JP2002111657A - Master key management system, method program using multiplex affine key system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a master key management system to form a hierarchical tree structure of keys in a network by utilizing a multiplex affine key system or the like which cannot be decoded easily. SOLUTION: This master key management system generates a second key data LN as a child key using the multiplex affine key system depending on a first key data L as a master key used for encrypting a plaintext to an encrypted sentence and a key topology ω as the parameter. The data of sentence encrypted by the multiplex affine key system from the plaintext using the generated child key data LN as the key can be decoded not only with the child key data but also decoded with the child key regenerated from the master key and key topology. Therefore, since a master key data owner is capable of decoding and browsing the text encrypted with a descendant key data generated from the master key data of such owner, the hierarchical key tree structure can be formed.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

[0001] 1. Field of the Invention [0002] The present invention relates to a master key management system, a multi-affine key system, and a method for generating a multi-layered common key in digital communication using the multi-affine key system.

[0002]

2. Description of the Related Art Recently, with the spread of digital devices such as computer devices, communication technology between computer devices and communication technology using digital signals have been remarkably developed in various forms. In communication between such digital devices, communication lines, telephone lines, the Internet, etc.,
Various digital signal communications are performed in a highly versatile data format. This is, for example, a LAN or WAN, an intranet, or various digital communications via the Internet.

[0003] Here, an LA formed in one company
A description will be given using N (local area network) as an example. The LAN is a network for performing data communication by connecting a plurality of personal computer terminals, for example, with each other via a line according to a predetermined protocol in a certain area. By using a LAN, various documents and sales data of the company, internal information such as minutes and internal newsletters are converted into digital data and stored on a shared file server, etc., so that all employees can quickly read out from terminal devices. Making it possible. As a result, the exchange of in-house information and opinions, which had been stagnant in the past as the size of a large company, can be dramatically increased, thereby improving work efficiency. Further LAN
Can be used to send and receive information instantly in the relationship between personal devices without being caught in an organizational framework such as a department or section. Proposals and information can be easily provided.

[0004] Therefore, for example, even from a manager's perspective, information from the end of the organization can be quickly obtained through the LAN, and this can be reflected in various management decisions. Therefore, providing a communication network such as a LAN in-house greatly contributes to eliminating arteriosclerosis of a company caused by stagnation of information transmission and complexity of an information path in a large company.

[0005]

However, on the other hand, the operation of such a side-by-side LAN is inconsistent with the pyramid-type command mechanism inherent in a business organization. Is paralyzed, organizational strength is reduced, and corporate information is unnecessarily spread or leaked. In order to avoid this, confidentiality is enhanced by setting a password for document information or the like and setting and encrypting a common key. However, this method has a problem that a password or a common key must be stored for each piece of information in order to access the information, which is complicated.

[0006] In view of the above problems, the present invention generates a hierarchical key tree structure for a flat network structure using a multi-affine key system or the like, which is extremely difficult to decipher, so that a master key can be obtained. To provide a master key management system and a method capable of giving hierarchical weight to the degree of disclosure of information while achieving both confidentiality for a person without possession and ease of decryption for a person with a master key. With the goal.

[0007]

The present invention has the following aspects to attain the object mentioned above.

The present invention as defined in claim 1 uses a multiple affine key system according to first key data and a key topology which is a parameter for use in encrypting a plaintext into a ciphertext. Thus, a master key management system is also characterized in that second key data to be used for encryption processing is generated.

According to the present invention, the first key data used for encryption / decryption of data is provided so as to be hierarchical.
The second key data as a child key is generated from the key data by using a multiple affine key system according to a key topology as a parameter. In this system, the key topology, which is a parameter used in generating the child key, and the identification information of the parent key indicating from which parent key the child key was generated (a primitive key and a key topology for reproducing the parent key data). Column) is placed publicly on a shared server in the network or on a shared area in a digital device,
The person having the master key can freely generate his / her own child key or descendant key. Here, the problem is that the owner of the child key specifies the first key data that is the parent key from the second key data that is the child key and the key topology that is a parameter used in the generation of the child key. This is a prominent feature of a master key management system. This is because the second key data is generated by a multiple affine key system that generates pseudorandom numbers that are as close as possible to true random numbers during child key generation.

Therefore, only the person who has been given the second key data as the child key and the person who has the first key data which is the master key that is the parent of the child key have the public key topology. With reference to the key topology table, the ciphertext data encrypted by the second key data can be decrypted, and a person who does not have the second key data or a parent key higher than the first key data (the first key data or Those that do not have the higher order key data that generated the first key data) cannot decrypt this ciphertext data.

Therefore, according to the present invention, not only the person having the child key data used for the encryption but also the person having the parent key from which the child key data is derived can be accessed. It is possible to provide a master key management system that generates and supplies child keys that can be converted.

Here, a key having a master key easily reproduces a slave key used for encryption by using its own master key and a key topology used for generating a slave key from a public key topology table. Therefore, the ciphertext data can be decrypted. That is, if the user has the master key, it is possible to directly decrypt the ciphertext without having the child key.
Because you do not need to memorize any passwords for the huge number of child keys 10 or 100 steps below,
The user having the master key can decrypt the ciphertext without feeling uncomfortable.

Thus, only the person having the child key used for the encryption and the parent key from which the child key was generated, and the person having the parent key from which the parent key was generated, can receive the encrypted data. A hierarchical tree of common keys that can be decrypted
And so on. Therefore, the conventional LAN has only a horizontal arrangement of one line, and the inconvenience that each encryption key must be held in order to decrypt all cipher texts can be solved.

It is to be noted that such a public type hierarchical key tree can be realized by the identification information of the parent key which is disclosed by the parent key owner (a primitive key for reproducing the parent key and a key topology sequence). ) And the parameters (key topology) used for generating the child key, the child key can be generated by itself, and the child key owner determines the parent key from its own child key data and the public key topology. Cannot be specified, and is based on the high security capability of the multi-affine key system. If a general function generates a child key from a parent key and publishes the parameters at the time of generation, the child key owner can use the public key topology used at the time of generation of the child key and the own child key. However, the key data as the master key can be specified. Therefore, since the security of encryption is broken, such a hierarchical system cannot be realized.

According to a second aspect of the present invention, a multiple affine key system is used in accordance with first key data and a key topology which is a parameter for use in encrypting a plaintext into a ciphertext. A child key generating means for generating second key data for use in the encryption process in the same manner;
Encryption means for encrypting the given plaintext data by a predetermined encryption / decryption method based on the second key data generated by the child key generation means and outputting ciphertext data;
And reproducing the second key data in accordance with the first key data and the key topology, and, based on the reproduced second key data, the ciphertext data output by the encryption unit. A decryption means for decrypting the plaintext data by a predetermined encryption / decryption technique.

According to the present invention, the generated child key data
This specifies that the plaintext data is encrypted and decrypted. Here, the ciphertext data encrypted with the child key data is decrypted as follows. That is, a key topology column, which is a parameter used when a child key is generated, is obtained from a public key topology table, and a multi-affine key system (or a multiple affine key system (or In this case, the child key data used for the encryption is reproduced by performing an arithmetic processing using an encryption method in which the key space is close to that of the above and a weak key can be almost excluded. Then, the ciphertext data is decrypted by the multiple affine key system based on the reproduced child key data, and the contents of the ciphertext can be known.

This process may be manually performed by a user having the master key data, or a series of processes may be automatically performed by software, so that the master key which is the master key is owned. What was encrypted was a very high level of security, with a very low level of child keys created from their own master key, and even a 10-level descendant key, and a huge number of 100-level descendant keys. All ciphertexts can be decrypted and the contents can be known without any discomfort.

Further, the present invention as defined in claim 3, is a selecting means for selecting one first key data from a plurality of key data provided corresponding to a plurality of nodes in a predetermined network; , B is a coefficient, c is the number of times the affine key is used, and n is a sequence K = ｛a, b, c, consisting of four integers, where n is a predetermined number of times (lifetime) that the affine key can be used.
Using a multiple affine key system to which a plurality of affine key data represented by n} are given, the affine key data is used for encrypting plaintext based on the first key data selected by the selection means and a key topology as a parameter. And a child key generating means for generating second key data.

The present invention specifies the definition of a multi-affine key system which is partially used when generating a child key of the master key management system of the present invention. Otherwise, high security and easy access cannot be achieved at the same time.

