JP2001156766A - Encryption communication method and encryption communication system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an encryption communication method and an encryption communication system that can conduct encryption communication between entities with high security. SOLUTION: An entity (a) encrypts a session key to convert a plain text into an encrypted text with a common key Kab and transmits its encrypted information to an entity (b) together with the encrypted text C. The entity (b) decodes the session key from the encrypted information with a common key Kba and uses the session key to decode the encrypted text C into the original plain text M. Or the entity (a) uses the common key Kab and common information shared in common with the entity (b) at encryption communication to obtain the session key, encrypts the plain text M into the encrypted text C by using the obtained session key and transmits the encrypted text C to the entity (b). The entity (b) utilizes the common key Kba and its common share information to obtain the session key and uses the obtained session key to decode the encrypted text C into the original plain text M.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

The present invention relates to a cryptographic communication method and a cryptographic communication system for performing cryptographic communication between entities.

[0002]

2. Description of the Related Art In a modern society called an advanced information society, important documents and image information in business are transmitted, communicated, and processed in the form of electronic information based on a computer network. Such electronic information has a property that it can be easily copied and it is difficult to distinguish a copy from an original, and thus the importance of information security is emphasized. In particular, "sharing of computer resources",
The realization of a computer network that satisfies the elements of “multi-access” and “wide area” is indispensable for the establishment of an advanced information society, but this includes elements inconsistent with the problem of information security between the parties. As an effective method for resolving such inconsistency, cryptographic technology that has been used mainly in military and diplomatic aspects in the past history of humankind has attracted attention.

[0003] Encryption means exchanging information so that the meaning of the information cannot be understood by anyone other than the parties. In encryption, it is encryption to convert an original sentence (plaintext) that anyone can understand into a sentence (ciphertext) whose meaning is unknown to a third party, and decryption is to return the ciphertext to plaintext. The entire process of encryption and decryption is collectively called an encryption system. In the encryption process and the decryption process, secret information called an encryption key and a decryption key are used, respectively. Since a secret decryption key is required at the time of decryption, only a person who knows the decryption key can decrypt the ciphertext, and the encryption can maintain the confidentiality of the information.

[0004] The encryption key and the decryption key may be the same or different. An encryption method in which both keys are equal is called a common key encryption method, and DES (Data Encryption Standards) adopted by the United States Department of Commerce Standard Bureau is a typical example. Conventional examples of such a common key cryptosystem can be classified into the following three methods.

[0005] A first method is to secretly store all common keys with a partner who may perform encrypted communication. Second method A method in which keys are shared by preliminary communication each time cryptographic communication is performed (a key sharing method using Diffie-Hellman, a key distribution method using a public key method, etc.). Third method Using public specific information (ID (Identity) information) for specifying an individual, such as the name and address of each user (entity), the entity on the transmitting side and the receiving side without performing preliminary communication. In which the same entity independently generates the same common key (KPS (Key Predistribution System), I
D-NIKS (ID-based Non-Interactive Key Sharing
Schemes) etc.).

[0006]

The above three conventional methods have the following problems. In the first method, since all common keys are stored, the method is not suitable for a network society in which an unspecified number of users act as entities and perform cryptographic communication. Also, the second method has a problem in that preliminary communication for key sharing is required.

[0007] The third method does not require preliminary communication, and can generate a common key with an arbitrary partner by using the ID information of the disclosed partner and a unique secret parameter distributed in advance from the center. So it is a convenient way. FIG. 6 is a diagram showing the principle of the ID-NIKS system. Assuming the existence of a reliable center, the common key generation system is configured around this center. In FIG.
ID information such as the name, address, and telephone number of the entity X, which is the specific information of the entity X, is stored in a hash function h
It is represented by h (ID _X ) using (·). The center calculates a secret key S _Xi for an arbitrary entity X based on center public information {PC _i }, center secret information {SC _i }, and ID information h (ID _X ) of entity X as follows. And secretly distributes it to entity X. S _Xi = F _i ({SC _i }, {PC _i }, h (ID _X ))

The entity X exchanges a common key K _XY for encryption and decryption with another arbitrary entity Y by using its own secret key {S _Xi } and the center public information {P
C _i ＩＤ and the ID information h (ID
_Y ) is generated as follows. K _XY = f ({S _Xi }, {PC _i }, h (ID _Y )) Similarly, the entity Y also generates a common key K _YX as a key to the entity X. If the relationship of K _XY = K _YX always holds, the keys K _XY and K _YX can be used as the encryption key and the decryption key between the entities X and Y.

