JP2000196583A - Broadcast communication system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To prevent the execution of illegal action by a manager for a broadcast communication information repeater by providing the system with a list preparation part for preparing a member list including members' disclosed keys and a disclosed key management part for acquiring and storing disclosed keys. SOLUTION: A member list management device 1 is constituted of a list preparation part 1a for preparing a member list including the disclosed keys of one or more members for executing broadcast communication and a disclosed key management part 1b for acquiring and storing disclosed keys to be included in the member list. A team master inputs prescribed items (member information) for preparing the member list by using the device 1. After inputting data, the list preparation part 1a selects the disclosed key of a member to be registered as a member, prepares a message digest for the member list and affixes an electronic signature prepared so as to be ciphered by the secret key of the team master to the member list.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to the field of broadcast communication using a computer network, and relates to a broadcast communication system capable of preventing improper operation by an administrator of an information relay device used for broadcast communication.

[0002]

2. Description of the Related Art In recent years, with the spread of open networks such as the Internet, LANs of organizations such as corporations have been developed.
Broadcasts can be made to various members connected to the Internet as well as within the Internet. Broadcasting is a communication intended to send the same information to many terminals on a communication network at once. are doing. Another example of the broadcast communication includes a real-time chat.

In a general example of a currently implemented broadcast communication system, a transmitting terminal transmits a message to be broadcast to an information relay which manages a set of recipients (deliverees) (distribution destination list). Transfer to device. The broadcast is realized by copying the message distributed by the information relay device for the number of recipients and transferring the duplicate to each recipient of the broadcast. For example, in the email system shown in FIG. 13, a mailing list management host (Server) that manages a mailing list (List01) indicating a set of recipients
A) sends a message to the mailing list, and the mailing list management host realizes the broadcast communication by copying and sending the message to each recipient (User A, User B, User C) listed in the mailing list. ing.

[0004] However, in the broadcast communication system constructed on the above-mentioned open network architecture, peeping of a message delivered to each recipient and leakage of confidential information to a third party are always problems. It was. Taking these problems into account, until now, EDI (Electoroni)
c Data Interchange) and EC (Electoronic commerce)
There is a growing need for the transfer of confidential information over networks such as those mentioned above.
Is being developed.

[0005] As a broadcast communication system in which security is enhanced by using encryption technology, there is a broadcast communication system disclosed in Japanese Patent Application Laid-Open No. 6-152592. In the present invention,
By generating an encryption key based on a data key used for encryption, destination information specifying a recipient, and a master key common to the system, and transmitting and receiving the destination information and the encryption key between communication parties, It discloses an encryption communication method that can share a data key with one or more communication partners.

However, when using this system, a member belonging to a group is set in order to ensure security, and the member is
In order to perform encrypted communication in a group, it is necessary to distribute a storage medium such as an IC card. However, in the currently used broadcast communication (for example, a mailing list), the members belonging to the group change dynamically due to withdrawal, subscription, etc., and the distribution destination changes at any time. It is desirable to be able to cope with such withdrawal, subscription, and the like.

Next, Japanese Patent Application Laid-Open No. 7-24560 shown in FIG.
In the broadcast communication system disclosed in No. 5, a broadcast communication system that can flexibly cope with the joining / leaving of members is disclosed. An encrypted information relay device (ServerA) in the broadcast communication system is a system for transmitting and receiving information between a plurality of subscribers connected by a communication line, and decrypts encrypted information transmitted and received from a calling subscriber. () Or a cryptographic calculator for encrypting () information to be transmitted to the receiving subscriber, a common secret key for decrypting the encrypted information, and each subscriber (User A, U
and a key storage unit that stores an individual public key for each subscriber for performing encryption corresponding to (ser B, User C).

[0008] However, the administrator of the information relay apparatus, or a person to whom authority has been delegated by the administrator, cannot transmit the contents of the encrypted communication even if it is not included in the subscribers of the broadcast communication. You can peep. Therefore,
If there is an administrator of a malicious information relay device, there is a risk that confidential information transferred by encrypted communication leaks.
For example, confidential information in broadcast communication performed between companies includes merger information of companies, which is information that should not be leaked to the administrator of the information relay device affected by the merger. Further, this information relay apparatus always performs the decryption processing and the encryption processing of the encrypted information. But,
The encryption / decryption processing is complicated and requires a large processing capacity. Therefore, when a large number of pieces of encrypted information arrive at the information relay device at the same time, there is a risk that the operation may become inoperable due to the delay of the broadcast communication or the processing capability of the information relay device.

[0009]

In order to broadcast confidential information, which would be greatly damaged if leaked by a company, organization, or individual, between a limited number of members, the following method is required. It is necessary to realize a broadcast communication system that solves various problems. (1) Even if the administrator of the information relay device, the communication content of the broadcast encryption communication realizes a mechanism that cannot be peeped, so that only the members who really need to share the information can see the broadcast content. I do. (2) It is possible to respond quickly to the withdrawal or subscription of a receiver who performs broadcast communication, and even if there is a dynamic change of a broadcast member, information is sent to members who should not broadcast by mistake. To prevent transfer. (3) The server administrator does not manage the distribution members of the broadcast, but manages the distribution members among the members performing the broadcast, and further reduces the management burden concentrated on the member managers as much as possible. (4) In order to transfer confidential information, a mechanism is established in which a large number of recipients can reliably receive the information.

[0010] The present invention has been made in view of the above points, and a member list management device, an encryption information creation device, an information relay device, an encryption information decryption device, and a broadcast communication system that solve the above-mentioned problems are provided. Another object of the present invention is to provide a recording medium on which a program for causing a computer to realize the above is recorded.

[0011]

According to the present invention, there is provided a member list management apparatus for creating encrypted information including encrypted information obtained by encrypting information to be transmitted, and a publicization of members to be distributed in broadcast communication. A member list management device that manages a member list including a key, an encryption information decryption device that decrypts the encryption information, and encryption information transmitted from the encryption information creation device, and An information relay device that distributes the encrypted information to one or more encrypted information decryption devices based on a member list, wherein the public key of one or more members performing the broadcast communication is provided. And a public key management unit that acquires and stores the public key.

Further, the member list management device further comprises a list acquisition and storage unit for acquiring and storing the member list from a terminal via a network or from a storage medium connected to the device. I do.

[0013] The member list management device may be configured to transmit the member list via a network to a database or the information relay device connected to the network, or to use the encryption information creation device or the encryption information creation device used by members included in the member list. The apparatus further comprises a list transmitting unit that transmits the list to the encryption information decryption device.

[0014] The member list management device may further include a subscription request item setting means for setting a subscription request item to the member list of the broadcast, and a subscription request input and transferred by a subscription requester. And a subscription permission determining unit configured to determine whether to permit the subscriber to subscribe to the member list.

According to the present invention, there is provided an encryption information creation apparatus for creating encryption information including encryption information obtained by encrypting information to be transmitted, and a member list including a public key of a member to be broadcasted. Member information management device, an encryption information decryption device for decrypting the encrypted information, receiving the encryption information transmitted from the encryption information creation device, and based on the member list the encryption information 1
An information relaying device for delivering to the above-mentioned encryption information decryption device, and an encryption information creation device in a broadcast communication system, comprising: a terminal via a network, or a storage medium connected to the device, A list acquisition and storage unit for acquiring and storing the member list, and an encryption unit for acquiring the broadcast message, encrypting the broadcast message using a public key included in the member list, and using the public key as encryption information. It is characterized by having.

Further, the encryption unit creates a ciphertext obtained by encrypting the broadcast message using a common key cryptosystem, and includes a common key used in the common key cryptosystem in the member list. A key for generating one or more encrypted common keys encrypted by the public key cryptosystem using the above public keys and selecting an encrypted common key corresponding to the member to be distributed among the encrypted common keys. It is characterized in that selection information is created, and the ciphertext, the encrypted common key, and the key selection information are output as the encryption information.

Further, when the broadcast message is composed of a plurality of components, the encrypting unit encrypts each of the components constituting the broadcast message and encrypts the encrypted message. It is characterized by creating information.

Further, the cipher information creation device checks the destination of the broadcast message, and if the destination is the information relay device and the member list can be obtained from the list obtaining and storing unit, the broadcast It further comprises a destination checking unit for sending a message to the encrypting unit.

Further, when the broadcast message comprises a main component and one or more sub-components,
The reference information that makes it possible to refer to the encryption information corresponding to the component according to the encryption information corresponding to the main component is transmitted to the information relay device, and the encryption information corresponding to the slave component is transmitted to the information storage device on the network. It is characterized by further comprising a multi-part transmission unit for transmitting.

According to the present invention, there is provided an encrypted information decrypting apparatus for generating encrypted information including encrypted information obtained by encrypting information to be transmitted, and a member including a public key of a member to be broadcasted. A member list management device that manages a list, an encryption information decryption device that decrypts the encrypted information, and a device that receives the encryption information transmitted from the encryption information creation device and converts the encryption information based on the member list. An information relay device for distributing the information to one or more cryptographic information decryption devices, wherein the cryptographic information decryption device in a broadcast communication system, wherein the cryptographic information acquisition device acquires the cryptographic information transferred from the information relay device And a decryption unit that decrypts encrypted information included in the encrypted information.

Further, the decryption unit refers to key selection information included in the encryption information and selects an encryption common key to be used for decryption, and the decryption unit uses a public key encryption method to perform the selection. Decrypts the encrypted common key with the recipient's private key,
An encryption common key decryption unit that obtains a common key, and a cipher that obtains a plaintext broadcast message by using a common key encryption method to decrypt encryption information included in the encryption information using the common key. And a sentence decoding unit.