Further, the present invention as defined in claim 4 is a selection means for selecting one first key data from a plurality of key data provided corresponding to a plurality of nodes in a predetermined network; , B is a coefficient, c is the number of times the affine key is used, and n is a sequence K = ｛a, b, c, consisting of four integers, where n is a predetermined number of times (lifetime) that the affine key can be used.
Using a multiple affine key system to which a plurality of affine key data represented by n} are given, the affine key data is used for encrypting plaintext based on the first key data selected by the selection means and a key topology as a parameter. Child key generating means for generating second key data as a child key; and encrypting the given plaintext data by the multiple affine key system based on the second key data generated by the child key generating means. Encrypting means for outputting sentence data; and reproducing the second key data according to the first key data and the key topology, and based on the reproduced second key data, Decryption means for decrypting the output ciphertext data into the plaintext data using the multiple affine key system; and It is a stem.

The present invention specifies the definition of a multi-affine key system which is partially used when generating a child key in the master key management system of the present invention, and further specifies the child key after the child key is generated. Specifies that this multi-affine key system is also used when encrypting and decrypting plaintext data. Therefore, even if only the easy access of the master key is secured, if the high security is not maintained by using the multiple affine key system, all the information is leaked to a third party. Thus, it specifies the use of a multiple affine key system.

According to a fifth aspect of the present invention, there is provided a selecting means for selecting one first key data from a plurality of key data provided corresponding to a plurality of nodes in a predetermined network; , B is a coefficient, c is the number of times the affine key is used, and n is a sequence K = ｛a, b, c, consisting of four integers, where n is a predetermined number of times (lifetime) that the affine key can be used.
The selection means selected by the selection means based on the first key data selected by the selection means and a key topology which is a parameter, using a multiple affine key system provided with a plurality of affine key data represented by n｝. The first key data is set as at least an affine key of the multiple affine key system, and a random number is generated by the multiple affine key system. When the value of a predetermined bit of the key topology is a predetermined value, the random number is newly set. The affine key when all the processes are completed by repeating the process of resetting as an affine key and performing no process when the value of the predetermined bit of the key topology is not the predetermined value for each bit of the key topology Child key generating means for generating as a second key data which is a child key; Encrypting means for encrypting the plaintext data by the multiple affine key system and outputting ciphertext data; and reproducing the second key data in accordance with the first key data and the key topology. Second
Decryption means for decrypting the ciphertext data output by the encryption means to the plaintext data by the multiple affine key system based on the key data; is there.

The present invention specifies in detail how to generate child key data from parent key data in a multiple affine key system, and an example is specified in the claims. . The rewriting method uses the key topology which is a parameter, for example, first substituting the parent key data into the affine key and the initial value of the multiple affine key system, and sequentially looks at the first bit of the key topology,
If the value is “1”, the random number generated by the multiple affine key is set as a new affine key. If the value is “0”, a random number is generated without performing any processing. Such processing is performed in order from the first bit to the last bit of the key topology. Then, the affine key at the time when one kind of processing is completed is output as child key data.

However, this is merely an example, and in actuality, the child key data is generated by a procedure in which regularity is not generated as much as possible by the master key data, the key topology data as a parameter, and the multiple affine key system. It is necessary. In this way, even if a third party obtains the child key data and the key topology which is a parameter for generating a child key, and tries to identify the parent key data by repeating trial and error, the endless multi-affine key system is used. This master key data cannot be decrypted based on the function of generating a pseudo random number close to a true random number. Therefore, with the master key management system of the present invention, it is possible to easily decrypt the lower-order encrypted data using the master key with very high security.

According to a sixth aspect of the present invention, there is provided a source key storage means for storing, in a predetermined area, first key data having a random number generated by performing a random number generation as a source key; Child key generating means for generating second key data for use in encryption processing by using a multiple affine key system in accordance with the first key data which is the primitive key stored in the means. And a master key management system having:

The present invention further specifies that, when the parent key from which a child key is generated is the first original key, the original key is generated by performing random number generation. The generation of the random number of the primitive key itself is not limited to the one generated by the multiple affine key system.

According to a seventh aspect of the present invention, there is provided a local area network system in which a plurality of digital data processing terminals are mutually connected by a communication line to perform digital signal communication according to a predetermined protocol. At least one digital data processing terminal among the data processing terminals uses a multi-affine key system according to first key data and a key topology which is a parameter for use in encrypting plaintext into ciphertext. Means for generating second key data to be used for the encryption processing, and repeating this child key generation processing to generate a hierarchical key data tree in the local area network. And multiplexing the given plaintext data based on the second key data generated by the child key generation means. Encrypting means for outputting ciphertext data which is encrypted by a fine key system and supplying the encrypted data to another digital data processing terminal of the plurality of digital data processing terminals via the communication line; and the first key The second key data is reproduced according to the data and the key topology, and based on the reproduced second key data, the cipher output from the another digital data processing terminal by the encryption means is output by the encryption means. Decryption means for decrypting the sentence data into the plaintext data using the multiple affine key system; and a function of a master key management system having a function of a master key management system.

Further, the present invention specifies an embodiment in a case where the above-mentioned master key management system is extremely effective, for example, in a LAN constructed in one company. For example, by applying the master key management system of the present invention to a LAN, conventionally, the structure is one row side by side, and even if a password is set, each password must be stored.
It solves the problem that management is very difficult. In other words, if the device that has the master key data as the master key sets the child key data based on the master key data, the device that has the master key data for the encrypted data created and encrypted based on the If this operation is easily automated according to the instructions of, the ciphertext data for the lower-level child key data created by the user can be decrypted and viewed without realizing that it is encrypted depending on the setting. Become.

On the other hand, this convenience is realized.
The key topology, which is the identification information (primary key and key topology sequence for reproducing the master key) of the disclosed master key and the parameters, is generated by generating the child key data from the master key data by the multiple affine key system. This disclosure will be possible. Therefore, even if the identification information of the parent key and the key topology, which is a parameter, are disclosed, even if a third party attempts to decrypt the data by combining the child key data with the data of the key topology, the third party cannot decrypt the first parent key data. Since it cannot be specified, a hierarchical key system as in the present invention can be realized.

The present invention described in claim 8 uses a predetermined one-way function according to first key data and a predetermined parameter used when encrypting a plaintext into a ciphertext. Thus, a master key management system is also characterized in that second key data to be used for encryption processing is generated.

Further, according to the present invention, when child key data is generated from parent key data, if there is a function that enables one-way equivalent to that of the multiple affine key system of the present invention, the function can be used by using this function. It is suggested that it is possible to realize the master key system of the present invention.

Here, the one-way function is a function f
In (x), when f (x) = y, the function is such that the original value of x cannot be specified from the value of y of the operation result. In other words, although it can be predicted that x → y will be obtained by the function f (x), x based on the value of y has been calculated.
The problem is whether or not the value of can be specified. According to general functions and conversion processing, the value of the first x can be specified from the value of the operation result y after various trial and error. Such a general function cannot be used to implement the master key management system of the present invention.

A one-way function in a practical sense, such as a multi-affine key system according to the present invention, in which it is extremely difficult as a matter of fact to specify the original value of x from the operation result y. Is a function that functions with a certain speed or more even when incorporated in a key management system, and furthermore, a function that generates an operation result that is appropriate as encryption key data is used. This claim indicates that a master key management system can be implemented. At present, it is difficult to specifically increase such a function.

The present invention according to claim 9 is a selection means for selecting one piece of first key data from a plurality of key data provided corresponding to a plurality of nodes in a predetermined network; , B is a coefficient, c is the number of times the affine key is used, and n is a sequence K = ｛a, b, c, consisting of four integers, where n is a predetermined number of times (lifetime) that the affine key can be used.
Using a multiple affine key system to which a plurality of affine key data represented by n} are given, the affine key data is used for encrypting plaintext based on the first key data selected by the selection means and a key topology as a parameter. Child key generating means for generating second key data as a child key; and encrypting the given plaintext data by the multiple affine key system based on the second key data generated by the child key generating means. Encrypting means for outputting text data; and identification information of the first key data used by the child key generating means and the key topology are attached to the encrypted text data encrypted by the encrypting means. Transfer means for transferring, as transfer data in a predetermined format, one of the plurality of nodes in the predetermined network. It is a management system.

The present invention includes a data format handled by the master key management system and transmitted through a communication line or the like.
By attaching the identification information of the master key and the key topology (column when there are multiple) as a parameter, even for a public network such as the Internet,
It shows that the tree structure of the common key of the master key management system of the present invention can be realized. Therefore,
A user having master key data (master key) can provide child key data to another person via the Internet, for example. After that, not only the ciphertext data created by the other party who received the child key data but also the descendant key data after the grandchild key created by the third and subsequent huge amount of the third party who received the child key data, Reproduction can be performed by referring to the master key and the key topology table stored in the shared area. Therefore, it is possible to freely access and decrypt even ciphertext data based on an enormous number of descendant key data started from its own master key. This makes it impossible to identify the parent key from the descendant key and the key topology table, even for an extremely low-security network that is open to the public, such as the Internet. Easiness can be realized.

