JP2002185443A - Secret key managing system - Google Patents

Secret key managing system

Info

Publication number
JP2002185443A
JP2002185443A JP2000381670A JP2000381670A JP2002185443A JP 2002185443 A JP2002185443 A JP 2002185443A JP 2000381670 A JP2000381670 A JP 2000381670A JP 2000381670 A JP2000381670 A JP 2000381670A JP 2002185443 A JP2002185443 A JP 2002185443A
Authority
JP
Grant status
Application
Patent type
Prior art keywords
key
secret
personal information
secret key
step
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
JP2000381670A
Other languages
Japanese (ja)
Inventor
Kiyoshi Kano
清 狩野
Original Assignee
Hitachi Ltd
株式会社日立製作所
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date

Links

Abstract

PROBLEM TO BE SOLVED: To solve the problem that it is necessary in the conventional technique that the same number of secret keys as the number of the other parties are reserved so as not to be known by a third party, when secret communication is performed with a plurality of the other parties, in public key ciphering. SOLUTION: Personal information input 101 and a master key storing part 103 are prepared. From personal information of the other party of transmission and a master key, a secret key provided with the personal information is formed (104) by using a unidirectional hash function, and reserved in a temporary storage 108 of the secret key. When the secret key is once erased after it is used, its formation is enabled again. As a result, reservation of the secret key is not necessary but the master key only is reserved so as not to be known by a third party.

Description

【発明の詳細な説明】 DETAILED DESCRIPTION OF THE INVENTION

【0001】 [0001]

【発明の属する技術分野】本発明は暗号技術の秘密鍵の生成に係り、公開鍵方式、共通鍵方式を問わず、多くの秘密鍵を扱う際に好適な秘密鍵生成方法に関する。 The present invention relates to relates to the generation of secret key cryptography, public key system, regardless of the common key system, on a suitable secret key generation method when dealing with many of the secret key.

【0002】 [0002]

【従来の技術】従来、共通鍵暗号を用いて複数の相手と秘密通信を行う場合、通信を行う相手の人数と等しい数の秘密鍵を保存しておく必要があった。 Conventionally, when performing the secret communication with multiple parties using the common key cryptography, it is necessary to store the number private key equal to the number of the other party that communicates. 尚、従来の秘密通信の鍵管理は、暗号と情報セキュリティ(昭晃堂1990 In addition, the key management of the conventional secret communications, cryptography and information security (Shokodo 1990
年3月29日)第58ページに記載されている。 Year March 29, 2008) are described on page 58.

【0003】 [0003]

【発明が解決しようとする課題】従来技術では、複数の相手と秘密通信を行う場合に、複数の秘密鍵を保存しておく必要があった。 In the [invention is a problem to be solved by the prior art, in the case of a secret communication more than one person, there is a need to store a plurality of secret key.

【0004】本発明の目的は保存すべき秘密鍵の個数を減らすことにある。 [0004] It is an object of the present invention is to reduce the number of secret keys to be saved.

【0005】 [0005]

【課題を解決するための手段】本発明では、秘密に管理しなければならない唯一の情報であるマスター鍵を生成し、そのマスター鍵と公開してもよい情報から必要に応じて秘密鍵を生成する。 In the present invention, there is provided a means for solving], generating the only and generates a master key is information, secret key, if necessary from the master key with the information that may be published that must be managed in secret to. この秘密鍵は復元可能であるため、使用後に消去することができ、秘密に管理する必要がない。 Since this secret key can be restored, it can be erased after use, there is no need to be managed in secret.

【0006】 [0006]

【発明の実施の形態】以下、本発明の一実施例について図面で説明する。 DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, described in the accompanying drawings, an embodiment of the present invention.

