JP2012175187A - Key managing apparatus, encryption processing system, computer program, and key managing method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To facilitate updating of a key as well as preventing a key for use in encryption processing from being leaked.SOLUTION: A key-and-password generating management apparatus 100 creates password information for generation and management of a key to be used by a business application apparatus 500. A key storing apparatus 200 controls accessing of key information held therein by a password. A password storing apparatus 300 controls accessing of the password information held therein by the password. The key-and-password generating management apparatus 100 creates a key storing password from call information (such as a call stack) of the business application apparatus 500, in which it is difficult for even a manager or developer to obtain the call information, and from the password information, which is input by the manager. The key-and-password generating management apparatus 100 creates a password storing password from the created key information.

Description

  The present invention relates to a key management device that manages keys used for cryptographic processing.

  The key management method in the application program includes, for example, a method in which the key cannot be read from the outside by embedding the key in the application program (hard coding), or data embedded in the application program And a management password input by the administrator are combined to generate a key. In addition, there is a method in which a key is managed by a key management device that manages the key, and the key is accessed using a password. For example, the password may be entered by an administrator, embedded in an application program, or written in an external file and read by an application program.

JP 2003-304237 A

In the method of embedding a key in an application program, the key cannot be updated unless the application program itself is updated. Moreover, since the application program developer knows the key, there is a possibility of information leakage due to an internal crime.
The method of generating a key by combining the data embedded in the application program and the management password can update the key by changing the management password, but the management password known by the administrator leaks, etc. When a developer who knows knows the management password, there is a possibility of information leakage.
In the case where the key management device manages the key, there is a possibility that the key is read from the key management device if the administrator or developer knows the password.

  The present invention has been made, for example, in order to solve the above-described problems, and an object thereof is to easily update a key and prevent leakage of the key.

A key management device according to the present invention includes a storage device that stores data, a processing device that processes data, a key storage unit, an acquisition request input unit, a key password calculation unit, a key acquisition unit, and a new key generation A key registration unit, a key output unit, an update request input unit, an update key generation unit, a key update unit, and an update key output unit,
The key storage unit uses the storage device to store a key used for cryptographic processing and a key password for accessing the key,
The acquisition request input unit uses the processing device to input a management password used for managing a key to be acquired,
The key password calculation unit calculates the key password based on the management password input by the acquisition request input unit using the processing device,
The key acquisition unit acquires the key stored in the key storage unit using the processing device when the key password calculated by the key password calculation unit matches the key password stored in the key storage unit. And
The new key generation unit generates a key using the processing device when the key password calculated by the key password calculation unit does not match the key password stored by the key storage unit,
When the key password calculated by the key password calculation unit does not match the key password stored by the key storage unit, the key registration unit uses the processing device to generate the key generated by the new key generation unit. The key password calculated by the key password calculation unit is stored in the key storage unit,
The key output unit outputs the key acquired by the key acquisition unit using the processing device when the key password calculated by the key password calculation unit matches the key password stored by the key storage unit. When the key password calculated by the key password calculation unit does not match the key password stored by the key storage unit, the processing device is used to output the key generated by the new key generation unit,
The update request input unit inputs a key to be updated using the processing device,
The update key generation unit generates a key using the processing device when the key input by the update request input unit matches the key stored by the key storage unit,
When the key input by the update request input unit matches the key stored by the key storage unit, the key update unit uses the processing device to replace the key stored by the key storage unit, Storing the key generated by the update key generation unit in the key storage unit;
The update key output unit outputs the key generated by the update key generation unit using the processing device when the key input by the update request input unit matches the key stored in the key storage unit. It is characterized by doing.

  According to the key management device according to the present invention, the key can be easily updated and the leakage of the key can be prevented.

1 is a system configuration diagram illustrating an example of an overall configuration of a cryptographic processing system 800 according to Embodiment 1. FIG. FIG. 3 is a perspective view showing an example of the appearance of the key management device 10, the encryption / decryption device 400, the business application device 500, and the client application device 600 in the first embodiment. 2 is a diagram illustrating an example of hardware resources of a key management apparatus 10, an encryption / decryption apparatus 400, a business application apparatus 500, and a client application apparatus 600 according to Embodiment 1. FIG. FIG. 3 is a sequence diagram illustrating an example of an initial processing flow of the cryptographic processing system 800 according to the first embodiment. FIG. 6 shows an example of a key store password creation procedure in the first embodiment. FIG. 5 is a diagram showing an example of creating a key store password in the first embodiment. FIG. 6 is a diagram illustrating an example of a procedure for creating a password store password in the first embodiment. FIG. 5 is a diagram showing an example of creating a password store password in the first embodiment. FIG. 3 is a sequence diagram illustrating an example of a processing flow when the cryptographic processing system 800 according to the first embodiment is restarted. FIG. 4 is a sequence diagram illustrating an example of a processing flow when updating a key in the cryptographic processing system 800 according to the first embodiment. FIG. 6 is a block configuration diagram illustrating an example of a functional block configuration of a cryptographic processing system 800 according to a second embodiment. The flowchart figure which shows an example of the flow of a process of the encryption processing system 800 in Embodiment 2 whole. The flowchart figure which shows an example of the detailed flow of a process of the key management apparatus 10 in Embodiment 2. FIG. FIG. 10 is a flowchart showing an example of a detailed flow of processing of the execution device 501 in the second embodiment. FIG. 10 is a block configuration diagram illustrating an example of a functional block configuration of a cryptographic processing system 800 according to a third embodiment. FIG. 10 is a flowchart showing an example of a processing flow of the entire cryptographic processing system 800 according to the third embodiment. FIG. 10 is a flowchart showing an example of a detailed flow of processing of the key management apparatus 10 in the third embodiment. FIG. 10 is a flowchart showing an example of a detailed flow of processing of the execution device 501 in the third embodiment.

Embodiment 1 FIG.
The first embodiment will be described with reference to FIGS.

FIG. 1 is a system configuration diagram showing an example of the overall configuration of the cryptographic processing system 800 in this embodiment.
The cryptographic processing system 800 is an example of a system that uses the key management method in this embodiment.
The cryptographic processing system 800 includes a key management device 10, a business application device 500, an encryption / decryption device 400, and a client application device 600.

  The key management apparatus 10 manages keys used by the business application apparatus 500 for encryption processing. The key management device 10 includes a key / password generation management device 100, a key store device 200, and a password store device 300. The key management device 10 is connected to an external business application device 500 via an API (Application Programming Interface), a network, or the like.

The business application device 500 (execution device) is a device that executes a business application. There may be a configuration in which there are a plurality of business application devices 500 for one key management device 10, or a configuration in which one business application device 500 executes a plurality of business applications.
The business application apparatus 500 acquires password information from an administrator or a definition file. The business application apparatus 500 (acquisition request unit) requests the key management apparatus 10 to acquire a key for performing encryption / decryption of information using the passed password information. The business application device 500 passes the encryption / decryption key acquired from the key / password generation management device 100 to the encryption / decryption device 400 when extending the processing request from the client application device 600 or performing other processing. Request processing.
The encryption / decryption device 400 (encryption processing unit) performs encryption processing such as encryption / decryption of information using the key received from the business application device 500 in response to a request from the business application device 500.

The key store device 200 (order storage unit) stores a key. The key store device 200 is, for example, a file that holds key information, a hardware device, or the like. In order to access the key stored in the key store device 200, a key store password (key password) is required. When storing the key, the key store device 200 (sequential storage unit) stores the key store password of the key together with the key. The key store device 200 (key registration unit, key acquisition unit) performs access control for registration / acquisition / update / deletion of key information managed therein by a key store password. For example, the key store device 200 (key acquisition unit) inputs the key store password together with the stored key read request, and returns the key only when the input key store password matches the stored key store password.
The password store device 300 (reverse storage unit) stores a key store password. The password store device 300 is, for example, a file that holds password information, a hardware device, or the like. In order to access the key store password stored in the password store device 300, a password store password (reverse password) is required. When storing the key store password, the password store device 300 (reverse storage unit) stores the password store password of the key store password together with the key store password. The password store device 300 (password registration unit, password acquisition unit) performs access control for registration / acquisition / update / deletion of password information managed internally by the password store / password. For example, the password store device 300 (password acquisition unit) inputs the password store password together with the read request for the stored key store password, and only when the input password store password matches the stored password store password. return it.

The key / password generation management apparatus 100 acquires a key from the key store apparatus 200 in response to a key acquisition request from the business application apparatus 500. When there is no key in the key store device 200, the key / password generation management device 100 newly generates a key and registers the generated key in the key store device 200. The key / password generation management device 100 returns the acquired or generated key to the business application device 500.
The key / password generation management device 100 generates a key store password based on the call information and password information of the business application device 500 and accesses the key store device 200. Further, the key / password generation management device 100 generates a password store password based on the key information, and accesses the password store device 300.

FIG. 2 is a perspective view showing an example of the appearance of the key management device 10, the encryption / decryption device 400, the business application device 500, and the client application device 600 in this embodiment.
The key management device 10, the encryption / decryption device 400, the business application device 500, and the client application device 600 are a system unit 910, a display device 901 having a CRT (Cathode / Ray / Tube) or LCD (liquid crystal) display screen, a keyboard. 902 (Key / Board: K / B), mouse 903, FDD904 (Flexible / Disk / Drive), compact disk device 905 (CDD), printer device 906, scanner device 907, etc. Connected with signal lines.
The system unit 910 is a computer, and is connected to the facsimile machine 932 and the telephone 931 via a cable, and is connected to the Internet 940 via a local area network 942 (LAN) and a gateway 941.
The above configuration is an example. The key management device 10 or the like may have a minimum configuration that does not include an output device such as the printer device 906 or the facsimile machine 932. Information leakage can be prevented by using a minimum configuration without unnecessary output devices.

FIG. 3 is a diagram illustrating an example of hardware resources of the key management apparatus 10, the encryption / decryption apparatus 400, the business application apparatus 500, and the client application apparatus 600 in this embodiment.
The key management device 10, encryption / decryption device 400, business application device 500, and client application device 600 are a CPU 911 (Central Processing Unit, Central Processing Unit, Processing Unit, Arithmetic Unit, Microprocessor, Microcomputer that executes a program. , Also referred to as a processor). The CPU 911 is connected to a ROM 913, a RAM 914, a communication device 915, a display device 901, a keyboard 902, a mouse 903, an FDD 904, a CDD 905, a printer device 906, a scanner device 907, and a magnetic disk device 920 via a bus 912, and the hardware thereof. Control the device. Instead of the magnetic disk device 920, a storage device such as an optical disk device or a memory card read / write device may be used.
The RAM 914 is an example of a volatile memory. The storage media of the ROM 913, the FDD 904, the CDD 905, and the magnetic disk device 920 are an example of a nonvolatile memory. These are examples of a storage device or a storage unit. A communication device 915, a keyboard 902, a scanner device 907, an FDD 904, a CDD 905, and the like are examples of an input unit and an input device.
Further, the communication device 915, the display device 901, the printer device 906, and the like are examples of an output unit and an output device.

The communication device 915 is connected to a facsimile machine 932, a telephone 931, a LAN 942, and the like. The communication device 915 is not limited to the LAN 942, and may be connected to the Internet 940, a WAN (wide area network) such as ISDN, or the like. When connected to a WAN such as the Internet 940 or ISDN, the gateway 941 is unnecessary.
The magnetic disk device 920 stores an operating system 921 (OS), a window system 922, a program group 923, and a file group 924. The programs in the program group 923 are executed by the CPU 911, the operating system 921, and the window system 922.

The program group 923 stores programs that execute functions described as “˜units” in the description of the embodiments described below. The program is read and executed by the CPU 911.
The file group 924 includes information, data, signal values, variable values, and parameters that are described as “determination results of”, “calculation results of”, and “processing results of” in the description of the embodiments described below. Is stored in a nonvolatile memory such as the magnetic disk device 920 as each item of “˜file” and “˜database”, or temporarily stored in a volatile memory such as the RAM 914. Information, data, signal values, variable values, and parameters stored in a storage medium such as a disk or memory are read out to the main memory or cache memory by the CPU 911 via a read / write circuit, and extracted, searched, referenced, compared, and calculated. Used for CPU operations such as calculation, processing, output, printing, and display. Information, data, signal values, variable values, and parameters are temporarily stored in the main memory, cache memory, and buffer memory during the CPU operations of extraction, search, reference, comparison, operation, calculation, processing, output, printing, and display. Is remembered.
In addition, the arrows in the flowcharts described in the following description of the embodiments mainly indicate input / output of data and signals. The data and signal values are the RAM 914 memory, the FDD 904 flexible disk, the CDD 905 compact disk, and the magnetic field. The data is recorded on a recording medium such as a magnetic disk of the disk device 920, another optical disk, a mini disk, and a DVD (Digital Versatile Disk). Data and signals are transmitted online via a bus 912, signal lines, cables, or other transmission media.

