JP2010148022A - Cryptographic key management system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a system, method or the like capable of managing a key simply and rightly in a cryptographic system including transmitting encrypted information to a plurality of transmission destinations. <P>SOLUTION: In the cryptographic key management system, opposite-side specification information and key information are stored to be made correspond to each other, a key corresponding to the opposite-side specification information is encrypted by means of a master key, and is sent to a job system of a transmission source or a transmission destination, together with the opposite-side specification information. Further, the master key is encrypted and sent out. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention stores an encryption key management system and method when performing encrypted communication, an encrypted information transmission / reception system and method including the management system, a computer program for causing a computer to execute the method, and the computer program The present invention relates to a storage medium.

  Data is encrypted in order to ensure the confidentiality of data transmitted and received via computer communications and data stored in a storage medium such as a magnetic tape, various disks, and flash memory. Encryption schemes are broadly classified into common key cryptosystems and public key cryptosystems. The common key encryption method is an encryption method that is decrypted with the same key as the key used for encryption, and the public key encryption method is different from the key used for encryption (but specified as the key used for encryption). This is an encryption method that is decrypted with a key. Regardless of which encryption method is used, a system and method for key management are important.

  FIG. 1 illustrates the concept of encryption and decryption taking the case of using a common key cryptosystem as an example. The transmission source 10 encrypts a plaintext file 12a (file consisting of unencrypted information) of data such as a document to be transmitted 16a using a computer program for encryption, and encrypts the file 18 (encryption). File that contains generalized information). At the time of encryption, encryption is performed using specific data called a key 14, and this is different even when encryption is performed using the same procedure (computer program) by changing the key. This is to execute the conversion. In FIG. 1, a character string or a hexadecimal number “12345567890ABCDEF” is illustrated as a key.

  The encrypted file 18 is transmitted to a transmission destination by communication means, or is written on a medium and the medium is delivered to the transmission destination 20. At the transmission destination 20, the encrypted file 18 is decrypted 16b using the same key 14 used for encryption to obtain a plain text file 12b. The plaintext file 12b is the same as the original plaintext file 12a sent from the transmission source 10 after being encrypted. In this procedure, in order for the transmission destination 20 to perform decryption, it is necessary for the transmission source 10 to know the key 14 used for encryption. Usually notified in advance by another communication means such as a fax.

  FIG. 2 is a conceptual diagram for explaining a problem in the conventional encryption communication performed in the above procedure. The transmission source that performs cryptographic communication normally performs cryptographic communication with a plurality of transmission destinations, for example, A bank 40, B life insurance 41, C bank 42, and D printing 43, and uses a different key 44 for each transmission destination. The encrypted file 48 encrypted by using it is transmitted. Further, since it is not preferable in terms of security to use the same key for a long period of time, it is generally renewed for a fixed period or an indefinite period. Furthermore, even for the same business partner, a different key 44 may be used depending on the department or business content. Therefore, it is a very complicated task to appropriately (without making a mistake) recording and using the key 44 that is different for each destination, date, and business content. This complexity is also the same at the destination that receives the encrypted communication.

Japanese Patent Laid-Open No. 11-27252 (Patent Document 1) has made a proposal for managing keys related to encryption. The invention described in the publication relates to an encryption key management system used when secret information needs to be disclosed at a specific date and time in public key encryption communication. Distributing the date and time of publication to the destination, the decryption key management device stores the encryption key in association with the specified date and time, and distributes the decryption key when the specified date and time of arrival is reached It is.
JP-A-11-27252

  The invention described in Patent Document 1 can save a certain amount of labor in that the decryption key is distributed when the release date is reached, but differs depending on the above-described problems, that is, transmission destination, date, and business content. It does not reduce the burden on the manager who uses the key 44 appropriately (without making a mistake).

  In view of the above points, the present invention is a system that can perform key management simply, safely, and definitely without fail in an encryption system that mainly includes transmitting encrypted information to a plurality of destinations. The purpose is to provide a method and the like.

