JP2004040622A - Encryption processing system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To improve security by reducing the possibility that a correspondence relation between data to be a source of encryption and encrypted data is intercepted by an illegal method. <P>SOLUTION: A reader/writer transmits an encryption command (a) including plaintext data to an IC card to make encryption processing to be carried out in the IC card, and an encrypted sentence is made to be returned as a response. In such a case, the obtained encrypted sentence is divided to prepare a plurality of blocks 21 to 23, and the blocks are distributed to a plurality of responses to be returned. The reader/writer gives return request commands (c) and (e) until all of the blocks are returned. The IC card includes the remaining blocks in responses (d) and (f) and returns the responses. The number of divided blocks and the data length of each block are determined at random and a return order is also determined at random. <P>COPYRIGHT: (C)2004,JPO

Description

[0001]
TECHNICAL FIELD OF THE INVENTION
The present invention relates to a cryptographic processing system, and more particularly, to a cryptographic processing system using a portable encryption device such as an IC card.
[0002]
[Prior art]
With the spread of a global network environment centered on the Internet, data encryption has become necessary in various fields of social life. For example, as a method for authenticating an individual, use of a digital signature instead of a conventional signature has begun to spread, and an encryption technique is also used for this digital signature. That is, the digital signature of the message data to be signed is created by performing an encryption operation on the message data based on a predetermined secret algorithm using secret data. A public key cryptosystem is used for an encryption operation for creating a digital signature, and secret data cannot be obtained from the created digital signature. Therefore, consideration has been given that a third party who has obtained the digital signature cannot know the original secret data based on the digital signature. However, if the secret data itself is read by unauthorized means, it becomes possible to forge a digital signature. For this reason, it is preferable to use a device having the highest possible security as an encryption device that stores secret data and creates a digital signature using the secret data.
[0003]
For these reasons, IC cards are now widely used as encryption devices suitable for performing personal encryption processes such as digital signatures. By distributing an IC card to an individual and storing secret data for each individual in the IC card, it becomes possible to manage the secret data with sufficient security. An encryption operation program based on a predetermined algorithm using stored secret data is incorporated in the IC card functioning as an encryption device, and all the encryption operations are performed inside the IC card. Become. The first data to be encrypted may be prepared on a computer functioning as a data processing device and transmitted to an IC card via a reader / writer device. The IC card internally executes a predetermined encryption operation on the first data provided via the reader / writer device, and returns the created second data to the computer again via the reader / writer device. I do.
[0004]
[Problems to be solved by the invention]
In the above-described cryptographic processing system using an IC card, all security data and secret algorithms necessary for the encryption operation are stored in the IC card, and sufficient security measures are taken so that they cannot be read out by an unauthorized method. Has been taken. However, if the communication between the computer functioning as the data processing device and the IC card functioning as the encryption device is intercepted, the secret data and the secret algorithm itself will not be disclosed, but the "specific The fact that specific ciphertext data has been obtained for plaintext data "will be leaked to the outside. Such communication interception can be performed on a signal path between the reader / writer device and the IC card, or can be performed on a signal path between the computer and the reader / writer device. Further, by searching the memory in the computer, a result equivalent to the wiretapping can be obtained. In recent years, there are many cases in which a computer virus having such a communication interception function is distributed to perform an illegal act. If a large number of "correspondences between specific plaintext data and specific ciphertext data" are obtained due to such misconduct, there is a danger that secret data in the IC card is estimated by analyzing these. Comes out. In addition, it is also possible to determine a command code for generating a cipher by interception of a communication, and an unauthorized access person can give an intentionally created convenient plaintext data to the IC card together with the determined command code. In this case, an illegal act of obtaining encrypted data corresponding to the plaintext data becomes possible, and there is a possibility that the decryption is misused by various methods.
[0005]
Therefore, the present invention provides a cryptographic processing system capable of improving the security by reducing the probability that the correspondence between the data to be encrypted and the encrypted data is intercepted by an unauthorized method. The purpose is to provide.
[0006]
[Means for Solving the Problems]
(1) According to a first aspect of the present invention, a process of creating second data by performing an encryption operation using a secret algorithm based on first data to be encrypted is performed. In the cryptographic processing system to be performed,
A function of internally storing a secret algorithm and performing an operation based on the secret algorithm on first data given from the outside to create second data corresponding to the first data. With an encryption device
A function of preparing first data that can be connected to the encryption device and subject to encryption processing, a function of transmitting the prepared first data to the encryption device, and a function of creating the first data inside the encryption device. A data processing device having a function of receiving the obtained second data;
And
The exchange of information between the encryption device and the data processing device is performed in accordance with a transmission process of transmitting a predetermined command from the data processing device to the encryption device and a command from the encryption device to the data processing device in response to the command. A response process for returning a response and a response process are performed alternately.
The data processing device transmits an “encryption command” including the first data to be encrypted to the encryption device, and receives a response returned from the encryption device in response to the “encryption command”. A first active process and a “reply request command” for requesting a return of the second data are transmitted to the encryption device, and a response returned from the encryption device is received in response to the command. 2 and an combining process of assembling second data by combining data included in the plurality of received responses.
When the “encryption command” is transmitted, the encryption device performs an operation based on a secret algorithm on the first data included in the command, thereby providing the first data with A first passive unit that creates corresponding second data and returns a predetermined response that does not include the created second data at all or includes only a part of the created second data as a response to the “encryption command”. Processing, and when a “reply request command” is transmitted, a second passive part that returns a predetermined response including only a part of the created second data as a response corresponding to the “reply request command” And processing.
