JP2002009752A - Decoding apparatus in data encryption system, encryption device, encrypted data decoding method, and storage medium - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a data encryption system adopting a public key encryption system that eliminates the need for storage of a private key to a storage medium. SOLUTION: A data acquisition means 1 acquires received data acting like a seed to generate a pair of public and private keys. A key pair generating means 2 generates a key pair uniquely corresponding to data being the seed. A public key transmission means 3 transmits the public key in a pair of the generated keys to a decoder. A data re-acquisition control means 4 controls the key pair generating means 2 to acquire the data being the seed for generating a key pair newly every time receiving encrypted data generated by using the received public key. A key pair reproduction control means 5 controls the key pair generating section 2 to generate a key pair from the data that are newly acquired and act like the seed. A decoding means 6 uses the private key in the key pair generated by the key pair generating control means 5 under the control of the key pair generating means 2 to decode the encryption data.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a technique for encrypting data, and more particularly to a technique for managing a secret key used to decrypt a cipher text in a public key cryptosystem.

[0002]

2. Description of the Related Art Here, a conventional data encryption system using a public key cryptosystem will be described. FIG. 12 shows a conventional data encryption system using a public key encryption method.

In FIG. 12, a sender B sends a message to a receiver A.
When transmitting the plaintext m, first, the receiver A sets the key pair generation route.
Activate the chin 1000 and set the public key P_AAnd secrets
Key S _AIs generated. Among the generated key pairs, the public key P
_AIs sent from the receiver A to the sender B.

[0004] The sender B gives the public key P _A received a plaintext m to transmit the encryption routines 2000, ciphertext c
Is generated. The cipher text c is sent from the sender A to the receiver B.

[0005] The receiver A receiving the ciphertext c gives the ciphertext c and the secret key S _A to the decryption routine 3000.
The decryption routine 3000 decrypts the ciphertext c based on the secret key S _A , and the plaintext m is reproduced.

A conventional data encryption system using the public key cryptosystem shown in FIG. 12 will be further described. FIG. 13 shows details of the key pair generation routine 1000.

In FIG. 1, when a seed z calculated from, for example, the current time is input to a pseudo random number generation step, the pseudo random number generation step generates a random number r (S1001). Generated random number r is input to the temporary key pair generation process, temporary key pair generation process is based on a random number r temporary public key P _A and the temporary private key S _A
Is generated (S1002).

This temporary key pair P_AAnd S_AIs shown in FIG.
Public key cryptographic keys used in
Make sure that they are reasonable and have sufficient security.
(Encryption generated by the encryption routine 2000)
Whether the sentence c is difficult to decipher is verified (S100).
3). If the result of this verification is acceptable, this key pair P_AAnd S
_AIs output as a public key and a private key, and the result of this verification is
If not, the process returns to the pseudo random number generation step (S1001) and the
Generate another random number and repeat the above process
To output a new public key and private key pair.

Next, FIG. 14 will be described. FIG. 1 is a diagram for explaining a public key cryptosystem. Key pair generation routine 10
The key pair generated by the process is stored in the public key file 1100 and the private key file 1200, respectively. At this time, it is general that these key pairs are encrypted and stored by a common key cryptosystem or the like.

Next, the receiver A sends the public key to the sender B. The sender B is keep once the public key P _A, which is sent to the public key directory file 2100. When sender B sends certain data (plaintext m ₁ ) to sender A, plaintext m
₁ is input to the encryption routine 2000 together with the public key P _A stored in the public key book file 2100. Encryption routine 2000 encrypts the basis plaintext m ₁ to the public key P _A, to generate ciphertext c _1. The generated cipher text c ₁ is sent from the sender A to the receiver B.

Recipient A having received ciphertext c ₁ provides ciphertext c ₁ and secret key S _A to decryption routine 3000. Decoding routines 3000 decodes based ciphertext c ₁ on a secret key S _A stored in the private key file 1200, the plaintext m ₁ is reproduced.

[0012] Thereafter, the sender B also when to send new data (plaintext m ₂₎ to the receiver A, by procedures similar to those described above, the plaintext m ₂ encryption routine 20
00, is encrypted based on the secret key S _A ,
The obtained cipher text c ₂ is sent from the sender A to the receiver B, and the cipher text c ₂ is decrypted based on the secret key S _A by executing the decryption routine 3000, and the plain text m ₂ is reproduced.

In the data encryption system shown in FIG.
In general, there is a risk that data will be leaked to a third party in the procedure of “sending” performed between the receiver A and the sender B. However, the data to be transmitted is the public key P _A and the cipher text c, and it is extremely difficult to decrypt the plain text m or obtain the secret key S _A from these data. As described above, by employing the public key cryptosystem in the data encryption system, it is possible to reduce the risk of improperly stealing data from a third party in the “sending” stage.

[0014]

In a conventional data encryption system using a public key encryption method, as described above, a secret key is stored in a storage device of a computer as a data file (for example, a secret key file 1200 in FIG. 14). Let it be saved. However, with the expansion of computer networks in recent years, in such a secret key management form, there is a high possibility that the secret key will be leaked. If the secret key is leaked, the risk that the ciphertext will be decrypted will be extremely high, no matter how strong the encryption system is.