【0007】図1は本発明による秘密文書伝送装置の構成例である。 [0007] Figure 1 shows an example of the configuration of the confidential documents transmission apparatus according to the present invention. 暗号文作成装置105には、暗号文を送る相手の個人情報を入力する個人情報入力部101、秘密に伝送したい文書(平文)を入力する平文入力部102、暗号文作成装置によって作成された暗号文を伝送する暗号文伝送装置109、暗号文作成装置によって生成された個人情報付き秘密鍵を伝送する個人情報付き秘密鍵伝送装置 The ciphertext generating apparatus 105, the personal information input section 101 for inputting the personal information of the other party to send the ciphertext, the plaintext input unit 102 for inputting document (plain text) to be transmitted to the secret cipher created by the ciphertext generating apparatus ciphertext transmission apparatus 109 for transmitting text, personal information with the secret key transmission unit for transmitting personal information with the secret key generated by the ciphertext generation apparatus
110、及び受信した暗号文を復号化する暗号文復号化装置111が接続されている。 110, and the ciphertext decryption apparatus 111 decrypts the cipher text received is connected. 暗号文作成装置には、暗号文を送信する者が秘密に保存しなければならない鍵(マスター鍵)を生成するマスター鍵生成部103、生成されたマスター鍵を保存する媒体であるマスター鍵記憶部10 The ciphertext generating apparatus, the master key storage unit who transmits the ciphertext, which stores a master key generated master key generation unit 103, to generate a key (master key) which must be stored in the secret Ten
7、マスター鍵と個人情報から暗号化に用いる鍵(個人情報付き秘密鍵)の生成を行う個人情報付き秘密鍵生成部104、生成した個人情報付き秘密鍵を一時的に記憶しておく個人情報付き秘密鍵一時記憶部108、入力された平文及び個人情報付き秘密鍵から暗号文を作成する平文暗号化部106存在する。 7, the personal information for temporarily storing the personal information with the secret key personal information with the secret key generating unit 104, the generated that generates a key used for encrypting the master key and the personal information (personal information with the secret key) per private key temporary storing unit 108, the plaintext encryption unit 106 exists to create a ciphertext from the input plaintext and personal information with the secret key. 暗号文復号化装置には、受信した暗号文の復号化を行う暗号文復号化部112、受信した個人情報付き秘密鍵を保存する個人情報付き秘密鍵記憶部113が存在する。 The ciphertext decryption apparatus, the ciphertext decryption unit 112, the personal information with the secret key storage unit 113 to store the private key with the received personal information exists decrypts the cipher text received.

【0008】図2、図3は、本発明による秘密文書伝送処理のフロー例である。 [0008] Figure 2, Figure 3 is a flow example of a secret document transmission process according to the present invention.

【0009】まず、伝送しようとする平文の入力(ステップ201)、伝送する相手のユーザID等の個人情報の入力(ステップ202)を行う。 [0009] First, the input (step 201) the plaintext to be transmitted, to input (step 202) of the personal information such as a user ID of the other party to be transmitted. そして、マスター鍵記憶装置に既にマスター鍵が存在するかどうかの判定を行い(ステップ203)、マスター鍵が存在しなければ、新規にマスター鍵を生成し(ステップ204)、生成したマスター鍵を保存する(ステップ205)。 Then, a previously determined whether the master key is present in the master key storage unit (step 203), if there is a master key, newly generates a master key (step 204), store the master key generated (step 205). 次に、保存してあるマスター鍵を読み込み(ステップ206)、マスター鍵と個人情報から個人情報付き秘密鍵の生成(ステップ20 Next, read the master key that are stored (step 206), generation of personal information with a secret key from the master key and personal information (step 20
7)を行う。 7) is performed. この個人情報付き秘密鍵を用いて平文の暗号化(ステップ208)を行い、この暗号文の送信を行う(ステップ209)。 To encrypt the plaintext (step 208) by using this personal information with a secret key, it performs the transmission of the ciphertext (step 209). そして、送信相手が過去に個人情報付き秘密鍵を送信したことがある相手であるかどうかの判定を行い(ステップ210)、過去に個人情報付き秘密鍵を送信したことがない相手であれば、個人情報付き秘密鍵の送信を行う(ステップ211)。 Then, a decision transmission partner is whether the opponent is that you send personal information with a secret key in the past (step 210), if the partner is never transmitted the personal information with a secret key to the past, It performs the transmission of personal information with a secret key (step 211). その後、個人情報付き秘密鍵の消去を行う(ステップ212)。 Then, to erase the personal information with a secret key (step 212). 暗号文を受信した暗号文復号化装置は、個人情報付き秘密鍵が送信されて来ているか判定を行い(ステップ213)、送信されて来ていれば、個人情報付き秘密鍵記憶部に保存する(ステップ214)。 Ciphertext decryption apparatus that received the ciphertext, it is determined whether with personal information private key are coming transmitted (step 213), if coming transmitted, saving the attached personal information secret key storage unit (step 214). その後、個人情報付き秘密鍵記憶部に保存してある個人情報付き秘密鍵の読み込みを行い(ステップ215)、この鍵を用いて暗号文の復号化を行う(ステップ216)。 Thereafter, reading of personal information with a secret key that is stored in the with the personal information secret key storage unit (step 215), decrypts the ciphertext using the key (step 216).

