JP2005051479A - Time limit encipherment/decipherment system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To facilitate operation by facilitating the operation at the third party organization and by simplifying the entire configuration of a time limit decipherment system. <P>SOLUTION: A time limit encipherment/decipherment system comprises: a means 1 generating a self-decompression-allowing compression file based on a cipher text enciphered by a common key and decipherment specification time; a memory medium 2 written the generated compression file and the key certificate 4 of the third party organization used in decipherment; and a means 3 verifying a digital signature attached to a present time certificate 5 issued by the third party organization, comparing the present time taken out from the present time certificate with the decipherment specification time stored on the self-decompression-allowing compression file read from the storage medium, and deciphering the encipher text by using the common key, provided that the decipherment specification time is not future beyond the present time. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

  The present invention relates to a time-limited encryption / decryption device that makes it difficult to decrypt encrypted data until a preset period elapses.

Conventionally, the following two proposals have been made when the encrypted data is not desired by anyone for a certain period of time.
1) Use a problem that is difficult to decode for a certain period in terms of computational complexity.
2) Entrust a certain period of information to a trusted third party (trusted agent) and entrust management for a certain period of time (Non-patent Document 1).

Method 1) is a method that roughly sets the time required for decryption from the fastest decryption method and computer computing power (including future computer development) using, for example, a known decryption method. is there.
The method 2) controls the time of decryption, for example, by depositing a key, algorithm, part of ciphertext, etc. in a trusted third party.
Numao, M., "Timed-Release Threshold Cryptosystem,"SCIS'99 Rivest, LR, Shamir, A., and Wagner, DA, "Time-lock puzzles and timed-release Crpto," MIT Technical Paper, 1996

In the above method 1), it is difficult to estimate the development of computing power, and it may happen that the ciphertext is decrypted within the assumed period, or that the decryption cannot be performed after the assumed period.
With the method 2), as the number of users increases, it becomes extremely difficult to manage data such as keys at a third party. Also, if you have a policy that you cannot fully trust a third party organization for key management etc., you must use the secret information distribution method by using multiple third party organizations ( Non-patent document 2).
Shamir, A. “How to share a secret”, Communications of the ACM, Vol. 22, pp. 612-613 November 1979

  An object of the present invention is to solve the above-described problems, and it is an object of the present invention to facilitate operation at a third-party organization, simplify the overall configuration of a time-decoding system, and facilitate operation.

  The present invention stores data necessary for decryption, a part of ciphertext, or the algorithm itself in a tamper-resistant medium such as an IC card and has a computing capacity, and stores some information from a third party. Confirmation enables decryption. The information from this third party is digitally signed or MAC (Message Authentication Code), and the information may be used after confirming the authenticity of the IC card, etc. The institution can restrict the information so that the decryption time can be restricted, or the third party can simply output the date and time information, and the IC card can restrict the decryption time. You may do it.

Since the information necessary for a third party to decrypt individual data can be reduced, the operation of the third party is facilitated.
Since it is not necessary to distribute secret information by a plurality of third party organizations, the configuration of the entire time-decryption system is simple and easy to operate.

Embodiments of the present invention will be described below.
FIG. 1 is a conceptual diagram illustrating an example of an encryption / decryption system according to the present invention.
On the message sender side, a personal computer (PC) 1 equipped with an encryption program is used to encrypt the message M to be kept secret. Encryption in the PC is performed by inputting a designated decryption time T ₁ (a date / time at which a secret message can be decrypted) and a key K, and encrypting with a well-known common key encryption method such as DES or RC5. Further, the ciphertext and the decryption designated time T ₁ are combined to create a compressed file in a format that allows self-decompression. Here, the ciphertext E _K (M, T ₁ ) of the compressed file is a ciphertext in which M is encrypted using the key K and cannot be decrypted until time T ₁ . Note that the key K stored in the IC card 2 may be read, or may be given by other methods.

  A compressed file in a format capable of self-decompression is written in the IC card 2. It may be stored in a normal PC external storage medium such as a hard disk or CDR. When the writing to the IC card or the external recording medium is finished, the ciphertext and the compressed file remaining on the memory are erased from the memory after the writing regardless of the success / failure of the writing. This erasing is performed by a method of filling the memory area with a specific value (such as zero).

  Also, the public key certificate 4 of the third party that is to be used for decryption is written in the IC card 2 from the PC 1. This writing area must be access controlled by a PIN or the like so that it cannot be accessed by anyone other than a valid cardholder.