  The present invention stores the partner identification information and key information in association with each other, and encrypts the key associated with the partner identification information with a master key for the transmission source or transmission destination business system. Provided is an encryption key management system that is transmitted together with partner identification information.

  The partner identification information is information that can identify an encrypted key. For example, a person who transmits and receives encrypted information such as a communication partner, a partner department, and a business type. However, it is preferable that the information is specifically grasped at the time of transmission / reception. It may be something like a project name, a project member name, or a communication type. The “key” is a key for encrypting or decrypting a communication text generally called plain text. In the case of the common key cryptosystem, the encryption key and the decryption key are the same. In the case of the public key cryptosystem, both have a certain relationship but are different. The transmission source and the transmission destination are the transmission side that performs encryption and the side that decrypts the encrypted information as far as the target transmission is concerned. The original may be the destination for other cryptographic communications.

  The business system is a computer system installed on the transmission side or the reception side in order to perform encryption and decryption (decryption). Corresponding means that the key can be searched based on the partner identification information, for example, when the partner identification information and the key are described in a predetermined position in the same record, etc. However, it is not limited to this. In this specification, information including a key encrypted by a master key and partner identification information sent from the encryption key management system is referred to as a linkage file. The master key means a key used for key encryption. The encryption of a key by a master key (hereinafter simply described as “key” means a key for encrypting or decrypting a communication message) is performed by, for example, exclusive logic between the master key and the key. It may be relatively simple such as encryption by taking the sum, or may be advanced such as AES or RSA. The master key may be updated frequently, or may be unique in the encryption key management system and not changed from the time of initial registration.

  Encrypting a key with a master key and sending it together with the partner identification information means that the transmitted information includes the key encrypted with the master key and the partner identification information. The partner identification information may be separately encrypted. However, it is convenient for handling that the original information can be extracted relatively easily like exclusive OR with a fixed master key. The partner identification information may be sent in an unencrypted state.

  Since the information sent by the encryption key management system includes the partner identification information, the side receiving the information uses the partner identification information as a clue, for example, the communication partner, partner It is possible to specify the transmitted key (key encrypted by the master key) by designating the department and the business type. Furthermore, if the master key is known or has been received, the key encrypted using the master key can be decrypted to obtain the key, which can be used for encryption or decryption. That is, since a person who transmits / receives encrypted information can acquire a key based on information that is specifically grasped at the time of transmission / reception, a search operation from the key information list (the list is The key value for each destination specific information is described and is frequently updated for safety).

  The encryption key management system preferably further encrypts the master key and sends it out. At this time, the encryption of the master key is preferably a unique value (at least a value that does not change frequently) for the communication specified by the partner specifying information. A simple encryption method such as encryption by exclusive OR of a value unique to the encryption key management system and the master key is convenient for reducing the complexity associated with the decryption of the master key.

  According to the above configuration, since the master key can also be received from the encryption key management system, the business system operator who performs encryption or decryption stores and saves the encryption key and uses it without mistake for each case. It is freed from the complexity.

  Furthermore, the present invention further specifies an encrypted key based on the destination identification information using the received cooperation file, decrypts the identified key using the master key, and decrypts the key A subsystem that activates a business system that encrypts plaintext or decrypts ciphertext using a key can be included.

  The destination identification information includes at least one of information identifying a transmission source, information identifying a transmission source department, information identifying a transmission destination, information identifying a transmission destination department, and information identifying business contents. Preferably one is included.

  When a key is set for a source / destination pair (the same key is used for the same source / destination combination, except for key updates over time) The destination identification information preferably includes information for identifying the transmission source and information for identifying the transmission destination.