Further, the encrypted information decryption apparatus further comprises a reception notification transmitting section for transmitting a reception notification notifying that the distribution member has received the information to the information relay apparatus.

Further, the cipher information decryption device includes reference information for making it possible to refer to the cipher information corresponding to the sub-component when the broadcast message includes a main component and one or more sub-components. Receiving the cryptographic information corresponding to the main component,
The apparatus further includes a multi-part receiving unit that receives encryption information corresponding to a sub-component based on the reference information.

[0024] The encryption information decryption apparatus may verify the identity of a member list used for creating the encryption information in the encryption information creation apparatus and a member list used for creating the distribution destination list, and perform encryption and decryption. Verifies whether the sender of the information is a member of the member list, verifies the integrity of the encrypted information on the communication path, and verifies the integrity of the transmitted information. Verification of whether or not a data string is included, referring to the transmitted encryption information, and transferring part of the encryption information composed of multiple parts created by the encryption information creation device to another information storage device A broadcast security verifying unit for performing the verification by any of or a combination of the verifications.

Further, the encryption information decrypting apparatus further comprises a list acquisition and storage unit for acquiring and storing the member list from a device that has already stored the member list via a network.

An information relay device of the present invention includes an encryption information creation device for creating encryption information including encryption information obtained by encrypting information to be transmitted, and a member list including a public key of a member to be distributed in the broadcast communication. A member list management device for managing, an encryption information decryption device for decrypting the encrypted information, and receiving the encryption information transmitted from the encryption information creating device, and converting the encryption information into one based on the member list. An information relay device for delivering to the above-described encrypted information decryption device,
An information relay device in a broadcast communication system comprising: a distribution destination list management unit that manages a distribution destination list; an information duplication unit that duplicates transferred cryptographic information; And a transmission unit for delivering to members.

The distribution destination list management unit can acquire a member list from a storage destination when necessary, and stores a list acquisition storage unit for storing the transferred member list, and a member transferred from the team master. The distribution list is changed so that the information is distributed to the same members as the members included in the list.

The information relay device refers to the correspondence table when checking the validity of the electronic signature attached to the member list, and automatically determines whether or not the signature is that of a valid team master. It further comprises a list validity confirmation unit for making the list valid.

Further, the information relay apparatus further comprises an additional information attaching section for attaching and saving the attached information to all or a part of the transferred information.

Further, the information relay device verifies the identity of the member list used for creating the encryption information in the encryption information creation device and the member list used for creating the distribution destination list, and receives the information. Acquires reception rejection information including the identification information of the receiving terminal or user to be rejected, and determines whether the sender or the transmission side terminal of the information transferred to the information relay device is included in the reception rejection information Verification, whether the sender of the cryptographic information is included in the member list, verification of the integrity to verify that the cryptographic information has not been tampered with on the communication path, and verification of the transmitted information Verifies whether a malicious program or data string is included in the encrypted information, and refers to the transmitted encrypted information, and the encrypted information composed of multiple parts created by the encrypted information creation device Of, and a part further comprises a broadcast security verification unit performs the verification by whether verification, any or a combination of being transferred to another information storage device.

Further, the information relay apparatus further comprises a broadcast content storage unit for storing the transferred information or a part of the information.

Further, the information relay device includes: an opening request item presenting means for presenting, on the terminal of the opening requester, an opening request item to be satisfied by the opening requester at the time of receiving the opening of the broadcast service; The opening acceptance request transferred by the server satisfies the opening request item and determines whether or not to permit the establishment of the broadcast service. When determined, the broadcast request automatic opening unit further includes: a broadcast communication opening means for opening a broadcast service for distributing information to a member designated by the team master with the requester as the team master. It is characterized by having.

Further, the present invention is characterized by claims 1 to 4
A member list management device according to any one of claims 1 to 5, an encryption information creation device according to any one of claims 5 to 9, a cryptographic information decryption device according to claims 10 to 15, and A broadcast communication system comprising the information relay device according to any one of claims 16 to 22.

The present invention is also directed to a recording medium in which a member list management program is recorded in the member list management device, wherein a procedure for creating a member list including public keys of one or more members performing broadcast communication is provided. And a computer-readable recording medium that records a member list management program that causes a computer to execute a procedure for acquiring and storing a public key.

The present invention also provides a recording medium on which an encryption information creation program is recorded in the encryption information creation apparatus, wherein a procedure for acquiring and saving a member list via a network, and a step for acquiring a broadcast message, And C. encrypting the broadcast message using a public key included in the member list to generate encrypted information.

Further, the present invention is a recording medium in which an encryption information decryption program is recorded in the encryption information decryption apparatus, wherein a procedure for acquiring the encryption information transferred from the information relay apparatus is included in the encryption information decryption apparatus. And a computer-readable recording medium storing an encryption information decryption program for causing a computer to execute the procedure for decrypting encrypted information.

The present invention also relates to a recording medium on which an information relay program is recorded in the information relay apparatus, wherein a procedure for managing a distribution destination list, a procedure for copying transferred encryption information, and A computer-readable recording medium on which is recorded an information relay program for causing a computer to execute a procedure for distributing information to each member to be distributed.

[0038]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS First, a description will be given of each embodiment of a member list management device, an encryption information creation device, an information relay device, and an encryption information decryption device constituting a broadcast communication system of the present invention. The terms used in the description of the basic technical concept and the embodiments will be described. FIG. 1 shows an outline of a broadcast communication system of the present invention. The embodiments of each device constituting the broadcast communication system of the present invention will be described later in detail.

As described in the prior art, in the conventional broadcast communication, the setting of the member to be delivered (receiver) stored in the information relay device (server) is mainly performed by the server administrator or the server management. Was controlled by someone who was delegated authority by that person. However, when broadcasting the confidential information, there is a possibility that the server administrator performs the broadcasting that should not be managed.

Therefore, according to the present invention, not a server administrator but an administrator who manages members in a broadcast member (hereinafter, referred to as a team master) manages a list of members to be distributed (hereinafter, referred to as a member list). To provide a mechanism by which this member list is not falsified by others. Then, the member list is safely and securely shared by the members included in the member list, and the information content of the broadcast transmitted by the member is encrypted, so that the broadcast member can be safely and securely transmitted without information leakage. It is intended to receive confidential information.

First, in order to safely and surely broadcast confidential information, a mechanism for identifying and authenticating a member who is a communication partner is required. In the present invention, a public key cryptosystem (for example, RSA
(Rivest-Shamir-Adleman) or elliptic cryptography) uses a mechanism in which the private key is owned only by the user. Therefore, the member list of the present invention includes at least the public key corresponding to the secret key. In addition, a digital signature by a team master is attached in order to realize a mechanism in which the member list is securely managed and is not falsified by others.

The member list is generally managed by a team master. For example, if the number of members of a broadcast communication is large and cannot be managed by one manager, the member list is divided into a plurality of lists. In other words, it may be managed by a plurality of managers (a team master and a submaster authorized by the team master) included in the team master list. As shown in FIG. 2, a general member list includes a team name, the name or identifier of a member X who is a team master, the names or identifiers of members Y,... , A digital signature (electronic signature) of Team Master X. In FIG. 3, when the member list is composed of a plurality of lists as described above, the member list is divided into a team master list in which the manager of the team 101 is registered and a member list in which the broadcast members of the team 101 are registered. An example in the case of doing is shown. In this example, the validity of the member list can be confirmed not only by the X of the team master but also by the Y and Z digital signatures of the submaster.

In this case, first, the electronic signature of the member list is used to verify whether the member list has been tampered with and the signer (in this example, member X) is specified.
Next, the electronic signature of the team master list is used to verify that the team master list has not been tampered with, and that the signer of the team master is definitely the team master of this team. Finally, verify that the signer of this member list is registered as a team manager on the team master list. In the example of FIG. 3, since the member X is registered as a team master, it can be determined that the member X is a valid signer. Further, even when the signature by the member Y is attached to the member list, the member Y is a legitimate signer (in this case, a sub-master in FIG.
In this case, it can be determined as "sub"), so that the validity can be verified.

In the member list, a plurality of public keys may be registered for one member. For example, when using a pair of a public key and a secret key used for encryption / decryption processing, and a pair of a public key and a secret key used for creation / verification processing of an electronic signature, respectively using different key pairs, Two public keys are registered for the member.

A public key is registered in the member list. A digital certificate issued by a certificate authority (for example, a digital certificate conforming to the X.509 format) is used as the public key. Can be used. Alternatively, a method of registering information for uniquely identifying a public key body in a member list may be used. In this case, the public key body contains information for identifying the public key (for example,
If a public key included in a certificate issued by a trusted certificate authority is used, the serial number assigned to the certificate is used. If you include the member digest in the member list, each member will select the actual public key body used for encryption after receiving the member list, or Can be obtained. For example, in the member list, the certificate authority name and serial No. Is included, first, the certificate authority name and the serial No. are obtained from the plurality of certificates stored in the storage medium connected to the terminal. The certificate having the serial No. is searched for the certificate having the certificate No., and if the certificate does not exist in the storage medium, the certificate of the certificate authority is contacted. You can also get a certificate.

Hereinafter, embodiments of a member list management device, an encryption information creation device, an information relay device, and an encryption information decryption device constituting the broadcast communication system of the present invention will be described in order with reference to the drawings.

FIG. 4 includes the first to fourth embodiments of the member list management device of the present invention. First, a first embodiment of the member list management device 1 will be described. In the present embodiment, in order to manage a member list, a list creation unit 1a that creates a member list including public keys of one or more members performing broadcast communication, and obtains and saves a public key to be included in the member list. And a public key management unit 1b.