The present inventors have proposed such an ID-NIKS.
Has proposed various encryption methods and encryption communication methods, and has a configuration in which ID information of each entity is divided into a plurality of parts and a secret key based on the divided ID information is distributed to the entities from a plurality of centers. Also, an encryption method and an encryption communication method using ID-NIKS for improving security have been proposed. If encryption conversion is performed with the same key at every cryptographic communication, the same plaintext becomes the same ciphertext, so if the conversion key is leaked, the cryptographic communication system itself may be completely broken. .

[0010] The present invention has been made in view of such circumstances, and an encryption communication method capable of performing encrypted communication between entities with high security using various encryption methods such as ID-NIKS. An object is to provide a cryptographic communication system.

[0011]

According to a first aspect of the present invention, there is provided a cryptographic communication method for performing cryptographic communication between entities, wherein one of the entities uses a common key generated using a private key unique to itself. Encrypt a conversion key for converting plaintext to ciphertext, transmit the encrypted information together with the ciphertext encrypted with the conversion key to the other entity, and on the other entity side, create a private key unique to itself. By using the same common key as the generated common key, the transmitted encryption information is decrypted to obtain the conversion key, and the transmitted ciphertext is decrypted to the plaintext with the obtained conversion key, It is characterized by performing cryptographic communication between entities.

According to a second aspect of the present invention, there is provided an encrypted communication method.
Wherein the cipher communication is performed by e-mail, and the cipher information is arranged and transmitted before the cipher text to be communicated.

According to a third aspect of the present invention, there is provided a cryptographic communication method for performing a cryptographic communication between entities, wherein one of the entities communicates with a common key generated using a private key unique to itself and the other entity during the cryptographic communication. The conversion key is obtained by using the shared information that can be shared, the plaintext is encrypted with the obtained conversion key and transmitted to the other entity, and the other entity side generates the encryption key using its own private key. The cipher communication is performed between the entities by decrypting the transmitted cipher text into plain text using the same common key as the common key and the conversion key obtained by using the shared information.

[0014] According to a fourth aspect of the present invention, there is provided an encrypted communication method.
Wherein the encrypted communication is performed by e-mail, and information in a header portion is used as the shared information.

According to a fifth aspect of the present invention, there is provided an encrypted communication method according to the first aspect.
In any one of the first to fourth aspects, a secret key unique to each entity is created using specific information of each entity.

According to a sixth aspect of the present invention, there is provided an encrypted communication method according to the fifth aspect.
, A secret key unique to each entity is created by using divided specific information obtained by dividing specific information of each entity.

According to a seventh aspect of the present invention, there is provided a cryptographic communication system, comprising: a plurality of entities for performing an encryption process of encrypting a plaintext, which is information to be transmitted, into a ciphertext; In a cryptographic communication system that performs mutual communication between the entities, means for generating, on each entity side, a common key common among the entities to be communicated using a secret key unique to itself, and a conversion key used for the encryption and decryption processes And means for encrypting and / or decrypting with the common key.

[0018] The cryptographic communication system according to claim 8, wherein the encrypting process for encrypting the plaintext, which is the information to be transmitted, into ciphertext and the decrypting process for decrypting the transmitted ciphertext into plaintext are performed by a plurality of entities. In a cryptographic communication system in which mutual communication is performed between each entity, means for generating a common key common to the communication target entities using a secret key unique to itself, and the generated common key and the other entity during cryptographic communication Means for obtaining a conversion key to be used for the encryption processing and the decryption processing using shared information that can be shared between the encryption processing and the decryption processing.

A cryptographic communication system according to a ninth aspect is characterized in that, in the seventh or eighth aspect, a secret key unique to each entity is created using specific information of each entity.