  In the description of the embodiments described below, what is described as “to part” may be “to circuit”, “to device”, and “to device”, and “to step” and “to”. “Procedure” and “˜Process” may be used. That is, what is described as “˜unit” may be realized by firmware stored in the ROM 913. Alternatively, it may be implemented only by software, or only by hardware such as elements, devices, substrates, and wirings, by a combination of software and hardware, or by a combination of firmware. Firmware and software are stored as programs in a recording medium such as a magnetic disk, a flexible disk, an optical disk, a compact disk, a mini disk, and a DVD. The program is read by the CPU 911 and executed by the CPU 911. That is, the program causes the computer to function as “to part” described below. Alternatively, the procedure or method of “to part” described below is executed by a computer.

  FIG. 4 is a sequence diagram showing an example of the initial processing flow of the cryptographic processing system 800 according to this embodiment.

In “1: password setting”, the business application apparatus 500 (acquisition request unit) acquires password information from an administrator or a definition file.
In “1.1: Key acquisition request”, the business application apparatus 500 (acquisition request unit) makes a key acquisition request to the key / password generation management apparatus 100 using the acquired password information. At this time, the business application device 500 passes the call stack information as call information (context) to the key / password generation management device 100 together with the password information.
In “1.1.1: Key store password generation”, the key / password generation management device 100 (key password calculation unit) is based on the call information (call stack or the like) from the business application device 500 and the password information. , Calculate the keystore password.

  In “1.1.2: Key acquisition request”, the key / password generation management device 100 (password calculation unit) uses the generated key store password to the key store device 200 (key acquisition unit). Make an acquisition request. The key / password generation management device 100 notifies the key store device 200 of the key store password. Note that the key / password generation management device 100 may be configured to notify the key store device 200 of, for example, an alias name in addition to the key store password. The alias name is data for distinguishing business applications when there are a plurality of business applications for which one key management apparatus 10 manages keys. The key / password generation management device 100 notifies the key store device 200 of, for example, a parameter passed from a business application or a value generated from call information by the key password generation management device as an alias name.

When the key is not registered in the key store device 200 (sequential storage unit) such as at the first activation, the key store device 200 (key acquisition unit) fails to acquire the key from the key / password generation management device 100. Notify you. In this case, in “1.1.3: Key generation”, the key / password generation management device 100 (new key generation unit) newly generates a key.
The key / password generation management device 100 (new key generation unit) generates a key according to parameters such as a key algorithm and a key length. For example, the key / password generation management device 100 may be configured to read a parameter stored in a setting file or the like to generate a key, or to generate a key using a parameter specified by a business application It may be.

  In “1.1.4: Key registration request”, the key / password generation management device 100 (key registration unit) uses the generated key store password to generate the key store device 200 (sequential storage unit). ). Thereafter, in order to access this key information, the key store password set at the time of registration is required.

In “1.1.5: Password store password generation”, the key / password generation management device 100 (reverse password calculation unit) calculates the password store password by encoding the generated key information. .
In “1.1.6: Password registration request”, the key / password generation management device 100 (password registration unit) uses the generated password store / password to the password store device 300 (reverse storage unit). Register the store password.

After this processing, the key / password generation management device 100 (key output unit) returns the generated key to the business application device 500 as a result of the key acquisition request.
The business application device 500 (encryption key storage unit) receives the returned key and holds it in the on-memory (volatile storage device).

  In “2: processing request”, the client application device 600 requests the business application device 500 to perform processing. The business application device 500 notifies the encryption / decryption device 400 (encryption processing unit) of the plain text and the key held in the on-memory when the encryption processing is necessary for executing the requested processing. Request encryption. The encryption / decryption device 400 encrypts the plaintext using the notified key and returns the ciphertext.

  In “3: processing request”, the client application device 600 requests the business application device 500 to perform processing. The business application device 500 notifies the encryption / decryption device 400 (encryption processing unit) of the ciphertext and the key held in the on-memory when the decryption processing is necessary for executing the requested processing. And request decryption. The encryption / decryption device 400 decrypts the ciphertext using the notified key and returns the decrypted plaintext.

FIG. 5 is a diagram showing an example of a procedure for creating a key store password in this embodiment.
For example, the key / password generation management device 100 (acquisition request input unit) receives the password 701 and the call information 702 (call stack) from the business application device 500. The key / password generation management device 100 (key password calculation unit) creates information (concatenated data 703) by concatenating the received password 701 and the call information 702. The key / password generation management device 100 (key password calculation unit) converts the created information into a character string or the like (key store password 705) that can be used as a key store password using a one-way function. For example, the key / password generation management device 100 (key password calculation unit) takes a hash value for the concatenated value, performs encoding such as Base64 encoding, and sets the result as a key store password.

FIG. 6 is a diagram showing an example of creating a key store password in this embodiment.
For example, the administrator inputs the password 701 into the business application apparatus 500.
For example, the business application apparatus 500 calls the key acquisition request method of the key management object provided by the key / password generation management apparatus 100 using the password 701 as an argument. At this time, not only the password 701 as an argument but also the call information 702 is passed to the business application apparatus 500.
The call information 702 (call stack) is data representing, for example, in what order the methods of the objects provided by the business application apparatus 500 are called. For example, in the call information 702 shown in this figure, the method “main” of the class “jp.co.mitsubishielectric.key.App” is the 18th line of the source code “App.java”, and the class “jp.co. This means that the method “initialize” of “mitsubishielectric.key.App” is called. Further, in the call information 702 shown in this figure, the called method “initialize” is the 27th line of the source code “App.java”, and the method “class.jp.co.mithielectricity.key.KeyManager” of the method “ "getKeyPair" is called. As described above, the call information 702 is automatically generated by a program executed by the business application apparatus 500, and is unique data determined by the structure of the program. It cannot be set arbitrarily. If the business application device 500 or another program executed by another device calls the key acquisition request method, different call information 702 is passed to the key / password generation management device 100.
The concatenated data 703 is data generated by concatenating the password 701 and the call information 702 by the key / password generation management device 100. For example, the key / password generation management device 100 combines the character string data representing the call information 702 with the character string data representing the password 701 to generate the concatenated data 703.
The hash value 704 is a hash value (hexadecimal notation) calculated by hashing the concatenated data 703 by the key / password generation management device 100.
The key store password 705 is character string data obtained by encoding the hash value 704 by the key / password generation management device 100.

FIG. 7 is a diagram showing an example of a procedure for creating a password store password in this embodiment.
For example, the key / password generation management device 100 (reverse password calculation unit) generates a hash value for the key 706 using a one-way function. The key / password generation management device 100 (reverse password calculation unit) converts the result into a character string that can be used as the password store password 708 by performing Base64 encoding on the result.

FIG. 8 is a diagram showing an example of creating a password store password in this embodiment.
The key 706 is, for example, an RSA (registered trademark) private key (in hexadecimal notation). The key / password generation management device 100 generates the key 706.
The hash value 707 is a hash value (hexadecimal notation) calculated by hashing the key 706 by the key / password generation management device 100.
The password store password 708 is character string data obtained by encoding the hash value 707 by the key / password generation management device 100.

FIG. 9 is a sequence diagram showing an example of the flow of processing when the cryptographic processing system 800 in this embodiment is restarted.
When the key is deleted from the on-memory of the business application apparatus 500 due to restart or the like, it becomes necessary to acquire the key from the key / password generation management apparatus 100 again.

In “1: password setting”, the business application apparatus 500 (acquisition request unit) acquires a password from an administrator or the like.
In “1.1: Key acquisition request”, the business application apparatus 500 (acquisition request unit) makes a key acquisition request to the key / password generation management apparatus 100 using the acquired password information. At this time, the business application apparatus 500 passes the call stack information as call information to the key / password generation management apparatus 100 together with the password information.

In “1.1.1: Key store password generation”, the key / password generation management device 100 (key password calculation unit) is based on the call information (call stack or the like) from the business application device 500 and the password information. , Calculate the keystore password.
The call stack that the business application apparatus 500 passes to the key / password generation management apparatus 100 is the same as that in the initial processing. Therefore, if the password acquired by the business application device 500 from the administrator or the like is the same as that in the initial processing, the key store password calculated by the key / password generation management device 100 is the same as that in the initial processing.

In “1.1.2: Key acquisition request”, the key / password generation management device 100 (password calculation unit) uses the generated key store password to the key store device 200 (key acquisition unit). Make an acquisition request.
This time, there is registered key information in the key store device 200 (sequential storage unit). If the key store password notified from the key / password generation management device 100 matches the registered key store password, the key store device 200 (key acquisition unit) uses the registered key as the key / password generation management device. Return to 100.
The key / password generation management device 100 (key output unit) returns the key acquired from the key store device 200 to the business application device 500.

  FIG. 10 is a sequence diagram showing an example of a processing flow at the time of key update in the cryptographic processing system 800 according to this embodiment.

It is desirable to update the key regularly to prevent leakage of confidential information. If the administrator determines that it is time to update the key, it requests the business application apparatus 500 to update the key.
In “1: Key update request”, the business application apparatus 500 (update request unit) receives a key update request from the administrator.
In “1.1: Key update request”, the business application device 500 (update request unit) notifies the key / password generation management device 100 of the old key before update stored in the on-memory, Request key update. The business application device 500 measures the elapsed time since the key was generated / updated using a timer or the like, and when a predetermined period (for example, one week or one month) has elapsed, The key / password generation management device 100 may automatically request a key update regardless of the request.

  The call stack of the business application device 500 is different from that at the time of key acquisition request. For this reason, even if the key / password generation management device 100 receives the password and the call information from the business application device 500, it cannot generate the same key store password as that at the time of initial processing or at the time of restart. Instead, the key / password generation management device 100 accesses the password store device 300 to obtain the key store password.

In “1.1.1: Password store password generation”, the key / password generation management device 100 (reverse password calculation unit) determines the password store password (reverse password) based on the key notified from the business application device 500. Is generated. If the key notified from the business application device 500 is the same as the old key registered in the key store device 200 (sequential storage unit), the password store password generated by the key / password generation management device 100 is initialized. Therefore, it matches the password store password registered in the password store device 300 (reverse storage unit).
In “1.1.2: Password acquisition request”, the key / password generation management device 100 (reverse password calculation unit) notifies the password store device 300 (password acquisition unit) of the generated password store password. , Request password acquisition. If the password store password notified from the key / password generation management device 100 matches the password store password registered during the initial processing, the password store device 300 (password acquisition unit) registers the key store password registered during the initial processing. Is returned to the key / password generation management device 100. The key / password generation management device 100 acquires the key store password returned by the password store device 300. Thereby, the key / password generation management device 100 obtains the same key store password as that at the time of initial processing or at the time of restart.

In “1.1.3: Key generation”, the key / password generation management device 100 (update key generation unit) generates a new key after update.
In “1.1.4: Key update registration request”, the key / password generation management device 100 (update key generation unit) generates a key store password obtained from the password store device 300 and generates the key store device 200. The updated new key is notified and a key update registration is requested. The key store device 200 (key update unit) accepts an update request if the key store password notified from the key / password generation management device 100 matches the key store password registered during the initial processing. The key store device 200 (sequential storage unit) deletes the old key registered during the initial processing, and stores the new key notified from the key / password generation management device 100 instead. Note that only the key is updated, and the key store password is the same as that before the update and remains the key store password registered at the initial processing.
In “1.1.5: Password store password generation”, the key / password generation management device 100 (reverse password calculation unit) generates a password store password based on the generated new key. The password store password generated by the key / password generation management device 100 is different from the password store password before the update because the key has been updated.
In “1.1.6: Password update registration request”, the key / password generation management device 100 sends the generated password store password and the key store password input from the password store device 300 to the password store device 300. Notify and request password update registration. The password store device 300 (key update unit) accepts the update request if the key store password notified from the key / password generation management device 100 matches the key store password registered during the initial processing. The password store device 300 (reverse storage unit) deletes the old password store password registered during the initial process, and stores the new password store password notified from the key / password generation management device 100 instead. Note that only the password store password is updated, and the key store password is the same as that before the update and remains the key store password registered at the initial processing.