【0010】尚、ステップ202では送信相手のユーザID [0010] The user ID of the communication partner in step 202
を入力しているが、送信相手の氏名、従業員番号、公開鍵暗号の公開情報、単なる数値、記号等の生成する鍵を識別することができる他の公開可能な情報でもよい。 Although Type has a name of a transmission destination, employee number, public information of the public key cryptography, a mere numeric, or other public available information that can identify the key generated symbols or the like.

【0011】図4は、図2における新規マスター鍵の生成(ステップ204)の処理を表すフロー図である。 [0011] Figure 4 is a flow diagram illustrating a process of generating a new master key (step 204) in FIG.

【0012】まず、乱数を生成し(ステップ301)、この乱数をバイナリデータとして扱う(ステップ302)により、新規マスター鍵の生成を行う。 [0012] First, it generates a random number (step 301), by dealing with this random number as binary data (step 302), and generates the new master key.

【0013】図5は、図2における個人情報付き秘密鍵の生成(ステップ207)の処理を表すフロー図である。 [0013] Figure 5 is a flow diagram showing the process of generating the personal information with the secret key (step 207) in FIG.

【0014】まず、マスター鍵をバイナリデータで表現し、これを変数Xに代入する(ステップ401)。 [0014] First of all, the master key is represented by binary data, assigns it to the variable X (step 401). また、送信先の個人情報をバイナリデータで表現し、これを変数 In addition, to express the personal information of the destination in the binary data, this variable
Yに代入する(ステップ402)。 Substituted to Y (step 402). 次にcounter及び変数kを初期化し(ステップ403)、counterのバイナリ表現を変数Cに代入する(ステップ404)。 Then initialize the counter and the variable k (step 403), it assigns the binary representation of the counter variable C (step 404). 変数X、変数Y及び変数 Variable X, variable Y and the variable
Cの結合を変数Zに代入する(ステップ406)。 Substituting binding of C to the variable Z (step 406). そして、 And,
変数Zの一方向性ハッシュ関数によるハッシュ値をとり、これを変数kと結合する(ステップ407)。 It takes a hash value by one-way hash function of the variable Z, which binds to the variable k (step 407). 変数kのビット長と個人情報付き秘密鍵のビット長を比較し(ステップ408)、変数kのビット長が個人情報付き秘密鍵のビット長よりも小さい時はcounterを1増やし(ステップ Comparing the bit length of the bit length and the personal information with the secret key of the variable k (step 408), when the bit length of the variable k is smaller than the bit length of the secret key with the personal information of the counter is incremented by 1 (step
405)、ステップ404に戻り、変数kのビット長が個人情報付き秘密鍵のビット長よりも大きい時は変数kの先頭から個人情報付き秘密鍵のビット長分を鍵として出力する(ステップ409)。 405), the process returns to step 404, the bit length of the variable k to output the bit length of the personal information with the secret key as a key from the beginning of the variable k is greater than the bit length of the secret key with the personal information (step 409) .