A cryptographic communication system according to a tenth aspect is characterized in that, in the ninth aspect, a secret key unique to each entity is created by using division specific information obtained by dividing specific information of each entity.

In the cryptographic communication of the present invention, a conversion key (session key) for converting a plaintext into a ciphertext is encrypted by one entity using a common key with the other entity, and the cryptographic information is encrypted. With the other entity, and the other entity decrypts the conversion key (session key) from the encryption information, and decrypts the ciphertext into plaintext using the conversion key (session key). At this time, when the encrypted communication is performed by e-mail, the encrypted information is transmitted before the cipher text to be transmitted. Therefore, by introducing such a session key, security of ciphertext decryption can be improved.

In another cryptographic communication of the present invention, one entity obtains a conversion key (session key) using a common key with the other entity and shared information that can be shared with the other entity during cryptographic communication. Then, the plaintext is encrypted into a ciphertext with the obtained conversion key (session key) and transmitted to the other entity, and the other entity uses the common key and its shared information to convert the plaintext into a ciphertext (session key).
And the transmitted ciphertext is decrypted into plaintext using the obtained conversion key (session key). At this time, when the encrypted communication is performed by e-mail, the header information is used as shared information. Therefore, by introducing such a session key, the security of ciphertext decryption can be relatively easily increased.

Specific information (ID information) of each entity,
Alternatively, by creating a secret key unique to each entity using the division information of the specific information, it is possible to construct a cryptographic communication system capable of performing highly secure cryptographic communication between entities by ID-NIKS.

[0024]

DESCRIPTION OF THE PREFERRED EMBODIMENTS Embodiments of the present invention will be specifically described below. FIG. 1 is a schematic diagram showing the configuration of the cryptographic communication system of the present invention. A plurality (K) of centers 1 that can reliably conceal information are set as servers for creating secret keys. The centers 1 may be, for example, public institutions of society.

[0025] with each of these center 1, a plurality of each entity a in a user utilizing the encryption communication system, b, ..., A z, channel _{2 a1, ..., 2 aK,} 2 b1,
, 2 _bK ,..., 2 _z1 ,..., 2 _zK , and each entity a, b,
, Z are requested to each center 1 to create a secret key, and each center 1 creates a secret key unique to each entity for each entity a, b,. Also, communication paths 3ab, 3az, 3bz,... By e-mail are provided between the two entities, so that cipher text obtained by encrypting communication information is transmitted and received between the two entities by e-mail. Has become.

FIG. 2 is a schematic diagram showing a communication state of information between two entities a and b. The example in FIG.
The figure shows a case where an entity a encrypts a plaintext (message) M into a ciphertext C and transmits it to the entity b, and the entity b decrypts the ciphertext C into the original plaintext (message) M.

Each of the K total centers 1 encrypts, based on the password of each entity, what is selected for each entity a, b from its own secret information (symmetric matrix) and encrypts the information unique to each entity a, b. A secret key generator 2 for generating a secret key is provided. As shown in FIG. 3 showing the internal configuration, the secret key creator 2 stores a secret information storage unit 3 for storing encrypted secret information and an encrypted secret information stored in the secret information storage unit 3. A secret information decryption unit 4 for reading and decrypting, a secret key unique to each of the entities a and b from the secret information of the center 1 itself, specific information (ID information) of each of the entities a and b, and an input password of each of the entities a and b. And a secret information updating unit 6 that encrypts the secret information of the center 1 that is updated at predetermined intervals and writes the encrypted secret information into the secret information storage unit 3.

On the entity a side, each of the K centers 1
A first private key decryption unit 11 for decrypting a private key unique to the entity a itself in a private key scheme sent from the private key system, and a private key encryption unit 1 for encrypting the K decrypted private private keys
2 and a secret key storage unit 13 for storing an encrypted secret key.
A second secret key decryption unit 14 for reading and decrypting an encrypted secret key stored in a secret key storage unit 13; and an entity based on a secret key unique to itself and identification information (ID information) of entity b. A common key generation unit 15 for generating a common key _Kab with the entity b required by a, and a plaintext (message) M is encrypted into a ciphertext C using the common key _Kab and output to the communication path 30 by e-mail. Plaintext encryption unit 16
And a display unit 17 for displaying a common key, plaintext, ciphertext and the like.