Thereafter, the key / password generation management device 100 (update key output unit) returns the newly created key to the business application device 500.
The business application apparatus 500 (encryption key update unit) holds the updated new key in the on-memory and performs encryption processing. The business application apparatus 500 (encryption update unit) performs processing such as decrypting already encrypted data using an old key and re-encrypting the decrypted plaintext using a new key.

  The cryptographic processing system 800 (key management method) in this embodiment includes an encryption / decryption device 400 that performs encryption / decryption of information using a key, and registration / acquisition / update / deletion of key information managed internally. A key store device 200 that manages access control of a user by using an alias name and password, a password store device 300 that manages access control of registration / acquisition / update / deletion of password information managed internally, and a key / And a key / password generation management device 100 for generating a password and registering / acquiring / updating / deleting information to / from the above-mentioned device, including call information from an application (business application device 500) and an administrator (including a setting file) The password information for the key store device (key) Toa password) to generate, the generated key information, to register using this key store password.

  The cryptographic processing system 800 generates a password by encoding the key information registered in the key management device 10 and uses it as a password (password store / password) of the password store device 300 that manages the key store password.

  As a result, information that the developer knows, such as information embedded in the program, is not used, so that unauthorized access from the inside by the administrator and the developer can be prevented. This improves the strength against unauthorized access from the administrator / developer. Moreover, since the key information can be updated, the compromise can be prevented.

The encryption / decryption and key management apparatus 10 controls access to key / password generation management apparatus 100 that generates password information for generation and management of keys used by the business application apparatus 500 and key information held by the password. A key store device 200 and a password store device 300 that controls access to password information held by a password, call information (call stack, etc.) of business applications that are difficult for an administrator / developer to obtain and an administrator By creating a key store password from the password information entered by the user, the strength against unauthorized access from the administrator / developer can be improved.
Further, by creating a password store / password from the created key information, the key in the key store device can be updated in response to a key update request from the business application.

  As a result, in the system for encrypting / decrypting information, it is possible to update key information and to reduce the risk of information leakage due to unauthorized access by an administrator / developer.

Embodiment 2. FIG.
The second embodiment will be described with reference to FIGS.
In addition, about the part which is common in Embodiment 1, the same code | symbol is attached | subjected and description is abbreviate | omitted.

  FIG. 11 is a block configuration diagram showing an example of the functional block configuration of the cryptographic processing system 800 in this embodiment.

The cryptographic processing system 800 includes, for example, an execution device 501 and a key management device 10.
The execution device 501 inputs plaintext data, encrypts the input plaintext data to generate encrypted data, and stores the generated encrypted data. The execution device 501 decrypts the stored encrypted data as necessary, restores plaintext data, and outputs the restored plaintext data (restored plaintext data). The hardware configuration of the execution device 501 is the same as the hardware configuration of the key management device 10 described with reference to FIG. 3, for example.

The key management device 10 manages keys used by the execution device 501 for encryption processing such as encryption and decryption.
The key management device 10 includes, for example, a key storage unit 110, an acquisition request input unit 121, an update request input unit 122, a response output unit 123, a key password calculation unit 131, a key acquisition unit 132, and a key generation unit. 133, a response generation unit 134, a key registration unit 135, a reverse password calculation unit 136, and a password acquisition unit 137.

The key storage unit 110 stores key data representing a key managed by the key management device 10 using a magnetic disk device 920 (storage device). In order to restrict access to key data, the key storage unit 110 stores a key password for accessing key data.
In addition, since it is assumed that there is a plurality of execution devices 501 for managing a key by one key management device 10 or a case where one execution device 501 uses a plurality of keys, the key management device 10 includes a plurality of execution devices 501. May manage keys. For this reason, the key storage unit 110 stores a plurality of key data. In order to identify each key data, the key memory | storage part 110 memorize | stores the identification data of each key.

The key storage unit 110 includes a sequential storage unit 201 and a reverse storage unit 301.
Using the magnetic disk device 920 (storage device), the sequential storage unit 201 stores key data representing a key, a key password for the key, and identification data for the key in association with each other.
The reverse storage unit 301 uses the magnetic disk device 920 (storage device) to store the key password stored in the sequential storage unit 201, the reverse password for accessing the key password, and the key accessed by the key password. The identification data is stored in association with each other.

The acquisition request input unit 121 inputs a key acquisition request message notified by the execution device 501 using the CPU 911 (processing device). The key acquisition request message indicates that acquisition of a key managed by the key management apparatus 10 is requested. The key acquisition request message includes identification data of a key to be acquired and a management password corresponding to the key. The key acquisition request message includes certification data for proving that the execution device 501 is genuine. This is because the key managed by the key management device 10 is not stolen by a fake pretending to be the execution device 501. The certification data includes, for example, identification data unique to the execution apparatus 501 and signature data using public key cryptography. Further, the proof data may be context data representing a context in which the execution apparatus 501 has notified the key acquisition request message input by the acquisition request input unit 121.
The “context” here refers to information indicating a return destination to be saved when a computer executes a program or calls a subroutine, function, method, or the like. In other words, the “context” is determined by the structure of the program being executed in order for the execution device 501 to function as the execution device 501, and cannot be forged. For example, in the program executed by the execution device 501, the key management device 10 is recognized as one object, and a key acquisition request message to the key management device 10 is notified by calling a key acquisition request method of the object. Is done. The “context” is notified to the key management apparatus 10 according to the specification of the programming language.
For this reason, when context data is used as proof data, impersonation becomes difficult unlike the case where simple identification data is used. When the context data is used as proof data, unlike the case where signature data using public key cryptography is used, the cost for certifying that the execution device 501 is authentic, such as a small amount of calculation, can be suppressed. .

  The update request input unit 122 inputs a key update request message notified by the execution device 501 using the CPU 911 (processing device). The key update request message indicates that an update of a key managed by the key management apparatus 10 is requested. The key update request message includes key identification data to be updated and key data representing the old key itself before the update. The key update request message does not need to include certification data. This is because the key update request message includes key data before update, and the device that has notified the key update request message knows the key before update. As long as the confidentiality of the key is protected, only the execution device 501 knows the key before the update, and therefore it is not necessary to prove that the execution device 501 is genuine.

  The response output unit 123 (key output unit, update key output unit) uses the CPU 911 (processing device) to send a key acquisition request message input by the acquisition request input unit 121 to the execution device 501 and an update request input unit. A response message to the key update request message input by 122 is output. The response message includes success / failure data indicating whether acquisition or update of the key is successful. When the key acquisition or update is successful, the response message includes key data representing the acquired key or the new key after update.

  The key password calculation unit 131 uses the CPU 911 (processing device) to calculate the key password. The key password calculation unit 131 calculates a key password based on the management password and the certification data included in the key acquisition request message input by the acquisition request input unit 121. For example, the key password calculation unit 131 concatenates the management password and the proof data, and calculates the key password by converting the concatenated data using a one-way function such as a hash function. The function used by the key password calculation unit 131 to calculate the key password is preferably a function having a collision difficulty and a prediction difficulty. Collision difficulty means that if one of the management password and the certification data is different even by 1 bit, a different key password is calculated. Further, the difficulty of predicting means that if any one of the management password and the certification data is unknown even if it is 1 bit, the calculated key password cannot be predicted even 1 bit.

  The key acquisition unit 132 acquires key data from the sequential storage unit 201 using the CPU 911 (processing device). The key acquisition unit 132 searches the identification data stored in the sequential storage unit 201 for data that matches the identification data included in the key acquisition request message input by the acquisition request input unit 121. When there is matching identification data, the key acquisition unit 132 determines whether the key password stored in the sequential storage unit 201 in association with the identification data matches the key password calculated by the key password calculation unit 131. judge. When the key passwords match, the key acquisition unit 132 acquires the key data stored in the sequential storage unit 201 in association with the key password and the identification data. In other cases, the key acquisition unit 132 fails to acquire the key data.

  The key generation unit 133 (new key generation unit, update key generation unit) uses the CPU 911 (processing device) to generate key data representing a new key. When the key generation unit 133 generates key data, there are two cases: new registration and update. When newly registering, when the key acquisition unit 132 fails to acquire key data, the identification data stored in the sequential storage unit 201 is included in the key acquisition request message input by the acquisition request input unit 121. This is a case where there is no identification data that matches the identification data. The update time will be described later.

  The response generation unit 134 generates a response message output by the response output unit 123 using the CPU 911 (processing device). When the key acquisition unit 132 acquires key data, the response generation unit 134 generates a response message including the key data acquired by the key acquisition unit 132. When the key generation unit 133 generates key data, the response generation unit 134 generates a response message including the key data generated by the key generation unit 133. In other cases, the response generation unit 134 generates a response message indicating that the key acquisition or update has failed.

  The key registration unit 135 registers key data in the sequential storage unit 201 using the CPU 911 (processing device). When the key registration unit 135 registers key data, there are two cases of new registration and update. At the time of new registration, the key registration unit 135 uses the CPU 911 (processing device) to identify the identification data included in the key acquisition request message input by the acquisition request input unit 121 from among the identification data stored by the sequential storage unit 201. Find what matches. When newly registering, when the key acquisition unit 132 fails to acquire key data, the identification data stored in the sequential storage unit 201 is included in the key acquisition request message input by the acquisition request input unit 121. Since there is no identification data that matches the identification data, there should be no matching identification data. When there is no matching identification data, the key generation unit 133 displays the key data generated by the key generation unit 133, the key password calculated by the key password calculation unit 131, and the key acquisition request message input by the acquisition request input unit 121. Is newly stored in the sequential storage unit 201. The sequential storage unit 201 uses the magnetic disk device 920 (storage device) to generate the key data generated by the key generation unit 133, the key password calculated by the key password calculation unit 131, and the key input by the acquisition request input unit 121. The identification data included in the acquisition request message is associated and newly stored. The update time will be described later.

The reverse password calculation unit 136 (old reverse password calculation unit, new reverse password calculation unit) calculates the reverse password using the CPU 911 (processing device). For example, the reverse password calculation unit 136 calculates a reverse password by converting key data using a one-way function such as a hash function. The function used by the reverse password calculation unit 136 to calculate the reverse password may be the same function as the function used by the key password calculation unit 131 to calculate the key password, or may be a different function. It is desirable that the function used by the reverse password calculation unit 136 to calculate the reverse password has difficulty in collision and difficulty in prediction.
When the reverse password calculation unit 136 calculates the reverse password, there are two cases: new registration and update. At the time of new registration, the reverse password calculation unit 136 uses the CPU 911 (processing device) to calculate a reverse password based on the key data stored in the sequential storage unit 201 by the key registration unit 135.
At the time of update, the reverse password calculation unit 136 calculates the reverse password twice. The first time is when the update request input unit 122 inputs a key update request message. The reverse password calculation unit 136 (old reverse password calculation unit) uses the CPU 911 (processing device) to reverse password based on old key data before update included in the key update request message input by the update request input unit 122. Is calculated. The second time will be described later.

  At the time of new registration, the reverse storage unit 301 uses the magnetic disk device 920 (storage device) to store the key password stored in the sequential storage unit 201 by the key registration unit 135 and the reverse password calculated by the reverse password calculation unit 136. And the identification data included in the key acquisition request message input by the acquisition request input unit 121 are stored in association with each other.

  The password acquisition unit 137 acquires a key password from the key storage unit 110 using the CPU 911 (processing device). When the reverse password calculation unit 136 calculates the first reverse password at the time of update, the password acquisition unit 137 adds the key update request message input by the update request input unit 122 from the identification data stored in the reverse storage unit 301. Look for a match with the included identification data. When there is matching identification data, the password acquisition unit 137 determines whether the reverse password stored in the reverse storage unit 301 in association with the identification data matches the reverse password calculated by the reverse password calculation unit 136. judge. When the reverse passwords match, the password acquisition unit 137 acquires the key password stored in the reverse storage unit 301 in association with the reverse password and the identification data. In other cases, the password acquisition unit 137 fails to acquire the key password.