First, the team master uses the member list management device 1 to input predetermined items (such as member information) for creating a member list. After inputting the data, as shown in FIG. 5, the list creation unit 1a selects the public key of the member to be registered as a member (step S1). For example, when creating the member list shown in FIG. 2, the public keys of members X, Y,..., B are selected. Then, a hash function (for example, MD5 or SHA-
1) is used to create a message digest of the member list (step S2). Then, the created message digest is encrypted with the secret key of the team master (for example, using RSA or DSA), and the created digital signature is attached to the member list (step S3; FIG. 2).
In the example, the digital signature of X is attached). With this mechanism, even if a terminal (not shown) other than the information relay device described later is used as the member list management device 1, there is no fear that the member list is falsified. If the tampering is actually performed, the tampering is discovered by verifying the validity of the member list, so that the use of the tampered member list can be stopped.

Next, as a second embodiment of the member list management device 1, the member list management device 1 of the first embodiment is further provided with a list acquisition and storage unit 1c. The list acquisition and storage unit 1c operates not only to acquire and save the member list in the storage medium connected to the member list management device 1, but also to a terminal ( For example, using a server) or a database (not shown), the terminal and the database are accessed to operate to acquire or save a member list. This configuration is used because if a team master manages the member list and there is a risk of the team master's device failing or the member list being deleted accidentally, If you save the member list to a secure terminal (for example, a server) or a database on the network instead of the terminal,
Because it is more secure.

Also, in order to reduce the burden of broadcasting management on a single administrator and to prevent operation errors, etc., a member list can be created by a plurality of administrators (team master and a plurality of submasters). There is also a form to manage. In this case, it is better to save the member list on a terminal or database on the network that each administrator can access so that each administrator does not use a different version of the member list. Communication can be realized.

The broadcast communication system of the present invention prevents information from leaking outside the broadcast members by encrypting with the public key included in the member list (for example, information leak to the server administrator). Prevention) is realized. Therefore, the member list management device 1 needs to verify whether the member list is managed with validity. Verification of legitimacy here means that 1) the member list is maintained in a state where it has not been falsified by unauthorized persons, and 2) the team that creates the member list performs broadcasting. The official team master, to check the status.

For 1), for example, an electronic signature attached to the member list (in the example of FIG. 2, the digital signature of X) is decrypted to obtain a message digest of the member list. In the example, the message digest obtained by compressing the team 101, the members X, the members Y,..., The members B,... Can be verified. In the case of 2), for example, the name of the signer of the member list (for example, the name described in a certificate according to the X.509 certificate format) is displayed on the screen so that the member list user can confirm it. Can be verified by having them confirmed.

The list acquisition and storage unit 1c creates and stores a correspondence table that associates information for identifying a member list with a team master that manages the member list, and checks the validity of an electronic signature attached to the member list. In this case, by referring to the correspondence table, it is possible to verify the validity of the member list by further providing a function of determining whether the electronic signature is a signature of a valid team master. When creating the correspondence table, for example, in the case of a member list to be acquired for the first time, the member list is displayed on a screen so that the user of the member list can confirm the team master, and verified by having the confirmation. If you receive a positive affirmation (if you accept this team master as a signer on the member list)
Information for identifying the member list (in the example of FIG. 2, "team 101" of the team name) and a team master for managing the member list (in the example of FIG. 2, "member X" which is the team master) are added to the table. With the additional function of validity, the validity is automatically checked after the second time. The function for verifying the validity of the member list described here is also provided in each of an encryption information creation device, an encryption information decryption device, and an information relay device, which will be described later, and is used when the member list is obtained or the member list is used. It works when.

Next, as a third embodiment of the member list management device 1, the member list management device 1 of the first or second embodiment is further provided with a list transmission unit 1d. The list transmitting unit 1d operates to transmit the member list to a terminal used by a member included in the member list. With this configuration, the latest member list can be quickly and accurately shared among the members of the member list.

Further, the team master needs to change the distribution destination list referred to when the information relay device described later redistributes the information. The mechanism for changing the distribution destination list differs depending on the type and mechanism of the information relay device. For example, a broadcast communication system for voice chat and a broadcast communication system for mail have different device structures and protocols. Member list management device 1 of the present embodiment
Then, the function of changing the distribution list to the member list management apparatus 1 so that the members included in the member list and the members included in the distribution list are the same so that the operation method does not differ depending on the system to be used. May be further added. As a function of changing the distribution destination list, in the simplest embodiment, the member list is transferred from the list transmission unit 1d of the present embodiment to the information relay device, and the information relay device uses this member list as the distribution list. There is a method.

As a fourth embodiment of the member list management device of the present invention, the member list management device 1 of any one of the first to third embodiments is provided with a subscription request receiving unit 1
e is further provided.

The subscription request receiving unit 1e is used by the broadcast team master to set a subscription request item to the specific broadcast distribution list in order to receive a subscription request to the broadcast member list. Item setting function, subscription request item presenting function for presenting items to be fulfilled by the subscriber when accepting a subscription request, and subscription request transferred by the subscriber satisfies the subscription request item and permits subscription A subscription permission determining function for determining whether or not to subscribe. In addition, when verifying whether or not the subscription request is an accurate request, the subscription request receiving unit 1e according to the present embodiment verifies by inquiring a database, a server, or the like disposed on the network. For example, the credit card No. Is described, the credit card No. Can be verified by accessing a terminal operated by a credit card company or, if a certificate is included, by accessing a certificate database operated by a certificate authority.

By the function of the above-mentioned subscription request receiving section 1e,
It is possible to realize automatic subscription of the receiver to the broadcast communication. As an example of a currently implemented automatic subscription of a recipient to a broadcast, there is, for example, a system that automates the process of subscribing to a mailing list and automatically subscribes to a mailing list when a user registers on a WWW page.
However, the current mailing list automates the process that is started with the authority of the information relay device administrator, and the current automation process uses a mechanism that allows the information relay device administrator to freely set the distribution members. It is just providing. Subscription request receiving unit 1e of the present embodiment
The purpose of the present invention is to prevent a fraudulent operation by an administrator of a malicious information relay apparatus and to provide a more secure automatic subscription mechanism.

Here, whether the public key and the private key included in the member list are undoubtedly their own,
If the expiration date has been set and it has not expired,
It is also desirable to verify that the secret key has not been leaked before using it. Therefore, in each embodiment of the member list management device 1, a database arranged on a network (for example, a directory database in which a state indicating the validity and reliability of a public key provided by a certificate authority or a service company is registered) The same or a different protocol as broadcast (for example, SMT
When using P (Simple Mail Transfer Protocol), LDAP (Lightweight Directory Access Protocol)
ol), OCSP (Online Certificate Status Protocol)
l) etc.) or use a certificate revocation list (CRL (Certificate
Revocation List)) may be used to verify the validity of a public key or a private key used for an electronic signature. The function of verifying the validity of the public key and the secret key used for the electronic signature described here must be provided in each of the cryptographic information creation device, the information relay device, and the cryptographic information decryption device described below. This is effective when confirming the electronic signature and managing the member list. The embodiments of the member list management device according to the present invention have been described above.

Next, an embodiment of the encryption information creating apparatus of the present invention will be described. FIG. 6 includes and shows the first to third embodiments of the encryption information creation device of the present invention.

The first embodiment of the encryption information creation apparatus of the present invention comprises a list acquisition and storage unit 2a for acquiring and saving a member list via a network, and an encryption unit 2b for creating encryption information. You.

The list acquisition and storage unit 2a stores the member list stored in the resource database arranged on the network in the same or different protocol as broadcast communication (for example, when using SMTP for broadcast communication, ,
(Such as HTTP). Alternatively, the transferred member list is stored in a storage device (not shown), and obtained by reading the member list from the storage destination when necessary.

If the encryption information creation device 2 has already stored the member list, the list acquisition storage unit 2
a operates to check if the member list is the latest version. For example, a database located on the network where information about the latest version of the member list is stored may be stored in a database that is the same as or different from the broadcast (for example, when using SMTP for broadcast,
LDAP, OCSP, etc.) to check the latest member list version. In addition, the list acquisition and storage unit 2a is provided with the member list management device 1 described above.
The function for verifying the validity of the member list described in the embodiment is provided, and the validity of the member list is verified when the member list is acquired. In addition, a storage unit (not shown)
Is constituted by a nonvolatile storage device such as an EEPROM, a hard disk, and a magneto-optical disk.

Next, as shown in FIG. 7, the encrypting unit 2b first obtains the broadcast message (plain text) and the member list obtained by the list obtaining and storing unit 2a, and encrypts the broadcast message by common key encryption. A ciphertext is created by encrypting with a scheme (for example, an encryption scheme using the same key for encryption and decryption such as DES).
Then, an encrypted common key is created by encrypting the common key used for creating the ciphertext by a public key encryption method (for example, the RSA method) using each member public key included in the member list. At this time, if there are three members, three encrypted common keys are created. Further, key selection information for selecting an encrypted common key corresponding to the member to be distributed among a plurality of encrypted common keys is created. As this key selection information, for example, a table that associates a member name with an encrypted common key may be used. Also, the broadcast message is compressed by a hash function, and an electronic signature encrypted with the sender's private key is added. With this electronic signature, falsification can be prevented and the sender can be confirmed. Then, it operates so as to output a cipher text, an encrypted common key, key selection information, and an electronic signature as cipher information. In the broadcast communication system, the encryption information creation device 2 is used at the transmitting terminal.