Therefore, the secret key is stored in a portable storage medium such as a memory card or a floppy (registered trademark) disk, and such a storage medium is removed from the computer except when decrypting the ciphertext. Some methods such as storage are also used. However, this method is not enough in terms of private key management.

In view of the above problems, it is an object of the present invention to eliminate the need to store a secret key in a storage medium in a data encryption system employing a public key encryption method.

[0017]

FIG. 1 is a diagram showing the principle configuration of the present invention. The figure shows an encryption device that performs encryption using a public key to generate encrypted data, and a decryption device that decrypts the encrypted data using a secret key that is a pair with the public key. 1 shows a principle configuration of a decryption device in a data encryption system using a public key cryptosystem.

The data obtaining means 1 obtains input of seed data for generating a key pair including a public key and a secret key. The key pair generation unit 2 generates, from the seed data acquired by the data acquisition unit 1, the key pair uniquely corresponding to the seed data.

The public key sending means 3 sends the public key of the key pair generated by the key pair generating means 2 to the encryption device. The data reacquisition control means 4 controls the key pair generation means 2 and the encrypted data generated by the encryption device using the public key transmitted by the public key transmission means 3 is input to the decryption device. Every time, a seed data for generating a key pair consisting of a public key and a secret key is acquired again.

The key pair regenerating control means 5 comprises a key pair generating means 2
To generate a key pair from the seed data newly acquired by the data acquisition unit 1 controlled by the data reacquisition control unit 4.

The decryption means 6 uses the secret key of the key pair generated by the key pair generation means 2 controlled by the key pair generation control means 5 to decrypt the encrypted data generated by the encryption device. Decrypt.

Here, the key pair generation means 2 includes, for example, a pseudo random number generation means for sequentially generating a pseudo random number uniquely determined from seed data, and a pseudo random number sequentially generated by the pseudo random number generation means. The key pair is selected by selecting a pseudo-random number generator that satisfies a predetermined condition and that is generated in a predetermined order.

According to the configuration shown in FIG. 1, when decrypting encrypted data generated by the encryption device, a key pair consisting of a public key and a secret key is generated by the operation of the data reacquisition control means 4. In this case, the input of data serving as a seed (data referred to as “secret data” in an embodiment of the present invention described later) is newly acquired by the data acquiring unit 1. Then, each time the key pair regeneration control means 5 controls the key pair generation means 2 and the decryption means 6 needs a secret key to be used for decrypting the encrypted data, the data reacquisition control means 4 The key pair is regenerated from the seed data acquired by the data acquisition means 1 controlled by the above method. Here, if the seed data acquired by the data acquisition unit 1 and the seed data newly acquired by the data acquisition unit 1 controlled by the data reacquisition control unit 4 match, the key pair Since the same key pair is generated by the generating means 2 from the two types of data, the encrypted data generated by the encryption device is decrypted by the decrypting means 6.
Can be decrypted.

As described above, since the encrypted data can be decrypted without storing the secret key, the danger of leaking the secret key from the storage medium is avoided. Since the seed data may be any data, words, sentences, data strings, and the like that can be easily memorized by humans are used as seed data, and a user who uses this decoding device becomes this seed. Memorizing the data is advantageous in that leakage of the seed data itself can be prevented.

The configuration shown in FIG. 1 further includes environment information acquisition means for acquiring environment information that is information unique to the apparatus environment of the decryption apparatus. And the key pair uniquely corresponding to the kind of data and the environment information from the environment information.

Here, the environment information is information unique to only one decoding device, which makes it possible to specify only one decoding device, and corresponds to, for example, the serial number of the decoding device.

According to the configuration described above, the generated key pair is not uniquely obtained from only the seed data, but is obtained uniquely from the combination of the seed data and the environment information. Therefore, generation of a secret key for decrypting encrypted data is possible only with a decryption device having the same environment information as that used for generating the public key used for generating the encrypted data, In other environments, even if the seed data is accurately obtained, the ciphertext cannot be decrypted, so that the security of the data encryption system against leakage of the seed data is improved.

The data obtaining means 1 obtains performance operation information obtaining means for obtaining information indicating the contents of a performance operation performed in music performance, and converts the information obtained by the performance operation information obtaining means into a performance. Conversion means for generating melody note data which is a sequence of data corresponding to the contents of the operation, and configured to acquire the melody note data generated by the conversion means as seed data. Is also good.

According to the above-described configuration, the performance data indicating the content of the operation for performing the music performed by the user of the decoding device can be used as seed data. Since it is easier for a person to remember the musical score of a music piece than to memorize disorder data as seed data, it is advantageous to use performance data as seed data. In addition, if a user of the decryption device has a peculiar habit of performing, even if a third party knows what the musical score of the performance music is, Unless a third party can reproduce the user's playing habit, the encrypted data cannot be decrypted.