On the entity b side, a first secret key decryption unit 21 for decrypting a private key unique to the entity b itself in the secret key system sent from each of the K centers 1, and K decrypted The secret key encrypting unit 22 for encrypting a secret key unique to itself, a secret key storing unit 23 for storing an encrypted secret key, and an encrypted secret key stored in the secret key storing unit 23 are read out. A second secret key decryption unit 24 for decryption, and a common key generation unit 25 for generating a common key K _ba for the entity a determined by the entity b based on the secret key unique to the unit and the identification information (ID information) of the entity a. And a ciphertext decryption unit 26 that decrypts the ciphertext C input from the communication channel 30 into a plaintext (message) M using the common key _Kba and outputs the plaintext (message) M.
And a display unit 27 for displaying a common key, plaintext, ciphertext and the like.

Next, the processing operation of the cryptographic communication in the cryptographic communication system having such a configuration will be described.

(Preliminary processing) Specific information (ID information) for specifying each entity, for example, an ID vector (L-bit binary vector) representing a mail address of the entity
, As shown in FIG.
Divide into blocks. For example, an ID vector (vector _Ia ) indicating the mail address of the entity a is divided as in Expression (1). Each vector I _aj (j = 1, 2,..., K), which is division specifying information, is called an ID division vector. The mail address of the entity is converted into an L-bit ID vector by a hash function.

[0032]

(Equation 1)

(Secret key creation process (entity registration process)) An entity that wants to participate in this cryptographic communication system, that is, an entity that wants to create a secret key unique to itself, accesses the home page and sends it via the server.
A public key method (S
SL, etc.). In the secret key creator 2 of each center 1, the secret information (a symmetric matrix described later) obtained by decrypting the encrypted secret information stored in the secret information storage unit 3 by the secret information decryption unit 4 is transmitted to the secret key generation unit 5. Then, a part corresponding to the entity is selected, and the selected secret key (a secret key vector described later) is encrypted based on the password input on the entity side, that is, the secret obtained by incorporating the password in the selected secret key. In a key scheme, a private key unique to the entity is issued to the entity via email. In this case, the secret key method is DE
S is available. In addition, the mail address of the entity may be encrypted and sent.

Note that, more simply, by e-mail,
It is also possible to perform a secret key creation request process and a secret key issuance process. In this case, an entity desiring to create its own private key sends its password directly to each center 1 by e-mail using the public key method. In each center 1, as in the above case, the secret key unique to the entity is determined by a secret key method (DES or the like) in which a password input on the entity side is incorporated into a secret key selected corresponding to the entity from the secret information. , Publish to that entity via email.

In the above-described example, the secret key is issued by e-mail. However, the secret key unique to the entity is written on a portable recording medium such as an IC card.
It is also possible to send the recording medium to the entity.

Here, the secret information (symmetric matrix) in each center 1 and the specific contents of the secret key (secret key vector) unique to each entity will be described. j (j = 1,
(2,..., K) -th center 1
Symmetric matrix H _j (2 ^M × 2 ^M ) with random numbers as elements
have. Then, for each entity, a row vector corresponding to the split ID vector of the entity of the symmetric matrix _Hj is created as a secret key (secret key vector). That is, H _j [vector I _aj ] is created for entity a. This H _j [vector I _aj ] represents a vector obtained by extracting one row corresponding to the vector I _aj from the symmetric matrix H _j .

Incidentally, the secret information (symmetric matrix H _j ) in each center 1 is periodically updated. That is, the secret information (symmetric matrix H _j ) that is encrypted and stored in the secret information storage unit 3 is updated at predetermined intervals by the processing of the secret information update unit 6.

Here, an example of inputting a password on the entity side will be described. Regarding the password input process, the following two examples are particularly suitable for an entity that is not used to inputting a password.

In one example, each entity inputs a character string, and the input data is encoded as base64 and used as a password. In this case, 6-bit data can be represented by inputting each of the 64 types of characters, so if the password is 64 bits, it is sufficient to input 11 characters.