When the password acquisition unit 137 acquires the key password at the time of update, the key generation unit 133 (update key generation unit) generates new updated key data using the CPU 911 (processing device).
The key registration unit 135 (key update unit) uses the CPU 911 (processing device) to identify the identification data included in the key update request message input by the update request input unit 122 from the identification data stored in the sequential storage unit 201. Find what matches. Since the sequential storage unit 201 stores the same identification data as the reverse storage unit 301, there should be matching identification data. When there is matching identification data, the key registration unit 135 (key update unit) matches the key password stored in the sequential storage unit 201 in association with the identification data and the key password acquired by the password acquisition unit 137. It is determined whether or not. Since the sequential storage unit 201 stores the same key password as the reverse storage unit 301 in association with the same identification data, the key passwords should match. If the key passwords match, the key registration unit 135 (key update unit) replaces the key data stored in the sequential storage unit 201 in association with the key password and the identification data, after the update generated by the key generation unit 133 The new key data is stored in the sequential storage unit 201.
The sequential storage unit 201 uses the magnetic disk device 920 (storage device), replaces only the key data with the key data generated by the key generation unit 133 without changing the key password and the identification data, and the key password and the identification data. Store it in association with the data.
The reverse password calculation unit 136 (new reverse password calculation unit) uses the CPU 911 (processing device) to calculate the second reverse password at the time of update. The reverse password calculation unit 136 (new reverse password calculation unit) calculates a reverse password based on the updated new key data registered in the sequential storage unit 201 by the key registration unit 135 (key update unit).
The reverse storage unit 301 (key update unit) uses the CPU 911 (processing device) to match the identification data included in the key update request message input by the update request input unit 122 from the stored identification data. look for. Since the password acquisition unit 137 has acquired the key password, there should be matching identification data. When there is matching identification data, the reverse storage unit 301 uses the CPU 911 (processing device) to store the key password stored in association with the identification data and the key stored by the key registration unit 135 in the sequential storage unit 201. Determine whether the password matches. Since the key password stored in the sequential storage unit 201 by the key registration unit 135 is acquired from the reverse storage unit 301 by the password acquisition unit 137, the key passwords should match. When the key passwords match, the reverse storage unit 301 uses the magnetic disk device 920 (storage device) to replace the reverse password stored in association with the key password and the identification data, and the reverse password calculation unit 136 (new The updated new reverse password calculated by the reverse password calculation unit) is stored. The reverse storage unit 301 replaces only the reverse password with the updated new reverse password calculated by the reverse password calculation unit 136 (new reverse password calculation unit) without changing the stored key password and identification data. And stored in association with the identification data.

  The execution device 501 includes, for example, an acquisition request unit 510, an update request unit 520, a response acquisition unit 531, an encryption key storage unit 532, and an encryption processing unit 540.

The acquisition request unit 510 notifies the key management device 10 of a key acquisition request message when the execution device 501 is activated. The acquisition request unit 510 includes, for example, a management password acquisition unit 511, an acquisition request generation unit 512, and an acquisition request notification unit 513.
The management password acquisition unit 511 acquires a management password using the CPU 911 (execution processing device). For example, the management password acquisition unit 511 acquires the management password input to the execution apparatus 501 by the administrator operating the keyboard 902 or the like. Alternatively, the management password acquisition unit 511 reads the setting file and acquires the management password recorded in the setting file.
The acquisition request generation unit 512 generates a key acquisition request message using the CPU 911 (execution processing device). The key acquisition request message generated by the acquisition request generation unit 512 includes the management password acquired by the management password acquisition unit 511. Further, the key acquisition request message generated by the acquisition request generation unit 512 includes proof data such as context data. Furthermore, the key acquisition request message generated by the acquisition request generation unit 512 includes identification data for identifying the execution device 501 (or the key to be acquired). If no key is registered in the key management device 10, the key management device 10 generates a key. For this reason, the key acquisition request message generated by the acquisition request generation unit 512 may further include parameters necessary for key generation, such as a key algorithm and a key length.
The acquisition request notification unit 513 notifies the key management device 10 of the key acquisition request message generated by the acquisition request generation unit 512 using the CPU 911 (execution processing device).

The update request unit 520 notifies the key management device 10 of a key update request message. The update request unit 520 includes, for example, an update determination unit 521, an update request generation unit 522, and an update request notification unit 523.
The update determination unit 521 uses the CPU 911 (execution processing device) to determine whether or not the key should be updated. For example, the update determination unit 521 stores the date when the key is updated using the magnetic disk device 920 (nonvolatile storage device). The update determination unit 521 compares the stored date with the current date, and determines that the key should be updated when a predetermined number of days have elapsed. Alternatively, the update determination unit 521 determines that the key should be updated when the administrator inputs to the execution device 501 that the key should be updated by operating the keyboard 902 or the like.
When the update determination unit 521 determines that the key should be updated, the update request generation unit 522 generates a key update request message using the CPU 911 (execution processing device). The key update request message generated by the update request generation unit 522 includes the key data stored in the encryption key storage unit 532. Further, the key update request message generated by the update request generation unit 522 includes identification data for identifying the execution device 501 (or the key to be updated).
The update request notification unit 523 notifies the key management device 10 of the key update request message generated by the update request generation unit 522 using the CPU 911 (execution processing device).

The response acquisition unit 531 (encryption key acquisition unit, encryption key update unit) uses the CPU 911 as a response to the key acquisition request message notified by the acquisition request unit 510 or the key update request message notified by the update request unit 520. The response message output by the key management apparatus 10 is acquired. When the acquired response message indicates that the key has been successfully acquired or updated and includes key data, the response acquisition unit 531 uses the CPU 911 (execution processing device) to encrypt the key data included in the response message. It is stored in the key storage unit 532.
The encryption key storage unit 532 stores the key data included in the response message acquired by the response acquisition unit 531 using the RAM 914 (volatile storage device). When one execution device 501 uses a plurality of keys, the encryption key storage unit 532 stores a plurality of key data. The plurality of keys are distinguished by identification data. The encryption key storage unit 532 includes identification data included in the key acquisition request message generated by the acquisition request unit 510 and the key update request message generated by the update request unit 520, and key data included in a response message as a response thereto. Are stored in association with each other.

  The encryption processing unit 540 uses the CPU 911 (execution processing device) to perform encryption processing using the key data stored in the encryption key storage unit 532. The encryption processing unit 540 includes, for example, a plaintext input unit 541, an encryption unit 401, an encryption storage unit 542, a decryption unit 402, and a plaintext output unit 543.

The plaintext input unit 541 uses the CPU 911 (execution processing device) to input plaintext data that the execution device 501 should encrypt and store.
Using the CPU 911 (execution processing device), the encryption unit 401 uses the key data stored in the encryption key storage unit 532 to encrypt the plaintext data input by the plaintext input unit 541 and generate encrypted data. .
The encryption storage unit 542 stores the encrypted data encrypted by the encryption unit 401 using a magnetic disk device 920 (nonvolatile storage device).
Using the CPU 911 (execution processing device), the decryption unit 402 decrypts the encrypted data stored in the encryption storage unit 542 using the key data stored in the encryption key storage unit 532, and generates restored plaintext data. .
The plaintext output unit 543 outputs the restored plaintext data generated by the decryption unit 402 using the CPU 911 (execution processing device).

  FIG. 12 is a flowchart showing an example of the processing flow of the entire cryptographic processing system 800 in this embodiment.

The key management apparatus 10 executes, for example, an acquisition request input process S710, a key acquisition process S720, an update request input process S750, and a key update process S760.
In the acquisition request input process S <b> 710, the key management apparatus 10 determines whether a key acquisition request message is notified from the execution apparatus 501. When the key acquisition request message is notified from the execution apparatus 501, the key management apparatus 10 inputs the notified key acquisition request message, and proceeds to the key acquisition process S720. If the key acquisition request message is not notified from the execution device 501, the key management device 10 advances the processing to update request input processing S750.
In the key acquisition process S720, the key management apparatus 10 acquires a key according to the key acquisition request message input in the acquisition request input process S710. When no key is registered in the key management apparatus 10, the key management apparatus 10 generates and registers a key. The key management device 10 outputs a response message to the execution device 501. The key management apparatus 10 advances the process to the update request input process S750.
In the update request input process S750, the key management apparatus 10 determines whether or not a key update request message has been notified from the execution apparatus 501. When the key update request message is notified from the execution device 501, the key management device 10 inputs the notified key update request message, and proceeds to the key update processing S 760. If the key update request message is not notified from the execution apparatus 501, the key management apparatus 10 returns the process to the acquisition request input process S710.
In the key update process S760, the key management apparatus 10 updates the key according to the key update message input in the update request input process S750, and outputs a response message to the execution apparatus 501. The key management apparatus 10 returns the process to the acquisition request input process S710.

The execution apparatus 501 executes, for example, an acquisition request process S810, an encryption process S820, an update determination process S830, an update request process S840, and an encryption update process S850.
When the execution device 501 is activated, the acquisition request process S810 is first executed.
In the acquisition request process S810, the execution apparatus 501 notifies the key management apparatus 10 of a key acquisition request message. The execution device 501 acquires the response message output by the key management device 10 as a response to the notified key acquisition request message.
In encryption processing S820, the execution apparatus 501 performs encryption processing using the key data included in the response message acquired in acquisition request processing S810.
In the update determination process S830, the execution device 501 determines whether to update the key. If it is determined to update, the execution apparatus 501 advances the process to the update request process S840. If it is determined not to update, the execution apparatus 501 returns the process to the encryption process S820.
In the update request process S840, the execution device 501 notifies the key management device 10 of a key update request message. The execution device 501 acquires the response message output by the key management device 10 as a response to the notified key update request message.
In the encryption update process S850, the execution apparatus 501 updates the stored encrypted data using the updated new key data included in the response message acquired in the update request process S840. The execution device 501 returns the process to the encryption process S820.

  FIG. 13 is a flowchart showing an example of a detailed flow of processing of the key management apparatus 10 in this embodiment.

Acquisition request input process S710 has acquisition request input process S711, for example.
In the acquisition request input step S <b> 711, if there is a key acquisition request message newly notified from the execution apparatus 501, the acquisition request input unit 121 inputs the notified key acquisition request message using the CPU 911 and performs key acquisition processing. The process proceeds to S720. When there is no key acquisition request message notified from the execution apparatus 501, the acquisition request input unit 121 uses the CPU 911 to advance the process to the update request input process S750.

The key acquisition process S720 includes, for example, a key password calculation step S721, a key acquisition step S722, a key generation step S723, a key registration step S724, a key output step S725, and a failure output step S726.
In the key password calculation step S721, the key password calculation unit 131 uses the CPU 911 based on the management password and the certification data included in the key acquisition request message input by the acquisition request input unit 121 in the acquisition request input step S711. Calculate the key password.
In the key acquisition step S722, the key acquisition unit 132 uses the CPU 911, and the key password calculated by the key password calculation unit 131 in the key password calculation step S721 and the key input by the acquisition request input unit 121 in the acquisition request input step S711. Key data is acquired from the sequential storage unit 201 using the identification data included in the acquisition request message. If the key data acquisition is successful, the key acquisition unit 132 uses the CPU 911 to advance the process to the key output step S725. When the key data acquisition fails due to the mismatch of the identification data, the key acquisition unit 132 uses the CPU 911 to advance the process to the key generation step S723. If the key data acquisition fails due to the mismatch of the key password, the key acquisition unit 132 uses the CPU 911 to advance the process to the failure output step S726.