Also, an encryption device that performs encryption using a public key to generate encrypted data, and a decryption device that decrypts the encrypted data using a secret key paired with the public key. And an encryption unit for generating encrypted data by performing encryption using a public key sent from the decryption device, wherein the encryption device is a data encryption system using a public key encryption method. And cipher data sending means for sending the cipher data to the decryption device,
The public key is data obtained by the decryption device, and is uniquely assigned to the seed data from the seed data for generating a key pair including the public key and the secret key. The cryptographic data generated by the key pair generation means of the decryption device, which generates the corresponding key pair, and which is transmitted to the decryption device by the cryptographic data transmission means, is such that the encrypted data is The decryption device uses a secret key of the key pair generated by the key pair generation means from the seed data newly acquired by the decryption device every time the decryption device inputs the decryption device. Is an invention of a sub-combination in which the data encryption system described above is configured with the decryption device shown in FIG.

Further, a data encryption system using a public key cryptosystem, in which encrypted data generated by performing encryption using a public key is decrypted using a secret key paired with the public key. Wherein the key pair uniquely generates the key pair uniquely corresponding to the seed data from the seed data for generating the key pair including the public key and the secret key. The cryptographic data generated by using the public key obtained in the generating step, and the seed data is newly acquired each time the cryptographic data is received, and is uniquely obtained in the newly obtained seed data. The corresponding key pair is generated by the key pair generation step, and the private key of the key pair generated by the key pair generation step from the newly obtained seed data is used to receive the key pair. Encrypted data Decoding, data decoding method, characterized in that also relate to the present invention, the same effects as the decoding apparatus shown in FIG.

Further, by causing the computer to execute the above-described data decryption method according to the present invention, the computer reads out the encrypted data decryption program from a computer-readable storage medium storing the program. The above-described problem can also be solved by causing the program to be executed.

[0033]

Embodiments of the present invention will be described below with reference to the drawings. FIG. 2 is a diagram showing an overall configuration of a data encryption system embodying the present invention. In the data encryption system shown in FIG. 1, a receiver device 10 used by a receiver A receiving data and a sender device 20 used by a sender B transmitting data are connected via a network 30. The receiver device 10 and the sender device 20 can mutually exchange various data.

The receiver device 10 comprises a CPU 11, a RAM
12, ROM 13, HDD 14, input unit 15, output unit 1
6. The I / F unit 17 is connected via a bus 18 so that data can be exchanged between the components.

The CPU 11 is a central processing unit that controls the overall operation of the receiver-side device 10 while using the RAM 12 as a work area in accordance with the basic control program stored in the ROM 13. Also, if necessary,
Reads the necessary control program from DD14
12 and executes various processes related to the cryptographic system by executing the control program.

The RAM 12 is a random access memory used as a work area for processing by the CPU 11 and for storing various setting parameters. The ROM 13 is a read-only memory in which a control program for controlling the whole of the receiver-side device 10 executed by the CPU 11 is stored in advance.

The HDD 14 is a hard disk drive,
A control program for causing the CPU 11 to perform various processes related to the encryption system and various data are stored.

The input unit 15 includes a keyboard, a mouse, and the like, and acquires various instructions and data inputs from the user of the receiver-side device 10. The output unit 16 is C
RT (Cathode Ray Tube) and LCD (Liquid Crystal D)
It is provided with a display device such as isplay, a printer device, and the like, and presents various information to the user of the receiver-side device 10.

The I / F unit 17 provides an interface function for connecting the receiver device 10 and the network 30. The receiver-side device 10 is configured to include these components.

The sender device 20 includes a CPU 21 and a RAM.
22, ROM 23, HDD 24, input unit 25, output unit 2
6. The I / F unit 27 is connected via a bus 28. Each of these components is the same as each component of the receiver-side device 10.

Since these components are included in a general-purpose computer, it is possible to configure the receiver-side device 10 and the sender-side device 20 with a general-purpose computer.

Hereinafter, the basic operation of the data encryption system according to the present invention will be described. FIG. 3 shows a basic operation flow of the data encryption system according to the present invention. Hereinafter, how data is exchanged in the data encryption system shown in FIG. 2 will be described with reference to FIG.

In FIG. 3, the steps from S101 to S103 and S111 are initial work steps. Then, the steps from S101 to S103 are realized by the CPU 11 executing the initial work program stored in the HDD 14 of the reception-side apparatus 10, and S1 is executed.
The step 11 is realized by the CPU 21 executing an initial work program stored in the HDD 24 of the transmitting apparatus 20.

First, the "secret data" input by the receiver A operating the input unit 15 of the receiver device 10
Is acquired by the CPU 11 (S101). Here, as the secret data, words, sentences, data strings, etc. having a sufficient word length can be used, and it is preferable that the secret data can be memorized by the recipient A.

Upon receiving the secret data input to the input unit 15, the CPU 11 reads out and executes the key pair generation program from the HDD 14, and generates a public key P _A and a secret key S _A from the secret data (S102).

Referring now to FIG. FIG. 4 shows a flow of a key pair generation process performed by the CPU 11 by executing the key pair generation program. Upon receiving the secret data s, the CPU 11 first generates a pseudo random number based on the secret data s (S201),
Is generated. This pseudo random number generation step is not a true random number generation step, but a secret data s.
The process is such that a value uniquely determined from the value of is generated as a random number r. The dashed arrow in FIG. 4 indicates this.