According to a tenth aspect of the present invention, in a computer device for processing digital information in accordance with a stored operating system, plaintext data is converted to ciphertext data as a part of the function of the operating system. By using a multiple affine key system according to the first key data to be used in the encryption process and the key topology which is a parameter, it is possible to similarly use the key topology in the encryption process according to the key topology. Child key generation means for generating second key data; and as a part of the function of the operating system, given plaintext data based on the second key data generated by the child key generation means, is used in a multiple affine key system. Encrypting means for encrypting the data into ciphertext data and storing the encrypted data in a predetermined area; As part systems out of function, the first
The second key data is reproduced according to the key data and the key topology, and based on the reproduced second key data,
Decryption means for decrypting the ciphertext data stored by the encryption means into the plaintext data using a multiple affine key system.

The present invention specifies a case where a function of the master key management system is incorporated as a part of an OS in a computer device which processes digital data according to a stored operation system (OS). . As a result, processing such as assigning a new descendant key to a third party can be performed without the user being aware that the master key management system is being used. Is to automatically reproduce, decipher, and browse the common key, thereby eliminating the burden on the user and the discomfort caused by performing a special operation. In this way, the user is unconsciously protected by the high security provided by the encryption by the master key set by the user, and specially protects many encrypted document data by descendant key data derived from the master key. It is possible to freely access and browse without requiring an operation.

The present invention described in claim 11 uses a multiple affine key system according to first key data and a key topology which is a parameter for use in encrypting a plaintext into a ciphertext. By doing so, a master key management method is also characterized in that second key data to be used for encryption processing is generated.

According to the present invention, the essence of the present invention is a master key unique management method. Therefore, the present invention is not limited to the device alone, and the above-described effects can be obtained in the master key management method itself.

According to a twelfth aspect of the present invention, there is provided a computer readable program having a processor, which is loaded into a computer memory at the time of execution, and encrypts the plaintext data into ciphertext data. According to the first key data to be used in the processing and the key topology which is a parameter, the multiple affine key system is used, so that the second Child key generation means for generating key data; and, based on the second key data generated by the child key generation means, encrypts the given plaintext data into ciphertext data using a multiple affine key system and stores it in a predetermined area. Encrypting means for reproducing the second key data according to the first key data and the key topology;
Master key management for functioning as decryption means for decrypting the ciphertext data stored by the encryption means into the plaintext data by a multiple affine key system based on the reproduced second key data. Is a program that performs

According to the present invention, the essence of the present invention is a unique management method of the master key. Therefore, the present invention is not limited to the apparatus alone, and produces the above-described effects in the computer program itself.

[0042]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS A master key management system according to the present invention will be described below in detail with reference to the drawings.
FIG. 1 is a flowchart showing a procedure for generating a descendant key by the master key management system according to the present invention. FIG. 2 is a flowchart showing a procedure for generating a primitive key according to the present invention.
Is a flowchart showing a procedure for generating a child key according to the present invention, FIG. 4 is a flowchart showing a procedure for encryption processing by the master key management system according to the present invention, and FIG.
It is a flowchart which shows the procedure of the decryption processing by the master key management system which concerns on this invention.

FIG. 6 is a block diagram of a computer to which the master key management system according to the present invention is applied, FIG. 7 is an explanatory diagram showing the principle of the master key management system according to the present invention, and FIG. FIG. 9 is an explanatory diagram showing a case where there is no master key, and FIG. 9 is an example of an LA to which the master key management system according to the present invention is applied.
Block diagram showing the configuration of the N system, FIG.
FIG. 1 is an explanatory diagram for explaining a hierarchical tree virtually configured by the master key management system according to the present invention;
FIG. 1 is an explanatory diagram showing an area accessible by the master key management system according to the present invention.

<< Master Key Management System >> (Summary) The master key management system according to the present invention is a public key management system using a multiple affine key system, which will be described in detail later, and is implemented within a certain network. It is a technique that is performed. That is, instead of performing encryption / decryption of confidential data or the like with a single key data as in the conventional case, the master key data is converted using a multiple affine key system based on certain parameters (key topology). Rewriting is performed by a fixed method to generate descendant key data such as child key data and subordinate key data thereunder, and an encryption / decryption process is performed using these descendant key data.

Thus, in contrast to the conventional LAN communication mode (FIG. 9), which has been arranged side by side in the past, for example, a hierarchical key data tree structure (FIG.
0) can be constructed.

The master key management system can specify the processing mainly in three stages. The first stage is a process for generating child key data from parent key data.

The second stage is a process for encrypting confidential data based on the generated child key data.

In the third stage, the encrypted ciphertext data is
This is a process of decrypting with the child key data reproduced from the parent key data.

FIG. 1 shows a flowchart of the first-stage generation of the descendant key, FIG. 4 shows a flowchart of the second-stage encryption process, and FIG. 5 shows a flowchart of the third-stage decryption process. ing. Further, FIG. 2 shows a flowchart for generating a primitive key, and FIG. 3 shows a method for generating a child key using a multiple affine key system.

At the first stage, in the master key management system, as shown in FIG.
1 uses a key topology 34 as a parameter,
A one-way function (it is called an actual one-way function in the sense that it generates a pseudo-random number as close as possible to the true random number, so it is extremely difficult to identify the value before calculation from the calculation result) Using a certain multi-affine key system 32, a common key 33 as child key data is supplied. afterwards,
The certain parameters (key topology) used in the generation of the child key are disclosed in the shared area together with the identification information of the parent key (a primitive key for reproducing the parent key and a key topology sequence).

In the second stage, a lower-level person connected to a network such as a LAN, which has received the generated child key data, encrypts the confidential data based on the child key data using a multiple affine key system or the like. (Not necessarily limited to this) and store it in a predetermined area.

In the third stage, the child key data owner can decrypt the cipher text data with the child key data obtained when the cipher text data is encrypted, as in the related art. Further, in the present invention, the owner of the master key data is used for generating the identification information of the master key (primary key for reproducing the master key and the key topology sequence) and the child key data which are disclosed in the shared area. From the key topology 34, the child key data is reproduced based on its own master key data, whereby the encrypted data encrypted by the lower party can be decrypted. What should be noted here is
You can play not only the child key data you generated,
Even the child key data generated independently by the child key data owner and the indefinite number of descendant key data below the grandchild key data under the child key data can be reproduced from the own parent key data and the public information. Therefore, it is possible to construct a hierarchical key data tree structure (FIG. 10), for example, as shown in a company organization chart, for example, for a LAN communication mode (FIG. 9) that is arranged side by side. .

(Detailed Description of Processing Operation) Hereinafter, a detailed embodiment of the master key management system will be described in detail with reference to flowcharts and other explanatory diagrams. FIG. 12 is a diagram showing a format of a common key and a format of a key topology table, FIG. 13 is a diagram showing an operation screen for generating a primitive key and an operation screen for generating a child key of an application of the master key management system, and FIG. FIG. 15 shows a format of encrypted data provided by the management system.
FIG. 16 is a diagram showing an operation screen of an application of the master key management system. FIG. 16 is an explanatory diagram for explaining an encryption process and a decryption process by the master key management system in a format.

FIG. 1 is a flow chart for explaining a procedure for generating a descendant key of a master key management system realized in a personal computer connected to a network as shown in FIG.

Referring to FIG. 6, this personal computer device includes a CPU 11 and a ROM 13 storing a control program and the like via a data bus connected thereto.
And a RAM 15 to which a processing area is provided when each data processing is performed, and I / Os 17, 19, and L connected thereto.
Network interface 2 connected to network 28 such as AN, WAN, Internet, telephone line, etc.
0, and connected to the hard disk 26.
The hard disk 26 has an operating system 27 and an area 29 for storing data of application programs. In FIG. 6, a master key management system and a multiple affine key system described in detail later are described as a part of the operation system. By incorporating the functions of the master key management system and the multi-affine key system as a part of the operating system in this manner, the user can enjoy the benefits of the system with as few operations as possible without any discomfort. However, the master key management system uses an external application program 29
It is possible to obtain the same security and the effect of deciphering and browsing to a lower key.