  The encryption with the master key may be performed by a common key encryption method. When the common key cryptosystem is used, if the master key used for key encryption is acquired, the key can be obtained by directly using the master key. The encryption using the master key may be based on a public key encryption method. In this case, if the side receiving the key information from the encryption key management system passes the master key as a public key to the encryption key management system (it is not always necessary to disclose the master key to a third party). Even when the master key is acquired by a third party, since the key cannot be acquired by anyone other than the side receiving the key information, the security of communication is further increased.

In addition to the above encryption key management system, the present invention further includes:
An encrypted key is specified based on the destination specifying information, the specified key is decrypted using the master key, a plaintext is encrypted using the decrypted key, and the destination specifying information is Sending business system that sends out as an encrypted file in addition to plain text,
Receiving an encrypted file, identifying an encrypted key based on the destination identification information, decrypting the identified key using the master key, and decrypting the encrypted file using the decrypted key An encrypted information transmission / reception system including a receiving business system is presented.

  Plain text is a communication text that is not encrypted. In the encrypted information transmission / reception system, since the operators of the transmission-side business system and the reception-side business system can each encrypt and decrypt if the other party identification information is specified, the confidentiality of the key and the simple operation. Sex can be made compatible.

  The present invention further stores destination identification information and key information in association with each other, and encrypts the key associated with the destination identification information with a master key for a transmission source or transmission destination business system. Thus, an encryption key management method is provided that is transmitted together with the destination identification information.

  According to the above method, since it is possible to search for a key based on the destination identification information, the key manager of the key management system has the effort to manage the key on the receiving side of the transmitted information for each destination identification information. Is significantly reduced.

Further, on the transmission side, the encrypted key is identified based on the destination identification information, the identified key is decrypted using the master key, and the plaintext is encrypted using the decrypted key, Add the destination specific information in plain text to create and send an encrypted file,
On the receiving side, the encrypted file is received, the encrypted key is specified based on the destination identification information, the specified key is decrypted using the master key, and the decrypted key is used to decrypt the specified key. Provided is an encrypted information transmission / reception method for decrypting an encrypted file.

  The present invention also provides a computer program that causes the encryption key management system to execute the encryption key management method, a computer program that causes the encryption key management system, the transmission-side business system, and the reception-side business system to execute the encryption information transmission / reception method, Provides a computer-readable storage medium storing the computer program.

  Hereinafter, the present invention will be described based on examples. However, the examples illustrate specific modes for facilitating understanding of the invention, and the present invention is not limited to the examples described below. Needless to say, it is not limited.

  FIG. 3 schematically shows a flow of receiving a key from the encryption key management system by the transmission side or reception side operator and each business system based on one embodiment of the present invention. The encryption key management system 100 has a key management database 120 and a key management server 110 that accesses the key management database 120 and reads / writes information, and is managed by a system administrator 130.

  The encryption key manager 135 actually includes key managers 135a, 135b, and 135c for a plurality of tasks (tasks A, B, and C), and the encryption key differs for each task. When a new encryption key is set, the encryption key manager 135 registers the key in the key management database 120 and sends encryption key notifications 220a, 220b, 220c describing the encryption key to the other party. Or send. The same applies to key change, deletion, inquiry, and output.

  The linkage file 410 and the master key file 400 are output from the encryption key management system 100 in advance by batch processing and sent to the business system (see FIGS. 4 and 5). FIG. 4 shows a flow in which the linkage file 410 is sent from the encryption key management system 100 to each transmission source business system 200. FIG. 5 shows the linkage file 410 sent from the encryption key management system 100 to each destination. The flow sent to the business system 300 is shown. In this case, it is preferable that the master key is not the same between the business systems 200 and 300. In each of the business systems 200 and 300, the business operators 210 and 310 perform encryption processing by starting a command. The command includes destination identification information (for example, a communication destination, a destination department, and a business type) that can specify an encrypted key. The encryption management system 100 creates a linkage file including partner identification information and encrypted key information in response to batch processing or output from the encryption key manager, and the transmission source to which the requested business operator 210 belongs The linkage file 410 is sent to the business system 200. The encryption key manager may transmit the cooperation file 410 to the transmission source business system 200 to which the business operator 210 belongs. Further, when each business system 200, 300 is a business system of the other party, and the other party uses another encryption key management system, the encryption key management system 100 uses the other party's encryption key management system. You can also send linked files to.