Subsequently, the CPU 11 generates a temporary public key P _A and a temporary secret key S _A based on the generated random number r (S
202). Thereafter, the CPU 11 generates the temporary key pair P
_A and S _A are reasonable as a key pair of the public key cryptosystem operated by the cryptosystem shown in FIG.
In addition, it is verified whether sufficient security can be ensured (whether the decryption is difficult) (S203). If the result is Yes in this verification outputs the key pair P _A and S _A as actually available public and private keys, returns to if not the verification result is a pseudo random number generation step (S201) To generate another new random number, and to generate a key pair again.
Thereafter, these steps are repeatedly executed until the result of the verification step in S203 becomes acceptable.

The steps of S202 and S203 are performed in steps S1002 and S1003 in FIG.
This is the same as the above step. However, the pseudo-random number generation step in S201 is uniquely determined from the value of the secret data s and the number of executions of the steps from S201 to S203 (that is, the generation order of the random numbers generated in the pseudo-random number generation step). The process is such that a value is generated as a random number r. Under this condition, the key pair generated by the key pair generation program can be uniquely obtained from the secret data.

Returning to the description of FIG. CPU11 controls the I / F unit 17, the sender-side apparatus via the network 30 to the public key P _A of the key pair generated in S102 in step 20
(S103). At this time, the secret key S _A is discarded without being stored.

When the public key P _A is received by the I / F unit 27 of the sender device 20, the CPU 21 of the sender device 20 stores the public key P _A in a public key book file of the HDD 24. (S111).

Thus, the steps of the initial operation are completed. Next, a process of transmitting and receiving the encrypted data will be described. In FIG. 3, steps S121 to S123 and steps S131 to S134 are data transfer steps. In steps S121 to S123, the CPU 21 executes an encrypted data transmission program stored in the HDD 24 of the transmission side device 20. The steps from S131 to S134 are realized by the CPU 11 executing the data decryption program stored in the HDD 14 of the receiving side device 10.

First, the plaintext m ₁ input by the operation of the sender B on the input unit 25 of the sender device 20 is converted to the CP.
U21 acquires it (S121). CPU21 received plaintext m ₁ reads the public key P _A which is stored in the public key directory file HDD 24, and generates a ciphertext c ₁ encrypts plaintext m ₁ on the basis of the public key P _A ( S1
22). The encryption method performed in this step is a public key encryption method, and a known method is used as it is.

When the cipher text c ₁ is generated, the CPU 21 controls the I / F unit 27 to send the cipher text c ₁ to the receiver device 10 via the network 30 (S12).
3). When the ciphertext c ₁ is received by the I / F unit 17 of the receiver device 10, the CPU 11 of the receiver device 10 controls the output unit 16 to output the notification to notify the receiver A of the fact. Perform When the receiver A inputs the secret data by operating the input unit 15 of the receiver device 10 in response to this notification, the CPU 11 acquires the secret data (S13).
1). Here, the secret data input by the recipient A is
It is necessary to input the same thing as that performed in the step S101 in the above-mentioned initial work.

When receiving the secret data input to the input unit 15, the CPU 11 reads out and executes the key pair generation program from the HDD 14, and generates a public key P _A and a secret key S _A from the secret data (S132). In this step, the processing shown in FIG. 4 is executed in the same manner as in the step of S102 in the initial operation described above.

Subsequently, the CPU 11 decrypts the cipher text c ₁ received from the sender device 20 based on the secret key S _A generated by the above-described processing, and reproduces the plain text m ₁ (S133). The decryption performed in this step uses a decryption method corresponding to the encryption method adopted in the encryption step of S122 described above.
Thereafter, the CPU 11 controls the output unit 16 to output the plaintext m _1.
Is output and presented to the recipient A (S134). The first transfer of the encrypted data is completed.

In the data encryption system shown in FIG.
The same is true for the second data transfer, and the encrypted data transmission program stored in the HDD 24 is transmitted to the transmission side device 20.
By CPU21 executes a, after acquiring (S121 ') the plaintext m ₂ input by the operation of the input unit 25 of the transmitting side apparatus 20 by the sender B, S122 and S123 in step is performed by CPU21 And
The process from S131 to S133 is performed by the receiving apparatus 10
Is realized by the CPU 11 executing the data decryption program stored in the HDD 14 of the plaintext m.
₂ is reproduced, then, CPU 11 may output the plaintext m ₂ controls the output unit 16 for presenting to the recipient A (S13
4 '). The same applies to the transfer of data thereafter.

In the data encryption system according to the present invention, as described above, each time the receiver-side device 10 decrypts the ciphertext, the receiver A inputs the secret data to generate a key pair. Therefore, it is not necessary to store the secret key in the storage medium. As a result, the secret key is not stolen from the storage medium, and the security of the system is improved. Also, if the secret data is memorized, the receiver A can decrypt the ciphertext by giving the secret data in another environment (for example, another computer) that can use the same data encryption system. This data encryption system also has the advantage that it can be performed.

Next, in the data encryption system shown in FIG. 2, an embodiment in which the above-described data exchange according to the present invention is performed using the well-known public key encryption system, the RSA encryption system, will be described. For the RSA encryption method, for example, "A Method for Obtaining Digital Signatu
res and Public-Key Cryptosystems ", Rivest, R., Sham
ir, A. and Adleman, L, Com. of the ACM, Vol. 21, N
o.2, pp.120-126 (1978).