【0015】尚、ステップ406においては変数X,Y,Cの結合を取っているが、和、差、排他的論理和等の関係演算でも良い。 [0015] Incidentally, the variable X in step 406, Y, although taking binding and C, sum, difference, or a relational operation such as XOR.

【0016】図6は、図5のフロー図におけるデータ例である。 [0016] Figure 6 is an example of data in the flow diagram of FIG.

【0017】501はマスター鍵、個人情報及びcounterのデータ例である。 [0017] 501 is an example of data of the master key, personal information and counter. 502は変数X、Y、Cのデータ例である。 502 is an example of data variables X, Y, C.
503は変数X、Y、Cの結合のデータ例である。 503 is an example of data in the binding of variables X, Y, C. 504は変数Z 504 variable Z
のハッシュ値のデータ例である。 It is an example of pieces of data in the hash value. 505は変数kのデータ例である。 505 is an example of data in the variable k.

【0018】図7は、本発明を用いた秘密鍵管理の一例であり、ユーザX(601)がユーザA(602)、ユーザB(6 [0018] FIG. 7 is an example of secret key management using the present invention, the user X (601) the user A (602), the user B (6
03)及びユーザC(604)と秘密通信を行う場合を表している。 03), and user C and (604) shows the case of performing a secret communication. ユーザXはマスター鍵Kのみを秘密に管理し、必要に応じて個人情報付き秘密鍵を生成する。 User X manages only master key K in secret, to generate a secret key with the personal information as needed. ユーザAはXとの秘密通信に用いる秘密鍵KAを秘密に管理する。 User A manages the secret key KA used for secret communication with the X secret. ユーザ User
BはXとの秘密通信に用いる秘密鍵KBを秘密に管理する。 B manages the secret key KB to be used for secret communications with the X in secret.
ユーザAはXとの秘密通信に用いる秘密鍵KCを秘密に管理する。 User A manages the secret key KC used for secret communication with the X secret.

【0019】 [0019]

【発明の効果】以上説明したように、本発明によれば、 As described in the foregoing, according to the present invention,
複数の秘密鍵が必要なシステムにおいて、保存する秘密鍵の個数を減らすことができる。 A plurality of secret keys that require system can reduce the number of secret keys to be saved.

【図面の簡単な説明】 BRIEF DESCRIPTION OF THE DRAWINGS

【図1】本発明による秘密文書伝送装置の構成例を示す図である。 Is a diagram illustrating a configuration example of a secret document transmission apparatus according to the invention; FIG.

【図2】本発明による秘密文書伝送処理のフロー例を示す図である。 It is a diagram showing a flow example of a secret document transmission process according to the invention, FIG.

【図3】本発明による秘密文書伝送処理のフロー例を示す図である。 It is a diagram showing a flow example of a secret document transmission process according to the present invention; FIG.

【図4】新規マスター鍵の生成処理のフロー例を示す図である。 4 is a diagram showing a flow example of a process of generating the new master key.

【図5】個人情報付き秘密鍵の生成処理のフロー例を示す図である。 5 is a diagram showing a flow example of generation processing of personal information with the secret key.

【図6】個人情報付き秘密鍵の生成処理のデータ例を示す図である。 FIG. 6 is a diagram showing an example of data generation processing of personal information with a secret key.

【図7】本発明による秘密鍵管理の例を示す図である。 Is a diagram illustrating an example of a private key management according to the present invention; FIG.

【符号の説明】 DESCRIPTION OF SYMBOLS

101…個人情報入力部、103…マスター鍵生成部、104… 101 ... personal information input unit, 103 ... master key generation unit, 104 ...
個人情報付き秘密鍵生成部。 With personal information secret key generation unit.