  As described above, a plurality of business systems are connected to the cryptographic management system 100, and one of the features of this cryptographic management system is to appropriately handle a plurality of cryptographic keys for the plurality of business systems. For convenience of explanation, data exchange between one business system and a cryptographic management system will be described.

  FIG. 4 is a conceptual diagram showing key transmission from the encryption key management system to the transmission source business system 200 that performs encryption and sends out an encrypted file. The encryption key management system 100 stores key information 140 and a master key 150, and can transmit these pieces of information. At this time, with respect to the master key 150, an exclusive OR of the value inherent in the encryption key management system 100 and the value of the master key 150 is calculated and transferred as the master key file 400. By this operation, safety can be ensured as compared with the delivery of the master key 150 itself, and the master key 150 is acquired by calculating the exclusive value and the unique value on the business system side. Therefore, the calculation burden is small.

  On the other hand, the key information is, for example, AES encrypted with the master key 150, and sent as one record together with the partner identification information as the linkage file 410. In this case, the creation date, time, etc. may be written separately in the header record of the linked file. The master key file 400 and the linkage file 410 may be continuous files, or may be independent files as long as each of them has destination identification information.

  In the business system that has received the master key file 400 and the linkage file 410, one is identified based on the partner identification information from the key information of the linkage file, and the encryption key management system inherently has the master key file 400. The master key 150 is obtained by the exclusive OR operation of the value and the master key file 400, and the key to be used for encryption is obtained by using the master key 150 to decrypt the AES encrypted key included in the cooperation file. To do. Next, the plaintext to be transmitted is encrypted using the key, and the partner identification information is written in the header and transmitted to the transmission destination.

  FIG. 5 is a conceptual diagram illustrating a flow in which the destination business system 300 that has received the encryption file 260 acquires key information from the encryption key management system 100 and decrypts the encryption file 260. Upon receiving the encrypted file 260, the transmission destination business system 300 reads the partner identification information from the header portion, and acquires the key from the master key file and the cooperation file sent in advance.

  In the transmission destination business system 300, the master key is acquired from the master key file 400 by the same procedure as that of the transmission source business system 200, and the key is acquired from the cooperation file 410 using the master key. Thereafter, the encrypted file is decrypted using the key to obtain a plain text file 360.

  FIG. 6 shows a flow of creating the master key database 150 and the key information database 140 in the encryption key management system 100. The master key is input by the system administrator 130, and the key information is input by the key administrator 135. However, the key information may be issued on the encryption key management system 100 side and communicated to the other party.

  FIG. 7 is a flowchart showing a procedure until the master key file 400 and the linkage file 410 are issued in the encryption key management system 100. Based on the batch processing or the output instruction from the key manager, the encryption key management system 100 extracts the master key from the key information database 402, converts the value by exclusive OR with the system specific value 404, and converts the converted master. The key is transmitted as a master key file 400. Of course, if the master key has the same value regardless of the partner identification information, it is not necessary to extract the master key based on the partner identification information. On the other hand, for the encryption key, the encryption key is extracted from the encryption key database 413 according to the encryption key extraction condition set by the corresponding key administrator, and AES is encrypted using the master key and written 416. In the cooperation file 410, the partner identification information is described in plain text.

  FIG. 8 is a flowchart showing an example of a transmission-source business system as a processing flow in the business system. First, the master key file 400 is inversely converted (exclusive logical operation) with a system specific value to obtain a master key 236, a plaintext file 250 is obtained, and this is encrypted with the key to create an encrypted file 260. To do. At this time, the partner identification information is written in the header.