FIG. 5 shows a flow of processing when data is exchanged according to the present invention by employing the RSA encryption method in the data encryption system shown in FIG. In FIG. 5, the steps from S301 to S303 and S311 are the steps of the initial operation. Then, from S301 to S
The steps up to 303 are realized by the CPU 11 executing the initial work program stored in the HDD 14 of the receiving apparatus 10, and the step S 311 is executed by the CPU 21 executing the initial work program stored in the HDD 24 of the transmitting apparatus 20. It is realized by executing.

First, the secret data input by the receiver A operating the input unit 15 of the receiver side device 10
The PU 11 acquires the information (S301). Here, the confidential data is a word, a sentence, a data string, or the like having a sufficient word length, as in the case of FIG. 3, and is preferably such that the recipient A can memorize it.

When receiving the secret data input to the input section 15, the CPU 11 reads out and executes the key pair generation program from the HDD 14, and generates a public key P _A and a secret key S _A from the secret data (S302).

FIG. 6 shows a flow of a key pair generation process performed by the CPU 11 by executing the key pair generation program. The CPU 11 receiving the secret data s
First, a pseudo random number is generated based on the secret data s (using the secret data s as a seed) (S401), and a random number p is generated. The process of generating the pseudo-random number is a process in which a value uniquely determined from the value of the secret data s is generated as the random number p, similarly to the process in FIG.

Subsequently, the CPU 11 verifies whether or not the generated random number p is a prime number (S402). If the random number p is not a prime number (a composite number), the pseudo random number generating step (S4)
01), and the process is repeated. Note that the process of generating the pseudorandom number in S401 includes the value of the secret data s and this S
It is assumed that a value uniquely determined from the number of executions of the steps 401 and S402 is generated as a random number p.

Thereafter, a random number p, which is a prime number, is generated, and the verification result in the step of S402 becomes possible. This random number p is a prime number p _A. When the prime number p _A is obtained, the CPU 1
1 is the same process as the process of S401, the secret data s
The step of generating a pseudo-random number using as a seed is executed further following the step of S401 to generate the next random number q (S40).
3). Then, it is verified whether or not the generated random number q is a prime number (S404). If the random number q is not a prime number (a composite number), the process returns to the pseudo-random number generation step (S403) and the process is repeated. Thus, a random number q, which is a prime number, is generated. This random number q and prime q _A.

When the prime q _A is obtained, the CPU 11 proceeds to S4
The step of generating the same pseudorandom number using the secret data s as a seed, which is the step 01, is further executed after the step of S403, and the next random number e is generated (S405).

Here, the CPU 11 generates the random number e
Is the value λ of the least common multiple of (p-1) and (q-1)
It is determined whether the value is relatively prime to (n _A ) (where n _A = p _A × q _A ) (S406). As a result of this processing, if the random numbers e are not relatively prime values, the process returns to the pseudo random number generation step (S405), and the processing is repeated. As a result, a random number e is generated which is relatively prime to λ (n _A ). This random number e and e _A.

The p obtained by the above steps_A, Q₀,
e_AFrom the public key P_AAnd secret key S _AIs given by the following equation
Generated. P_A= (E_A, N_A) S_A= D_A= E_A ^-1modλ (n_A) Where p_A, Q₀, E_AAre S401 and S4 described above.
03, pseudo-random number generation in the step of generating pseudo-random numbers in S405
All are uniquely obtained from secret data s according to raw conditions.
It is something that can be done.

Returning to the description of FIG. CPU11 controls the I / F unit 17, the sender-side apparatus via the network 30 to the public key P _A of the key pair generated in S102 in step 20
(S303). At this time, the secret key S _A is discarded without being stored.

When the public key P _A is received by the I / F unit 27 of the sender device 20, the CPU 21 of the sender device 20 stores the public key P _A in the public key book file of the HDD 24. (S311).

Thus, the steps of the initial operation are completed. Next, a process of transmitting and receiving the encrypted data will be described. In FIG. 5, steps S321 to S323 and steps S331 to S334 are data transfer steps. In steps S321 to S323, the CPU 21 executes the encrypted data transmission program stored in the HDD 24 of the transmission side device 20. The steps from S331 to S334 are realized by the CPU 11 executing the data decryption program stored in the HDD 14 of the receiving apparatus 10.

First, the plaintext m ₁ input by the sender B operating the input unit 25 of the sender device 20 is converted into a CP.
U21 acquires it (S321). CPU21 received plaintext m ₁ reads the public key P _A which is stored in the public key directory file HDD 24, and generates a ciphertext c ₁ encrypts plaintext m ₁ on the basis of the public key P _A ( S3
22). The encryption performed in this step is represented by the following equation.

C ₁ = m ₁ ^e (modn _A ) When the encrypted text c ₁ is generated, the CPU 21 causes the I / F unit 27
Controls, is sent to the receiver side apparatus 10 of this ciphertext c ₁ via the network 30 (S323).