The process of generating the child key data from the master key data, which is the first stage process, will be described with reference to FIG. FIG.
In FIG. 13, as shown in FIG. 13B, the user uses the common keys L _{1 to} L ₂₁₂ in each of the nodes N _{0 to} N ₁₁ connected to the network as a parent key to be used when generating a child key. One parent key in the node is selected (S1). If a child key of the key selected here is not generated (S2), FIG.
A child key search button is pressed in (b) of FIG. 3, and a list of child keys is displayed from the key topology table of the key selected in the screen of (c) of FIG. 13 (S3). Further, the user specifies one child key from this list (S4), and obtains the key data of the selected parent key and the key topology ω of the specified child key from the list.
The key data of the child key is reproduced (S5). If the lower-level child key data is searched using the selected child key data as the parent key, the processing of steps S3 to S5 is repeated.

If the parent key for generating the child key is determined (S
2) The user inputs the name of the new child key from the screen shown in FIG. 13D (S6). Further, a key topology used for generating a child key is generated (S7). Here, the key topology is a parameter used when a child key is generated from a parent key. Although the bit length of the key topology is not specified, it is 16 to
Desirably about 32 bits. Next, using the master key selected to be used for key generation and the key topology disclosed in the public area, using the multiple affine key system, as shown in the flowchart of FIG. Key data is generated (S8).

The common key format of the child key data at this time is shown in FIG. First, an ID _L, which is an ID 91 of a primitive key, is provided, followed by a key topology column 92, α, β,. Next, the generated key data 93 is
Finally, a key topology table name 94 is provided.

[0059] Then, to update the key topology table corresponding to the Shinko key L _N, generates a new key topology table for Shinko key L _N (S9). Thus, key management is performed by the common key and the corresponding key topology table. The secret key is stored in the node that uses the key,
It cannot be taken outside. The key topology index is stored in the common area (S10). FIG. 6 shows the format of the common key and the key topology table.

[0060] In the key topology table, first provided ID _L is an ID96 of primitive key, is a column 97 of the next key topology α, β, ... it continues. Up to this point, it is the same as the common key format. However, no key data is attached, and a key topology index 98 is attached after the key topology column in the key topology table. The key topology index 98 is a list of child keys generated from the key L, and describes a key topology used for generating a child key and a list of child key names generated therefrom. In addition,
The key topology index is encrypted with the common key L. Therefore, the key topology index 98 can be referred to only by a node having a key higher than the common key L. The common key and key topology table without a key topology column are as follows:
The source key and its key topology table. The key topology index of a primitive key can be referenced only by the node having the primitive key.

Finally, the generated new child key _LN is
It is distributed to the node N that needs it (S1
1). As a result, the lower node N can encrypt the plaintext data to be kept secret using the child key data.

Next, generation of a primitive key for generating parent key data from the beginning when generating a child key will be described with reference to the flowchart of FIG.

First, a primitive key name is input from the operation screen as shown in FIG. 13A, and a primitive key generation button is pressed (S2).
1). Next, the system determines the I corresponding to the input primitive key.
D is generated (S22). This ID needs to be unique on the network, and the occurrence of the same ID must be avoided. Then, a random number is generated by a predetermined method, and this is used as key data (S23). A source key L and a key topology table are created based on the key data (S24). The created key topology table is stored in the shared area 51 such as a server (S25).
Further, the generated primitive key L is stored in a predetermined area in the node N (S26).

The source key is provided with an ID.
It is important that D is recorded in a common key format or key topology table. Further, in the generation of the descendant key in FIG. 1, it is not always necessary to generate a descendant key from the original key. Keys can also be generated.

An embodiment of generating a child key using the multiple affine key system of the present invention will be described with reference to the flowchart of FIG. In the following cases,
The key rewriting method of the multiple affine key system is merely an example of generating child key data from parent key data according to a parameter called a key topology, and various other methods of using the multiple affine key system are conceivable. Also in those methods, the child key data owner cannot specify the parent key data as in the following cases.

[0066] In FIG. 3, first, set as affine key data K and the initial value _{x 0} of the multiple affine key system described in detail below parent key data _{L 1} (S31). Next, the processing for a particular bit omega _i key topology omega as follows (S32). Then produce about 2nM random numbers _{R k} by the random number generation function of the multiple affine key system (S33). Here, n is the life of the key, and M is the number of keys. Next, when the value of the i-th bit of the key topology, ω _i, is, for example, “1” (S34), 2M random numbers are generated by the multiple affine key system and set as a new affine key K. Fix (S3
5). In order to perform such an operation for each bit value of the key topology ω, it is determined whether all ω _i have been selected (S36), and the next bit value of ω _i is selected (S3).
7). The processing order at this time may be such that processing is performed in order from the first bit to the last bit, or may be another predetermined order. One key topology ω
Is generated, new child key data _LN is generated by such rewriting processing of the value of the affine key K, and this is output (S38).

As described above, the child key data is generated from the master key data by using the random number generation operation of the multiple affine key system. , The random number is generated in a very peculiar manner based on the key key data, so that even if the owner of the child key data attempts to predict the parent key data from the key topology and its own child key data, multiple Since key data cannot be specified, parent key data cannot be specified. Therefore, the identification information of the master key (primary key and key topology sequence for reproducing the master key) and the key topology which is a parameter related to the generation of the child key, which are features unique to the master key management system of the present invention, are disclosed. Using this public information, the master key owner can reproduce a huge amount of descendant key data by itself, and easily decrypt all ciphertext data using all lower-order descendant key data. Therefore, a tree structure of a common key can be constructed.

Here, it can be said that the multi-affine key system is an infinitely one-way function. The one-way function referred to here is a function such that when f (x) = y in a certain function f (x), the original value of x cannot be specified from the value of y of the operation result. is there. That is, the function f
Although it can be predicted that x → y in (x), it is a problem whether it is possible to specify the value of x that was the source of the operation from the value of y. According to general functions and conversion processing, It is possible to specify the first value of x from the value of the operation result y after various trials and errors, and it is impossible to realize the master key management system of the present invention using such a general function. Can not.

A practical one-way function, such as the multiple affine key system according to the present invention, in which it is extremely difficult as a practical matter to specify the original value of x from the operation result y. Is a function that functions with a certain speed or more even when incorporated in a key management system, and furthermore, a function that generates an operation result that is appropriate as encryption key data is used. This claim indicates that a master key management system can be implemented. At present, it is difficult to specifically increase such a function.

The encryption process using the descendant key data, which is the second stage process, will be described in detail with reference to the flowchart of FIG. In FIG. 4, first, key data to be used when performing the encryption process is determined. Common keys L ₁ to L ₁ in a plurality of nodes N _{0 to} N ₁₁ in network 28
From L _122, as a parent key to be used for encrypting plaintext data to be encrypted, selects one from the operation screen (a) of FIG. 15 (S41). Then, if this key is not used for the encryption process, but the child key under it is to be used (S4
2) A list of child keys is displayed using the key topology table of the selected key data (S43). And the user
The child key data is specified from this list (S44). The key data of the child key is reproduced from the parent key data selected in step S42 and the key topology ω of the specified child key (S45).

The child key data lower than the reproduced child key data
If the data is to be encrypted, step S43 is performed again.
Step S45 is repeated (S42). At first
The key data selected in step S41 and the key data selected in step S4
If encryption is performed with child key data reproduced in step 5,
(S42), on the operation screen of FIG.
Plaintext data m_kSpecify as source data and encrypt
Then, the user presses the button (S46). Specified plaintext data mk
Based on the specified key data.
It is encrypted by the stem (S47). However here
Means that plaintext data is not necessarily a multi-affine key system.
It is not mandatory to encrypt, but with other cryptographic methods
Even if encrypted, the master key management system according to the present invention
To build a multi-layered tree structure of common keys
Can be. Finally, ciphertext data c _kTo the primitive key ID,
A key topology column is added, and a predetermined
It is stored in the area (S48). Here, FIG.
, And the source key ID 10
ID that is 1_LIs provided, and then column 10 of the key topology
Followed by α, β, ..., and then the encrypted ciphertext data
Data c_k103 is provided. Encryption of encrypted data
Only the ciphertext part is used.
The polog column is not encrypted.

FIG. 16 is an explanatory diagram showing this encryption processing in a format. In FIG. 16, key data 111 used for encryption is expressed in a format having a source key ID, a key topology column, key data _Lαβ , and a key topology table name. This key data _Lαβ is rewritten in order with other key topologies γ, δ,..., Ω as key data 112, key data 113,..., And finally required key data 114 is reproduced. You. _{.. Ω} , and finally a ciphertext c _k 115 can be obtained in a format to which a source key ID and a key topology sequence are added.