  The self-extracting compressed file written in the IC card is read by the recipient's PC 3 and self-extracting to obtain a decrypted message M. At this time, the current time certificate 5 issued by a third party is required. That is, the digital signature of a third party attached to the current time certificate is verified to confirm the authenticity of the current time certificate. The public key of a third party necessary for digital signature verification is the one stored in the IC card.

If the authenticity of the current time certificate can be confirmed, the current time T (the time when the decryption of the confidential message is actually attempted) is extracted from the certificate, and T ₁ and T stored in the self-extracting compressed file are extracted. Compare
T ₁ > T (where> indicates that T ₁ is a time later than T)
If so, a decompression failure message is returned and the process ends.

If T ₁ is a time before the current time T, the memory K is decrypted using the key K and output. The key K may be read in advance stored in the IC card, or may be given by another method.

  FIG. 2 is a diagram for explaining a processing flow at the time of encryption.

Encryption program on a PC, the message M, the key K, the decoding designated time T ₁ uptake as an input (step S1), and encrypts the message M using the key K (step S2). Next, the created ciphertext and decryption designated time T ₁ are synthesized to create a compressed file in a format that can be self-extracted on the PC (step S3). Write in the IC card (step S4). When the writing to the IC card is finished, the ciphertext and the compressed file remaining on the memory are erased from the memory after the writing regardless of the success / failure of the writing (step S5). Next, the public key certificate of the third party that is to be used for decryption is written in the IC card (step S6).

FIG. 3 is a diagram illustrating a processing flow at the time of self-decompression.
A current time certificate issued by a third party is obtained (step S11), and the digital signature of the third party attached to the current time certificate is verified to confirm the authenticity of the current time certificate (step S12). ). It is determined whether or not the current time certificate is authentic (step S13). If the authenticity is confirmed, the current time T is extracted from the current time certificate, and T ₁ and T stored in the self-extracting compressed file are compared. (Step S14). Next, it is determined whether or not T ₁ <T. If the current time has passed the designated decryption time, the message M is decrypted and output using the key K (step S16). If the current time certificate is not authentic in step S13 or if T ₁ > T in step S15, a decompression failure message is returned and the process ends.

  In the above example, when the decryption program is composed of a time confirmation logic unit and a decryption logic unit, and the decryption program reads this data (ciphertext) and implements this system, the attacker will use the time confirmation logic. If only the copy is passed by some means, data that can be decrypted with only the key and ciphertext is expanded in the PC memory, just like a normal encryption program. If there was even a key, it could be decrypted. However, in the above example, since it is a self-extracting compressed file in which the time confirmation program logic, the decryption program logic, and the ciphertext are integrated, such an attack method becomes difficult.

  In the above example, self-decompression is performed on the PC at the time of decoding. However, a self-decompression program may be incorporated in the IC card and self-decompression may be performed in the IC card.

It is a conceptual diagram explaining the example of the system of this invention. It is a figure explaining the processing flow at the time of encryption. It is a figure explaining the processing flow at the time of decoding.

Explanation of symbols

1, 3 ... Pattern computer, 2 ... IC card, 4 ... Public key certificate, 5 ... Current time certificate.

Claims (3)

Means for generating a self-decompressible compressed file based on the ciphertext encrypted with the common key and the specified decryption time;
A storage medium in which the generated compressed file and the third party's key certificate used for decryption are written;
Verify the digital signature attached to the current time certificate issued by a third-party organization, extract the current time extracted from the current time certificate, and the specified decoding time stored in the self-extracting compressed file read from the storage medium And decrypting the ciphertext using a common key on the condition that the designated decryption time is not in the future than the current time;
Timed encryption / decryption system with 2. The timed encryption / decryption system according to claim 1, wherein the storage medium is an IC card. Means for generating a self-decompressible compressed file based on the ciphertext encrypted with the common key and the specified decryption time;
The generated compressed file and the key certificate of the third party organization used at the time of decryption are written, and consist of an IC card having a self-decompression means
The self-extracting means verifies the digital signature attached to the current time certificate issued by a third party, and extracts the current time extracted from the current time certificate and the decryption designation stored in the self-extracting compressed file. A time-based encryption / decryption system that compares a time and decrypts a ciphertext using a common key on the condition that the designated decryption time is not in the future from the current time.

Images