Next, the second embodiment of the encryption information creating apparatus 2 has a configuration in which a destination inspection unit 2c is further provided in the first embodiment as shown in FIG. The destination checking unit 2c checks the transmission destination of the broadcast message, and encrypts the broadcast message only when the information relay device is the transmission destination and a member list used for the broadcast can be obtained. It operates so as to pass it to the conversion unit 2b. By providing the destination checking unit 2c, the encrypted information creation device 2 can be implemented so as to perform only the encryption process. Therefore, the creation of the broadcast message itself can be performed by using a general-purpose message creation device (word processor, mailer, Client).

For example, when the encryption information creation device 2 is realized as mailer plug-in software, the functions of the existing mailer can be used until the creation of the text of the mail and the attached file. The plug-in software as the cryptographic information creating device 2 checks the address before sending the mail, and if the address of the mailing list server is the address, acquires the member list corresponding to this address,
The above-mentioned encryption is performed by using the public key included in the member list to create encryption information. This encryption information is transmitted to the mailing list server using a communication function used by the existing mail (for example, a communication function using SMTP as a protocol). Note that the cryptographic information creating apparatus 2 of the present embodiment may further include a dedicated broadcast information creating unit (not shown) for creating a broadcast message.

Next, the third embodiment of the cryptographic information creation device 2 has a configuration in which a multiple parts transmission unit 2d is further provided in the first or second embodiment as shown in FIG. In the present embodiment, when the broadcast message is composed of a plurality of parts, the encryption unit 2b performs the above-described encryption processing for each part to generate encryption information. And
When the broadcast message is composed of a plurality of parts as shown in FIG. 8, the multiple-parts transmitting unit 2d can refer to some of the parts from the information relay apparatus according to the reception capability of the information relay apparatus. It operates to transmit to the information storage device 5. At this time, an optimal protocol can be used for transmitting each part. For example, a real-time communication protocol is used for voice chat, and a file transfer protocol is used for file transfer.

It should be noted that the multiple-parts transmitting unit 2d can refer to the resource database or the information relay device 4 arranged on the network and refer to the information relay device 4 to transfer a part of the broadcast message. Know a good information storage device 5. As another method, the address of the information storage device 5 may be used in the member list. Also, when transmitting a plurality of parts to different devices, the receiver may need to verify whether all the original information has been collected. In that case, when each encryption process is performed, the original all plaintext parts, all ciphertext parts, the set of message digests of each plaintext part, or the set of message digests of each ciphertext part When each message is transferred to a completely different device by attaching a message digest created using a hash function to one or a combination of some of them, or attaching an electronic signature to this message digest However, the integrity of the entire broadcast message can be verified.

In the present embodiment, even if communication is performed over a plurality of protocols for each part, the same information encryption process and the same member list are used to ensure communication between members set by the team master. Broadcast,
The level of security and certainty of the broadcast of each part can be equalized.

The present embodiment is effective in a case where messages of different formats are simultaneously broadcast in a broadcast encryption communication system. For example, using a voice chat broadcast communication system, members across multiple companies may have business negotiations and simultaneously transfer contract files, or use a mailing list broadcast communication system In some cases, a large file (for example, a 5 Mbyte image file) exceeding the capacity of the mail system is transferred while transmitting the encrypted mail. For example, in the case of voice chat, when the contract file is transferred, if the voice chat is interrupted and the broadcast is interrupted,
When handling important confidential information, there is a risk that oversight etc. may occur.

Further, in the mailing list broadcast communication device, an allowable amount (for example, 3 Mbytes in the member A system) is set depending on the setting of each receiving side mail system.
e, In the mail system of member B, 1 Mbyte)
In addition, since the receiving capacity differs depending on the amount of free space in the mail receiving buffer reserved for the specific member, it is difficult for the sender to assure whether the message can be transmitted reliably. The present embodiment functions effectively in these environments.

Further, the security of the public key included in the member list used at the time of encryption is improved more than verifying the validity of the public key before use at the time of encryption. For example, when the team master creates a member list, even if all public keys are valid, even if they try to use the same key after a certain period of time, there is a key that has expired or a secret key has been leaked You may have. In each embodiment of the encryption information creation device 2, the member list management device 1
The security is further improved by providing a key validity verification function similar to the function for verifying the validity of a public key or a private key used for an electronic signature. The embodiments of the cryptographic information creation device of the present invention have been described above.

Next, an embodiment of the encryption information decrypting apparatus of the present invention will be described. FIG. 9 includes and shows the first to fifth embodiments of the encryption information decrypting apparatus of the present invention.

The first embodiment of the cryptographic information decrypting device 3 comprises a cryptographic information acquiring unit 3a for acquiring cryptographic information transferred from an information relay device described later, and a decrypting unit 3b for decrypting cryptographic information. It is composed of The decryption unit 3b first refers to the key selection information included in the encryption information and selects an encryption common key to be used for decryption from a plurality of encryption common keys corresponding to the number of members, as shown in FIG. . Then, the encrypted common key is decrypted using the private key of the receiver by using the public key cryptosystem to obtain the common key. Then, using the common key cryptosystem, the cipher text included in the cipher information is decrypted using the common key to obtain a plaintext broadcast message. Then, the message digest MD obtained by decrypting the electronic signature with the public key of the sender and the message digest MD ′ obtained by compressing the broadcast message (plaintext) obtained by decrypting the ciphertext by the hash function are compared and verified. Check the sender.

Next, as a second embodiment of the encrypted information decrypting device 3, as shown in FIG. 9, the encrypted information decrypting device of the first embodiment is further modified by the fact that the receiver himself or herself has received the information. A configuration is provided that includes a reception notification transmission unit 3c that transmits a reception notification for confirmation to the information relay device. The reception notification transmitting unit 3c includes, for example, a message digest of the received communication content, a time stamp of the reception time, and a recipient ID.
Send a reception notification with an electronic signature attached.

With this configuration, for example, when the terminal on the receiving side is out of order or the communication line is disconnected, there is a possibility that the communication content does not reach the receiver. Therefore, it is desirable for the recipient to transmit a reception notification.
However, the conventional reception notification (for example, an e-mail opening notification) is not a safe reception notification because a malicious person can send a similar notification by impersonating along the way. The encrypted information decrypting device 3 of the present embodiment is provided with the above-mentioned reception notification transmitting unit 3c. As a result, in a broadcast communication for transmitting and receiving confidential information, the recipient himself / herself can send a reception notification with an electronic signature attached to the information relay device. It can be confirmed that the distribution was successfully made to one of the registered members.

Next, as a third embodiment of the encrypted information decrypting device 3, as shown in FIG. 9, the encrypted information decrypting device of the first or second embodiment is further provided with a multi-part receiving unit 3d. A configuration having: The multiple parts receiving unit 3d
As shown in FIG. 8, based on the contents of the broadcast message, it is determined whether a part of the part has been transferred to the information storage device 5,
When the parts are transferred, an inquiry is made to the information storage device 5, and an optimal protocol (for example, H
The part is acquired using the TTP protocol or the FTP protocol. Also, the decoding unit 3b of the present embodiment
If the encryption information consists of multiple parts,
It operates so as to perform decoding processing for each individual part.
In this embodiment, the broadcast message is composed of a plurality of parts, and some of the parts are transmitted to the information storage device 4 which can be referred to from the information relay device 4 by the above-described encryption information creating device 2. It corresponds to the case.

The fourth embodiment of the encrypted information decrypting apparatus of the present invention further broadcasts to the encrypted information decrypting apparatus 3 of any one of the first to third embodiments as shown in FIG. A configuration including a communication security verification unit 3e is adopted. The broadcast security verification unit 3e operates as one of its functions to verify whether the sender is a member registered in the member list. At the time of this verification, the member list is acquired from the list acquisition and storage unit 3f described later, and the sender is confirmed. Also, by accessing a resource database in which information on a member list arranged on the network is registered (for example, using a protocol such as LDAP), it is possible to inquire whether the sender is included in the member list. You may. Further, a function similar to that of a broadcast security verification unit provided in the information relay device described later may be further provided.

In the fifth embodiment of the encryption information decrypting apparatus according to the present invention, as shown in FIG. 9, the encryption information decrypting apparatus 3 according to any one of the first to fourth embodiments is further provided with a list acquisition. The configuration including the storage unit 3f is adopted.

The list acquisition and storage unit 3f stores the member list stored in the resource database arranged on the network in the same or different protocol as broadcast communication (for example, using SMTP in broadcast communication). In this case, it is acquired using HTTP or the like. Alternatively, the transferred member list is stored in a storage device (not shown), and obtained by reading the member list from the storage destination when necessary. When the encryption information decrypting apparatus 3 has already stored the member list, the list acquisition and storage unit 3f operates to check whether the member list is the latest version. For example,
The same or a different protocol (for example, LDAP, OCSP, etc. when using SMTP for broadcast) is stored in a database located on the network where information on the latest version of the member list is stored. Use and check the latest member list version.

The list obtaining and storing unit 3f has a function of verifying the validity of the member list described in the embodiment of the member list management device 1, and verifies the validity of the member list when the member list is obtained. I do. Further, the decryption unit 3b and the list acquisition and storage unit 3f are provided with the function of verifying the validity of the public key and the secret key used for the electronic signature described in the above-described embodiment of the cryptographic information creation apparatus. It may be. By further providing these functions, safety is further improved. The embodiments of the encryption information decrypting apparatus according to the present invention have been described above.