Claims (1)

    【特許請求の範囲】 [The claims]
  1. 【請求項1】 マスター鍵と個人情報から一方向性ハッシュ関数を用いて、個人情報付き秘密鍵を生成する秘密鍵管理方法。 [Claim 1] using a one-way hash function from the master key and personal information, the secret key management method for generating personal information with a secret key.
JP2000381670A 2000-12-11 2000-12-11 Secret key managing system Pending JP2002185443A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2000381670A JP2002185443A (en) 2000-12-11 2000-12-11 Secret key managing system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
JP2000381670A JP2002185443A (en) 2000-12-11 2000-12-11 Secret key managing system

Publications (1)

Publication Number Publication Date
JP2002185443A true true JP2002185443A (en) 2002-06-28

Family

ID=18849631

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2000381670A Pending JP2002185443A (en) 2000-12-11 2000-12-11 Secret key managing system

Country Status (1)

Country Link
JP (1) JP2002185443A (en)

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005123883A (en) * 2003-10-16 2005-05-12 Japan Science & Technology Agency Electronic signature system
JP2005260614A (en) * 2004-03-12 2005-09-22 Dainippon Printing Co Ltd Encryption device
JP2005532742A (en) * 2002-07-10 2005-10-27 ジェネラル・インスツルメント・コーポレーションGeneral Instrument Corporation Method for preventing the unauthorized distribution and use of electronic key by the key seed
JP2007124415A (en) * 2005-10-28 2007-05-17 Nifty Corp Content storage program, content reproduction program, and content distribution program
JP2008028695A (en) * 2006-07-21 2008-02-07 Nomura Research Institute Ltd Information leakage prevention method
JP2008505571A (en) * 2004-07-01 2008-02-21 テクノストア アクチエンゲゼルシャフトTecnostore AG Method for data archiving with automatic encryption and decryption by the key fragmentation system and security means
JP2008530917A (en) * 2005-02-11 2008-08-07 クゥアルコム・インコーポレイテッドQualcomm Incorporated Shared secret that is context restriction
JP2008311779A (en) * 2007-06-12 2008-12-25 Hitachi Kokusai Electric Inc Data receiver
JP2009071854A (en) * 2004-08-12 2009-04-02 Cmla Llc Permutation data transform to enhance security
JP2009237774A (en) * 2008-03-26 2009-10-15 Advanced Media Inc Authentication server, service providing server, authentication method, communication terminal, and log-in method
JP2011239476A (en) * 2004-07-09 2011-11-24 Voltage Security Inc Secure messaging system with derived keys
US8077861B2 (en) 2004-08-12 2011-12-13 Cmla, Llc Permutation data transform to enhance security
US8155310B2 (en) 2004-08-12 2012-04-10 Cmla, Llc Key derivation functions to enhance security
JP2012090162A (en) * 2010-10-21 2012-05-10 Kddi Corp Key management system, key management method, and computer program
WO2013060539A1 (en) * 2011-10-28 2013-05-02 Celtipharm Method and system for establishing a relationship between sets of information about a single person
JP2014053675A (en) * 2012-09-05 2014-03-20 Sony Corp Security chip, program, information processing device, and information processing system