The encryption process using the descendant key data, which is the third stage process, will be described in detail with reference to the flowchart of FIG. In FIG. 5, first, the master key name is specified on the operation screen as shown in FIG. 15C, and the ciphertext _ck to be decrypted is specified (S51). If the execution button is pressed in this state, it is determined whether the source key ID and the key topology column are common (S52). At this time, if the two are not common, the key data cannot be reproduced, so that it is displayed that the key data cannot be decrypted (S53).
If they are common, new common key data is created using the current common key data and the next key topology ω (S
54). If further performing this process for all the key topology ciphertext (S55), and decrypts the ciphertext c _k of the eventually reproduced common key data, it is possible to obtain the plaintext data m _k (S56) .

FIG. 16B illustrates the decoding procedure in a format. In (b), it is confirmed that the ID of the primitive key and the first two key topologies are the same between the data 125 of the ciphertext _ck and the common key file 121 of the node. If they are different, the ciphertext cannot be decrypted. Then the ciphertext data 125 is further key topology γ for key topology, because of δ is key topology γ to key data L _{.alpha..beta,}
Using δ in order, key data L _αβγ 122 and key data L _αβγδ are generated in order. And key data L
_αβγδ by, and finally outputs the plain data _m k 124 decrypts the ciphertext _{c k.}

The operation associated with these processes may be manually performed by the user having the master key data, or a series of processes may be automatically performed by software, and by doing so, the master key is used. The owner of the master key can decrypt all ciphertexts encrypted with an enormous amount of descendant keys created from their own master key without any discomfort under very high security You can know.

According to the above-described procedure, even if the owner of the master key data owns only the master key data, the master key data and the key topology sequence included in the format of the common key data and the ciphertext data can be used. , The descendant key data used for encryption can be reproduced. Therefore, it becomes possible to decrypt all the ciphertext data by its own descendant descendant key data, which means that a hierarchical key tree structure is constructed for a flat network structure. As a result, a master key management system capable of giving hierarchical weight to the degree of disclosure of information is realized.

It should be noted that such a public-type hierarchical key tree can be realized by the identification information of the parent key that is disclosed by the parent key owner (a primitive key for reproducing the parent key and a key topology sequence). ) And the parameters (key topology) used for the generation of the child key, and the child key owner can determine the parent key from the child key data of the child key and the public key topology. It is based on the high security capability of the multi-affine key system that the key cannot be specified. If you generate a child key from a parent key using a general function and publish the parameters at the time of generation, the child key owner and the public key topology used when generating the child key and your own child key Thus, the key data as the master key can be specified. Therefore, the security of the encryption is broken, and such an open-type hierarchical system cannot be realized.

(Operation and Effect of Master Key Management System) As described above, the operation and effect when the master key management system is used for a digital terminal connected to a network such as a LAN will be specifically described with reference to the drawings. Will be described.

[0079] In conventional network configuration is not possible hierarchical key data is set, thus between the keys L ₁ and the key L ₂ alone, as shown in FIG. 8, can be accessed However, the only option is to access the respective areas 35 and 36 using the respective keys L ₁ and L ₂ .

For example, consider a LAN constructed in a company as shown in FIG. Here, nodes N _{0 to} N ₁₁ , which are terminal devices such as personal computers, are connected to a network, respectively, and further shared areas 51 such as servers.
Is provided. In this shared area, a key topology table for managing encrypted shared data and a common key is placed. A key topology table exists for each of the primitive key and the descendant key. Each node can communicate with each other, but all can communicate uniformly one-to-one, and are not weighted at all. Therefore, the operation of such LANs arranged side by side is inconsistent with the pyramid-type command mechanism inherent in a corporate organization, and this tendency is promoted too much, and the organizational power is reduced, and unnecessary diffusion or leakage of corporate information. May occur.

In FIG. 9, each of the nodes N _{0 to} N ₁₁ has a common key L _{11 to} L ₁₁ permitted at that node.
_{It has 1212} . At this time, as shown at node _{N 11,} it may possess a plurality of common keys _{L 112, L 121.} In this case, it is possible to access data encrypted with both child keys and grandchild keys. Also, nodes N ₀ , N
_As shown in FIG. ₅ , one network can have a plurality of primitive keys L ₁ and L ₂ , and N8 can have child keys generated from a plurality of primitive keys.

The above-described master key management system is shown in FIG.
By adapting to a LAN such as
It is possible to construct a hierarchical key data tree structure like this
It becomes possible. Now, node N₀At 52, the master key that is the primitive key
L₁, And a child key L is assigned to each node from here.₁₁, L
₁₂Is supplied. Furthermore, the master key L₁Owner or child key L
₁₁, L₁₂From the owner of the descendant key L₁₁₁,
L₁₁₂, L₁₁₃, L₁₂₁, L₁₂₁₁, L
₁₂₁₂Is supplied. Key whose child key was created from the parent key
Topology α₁, Α₂, Β₁~ Β₄, Γ₁, Γ₂Each
And are shown together. Based on these key data
When encryption is performed, node N₀Key data L at₁
Of the lower key L₁₁, L₁₂Encrypted with
Grammatical data and further lower descendant keys L₁₁₁, L
₁₁₂, L₁₁₃, L₁₂₁, L₁₂₁₁, L₁₂₁₂
Access and decrypt ciphertext data encrypted by
It will be possible to read. It should also be noted that the present invention
According to the master key management system according to
Master key management while maintaining the communication function of 1 LAN
Performs encryption / decryption using key data supplied from the system
This kind of hierarchical tree is only used for encrypted text data.
-That the security of the structure is given.

The situation in which a higher order person can access a lower order is intuitively represented in FIG. 11, accessible area 81 in the key _{L 1} is accessible area 82 in the key _{L 11,} the key L
₁₂ covers an area 86 accessible. Furthermore, accessible area 82 in the key _{L 11} are accessible area 83 in the key _{L 111,} accessible area 84 in the key _{L 112,} it covers the accessible area 85 in the key _{L 113.} Similarly, the key _{L 1} accessible area 86 in ₂ accessible area 87 in the key _{L 121,} accessible area 8 with the key _{L 1211}
8, the area 89 accessible by the key L ₁₂₁₂ is respectively covered.

[0084] In this case, the accessible area 82 in the key _{L 11,} accessible area 81 on top of the key _{L 1}
The can not be covered all the accessible area 83 in the key L _111, key L ₁₁ of course is not possible to all accessible area 82 covered by.

Further, the network to which the master key management system of the present invention is applied may be not only a company LAN but also a WAN, an intranet, the Internet, or the like.

As a packet format and a processing data format at the time of communication, a common key data format shown in FIG. 12A, a key topology table format shown in FIG.
What kind of network is provided on condition that the ciphertext data format in FIG. 14 is guaranteed, and that a shared area such as a file server for storing and managing encrypted shared data and a key topology table exists in the network. Also, the master key management system of the present invention can be realized.

(Example of application to a wide range of networks) FIG.
FIG. 4 is an explanatory diagram illustrating a tree when the master key management system according to the present invention is applied to a communication network of an actual company organization. FIG. 17 shows a case where the master key management system of the present invention is applied to, for example, a communication network of a restaurant industry having a plurality of branches in a local area.

In this case, the communication network is not entirely composed of a LAN, and at least the chairman 131, the head office 132 of the Yokohama head office, the head office 133 of the Tokyo branch office, the head office 134 of the Chiba office 134
It is expected that there will be a WAN (Wide Area Network). At this time, by providing the shared area in the LAN within each branch, it is possible to access the key topology table and the like stably and at high speed.

In the communication network shown in FIG.
Based on the primary key L1
Key L₁₁, Tokyo Branch Manager 133 Child Key L₁₂, Chiba Branch Manager
134 to child key L₁₃Are supplied respectively. Yokohama book
The first sales manager 135 to the eighth business
Key L of manager 136₁₁₁~ Key L₁₁₈Is supplied.
Further below this, the key L of section manager 139 to section manager 140
₁₁₁₁~ L₁₁₁₄Is supplied. Further below these
Has key data L of section A151 to section E153
₁₁₁₁₁~ Key data L₁₁₁₁₅Is supplied. Section
Below member A151, part-timers A161 to
C163 key data L₁₁₁₁₁₁~ L_{111 113}
Is supplied. Similarly, section E153, section 4 section A1
Similarly, the key data of the lower rank of 54-section F155
Is supplied.

The Tokyo branch manager 133 and the Chiba branch manager 134 also have a hierarchical key tree structure 137, 138, 142, 157, 1 as the Yokohama head manager 132 has.
66,167. Therefore, the person having the upper key data can access the encrypted data encrypted by the person having the lower key data.