In the other example, 16 types of characters 0 to 9 and A to F are input in principle.
If a character other than six types is entered, the character is
9. Replace with any of A to F characters.

(Generation Process of Common Key Between Entities) The entity a (entity b) has K centers 1
The first private key decryption unit 11 (21) decrypts a private key (private vector) unique to the entity a (entity b) in the private key scheme sent from the first private key decryption unit 11 (21). The decrypted secret key (secret vector) is once encrypted by the secret key encryption unit 12 (22) and stored in the secret key storage unit 13 (23).
Then, when generating a common key K _ab (K _ba ) with the entity b (entity a) as the communication partner, the encrypted secret key is read from the secret key storage unit 13 (23) and the second secret key is read. The secret key (secret vector) is decrypted again by the key decryption unit 14 (24).

The entity a (entity b) extracts the element corresponding to the entity b (entity a) from the secret vector (secret key) received from each center 1 by the common key generation unit 15 (25). By combining these K elements, entity a (entity b)
Key K for entity b (entity a)
_ab (K _ba ) is generated. Here, the two common keys _Kab and _Kba match based on the symmetric surname of the secret information (matrix) possessed by each of the K centers.

As described above, the secret information (symmetric matrix) in each center 1 is periodically updated in consideration of security. Therefore, the secret key (secret vector) distributed to each entity is also changed periodically. Therefore, in the present invention, the encryption secret keys stored in the secret key storage units 13 and 23 are sequentially updated in synchronization with the update cycle of the secret information (symmetric matrix) in each center 1, or A new encrypted secret key is additionally stored in the secret key storage units 13 and 23.

In the case of the latter additional storage, the receiving entity
Email from entity a in email b
When you receive a sentence, check the sent date of the email
The secret key that matches the transmission date.
23 and selectively decrypted by the second secret key decryption unit 24.
Using the secret key (secret vector)
Common key K at 25_baIs generated, each center 1
If the secret information (symmetric matrix) in is updated
Is the common key K used by the entity a at the time of encryption. _abWhen
Same common key K_baCan always be generated.

(Ciphertext Creation at Entity a, Ciphertext Decryption at Entity b) At the entity a, the plaintext encryption unit 16 uses the common key K _ab generated by the common key generation unit 15. The plaintext (message) M is encrypted into a ciphertext C, and the ciphertext C is transmitted to the communication path 30 by electronic mail. In the entity b, the ciphertext C is decrypted by the ciphertext decryption unit 26 into the original plaintext (message) M using the common key _Kba generated by the common key generation unit 25.

At the time of such encryption / decryption processing,
On the display units 17 and 27, the common key, the plaintext, and the ciphertext are displayed in the respective display areas. However, the ciphertext C to be transmitted is binary data and is invisible to the entities a and b. Therefore, in the present invention, binary data is converted into character data by base64 and then visually displayed.

For example, when the plaintext M is text data, the text data is used as it is in the display units 17 and 2.
7 is displayed in the plain text display area. Since the ciphertext C obtained by encrypting the encrypted data is binary data, base64
Are displayed in the ciphertext display area of the display units 17 and 27. On the other hand, when the plaintext M is binary data, the binary data converted to character data by base64 is displayed in the plaintext display area of the display units 17 and 27. And the ciphertext C which encrypted it
Is binary data, and converted into character data by base64 is plaintext in the ciphertext display areas of the display units 17 and 27.

In the present invention, a mail address that can be recognized by an entity during encrypted communication by e-mail is used as entity specific information (ID information).
When the receiving entity b receives the encrypted mail,
It is possible to generate a common key using the mail address in the from field of the mail as specific information (ID information). In addition to the mail address, other information that can identify the other party at the time of encrypted communication, for example, a source telephone number, a facsimile TSI signal, and the like can be used as the identification information (ID information).

By the way, the longer the length of the secret key (secret vector) created from each center 1 for each entity, the higher the security as a cryptographic communication system. on the other hand,
When the length of the secret key (secret vector) is short, there is an advantage that a simple system can be constructed although the security is low.
Therefore, in the present invention, a plurality of cryptographic communication systems having different secret key (secret vector) lengths are considered.

For example, a system for creating a 64-bit and 128-bit secret key (secret vector) for each entity is constructed. A system for creating a 64-bit secret key (secret vector) is a system for general use that anyone can arbitrarily participate in, and is free of charge for gathering a large number of participants. On the other hand, a system that creates a 128-bit secret key (secret vector) is a system in which only members of a specific company, organization, or organization can participate as an entity, and is charged for reasons of achieving high security. I do. In the latter case, since the entities are limited, they are resistant to collusion attacks by multiple entities.

Next, an example in which a session key is used for encrypting plaintext and decrypting ciphertext will be described. The following two examples will be described as modes using the session key. In any case, the security of the encrypted communication can be improved by introducing the session key.

In the first example, the transmitting entity a
Then, a session key K for converting the plaintext M into the ciphertext C
_S is encrypted by, for example, DES using the common key K _ab generated as described above, and the encrypted information DESK _ab (K _S )
Create The cipher information DESK _ab (K _S ) is arranged before the cipher text C in which the plaintext M is encrypted with the session key K _S , and is transmitted to the entity b by e-mail together with the cipher text C. In the receiving entity b,
First, the encryption information DESK _ab (K _S ) is obtained using the common key K _ba.
By decoding the calculated session key K _S, it decrypts the ciphertext C received by the obtained session key K _S to the original plaintext M.

In the second example, the transmitting-side entities a,
Using the shared information that can be shared by the receiving-side entity b and the common key generated as described above, the session key K is used by both entities a and b as f (shared key, shared information) = K _{S. Ask} for _S. Since the shared information and the common key obtained by the two entities a and b are the same, the same session key K _S is required. Plaintext M by the session key K _S obtained by the entity a side is sent encrypted into ciphertext C from the entity a to entity b, the ciphertext C is the session key K _S obtained by the entity b side To the original plaintext M.

FIG. 5 is a diagram showing the configuration of an embodiment of the recording medium of the present invention. The program exemplified here is a secret key creation process as described above for creating a private key unique to each entity at each center based on a request from the entity, and a secret key created by a secret key method from each center is transmitted to each entity. , A secret key decryption process as described above, a common key generation process as described above for generating a common key with a communication partner using a secret key unique to itself, secret information of a center (a symmetric matrix), As described above, the secret information for storing and periodically updating the secret key (secret vector) of the entity and storing or updating the secret key, and displaying the common key, plaintext, and ciphertext as described above. And / or plain text encryption / cipher text decryption processing, etc., and are recorded on a recording medium described below. The computer 40 is provided on each host side or each entity side.

In FIG. 5, a recording medium 41 connected online to a computer 40 is, for example, WWW (World Wide
(Web) server computer, and the recording medium 41
Stores the program 41a as described above. The program 41 a read from the recording medium 41 controls the computer 40 to execute at least one of the above processes.

The recording medium 42 provided inside the computer 40 uses, for example, a hard disk drive or a ROM installed in the computer 40. The recording medium 42 stores the program 42a as described above. The program 42a read from the recording medium 42 controls the computer 40 to execute at least one of the above processes.

The recording medium 43 used by being loaded into the disk drive 40a provided in the computer 40 is a transportable medium such as a magneto-optical disk, a CD-ROM or a flexible disk. Is recorded. The program 43a read from the recording medium 43 controls the computer 40 to execute at least one of the above processes.

In the above-described embodiment, a plurality of centers are provided and identification information (ID information) of each entity is provided.
The secret key (secret vector) unique to each entity is created using the division identification information (division ID information) obtained by dividing the above. However, based on the identification information (ID information) of each entity from one center, A private key (secret vector) unique to the entity may be created.

[0059]

As described above in detail, according to the present invention, the transmitting-side entity encrypts the conversion key (session key) for converting plaintext into ciphertext with the common key, and encrypts the encrypted information. Sent with the statement, and on the receiving entity,
Since the conversion key (session key) is decrypted from the encryption information and the ciphertext is decrypted into plaintext using the conversion key (session key), the security of the decryption of the ciphertext is improved by introducing the session key. Can be.