FIG. 10 shows the first to sixth embodiments of the information relay apparatus of the present invention. First, a first embodiment of the information relay device of the present invention will be described. In the present embodiment, a distribution destination list management unit 4a that stores and manages a distribution destination list managed by a team master, and a method for transmitting the transferred cryptographic information to a member to be distributed included in the distribution destination list. An information copying unit 4b to be copied;
A transmission unit 4c for transmitting the copied encrypted information to each of the members to be distributed.

The distribution destination list management section 4a has been described in the embodiment of the member list management device when storing and managing the distribution list, obtaining and storing the member list, and when obtaining the member list. It has a function of verifying the validity of the member list and a function of matching members included in the member list and the distribution list. In addition,
When the distribution list management unit 4a sets the distribution list with reference to the member list, the distribution list management unit 4a further includes a function of checking whether the member list is the latest version. For example, a database located on the network that stores information about the latest version of the member list,
The same or different protocol as broadcast (for example, when using SMTP for broadcast, LDAP, OCS
P) may be used to inquire about the latest member list version.

The second embodiment of the information relay device of the present invention has a configuration in which the information relay device 4 of the first embodiment further includes a list validity confirmation unit 4d. When acquiring the member list, the list validity confirmation unit 4d verifies the validity of the member list. The function of verifying the validity of the member list is as described in the embodiment of the member list management device 1 described above.

The third embodiment of the information relay apparatus according to the present invention is different from the information relay apparatus 4 of the first or second embodiment in that
The configuration further includes the additional information attachment unit 4c. The additional information attachment section 4c is a team master or information relay device 4
Various information (service information, management information, etc.) by the administrator
Is attached to the encryption information. With the function of attaching the additional information, a wide range of services can be provided to the members to be distributed.

The fourth embodiment of the information relay apparatus according to the present invention is configured such that the information relay apparatus 4 according to any one of the first to third embodiments further includes a broadcast security verifying unit 4f. Take.

The broadcast security verification section 4f has a first function of verifying the identity of the member list.
For example, if the transmitting terminal is out of order or the communication line is disconnected, the latest member list may not be available to the sender. The broadcast security verifying unit 4f creates a member list used for encrypting the transferred encrypted information and a distribution destination list used for transfer by the server in order to further enhance the security of the broadcast. Verify the identity with the member list used for this.

For example, member list version N
o. It is possible to verify whether the member lists are the same by using information such as the time when the team master created the member list (for example, when a time stamp or the like was added). As another method, identity verification can be performed by verifying whether the electronic signers attached to the member list are the same. As another method, identity verification can be performed by comparing a message digest with a member list using a hash function.

Further, the broadcast security verifying unit 4 f
Has a function of verifying a broadcast sender. In the conventional broadcast communication, since the administrator of the information relay device 4 was able to see the contents of the information, it was possible to inspect the contents, for example, whether or not slander or slander information is flowing.
However, in the method of the present invention, since a mechanism is realized in which the server administrator cannot see the contents of the information, there is a possibility that the information relay device 4 is used illegally. Therefore, the broadcast security verifying unit 4f transmits the information terminal that refuses to receive the information (for example, can be identified by an IP address) or the identification information of the user (for example, in the case of a mail system, the mail address or the , Which can be identified by a certificate or the like issued by a trusted certificate authority), and the sender or the transmitting terminal of the information transferred to the information relay device 4 includes the information in the reception rejection information. It has a function to verify whether or not it has been The rejection information includes, for example, the mail address of an individual who has sent spam mail in the past, or the IP address or network address of a terminal whose security level is low and personal identification may not be performed in a legitimate procedure. A list is included.

Further, the broadcast security verifying section 4f outputs the third
It has a function to verify the contents of the broadcast as a function of. This is to verify the sender and communication contents in order to improve the security of the broadcast communication. It verifies whether the sender of the cryptographic information is included in the member list, and verifies whether the transmitted information includes a malicious program or a data string.

The broadcast security verifying section 4f outputs the fourth
Has a function of verifying that, of the encrypted information composed of a plurality of parts, the part stored in the information storage device and referred to by the encrypted information decryption device has been transferred to the information storage device without fail. By referring to the transferred encryption information, it is determined whether or not a part of the encryption information composed of a plurality of parts is transferred to another information storage device, and a part is transferred to another information storage device. If yes, verify that the transfer was successful. Further, the function for verifying the validity of the public key and the secret key used for the electronic signature described in the above-described embodiment of the cryptographic information creating apparatus is provided in the broadcast security verifying means 4f. There is also.

The fifth embodiment of the information relay apparatus of the present invention has a configuration in which the information relay apparatus 4 according to any one of the first to fourth embodiments further includes a broadcast content storage unit 4g. . The broadcast communication content storage unit 4g stores the transferred information, a part of the information, or the information with the attached information attached thereto. For example, when a failure occurs in a mail server in a mail system or when a terminal of a receiver is broken, even transmitted information may not be correctly received. Further, there is a case where the voice is interrupted due to the communication line in the voice chat. Even if the data transmitted by the transmission side does not match the data received by the reception side, the data is safely stored by the storage function of the broadcast content storage unit 4g. You can check it again and get it again.

The sixth embodiment of the information relay apparatus of the present invention has a configuration in which the information relay apparatus 4 according to any one of the first and fifth embodiments is further provided with a broadcast automatic opening unit 4h. . The broadcast automatic opening unit 4h automatically starts the broadcast without obtaining the manual permission of the server administrator. Therefore, the server administrator presents the items to be satisfied by the establishment requester when the server administrator accepts the establishment. Opening request item presentation function for opening, the opening reception request transferred by the opening requester satisfies the opening request item, and the opening permission determining function to determine whether or not to allow the opening, and when the opening is determined A broadcast communication setting function for setting the requester to be the team master and performing the setting to enable broadcasting to members designated by the team master.

In the conventional broadcast communication system, it is necessary for the administrator of the information relay device to perform the work associated with the establishment in advance. For example, it is necessary to set a distribution list, distribute an IC card, and register a public key in the information relay device. In addition, the cipher broadcast communication is not an endless communication, but a communication that is used in a minimum time when necessary, such as a one-hour voice chat and transfer of three contract files. It is thought that there are many. In this case, the work load of starting or deleting the broadcast of the information relay device 4 becomes extremely large. Further, since there is a risk of occurrence of mistakes and the presence of a malicious administrator, a system that requires as little manual setting by such a person as possible is desirable for safety. Therefore, the information relay device 4 according to the present embodiment can automatically set a certain usage condition (for example, payment of a charge proportional to the usage time) without requiring manual setting by the server administrator. Provides a function to start broadcasting.

Further, the automatic broadcast opening unit 4h may have an opening request confirmation function for verifying whether the opening reception request transferred by the opening requester is an accurate request. For example, when a credit card is described in the billing item, it is verified whether the credit card number is properly registered and is in a chargeable state. During this verification,
If there is no data to be used for verification in the information relay device 4, an inquiry is made to a database, server, or the like which is arranged on the network and has predetermined data.

The information relay apparatus 4 of the sixth embodiment may be provided with a withdrawal request receiving unit (not shown) for receiving a withdrawal request of a member of the broadcast. For example, there is a danger that even if there is no intention to join, the user is arbitrarily registered in the member list, and only unnecessary information or defamatory / slandering information is transferred. In the information relay device 4 of the present embodiment, when the member of the broadcast communication receives a withdrawal request to withdraw from the broadcast to the information relay device, the withdrawal request receiving unit performs transfer to the member. It is characterized by having a withdrawal request receiving unit that cancels and informs the team master of the reason.
Further, in order to check whether the withdrawal request is a transfer cancellation request created by the withdrawal request member, an identity verification method such as an electronic signature or a shake hand can be used. The embodiments of the information relay device of the present invention have been described above.

Next, as Embodiment 1 of the broadcast communication system of the present invention, an information relay device operated by a third party is used,
An example in which a securities company distributes securities news to members will be described. In the first embodiment shown in FIG. 11, the function of the information relay device of the present invention is realized by using a mailing list server and a WWW server in order to realize secure broadcast communication of a mail system. This mailing list server is operated by a third party.

A WWW server linked to a mailing list server operated by a third party. The WWW server indicates items set by the mailing list server administrator to establish a broadcast communication and which must be satisfied by the establishment requester. Homepage is saved. The securities company downloads this homepage using SSL (Secure Socket Layer) communication in order to automatically open the service, and inputs necessary items in a form corresponding to the item displayed on the browser. In the first embodiment, a request for a service capable of broadcasting data to a name, a credit card number, and 1,000 persons is described, and a transmission button is pressed to transfer the request to a WWW server.

Broadcast automatic opening unit 4 implemented as a program (for example, CGI) running on the WWW server
h is a function to determine the permission of the person who has accessed by SSL communication, the name, the credit card No. ,
Using the four data “1000”, it is determined whether or not the establishment should be permitted. In the first embodiment, the credit card No. To the credit card service company, verify whether the card holder and the certificate holder match, and if they match, re-transmit a page notifying that the establishment is permitted to the subscriber. If they do not match, the page notifying that the establishment has been rejected is transferred again to the subscriber.

When the establishment is permitted, the broadcast request setting function of the automatic broadcast opening section 4h, which is implemented as a program running on the mailing list server, manages the subscriber as a team master. Set a new mailing list address for information communication. In addition, a distribution list for distributing information sent to this mailing list address (an initially empty list)
Set. When these opening settings are completed, the mailing list server forwards an e-mail notifying the successful completion of the opening settings to the team master.