When the ciphertext c ₁ is received by the I / F unit 17 of the receiver device 10, the CPU 11 of the receiver device 10 controls the output unit 16 to notify the receiver A of the fact. Output for When the receiver A inputs the secret data by operating the input unit 15 of the receiver device 10 in response to the notification, the CPU 11 acquires the secret data (S331). Here, as the secret data input by the receiver A, it is necessary to input the same secret data as that in the step S301 in the above-mentioned initial work.

The CPU 11 outputs the secret input to the input unit 15.
Upon receiving the secret data, the key pair generation program
Read and execute the secret key, and execute public key P from the secret data._A=
(E _A, N_A) And secret key S_A= DA is generated (S3
32). This step is performed in step S302 in the initial operation described above.
The processing shown in FIG.
Is performed.

Subsequently, the CPU 11 decrypts the cipher text c ₁ received from the sender device 20 based on the public key P _A and the secret key S _A generated by the above processing,
To reproduce the plaintext m ₁ (S333). The decoding performed in this step is given by:

M ₁ = c ₁ ^dA (modn _A ) Thereafter, the CPU 11 controls the output unit 16 to output the plaintext m ₁
Is output and presented to the recipient A (S134). The first transfer of the encrypted data is completed.

In the data encryption system shown in FIG.
The same is true for the second data transfer, and the encrypted data transmission program stored in the HDD 24 is transmitted to the transmission side device 20.
Of the plaintext m ₂ input by the sender B operating the input unit 25 of the sender device 20 (S321 ′), the CPU 21 performs the steps S322 and S323. And
The process from S331 to S333 is performed by the receiving side device 10
Is realized by the CPU 11 executing the data decryption program stored in the HDD 14 of the plaintext m.
₂ is reproduced, then, CPU 11 may output the plaintext m ₂ controls the output unit 16 for presenting to the recipient A (S33
4 '). The same applies to the transfer of data thereafter.

As described above, in the data encryption system shown in FIG. 2, data exchange according to the present invention can be performed by employing the RSA encryption method. Next, another embodiment of the present invention will be described.

In the embodiment described so far (hereinafter, referred to as the first embodiment), a key pair is generated each time the receiver A inputs the secret data to the receiver device 10, and the cipher text is generated. The decryption is performed, and as described above,
There is an advantage that the ciphertext can be decrypted in another environment where the same data encryption system can be used. However, from a different point of view, this advantage is also different from the input unit 1 of the receiver device 10 that the receiver A performs for inputting the secret data.
When secret data is known to a third party due to prying eyes on the operation of the third party, there is a problem that the ciphertext is decrypted in another environment available to the third party. It means that you are doing. The second embodiment of the present invention described below solves this problem by making it possible to decrypt cipher text only in a specific environment.

The second embodiment is also implemented in the data encryption system shown in FIG. 2, as in the first embodiment. The processing flow in the data encryption system in the second embodiment is the same as that shown in FIG. 3, but FIG. 4 shows the key pair generation processing performed by the CPU 11 in S102 and S132 in FIG. To be different from

FIG. 7 shows a flow of a key pair generation process performed by the CPU 11 by executing the key pair generation program in the second embodiment of the present invention. As can be seen by comparing FIG. 7 with FIG. 4, in FIG.
The point where the CPU 11 performs the process of acquiring the environment information (S5
01), in the process of generating pseudorandom numbers, secret data s
Not only the pseudo random number r
Is different from FIG. 4 in that the temporary public key P _A and the temporary secret key S _A are generated based on not only the generated random number r but also environmental information (S201 ′). ing.

Here, the environment information means that only one receiving apparatus 10 can be specified.
This information is unique only to 0, for example, a product number and a serial number of the receiver-side device 10 recorded in the ROM 13 in advance, or a serial number assigned to a partition of the HDD 14 can be used.

In this way, the generated key pair is not uniquely obtained from the secret data,
It is uniquely obtained from the combination of secret data and environmental information. Therefore, the generation of the secret key for decrypting the ciphertext is performed by the receiving apparatus 10 having the same environment information as that used for generating the public key used for encrypting the plaintext.
Only in the environment other than the receiving apparatus 10, even if correct secret data is input, the ciphertext cannot be decrypted. Therefore, the security of the data encryption system against leakage of secret data is improved.

Next, a third embodiment of the present invention will be described. In the third embodiment, the receiver A plays a musical piece, and uses performance data indicating the content of an operation for the performance as secret data.

The third embodiment can also be implemented in the data encryption system shown in FIG. 2 (operating the input unit 15 to play music), as in the first embodiment described above. As shown in FIG. 8, a keyboard 19 capable of outputting information indicating a performance operation is connected to the input unit 15 of the receiving device 10, and the receiver A operates the keyboard 19 to perform a music performance. It is convenient to do

FIG. 9 shows an operation flow of the data encryption system according to the third embodiment of the present invention. In FIG. 9, the steps that perform the same processing as in FIG. 3 described above are denoted by the same reference numerals.