Further, the transmitting entity obtains a conversion key (session key) using the common key and the shared information that can be shared at the time of encrypted communication, and encrypts a plaintext into a ciphertext using the obtained conversion key (session key). And a receiving entity obtains a conversion key (session key) using the common key and the shared information, and uses the obtained conversion key (session key) to convert the transmitted ciphertext into the original plaintext. The security of ciphertext decryption can be relatively easily increased by introducing a session key.

Further, a secret key unique to each entity is created by using the specific information (ID information) of each entity or the division information of the specific information, so that an entity using ID-NIKS with high security is used. A cryptographic communication system capable of performing cryptographic communication between them can be constructed.

(Supplementary Note) The following items are further disclosed with respect to the above description. (1) In an encryption communication between entities, in an encryptor that converts plaintext into ciphertext, a secret key unique to each entity created by using specific information of each entity and specific information of a destination entity are used. Means for generating a common key common to the entity of the transmission destination using the same, means for encrypting a plaintext into a ciphertext with a conversion key, and encryption of the conversion key with the generated common key to obtain encryption information And an encryptor. (2) In the encryption communication between the entities, the encryptor that converts the plaintext into the ciphertext uses the secret key unique to each entity created using the specific information of each entity and the specific information of the destination entity. Means for generating a common key common to the destination entity by using the generated common key and shared information that can be shared with the destination entity during cryptographic communication; and Means for converting a plaintext into a ciphertext. (3) In the decryption device for decrypting the ciphertext encrypted by the encryptor according to the item (1) into plaintext, the decryption is performed by using a secret key unique to the destination entity and the identification information of the source entity. Means for generating a common key identical to the key, means for decoding the cipher information with the generated common key to obtain a conversion key, and means for decoding plaintext into ciphertext with the obtained conversion key vessel. (4) In the decryption device for decrypting the ciphertext encrypted by the encryptor according to the item (2) into plaintext, the decryption is performed by using a secret key unique to the destination entity and the identification information of the source entity. A decoder comprising: means for generating a common key identical to a key; means for obtaining a conversion key using the generated common key and the shared information; and means for decoding plaintext into ciphertext using the obtained conversion key. (5) In a computer-readable recording medium on which a program for causing a computer to make plaintext into ciphertext in cryptographic communication between entities is created using specific information of each entity. Program code means for causing a computer to generate a common key common to the destination entity using the secret key unique to each entity and the identification information of the destination entity, and encrypting the plaintext with the conversion key A program including program code means for causing a computer to execute encryption of a sentence and program code means for causing the computer to encrypt the conversion key with a generated common key to obtain encryption information is recorded. Recording media. (6) In a computer-readable recording medium on which a program for causing a computer to make plaintext into ciphertext is stored in a computer-readable recording medium in a cipher communication between the entities, using the specific information of each entity. Program code means for causing a computer to generate a common key common to the destination entity by using the specified private key unique to each entity and the identification information of the destination entity, and the generated common key and cryptographic communication Program code means for causing a computer to determine a conversion key using shared information that can be shared with a destination entity at times, and program code means for causing a computer to convert plaintext to ciphertext using the determined conversion key And a recording medium on which a program including: (7) On a computer-readable recording medium storing a program for decrypting a ciphertext encrypted according to the program recorded on the recording medium of paragraph (5) into plaintext, A program code means for causing a computer to generate a common key identical to the common key using a secret key unique to the transmission destination entity and identification information of the transmission source entity; and A program is recorded which includes program code means for causing a computer to execute decryption of cryptographic information to obtain a conversion key, and program code means for causing the computer to decrypt plain text to cipher text using the obtained conversion key. Recording media. (8) In a computer-readable recording medium storing a program for decoding a ciphertext encrypted in accordance with the program recorded on the recording medium of paragraph (6) into plaintext, Program code means for causing a computer to generate a common key identical to the common key by using a secret key unique to a transmission destination entity and identification information of a transmission source entity; and the generated common key and the shared key. A program is recorded which includes program code means for causing a computer to obtain a conversion key using information, and program code means for causing the computer to decode a plaintext into a ciphertext using the obtained conversion key. recoding media.