Here, for example, the first section manager 139 can browse the ciphertext data of the section members A to E of the section and the part-timers A to C under the section section 139. You cannot browse the information at. But the first
The sales manager 135 can browse all information in his / her own department, and the chairman 131 can browse all information in all stores. As information that should be kept confidential, business information such as sales in departments and sections, personnel information, and the like can be targeted.

According to the present invention, by practicing the master key management system according to the present invention in a network, while preserving the function of the conventional side-by-side LAN,
A hierarchical key tree structure can be built in the network. Therefore, the hierarchical structure according to the company's original command mechanism does not occur without lowering the organizational power and unnecessarily dispersing or leaking the company information due to the flat LAN function which is inconsistent with the original pyramid type command mechanism of the business organization. Rapid distribution of corporate information can be made possible.

<< Multiple Affine Key System >> A multiaffine key system which is essential for realizing the master key management system according to the present invention will be described in detail with reference to the drawings.

[Features of random number generation device using multiple affine keys] The random number generation device using multiple affine keys (multiple affine key system) of the present embodiment is a known plaintext attack on stream ciphers that can operate at high speed. In order to eliminate the weakness caused by the above, a high-quality pseudo-random number having extremely high periodicity as close as possible to the true random number is generated, and a stream cipher is created using the pseudo-random number. As a result, it is intended to completely eliminate the decryption of a third-party stream cipher.

That is, in a stream cipher that realizes high speed required by encryption technology, if a pseudorandom number used for encryption has periodicity, a third party can easily generate a random number. Constants and algorithms that have been discovered. Therefore, it cannot be used in situations where high security is required.

The random number generating apparatus using a multiple affine key (multiple affine key system) of the present invention aims to generate a very high quality random number that makes it impossible to decrypt a stream cipher.

It has been proved by Shannon that there is no decryption method in the Vernam cipher, which is a stream cipher that uses a complete random number only once. Therefore, if we can provide a random number generator that can generate pseudorandom numbers as close as possible to perfect random numbers, the stream cipher will not be analyzed by a third party for pseudorandom number generation even with the known plaintext attack method. , Can be used as a high-speed and highly confidential encryption device.

A random number generating apparatus using a multiple affine key (multiple affine key system) according to the present invention rewrites a plurality of affine keys every predetermined number of times of use. Is selected to generate a random number sequence. In this way, a third party who intends to break the cipher collects random number sequence data and applies a plurality of key data, Even trying to clarify the algorithm, the random number itself has only short-term information while the key is being rewritten, and there are more than one key to be specified, and it can be determined which key was selected when the random number was generated. No, it is impossible in principle.

More specifically, the random number generating apparatus generates a high-quality random number using a multiple affine key. At this time, the coefficient of the multiple affine key is rewritten every certain number of times of use. . In other words, a multiple affine key that is rewritten every certain number of uses is used as an encryption / decryption key that is difficult for a third party to decrypt, and multiple multiple affine keys are prepared. The keys are mutually referred to and the coefficients are automatically updated, thereby eliminating the decryption by the third party undecided coefficient method.

That is, the present invention defines a key lifetime for each of a plurality of affine keys, and has a function of automatically rewriting old keys (coefficients of multiple affine keys). Instead of a pseudorandom number having regularity as in the past, a pseudorandom number sequence having a property close to a true random number with a period long enough to make measurement difficult is generated. As a result, a stream cipher that could not be used because of the risk of decryption even if it was known to be high-speed can be used without being seen by a third party.

[Description of Affine Key] The affine key used in this embodiment will be described below.

An affine key used in the present invention corresponds to a coefficient of a multiple affine key for generating a random number sequence used for encryption.

The affine key K is composed of four integers K = ｛a,
b, c, n}.

Further, the affine key is used for generating a random number and updating the affine key itself. Therefore, when these two are defined, the function of the multi-affine key system is specified.

The generation of random numbers by the integer affine key K is defined by the following equation. K (x) = ax + b where c is a counter that counts how many times the affine key has been used, and n is the upper limit (lifetime) of the number of times this key can be used. Then, one affine key generates a pseudorandom number according to the Lemer method.

In practice, a single affine key is not used, but a plurality of affine keys are given, and a key used for random number generation and a key for rewriting the key are appropriately selected. Since it is a key system using a plurality of affine keys, it is called a multiple affine key system.

In the multiple affine key system, when the number of keys is M, a plurality of affine keys {K [i]} (0 ≦ i
.Ltoreq.M-1) and one procedure indicating a key rewriting process: a procedure (procedure) w (i, j: integer). Here, the multiplication method and the addition method use the operation of the finite field considered.

This procedure: In the procedure, the coefficient a of the i-th affine key K [i] to be rewritten
Is rewritten based on the coefficients a and b of the j-th affine key K [j], which is a reference for rewriting.

Further, the coefficient b of the i-th affine key K [i] to be rewritten can be rewritten based on the coefficient a and the coefficient b of the j-th affine key K [j] which is a reference for rewriting. Understand.

The random number generation device using such multiple affine keys (multiple affine key system), when given each initial value, continues to generate random numbers according to one key selected from a plurality of keys. If you exceed the number of times the key is used,
A key for rewriting the key is selected, and the coefficients a and b of the affine key are rewritten.

The random number generation device using such a multiple affine key system is realized by an electronic circuit board having a digital circuit configured according to the above-described procedure. Furthermore, by creating a program for the computer to process the affine key data in accordance with the above-described procedure and causing the computer device to execute the program, the same operation and effect can be easily obtained. The pseudo-random number generated by such a procedure is infinitely close to a true random number and has a long period that cannot be measured. It is impossible in principle to try to decipher by the undetermined coefficient method.

[Variables Used in Multiple Affine Key System] Here, variables, operators and functions repeatedly used in a random number generation device using a multiple affine key of the present invention are defined below. The variables are defined as follows, where M is the number of affine keys, K [i]. a is the coefficient a K [i]. i of the i-th (0 ≦ i ≦ M−1) affine key. b is the coefficient b K [i]. i of the i-th (0 ≦ i ≦ M−1) affine key. c is the number of times of use of the i (0 ≦ i ≦ M−1) affine key c K [i]. n is the lifetime of the i-th (0 ≦ i ≦ M−1) affine key n K is the entire affine key, and K = K ｛K [i] | 0 ≦
i ≦ M−1}, and K [i] = {K [i] .a, K [i] .b, K [i] .c, K [i] .n}, where k is the encryption / The number of words for decoding (k = 1, 2,...) X0 is the initial value x _k of the internal random number, the variable R _k for the internal random number is the random number output _mk , the plaintext _ck is the ciphertext i Is the affine key pointer j for random number generation, the affine key coefficient a rewriting pointer j _b is the affine key coefficient b rewriting pointer offset, and is set in the range of 1 ≦ j _b <M, but may be 1. None vkey is a key rotation variable v ₀ is a key rotation variable initial value v is a key rotation variable increment z is a processing unit 1/2 z _r is a set of bit positions used for random number output z _p is a set operators of bit positions to be used in the affine key specified, are defined as follows, *, × is the multiplication + is added (mod) is The remainder (+) is addition (and) modulo M, logical product (or), logical sum (xor), exclusive logical sum (shl) z is left shift, and the total bit length Is 2
By traversing 2 to the power of z when z, for example, (1111)
0110) (shl) 4 = (000011111).

The function is defined as follows, and f
(x _k , z ₁ ) is defined as a bit string indicated by z ₁ extracted from x _k .

<< Encryption / Decryption Apparatus Based on Multi-Affine Key System >> A multi-affine key system used in the master key management system according to the present invention will be described below. The following is an embodiment of an encryption / decryption device using a computer device. This realizes a stream cipher which has both high speed and difficulty of decryption by a third party by processing multi-affine key data or the like in a predetermined procedure. This can be performed on an electronic substrate centering on a logic circuit, or the logic circuit can be performed on a one-chip LSI. Furthermore, it goes without saying that almost the same result can be obtained by creating a program for realizing the algorithm of the present invention, loading it into the memory of the computer device and executing it.

[Description of Operation of Computer Apparatus Focusing on Random Number Generation Method] This embodiment will be described below in detail with reference to the drawings. FIG. 18 is a flowchart illustrating key rotation type random number generation, FIG. 19 is a flowchart illustrating encryption processing for describing an encryption / decryption device,
FIG. 20 is a flowchart illustrating the decoding process.