As can be seen from a comparison of FIG. 9 with FIG. 3, FIG. 9 shows a performance performed by the receiver A for performing a specific music piece (hereinafter referred to as “secret melody”). Information indicating the operation is input to the keyboard 19 (or the input unit 15).
(S601 and S611) to acquire and transfer to the CPU 11
The PU 11 reads out and executes the key pair generation program from the HDD 14, and generates the public key P _A and the secret key S _A from the performance information on the secret melody (S602 and S61).
2) The process is different from the flow of the operation shown in FIG. 3, and the other processes are the same.

FIG. 10 shows the flow of key pair generation processing performed by CPU 11 by executing the key pair generation program in the case shown in FIG. In FIG. 10, the steps that perform the same processing as in FIG. 4 described above are denoted by the same reference numerals.

First, the CPU 11 obtains information indicating a performance operation performed on the keyboard 19 (or a keyboard or the like of the input unit 15) (S701). This information includes information indicating the timing of depressing or releasing a key on the keyboard 19 (or a keyboard or the like of the input unit 15), information identifying a key that has been depressed or released. .

Subsequently, the CPU 11 converts the acquired information indicating the performance operation into note data indicating the pitch and duration of each musical tone, and converts the secret melody note data s composed of a data string of the note data. It is acquired (S702).

The steps executed by the CPU 11 thereafter are the same as those shown in FIG. 4 if the secret melody note data s is regarded as the secret data s, so that the description will be omitted. With the above configuration, the third embodiment of the present invention is realized, and the performance data indicating the content of the operation for performing the music performed by the receiver A can be used as the secret data. Since it is easier for a person to remember a musical score of a music piece than to memorize disorderly data as secret data, there is an advantage in using performance data as secret data. Also, if the performance of the receiver A has a peculiar habit, even if a third party knows what the secret melody is,
If the third party cannot reproduce the performance habit of the receiver A, the cipher text cannot be decrypted. In this regard, there is a possibility that the security of the data encryption system can be improved.

In the third embodiment, the keyboard 19 (or the keyboard of the input unit 15) is used.
In this case, the receiver A performs singing or humming in parallel with the performance of the musical instrument, and the utterance is collected by a microphone. It is also possible to obtain secret melody note data s by analyzing the sounding timing and pitch from the obtained voice signal and converting it into note data.

In addition to the above, as a modified example of the third embodiment described above, instead of using the performance data as secret data, a voice print obtained by analyzing a human utterance, a human fingerprint, palm, It is also possible to acquire biometric information that can be identified by an individual, such as image information on the retina and the like, and convert such biometric information to use it as secret data.

Note that various control programs for causing a computer to execute these processes executed by the CPU 11 described above are created and stored in a computer-readable storage medium, and the programs are read from the storage medium to the computer. By causing the computer to execute, the data encryption system according to the present invention can be configured using a computer.

FIG. 11 shows an example of a computer-readable storage medium for storing various control programs. As shown in the figure, as the storage medium, for example, a storage device 42 such as a ROM or a hard disk device provided as an internal or external accessory device in the computer 41, a floppy disk, an MO (magneto-optical disk), a CD-R
A portable storage medium 43 such as an OM or a DVD-ROM can be used. The storage medium is network 4
A storage device 46 attached to a program server 45, which is a computer connected to the computer 41 via the computer 4, may be used. In this case, a transmission signal obtained by modulating a carrier with a data signal representing a control program is
The control program is transmitted from the program server 45 through the network 44 as a transmission medium, and the computer 41 demodulates the received transmission signal and reproduces the control program, whereby the control program can be executed.

[0096]

As described in detail above, the present invention provides
In a data encryption system using a public key cryptosystem, which decrypts encrypted data generated by performing encryption using a public key using a secret key paired with the public key, Generated using a public key obtained by a key pair generation step of generating a key pair uniquely corresponding to the seed data from seed data for generating a key pair consisting of a secret key Each time the cryptographic data is received, the seed data is newly acquired every time the encrypted data is received, and a key pair uniquely corresponding to the newly acquired seed data is generated by the key pair generation step described above. Using the secret key of the generated key pair, the received encrypted data is decrypted.

In this way, the encrypted data can be decrypted without storing the secret key, so that the risk that the secret key leaks from the storage medium can be avoided.

[Brief description of the drawings]

FIG. 1 is a diagram showing the principle configuration of the present invention.

FIG. 2 is a diagram illustrating an overall configuration of a data encryption system that embodies the present invention.

FIG. 3 is a diagram showing a basic operation flow of the data encryption system according to the present invention.

FIG. 4 is a diagram showing a flow of a key pair generation process in FIG. 3;

FIG. 5 is a diagram showing a flow of processing when data is exchanged according to the present invention by employing the RSA encryption method.

FIG. 6 is a diagram showing a flow of a key pair generation process in FIG. 5;

FIG. 7 is a diagram showing a flow of a key pair generation process in a second embodiment of the present invention.

FIG. 8 is a diagram showing an overall configuration of a data encryption system suitable for implementing a third embodiment of the present invention.

FIG. 9 is a diagram showing a flow of an operation of the data encryption system in the third embodiment of the present invention.

FIG. 10 is a diagram showing a flow of a key pair generation process in FIG. 9;

FIG. 11 is a diagram illustrating an example of a computer-readable storage medium that stores various control programs.