In the key generation step S723, the key generation unit 133 (new key generation unit) uses the CPU 911 to generate new key data. The key generation unit 133 may be configured to generate key data in accordance with parameters such as a key algorithm and a key length included in the key acquisition request message input by the acquisition request input unit 121, or parameters fixed in advance. The key data may be generated using. If the key acquisition request message includes a parameter, it is preferable that the execution device 501 can change the key generation parameter according to the confidential level of the information to be handled.
In the key registration step S724, the key registration unit 135 uses the CPU 911 to register the key data generated by the key generation unit 133 in the key generation step S723 in the key storage unit 110. The sequential storage unit 201 uses the magnetic disk device 920 to generate the key data generated by the key generation unit 133 in the key generation step S723, the key password calculated by the key password calculation unit 131 in the key password calculation step S721, and the acquisition request. A pair with the identification data included in the key acquisition request message input by the acquisition request input unit 121 in the input step S711 is newly stored. The reverse password calculation unit 136 uses the CPU 911 to calculate a reverse password based on the key data generated by the key generation unit 133 in the key generation step S723. The reverse storage unit 301 receives the key password calculated by the key password calculation unit 131 in the key password calculation step S721, the reverse password calculated by the reverse password calculation unit 136, and the acquisition request input unit 121 input in the acquisition request input step S711. A pair with the identification data included in the key acquisition request message is newly stored. Using the CPU 911, the key registration unit 135 advances the process to the key output step S725.
If registration of key data fails due to some error, the key registration unit 135 uses the CPU 911 to advance the process to the failure output step S726.

  In the key output step S725, the response generation unit 134 uses the CPU 911 to include the key data acquired by the key acquisition unit 132 in the key acquisition step S722 or the key data generated by the key generation unit 133 in the key generation step S723. Generate a response message. Using the CPU 911, the response output unit 123 outputs the response message generated by the response generation unit 134 to the execution device 501. Using the CPU 911, the response output unit 123 advances the process to the update request input process S750.

  In the failure output step S726, the response generation unit 134 uses the CPU 911 to generate a response message indicating that the key acquisition has failed. Using the CPU 911, the response output unit 123 outputs the response message generated by the response generation unit 134 to the execution device 501. Using the CPU 911, the response output unit 123 advances the process to the update request input process S750.

The update request input process S750 includes, for example, an update request input process S751.
In the update request input step S751, if there is a key update request message newly notified from the execution apparatus 501, the update request input unit 122 uses the CPU 911 to input the notified key update request message, and performs key update processing. The process proceeds to S760. When there is no key update request message notified from the execution apparatus 501, the update request input unit 122 uses the CPU 911 to return the process to the acquisition request input process S710.

The key update process S760 includes, for example, a reverse password calculation step S761, a password acquisition step S762, a key generation step S763, a key update step S764, a key output step S765, and a failure output step S766.
In the reverse password calculation step S761, using the CPU 911, the reverse password calculation unit 136 (old reverse password calculation unit) uses the CPU 911 to update the key update request message included in the key update request message input by the update request input unit 122 in the update request input step S751. A reverse password is calculated based on the old key data.
In the password acquisition step S762, the password acquisition unit 137 uses the CPU 911, the reverse password calculated by the reverse password calculation unit 136 in the reverse password calculation step S761, and the key input by the update request input unit 122 in the update request input step S751. The key password stored in the reverse storage unit 301 is acquired using the identification data included in the update request message. When acquisition of the key password is successful, the password acquisition unit 137 uses the CPU 911 to advance the process to the key generation step S763. If acquisition of the key password fails due to a mismatch in identification data or a mismatch in reverse password, the password acquisition unit 137 uses the CPU 911 to advance the process to a failure output step S766.

In the key generation step S763, the key generation unit 133 (update key generation unit) uses the CPU 911 to generate new key data.
In the key update step S764, the key registration unit 135 (key update unit) uses the CPU 911 to update the key data registered in the key storage unit 110 to the key data generated by the key generation unit 133 in the key generation step S763. To do. The sequential storage unit 201 uses the magnetic disk device 920 to match the identified identification data with the identification data included in the key update request message input by the update request input unit 122 in the update request input step S751. The key data in which the associated key password matches the key password acquired by the password acquisition unit 137 in the password acquisition step S762 is replaced with the key data generated by the key generation unit 133 in the key generation step S763 and stored. The reverse password calculation unit 136 (new reverse password calculation unit) uses the CPU 911 to calculate a new reverse password based on the key data generated by the key generation unit 133 in the key generation step S763. The reverse storage unit 301 uses the magnetic disk device 920 to match the associated identification data with the identification data included in the key update request message input by the update request input unit 122 in the update request input step S751, and The reverse password in which the associated key password matches the key password acquired by the password acquisition unit 137 in the password acquisition step S762 is replaced with the new reverse password calculated by the reverse password calculation unit 136 and stored. If the key data update fails due to some error, the key registration unit 135 uses the CPU 911 to advance the process to the failure output step S766.

  In the key output step S765, the response generation unit 134 uses the CPU 911 to generate a response message including the new key data generated by the key generation unit 133 in the key generation step S763. Using the CPU 911, the response output unit 123 outputs the response message generated by the response generation unit 134 to the execution device 501. Using the CPU 911, the response output unit 123 returns the process to the acquisition request input process S710.

  In the failure output step S766, the response generation unit 134 uses the CPU 911 to generate a response message indicating that the key update has failed. Using the CPU 911, the response output unit 123 outputs the response message generated by the response generation unit 134 to the execution device 501. Using the CPU 911, the response output unit 123 returns the process to the acquisition request input process S710.

  FIG. 14 is a flowchart showing an example of a detailed flow of processing of the execution apparatus 501 in this embodiment.

The acquisition request process S810 includes, for example, a management password acquisition step S811, a key acquisition request generation step S812, a key acquisition request notification step S813, a response acquisition step S814, and a key storage step S815.
In the management password acquisition step S811, the management password acquisition unit 511 uses the CPU 911 to acquire a management password.
In the key acquisition request generation step S812, the acquisition request generation unit 512 uses the CPU 911 to obtain a key acquisition request including the management password acquired by the management password acquisition unit 511 in the management password acquisition step S811, identification data, and certification data. Generate a message.
In the key acquisition request notification step S813, the acquisition request notification unit 513 uses the CPU 911 to notify the key management apparatus 10 of the key acquisition request message generated by the acquisition request generation unit 512 in the key acquisition request generation step S812. .
In the response acquisition step S814, the response acquisition unit 531 (encryption key acquisition unit) uses the CPU 911 as a response to the key acquisition request message notified by the acquisition request notification unit 513 in the key acquisition request notification step S813. Get the output response message. If the acquired response message indicates that the key has been successfully acquired, the response acquisition unit 531 uses the CPU 911 to advance the process to the key storage step S815. When the acquired response message indicates that the key acquisition has failed, the response acquisition unit 531 uses the CPU 911 to return the process to the management password acquisition step S811.
In the key storage step S815, the encryption key storage unit 532 uses the RAM 914 to store key data included in the response message acquired by the response acquisition unit 531 in the response acquisition step S814.

  In cryptographic processing S820, the cryptographic processing unit 540 uses the CPU 911 to perform cryptographic processing using the key data stored in the cryptographic key storage unit 532.

  In the update determination process S830, the update determination unit 521 uses the CPU 911 to determine whether to update the key. If it is determined that the key is to be updated, the update determination unit 521 uses the CPU 911 to advance the process to the update request process S840. If it is determined that the key has not yet been updated, the update determination unit 521 uses the CPU 911 to return the process to the encryption process S820.

The update request process S840 includes, for example, a key update request generation step S841, a key update request notification step S842, a response acquisition step S843, and a new key storage step S844.
In the key update request generation step S841, the update request generation unit 522 uses the CPU 911 to generate a key update request message including the key data stored in the encryption key storage unit 532 and the identification data.
In the key update request notification step S842, the update request notification unit 523 uses the CPU 911 to notify the key management apparatus 10 of the key update request message generated by the update request generation unit 522 in the key update request generation step S841. .
In the response acquisition step S843, the response acquisition unit 531 (update key acquisition unit) uses the CPU 911 and the key management apparatus 10 as a response to the key update request message notified by the update request notification unit 523 in the key update request notification step S842. Get the output response message. If the acquired response message indicates that the key has been successfully updated, the response acquisition unit 531 uses the CPU 911 to advance the process to the new key storage step S844. When the acquired response message indicates that the key update has failed, the response acquisition unit 531 uses the CPU 911 to return the process to the management password acquisition step S811.
In the new key storage step S844, the encryption key storage unit 532 (encryption key update unit) uses the RAM 914 to store the updated new key data included in the response message acquired by the response acquisition unit 531 in the response acquisition step S843. To do. Since the old key data before update is used in the next cipher update process S850, the encryption key storage unit 532 still holds the old key data before update.

The cipher update process S850 includes, for example, a cipher selection step S851, a decryption step S852, an encryption step S853, a cipher storage step S854, and an old key deletion step S855.
In the encryption selection step S851, the decryption unit 402 (encryption update unit) uses the CPU 911 to select one encrypted data that has not yet been processed from among the encrypted data stored in the encryption storage unit 542. If all the encrypted data stored in the encryption storage unit 542 has been processed and there is no encryption data that can be selected, the decryption unit 402 uses the CPU 911 to advance the process to the old key deletion step S855. When there is encrypted data that has not yet been processed in the encrypted data stored in the encryption storage unit 542, the decrypting unit 402 uses the CPU 911 to encrypt the encrypted data from the encrypted data that has not been processed yet. Is selected, and the process proceeds to the decoding step S852.
In the decryption step S852, the decryption unit 402 uses the CPU 911 to decrypt and restore the encrypted data selected in the cipher selection step S851 using the old key data before update stored in the encryption key storage unit 532. Generate plain text data.
In the encryption step S853, the encryption unit 401 (update encryption unit) uses the updated new key data stored in the encryption key storage unit 532 using the CPU 911, and the decryption unit 402 in the decryption step S852. Encrypt the restored plaintext data generated by, and generate new encrypted data after update.
In the encryption storage step S854, the encryption storage unit 542 (encryption update unit) uses the magnetic disk device 920 to store the old encrypted data before update selected by the decryption unit 402 in the encryption selection step S851 in the encryption step S853. The new encrypted data after update generated by the encryption unit 401 is replaced and stored. Using the CPU 911, the encryption storage unit 542 returns the process to the encryption selection step S851.

  In the old key deletion step S855, the encryption key storage unit 532 deletes the old key data before update stored using the RAM 914. Using the CPU 911, the encryption key storage unit 532 returns the process to the encryption process S820.

  Thus, if the identification data and the key password do not match, the key data cannot be obtained from the sequential storage unit 201 or the key data stored in the sequential storage unit 201 cannot be updated. Ensure safety. Also, by embedding information from the certification data in the key password, only the real execution device 501 can acquire the key data. In particular, by using the context data as the proof data, it is possible to easily prove that the execution device 501 is genuine and to prevent forgery. At the time of key update, it is proved that the execution device 501 is authentic by not the proof data but the old key data itself before the update. The key password necessary for updating the key data stored in the sequential storage unit 201 is acquired from the reverse storage unit 301. If the identification data and reverse password do not match, the key password cannot be obtained from the reverse storage unit 301 or the key password stored in the reverse storage unit 301 cannot be updated, thereby ensuring the confidentiality and security of the key password. To do. Since the reverse password is calculated based on the key data, if the key data is known, the key password can be acquired and the key data can be updated.

  Instead of including key data in the key update request message, the execution device 501 may calculate a reverse password and include the reverse password in the key update request message. In that case, the password acquisition unit 137 matches the reverse password stored in the reverse storage unit 301 in association with the identification data matching the identification data included in the key update request message and the reverse password included in the key update request message. If it matches, the key password stored in the reverse storage unit 301 in association with the reverse password and the identification data is acquired.

Further, the key management device 10 may be configured without the reverse storage unit 301. In this case, the password acquisition unit 137 uses the CPU 911 to search the identification data stored in the sequential storage unit 201 for a match with the identification data included in the key update request message input by the update request input unit 122. . When there is matching identification data, the password acquisition unit 137 uses the CPU 911 to associate the key data stored in the sequential storage unit 201 with the identification data and the key update request message input by the update request input unit 122. It is determined whether or not the included key data matches. When the key data matches, the password acquisition unit 137 uses the CPU 911 to acquire the key password stored in the sequential storage unit 201 in association with the key data.
In the case where the reverse password is included in the key update request message, the reverse password calculation unit 136 is based on the key data stored in the sequential storage unit 201 in association with the identification data that matches the identification data included in the key update request message. Calculates the reverse password. The password acquisition unit 137 determines whether or not the reverse password calculated by the reverse password calculation unit 136 matches the reverse password included in the key update request message. If they match, the password acquisition unit 137 associates the reverse password with the key data. The key password stored in the sequential storage unit 201 is acquired.