FIG. 6 is a very simple block diagram of a microcomputer. The encryption / decryption device according to the present invention loads a general microcomputer as shown in FIG. 6 with a program for performing the operation specified by the flowcharts shown in FIGS. This shows an operation almost equivalent to that of the configured encryption / decryption device.

In FIG. 6, a CPU 11 is connected to a data bus, has a hard disk 26, a ROM 13 storing a control program and the like, and a RAM 15 from which data can be freely read and written. F19
It receives plaintext data m _k or the like via the outputs ciphertext c _k or the like.

(Outline of Multi-Affine Key System of the Present Invention and Its Effect) Before describing in detail the procedure of random number generation using the multi-affine key system of the present invention, its outline will be described. A sequence of multiple affine keys, which are a plurality of keys, may be partially updated in the process of random number generation (S201). In this system, a plurality of keys are prepared, and only one key is selected by a certain method and used as a random number. The security effect can be improved as much as possible. Further, even if the number of keys is increased, only a small amount of memory capacity is consumed, and the speed does not decrease.

Here, z _p of the variable x _k for random number generation
The i-th key used for random number generation is determined by the value specified by. Next, one key K [i] is selected from a plurality of affine keys, and a variable x _k for random number generation is selected.
Is determined. Further, it should be noted that, unlike the conventional method, this variable _xk is not directly output as a random number output, but only a part of the variable _xk is output as a random number output according to a certain method. By doing so, even if a third party attempts to identify multiple encryption keys using the undecided coefficient method, the number of coefficients to be specified is enormous, and the undecided coefficient method specifies the coefficients. Can not do it.

If it is found that the life of the key has expired,
The key is self-rewritten. Also in this process, many attempts have been made to make it difficult to specify the random number.

The key updated in this manner is stored until it is next specified at random, and such a procedure is repeated endlessly. As a result, the key is rewritten at random many times, and even if a third party collects all ciphertexts (random number sequences), since the ciphertexts are rewritten, the random number sequence It can be seen from the above that a method of specifying the values of the first plurality of affine keys has not been discovered at present and is impossible in principle.

(Steps of Random Number Generation) Each step will be described in detail with reference to flowcharts.

FIG. 18 is a flowchart showing a procedure for generating a random number, in which a so-called key rotation type multiple affine key is used. In a computer device such as that shown in FIG. 6, a program in which an algorithm is created is stored in a storage area such as the hard disk 26, and is executed in accordance with a user operation according to an operation screen.

[0124] As a procedure to be random number generation, the first various settings of the multiple affine key is made, it is, for example but the number of words k, pointer i of affine key, the setting of such variables x ₀ is made, it the user's operation Through the RAM 41
5 is stored in each storage area (S71). Then determine the pointer i of affine key for random number generation, which is determined from data stored in the set z _p bit position for specifying one affine key from inside random number x ₀ (S72 ). Next, according to the designated key K [i], a pseudo random number of the Lemer method is generated in accordance with the equation K (x) = ax + b (S73). When a random number is generated,
The value of the counter is incremented by one (S74).
After that, the key rewriting pointer j is added from the internal random number x _k to the value of the set of bit positions z _p used for specifying the affine key, and the key performance variable vkey + v is added to specify the pointer position (S75).

According to the key rotation process, as described in detail in the first embodiment, the period of the pseudo-random number can be further increased so that the pseudo-random number can be made as close as possible to the true random number. That is, a pointer j for specifying one from a plurality of affine keys for rewriting the affine key is represented by j =
By adding a new key rotation variable vkey as f (x _k , z _p ) (+) vkey, the algorithm for specifying the key to be used can be further complicated.

That is, when repeatedly rewriting an affine key, if the pointer value j at the time of rewriting the affine key becomes repetitive, the key cycle becomes shorter correspondingly. The new key rotation variable vkey improves this. The more complicated the algorithm for specifying the key to be used, the longer the cycle of the pointer value j can be,
As a result, the random number generation device of the present invention can generate a pseudo random number having a very long period that is practically the same as a true random number.

Here, the value is defined as a value that increases by a constant value v each time rewriting is performed, but is not limited to this.

If the affine key is used, the affine key is rewritten until the counter value c of the affine key becomes equal to the value indicating the life of the affine key (S
76). First, the value of the key counter is set to zero (S77),
The selected affine key data K [j]. a, K [i].
a, K [j]. b, a new coefficient a and a new coefficient b are determined. At this time, the value of the upper half of the coefficient is shifted to the lower half, and the key data is repeatedly updated. This completely eliminates the situation of zero (S78). At this time, the so-called weak key is completely eliminated by forcibly setting the first bit to "1" by adding a logical sum with "1".

[0129] In a further coefficient b, by adding a further j _b to the value of the pointer j, and the transition of the affine key for rewriting the coefficients a, be different and the transition of the affine key for rewriting coefficients b Thus, the generated pseudo-random numbers can be made as close as possible to the true random numbers, and the periodicity of the generated random numbers can be further increased (S79). At this time, "2"
The so-called weak key is completely eliminated by forcibly setting the second bit to "1" by adding the logical sum of

Thereafter, after setting i = j (S80), a random number sequence {R} to output a predetermined bit (z _r ) of the variable x _k
k } (S81). Further, the process returns to step 53 with k = k + 1 (S82).

(Encryption / Decryption Step) Next, a procedure for performing encryption using the pseudo-random numbers created by such a procedure will be described with reference to FIG.

Plain text m received from I / O port 417
_k (S91), and a random number sequence {R _k } is generated according to the random number generation flowchart of FIG. 18 (S92). Then it is possible to output (S93) ciphertext _{c k} by taking the exclusive OR of the plaintext _{m k} and the random number sequence _{{R k}} (S9
4). Thereafter, the process returns to the beginning with k = k + 1 (S95).
In such a procedure, in a multiple affine key system,
Decoding processing is performed.

Further, a procedure for performing decoding using the pseudo random numbers generated in such a procedure will be described with reference to FIG.

[0134] Cipher text received from I / O port 419
c_k(S96) is added to the random number generation flowchart of FIG.
Depending on the random number sequence R_k｝ Is generated (S97). Then encryption
Sentence c _kAnd the random number sequence ｛R_kBy taking the exclusive OR with｝
(S98) Plaintext M_kCan be output (S9
9). Thereafter, the process returns to the beginning with k = k + 1 (S10
0). With this procedure, the multi-affine key system
Then, a decoding process is performed.

As described above, in the multiple affine key system applied to the master key management system according to the present invention, it is very difficult to know the value before the operation from the operation result, and in a practical sense, As a one-way function in the system. Therefore, it is a random number generation device and an encryption / decryption device that are indispensable for realizing the master key management system according to the present invention.

[0136]

As described above, according to the master key management system and the method according to the present invention, a multi-affine key system is used in accordance with a key topology which is a parameter from given master key data. By generating child key data, a hierarchical key tree structure is formed in the network. As a result, it is possible to improve the organizational power of a hierarchical company, which is declining due to the conventional side-by-side LAN communication mode, to prevent unnecessary diffusion and leakage of company information, Information can be easily browsed.

Further, according to the master key management system and the method according to the present invention, the range of the authority of the common key can be set stepwise and finely. Since adaptation is possible, hierarchical security can be set for section-based company information, department-based company information, and branch-based company information.

According to the master key management system and the method of the present invention, the function of the master key management system of the present invention can be set as a part of the data format handled in the network. It is possible to set hierarchical security not only for a typical LAN but also for any network such as a WAN, a telephone line, the Internet, and wireless communication.

Further, according to the master key management system and the method of the present invention, since a multi-affine key system for generating a pseudo random number as close as possible to a true random number is used, a very large key space can be obtained. For example, even if a large number of people autonomously hierarchically set a large amount of descendant key data in a very large network such as the Internet, the possibility of the same key being generated (key collision) is extremely small. So there is no bankruptcy. Accordingly, the master key management system of the present invention can be sufficiently applied to commercial use using the Internet, and a hierarchical key data tree structure can be constructed.

[Brief description of the drawings]

FIG. 1 is a flowchart showing a procedure for generating a descendant key by a master key management system according to the present invention.

FIG. 2 is a flowchart showing a procedure of generating a source key by the master key management system according to the present invention.

FIG. 3 is a flowchart illustrating a procedure of generating a child key by the master key management system according to the present invention.

FIG. 4 is a flowchart showing a procedure of an encryption process by the master key management system according to the present invention.

FIG. 5 is a flowchart showing a procedure of a decryption process by the master key management system according to the present invention.

FIG. 6 is a block diagram of a computer device to which the master key management system according to the present invention is applied.