The member list management device 1 according to the first embodiment is implemented, for example, as a JAVA applet, incorporated in a homepage, and stored in a WWW server. When creating the member list, the team master manages the member list to be set using an applet downloaded using SSL communication. The member list according to the first embodiment includes three lists: a team master list, a reporter list, and a recipient list. In the team master list, sub-masters who can manage teams other than the team master are set. In the reporter list, reporters who write securities news are registered, the team master performs an electronic signature, and is transferred to the information relay device 4 again. I do. Information relay device 4
Sets the distribution list after verifying the electronic signature to make sure that the member list is definitely created by the team master. The distribution rule in the first embodiment is set so that the broadcast information transferred from the members of the reporter list is duplicated for the members registered in the receiver list (included in the member list) and registered. I have.

In the first embodiment, the receiver uses the subscription request receiving unit 1d of the member list management unit 1 so that the receiver can be automatically subscribed to any user who can perform monthly charging. I do. A plurality of submasters are set in the team master list included in the member list set by the team master. The submaster is also an employee of the securities company, and is responsible for managing the recipient list. The submaster is a subscription request receiving unit 1 implemented as a WWW page.
Download the subscription request item setting function of d using SSL communication. At this time, the WWW server sees the certificate of the submaster that can be obtained by SSL communication, and identifies and authenticates the submaster. Subscription request items are set by filling each item of the form in the WWW page. In the present embodiment, a service contract agreement, a billing item, an e-mail address and a certificate including an e-mail address are designated to be presented, and a submaster for encrypting the enrollment request of the enrollment requester is designated. Transfer by specifying the public key.

The subscriber of the above-mentioned securities news distribution service uses the subscription request item presenting function of the subscription request receiving unit 1e implemented as a JAVA applet embedded in the WWW page, and firstly writes his / her own contract agreement. Digital signature using the secret key of the user, and input a billing item and an e-mail address. When this is transferred, these confidential information (particularly, information relating to charging: credit card N
o. And the account number of the bank) must not be visible to the administrator of the WWW server or mailing list server.
Transfer to W server. Further, since the above communication is performed by SSL, a certificate can be confirmed when performing authentication.

A subscription request from a large number of subscribers is sent to the WW
It is stored as encrypted subscription request information in the W server. In the first implementation example, the program that has implemented the subscription permission determination function of the subscription request receiving unit 1e accesses the WWW server, acquires the encrypted subscription request information, and satisfies each item so that the service subscription can be permitted. Judge whether it is. For example, a key validity verification function is used to verify whether the public key and the secret key are still valid. As a result of the determination, a notification mail indicating that the subscription is permitted or rejected is transferred to the subscription requester. This program can further automatically operate the member list management device.

In response to the subscription request for which permission has been given, the member list stored in the WWW server is stored in the member list acquisition / storage unit 1 using the member list management device 1.
c, the registration requester is registered in the recipient list of the member list. An electronic signature is attached to this member list using the secret key of the submaster registered as a submaster, and the member list is transferred to the WWW server again as a new member list. The WWW server uses the above-described function for verifying the validity of the member list to confirm the validity of the member list, and uses the function for verifying the validity of the public key and the private key used for the electronic signature. Verify that all public keys in the member list are valid. If these verification results are positive, the distribution destination list management unit 4a
Use to update the distribution list. For members included in the reporter list, the latest member list is sent to the list transmitting unit 1d (in the embodiment, SMTP
(Implemented using the protocol).

The terminal at which the reporter creates the securities news is a general-purpose computer (in the first embodiment, a notebook personal computer or the like) in which electronic mail software is incorporated. Attempts to transfer an article created using this email software by specifying the address of a mailing list. At this time, the cryptographic information creation device 2 implemented as plug-in software linked with the e-mail software attempts to transfer the mailing list address to the information relay device 4 having the member list by using the destination checking unit 2c. Make sure that

In this case, the plug-in software
First, using the list acquisition and storage unit 2a, it is verified whether the version of the member list existing in the personal computer of the terminal is the latest version. This means that X.X. 5
The latest version is inquired for the resource database constructed based on the 00 standard using LDAP. If it is not the latest version, the latest member list is obtained from the location of the latest version registered in the resource database (in the example,
It is obtained from the WWW server using SSL communication).

The encryption information creating device 2 checks the validity of the member list by using the function of verifying the validity of the member list, and then encrypts the public key of the member of the receiver list included in the member list. The encryption unit performs encryption. At this time, the electronic signature adding function obtains the reporter's private key from the IC card that records the private key held by the reporter, and attaches a digital signature to the created article. With this signature, the recipient can confirm which reporter wrote the article, and can confirm the reliability of the article. Also,
The reporter who delivered the article cannot deny that he created the article.

The mailing list transmitted to the mailing list address is first sent to the broadcast security verifying section 4f.
It is confirmed that the signature attached person (reporter in the first embodiment) of the information transmitted by using is surely included in the reporter list of the member list. Also, the function for verifying the identity of the member list is used to verify whether the versions of the member list are different. If the version of the member list is different as a result of the verification, information indicating the fact and broadcast information are returned to the reporter. As a result of the above verification, if everything is normal, the encryption information is copied using the information copying unit 4b, and the transmitting unit 4c implemented by the SMTP protocol is transmitted to the members included in the recipient list of the member list. Use and send.

The encryption information decryption apparatus of the present invention, which is implemented as plug-in software incorporated in the electronic mail software of the receiver, uses the function of verifying the electronic signature of the decryption unit 3b to determine whether there is tampering. Check with the information creator to make sure the sender is a securities company reporter. After confirmation, the article can be decrypted and read. When the article is successfully decrypted, the reception notification transmitting unit 3
Using c, a reception notification is transmitted to the information relay apparatus 4.

To check whether the JAVA applet in this embodiment is really malicious, use
The operation of each device in the first embodiment has been described so far as verification can be performed by checking the electronic signature attached to the AVA applet.

Next, as a second embodiment of the broadcast communication system of the present invention, confidential information such as estimates and negotiations is broadcast between members (a group is referred to as a team 001) spanning a plurality of companies. An example used in the case of performing the operation will be described. In the second embodiment shown in FIG. 12, a mailing list server is used as an information relay device.

The team master of the team 001 uses the member list management device 1 implemented as an executable file on the OS of a general-purpose desktop computer,
It manages a member list that broadcasts confidential information. The member list is acquired using the list acquisition and storage unit 1c, and a list creation / change GUI screen is opened. This GUI screen displays a list of members of the team 001 and a list of public keys stored in the terminal by accessing the public key database in the terminal using the public key management unit 1b.

The team master of team 001 selects the public key of the member joining the team from the public key list, and adds it to the member list of team 001. Also, using the network access function provided by the public key management unit 1b, a directory service provided by a certificate authority on the network is accessed, and the public key of a member who wishes to newly add to the team 001 with a public key not in the terminal. And add this public key to the member list.

An OK button is displayed on the GUI screen. When the members of the team 001 have been changed, the OK button is pressed. At this point, the function of verifying the validity of the public key and the private key used for the digital signature uses the LDAP protocol in the directory service of the certificate authority that issued the certificate including each public key included in the member list. Access it and verify that this public key is valid. As a result of the verification, if there is an invalid public key, a message to that effect is displayed in a dialog and the result is notified to the team master. If all are valid, a member list including a time stamp, a mailing list address, a team ID, and a team master identification name is created, and the entire data of the member list is MD5 of a hash function.
To generate compressed data.

Next, the secret key of the team master is accessed, and the password decryption using the password input by the team master from the dialog box (in the embodiment,
(Using the password decryption implemented using the common key cryptosystem RC2). By using the secret key of the team master obtained as a result, the compressed data is encrypted by the public key cryptosystem RSA to create an electronic signature. The member list and the electronic signature are transferred to the information relay device 4.
Is transferred as mail using the SMTP protocol.

The information relay apparatus 4 utilizes the member list acquisition function of the distribution destination list management section 4a to receive the received multipart (MIME (Multipurpose Internet Mail E-mail).
xtensions)), the contents of the SMTP mail are analyzed, and the member list part determined from the Content-Type is extracted and input to the list validity confirmation unit 4d. The list validity confirming unit 4d confirms that the electronic signature of the team master of the team 001 is definitely attached as the signer of the member list, and receives the distribution destination list by using the distribution destination list management unit 4a. Change the person. Thereafter, the member list and the electronic signature are copied in MIME format for the recipient of the distribution destination list that has just been changed, and transferred to each recipient of the distribution destination list.

When receiving the mail including the member list, the encryption information creating device 2 operating as a mailer installed on the general-purpose desktop computer broadcasts the mail from the MIME Content-Type. Identify the member list in the communication. At that time, the mailer extracts the member list and the electronic signature, uses the function for verifying the validity of the list, confirms the validity of the member list, and saves it using the list acquisition and storage unit 2a. Keep it.

The members included in the team 001 use the broadcast information creation function of the encryption information creation device 2 implemented as a general execution program that runs on a general-purpose desktop computer, and make a contract with a quote. When a send button is pressed after creating an e-mail including two attached files of a document, the destination checking unit 2c checks the destination address, and the destination address is selected from the destination list in the multiple member list stored in the terminal. Check if there is a private member list for the address.

When there is a member list, the attached file and the mail are encrypted using the public key of the member list. At this time, the encryption unit 2b separately encrypts each attached file and the mail text, and individually attaches the electronic signature. Among the information composed of the plurality of parts, the attached file is transferred to the information storage device (information storage server) 5 without being attached. Based on the address of the information relay device 4, the multiple parts transmission unit 2d queries the database on the network for the information storage device 5 corresponding to the mailing list address, and the address of the information storage device 4 to which two attached files are to be transmitted. , A transmission method (for example, a protocol) is specified.