  It is set according to the processing flow as described above, and is set for each communication partner, partner department, business type, or project name, project member name, communication type (that is, partner identification information), and necessary. Accordingly, it is possible to transmit the encrypted file and exchange the medium by reliably using the key updated in accordance with the above.

Diagram explaining the concept of encryption and decryption when using the common key cryptosystem Conceptual diagram for explaining problems in transmission and media exchange of encrypted files using conventional common key cryptography The figure which showed typically the flow which the encryption key manager of the transmission side based on one Example of this invention and each business system receives a key from an encryption key management system. Schematic diagram showing the key transmission from the encryption key management system to the business system that encrypts and sends out the encrypted file Conceptual diagram explaining the flow in which the destination business system that receives the encrypted file acquires the key information from the encryption key management system and decrypts the encrypted file Flow diagram showing the flow of creating a master key database and key information database in an encryption key management system Flow chart showing the procedure until the master key file and linkage file are issued in the encryption key management system Flow diagram showing the flow of processing in the business system, taking the business system of the sender as an example

Explanation of symbols

DESCRIPTION OF SYMBOLS 10 Source 14 Encryption key 20 Destination 30 Encryption key notice 100 Encryption key management system 130 System administrator 135 Key administrator 140 Key information 150 Master key 200 Source business system 210 Business operator 250 Plain text file 260 Encryption file 300 Transmission Predecessor system 340 decryption software
360 Plain text file 400 Master key file 410 Linked file

Claims (12)

  The partner identification information and the key information are stored in association with each other, and a key associated with the partner identification information is encrypted with a master key for the transmission source or the destination business system. An encryption key management system that is sent together.   Furthermore, the encryption key management system according to claim 1, wherein the master key is encrypted and transmitted.   Use a different master key for the source and destination, include the key encrypted with the master key in the link file, and include the link file with the master key used for key encryption. The encryption key management system according to claim 1, which is transmitted to a business system.   Further, using the received cooperation file, the encrypted key is identified based on the destination identification information, the identified key is decrypted using the master key, and the decrypted key is used, The encryption key management system according to claim 3, further comprising a subsystem that activates a business system that encrypts plaintext or decrypts ciphertext.   The destination identification information includes at least one of information identifying a transmission source, information identifying a transmission source department, information identifying a transmission destination, information identifying a transmission destination department, and information identifying business contents. The encryption key management system according to claim 1, wherein one is included.   6. The encryption key management system according to claim 1, wherein the encryption with the master key is performed by a common key encryption method. In addition to the encryption key management system according to any one of claims 1 to 6,
An encrypted key is specified based on the destination specifying information, the specified key is decrypted using the master key, a plaintext is encrypted using the decrypted key, and the destination specifying information is Sending business system that sends out as an encrypted file in addition to plain text,
Receiving an encrypted file, identifying an encrypted key based on the destination identification information, decrypting the identified key using the master key, and decrypting the encrypted file using the decrypted key An encrypted information transmission / reception system including a receiving business system.   The partner identification information and the key information are stored in association with each other, and a key associated with the partner identification information is encrypted with a master key for the transmission source or the destination business system. Encryption key management method to be sent together. Further, on the transmission side, the encrypted key is identified based on the destination identification information, the identified key is decrypted using the master key, and the plaintext is encrypted using the decrypted key, Add the destination specific information in plain text to create and send an encrypted file,
On the receiving side, the encrypted file is received, the encrypted key is specified based on the destination identification information, the specified key is decrypted using the master key, and the decrypted key is used to decrypt the specified key. Encrypted information transmission / reception method for decrypting encrypted files.   A computer program for causing an encryption key management system to execute the encryption key management method according to claim 8.   A computer program that causes an encryption key management system, a transmission-side business system, and a reception-side business system to execute the method according to claim 9.   A computer-readable storage medium storing the computer program according to claim 10 or 11.

Images