JP2002185443A - Secret key managing system - Google Patents
Secret key managing systemInfo
- Publication number
- JP2002185443A JP2002185443A JP2000381670A JP2000381670A JP2002185443A JP 2002185443 A JP2002185443 A JP 2002185443A JP 2000381670 A JP2000381670 A JP 2000381670A JP 2000381670 A JP2000381670 A JP 2000381670A JP 2002185443 A JP2002185443 A JP 2002185443A
- Authority
- JP
- Japan
- Prior art keywords
- key
- personal information
- secret
- secret key
- master key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
Description
【0001】[0001]
【発明の属する技術分野】本発明は暗号技術の秘密鍵の
生成に係り、公開鍵方式、共通鍵方式を問わず、多くの
秘密鍵を扱う際に好適な秘密鍵生成方法に関する。BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to the generation of a secret key of a cryptographic technique, and more particularly to a secret key generation method suitable for handling many secret keys regardless of a public key method or a common key method.
【0002】[0002]
【従来の技術】従来、共通鍵暗号を用いて複数の相手と
秘密通信を行う場合、通信を行う相手の人数と等しい数
の秘密鍵を保存しておく必要があった。尚、従来の秘密
通信の鍵管理は、暗号と情報セキュリティ(昭晃堂1990
年3月29日)第58ページに記載されている。2. Description of the Related Art Conventionally, when secret communication is performed with a plurality of parties using common key cryptography, it is necessary to store a number of secret keys equal to the number of communicating parties. Conventional key management for secret communication is based on encryption and information security (Shokodo 1990
March 29), page 58.
【0003】[0003]
【発明が解決しようとする課題】従来技術では、複数の
相手と秘密通信を行う場合に、複数の秘密鍵を保存して
おく必要があった。In the prior art, when performing secret communication with a plurality of partners, it is necessary to store a plurality of secret keys.
【0004】本発明の目的は保存すべき秘密鍵の個数を
減らすことにある。An object of the present invention is to reduce the number of secret keys to be stored.
【0005】[0005]
【課題を解決するための手段】本発明では、秘密に管理
しなければならない唯一の情報であるマスター鍵を生成
し、そのマスター鍵と公開してもよい情報から必要に応
じて秘密鍵を生成する。この秘密鍵は復元可能であるた
め、使用後に消去することができ、秘密に管理する必要
がない。According to the present invention, a master key, which is the only information that must be secretly managed, is generated, and a secret key is generated as necessary from the master key and information that can be disclosed. I do. Since this secret key is recoverable, it can be deleted after use, and there is no need to manage it secretly.
【0006】[0006]
【発明の実施の形態】以下、本発明の一実施例について
図面で説明する。DESCRIPTION OF THE PREFERRED EMBODIMENTS One embodiment of the present invention will be described below with reference to the drawings.
【0007】図1は本発明による秘密文書伝送装置の構
成例である。暗号文作成装置105には、暗号文を送る相
手の個人情報を入力する個人情報入力部101、秘密に伝
送したい文書(平文)を入力する平文入力部102、暗号
文作成装置によって作成された暗号文を伝送する暗号文
伝送装置109、暗号文作成装置によって生成された個人
情報付き秘密鍵を伝送する個人情報付き秘密鍵伝送装置
110、及び受信した暗号文を復号化する暗号文復号化装
置111が接続されている。暗号文作成装置には、暗号文
を送信する者が秘密に保存しなければならない鍵(マス
ター鍵)を生成するマスター鍵生成部103、生成された
マスター鍵を保存する媒体であるマスター鍵記憶部10
7、マスター鍵と個人情報から暗号化に用いる鍵(個人
情報付き秘密鍵)の生成を行う個人情報付き秘密鍵生成
部104、生成した個人情報付き秘密鍵を一時的に記憶し
ておく個人情報付き秘密鍵一時記憶部108、入力された
平文及び個人情報付き秘密鍵から暗号文を作成する平文
暗号化部106存在する。暗号文復号化装置には、受信し
た暗号文の復号化を行う暗号文復号化部112、受信した
個人情報付き秘密鍵を保存する個人情報付き秘密鍵記憶
部113が存在する。FIG. 1 shows an example of the configuration of a secret document transmission device according to the present invention. The ciphertext creation device 105 includes a personal information input unit 101 for inputting personal information of a person to whom the ciphertext is to be sent, a plaintext input unit 102 for inputting a document (plaintext) to be secretly transmitted, and a ciphertext created by the ciphertext creation device. Device 109 for transmitting a sentence, and a secret key transmission device with personal information for transmitting a secret key with personal information generated by the ciphertext creation device
110 and a ciphertext decryption device 111 for decrypting the received ciphertext are connected. The ciphertext creation device includes a master key generation unit 103 that generates a key (master key) that must be secretly stored by the person who transmits the ciphertext, and a master key storage unit that is a medium for storing the generated master key. Ten
7. Private key with personal information generation unit 104 for generating a key (private key with personal information) used for encryption from master key and personal information, personal information for temporarily storing the generated private key with personal information A secret key temporary storage unit 108 and a plaintext encryption unit 106 for creating a ciphertext from the input plaintext and the secret key with personal information are provided. The ciphertext decryption device includes a ciphertext decryption unit 112 for decrypting a received ciphertext, and a private key with private information storage unit 113 for storing the received private key with private information.
【0008】図2、図3は、本発明による秘密文書伝送
処理のフロー例である。FIGS. 2 and 3 show examples of the flow of a secret document transmission process according to the present invention.
【0009】まず、伝送しようとする平文の入力(ステ
ップ201)、伝送する相手のユーザID等の個人情報の入
力(ステップ202)を行う。そして、マスター鍵記憶装
置に既にマスター鍵が存在するかどうかの判定を行い
(ステップ203)、マスター鍵が存在しなければ、新規
にマスター鍵を生成し(ステップ204)、生成したマス
ター鍵を保存する(ステップ205)。次に、保存してあ
るマスター鍵を読み込み(ステップ206)、マスター鍵
と個人情報から個人情報付き秘密鍵の生成(ステップ20
7)を行う。この個人情報付き秘密鍵を用いて平文の暗
号化(ステップ208)を行い、この暗号文の送信を行う
(ステップ209)。そして、送信相手が過去に個人情報
付き秘密鍵を送信したことがある相手であるかどうかの
判定を行い(ステップ210)、過去に個人情報付き秘密
鍵を送信したことがない相手であれば、個人情報付き秘
密鍵の送信を行う(ステップ211)。その後、個人情報
付き秘密鍵の消去を行う(ステップ212)。暗号文を受
信した暗号文復号化装置は、個人情報付き秘密鍵が送信
されて来ているか判定を行い(ステップ213)、送信さ
れて来ていれば、個人情報付き秘密鍵記憶部に保存する
(ステップ214)。その後、個人情報付き秘密鍵記憶部
に保存してある個人情報付き秘密鍵の読み込みを行い
(ステップ215)、この鍵を用いて暗号文の復号化を行
う(ステップ216)。First, a plain text to be transmitted is input (step 201), and personal information such as a user ID of a transmission partner is input (step 202). Then, it is determined whether or not the master key already exists in the master key storage device (step 203). If the master key does not exist, a new master key is generated (step 204), and the generated master key is stored. (Step 205). Next, the stored master key is read (step 206), and a private key with personal information is generated from the master key and personal information (step 20).
Perform 7). The plaintext is encrypted using the private key with personal information (step 208), and the encrypted text is transmitted (step 209). Then, it is determined whether the transmission partner is a partner who has transmitted the private key with personal information in the past (step 210). If the transmission partner is a partner who has not transmitted the secret key with personal information in the past, A private key with personal information is transmitted (step 211). Thereafter, the secret key with personal information is deleted (step 212). The ciphertext decryption device that has received the ciphertext determines whether the private key with personal information has been transmitted (step 213), and if so, stores it in the private key with private information storage unit. (Step 214). Thereafter, the private key with personal information stored in the private key with private information storage unit is read (step 215), and the ciphertext is decrypted using this key (step 216).
【0010】尚、ステップ202では送信相手のユーザID
を入力しているが、送信相手の氏名、従業員番号、公開
鍵暗号の公開情報、単なる数値、記号等の生成する鍵を
識別することができる他の公開可能な情報でもよい。In step 202, the user ID of the transmission destination
Is input, but other publicly available information that can identify the key to be generated, such as a public key encryption public information, a simple numerical value, or a symbol, may be used.
【0011】図4は、図2における新規マスター鍵の生
成(ステップ204)の処理を表すフロー図である。FIG. 4 is a flowchart showing the process of generating a new master key (step 204) in FIG.
【0012】まず、乱数を生成し(ステップ301)、こ
の乱数をバイナリデータとして扱う(ステップ302)に
より、新規マスター鍵の生成を行う。First, a random number is generated (step 301), and a new master key is generated by treating the random number as binary data (step 302).
【0013】図5は、図2における個人情報付き秘密鍵
の生成(ステップ207)の処理を表すフロー図である。FIG. 5 is a flowchart showing the process of generating a private key with personal information (step 207) in FIG.
【0014】まず、マスター鍵をバイナリデータで表現
し、これを変数Xに代入する(ステップ401)。また、送
信先の個人情報をバイナリデータで表現し、これを変数
Yに代入する(ステップ402)。次にcounter及び変数kを
初期化し(ステップ403)、counterのバイナリ表現を変
数Cに代入する(ステップ404)。変数X、変数Y及び変数
Cの結合を変数Zに代入する(ステップ406)。そして、
変数Zの一方向性ハッシュ関数によるハッシュ値をと
り、これを変数kと結合する(ステップ407)。変数kの
ビット長と個人情報付き秘密鍵のビット長を比較し(ス
テップ408)、変数kのビット長が個人情報付き秘密鍵の
ビット長よりも小さい時はcounterを1増やし(ステップ
405)、ステップ404に戻り、変数kのビット長が個人情
報付き秘密鍵のビット長よりも大きい時は変数kの先頭
から個人情報付き秘密鍵のビット長分を鍵として出力す
る(ステップ409)。First, the master key is represented by binary data, and this is substituted for a variable X (step 401). Also, the personal information of the destination is expressed in binary data, and this is
Substitute Y (step 402). Next, the counter and the variable k are initialized (step 403), and the binary expression of the counter is substituted for the variable C (step 404). Variable X, variable Y and variable
The combination of C is substituted for the variable Z (step 406). And
A hash value is obtained by the one-way hash function of the variable Z, and this is combined with the variable k (step 407). The bit length of the variable k is compared with the bit length of the private key with personal information (step 408). If the bit length of the variable k is smaller than the bit length of the private key with personal information, the counter is increased by 1 (step 408).
405) Returning to step 404, when the bit length of the variable k is larger than the bit length of the private key with personal information, the bit length of the private key with personal information from the beginning of the variable k is output as a key (step 409). .
【0015】尚、ステップ406においては変数X,Y,Cの結
合を取っているが、和、差、排他的論理和等の関係演算
でも良い。In step 406, the variables X, Y, and C are combined, but relational operations such as sum, difference, and exclusive OR may be used.
【0016】図6は、図5のフロー図におけるデータ例
である。FIG. 6 shows an example of data in the flowchart of FIG.
【0017】501はマスター鍵、個人情報及びcounterの
データ例である。502は変数X、Y、Cのデータ例である。
503は変数X、Y、Cの結合のデータ例である。504は変数Z
のハッシュ値のデータ例である。505は変数kのデータ例
である。Reference numeral 501 denotes a data example of a master key, personal information, and a counter. Reference numeral 502 denotes data examples of variables X, Y, and C.
Reference numeral 503 denotes a data example of the combination of the variables X, Y, and C. 504 is the variable Z
5 is an example of hash value data. Reference numeral 505 denotes a data example of the variable k.
【0018】図7は、本発明を用いた秘密鍵管理の一例
であり、ユーザX(601)がユーザA(602)、ユーザB(6
03)及びユーザC(604)と秘密通信を行う場合を表して
いる。ユーザXはマスター鍵Kのみを秘密に管理し、必要
に応じて個人情報付き秘密鍵を生成する。ユーザAはXと
の秘密通信に用いる秘密鍵KAを秘密に管理する。ユーザ
BはXとの秘密通信に用いる秘密鍵KBを秘密に管理する。
ユーザAはXとの秘密通信に用いる秘密鍵KCを秘密に管理
する。FIG. 7 shows an example of secret key management using the present invention, in which a user X (601) has a user A (602) and a user B (6).
03) and secret communication with the user C (604). The user X secretly manages only the master key K and generates a private key with personal information as needed. User A secretly manages secret key KA used for secret communication with X. A user
B secretly manages a secret key KB used for secret communication with X.
User A secretly manages secret key KC used for secret communication with X.
【0019】[0019]
【発明の効果】以上説明したように、本発明によれば、
複数の秘密鍵が必要なシステムにおいて、保存する秘密
鍵の個数を減らすことができる。As described above, according to the present invention,
In a system requiring a plurality of secret keys, the number of stored secret keys can be reduced.
【図1】本発明による秘密文書伝送装置の構成例を示す
図である。FIG. 1 is a diagram showing a configuration example of a secret document transmission device according to the present invention.
【図2】本発明による秘密文書伝送処理のフロー例を示
す図である。FIG. 2 is a diagram showing an example of a flow of a secret document transmission process according to the present invention.
【図3】本発明による秘密文書伝送処理のフロー例を示
す図である。FIG. 3 is a diagram showing an example of a flow of a secret document transmission process according to the present invention.
【図4】新規マスター鍵の生成処理のフロー例を示す図
である。FIG. 4 is a diagram illustrating an example of a flow of a new master key generation process.
【図5】個人情報付き秘密鍵の生成処理のフロー例を示
す図である。FIG. 5 is a diagram illustrating an example of a flow of a process of generating a private key with personal information.
【図6】個人情報付き秘密鍵の生成処理のデータ例を示
す図である。FIG. 6 is a diagram illustrating an example of data of a process of generating a private key with personal information.
【図7】本発明による秘密鍵管理の例を示す図である。FIG. 7 is a diagram showing an example of secret key management according to the present invention.
101…個人情報入力部、103…マスター鍵生成部、104…
個人情報付き秘密鍵生成部。101 ... Personal information input unit, 103 ... Master key generation unit, 104 ...
Private key generation unit with personal information.
Claims (1)
シュ関数を用いて、個人情報付き秘密鍵を生成する秘密
鍵管理方法。1. A secret key management method for generating a secret key with personal information from a master key and personal information using a one-way hash function.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| JP2000381670A JP2002185443A (en) | 2000-12-11 | 2000-12-11 | Secret key managing system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| JP2000381670A JP2002185443A (en) | 2000-12-11 | 2000-12-11 | Secret key managing system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| JP2002185443A true JP2002185443A (en) | 2002-06-28 |
Family
ID=18849631
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| JP2000381670A Pending JP2002185443A (en) | 2000-12-11 | 2000-12-11 | Secret key managing system |
Country Status (1)
| Country | Link |
|---|---|
| JP (1) | JP2002185443A (en) |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2005123883A (en) * | 2003-10-16 | 2005-05-12 | Japan Science & Technology Agency | Electronic signature system |
| JP2005260614A (en) * | 2004-03-12 | 2005-09-22 | Dainippon Printing Co Ltd | Encryption device |
| JP2005532742A (en) * | 2002-07-10 | 2005-10-27 | ジェネラル・インスツルメント・コーポレーション | Method for preventing unauthorized delivery and use of electronic keys with key seeds |
| JP2007124415A (en) * | 2005-10-28 | 2007-05-17 | Nifty Corp | Content storage program, content reproduction program, and content distribution program |
| JP2008028695A (en) * | 2006-07-21 | 2008-02-07 | Nomura Research Institute Ltd | Information leakage prevention method |
| JP2008505571A (en) * | 2004-07-01 | 2008-02-21 | テクノストア アクチエンゲゼルシャフト | Method, system and security means for data archiving with automatic encryption and decryption by key fragmentation |
| JP2008530917A (en) * | 2005-02-11 | 2008-08-07 | クゥアルコム・インコーポレイテッド | Context-restricted shared secret |
| JP2008311779A (en) * | 2007-06-12 | 2008-12-25 | Hitachi Kokusai Electric Inc | Data receiver |
| JP2009071854A (en) * | 2004-08-12 | 2009-04-02 | Cmla Llc | Permutation data transform to enhance security |
| JP2009237774A (en) * | 2008-03-26 | 2009-10-15 | Advanced Media Inc | Authentication server, service providing server, authentication method, communication terminal, and log-in method |
| JP2011239476A (en) * | 2004-07-09 | 2011-11-24 | Voltage Security Inc | Secure messaging system with derived keys |
| US8077861B2 (en) | 2004-08-12 | 2011-12-13 | Cmla, Llc | Permutation data transform to enhance security |
| US8155310B2 (en) | 2004-08-12 | 2012-04-10 | Cmla, Llc | Key derivation functions to enhance security |
| JP2012090162A (en) * | 2010-10-21 | 2012-05-10 | Kddi Corp | Key management system, key management method, and computer program |
| WO2013060539A1 (en) * | 2011-10-28 | 2013-05-02 | Celtipharm | Method and system for establishing a relationship between sets of information about a single person |
| JP2014053675A (en) * | 2012-09-05 | 2014-03-20 | Sony Corp | Security chip, program, information processing device, and information processing system |
| JP7226602B1 (en) | 2022-02-01 | 2023-02-21 | 凸版印刷株式会社 | Secret information distribution system, secret information distribution method, device management server, and program |
-
2000
- 2000-12-11 JP JP2000381670A patent/JP2002185443A/en active Pending
Cited By (26)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2005532742A (en) * | 2002-07-10 | 2005-10-27 | ジェネラル・インスツルメント・コーポレーション | Method for preventing unauthorized delivery and use of electronic keys with key seeds |
| JP2005123883A (en) * | 2003-10-16 | 2005-05-12 | Japan Science & Technology Agency | Electronic signature system |
| JP2005260614A (en) * | 2004-03-12 | 2005-09-22 | Dainippon Printing Co Ltd | Encryption device |
| JP2008505571A (en) * | 2004-07-01 | 2008-02-21 | テクノストア アクチエンゲゼルシャフト | Method, system and security means for data archiving with automatic encryption and decryption by key fragmentation |
| JP4801059B2 (en) * | 2004-07-01 | 2011-10-26 | テクノストア アクチエンゲゼルシャフト | Method, system and security means for data archiving with automatic encryption and decryption by key fragmentation |
| JP2011239476A (en) * | 2004-07-09 | 2011-11-24 | Voltage Security Inc | Secure messaging system with derived keys |
| US8737608B2 (en) | 2004-08-12 | 2014-05-27 | Cmla, Llc | Exponential data transform to enhance security |
| US8155310B2 (en) | 2004-08-12 | 2012-04-10 | Cmla, Llc | Key derivation functions to enhance security |
| JP2012023764A (en) * | 2004-08-12 | 2012-02-02 | Cmla Llc | Translation data conversion for enhanced security |
| JP2009071854A (en) * | 2004-08-12 | 2009-04-02 | Cmla Llc | Permutation data transform to enhance security |
| JP2012023763A (en) * | 2004-08-12 | 2012-02-02 | Cmla Llc | Translation data conversion for enhanced security |
| US8077861B2 (en) | 2004-08-12 | 2011-12-13 | Cmla, Llc | Permutation data transform to enhance security |
| JP2008530917A (en) * | 2005-02-11 | 2008-08-07 | クゥアルコム・インコーポレイテッド | Context-restricted shared secret |
| JP2011227905A (en) * | 2005-02-11 | 2011-11-10 | Qualcomm Incorporated | Context limited shared secret |
| US8726019B2 (en) | 2005-02-11 | 2014-05-13 | Qualcomm Incorporated | Context limited shared secret |
| JP2007124415A (en) * | 2005-10-28 | 2007-05-17 | Nifty Corp | Content storage program, content reproduction program, and content distribution program |
| JP2008028695A (en) * | 2006-07-21 | 2008-02-07 | Nomura Research Institute Ltd | Information leakage prevention method |
| JP2008311779A (en) * | 2007-06-12 | 2008-12-25 | Hitachi Kokusai Electric Inc | Data receiver |
| JP2009237774A (en) * | 2008-03-26 | 2009-10-15 | Advanced Media Inc | Authentication server, service providing server, authentication method, communication terminal, and log-in method |
| JP2012090162A (en) * | 2010-10-21 | 2012-05-10 | Kddi Corp | Key management system, key management method, and computer program |
| WO2013060539A1 (en) * | 2011-10-28 | 2013-05-02 | Celtipharm | Method and system for establishing a relationship between sets of information about a single person |
| JP2014053675A (en) * | 2012-09-05 | 2014-03-20 | Sony Corp | Security chip, program, information processing device, and information processing system |
| CN103678990A (en) * | 2012-09-05 | 2014-03-26 | 索尼公司 | Security chip, program, information processing device and information processing system |
| CN103678990B (en) * | 2012-09-05 | 2019-03-08 | 索尼公司 | Safety chip, information processing unit and information processing system |
| JP7226602B1 (en) | 2022-02-01 | 2023-02-21 | 凸版印刷株式会社 | Secret information distribution system, secret information distribution method, device management server, and program |
| JP2023112251A (en) * | 2022-02-01 | 2023-08-14 | 凸版印刷株式会社 | Secret information distribution system, secret information distribution method, device management server, and program |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US6011849A (en) | Encryption-based selection system for steganography | |
| JP2002185443A (en) | Secret key managing system | |
| CN109543434B (en) | Block chain information encryption method, decryption method, storage method and device | |
| WO2001030020A1 (en) | Variable length key encrypting system | |
| JP2001251287A (en) | Confidential transmitting method using hardware protection inside secret key and variable pass code | |
| CN107241196A (en) | Digital signature method and system based on block chain technology | |
| CN109873699A (en) | A kind of voidable identity public key encryption method | |
| US7031469B2 (en) | Optimized enveloping via key reuse | |
| CN109743162A (en) | A kind of operated using ideal lattice carries out the matched encryption method of identity attribute | |
| EP1180277B1 (en) | Private key recovery | |
| AU753951B2 (en) | Voice and data encryption method using a cryptographic key split combiner | |
| JPH0969831A (en) | Cipher communication system | |
| CN116015874A (en) | User privacy anti-theft system based on blockchain | |
| JP2001111539A (en) | Cryptographic key generator and cryptographic key transmitting method | |
| CN112822016B (en) | Method for data authorization on block chain and block chain network | |
| US20010009583A1 (en) | Secret key registration method, secret key register, secret key issuing method, cryptographic communication method and cryptographic communication system | |
| KR100388059B1 (en) | Data encryption system and its method using asymmetric key encryption algorithm | |
| JP2721238B2 (en) | Key distribution method with signature function | |
| Singhal et al. | HCS: A Hybrid Data Security Enhancing Model Based on Cryptography Algorithms | |
| WO2008086731A1 (en) | Method and system of encrypt by using chaotic cipher stream | |
| JPH08223152A (en) | Ciphering method and cipher information converter | |
| JPH1155244A (en) | Method for restoring key and device therefor | |
| KR20020025343A (en) | Apparatus and Method for encryption and decryption of file using base key and one-time key | |
| Park et al. | PRE-based Privacy-Sensitive Healthcare Data Management for Secure Sharing | |
| JPH02195376A (en) | Ic card provided with key sharing function |