When the information storage device 5 finds out that the mechanism permits file transfer using the HTTP protocol, the information storage device 5 transmits the file using the HTTP protocol. At this time, since the information storage device 5 can perform user authentication using SSL communication, the information storage device 5 checks whether the user is included in the member list using the broadcast service provided by the mailing list server. be able to. In addition to the transmission of the two attached files, the mail body attaches the address of the information storage server and transfers the address.

The mailing list transmitted to the mailing list address is first sent to the broadcast security verifying section 4f.
Make sure that the signer of the information sent using is definitely included in the reporter list of the member list. Also, the function for verifying the identity of the member list is used to verify whether the versions of the member list are different. If the version of the member list is different as a result of the verification, information indicating the fact and broadcast information are returned to the reporter. Further, the broadcast content verification function of the broadcast security verification unit 4f is used to verify whether the communication content does not include a malicious program or a virus utilizing a bug in the device or software. . Further, using the information storage device reference function of the broadcast security verification unit 4f, it is verified whether two encrypted attached files are transferred and stored in the information storage device 4 without fail.

As a result of the above verification, if everything is normal,
The contents of the broadcast communication are stored in a database connected to the mailing list server by using the broadcast contents storage unit 4g. At this time, a time stamp and a digital signature using the private key of the mailing list server are attached and stored. Also, the encryption information includes the time related to confirming that the attached file is stored in the information storage device 4,
The encryption information is attached to the mailing list server, and information is stored in the mailing list server, and the encryption information and the attached information are copied using the information copying unit 4b. , Using the transmission unit 4c implemented by the SMTP protocol.

[0124] A user who intends to obtain mail using a WWW browser on a business trip downloads the encrypted information decrypting device 3 implemented as a JAVA applet and receives the encrypted information on the browser. In this JAVA applet, the latest version of the member list is obtained from the network using the list obtaining and storing unit 3f, and the function of verifying the validity of the list is used. Check if it is. When this cryptographic information is obtained, first,
The falsification / information creator is confirmed using the function of verifying the electronic signature of the decryption unit 3b, and further included in the member list using the sender reliability confirmation function of the broadcast security verification unit 3e. Confirm that you are a business partner. afterwards,
When the information is decrypted using the decryption unit 3b and the encrypted information is viewed, it is found that the attached file has been transmitted to the information storage device 5. The multi-part receiving unit 3d downloads the attached file using the HTTP protocol,
Each file can be decrypted again to get the original information. The operation of each device in the second embodiment has been described above.

The present invention is not limited to the Internet,
A network using an AN or dial-up may be used. Also, a program for realizing the member list management device of the present invention is recorded on a computer-readable recording medium, and the program recorded on this recording medium is read into a computer system and executed to execute member list management. May go. That is, this member list management program performs broadcast communication 1
The functions of creating a member list including the public keys of the above members and the function of acquiring and storing the public key are realized by a computer.

Further, a program for realizing the encryption information creating apparatus of the present invention is recorded on a computer-readable recording medium, and the program recorded on this recording medium is read by a computer system and executed to execute the encryption. Information may be created. That is, the encryption information creation program has a function of acquiring and storing a member list via a network, acquiring a broadcast message, and encrypting the broadcast message using a public key included in the member list. And the function of converting the information into encrypted information.

A program for realizing the encrypted information decrypting apparatus of the present invention is recorded on a computer-readable recording medium, and the program recorded on the recording medium is read by a computer system and executed. The encryption information may be decrypted. That is, the encryption information decryption program causes a computer to realize a function of acquiring the encryption information transferred from the information relay device and a function of decrypting the encryption information included in the encryption information.

Further, a program for realizing the information relay device of the present invention is recorded on a computer-readable recording medium, and the program recorded on this recording medium is read by a computer system and executed to execute the information relaying. Processing may be performed. That is, the information relay processing program causes the computer to realize a function of managing a distribution destination list, a function of copying transferred encryption information, and a function of delivering the copied encryption information to each member to be delivered. .

Further, in order to realize the broadcast even in the mobile network environment, it is necessary to use a terminal which does not have the member list management device, the encryption information creation device and the encryption information decryption device of the present invention necessary for the broadcast communication. Even if it is necessary to do so, the software that realizes the functions of each device is downloaded from the software storage device that is placed on the network on this terminal and stores the software that realizes the functions of each device, and is installed in the terminal. Read and executed by the computer system
Broadcast communication may be performed.

[0130] The "computer system" here includes an OS and hardware such as peripheral devices. The “computer-readable recording medium” is a floppy disk, a magneto-optical disk, an RO
M means a storage medium such as a general medium such as a CD-ROM or a hard disk built in a computer system. Further, the “computer-readable recording medium” refers to a communication line for transmitting a program via a network such as the Internet or a communication line such as a telephone line, and dynamically holds the program for a short time. thing,
In this case, a program that holds a program for a certain period of time, such as a volatile memory in a computer system serving as a server or a client, is also included. Further, the above-mentioned program may be for realizing a part of the above-mentioned functions, or may be for realizing the above-mentioned functions in combination with a program already recorded in a computer system.

Although the embodiments of the present invention have been described in detail with reference to the drawings, the specific configuration is not limited to the embodiments, and includes a design and the like within a range not departing from the gist of the present invention. It is.

[0132]

As described above in detail, according to the present invention, since the information relay device does not decrypt the encrypted information, the communication content of the broadcast communication by the administrator of the information relay device is provided. Can prevent unauthorized access such as leaks or tampering, and can share broadcast contents only to members who really need to share information. Further, according to the present invention, a subscription request receiving unit is provided in the member list management unit, and a broadcast automatic opening unit is provided in the information relay device, so that a receiver performing broadcast communication withdraws or joins. It is possible to respond promptly, and even if there is a dynamic change of a broadcast member, it is possible to prevent information from being erroneously transferred to a member who should not be broadcast. Further, according to the present invention, since the management is performed based on the member list, the administrator of the information relay device does not manage the members to be distributed in the broadcast, but the members to be distributed among the members performing the broadcast. The management can be performed, and the management burden concentrated on the member manager can be reduced. Also, according to the present invention, the information relay device is provided with a broadcast security verification unit and a broadcast content storage unit, and the encrypted information decryption device is provided with a reception notification transmission unit and a broadcast security verification unit. Therefore, each of a large number of distributed members can reliably receive information.

[Brief description of the drawings]

FIG. 1 is a diagram showing the structure of a broadcast communication system according to the present invention.

FIG. 2 is an example of a general member list.

FIG. 3 is an example of a member list composed of a plurality of lists.

FIG. 4 is a diagram showing an embodiment of a member list management device of the present invention.

FIG. 5 is an operation flowchart of a list creation unit.

FIG. 6 is a diagram showing an embodiment of a cryptographic information creation device of the present invention.

FIG. 7 is a diagram showing an encryption / decryption process in the broadcast communication system of the present invention.

FIG. 8 is a diagram illustrating a mechanism of transmitting and receiving a plurality of parts in the broadcast communication system of the present invention.

FIG. 9 is a diagram showing an embodiment of an encryption information decryption device of the present invention.

FIG. 10 is a diagram showing an embodiment of an information relay device of the present invention.

FIG. 11 is an embodiment in which the broadcast communication system of the present invention is applied as a securities news distribution system.

FIG. 12 is an embodiment of a broadcast communication system of the present invention using a mailing list server.

FIG. 13 is a diagram illustrating the structure of a conventional broadcast communication system.

FIG. 14 is a diagram illustrating the structure of a broadcast communication system disclosed in Japanese Patent Application Laid-Open No. 7-245605.

[Explanation of symbols]

DESCRIPTION OF SYMBOLS 1 ... Member list management device 1a ... List creation part 1b ... Public key management part 1c ... List acquisition and storage part 1d ... List transmission part 1e ... Subscription request reception part 2 ... Encryption information creation device 2a ... List acquisition and storage part 2b ... Encryption Unit 2c: Destination inspection unit 2d: Multiple parts transmission unit 3: Encryption information decryption device 3a: Encryption information acquisition unit 3b: Decryption unit 3c: Reception notification transmission unit 3d: Multiple parts reception unit 3e: Broadcast communication security verification Unit 3f: List acquisition and storage unit 4: Information relay device 4a: Distribution destination list management unit 4b: Information duplication unit 4c: Transmission unit 4d: List validity confirmation unit 4e: Additional information attachment unit 4f: Broadcast communication security verification unit 4g: Broadcast communication content storage unit 4h: Broadcast communication automatic opening unit 5: Information storage device (information storage server)

 ──────────────────────────────────────────────────続 き Continuing on the front page (72) Inventor Naoto Oki 1-297 Kitabukurocho, Omiya City, Saitama Prefecture Inside the Mitsubishi Materials Research Institute (72) Inventor Tohru Sabun 1-297 Kitabukurocho Omiya City, Saitama Mitsubishi Materials F-term in the Research Institute, Inc. (reference) 5J104 AA01 AA07 AA09 AA16 BA02 BA03 EA02 EA04 EA19 JA03 JA21 KA01 KA05 LA06 MA01 NA02 NA12 NA37 PA07 PA08 PA09

Claims (27)