Furthermore, the key management apparatus 10 may be configured without the password acquisition unit 137. In that case, the key registration unit 135 (key update unit) uses the CPU 911 to identify the identification data included in the key update request message input by the update request input unit 122 from the identification data stored in the sequential storage unit 201. Find a match. When there is matching identification data, the key registration unit 135 uses the CPU 911 to associate the key data stored in the sequential storage unit 201 with the identification data and the key update request message input by the update request input unit 122. It is determined whether or not the included key data matches. If the key data matches, the key registration unit 135 uses the CPU 911 to update the key data.
In the case where the reverse password is included in the key update request message, the reverse password calculation unit 136 is based on the key data stored in the sequential storage unit 201 in association with the identification data that matches the identification data included in the key update request message. Calculates the reverse password. The key registration unit 135 (key update unit) determines whether or not the reverse password calculated by the reverse password calculation unit 136 matches the reverse password included in the key update request message. Update the data.

Embodiment 3 FIG.
The third embodiment will be described with reference to FIGS.
In addition, about the part which is common in Embodiment 2, the same code | symbol is attached | subjected and description is abbreviate | omitted.

FIG. 15 is a block configuration diagram illustrating an example of a functional block configuration of the cryptographic processing system 800 according to this embodiment.
The key management apparatus 10 further includes a deletion request input unit 125 in addition to the configuration described in the second embodiment. The execution apparatus 501 further includes a deletion request unit 550 in addition to the configuration described in the second embodiment.

  Even after the key is updated, the key management device 10 keeps the old key data before the update, and deletes the key data only when the execution device 501 requests deletion of the key. The deletion request input unit 125 inputs a key deletion request message notified by the execution device 501 using the CPU 911 (processing device). The key deletion request message indicates that a key deletion is requested. The key deletion request message includes key data representing the key to be deleted and identification data for the key to be deleted.

The deletion request unit 550 notifies the key management device 10 of a key deletion request message using the CPU 911 (execution processing device). For example, the deletion request unit 550 includes a deletion request generation unit 552 and a deletion request notification unit 553.
The deletion request generation unit 552 generates a key deletion request message using the CPU 911 (execution processing device). For example, when the encryption processing unit 540 completes the encryption update process, the deletion request generation unit 552 generates a key deletion request message including old key data before update that is still stored in the encryption key storage unit 532.
The deletion request notification unit 553 notifies the key management device 10 of the key deletion request message generated by the deletion request generation unit 552 using the CPU 911 (execution processing device).

  When the execution device 501 is down and restarted during the encryption update process, the key data stored in the encryption key storage unit 532 using the RAM 914 is erased. After restarting, the execution device 501 notifies the key management device 10 of a key acquisition request message. At this time, the key management apparatus 10 holds not only the new key data after the update but also the old key data before the update. As a response to the key acquisition request message, the key management device 10 outputs a response message that includes two key data, the old key data before update and the new key data after update. The execution apparatus 501 can acquire the old key data before the update and the new key data after the update, and can continue the cryptographic update process.

Also, the cryptographic processing system 800 in this embodiment can update the management password. When the administrator wants to update the management password, the administrator operates the keyboard 902 or the like when the execution device 501 is started, and manages two managements, an old management password before the update and a new password after the update. The password is input to the execution device 501.
The management password acquisition unit 511 of the acquisition request unit 510 (password update request unit) acquires two management passwords input by the administrator using the CPU 911 (execution processing device).
The acquisition request generation unit 512 (password update request generation unit) generates a key acquisition request message including the two management passwords acquired by the management password acquisition unit 511 using the CPU 911 (execution processing device).
The acquisition request notification unit 513 (password update request notification unit) uses the CPU 911 (execution processing device) to generate a key acquisition request message (password update request message) including two management passwords generated by the acquisition request generation unit 512. The key management device 10 is notified.

The acquisition request input unit 121 (password update request input unit) uses the CPU 911 (processing device) to input the key acquisition request message notified by the execution device 501. When the input key acquisition request message includes two management passwords, the acquisition request input unit 121 determines that updating of the management password is requested at the same time as acquiring the key.
The key password calculation unit 131 (old password calculation unit, new password calculation unit) uses the CPU 911 (processing device), based on each of the two management passwords included in the key acquisition request message input by the acquisition request input unit 121. Calculate the key password. That is, the key password calculation unit 131 calculates an old key password before update and a new key password after update.
The key acquisition unit 132 uses the CPU 911 (processing device) to acquire key data from the sequential storage unit 201 using the old key password before update calculated by the key password calculation unit 131 (old password calculation unit).
The key generation unit 133 does not generate new key data even when the key acquisition unit 132 fails to acquire the key data due to the mismatch of the identification data. This is because the management password is updated on the premise that the sequential storage unit 201 stores old key data.
When the key acquisition unit 132 succeeds in acquiring key data, the key registration unit 135 (password update unit) uses the CPU 911 (processing device) to associate the key password associated with the key data acquired by the key acquisition unit 132. Update. For example, the key registration unit 135 searches the identification data stored in the sequential storage unit 201 for data that matches the identification data included in the key acquisition request data input by the acquisition request input unit 121. When there is matching identification data, the key registration unit 135 associates the identification data with the key password stored in the sequential storage unit 201 and the old before update calculated by the key password calculation unit 131 (old password calculation unit). It is determined whether or not the key password matches. If the key passwords match, the key registration unit 135 causes the sequential storage unit 201 to store the updated new key password calculated by the key password calculation unit 131 (new password calculation unit) instead of the key password. The sequential storage unit 201 uses the magnetic disk device 920 (storage device), replaces only the key password with the updated new key password calculated by the key password calculation unit 131 while keeping the key data and the identification data as it is, The key data and identification data are stored in association with each other.
The reverse password calculation unit 136 uses the CPU 911 (processing device) to calculate a reverse password based on the key data acquired by the key acquisition unit 132.
The reverse storage unit 301 (password update unit) uses the CPU 911 (processing device) to store the identification data that matches the identification data included in the key update request message input by the update request input unit 122 from the stored identification data. look for. When there is matching identification data, the reverse storage unit 301 uses the CPU 911 (processing device) to match the reverse password stored in association with the identification data and the reverse password calculated by the reverse password calculation unit 136. It is determined whether or not. When the reverse passwords match, the reverse storage unit 301 uses the magnetic disk device 920 (storage device) to replace the key password stored in association with the reverse password and identification data, and the key password calculation unit 131 (new The updated new key password calculated by the password calculation unit) is stored. The reverse storage unit 301 replaces only the key password with the updated new key password calculated by the key password calculation unit 131 (new password calculation unit) without changing the stored reverse password and identification data. It is stored in correspondence with the identification data.

FIG. 16 is a flowchart showing an example of the processing flow of the entire cryptographic processing system 800 in this embodiment.
In addition to the process described in the second embodiment, the key management apparatus 10 further executes a password update process S730, a delete request input process S780, and a key delete process S790.

In the acquisition request input process S710, when the key management apparatus 10 inputs a key acquisition request message, whether or not the management password update is requested based on the number of management passwords included in the input key acquisition request message. Determine. When two management passwords are included in the key acquisition request message, the key management apparatus 10 determines that not only key acquisition but also management password update is requested, and advances the processing to password update processing S730. When only one management password is included in the key acquisition request message, the key management apparatus 10 determines that the management password update is not requested and only the key acquisition is requested, and the process proceeds to the key acquisition process S720. To proceed.
In the password update process S730, the key management apparatus 10 updates the key password associated with the key data that can be accessed with the old management password so that it can be accessed with the new management password. The key management apparatus 10 advances the process to the update request input process S750.

If the key update request message is not notified from the execution apparatus 501 in the update request input process S750, the key management apparatus 10 advances the process to the delete request input process S780.
Further, even after the process in the key update process S760 is completed, the key management apparatus 10 advances the process to the delete request input process S780.

In the deletion request input process S780, the key management apparatus 10 determines whether or not a key deletion request message has been notified from the execution apparatus 501. When the key deletion request message is notified from the execution apparatus 501, the key management apparatus 10 inputs the notified key deletion request message, and proceeds to the key deletion process S790. If the key deletion request message is not notified from the execution apparatus 501, the key management apparatus 10 returns the process to the acquisition request input process S710.
In the key deletion process S790, the key management apparatus 10 deletes the key according to the key deletion request message input in the deletion request input process S780, and outputs a response message to the execution apparatus 501. The key management apparatus 10 returns the process to the acquisition request input process S710.

  In the acquisition request process S810, the execution apparatus 501 determines whether the encryption update process is in progress based on the number of key data included in the response message output by the key management apparatus 10. When two key data are included in the response message, the execution device 501 determines that the encryption update process is in progress, and advances the process to the encryption update process S850. When only one key data is included in the response message, the execution apparatus 501 determines that the encryption update process is not in progress, and proceeds to the encryption process S820 as usual.

After the encryption update process S850 ends, the execution apparatus 501 advances the process to the deletion request process S860.
In the deletion request step S860, the execution device 501 notifies the key management device 10 of a key deletion request message. The execution device 501 acquires the response message output by the key management device 10 as a response to the notified key deletion request message. The execution device 501 returns the process to the encryption process S820.

FIG. 17 is a flowchart showing an example of a detailed flow of processing of the key management apparatus 10 in this embodiment.
The acquisition request input process S710 further includes a password update determination process S712 in addition to the processes described in the second embodiment.
In the password update determination step S712, the acquisition request input unit 121 uses the CPU 911 to determine whether the input key acquisition request message includes two management passwords or only one. When two management passwords are included in the key acquisition request message, it is an update request for the management password, so the acquisition request input unit 121 uses the CPU 911 to advance the process to the password update process S730. When only one management password is included in the key acquisition request message, it is a key acquisition request as usual, so the acquisition request input unit 121 uses the CPU 911 to advance the process to key acquisition processing S720.

The password update process S730 includes, for example, an old password calculation step S731, a key acquisition step S732, a new password calculation step S733, a password update step S734, a key output step S735, and a failure output step S736.
In the old password calculation step S731, the key password calculation unit 131 (old password calculation unit) uses the CPU 911 to update the old before update included in the key acquisition request message input by the acquisition request input unit 121 in the acquisition request input step S711. Based on the management password and the certification data, the old key password before update is calculated.
In the key acquisition step S732, the key acquisition unit 132 uses the CPU 911 to acquire key data from the sequential storage unit 201 using the old key password before update calculated by the key password calculation unit 131 in the old password calculation step S731. To do. When acquisition of the key data is successful, the key acquisition unit 132 uses the CPU 911 to advance the process to the new password calculation step S733. When acquisition of key data fails due to mismatch of identification data or key password, the key acquisition unit 132 uses the CPU 911 to advance the process to the failure output step S736.

In the new password calculation step S733, the key password calculation unit 131 (new password calculation unit) uses the CPU 911 to update the new updated key acquisition message included in the acquisition request input unit 121 in the acquisition request input step S711. Based on the management password and the certification data, a new updated key password is calculated.
In the password update step S734, the key registration unit 135 (password update unit) uses the CPU 911 to update the key password registered in the key storage unit 110 by the key password calculation unit 131 in the new password calculation step S733. Update to a new key password for. The sequential storage unit 201 uses the magnetic disk device 920 so that the associated identification data matches the identification data included in the key acquisition request message input by the acquisition request input unit 121 in the acquisition request input step S711, and , A key password whose key data matched with the key data acquired by the key acquisition unit 132 in the key acquisition step S732 is the updated new key calculated by the key password calculation unit 131 in the new password calculation step S733. Replace with password and remember. The reverse password calculation unit 136 uses the CPU 911 to calculate a reverse password based on the key data acquired by the key acquisition unit 132 in the key acquisition step S732. The reverse storage unit 301 uses the magnetic disk device 920 so that the associated identification data matches the identification data included in the key acquisition request message input by the acquisition request input unit 121 in the acquisition request input step S711, and The key password whose associated reverse password matches the reverse password calculated by the reverse password calculation unit 136 is replaced with the updated new key password calculated by the key password calculation unit 131 in the new password calculation step S733 and stored. To do. If the key password update fails due to some error, the key registration unit 135 uses the CPU 911 to advance the process to the failure output step S736.