Cited By (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005532742A (en) * 2002-07-10 2005-10-27 ジェネラル・インスツルメント・コーポレーションGeneral Instrument Corporation Method for preventing the unauthorized distribution and use of electronic key by the key seed
JP2005123883A (en) * 2003-10-16 2005-05-12 Japan Science & Technology Agency Electronic signature system
JP2005260614A (en) * 2004-03-12 2005-09-22 Dainippon Printing Co Ltd Encryption device
JP4801059B2 (en) * 2004-07-01 2011-10-26 テクノストア アクチエンゲゼルシャフトTecnostore AG Method for data archiving with automatic encryption and decryption by the key fragmentation system and security means
JP2008505571A (en) * 2004-07-01 2008-02-21 テクノストア アクチエンゲゼルシャフトTecnostore AG Method for data archiving with automatic encryption and decryption by the key fragmentation system and security means
JP2011239476A (en) * 2004-07-09 2011-11-24 Voltage Security Inc Secure messaging system with derived keys
JP2012023763A (en) * 2004-08-12 2012-02-02 Cmla Llc Translation data conversion for enhanced security
US8077861B2 (en) 2004-08-12 2011-12-13 Cmla, Llc Permutation data transform to enhance security
JP2009071854A (en) * 2004-08-12 2009-04-02 Cmla Llc Permutation data transform to enhance security
US8155310B2 (en) 2004-08-12 2012-04-10 Cmla, Llc Key derivation functions to enhance security
JP2012023764A (en) * 2004-08-12 2012-02-02 Cmla Llc Translation data conversion for enhanced security
US8737608B2 (en) 2004-08-12 2014-05-27 Cmla, Llc Exponential data transform to enhance security
JP2008530917A (en) * 2005-02-11 2008-08-07 クゥアルコム・インコーポレイテッドQualcomm Incorporated Shared secret that is context restriction
US8726019B2 (en) 2005-02-11 2014-05-13 Qualcomm Incorporated Context limited shared secret
JP2011227905A (en) * 2005-02-11 2011-11-10 Qualcomm Incorporated Context limited shared secret
JP2007124415A (en) * 2005-10-28 2007-05-17 Nifty Corp Content storage program, content reproduction program, and content distribution program
JP2008028695A (en) * 2006-07-21 2008-02-07 Nomura Research Institute Ltd Information leakage prevention method
JP2008311779A (en) * 2007-06-12 2008-12-25 Hitachi Kokusai Electric Inc Data receiver
JP2009237774A (en) * 2008-03-26 2009-10-15 Advanced Media Inc Authentication server, service providing server, authentication method, communication terminal, and log-in method
JP2012090162A (en) * 2010-10-21 2012-05-10 Kddi Corp Key management system, key management method, and computer program
WO2013060539A1 (en) * 2011-10-28 2013-05-02 Celtipharm Method and system for establishing a relationship between sets of information about a single person
JP2014053675A (en) * 2012-09-05 2014-03-20 Sony Corp Security chip, program, information processing device, and information processing system
CN103678990A (en) * 2012-09-05 2014-03-26 索尼公司 Security chip, program, information processing device and information processing system

Similar Documents

Publication Publication Date Title
Leighton et al. Secret-key agreement without public-key cryptography
US6292896B1 (en) Method and apparatus for entity authentication and session key generation
US6859533B1 (en) System and method for transferring the right to decode messages in a symmetric encoding scheme
Blaze Key Management in an Encrypting File System.
US6973187B2 (en) Block encryption method and schemes for data confidentiality and integrity protection
US5815573A (en) Cryptographic key recovery system
US5937066A (en) Two-phase cryptographic key recovery system
US6298153B1 (en) Digital signature method and information communication system and apparatus using such method
Piper Cryptography
US7095852B2 (en) Cryptographic key split binder for use with tagged data elements
US6640303B1 (en) System and method for encryption using transparent keys
US6490353B1 (en) Data encrypting and decrypting apparatus and method
US6819766B1 (en) Method and system for managing keys for encrypted data
US7095851B1 (en) Voice and data encryption method using a cryptographic key split combiner
US6125185A (en) System and method for encryption key generation
US7079653B2 (en) Cryptographic key split binding process and apparatus
US6628786B1 (en) Distributed state random number generator and method for utilizing same
Kou Digital image compression: algorithms and standards
US6011849A (en) Encryption-based selection system for steganography
US6542608B2 (en) Cryptographic key split combiner
US7499551B1 (en) Public key infrastructure utilizing master key encryption
US7221756B2 (en) Constructions of variable input length cryptographic primitives for high efficiency and high security
US20030217263A1 (en) System and method for secure real-time digital transmission
US7212632B2 (en) Cryptographic key split combiner
US20010014156A1 (en) Common key generating method, common key generator, cryptographic communication method and cryptographic communication system