[Claims] 1. An encryption information creation apparatus for creating encryption information including encrypted information obtained by encrypting information to be transmitted, and a member list management apparatus for managing a member list including a public key of a member to be broadcasted. And an encryption information decryption device for decrypting the encryption information, receiving the encryption information transmitted from the encryption information creation device, and decrypting the encryption information into one or more of the encryption information based on the member list. A member list management device in a broadcast communication system, comprising: an information relay device that distributes information to a communication device; a list creation unit that creates a member list including a public key of one or more members that perform the broadcast communication; A member list management device, comprising: a public key management unit that acquires and stores a public key. 2. The member list management device further comprises a list acquisition storage unit that acquires and saves the member list from a terminal via a network or from a storage medium connected to the device. The member list management device according to claim 1, wherein 3. The device according to claim 1, wherein the member list management device transmits the member list via a network to a database connected to the network, the information relay device, or the cryptographic information creation device or a member used in the member included in the member list. 3. The member list management device according to claim 1, further comprising a list transmission unit that transmits the list to the encryption information decryption device. 4. The member list management device includes: a subscription request item setting unit configured to set a subscription request item to a member list of a broadcast; 4. A subscription request determination unit comprising: a subscription permission determining unit configured to determine whether to permit the member to be joined to the member list. Member list management device. 5. An encryption information creation apparatus for creating encryption information including encrypted information obtained by encrypting information to be transmitted, and a member list management apparatus for managing a member list including a public key of a member to be broadcasted. And an encryption information decryption device for decrypting the encryption information, receiving the encryption information transmitted from the encryption information creation device, and decrypting the encryption information into one or more of the encryption information based on the member list. And an information relay device for distributing the member list to a decryption device, wherein the cryptographic information creation device in the broadcast communication system comprises: acquiring and storing the member list from a terminal via a network or from a storage medium connected to the device. A list acquisition / storage unit for acquiring a broadcast message, encrypting the broadcast message using a public key included in the member list, and encrypting the broadcast message as encryption information. Encryption information generating apparatus characterized by comprising and. 6. The encryption unit creates an encrypted text obtained by encrypting the broadcast message using a common key encryption method, and includes a common key used in the common key encryption method in the member list. A key for selecting one or more encrypted common keys corresponding to the member to be distributed among the encrypted common keys by creating one or more encrypted common keys encrypted by the public key cryptosystem using the above public keys. Creating selection information, as the encryption information, the ciphertext, the encryption common key,
6. The apparatus according to claim 5, wherein the apparatus outputs the key selection information. 7. When the broadcast message is composed of a plurality of components, the encrypting unit encrypts each of the components constituting the broadcast message and encrypts the encrypted message. The encryption information creation apparatus according to claim 5, wherein information is created. 8. The cipher information creating device checks a destination of the broadcast message, and if the destination is the information relay device and the member list can be obtained from the list obtaining and storing unit, the broadcast The apparatus according to any one of claims 5 to 7, further comprising a destination checking unit that sends a communication message to the encrypting unit. 9. The cryptographic information creating device, when the broadcast message includes a main component and one or more subcomponents, encrypts the cryptographic information corresponding to the component according to the cryptographic information corresponding to the main component. 6. The apparatus according to claim 5, further comprising a plurality of parts transmitting unit that transmits reference information including reference information that can be referred to, to the information relay device, and transmits encryption information corresponding to a slave component to an information storage device on a network. An encryption information creation device according to claim 8. 10. An encryption information creation device for creating encryption information including encrypted information obtained by encrypting information to be transmitted, and a member list management device for managing a member list including a public key of a member to be distributed in broadcast communication. And an encryption information decryption device for decrypting the encryption information, receiving the encryption information transmitted from the encryption information creation device, and decrypting the encryption information into one or more of the encryption information based on the member list. An information relay device for distributing the information to a decryption device, a cryptographic information decryption device in a broadcast communication system, comprising: an encryption information acquisition unit configured to acquire the encryption information transferred from the information relay device; A decryption unit for decrypting encrypted information to be decrypted. 11. A decryption unit comprising: a key selection unit that refers to key selection information included in the encryption information and selects an encryption common key to be used for decryption; An encrypted common key decryption unit that decrypts the encrypted common key with the recipient's secret key and obtains a common key, and a cipher included in the cipher information using the common key using a common key cryptosystem. The cipher information decoding apparatus according to claim 10, further comprising a cipher text decoding unit that decodes the encrypted information and obtains a plaintext broadcast message. 12. The reception device according to claim 10, wherein the encryption information decryption device further includes a reception notification transmitting unit that transmits a reception notification notifying that the distribution target member has received the information to the information relay device. An encryption information decryption device according to claim 11. 13. The cipher information decryption device includes, when a broadcast message is composed of a main component and one or more sub-components, reference information that makes it possible to refer to the cryptographic information corresponding to the sub-component. 13. The multi-part receiving unit according to claim 10, further comprising a multi-part receiving unit that receives encryption information corresponding to a main component and receives encryption information corresponding to a sub-component based on the reference information. An encryption information decryption device according to any one of the above. 14. The cryptographic information decryption apparatus verifies the identity of a member list used for generating the cryptographic information in the cryptographic information generating apparatus and a member list used to generate the distribution destination list. Verifies whether the sender of the information is a member of the member list, verifies the integrity of the cryptographic information on the communication path for falsification, and verifies the malicious information in the transmitted information Verification of whether or not a data string is included, and referring to the transmitted cryptographic information, part of the cryptographic information composed of multiple parts created by the cryptographic information creation device is transferred to another information storage device 11. A broadcast security verifying unit for performing the verification by any one or a combination of the following: Item 14. The encrypted information decryption device according to any one of Items 13. 15. The encryption information decryption apparatus further comprises a list acquisition and storage unit that acquires and stores the member list from a device that has already stored the member list via a network. Item 1
The encryption information decrypting device according to any one of claims 0 to 14. 16. An encryption information creation device that creates encryption information including encrypted information obtained by encrypting information to be transmitted, and a member list management device that manages a member list including a public key of a member to be broadcasted. And an encryption information decryption device for decrypting the encryption information, receiving the encryption information transmitted from the encryption information creation device, and decrypting the encryption information into one or more of the encryption information based on the member list. An information relay device in a broadcast communication system, comprising: an information relay device that distributes information to a decryption device; a distribution destination list management unit that manages a distribution destination list; and an information duplication unit that duplicates transferred encrypted information. An information relay device comprising: a transmission unit that distributes the copied encrypted information to each of the distributed members. 17. The distribution destination list management unit can obtain a member list from a storage destination when necessary, a list acquisition storage unit that stores the transferred member list, and a member transferred from the team master. 17. The distribution destination list is changed so that information is distributed to the same members as the members included in the list.
An information relay device according to item 1. 18. The information relay device, when confirming the validity of an electronic signature attached to a member list, refers to the correspondence table and automatically determines whether or not the signature is that of a valid team master. 17. The apparatus according to claim 16, further comprising a list validity checking unit for causing the list to be valid.
Alternatively, the information relay device according to claim 17. 19. The information relay apparatus according to claim 16, further comprising an additional information attaching unit for attaching the attached information to all or a part of the transferred information. Information relay device as described. 20. The information relay device, according to claim 1, further comprising: verifying the identity of a member list used for creating the encryption information in the encryption information creating device and a member list used for creating the distribution destination list; Acquires reception refusal information including the identification information of the receiving terminal or user to be rejected, and determines whether the sender or the transmission terminal of the information transferred to the information relay device is included in the reception rejection information Verification, whether the sender of the cryptographic information is a person included in the member list, verification of the integrity of the cryptographic information on the communication path to see if it has been tampered with, in the transmitted information Verifies whether a malicious program or data string is included in the encrypted information, and refers to the transmitted encrypted information, and the encrypted information consisting of multiple parts created by the encrypted information creation device Verifying whether or not a part of the information has been transferred to another information storage device; and a broadcast security verifying unit for performing the verification by any one or a combination thereof. The information relay device according to claim 19. 21. The information relay apparatus according to claim 16, wherein the information relay device further comprises a broadcast content storage unit for storing the transferred information or a part of the information. The information relay device according to any one of the above. 22. An opening request item presenting means for presenting an opening requester's terminal with an opening request item to be satisfied by an opening requester at the time of receiving an opening of a broadcast service, The opening acceptance request transferred by the server satisfies the opening request item and determines whether or not to permit the establishment of the broadcast service. Once determined, the requester will be the team master,
22. A broadcast automatic opening unit comprising: a broadcast opening means for opening a broadcast service for distributing information to members designated by the team master; The information relay device according to any one of the above. 23. A member list management device according to any one of claims 1 to 4, a cryptographic information creation device according to any one of claims 5 to 9, and
A broadcast communication system comprising: the encrypted information decryption device according to any one of claims 0 to 15; and the information relay device according to any one of claims 16 to 22. 24. A recording medium in which a member list management program is recorded in the member list management device, the method comprising: creating a member list including public keys of one or more members performing broadcast communication; and obtaining the public key. And a computer-readable recording medium that records a member list management program for causing a computer to execute the steps of storing and storing the member list management program. 25. A recording medium on which an encryption information creation program is recorded in the encryption information creation apparatus, comprising: a step of obtaining and saving a member list via a network; A computer-readable recording medium that records an encryption information creation program that causes a computer to execute a procedure of encrypting a sentence using a public key included in the member list to generate encrypted information. 26. A recording medium on which an encryption information decryption program is recorded in the encryption information decryption device, wherein: a step of acquiring the encryption information transferred from the information relay device; and an encryption information included in the encryption information. And a computer-readable recording medium storing an encryption information decryption program for causing a computer to execute the procedure for decrypting the information. 27. A recording medium on which an information relay program is recorded in the information relay device, wherein: a procedure for managing a distribution destination list; a procedure for copying transferred encryption information; A computer-readable recording medium recording an information relay program for causing a computer to execute a procedure for distributing to a distribution member.