[0007]
(2) The second aspect of the present invention provides the cryptographic processing system according to the first aspect,
The data processing device prepares plaintext data to be subjected to encryption processing as first data, and handles the second data obtained by the synthesis processing as ciphertext data for the plaintext data. .
[0008]
(3) A third aspect of the present invention provides the cryptographic processing system according to the first aspect, wherein
The data processing device prepares predetermined message data to be a digital signature as the first data, and treats the second data obtained by the synthesizing process as a digital signature for personal authentication of the message data. It is like that.
[0009]
(4) A fourth aspect of the present invention provides the cryptographic processing system according to the first to third aspects described above.
An IC card is used as an encryption device, and a reader / writer device having a function of accessing the IC card and a computer for controlling the reader / writer device are used as a data processing device.
[0010]
(5) A fifth aspect of the present invention provides the cryptographic processing system according to the first to third aspects described above.
A client computer is used as an encryption device, and a server computer connected to the client computer via the Internet is used as a data processing device.
[0011]
(6) A sixth aspect of the present invention provides the cryptographic processing system according to the first to fifth aspects, wherein:
The encryption device divides the created second data into a plurality of n blocks, and performs a process of dividing each of the n blocks into n responses and returning the data to the data processing device.
[0012]
(7) A seventh aspect of the present invention provides the cryptographic processing system according to the sixth aspect, wherein
The encryption device randomly determines the number of block divisions n and the data length of each block.
[0013]
(8) An eighth aspect of the present invention provides the cryptographic processing system according to the seventh aspect, wherein
The encryption device returns information to the data processing device by including information indicating the randomly determined number of divisions n and the data length of each block in one of the responses,
The data processing device obtains the second data based on the returned information.
[0014]
(9) A ninth aspect of the present invention provides the cryptographic processing system according to the sixth to eighth aspects, wherein:
The encryption device performs a process of randomly changing the order of each of the n blocks, and includes a process of returning the data to the data processing device by including each of the n blocks in an individual response in the changed order. And information indicating the block order after the replacement is included in one of the responses and returned to the data processing device,
The data processing device assembles the second data based on the returned information.
[0015]
(10) A tenth aspect of the present invention provides the cryptographic processing system according to the eighth or ninth aspect, wherein
The encryption device returns at least one of the information indicating the number of divisions n, the information indicating the data length of each block, and the information indicating the order of the blocks after the replacement in a response corresponding to the “encryption command”. It is intended to be.
[0016]
(11) An eleventh aspect of the present invention provides the cryptographic processing system according to the first to tenth aspects, wherein
The second data created by the encryption device in the “response corresponding to the encrypted command” returned as the first passive process or the “response corresponding to the return request command” returned as the second passive process is as follows. This is to include irrelevant dummy data.
[0017]
(12) A twelfth aspect of the present invention provides the cryptographic processing system according to the first to eleventh aspects,
The data processing device includes meaningless dummy data in a "reply request command" transmitted as the second active process.
[0018]
BEST MODE FOR CARRYING OUT THE INVENTION
Hereinafter, the present invention will be described based on an illustrated embodiment.
[0019]
§1. Basic embodiment of the present invention
FIG. 1 is a block diagram showing a configuration of a cryptographic processing system according to a basic embodiment of the present invention. This cryptographic processing system includes a data processing device 100 and an encryption device 200 as shown in the figure. In this embodiment, the data processing device 100 includes a computer 110 and a reader / writer device 120, and the encryption device 200 includes an IC card. As shown, the encryption device 200 composed of an IC card is provided with components such as an information communication unit 210, a command interpretation unit 220, a cryptographic operation unit 230, and a response return unit 240. However, each of these components shows a configuration focusing on the software functions of the IC card. From the viewpoint of the hardware components, the IC card is composed of a CPU, a memory (RAM, ROM). , EEPROM) and an input / output interface. The information communication unit 210 is configured by an input / output interface, and the command interpreting unit 220, the cryptographic operation unit 230, and the response returning unit 240 are configured by each memory and CPU. You.
[0020]
The encryption device 200 composed of an IC card is a portable information processing device, can be carried by each user, and can be used by connecting to the data processing device 100 as needed. Recently, IC cards have already begun to be used for various purposes. Therefore, the encryption device 200 does not necessarily need to be provided as a dedicated IC card that performs only the encryption processing function. In practice, a general-purpose IC card shared for a plurality of uses is used as the encryption device 200. It is possible. The reader / writer device 120 has a function of exchanging information by connecting to the encryption device 200 including the IC card. All direct access to the IC card is executed by the reader / writer device 120. On the other hand, the computer 110 has a function of controlling the reader / writer device 120 connected as a peripheral device, and can be configured by, for example, a personal computer for personal use.
[0021]
Here, Web browser software for browsing a Web page by connecting to the Internet is incorporated in the computer 110, and a case where a user transmits some encrypted data to a specific site via the Internet is assumed. By way of example, the basic operation of this system will be described. Such a basic operation is performed by division of labor between the data processing device 100 and the encryption device 200.
[0022]
That is, first, the first data 10 to be encrypted is prepared on the data processing apparatus 100 side. The first data 10 may be prepared by direct input from a user using a keyboard or the like of the computer 110, or may be prepared by reading from a file or the like in a storage device. Of course, it is also possible to prepare the first data 10 by taking it into the computer 110 via a network. Thus, the first data 10 prepared in the computer 110 is transmitted to the encryption device 200 via the reader / writer device 120. More specifically, as described later, the first data 10 is transmitted from the reader / writer device 120 to the information communication unit 210 in the form of a command, and is transmitted to the cryptographic operation unit 230 via the command interpretation unit 220. The cryptographic operation unit 230 creates the second data 20 by performing an encryption operation using a secret algorithm based on the first data 10. The second data 20 created in this way is sent to the response reply unit 240, and from there, sent as a response to the reader / writer device 120 via the information communication unit 210.
[0023]
FIG. 2 is a diagram illustrating the concept of such an encryption process. In the illustrated example, the first data 10 is character string data composed of plain text, and the second data 20 is character string data composed of cipher text. The character string data composed of plain text is prepared on the data processing device 100 side, transmitted to the encryption device 200 side, and converted into cipher text by performing an operation based on a secret algorithm in the encryption device 200. You. The character string data composed of the ciphertext created in this way is transmitted to the data processing device 100 again. The reason why the encryption process is performed in the encryption device 200 is to increase the security of the secret algorithm. The operation based on the secret algorithm performed in the encryption device 200 is usually performed using secret data unique to each encryption device 200. However, both the secret algorithm and the secret data are encrypted. Since measures are taken such that the secret algorithm and the secret data are stored inside the device 200 and are not read outside, the secret algorithm or the secret data is not read outside by an unauthorized means.
[0024]
After all, the encryption device 200 performs an encryption operation using a secret algorithm stored in the encryption operation unit 230 based on the first data 10 transmitted from the data processing device 100 side. The data processing device 100 creates the second data 20 and returns the created second data 20 to the encryption device 200. The data processing device 100 performs the first This is a device that prepares the data 10, transmits the prepared first data 10 to the encryption device 200, and receives the second data 20 created inside the encryption device 200. Thus, when the second data 20 can be obtained in the computer 110, the second data 20 can be transmitted to a predetermined site via the Internet.
[0025]
By the way, as described above, the first data 10 is prepared on the data processing device 100 side, and the first data 10 is provided to the encryption device 200 side, and the second data 20 is created by the internal operation of the encryption device 200 side. In order to perform the basic operation of returning the second data 20 to the data processing device 100 again, it is of course necessary to exchange information between the data processing device 100 and the encryption device 200. . In general, when exchanging information between an IC card and a reader / writer, a predetermined command is transmitted from the reader / writer to the IC card, and a predetermined response corresponding to this command is transmitted from the IC card to the reader / writer. This is performed by alternately executing a communication process of sending a reply to the side.
[0026]
Here, for convenience of explanation, first, a procedure of an encryption process in a conventional encryption processing system using a general IC card will be described. In the conventional procedure, first, for example, an “encryption command” as shown in FIG. 3A is given from the reader / writer device to the IC card. For example, a process shown in FIG. 3B is performed to return a response, and the second data 20 (character string data composed of cipher text) corresponding to the first data 10 (character string data composed of plain text) Will be created. In the specific example shown in FIG. 3, the “encryption command” includes a command portion including a command code “CRYPT” (a code indicating that the command is a command for requesting an encryption process). , A data portion composed of “character string data composed of plain text (first data 10)”. On the other hand, the response to the “encrypted command” includes a status part consisting of a status code “OK” (a code indicating that the given command has been correctly processed) and “character string data consisting of cipher text (second Data 20) ". The IC card interprets the “encrypted command” as shown in FIG. 3A, and encrypts the first data 10 included in the data part of the command to create the second data 20. Is provided in the data portion, a function of returning a response as shown in FIG. 3 (b) {} can be provided to the IC card, as shown in FIG. 3 (a) { Is given, a response as shown in FIG. 3B is returned, and the second data 20 obtained by encrypting the first data 10 can be obtained.
[0027]
However, as described above, the first data 10 to be encrypted is prepared on the data processing device 100 side, and a command including the first data 10 is given to the encryption device 200 (IC card) to encrypt the data. Since a method of obtaining the created second data 20 as a response returned from the device 200 to the data processing device 100 is employed, unauthorized access such as communication interception between the data processing device 100 and the encryption device 200 is performed. As described above, there is a risk of being subjected to an attack by means and giving clues to guess secret data and a secret algorithm in the encryption device 200. For example, in the case of the example shown in FIG. 3, the fact that the response shown in FIG. 3B was returned in response to the "encrypted command" shown in FIG. If possible, it will be understood that the cipher text corresponding to the first data 10 is the second data 20. Of course, it is very difficult to guess the secret data and the secret algorithm in the encryption device 200 only by combining such a pair of plaintext data and ciphertext data, but if communication interception is continued, A large number of combinations of the first data 10 and the second data 20 can be accumulated, and the more such accumulations, the higher the probability of estimating the secret data and the secret algorithm. If the code of the “encrypted command” can be recognized as “CRYPT”, the fraudulent person can give the “encrypted command” containing arbitrary data and obtain a response corresponding to the “encrypted command”. Therefore, secret data and secret algorithms are easier to guess.
[0028]
As described above, according to the present invention, the transmission process of transmitting a predetermined command from the data processing device 100 to the encryption device 200, and the response corresponding to the command from the encryption device 200 to the data processing device 100 are returned. The purpose of the present invention is to improve security in a cryptographic processing system in which information is exchanged between the two by alternately executing a reply process. The point is that, after the arithmetic processing for obtaining the second data 20 is performed inside the encryption device 200, as shown in FIG. , N = 3), and the n blocks 21 to 23 are divided into n responses and sent back to the data processing apparatus 100. That is, conventionally, the second data 20 is returned by the "response to the encrypted command" shown in (b) of FIG. 3B. However, in the present invention, the created response is included in the "response to the encrypted command". The second data 20 is set to include only a part of the second data 20 or not to include the second data 20 at all, and the second data 20 is returned to the dispenser by a plurality of responses.
[0029]
As described above, in the present invention, it is not possible to return the entire second data 20 to the data processing device 100 only with the “response to the encrypted command”, and a plurality of responses are necessarily required. However, in order to obtain a response from the encryption device 200, it is necessary to transmit some command from the data processing device 100. In other words, communication between the reader / writer device and the IC card is always active from the reader / writer device side, that is, a command is transmitted, and a passive reply is sent from the IC card side as a response to this command. Must be returned. Therefore, in the present invention, a "reply request command" for requesting the encryption device 200 (IC card) to return the second data 20 is prepared, and the second reply command is provided as a response to the "reply request command". A part of the data 20 is returned. For example, as shown in FIG. 4, if the second data 20 is divided into three blocks 21 to 23, the first block 21 is returned as a "response to an encrypted command" and the second block 20 is returned. Block 22 is returned as a "response to a reply request command" provided subsequently, and the third block 23 is returned as another "response to a reply request command" provided subsequently. do it.
[0030]
The exchange of the command and the response shown in FIG. 5 is an example in which the second data 20 divided into three is returned as three responses as described above. First, an “encryption command” as shown in (a) in FIG. 5 is given from the data processing device 100 to the encryption device 200. In this example, the “encrypted command” is composed of a command part composed of a command code “CRYPT” and a data part composed of character string data (first data 10) composed of plain text. Such an “encrypted command” is provided from the reader / writer device 120 to the information communication unit 210, and is interpreted by the command interpreting unit 220. Then, the command interpreting unit 220 gives the first data 10 included in the “encrypted command” to the cryptographic operation unit 230 to execute the encryption operation. The second data 20 obtained as a result of the encryption operation is provided to the response returning unit 240. The response returning unit 240 returns the provided second data 20 in one response. Instead, it divides it into a plurality of n blocks, temporarily stores them, and divides them into a plurality of responses to send back a response.
[0031]
In the example shown here, the second data 20 is divided into three blocks 21 to 23 as shown in FIG. 4 and returned in three responses. That is, first, the first block 21 is returned as a "response to the encrypted command", as shown in FIG. This response is composed of a status part composed of a status code “OK” (a code indicating that the given “encrypted command” has been executed without any trouble) and a data part composed of the first block 21. ing. In the sense of the response to the “encrypted command”, the response shown in FIG. 5B is equivalent to the conventional response shown in FIG. 3B, but the conventional response shown in FIG. 5 includes the entirety of the second data 20, whereas the response of the present invention shown in FIG. 5B includes only a part of the second data 20.
[0032]
In the present invention, in order to request a reply for a portion not returned in the “response to the encrypted command”, the data processing device 100 further transmits to the encrypting device 200 as shown in FIG. It is necessary to give a "reply request command". In this example, the "reply request command" is composed of only a command part consisting of a command code of "REPLY", and has no data part. When such a “reply request command” is given to the command interpreting unit 220 via the information communication unit 210, the command interpreting unit 220 performs a process of returning the next block to be returned as a response to the response returning unit 240. Give instructions to do so. As a result, a "response to the reply request command" as shown in (d) of FIG. 5 is returned to the data processing apparatus 100. This response is a response obtained by adding a data part consisting of the second block 22 to a status part consisting of a status code of "OK", indicating that the given "reply request command" has been executed without any trouble. , A response including the second block 22 to be returned. Subsequently, when the data processing apparatus 100 gives the encryption apparatus 200 a "reply request command" (the same command as the command in FIG. 5C) as shown in FIG. , A response as shown in FIG. 5F is returned to the data processing apparatus 100. This response includes a third block 23 to be returned. Thus, all the blocks 21 to 23 are returned to the data processing device 100 by three responses, so that the second data 20 can be obtained by performing a synthesizing process for assembling them. become.
[0033]
As a result, in the case of the above-described example, the second data 20 created in the encryption device 200 is divided into three blocks 21 to 23, each of which is illustrated in FIG. This means that the response was divided into two responses. If such a method is adopted, even if a command / response pair as shown in FIGS. 5 (a) and (b) 方法 is recognized by an unauthorized method such as communication interception, FIG. 5 (a) The first data 10 included in the “encrypted command” shown and the first block 21 included in the response shown in FIG. 5B are incomplete as a plaintext / ciphertext pair. Therefore, it is possible to make it difficult to guess the secret data and the secret algorithm used in the encryption processing in the encryption operation unit 230.
[0034]
Note that when the “reply request command” is given, but there is no block to be returned in the response reply unit 240 (for example, the “reply request command” is given before the “encrypted command” is given). Or if all blocks have been replied and a "reply request command" has been given), the "reply request command" is displayed in the status section. A response in which a status indicating an error is written is returned.
[0035]
After all, in the cryptographic processing system according to the present invention, the following processing is performed in the data processing device 100 and the encryption device 200 in order to obtain the second data 20 obtained by encrypting the first data 10. Will be. Here, for convenience of explanation, the processing on the data processing apparatus 100 side will be referred to as “active processing”, and the processing on the encryption apparatus 200 side will be referred to as “passive processing”.
[0036]
First, the following processing is performed on the data processing device 100 side. First, an “encryption command” including the first data to be encrypted is transmitted to the encryption device 200, and a response is returned from the encryption device 200 in response to the “encryption command”. One active process is performed. That is, the first active process is a process of transmitting an “encrypted command” as shown in FIG. 5A and receiving a response as shown in FIG. 5B returned in response thereto. It turns out that. Subsequently, a “reply request command” for requesting a return of the second data is transmitted to the encryption device 200, and a second response is received from the encryption device 200 in response thereto. Active processing is performed. This second active process is a process of transmitting a “reply request command” as shown in FIG. 5C and receiving a response as shown in FIG. become. In the case of the example shown in FIG. 5, such second active processing is performed once again. When all blocks constituting the second data 20 are returned in this way, the data processing device 100 finally assembles the second data 10 by synthesizing the data included in the plurality of received responses. Perform synthesis processing. That is, in the case of the example shown in FIG. 5, the combining process for obtaining the second data 20 is performed by assembling the three blocks 21 to 23 included in the three responses.
[0037]
Note that the first active process and the second active process described above do not necessarily need to be executed consecutively, and another process (a command is transmitted from the data processing apparatus 100 side, and (A process of receiving some response) according to the request. Also, when the second active process is repeatedly executed, another process may be interposed between the processes. Of course, the command transmission operation to the encryption device 200 is not performed based on the direct instruction of the user, but is performed based on the instruction of the program executed on the computer 110 configuring the data processing device 100. Will be. Therefore, the procedure of the first active process and the second active process described above is described in the program executed on the computer 110.
[0038]
On the other hand, on the encryption device 200 side, every time an individual command is given, a predetermined process according to the content of the command is executed, and a process of returning a predetermined response is executed. Specifically, first, when the above-mentioned “encrypted command” is transmitted, by performing an operation based on a secret algorithm on the first data 10 included in the command, the first A first passive process is performed in which the second data 20 corresponding to the first data 10 is created, and a predetermined response including only a part thereof is returned as a response corresponding to the “encrypted command”. That is, in the first passive process, an “encryption command” including the first data 10 is transmitted from the data processing device 100 to the encryption device 200 as shown in FIG. In this case, the second data 20 is created based on the first data 10, and a response including only a part of the second data 20 (first block 21) as shown in FIG. Is returned to the data processing apparatus 100. However, in the example shown in FIG. 5, the response to the “encrypted command” includes the first block 21 which is a part of the second data 20, but the response to the “encrypted command” May not include the second data 20 at all. In this case, the data portion of the response shown in (b) of FIG. 5 may be left empty, for example, and each block constituting the second data 20 is returned as a response to the “reply request command”. Will be.
[0039]
When a “reply request command” is transmitted to the encryption device 200, a second response created in the past and stored in the response reply unit 240 as a response to the “reply request command” is received. A second passive process of returning a predetermined response including a part of the data (a part that has not been returned yet and remains) is performed. That is, the second passive process is a process of returning a response as shown in FIGS. 5 (d) and (f) in response to a “reply request command” as shown in FIGS. 5 (c) and 5 (e). It can be said. A block to be returned is temporarily stored in the response reply unit 240. Each time a “reply request command” is given, a process of returning a block in the response to include the next block to be returned next is performed. Done. As described above, if there is no block to be returned in the response reply unit 240 despite the fact that the “reply request command” has been transmitted, a response indicating an error is returned. Will be.
[0040]
Of course, the first passive process and the second passive process are actually executed by the CPU in the IC card constituting the encryption device 200 based on a program stored in advance in a ROM, an EEPROM, or the like. Processing. Therefore, the procedure of the first passive processing and the second passive processing described above is described in the program executed on the IC card.
[0041]
§2. Other embodiments
Having described the basic embodiment of the present invention, some useful alternative embodiments will now be described. First, in the present invention, as described above, the second data 20 created on the encryption device 200 side is divided into a plurality of n blocks. Preferably, n and the data length of each block are randomly determined each time on the encryption device 200 side. Further, the encryption device 200 performs a process of randomly changing the order of each of the n blocks, and includes each of the n blocks in an individual response in the order after the replacement so as to be included in the data processing device 100. It is preferable to perform a process of replying to.
[0042]
For example, let us consider a case where the second data 20 is divided into three blocks 21, 22, and 23 on the encryption device 200 side as shown in FIG. Here, the division number n = 3 is determined at random using random numbers, and the data lengths L1 to L3 of the blocks 21 to 23 are also determined at random using random numbers. Then, the order of these three blocks is changed as shown in FIG. Such replacement of the block order is also determined at random using random numbers. In this way, as shown in FIG. 6B, when the order of the blocks is randomly changed, these three blocks are included in individual responses in the order after the replacement and sent back. That is, in the example of FIG. 6B, in the first response to which a block is to be returned, the third block 23 is returned, in the second response, the first block 21 is returned, and the third response is returned. Then, the second block 22 is returned.
[0043]
As described above, when the encryption apparatus 200 side randomly determines the number of divisions n, the data length of each block, and the order of the blocks after the replacement, the data processing apparatus 100 also notifies the data processing apparatus 100 of the information. Need to be kept. For this purpose, such information may be included in any response given from the encryption device 200 to the data processing device 100. In particular, it is preferable to include information on the number of divisions n in a response to the “encrypted command”. Then, the data processing apparatus 100 can recognize the number of divisions n by the response to the “encryption command”, so that the number of times the “reply request command” is given thereafter will return all the blocks. It is possible to perform the process of giving the “reply request command” as many times as necessary. However, if the total data length of the second data 20 can be determined in advance, the data processing apparatus 100 repeatedly repeats the “reply request” until the cumulative value of the data length of the returned block reaches the total data length. Since the command may be given, transmitting information on the number of divisions n and data on the data length of each block to the data processing device 100 is not an essential item in practicing the present invention.
[0044]
FIG. 7 is a diagram showing exchange of commands and responses according to another embodiment of the present invention. The “encryption command” shown in (a) of FIG. 7 is a command for requesting an encryption process on the first data 10, just like the “encryption command” of (a) in FIG. On the other hand, in this embodiment, the response to this command is as shown in FIG. This response is composed of a status part consisting of a status code "OK" and a data part as shown. The data section includes information indicating the number of divisions n, block order, and block length. That is, in the illustrated example, the division number n is “3”, the block order is “3 → 1 → 2 (meaning that the third block → the first block → the second block is returned in order)”, and the block length Is "L3, L1, L2 (the block length of the third block is L3, the block length of the first block is L1, and the block length of the second block is L2, according to the block order)." Included in the Department.
[0045]
In addition, dummy data is added to the data portion of the response shown in FIG. This dummy data is any meaningless data irrelevant to the second data 20 created in the encryption device 200. Such addition of dummy data is effective in improving security against wiretapping. That is, even when a command / response pair as shown in FIGS. 7A and 7B is intercepted by unauthorized means, the presence of the dummy data makes it more difficult to analyze the correspondence between the two. .
[0046]
The data processing device 100 receives the response as shown in FIG. 7 (b) {circle around (2)}, and returns the second data 20 divided into three blocks, in the block order of “3 → 1 → 2”. And that the data length of each block is “L3, L1, L2”. As a result, it can be recognized that three "reply request commands" are necessary, and the first "reply request command" is transmitted as shown in (c) of FIG. The data portion of the “reply request command” is originally unnecessary, but in the example shown in FIG. 7C, the meaningless dummy data is included in the data portion of the “reply request command”. I have to. This is a consideration to make it more difficult to analyze the correspondence between the command / response pair and the command / response pair even if the command / response pair is intercepted by illegal means due to the presence of the dummy data.
[0047]
In this example, a response as shown in FIG. 7D is returned as a response to the "reply request command" shown in FIG. 7C. This response is composed of a status part consisting of a status code "OK" and a data part as shown. The data section includes a third block corresponding to the first order and dummy data added for improving security. Since information on the block length of each block has already been transmitted to the data processing device 100, it is possible to distinguish the original block data from the dummy data. For example, in the data portion as shown in FIG. 7D, the portion from the beginning to the portion corresponding to the data length L3 is the data constituting the third block, and the portion following this is dummy data. Can be recognized. Similarly, two more “reply request commands” are transmitted, and in response to this, responses are respectively returned, and all three blocks are returned to the data processing device 100 side. The data processing device 100 can perform the combining process of rearranging and assembling the three returned blocks based on the information in the block order “3 → 1 → 2”, and finally obtain the second data 20. .
[0048]
As described above, the plaintext data prepared in the data processing device 100 is given to the encryption device 200 as the first data 10, and the second data 20 constituting the ciphertext data corresponding to the plaintext data is created. Although the example in which the response is divided and returned is described, the cryptographic processing system according to the present invention is not necessarily limited to the use of converting the plaintext data into the ciphertext data. For example, the data processing device 100 is provided with a function of preparing, as the first data 10, predetermined message data to be subjected to a digital signature for personal authentication, and the encryption device 200 performs an encryption process on the message data. Accordingly, an operation for creating a predetermined digital signature may be performed, and the second data 20 including the digital signature may be returned as a plurality of responses. In this case, the data processing device 100 treats the obtained second data as a digital signature for personal authentication of the message data constituting the first data.
[0049]
FIG. 8 is a diagram showing a specific example of such a digital signature. Here, a specific example will be described in which a specific user named “Taro Taro” accesses a specific Web site using the computer 110 and places an order for an encyclopedia at an online bookstore operated by the Web site. . First, in order to make such an order, the user “Taro Tokkyo” inputs, to the computer 110, message data M (data consisting of a character string “I will pay attention to a set of encyclopedias”) as shown in FIG. I do. Then, the message data M is transmitted as the first data 10 to the information communication unit 210 via the reader / writer device 120, and is provided to the cryptographic operation unit 230. Here, the secret data H as shown in FIG. 8 (in this example, a character string "ABC123" for convenience) is stored in the cryptographic operation unit 230 in the IC card possessed by the user "Tokutaro". Let's say that was stored. The secret data H is written by a predetermined method at the issuer when this IC card is issued to the user “Taro Tokkyo”.
[0050]
In this case, the cryptographic operation unit 230 performs a predetermined operation using the secret data H on the message data M based on a predetermined algorithm prepared in advance, and performs a digital operation for personal authentication on the message data M. Create signature D. Here, it is assumed that, for example, a digital signature D as shown in FIG. 8 (in this example, for convenience, the numerical value is “456789”) is created. As a specific algorithm for creating a digital signature, for example, “a character string constituting the secret data H is added to a character string constituting the message data M, and these character strings are converted into hexadecimal numbers to be digitized. A hash value obtained by applying a hash function to this numerical value is used as a digital signature. " A hash value obtained by applying a hash function to a certain original numerical value is uniquely determined. However, since the original numerical value cannot be calculated back from the hash value, the message data M and the secret data H are given. For example, the digital signature D given as a hash value can be uniquely obtained by the cryptographic operation unit 230. Conversely, even if the digital signature D and the message data M are known, the secret data H Can not be asked. Therefore, the digital signature D can be said to be data obtained by encrypting the message data M.
[0051]
In this way, the digital signature D composed of the numerical value “456789” created by the cryptographic operation unit 230 is temporarily stored in the response returning unit 240, and is divided into a plurality of responses and transmitted to the reader / writer device 120 side. Will be replied. For example, the numerical value “456789” is divided into three blocks “45”, “67”, and “89”, and returned as three responses. The computer 110 restores the digital signature D of “456789” by combining them. Thus, the computer 110 sends the digital signature D together with the message data M to the online bookstore site as an order from the user "Taro Tatoshi", and places an order for the encyclopedia.
[0052]
On the other hand, the secret data H stored in the cryptographic operation unit 230 is also registered as a secret data for personal authentication of the user "Taro Tatoshi" at a trusted certificate authority. Therefore, the online bookstore that has received the message data M “Encyclopedia will be ordered.” And the digital signature D “456789” as an order from the user “Patent Taro” refers to the certificate authority. This makes it possible to confirm that the combination of the message data M and the digital signature D is actually transmitted from “Taro Tokkyo”. That is, the certificate authority uses the message data M “Encyclopedia order is placed” and the data “ABC123” registered as the secret data H of Taro Patent by using a predetermined algorithm (the cryptographic operation unit 230). If the same digital signature D of “456789” is obtained, the message data M of “I will order a complete encyclopedia” and the message data M of “456789” are obtained. It will be confirmed that the combination with the digital signature D is certainly transmitted by the user "Taro Tokkyo". Of course, if a part of the message data M is falsified, the obtained digital signature will be different, so that a correct authentication result cannot be obtained.
[0053]
FIG. 9 is a block diagram showing still another embodiment of the present invention. In the basic embodiment shown in FIG. 1, the data processing device 100 is configured by the computer 110 and the reader / writer device 120, and the encryption device 200 is configured by an IC card. On the other hand, the embodiment shown in FIG. 9 is a mode in which the data processing device and the encryption device communicate via the Internet 300. That is, in this embodiment, the entire components of the client computer 310, the reader / writer device 320 connected thereto, and the IC card 330 connected thereto function as an encryption device, and the server computer 340 functions as a data processing device. Will do. The client computer 310 and the server computer 340 are connected via the Internet 300. When a predetermined command is given from the server computer 340 to the client computer 310, the command is executed on the client computer 310 side ( If necessary, the IC card 330 is accessed via the reader / writer device 320). Then, the execution result of the command is returned as a response to the server computer 340 via the Internet 300.
[0054]
Specifically, when an “encryption command” including the first data 10 is given from the server computer 340 to the client computer 310, the “encryption command” is transmitted to the IC card 330 via the reader / writer device 320. And the second data 20 is created. The second data 20 is transmitted to the client computer 310 via the reader / writer device 320. The second data 20 is transmitted as a response from the client computer 310 to the server computer 340 via the Internet 300. At this time, the second data 20 is divided into a plurality of n blocks. Is transmitted to the server computer 340 side in a plurality of times. Therefore, even if an unauthorized interception is performed on the Internet 300, a higher security effect can be obtained as compared with a normal method.
[0055]
Of course, it is also possible to implement the present invention using the client computer 310 and the reader / writer device 320 shown in FIG. 9 as data processing devices and the IC card 330 shown in FIG. 9 as an encryption device. In the mode shown in FIG. 9, the present invention can be applied to a so-called "nested type". That is, when the present invention is implemented by using the client computer 310 and the reader / writer device 320 as a data processing device and the IC card 330 as an encryption device, security against interception between the reader / writer device 320 and the IC card 330 can be improved. Can be improved. On the other hand, when the present invention is implemented by using the entire components of the client computer 310, the reader / writer device 320, and the IC card 330 as an encryption device and the server computer 340 as a data processing device, security against interception on the Internet 300 Can be improved.
[0056]
As described above, the present invention has been described based on some embodiments. However, the present invention is not limited to these embodiments, and can be implemented in various other modes. For example, in the above-described embodiment, when the second data 20 is divided into a plurality of blocks, a division mode is adopted in which a set of data is divided into one block. Such a form may be adopted. For example, data extracted every third byte, such as the first byte, the fourth byte, the seventh byte,..., Is set as a first block, and the second byte, the fifth byte, the eighth byte,. The data extracted every other byte is a second block, and the data extracted every third byte is a third block, such as a third byte, a sixth byte, a ninth byte, and so on. It is also possible.
[0057]
【The invention's effect】
As described above, according to the cryptographic processing system of the present invention, the correspondence between the data to be encrypted and the encrypted data reduces the probability of being intercepted by an unauthorized method, and further improves security. It becomes possible to do.
[Brief description of the drawings]
FIG. 1 is a block diagram illustrating a basic configuration of a cryptographic processing system according to an embodiment of the present invention.
FIG. 2 is a diagram illustrating a concept of a general encryption process.
FIG. 3 is a diagram showing an example of a command / response used for performing encryption in a conventional cryptographic processing system.
FIG. 4 is a diagram showing an example of a mode of dividing character string data obtained by encryption in the present invention.
FIG. 5 is a diagram showing an example of a command / response used for performing encryption in the cryptographic processing system according to the present invention.
FIG. 6 is a diagram showing an example of a mode in which character string data obtained by encryption is divided and the order is further changed in the present invention.
FIG. 7 is a diagram showing another example of a command / response used for performing encryption in the cryptographic processing system according to the present invention.
FIG. 8 is a diagram showing a specific example of message data M, secret data H, and digital signature D used in a general digital signature system.
FIG. 9 is a block diagram illustrating a basic configuration of a cryptographic processing system according to a modification of the present invention.
[Explanation of symbols]
10: First data (character string data composed of plain text)
20: second data (character string data composed of cipher text)
21 to 23 individual blocks obtained by division
100 ... data processing device
110 ... Computer
120: Reader / writer device
200: Encryption device (IC card)
210: Information communication section
220 command interpreter
230 ... Cryptographic operation unit
240 ... Response reply unit
300 Internet
310 ... Client computer
320: Reader / writer device
330… IC card
340: Server computer
D: Digital signature
H: Secret data
L1 to L3: Data length of each block
M: Message data

Claims (15)

An encryption processing system that performs a process of creating second data by performing an encryption operation using a secret algorithm based on the first data to be encrypted.
The secret algorithm is stored inside, and an operation based on the secret algorithm is performed on first data given from the outside, thereby creating second data corresponding to the first data. An encryption device with functions,
A function of preparing first data that can be connected to the encryption device and to be subjected to encryption processing, a function of transmitting the prepared first data to the encryption device, A data processing device having a function of receiving internally generated second data;
With
The exchange of information between the encryption device and the data processing device includes a transmission process of transmitting a predetermined command from the data processing device to the encryption device, and a transmission process from the encryption device to the data processing device. And a reply process for returning a response corresponding to the command, and are alternately performed.
The data processing device transmits an “encryption command” including the first data to be encrypted to the encryption device, and a response returned from the encryption device in response to the “encryption command”. And a "reply request command" for requesting a return of the second data is transmitted to the encryption device, and the response is returned from the encryption device accordingly. A function of performing a second active process of receiving a response and a combining process of assembling second data by combining data included in the plurality of received responses;
When the “encryption command” is transmitted, the encryption device performs an operation based on the secret algorithm on the first data included in the command, thereby performing the first encryption. The second data corresponding to the above-mentioned data is created, and a predetermined response containing no or only a part of the created second data is returned as a response to the “encryption command”. A first passive process and, when the “reply request command” is transmitted, a predetermined response including only a part of the created second data as a response corresponding to the “reply request command”. And a second passive process for returning a reply. The cryptographic processing system according to claim 1,
A data processing device having a function of preparing plaintext data to be encrypted as first data, and a function of treating second data obtained by the combining process as ciphertext data for the plaintext data A cryptographic processing system comprising: The cryptographic processing system according to claim 1,
The data processing device has a function of preparing predetermined message data to be subjected to a digital signature as the first data, and converts the second data obtained by the synthesizing process into a digital for personal authentication of the message data. An encryption processing system having a function of handling as a signature. The cryptographic processing system according to claim 1,
An encryption processing system using an IC card as an encryption device and a reader / writer device having a function of accessing the IC card and a computer for controlling the reader / writer device as a data processing device. The cryptographic processing system according to claim 1,
An encryption processing system, wherein a client computer is used as an encryption device, and a server computer connected to the client computer via the Internet is used as a data processing device. The cryptographic processing system according to any one of claims 1 to 5,
An encryption device that divides the created second data into a plurality of n blocks and divides each of the n blocks into n times responses and returns the response to the data processing device. system. The cryptographic processing system according to claim 6,
An encryption processing system, wherein an encryption device randomly determines a block division number n and a data length of each block. The cryptographic processing system according to claim 7,
The encryption device has a function of returning information to the data processing device by including information indicating the randomly determined number of divisions n and the data length of each block in one of the responses,
An encryption processing system, wherein the data processing device has a function of obtaining the second data based on the information. The cryptographic processing system according to any one of claims 6 to 8,
The encryption device performs a process of randomly changing the order of each of the n blocks, and includes a process of returning the data to the data processing device by including each of the n blocks in an individual response in the changed order. Has a function of performing, and having a function of returning information to the data processing device by including information indicating the block order after the replacement in one of the responses,
A cryptographic processing system, wherein the data processing device has a function of assembling second data based on the information. The cryptographic processing system according to claim 8, wherein
The encryption device returns at least one of the information indicating the number of divisions n, the information indicating the data length of each block, and the information indicating the order of the blocks after the replacement in a response corresponding to the “encryption command”. And a cryptographic processing system. The cryptographic processing system according to claim 1,
The second data created by the encryption device in the “response corresponding to the encrypted command” returned as the first passive process or the “response corresponding to the return request command” returned as the second passive process is as follows. A cryptographic processing system characterized by including irrelevant dummy data. The cryptographic processing system according to any one of claims 1 to 11,
An encryption processing system characterized in that meaningless dummy data is included in a "reply request command" transmitted as a second active process by a data processing device. A data processing device which is a component of the cryptographic processing system according to claim 1. A program for causing a computer to function as the data processing device according to claim 13, and a computer-readable recording medium on which the program is recorded. An encryption device which is a component of the cryptographic processing system according to claim 1.

Images