andersen et al. nQUIC: Noise-based QUIC packet protection
CN110381067B (en) IP packet encryption method, decryption method and device thereof
Hathaliya et al. A smart contract-based secure data sharing scheme in healthcare 5.0
JP2001111539A (en) Cryptographic key generator and cryptographic key transmitting method
US20220345298A1 (en) Systems and methods for providing signatureless, confidential and authentication of data during handshake for classical and quantum computing environments
KR20040097717A (en) Method and system for transporting session key
US20190052610A1 (en) Apparatus and method for encapsulation of profile certificate private keys or other data
CN115664646B (en) Data backup method and device
US20240080189A1 (en) System and method for decrypting encrypted secret data items without master password

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20851436

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2021539172

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20851436

Country of ref document: EP

Kind code of ref document: A1