FIG. 7 is an explanatory diagram showing the principle of the master key management system according to the present invention.

FIG. 8 is an explanatory diagram illustrating a case where there is no master key.

FIG. 9 is a block diagram showing a configuration of a LAN system as an example to which the master key management system according to the present invention is applied.

FIG. 10 is an explanatory diagram illustrating a hierarchical tree virtually configured by the master key management system according to the present invention.

FIG. 11 is an explanatory diagram showing areas accessible by the master key management system according to the present invention.

FIG. 12 shows a format of a common key and a format of a key topology table according to the present invention.

FIG. 13 is a diagram showing an operation screen for generating a primitive key and an operation screen for generating a child key of an application of the master key management system according to the present invention.

FIG. 14 is a diagram showing a format of encrypted data provided by the master key management system according to the present invention.

FIG. 15 is a diagram showing an operation screen of an application of the master key management system according to the present invention.

FIG. 16 is an explanatory diagram for explaining an encryption process and a decryption process by the master key management system according to the present invention in a format.

FIG. 17 is an explanatory diagram illustrating a tree when the master key management system according to the present invention is applied to a communication network of an actual company organization.

FIG. 18 is a flowchart illustrating a random number generation process of the multiple affine key system according to the present invention.

FIG. 19 is a flowchart illustrating an encryption process of the multiple affine key system according to the present invention.

FIG. 20 is a flowchart illustrating a decryption process of the multiple affine key system according to the present invention.

[Explanation of symbols]

31 common key (parent key) 32 one-way function (multiple affine key system) 33 common key (child key) 51 shared area 91 primitive key ID 92 key topology sequence 93 … Key data 94 …… key topology table name 96… primordial key ID 97 …… key topology column 98 …… key topology index

Claims (12)

[Claims] 1. A multi-affine key system is used according to first key data to be used when encrypting a plaintext into a ciphertext and a key topology which is a parameter. A master key management system for generating second key data for use. 2. A multi-affine key system is used in accordance with first key data to be used in encrypting a plaintext into ciphertext and a key topology which is a parameter. Child key generating means for generating second key data for use; and encrypting the given plaintext data by a predetermined encryption / decryption method based on the second key data generated by the child key generating means. Encryption means for outputting ciphertext data;
And reproducing the second key data according to the first key data and the key topology, and, based on the reproduced second key data, the ciphertext data output by the encrypting means. Decryption means for decrypting the plaintext data by a predetermined encryption / decryption method; and a master key management system. 3. A selection means for selecting one piece of first key data from a plurality of key data provided corresponding to a plurality of nodes in a predetermined network; and a and b being coefficients and c being an affine key. , To which a plurality of affine key data expressed by a sequence K = {a, b, c, n} composed of four integers where n is a predetermined number of times (lifetime) that the affine key can be used. Child key generation means for generating second key data used for plaintext encryption based on the first key data selected by the selection means and a key topology which is a parameter using an affine key system; A master key management system comprising: 4. Selection means for selecting one piece of first key data from a plurality of key data provided corresponding to a plurality of nodes in a predetermined network; and a and b being coefficients and c being an affine key. , To which a plurality of affine key data expressed by a sequence K = {a, b, c, n} composed of four integers where n is a predetermined number of times (lifetime) that the affine key can be used. Child key generating means for generating second key data which is a child key used for plaintext encryption, based on the first key data selected by the selecting means and a key topology which is a parameter, using an affine key system Encryption means for encrypting given plaintext data by the multiple affine key system based on the second key data generated by the child key generation means and outputting ciphertext data; The second key data is reproduced according to one key data and the key topology, and based on the reproduced second key data, the ciphertext data output by the encrypting means is converted to the multiple affine key system. Decryption means for decrypting the plaintext data into the plaintext data; and a master key management system. 5. Selection means for selecting one piece of first key data from a plurality of key data provided corresponding to a plurality of nodes in a predetermined network; and a and b being coefficients and c being an affine key. , To which a plurality of affine key data expressed by a sequence K = {a, b, c, n} composed of four integers where n is a predetermined number of times (lifetime) that the affine key can be used. Using the affine key system, the first key data selected by the selecting means is converted into at least an affine key of the multiple affine key system based on the first key data selected by the selecting means and a key topology as a parameter. And a random number is generated by the multiple affine key system. When the value of a predetermined bit of the key topology is a predetermined value, the random number is set to a new affine key. When the value of the predetermined bit of the key topology is not a predetermined value, the process of not performing anything is repeated for each bit of the key topology, and the affine key at the time when all the processes are completed is set as a child. Child key generation means for generating as key second key data; encryption means for encrypting given plaintext data by the multiple affine key system based on the second key data and outputting ciphertext data; And reproducing the second key data according to the first key data and the key topology, and, based on the reproduced second key data, the ciphertext data output by the encrypting means. Decryption means for decrypting the data into the plaintext data using a multiple affine key system. 6. A source key storage means for storing, in a predetermined area, first key data using a random number generated by performing a random number generation as a source key; and a source key stored in the source key storage means. By using the multiple affine key system according to the first key data, a second
A key generating means for generating key data; 7. A local area network system in which a plurality of digital data processing terminals are mutually connected by a communication line to perform digital signal communication according to a predetermined protocol, wherein at least one of the plurality of digital data processing terminals is provided.
One digital data processing terminal uses a multi-affine key system in accordance with the first key data and the key topology used as a parameter when encrypting a plaintext into a ciphertext, and similarly performs encryption. Child key generation means for generating second key data for use in the processing, and repeating this child key generation processing to generate a hierarchical key data tree in the local area network; Based on the second key data generated by the above, the given plaintext data is encrypted by the multiple affine key system to output ciphertext data, and another digital data processing in the plurality of digital data processing terminals is performed. Encryption means for supplying to the terminal via the communication line; and the second key data according to the first key data and the key topology. Based on the reproduced second key data, decrypting the ciphertext data output from the other digital data processing terminal by the encryption means into the plaintext data by the multiple affine key system. A local area network system having a function of a master key management system having: 8. A predetermined one-way function is used in accordance with first key data and a predetermined parameter to be used when encrypting a plaintext into a ciphertext, and is similarly used for the encryption process. A second key data for generating a master key management system. 9. A selecting means for selecting one piece of first key data from a plurality of key data provided corresponding to a plurality of nodes in a predetermined network; a and b being coefficients, and c being an affine key. , To which a plurality of affine key data expressed by a sequence K = {a, b, c, n} composed of four integers where n is a predetermined number of times (lifetime) that the affine key can be used. Child key generating means for generating second key data which is a child key used for plaintext encryption, based on the first key data selected by the selecting means and a key topology which is a parameter, using an affine key system Encryption means for encrypting given plaintext data by the multiple affine key system based on the second key data generated by the child key generation means and outputting ciphertext data; The transfer data in a format in which the identification information of the first key data used by the child key generation means and the key topology are attached to the ciphertext data encrypted by the encryption means, Transfer means for transferring to one of the plurality of nodes; and a master key management system comprising: 10. A computer device for processing digital information according to a stored operating system, wherein a part of the function of the operating system is used for encrypting plaintext data into ciphertext data. By using a multi-affine key system according to one key data and a key topology which is a parameter,
A child key generating means for generating second key data to be similarly used for the encryption processing according to the key topology; and the child key generating means generated by the child key generating means as a part of the function of the operating system. Based on 2 key data,
Encrypting means for encrypting the given plaintext data into ciphertext data by a multiple affine key system and storing it in a predetermined area; and as a part of the function of the operating system, the first key data and the key topology According to the second
Decryption means for reproducing key data and decrypting the ciphertext data stored by the encryption means into the plaintext data by a multiple affine key system based on the reproduced second key data; A computer device comprising: 11. A multi-affine key system is used in accordance with a first key data used for encrypting a plaintext into a ciphertext and a key topology as a parameter. A master key management method comprising generating second key data for use. 12. A computer-readable program having a processor, loaded into a computer memory at the time of execution, and used by a computer for encrypting plaintext data into ciphertext data. Child key generation means for generating second key data for use in the encryption process in accordance with the key topology by using a multiple affine key system according to the data and the key topology which is a parameter; Encryption means for encrypting given plaintext data into ciphertext data by a multiple affine key system based on the second key data generated by the child key generation means and storing the encrypted data in a predetermined area; Reproducing the second key data in accordance with the key data and the key topology; and performing encryption based on the reproduced second key data. Program for a, the master key management to function with; the ciphertext data stored by means to the plaintext data by multiple affine key system decoding means for decoding.