[Brief description of the drawings]

FIG. 1 is a schematic diagram showing a configuration of a cryptographic communication system of the present invention.

FIG. 2 is a schematic diagram illustrating a communication state of information between two entities.

FIG. 3 is a diagram showing an internal configuration of a secret key generator.

FIG. 4 is a schematic diagram showing an example of division of an ID vector (specific information) of an entity.

FIG. 5 is a diagram illustrating a configuration of an embodiment of a recording medium.

FIG. 6 is a diagram illustrating the principle configuration of an ID-NIKS system.

[Explanation of symbols]

 Reference Signs List 1 center 2 secret key generator 5 secret key generator 15, 25 common key generator 16 plaintext encryption unit 26 ciphertext decryption unit 30 communication path 40 computer 41, 42, 43 recording medium a, b, z entity

 ──────────────────────────────────────────────────続 き Continuing on the front page (72) Inventor Yasumichi Murakami 136 Takeda-Mukoshiro-cho, Fushimi-ku, Kyoto-shi, Kyoto Inside Murata Machinery Co., Ltd. No. 3 (72) Inventor Shigeo Tsujii 4-2-1, Jingumae, Shibuya-ku, Tokyo F-term (reference) 5J104 AA01 AA16 EA04 EA13 EA18 JA03 NA03 PA08 5K030 GA15 HA05 JT03 KA01 LD19

Claims (10)

[Claims] In a method of performing cryptographic communication between entities, one entity encrypts a conversion key for converting a plaintext into a ciphertext using a common key generated by using a secret key unique to the entity. The encrypted information is transmitted to the other entity together with the cipher text encrypted with the conversion key, and the other entity uses the same common key as the common key generated using its own private key. Decrypting the transmitted encryption information to obtain the conversion key, and decrypting the transmitted ciphertext with the obtained conversion key into plaintext, thereby performing cryptographic communication between the entities. Method. 2. The cipher communication method according to claim 1, wherein the cipher communication is performed by electronic mail, and the cipher information is arranged and transmitted before the cipher text to be communicated. 3. A method of performing cryptographic communication between entities, wherein one entity uses a common key generated using a private key unique to itself and shared information that can be shared with the other entity during cryptographic communication. Find the conversion key,
The plaintext is converted into ciphertext with the obtained conversion key and transmitted to the other entity, and the other entity uses the same common key and the shared information as the common key generated using its own private key. A cipher communication method characterized by performing cipher communication between entities by decrypting the transmitted cipher text into plain text using the conversion key obtained as described above. 4. The encrypted communication method according to claim 3, wherein the encrypted communication is performed by e-mail, and information in a header portion is used as the shared information. 5. The cryptographic communication method according to claim 1, wherein a secret key unique to each entity is created using specific information of each entity. 6. The cryptographic communication method according to claim 5, wherein a secret key unique to each entity is created by using divided specific information obtained by dividing specific information of each entity. 7. A cryptographic communication system in which a plurality of entities mutually perform an encryption process for encrypting a plaintext, which is information to be transmitted, into a ciphertext and a decryption process for decrypting the transmitted ciphertext into a plaintext. Means for generating, on each entity side, a common key common to the entities to be communicated using its own secret key, and encrypting the conversion key used for the encryption and decryption processes with the common key And / or decrypting means. 8. A cryptographic communication system in which a plurality of entities mutually perform an encryption process of encrypting a plaintext, which is information to be transmitted, into a ciphertext, and a decryption process of decrypting the transmitted ciphertext into a plaintext. In each entity, means for generating a common key common to the entities to be communicated using its own private key, and using the generated common key and shared information that can be shared with the other entity during cryptographic communication Means for obtaining a conversion key used for the encryption processing and the decryption processing. 9. A private key unique to each entity is created by using specific information of each entity.
3. The cryptographic communication system according to 1. 10. The cryptographic communication system according to claim 9, wherein a secret key unique to each entity is created by using divided specific information obtained by dividing specific information of each entity.