The key update process S760 includes a new key registration process S767 instead of the key update process S764 among the processes described in the second embodiment.
In the new key registration step S767, the key registration unit 135 newly registers the updated new key data in the key storage unit 110 while leaving the old key data before the update in the key storage unit 110. The sequential storage unit 201 uses the magnetic disk device 920 to generate the key data generated by the key generation unit 133 (update key generation unit) in the key generation step S763 and the key password acquired by the password acquisition unit 137 in the password acquisition step S762. And the identification data included in the key update request message input by the update request input unit 122 in the update request input step S751 are newly stored in association with each other. Since it is necessary to distinguish old key data before update and new key data after update, the order storage unit 201 further stores, for example, data representing the generation order of key data in association with the key data. To do. The reverse password calculation unit 136 (new reverse password calculation unit) uses the CPU 911 to calculate an updated new reverse password based on the updated new key data generated by the key generation unit 133 in the key generation step S763. . The reverse storage unit 301 uses the magnetic disk device 920, the key password acquired by the password acquisition unit 137 in the password acquisition step S762, the updated new reverse password calculated by the reverse password calculation unit 136, and the update request input step In step S751, the identification data included in the key update request message input by the update request input unit 122 is newly stored in association with each other. Similar to the sequential storage unit 201, the reverse storage unit 301 may be configured to further store, for example, data representing the generation order of key data in association with the key password.

The deletion request input process S780 includes, for example, a deletion request input step S781.
In the deletion request input step S781, if there is a key deletion request message newly notified from the execution apparatus 501, the deletion request input unit 125 uses the CPU 911 to input the notified key deletion request message to perform key deletion processing. The process proceeds to S790. If there is no key deletion request message notified from the execution apparatus 501, the deletion request input unit 125 uses the CPU 911 to return the process to the acquisition request input process S710.

The key deletion process S790 includes, for example, a reverse password calculation step S791, a password acquisition step S792, a key deletion step S794, a success output step S795, and a failure output step S796.
In the reverse password calculation step S791, the reverse password calculation unit 136 (deletion reverse password calculation unit) uses the CPU 911 to add the key data included in the key deletion request message input by the deletion request input unit 125 in the deletion request input step S781. Based on this, a reverse password is calculated.
In the password acquisition step S762, the password acquisition unit 137 (deletion password acquisition unit) uses the CPU 911 to input the reverse password calculated by the reverse password calculation unit 136 in the reverse password calculation step S791 and the deletion request input in the deletion request input step S781. The key password stored in the reverse storage unit 301 is acquired using the identification data included in the key deletion request message input by the unit 125. If acquisition of the key password is successful, the password acquisition unit 137 uses the CPU 911 to advance the process to the key deletion step S794. If acquisition of the key password fails due to a mismatch in identification data or a mismatch in reverse password, the password acquisition unit 137 uses the CPU 911 to advance the process to a failure output step S796.

  In the key deletion step S794, the key registration unit 135 (key deletion unit) uses the CPU 911 to delete the key data registered in the key storage unit 110. The sequential storage unit 201 stores the identification data associated with the key data, the key password, and the identification data stored using the magnetic disk device 920 as the keys input by the deletion request input unit 125 in the deletion request input step S781. The key password that matches the identification data included in the deletion request message and that corresponds to the key password that matches the key password acquired by the password acquisition unit 137 in the password acquisition step S792 is associated with the key data. Delete the key password and identification data. The reverse storage unit 301 uses the key password, the reverse password, and the identification data stored using the magnetic disk device 920 as the identification data associated with the key input by the deletion request input unit 125 in the deletion request input step S781. A key password that matches the identification data included in the deletion request message, and whose associated reverse password matches the reverse password calculated by the reverse password calculation unit 136 in the reverse password calculation step S791, and corresponds to the key password The attached reverse password and identification data are deleted. If deletion of key data fails due to some error, the key registration unit 135 uses the CPU 911 to advance the process to a failure output step S796.

  In the success output step S795, the response generation unit 134 uses the CPU 911 to generate a response message indicating that the key has been successfully deleted. Using the CPU 911, the response output unit 123 outputs the response message generated by the response generation unit 134 to the execution device 501. Using the CPU 911, the response output unit 123 returns the process to the acquisition request input process S710.

  In the failure output step S796, the response generation unit 134 uses the CPU 911 to generate a response message indicating that the key deletion has failed. Using the CPU 911, the response output unit 123 outputs the response message generated by the response generation unit 134 to the execution device 501. Using the CPU 911, the response output unit 123 returns the process to the acquisition request input process S710.

In the key update process S760, the key management apparatus 10 may be configured to fail to update the key if the old key data left in the previous key update process S760 has not yet been deleted.
In the key deletion process S790, if the key management apparatus 10 tries to delete the new key data newly generated in the key update process S760 instead of the old key data left in the key update process S760, It may be a configuration that fails to delete.

  FIG. 18 is a flowchart showing an example of a detailed flow of processing of the execution apparatus 501 in this embodiment.

In the management password acquisition step S811, the management password acquisition unit 511 uses the CPU 911 to acquire one or two management passwords.
In the key acquisition request generation step S812, the acquisition request generation unit 512 uses the CPU 911 to generate a key acquisition request message including one or two management passwords acquired by the management password acquisition unit 511 in the management password acquisition step S811. .

  In the key storage step S815, the encryption key storage unit 532 uses the RAM 914 to store key data included in the response message acquired by the response acquisition unit 531 in the response acquisition step S814. When two key data are included in the response message, the encryption key storage unit 532 advances the processing to the encryption selection step S851. When only one key data is included in the response message, the encryption key storage unit 532 advances the processing to encryption processing S820.

The cryptographic update processing S850 does not have the old key deletion step S855 described in the second embodiment.
In the encryption selection step S851, when all the encrypted data stored in the encryption storage unit 542 has been processed, the decryption unit 402 uses the CPU 911 to advance the process to the deletion request step S860.

The deletion request step S860 includes, for example, a key deletion request generation step S861, a key deletion request notification step S862, a response acquisition step S863, and an old key deletion step S864.
In the key deletion request generation step S861, the deletion request generation unit 552 uses the CPU 911 to generate a key deletion request message including old key data before update stored in the encryption key storage unit 532 and identification data. .
In the key deletion request notification step S862, the deletion request notification unit 553 uses the CPU 911 to notify the key management apparatus 10 of the key deletion request message generated by the deletion request generation unit 552 in the key deletion request generation step S861. .
In the response acquisition step S863, the response acquisition unit 531 uses the CPU 911 to acquire the response message output by the key management apparatus 10 as a response to the key deletion request message notified by the deletion request generation unit 552 in the key deletion request notification step S862. To do.
In the old key deletion step S855, the encryption key storage unit 532 deletes the old key data before update stored using the RAM 914. Using the CPU 911, the encryption key storage unit 532 returns the process to the encryption process S820.

  The configuration described in each embodiment has been described above by way of example and is not limited thereto. For example, the configuration described in different embodiments may be combined, or the configuration of an unimportant portion may be replaced with another configuration.

The key management device (10) described above includes a storage device (magnetic disk device 920) for storing data, a processing device (CPU 911) for processing data, and a key storage unit (110; key store device 200, password store device). 300), an acquisition request input unit (121; key / password generation management device 100), a key password calculation unit (131; key / password generation management device 100), and a key acquisition unit (132; key store device 200) , A new key generation unit (key generation unit 133; key / password generation management device 100), a key registration unit (135; key store device 200, password store device 300), and a key output unit (response output unit 123; Password generation management device 100), update request input unit (122; key / password generation management device 100), update key generation unit (key generation unit) 33; key / password generation management device 100), key update unit (key registration unit 135; key store device 200, password store device 300), update key output unit (response output unit 123; key / password generation management device 100) ).
The key storage unit uses the storage device to store a key used for encryption processing and a key password for accessing the key.
The acquisition request input unit inputs a management password used for managing a key to be acquired using the processing device.
The key password calculation unit calculates a key password based on the management password input by the acquisition request input unit using the processing device.
The key acquisition unit acquires the key stored in the key storage unit using the processing device when the key password calculated by the key password calculation unit matches the key password stored in the key storage unit. To do.
The new key generation unit generates a key using the processing device when the key password calculated by the key password calculation unit does not match the key password stored by the key storage unit.
When the key password calculated by the key password calculation unit does not match the key password stored by the key storage unit, the key registration unit uses the processing device to generate the key generated by the new key generation unit. The key password calculated by the key password calculation unit is stored in the key storage unit.
The key output unit outputs the key acquired by the key acquisition unit using the processing device when the key password calculated by the key password calculation unit matches the key password stored by the key storage unit. When the key password calculated by the key password calculation unit does not match the key password stored by the key storage unit, the key generated by the new key generation unit is output using the processing device.
The update request input unit inputs a key to be updated using the processing device.
The update key generation unit generates a key using the processing device when the key input by the update request input unit matches the key stored by the key storage unit.
When the key input by the update request input unit matches the key stored by the key storage unit, the key update unit uses the processing device to replace the key stored by the key storage unit, The key generated by the update key generation unit is stored in the key storage unit.
The update key output unit outputs the key generated by the update key generation unit using the processing device when the key input by the update request input unit matches the key stored in the key storage unit. To do.

  Since the key password calculated from the management password is required to acquire the key, it is possible to prevent key leakage. In addition, the key can be easily updated because the key before the update is sufficient.

  The key password calculation unit acquires the context in which the acquisition request input unit has input the management password using the processing device, and based on the management password input by the acquisition request input unit and the acquired context, Calculate the key password.

  Since the key password is calculated based on the management password and the context, even if the management password is known, the key cannot be obtained in a different context, and the key leakage can be prevented.

  The key password calculation unit calculates the key password by combining the data representing the management password and the data representing the context using the processing device, and converting the combined data by a one-way function. .

  Since the management password and the context are engaged and converted by the one-way function, the key password cannot be calculated even if either the management password or the context is known.

The key management device further includes a reverse password calculation unit (136; key / password generation management device 100), an old reverse password calculation unit (reverse password calculation unit 136; key / password generation management device 100), and a new reverse password. A calculation unit (reverse password calculation unit 136; key / password generation management device 100) and a password acquisition unit (137; password store device 300) are included.
The key storage unit includes a sequential storage unit (201; key store device 200) and a reverse storage unit (301; password store device 300).
The reverse password calculation unit calculates a reverse password for accessing the key password based on the key generated by the new key generation unit using the processing device.
The sequential storage unit stores the key generated by the new key generation unit and the key password calculated by the key password calculation unit using the storage device.
The reverse storage unit stores the key password calculated by the key password calculation unit and the reverse password calculated by the reverse password calculation unit using the storage device.
The key acquisition unit outputs the key stored in the sequential storage unit when the input key password matches the key password stored in the sequential storage unit using the processing device.
The old reverse password calculation unit calculates the reverse password based on the key input by the update request input unit using the processing device.
The password acquisition unit uses the processing device to store the key password stored in the reverse storage unit when the reverse password calculated by the old reverse password calculation unit matches the reverse password stored in the reverse storage unit. To get.
The update key generation unit generates a key using the processing device when the reverse password calculated by the old reverse password calculation unit matches the reverse password stored by the reverse storage unit.
The new reverse password calculation unit generates the update key generation unit using the processing device when the reverse password calculated by the old reverse password calculation unit matches the reverse password stored by the reverse storage unit. The reverse password is calculated based on the key.
The key update unit uses the processing device to replace the key stored in the sequential storage unit when the key password acquired by the password acquisition unit matches the key password stored in the sequential storage unit. The key generated by the update key generation unit is stored in the sequential storage unit, and the reverse password calculated by the new reverse password calculation unit is stored in the reverse storage unit instead of the reverse password stored by the reverse storage unit. Let

  A key password is required to access the key stored in the sequential storage unit. Further, in order to access the key password stored in the reverse storage unit, the reverse password calculated from the key is required. Thus, if one of the key and the key password is known, the other can be known, so that the key can be easily updated.

  The reverse password calculation unit, the old reverse password calculation unit, and the new reverse password calculation unit generate the reverse password by converting the key with a one-way function using the processing device.

  Since the reverse password is generated by converting the key with a one-way function, the key cannot be generated from the reverse password.

The key management apparatus further includes a password update request input unit (acquisition request input unit 121), an old password calculation unit (key password calculation unit 131), a new password calculation unit (key password calculation unit 131), and a password update. (Key registration unit 135).
The password update request input unit inputs an old management password to be updated and a new management password after update.
The old password calculation unit calculates a key password using the processing device based on the old management password input by the password update request input unit.
The new password calculation unit calculates a key password using the processing device based on the new management password input by the password update request input unit.
When the key password calculated by the old password calculation unit matches the key password stored by the key storage unit, the password update unit uses the processing device to update the key password stored by the key storage unit. Instead, the key password calculated by the new password calculation unit is stored in the key storage unit.

  Since the management password can be updated, key leakage can be prevented.

The cryptographic processing system (800) described above includes the key management device (10) and the execution device (501; business application device 500).
The execution device includes an execution storage device (RAM 914, magnetic disk device 920) for storing data, an execution processing device (CPU 911) for processing data, an acquisition request unit (510), and an encryption key storage unit (532). And an encryption processing unit (540; encryption / decryption device 400) and an encryption key update unit (encryption key storage unit 532).
The acquisition request unit acquires a management password using the execution processing device.
The acquisition request input unit inputs the management password acquired by the acquisition request unit using the processing device.
The encryption key storage unit stores the key output by the key output unit using the execution storage device.
The encryption processing unit executes encryption processing using the key stored in the encryption key storage unit using the execution processing device.
The update request input unit inputs the key stored in the encryption key storage unit using the processing device.
The encryption key update unit stores the key output from the update key output unit in the encryption key storage unit using the execution processing device.

  Since encryption processing is performed using a key managed by the key management device, information leakage can be prevented.

The execution storage device includes a volatile volatile storage device (RAM 914) and a nonvolatile volatile storage device (magnetic disk device 920).
The encryption processing unit includes an encryption unit (401), an encryption storage unit (542), a decryption unit (402), an update encryption unit (encryption unit 401), and an encryption update unit (encryption storage unit 542). And have.
The encryption key storage unit stores the keys output by the key output unit and the update key output unit using the volatile storage device.
The encryption unit encrypts plaintext data using the execution processing device and generates the encrypted data by using the key stored in the encryption key storage unit.
The encryption storage unit stores the encrypted data generated by the encryption unit using the nonvolatile storage device.
The decryption unit uses the execution processing device to decrypt the encrypted data stored in the encryption storage unit using the key stored in the encryption key storage unit to generate restored plaintext data.
The update encryption unit uses the execution processing device to encrypt the restored plaintext data generated by the decryption unit using the key output from the update key output unit to generate update encrypted data.
The encryption update unit uses the execution processing device to store the update encrypted data generated by the update encryption unit in the encryption storage unit instead of the encrypted data stored in the encryption storage unit.

  Since the encrypted data is updated as the key is updated, information leakage can be prevented.

  The key management apparatus 10 described above can be realized by causing a computer to execute a program that causes the computer to function as the key management apparatus 10.

  10 key management device, 100 key / password generation management device, 110 key storage unit, 121 acquisition request input unit, 122 update request input unit, 123 response output unit, 125 deletion request input unit, 131 key password calculation unit, 132 key acquisition Unit, 133 key generation unit, 134 response generation unit, 135 key registration unit, 136 reverse password calculation unit, 137 password acquisition unit, 200 key store device, 201 sequential storage unit, 300 password store device, 301 reverse storage unit, 400 encryption / Decryption device, 401 encryption unit, 402 decryption unit, 500 business application device, 501 execution device, 510 acquisition request unit, 511 management password acquisition unit, 512 acquisition request generation unit, 513 acquisition request notification unit, 520 update request unit 521 Update determination unit 522 Update request generation unit 5 3 Update request notifying unit, 531 Response obtaining unit, 532 Encryption key storage unit, 540 Encryption processing unit, 541 Plain text input unit, 542 Encryption storage unit, 543 Plain text output unit, 550 Delete request unit, 552 Delete request generation unit, 553 Delete Request notification unit, 600 client application device, 701 password, 702 call information, 703 connection data, 704, 707 hash value, 705 key store password, 706 key, 708 password store password, 800 cryptographic processing system, 901 display device, 902 keyboard , 903 mouse, 904 FDD, 905 CDD, 906 printer device, 907 scanner device, 910 system unit, 911 CPU, 912 bus, 913 ROM, 914 RAM, 915 communication device, 92 Magnetic disk drive, 921 OS, 922 Window system, 923 Program group, 924 File group, 931 telephone, 932 a facsimile machine, 940 Internet, 941 Gateway, 942 LAN.

Claims (10)

Storage device for storing data, processing device for processing data, key storage unit, acquisition request input unit, key password calculation unit, key acquisition unit, new key generation unit, key registration unit, key An output unit, an update request input unit, an update key generation unit, a key update unit, and an update key output unit;
The key storage unit uses the storage device to store a key used for cryptographic processing and a key password for accessing the key,
The acquisition request input unit uses the processing device to input a management password used for managing a key to be acquired,
The key password calculation unit calculates the key password based on the management password input by the acquisition request input unit using the processing device,
The key acquisition unit acquires the key stored in the key storage unit using the processing device when the key password calculated by the key password calculation unit matches the key password stored in the key storage unit. And
The new key generation unit generates a key using the processing device when the key password calculated by the key password calculation unit does not match the key password stored by the key storage unit,
When the key password calculated by the key password calculation unit does not match the key password stored by the key storage unit, the key registration unit uses the processing device to generate the key generated by the new key generation unit. The key password calculated by the key password calculation unit is stored in the key storage unit,
The key output unit outputs the key acquired by the key acquisition unit using the processing device when the key password calculated by the key password calculation unit matches the key password stored by the key storage unit. When the key password calculated by the key password calculation unit does not match the key password stored by the key storage unit, the processing device is used to output the key generated by the new key generation unit,
The update request input unit inputs a key to be updated using the processing device,
The update key generation unit generates a key using the processing device when the key input by the update request input unit matches the key stored by the key storage unit,
When the key input by the update request input unit matches the key stored by the key storage unit, the key update unit uses the processing device to replace the key stored by the key storage unit, Storing the key generated by the update key generation unit in the key storage unit;
The update key output unit outputs the key generated by the update key generation unit using the processing device when the key input by the update request input unit matches the key stored in the key storage unit. And a key management device.   The key password calculation unit acquires the context in which the acquisition request input unit has input the management password using the processing device, and based on the management password input by the acquisition request input unit and the acquired context, The key management apparatus according to claim 1, wherein a key password is calculated.   The key password calculation unit calculates the key password by combining the data representing the management password and the data representing the context using the processing device, and converting the combined data by a one-way function. The key management apparatus according to claim 2. The key management device further includes a reverse password calculation unit, an old reverse password calculation unit, a new reverse password calculation unit, and a password acquisition unit,
The key storage unit includes a sequential storage unit and a reverse storage unit,
The reverse password calculation unit calculates a reverse password for accessing the key password based on the key generated by the new key generation unit using the processing device;
The sequential storage unit stores the key generated by the new key generation unit and the key password calculated by the key password calculation unit using the storage device,
The reverse storage unit stores the key password calculated by the key password calculation unit and the reverse password calculated by the reverse password calculation unit using the storage device,
The key acquisition unit outputs the key stored in the sequential storage unit when the input key password matches the key password stored in the sequential storage unit using the processing device,
The old reverse password calculation unit calculates a reverse password based on the key input by the update request input unit using the processing device;
The password acquisition unit uses the processing device to store the key password stored in the reverse storage unit when the reverse password calculated by the old reverse password calculation unit matches the reverse password stored in the reverse storage unit. Get
The update key generation unit generates a key using the processing device when the reverse password calculated by the old reverse password calculation unit matches the reverse password stored by the reverse storage unit,
The new reverse password calculation unit generates the update key generation unit using the processing device when the reverse password calculated by the old reverse password calculation unit matches the reverse password stored by the reverse storage unit. Calculate the reverse password based on the key
The key update unit uses the processing device to replace the key stored in the sequential storage unit when the key password acquired by the password acquisition unit matches the key password stored in the sequential storage unit. The key generated by the update key generation unit is stored in the sequential storage unit, and the reverse password calculated by the new reverse password calculation unit is stored in the reverse storage unit instead of the reverse password stored by the reverse storage unit. The key management apparatus according to any one of claims 1 to 3, wherein   The reverse password calculation unit, the old reverse password calculation unit, and the new reverse password calculation unit generate the reverse password by converting the key with a one-way function using the processing device. The key management apparatus according to claim 4. The key management device further includes a password update request input unit, an old password calculation unit, a new password calculation unit, and a password update unit,
The password update request input unit inputs an old management password to be updated and a new management password after the update,
The old password calculation unit calculates a key password based on the old management password input by the password update request input unit using the processing device,
The new password calculation unit calculates a key password based on the new management password input by the password update request input unit using the processing device,
When the key password calculated by the old password calculation unit matches the key password stored by the key storage unit, the password update unit uses the processing device to update the key password stored by the key storage unit. 6. The key management device according to claim 1, wherein the key password calculated by the new password calculation unit is stored in the key storage unit. A key management device according to any one of claims 1 to 6 and an execution device,
The execution device includes an execution storage device that stores data, an execution processing device that processes data, an acquisition request unit, an encryption key storage unit, an encryption processing unit, and an encryption key update unit,
The acquisition request unit acquires the management password using the execution processing device,
The acquisition request input unit inputs the management password acquired by the acquisition request unit using the processing device,
The encryption key storage unit stores the key output by the key output unit using the execution storage device,
The cryptographic processing unit performs cryptographic processing using the key stored in the cryptographic key storage unit using the execution processing device,
The update request input unit inputs the key stored in the encryption key storage unit using the processing device,
The encryption key update unit stores the key output from the update key output unit in the encryption key storage unit using the execution processing device. The execution storage device includes a volatile volatile storage device and a nonvolatile nonvolatile storage device,
The encryption processing unit includes an encryption unit, an encryption storage unit, a decryption unit, an update encryption unit, and an encryption update unit,
The encryption key storage unit stores the keys output by the key output unit and the update key output unit using the volatile storage device,
The encryption unit generates encrypted data by encrypting plaintext data using the key stored in the encryption key storage unit using the execution processing device,
The encryption storage unit stores the encrypted data generated by the encryption unit using the nonvolatile storage device,
The decryption unit uses the execution processing device to decrypt the encrypted data stored in the encryption storage unit using the key stored in the encryption key storage unit to generate restored plaintext data,
The update encryption unit uses the execution processing device to encrypt the restored plaintext data generated by the decryption unit using the key output from the update key output unit to generate update encrypted data,
The encryption update unit uses the execution processing device to store the update encrypted data generated by the update encryption unit in the encryption storage unit instead of the encrypted data stored in the encryption storage unit. The cryptographic processing system according to claim 7, characterized in that:   When executed by a computer having a storage device for storing data and a processing device for processing data, the computer functions as the key management device according to any one of claims 1 to 6. Computer program. In a key management method in which a key management device having a storage device for storing data and a processing device for processing data manages keys,
As a key storage unit, the storage device stores a key used for encryption processing and a key password for accessing the key,
As an acquisition request input unit, the processing device inputs a management password used to manage a key to be acquired
As the key password calculation unit, the processing device calculates a key password based on the management password input by the acquisition request input unit,
When the key password calculated by the key password calculation unit matches the key password stored by the key storage unit,
As the key acquisition unit, the processing device acquires the key stored in the key storage unit,
As the key output unit, the processing device outputs the key acquired by the key acquisition unit,
When the key password calculated by the key password calculation unit does not match the key password stored by the key storage unit,
As a new key generation unit, the processing device generates a key,
As the key storage unit, the storage device stores the key generated by the new key generation unit and the key password calculated by the key password calculation unit,
As the key output unit, the processing device outputs the key generated by the new key generation unit,
As the update request input unit, the processing device inputs a key to be updated,
When the key input by the update request input unit matches the key stored by the key storage unit,
As the update key generation unit, the processing device generates a key,
As the key update unit, the processing device stores the key generated by the update key generation unit in the key storage unit instead of the key stored in the key storage unit,
A key management method, wherein the processing device outputs a key generated by the update key generation unit as an update key output unit.

Images