FIG. 12 is a diagram showing a conventional data encryption system using a public key encryption method.

FIG. 13 is a diagram illustrating details of a key pair generation routine in FIG. 12;

FIG. 14 is a diagram illustrating a public key cryptosystem.

[Explanation of symbols]

 1 Data Acquisition Means 2 Key Pair Generation Means 3 Public Key Sending Means 4 Data Reacquisition Control Means 5 Key Pair Regeneration Control Means 6 Decryption Means 10 Recipient Side Device 11, 21 CPU 12, 22 RAM 13, 23 ROM 14, 24 HDD 15, 25 Input unit 16, 26 Output unit 17, 27 I / F unit 18, 28 Bus 19 Keyboard 20 Sender device 30, 44 Network 41 Computer 42, 46 Storage device 43 Portable storage medium 45 Program server 1000 Key pair generation routine 1100 Public key file 1200 Private key file 2000 Encryption routine 2100 Public key book file 3000 Decryption routine

Claims (7)

[Claims] An encryption device that performs encryption using a public key to generate encrypted data, and a decryption device that decrypts the encrypted data using a secret key paired with the public key. The data decryption apparatus in a data encryption system using a public key cryptosystem, comprising: obtaining data input as a seed for generating a key pair including the public key and the secret key. Means, a key pair generation means for generating the key pair uniquely corresponding to the seed data from the seed data, and a public key of the key pair generated by the key pair generation means. Controlling the data obtaining unit to transmit the encrypted data generated by the encrypting device using the public key transmitted by the public key transmitting unit; Input to the gasifier Data re-acquisition control means for reacquiring the seed data every time, the key pair generation means is controlled, and the data reacquisition means controlled by the data reacquisition control means reacquires the data. Key pair regeneration control means for generating the key pair from seed data, and a secret key of the key pair generated by the key pair generation means controlled by the key pair regeneration control means. And a decryption unit for decrypting the encrypted data generated by the encryption device. 2. The method according to claim 1, wherein the key pair generation means includes: a pseudo random number generation means for sequentially generating a pseudo random number uniquely determined from the seed data; and a pseudo random number sequentially generated by the pseudo random number generation means. 2. The decryption device according to claim 1, further comprising: a selector that selects a key pair that matches a condition and that is generated in a predetermined order by the pseudorandom number generator. 3. The apparatus further comprises environment information acquisition means for acquiring environment information that is information unique to the apparatus environment of the decryption apparatus, wherein the key pair generation means comprises: The decryption device according to claim 1, wherein the key pair uniquely corresponding to the seed data and the environment information is generated. 4. The data acquisition means, wherein: performance operation information acquisition means for acquiring information indicating the contents of a performance operation performed in music performance; and information obtained by the performance operation information acquisition means. A conversion unit that generates melody note data that is a sequence of data corresponding to the content of the performance operation, and obtains the melody note data generated by the conversion unit as the seed data. 2. The decoding device according to claim 1, wherein: 5. An encryption device for generating encrypted data by performing encryption using a public key, and a decryption device for decrypting the encrypted data using a secret key paired with the public key. An encryption unit for generating encrypted data by performing encryption using a public key sent from the decryption device, wherein the encryption device is a data encryption system that uses a public key encryption method. An encryption data sending unit that sends the encryption data to the decryption device, wherein the public key is data obtained by the decryption device, and includes the public key and the secret key. Generating, from the data serving as a seed for generating a key pair, the key pair uniquely corresponding to the seed data, the key pair being generated by key pair generation means of the decryption device; Means for sending encrypted data Therefore, the encryption data sent to the decryption device is generated by the key pair generation means from the seed data newly acquired by the decryption device each time the encryption data is input to the decryption device. The decryption device decrypts the private key using a secret key of the key pair. 6. A data encryption system using a public key cryptosystem, wherein encrypted data generated by performing encryption using a public key is decrypted using a secret key paired with the public key. Wherein the key pair uniquely generates the key pair corresponding to the seed data from the seed data for generating the key pair including the public key and the secret key. The cryptographic data generated by using the public key obtained in the generation step, the seed data is newly acquired each time the cryptographic data is received, and the newly acquired seed data is uniquely obtained. The corresponding key pair is generated in the key pair generating step, and the private key of the key pair generated in the key pair generating step from the newly obtained seed data is used to receive the key pair. Restore encrypted data A data decryption method. 7. A public key cryptosystem, which is executed by a computer to decrypt encrypted data generated by performing encryption using a public key using a secret key paired with the public key. A computer-readable storage medium storing an encrypted data decryption program for causing the computer to decrypt the encrypted data in a data encryption system using a system, comprising: the public key and the secret key. A cryptographic data generated using a public key obtained by a key pair generation step of generating the key pair uniquely corresponding to the seed data from the seed data for generating the key pair, Every time the encrypted data to be decrypted is received, the seed data is newly acquired, and the key pair generation step is performed to obtain the seed data. Control to generate the key pair uniquely corresponding to data, using a secret key of the key pair generated from the seed data newly obtained by performing the key pair generation step, A storage medium storing a control for decrypting the received encrypted data, and an encrypted data decryption program for causing a computer to perform: