JP4646691B2 - Encrypted communication system, secret key issuing device, and program - Google Patents

Description

  The present invention relates to an encrypted communication system, a secret key issuing device, and a program, and more particularly, to an encrypted communication system, a secret key issuing device, and a program suitable for encrypted communication using ID-based encryption.

  With the spread of the Internet, information communication such as access to websites and transmission / reception of electronic mail has become widespread. Such information communication is often used for electronic commerce and the like, and information that should be kept secret from third parties such as credit card information and personal information may be transmitted and received via the Internet. Therefore, encrypted communication for concealing transmitted / received information from a third party is important.

  At present, encryption by a public key encryption method is common. The public key encryption method encrypts information with the sender's public key and decrypts it with the receiver's private key. Compared to the common key encryption method that performs encryption and decryption with a common secret key, There is an advantage that it is easy to distribute and manage. However, an electronic certificate for certifying the public key is required, and the expiration date must be managed, which is complicated for the user. Furthermore, it is necessary for the receiver to obtain the sender's public key in advance, which hinders the freedom of information distribution.

  As a method for solving such inconvenience, encrypted communication using ID-based encryption (IBE (Identity Based Encryption)) has been proposed (for example, Patent Document 1). Since ID-based encryption can generate a public key using the recipient's ID information (for example, an e-mail address), it is not necessary to share the public key between the sender and receiver in advance, and it is easier. Encrypted communication can be used. In such ID-based encryption, a third party PKG (Private Key Generator) issues a secret key used for decryption by the receiver.

  As described above, encrypted communication is becoming essential in today's information communication, and it is desired that encrypted communication be widely used by an easy method such as ID-based encryption. In order for ID-based encrypted communication to spread, efficient key issuance by a reliable PKG is required, so it is conceivable that secret key issuance by PKG will be established as a service business. In this case, there is a fee for issuing a secret key by PKG.

  Here, since the billing destination cannot be designated conventionally, the issue fee is charged to the person who requested the secret key. If ID-based encryption is used for transmission / reception of electronic mail, a charge is charged to the recipient of the electronic mail. However, it may be inconvenient if the receiver pays a fee for all encrypted communications. For example, when information is transmitted from a company to a customer, a fee is charged to the customer as a recipient. In such a situation, it is unlikely that the customer will actively decrypt the information until a fee is paid, and the transmitted information may not be used. Therefore, adopting ID-based encryption for information distribution for commercial purposes has few advantages for both the sender and the receiver, and ID-based encrypted communication cannot be actively employed. As a result, ID-based encrypted communication has not been widely used, which has been a factor that hinders the spread of encrypted communication. In addition, charging to an unspecified number of recipients complicates the charging process on the PKG side, which may be an obstacle to efficient service provision by PKG.

Therefore, if a method that does not charge the user, such as toll-free for fixed-line telephone services and reverse charging (free packets) for Internet connection services on mobile phones, can be established with ID-based encryption, It can be expected that the spread will be further promoted.
JP 2005-500740 gazette

  The present invention has been made in view of the above circumstances, and an object thereof is to provide an encrypted communication system, a secret key issuing device, and a program capable of designating a billing destination in ID-based encrypted communication. .

In order to achieve the above object, an encrypted communication system according to the first aspect of the present invention includes:
An encryption communication system configured by a sender terminal, a receiver terminal, and a secret key issuing device connected to each other via a communication network and performing ID-based encrypted communication,
The sender terminal is
Public key generation means for generating a public key using ID information related to a transmission destination and information indicating a charging destination of a private key issue fee;
Encrypted transmission means for encrypting information with the public key generated by the public key generation means and transmitting the information via the communication network, and
The recipient terminal is
Receiving means for receiving information encrypted by the sender terminal via the communication network;
Requests the secret key issuing device to issue a secret key for decrypting the information received by the receiving means via the communication network, and sends the secret key issued in response to the request via the communication network. A secret key acquisition means for acquiring
Decrypting means for decrypting the information received by the receiving means, using the secret key acquired by the secret key acquiring means,
The secret key issuing device
A secret key issuing means for generating a secret key in response to a request from the receiver terminal and transmitting the secret key to the receiver terminal via the communication network;
Charging means for determining a charging destination of the secret key issuing fee based on a public key corresponding to the secret key generated by the secret key issuing means, and performing a charging process to the determined charging destination,
It is characterized by that.

In order to achieve the above object, a secret key issuing apparatus according to the second aspect of the present invention provides:
A secret key issuing device that issues a secret key used for ID-based encrypted communication between a sender terminal and a receiver terminal connected to each other via a communication network ,
A user information database that pre-stores user information related to encrypted communication users;
And ID information about the destination of the encrypted information in the ID-based cryptographic communication, the public key the sender terminal has generated by using the information indicating the charging destination of the secret key issuing rates, said the public key Charging destination determination means for determining a charging destination of a secret key issuance fee based on the public key acquired from the receiver terminal received from the sender terminal ;
It generates a private key used for decoding of the ID-based cryptographic communication, and a secret key issuing means a private key, and issues and transmitted to the receiver terminal performs the decoding thus generated,
A processing history database for recording processing history information indicating a secret key issuing history by the secret key issuing means for each user;
Charging destination specifying means for specifying a user as a charging destination of the secret key issuance fee based on the determination result of the charging destination determination means and the user information stored in the user information database;
Charging information generating means for generating charging information related to charging processing based on user information of the user specified by the charging destination specifying means and processing history information related to the user recorded in the processing history database;
A charging unit for performing a charging process of a secret key issue fee based on the charging information generated by the charging information generating unit;
It is characterized by providing.

In the above secret key issuing device,
Preferably, the billing destination determination means determines whether or not the billing destination designation information for designating a target as a billing destination is included in the ID information that is the generation source of the public key.
If the charging destination information is included, the target indicated by the charging destination designation information is set as the charging destination,
If the billing destination information is not included, it is desirable that the requester for issuing the secret key is the billing destination.

In the above secret key issuing device,
Whether the secret key generating means has altered the information indicating the billing destination by determining whether the generated secret key and the public key are the same based on the bilinear characteristics of Bayer pairing . It is desirable to further include verification means for verifying whether or not, in this case,
It is desirable that the secret key issuing means issues a secret key for encrypted communication verified by the verifying means if it has not been tampered with .

In order to achieve the above object, a program according to the third aspect of the present invention is:
On the computer,
A function for storing parameters related to ID-based encrypted communication in a storage device in advance;
A function of specifying the charging destination of the destination and the secret key issuing rates of the ID-based cryptographic communication to the user,
Generates a character string that is a generation source of a public key used for the ID-based encrypted communication and is used to determine a charging destination at the transmission destination from information indicating a transmission destination and a charging destination designated by the user Function to
Using said parameters generated character string, a function of generating the public key,
A function of encrypting predetermined information using the generated public key;
And predetermined information the encrypted, the character string and the public key generated, a function via a communication network, and transmits to the designated destination,
It is characterized by realizing.

The above program further
In the computer,
A function that allows the user to specify whether or not to charge the private key issuance fee,
A function for generating a public string using the character string and the parameter when generating a character string including ID information indicating the transmission destination when the destination is designated as a billing destination;
When it is specified that a charging destination other than the transmission destination is specified, a character string including ID information indicating the transmission destination and information indicating the charging destination is generated, and the disclosure is performed using the character string and the parameter The ability to generate keys,
It is desirable to realize.

In order to achieve the above object, a program according to the fourth aspect of the present invention is:
On the computer,
A function for storing parameters related to ID-based encrypted communication in a storage device in advance;
And the encrypted information in the ID-based cryptographic communication, a function of the string of a generator of the public key and the public key used in the encryption, receives via the communications network,
A function of determining whether or not the received character string includes information specifying a billing destination of a fee for issuing a secret key used in the ID-based encrypted communication ;
When it is determined that the information specifying the billing destination is included in the character string , a secret key is issued, and the secret key issuing device that charges the billing destination for the fee is issued via the communication network. and the ability to request the issue of the secret key Te,
A function of acquiring a secret key issued in response to the request from the secret key issuing device via the communication network;
A function of decrypting and outputting the encrypted information using the acquired secret key and the parameter;
It is characterized by realizing.

The above program further
In the computer,
A function that allows the user to specify whether or not to request the issuance of a secret key when it is determined that the information specifying the billing destination is not included in the character string;
A function for requesting the secret key issuance device to issue a secret key via the communication network when the user specifies to request issuance of a secret key;
It is desirable to realize.

In order to achieve the above object, a program according to the fifth aspect of the present invention is:
On the computer,
A function of preliminarily storing, in a storage device, user information related to a user of ID-based encrypted communication and parameters related to the ID-based encrypted communication ;
And the encrypted information in the ID-based cryptographic communication, a string of a generator of the public key and the public key used to this encryption, ID information of the receiver for receiving the encrypted information And a function of receiving from the recipient's terminal via a communication network;
Using the received information and the parameter, generate a private key corresponding to the received public key, and use the private key to decrypt the encrypted information to the recipient's terminal to the communication network With the ability to send via
A function of recording processing history information indicating a secret key generation history in the storage device;
A function of determining whether or not the received character string includes charging destination information indicating a charging destination of a secret key issue fee;
A function for identifying a billing destination based on the billing destination information and the user information when the billing destination information is included in the received character string;
A function of specifying a billing destination based on the ID information of the recipient and the user information when the billing destination information is not included in the received character string;
A function for executing a charging process for a secret key issue fee based on the processing history information regarding the specified charging destination and the user information of the charging destination;
It is characterized by realizing.

The above program further
In the computer,
A function to verify whether or not the billing destination information has been tampered with by determining whether or not the generated secret key and the public key are the same based on bilinear characteristics of Bayer pairing ;
A function of issuing the secret key to the recipient when it is verified that the billing destination information is not falsified ;
It is desirable to realize.

  According to the present invention, since a public key for ID-based encryption is generated using a character string including charging destination information, encrypted communication can be performed by arbitrarily specifying a charging destination for generating a secret key. . Thereby, the conventional problem that the receiver automatically becomes the billing destination is solved, and encrypted communication in which the receiver does not bear the fee can be realized. As a result, since ID-based encryption can be actively incorporated in information transmission from a business entity to a customer, the spread of encrypted communication is promoted, and a safer information communication environment can be realized.

  In addition, since the billing destination information is included in the information used to generate the public key, if the billing destination information is falsified, the private key corresponding to the public key cannot be generated and cannot be decrypted. Therefore, by performing verification based on the generated private key and public key, fraud such as forgery or falsification of the billing destination can be detected, and appropriate billing can be performed.

  Embodiments according to the present invention will be described below with reference to the drawings.

  FIG. 1 is a diagram showing a configuration of an encrypted communication system to which the present invention is applied. As illustrated, the encrypted communication system 1 according to the present embodiment includes a secret key issuing device 100 and a terminal device 200 (a sender terminal 200A and a receiver terminal 200B) that are connected to each other via a communication network 10. ). In this configuration, it is assumed that a plurality of sender terminals 200A and a plurality of receiver terminals 200B exist.

By such a system, information is transmitted from the sender terminal 200A to the receiver terminal 200B. In the present embodiment, it is assumed that an e-mail is transmitted from sender terminal 200A to receiver terminal 200B. Here, in the present embodiment, for example, business entities such as companies are senders of e-mails, and customers (including potential customers) of these business entities are receivers. Then, commercial information is transmitted from each business entity to the customer (for example, direct mail or information transmission associated with electronic commerce). Therefore, the sender terminal 200A according to the present embodiment is a terminal device used by a business entity that performs information transmission, and the receiver terminal 200B is a terminal device used in a general home, for example. Hereinafter, an unspecified number of the transmitting side is called the entity X _A, one of them called entity A. Further, an unspecified number of recipient called entity X _B, one of them called entity B.

  In the present embodiment, information to be transmitted from sender terminal 200A to receiver terminal 200B is encrypted by ID-based encryption (IBE (Identity Based Encryption)). This ID-based encryption is a kind of public key encryption method that encrypts with a public key and decrypts with a private key, and generates a public key from an arbitrary character string (for example, an e-mail address of a recipient). It is characterized by that. Then, the recipient who has received the information encrypted with the public key acquires the secret key from the private key generator (PKG) and decrypts the received information. In other words, an arbitrary character string indicating the recipient's ID information and the like can be used as a public key, so that the public key is exchanged and managed between the sender and the receiver, which is required in the conventional public key encryption method, and digital certification. Certificate creation and update, CRL (Certificate Revocation List) management, etc. are not required, and encrypted communication can be realized more easily.

In the present embodiment, the secret key generation apparatus 100 (PKG) generates and provides a secret key required for such ID-based encryption. Here, the secret key issuing device 100 is operated by a service provider (hereinafter referred to as “entity C”) that provides a secret key issuing service. The entity C provides a secret key issuance service necessary for ID-based encrypted communication between the entity X _A and the entity X _B registered in advance, and the user is charged a fee for issuing the secret key. Service charges are obtained by charging

In order to perform such ID-based encrypted communication, in the present embodiment, it is assumed that a program for performing encrypted communication using the ID-based encryption of this system is applied in advance to each terminal device 200. In this embodiment, since ID-based encryption is applied to transmission / reception of electronic mail, this program is an electronic mail transmission / reception program (so-called “mailer”). This mailer program is distributed from entity C (secret key issuing device 100) to entity X _A (sender terminal 200A) and entity X _B (receiver terminal 200B), and entity C (secret key issuing device 100). It is assumed that parameters, functions, and the like necessary for the ID-based encrypted communication generated by the above are included in the program in advance. Thereby, information necessary for ID-based encryption is shared between the entities. Note that such a mailer program is distributed in response to, for example, the entity X _A and X _B registering with the entity C as a user. In this case, the user ID of the user and identification information (program ID) uniquely assigned to the mailer program are incorporated into each mailer program and distributed. In addition, information (for example, a name) indicating the registered billing destination is incorporated in the mailer program distributed to the user registered as the billing destination.

  A terminal device 200 to which the mailer program according to the present embodiment is applied will be described. The terminal device 200 according to the present embodiment is configured from a general-purpose computer device such as a personal computer, for example, and has a configuration connectable to the communication network 10. The communication network 10 in the present embodiment is, for example, the Internet. In this case, the mailer program applied to each terminal device 200 transmits and receives electronic mail via the communication network 10 based on a protocol such as POP (Post Office Protocol) or SMTP (Simple Mail Transfer Protocol). Do it.

  Next, the configuration of the terminal device 200 according to the present embodiment will be described with reference to FIG. FIG. 2 is a block diagram illustrating a configuration of the terminal device 200. As illustrated, the terminal apparatus 200 includes a control unit 210, a communication control unit 220, an input control unit 230, an output control unit 240, a program storage unit 250, a storage unit 260, and the like.

  The control unit 210 includes, for example, a CPU (Central Processing Unit) and the like, and controls each unit of the terminal device 200 and executes a program stored in the program storage unit 250 to perform communication. In cooperation with the control unit 220, the input control unit 230, the output control unit 240, and the storage unit 260, each process described later is realized. Details of the function of the control unit 210 realized by executing the program will be described later.

  The communication control unit 220 includes a communication device such as a NIC (Network Interface Card) or a modem, for example, and connects the terminal device 200 and the communication network 10 to communicate between the terminal devices 200 and the secret key issuing device 100. Do it.

  The input control unit 230 connects an input device 23 such as a keyboard and a pointing device, for example, and inputs an input signal corresponding to a user operation to the control unit 210.

  For example, the output control unit 240 connects the output device 24 such as a display or a printer, and outputs the processing result of the control unit 210 to the output device 24.

  The program storage unit 250 includes a storage device such as a hard disk device, for example, and stores a program executed by the control unit 210. The program storage unit 250 stores a program for realizing each function described later by the control unit 210. That is, in the present embodiment, the mailer program described above is stored in the program storage unit 250. The control unit 210 also stores a program for controlling the communication control unit 220, the input control unit 230, the output control unit 240, and the storage unit 260. That is, when the control unit 210 executes each program stored in the program storage unit 250, each process described later is realized as the terminal device 200 as a whole.

  The storage unit 260 is composed of, for example, a storage device such as a hard disk device, and records various information necessary for realizing each processing according to the present embodiment. In the present embodiment, parameters and functions incorporated in the distributed mailer program are stored in the storage unit 260, and a history of transmitted and received e-mails and address book information are recorded.

  Here, the function of the control unit 210 realized by executing the program stored in the program storage unit 250 will be described. In the present embodiment, the control unit 210 causes the terminal device 200 to function as the sender terminal 200A or the receiver terminal 200B by executing the above-described mailer program or the like. In this case, the function realized by the control unit 210 differs between the sender terminal 200A and the receiver terminal 200B. Hereinafter, the function of the control unit 210 will be described separately for a case where the terminal device 200 functions as the sender terminal 200A and a case where the terminal device 200 functions as the receiver terminal 200B.

  First, a case where the terminal device 200 functions as the sender terminal 200A will be described. In this case, by executing a mailer program stored in the program storage unit 250, the control unit 210 functions as a configuration shown in FIG. That is, the control unit 210 functions as an interface processing unit 211A, a public key generation unit 212A, an encryption unit 213A, and a transmission processing unit 214A.

  The interface processing unit 211A performs processing related to a user interface when transmitting an e-mail from the sender terminal 200A. That is, in cooperation with the output control unit 240, a screen for inputting a transmission destination and a text of an electronic mail to be transmitted is generated and output as a user interface to the output device 24 such as a display. In addition, in cooperation with the input control unit 230, an input corresponding to the operation of the input device 23 by the user is received.

The public key generation unit 212A generates a public key used for encrypting an electronic mail to be transmitted. In this embodiment, since ID-based encryption is employed, a public key using an arbitrary character string is generated. In the present embodiment, for example, a character string (hereinafter referred to as “ID _XB ”) that combines the ID information of the entity X _B that is the receiver and the information indicating the billing destination of the secret key issuance fee is disclosed as the generation source. Generate a key. In this case, a description format of ID _XB , which is a public key generation source, is set in advance. In this embodiment, for example, a string using the information indicating the charging destination e-mail address of the entity X _B at a predetermined format. For example, when the e-mail address of entity B as the recipient is “B@**.com” and entity A as the sender is the billing destination, for example, the character string “B @ **. Com: pay = Entity A ”is ID information ID _B for entity B. Here, “:” and “pay =” are format information. In this case, “:” represents a delimiter between information indicating the recipient and information indicating the billing destination, and “pay =” represents that the subsequent information is information indicating the billing destination. It is assumed that such a format is set by the entity C and incorporated in the mailer program to be distributed.

The encryption unit 213A encrypts information to be transmitted using the public key generated by the public key generation unit 212A. In the present embodiment, it is assumed that the text of the electronic mail input by the sender (entity X _A ) is encrypted.

The transmission processing unit 214A cooperates with the communication control unit 220 to send the e-mail encrypted by the encryption unit 213A to a destination specified via the communication network 10 (that is, the recipient terminal of the entity X _B ). 200B). At this time, the transmission processing unit 214A transmits a predetermined parameter or the like calculated in the process of generating the public key by the public key generation unit 212A, for example, by adding it to an email header or the like.

  Next, a case where the terminal device 200 functions as the recipient terminal 200B will be described. In this case, by executing a mailer program or the like stored in the program storage unit 250, the control unit 210 functions as a configuration as shown in FIG. That is, the control unit 210 functions as a reception processing unit 211B, an attribute determination unit 212B, a secret key request unit 213B, a secret key acquisition unit 214B, a decryption unit 215B, and an interface processing unit 216B.

  The reception processing unit 211B receives information such as an e-mail transmitted from the sender terminal 200A via the communication network 10 in cooperation with the communication control unit 220. In addition, the received information is stored in the storage unit 260 in cooperation with the storage unit 260.

  The attribute determination unit 212B determines the attribute of the received e-mail based on the information added by the sender terminal 200A included in the received e-mail. In the present embodiment, attributes such as whether or not the received electronic mail is encrypted, and if encrypted, whether or not a billing destination for the secret key issuance fee is specified are determined.

  The secret key requesting unit 213B requests the secret key issuing device 100 to generate a secret key when the attribute determining unit 212B determines that the received e-mail is encrypted. In this case, the secret key request unit 213B cooperates with the communication control unit 220 to recognize the public key recognized by the attribute determination unit 212B, the predetermined parameter distributed in advance from the secret key issuing device 100, and the entity B ID information (e-mail address) and the like are transmitted to the secret key issuing device 100 via the communication network 10 to request the issuance of a secret key. In this case, parameters, ID information, and the like are acquired from the storage unit 260.

  The secret key acquisition unit 214B receives and acquires the secret key transmitted by the secret key issuing device 100 via the communication network 10 in cooperation with the communication control unit 220.

  The decryption unit 215B decrypts the received e-mail using the secret key acquired from the secret key issuing device 100 by the secret key acquisition unit 214B.

  The interface processing unit 216B performs a process related to a user interface when an e-mail is received by the recipient terminal 200B. That is, in cooperation with the output control unit 240, a screen for displaying the received e-mail and requesting the secret key issuing device 100 to generate a secret key is generated and output to the output device 24 such as a display as a user interface. To do. In this case, the information decoded by the decoding unit 215B is output to the output device 24 such as a display. In addition, in cooperation with the input control unit 230, an input corresponding to the operation of the input device 23 by the user is received.

  In the present embodiment, each function described above is realized by executing a program. For example, transmission is performed by hardware (for example, an ASIC (Application Specific Integrated Circuit)) that executes these functions. The receiver terminal 200A or the receiver terminal 200B may be configured.

  Next, the secret key issuing device 100 will be described. The secret key issuing device 100 is composed of an information processing device such as a mainframe or a workstation, for example. A configuration of such a secret key issuing device 100 is shown in FIG. FIG. 5 is a block diagram illustrating a configuration of the secret key issuing apparatus 100 according to the present embodiment.

  As illustrated, the secret key issuing device 100 includes a control unit 110, a communication control unit 120, an input control unit 130, an output control unit 140, a program storage unit 150, a storage unit 160, and the like.

  The control unit 110 includes, for example, a CPU (Central Processing Unit) and the like, and controls each unit of the secret key issuing device 100 and executes a program stored in the program storage unit 150. The communication control unit 120, the input control unit 130, the output control unit 140, and the storage unit 160 cooperate to implement each process described later. Details of the function of the control unit 110 realized by executing the program will be described later.

  The communication control unit 120 is constituted by a communication device such as a NIC (Network Interface Card) or a modem, for example, and connects the secret key issuing device 100 and the communication network 10 to communicate with the terminal device 200. Further, for example, an information processing apparatus (for example, an accounting system) that cooperates with the secret key issuing apparatus 100 in the entity C by connecting a LAN (Local Area Network) and the secret key issuing apparatus 100 To communicate.

  The input control unit 130 connects an input device 13 such as a keyboard or a pointing device, for example, and inputs an input signal according to a user operation to the control unit 110.

  For example, the output control unit 140 connects the output device 14 such as a display or a printer, and outputs the processing result of the control unit 110 to the output device 14.

  The program storage unit 150 includes a storage device such as a hard disk device, for example, and stores a program executed by the control unit 110. The program storage unit 150 stores a program for realizing each function described later by the control unit 110. The control unit 110 also stores programs for controlling the communication control unit 120, the input control unit 130, the output control unit 140, and the storage unit 160. That is, when the control unit 110 executes each program stored in the program storage unit 150, each process described later is realized as the entire secret key issuing device 100.

  The storage unit 160 is configured by a storage device such as a hard disk device, for example, and records various information necessary for realizing each process according to the present embodiment. In the present embodiment, a database (DB) as shown in FIG. As shown in the figure, the storage unit 160 includes databases such as a user information DB 161, a charging destination information DB 162, a processing history DB 163, and a charging information DB 164. Each database will be described below.

The user information DB 161 stores information related to users (that is, the entities X _A and X _B ) registered in the secret key issuing device 100 for encrypted communication using this system. An example of information recorded in the user information DB 161 is shown in FIG. As shown in the figure, in the user information DB 161, a record is created with identification information (user ID) uniquely assigned to each user by the entity C as a primary key. Each record records ID information of the user such as an e-mail address, and identification information (program ID) uniquely assigned to the mailer program distributed to the user, as well as attribute information (name of the user) , Name, user classification (by corporate user or individual user), location, telephone number, etc. are recorded.

  The billing destination information DB 162 stores information related to the billing destination of the private key issuing service fee of this system. An example of information recorded in the billing destination information DB 162 is shown in FIG. As shown in the figure, in the charging destination information DB 162, a record is created with information (charging destination ID) uniquely indicating the charging destination as a main key. In the present embodiment, among users registered in the user information DB 161, information related to users registered as billing destinations is recorded in the billing destination information DB 162. Therefore, the user ID of the user designated as the billing destination among the user IDs recorded in the user information DB 161 is used as the billing destination ID serving as the main key of the billing destination information DB 162. Each record includes attribute information (name, department in charge, person in charge, etc.), contact information (e-mail address, telephone number, location, etc.), and detailed information on billing to the account (with a deadline). Information, information indicating a deposit method, etc.) are recorded.

The processing history DB 163 stores information indicating a history of processing relating to the secret key issuing service performed by the secret key issuing device 100. In the present embodiment, it accumulates the history of the generation and issuance process of the private key entity X _B requires a processing history information. An example of information recorded in the processing history DB 163 is shown in FIG. As shown in the figure, in the processing history DB 163, a record is created with identification information (processing ID) uniquely assigned for each secret key issuing process as a primary key. Each record includes information indicating the date and time when the private key generation request is received (request date and time), ID information (requester ID) indicating the entity X _B that has requested the generation of the private key, and is added to the target e-mail. Additional information (additional information), information indicating the provision date and time of the secret key (issue date and time), and the like are recorded.

  The charging information DB 164 stores information related to charging related to the issuance of a secret key. An example of information recorded in the billing information DB 164 is shown in FIG. Here, a table is created for each billing destination user registered in the billing destination information DB 162. As shown in the figure, in each table, a record is created with identification information (processing ID) uniquely indicating a process to be charged as a main key. Here, of the process histories recorded in the process history DB 163, the process that is the corresponding billing destination is extracted and recorded. Therefore, the process ID that is the primary key of the charging information DB 164 is the process ID extracted based on the charging destination among the process IDs recorded in the process history DB 163. Each record includes information (issue date) indicating the issuance date / time of the private key by the process, ID information (receiver) of the recipient of the e-mail subject to charge, and information (charge date / time) indicating the execution date / time of the charge process. ), Etc. are recorded.

  In addition to this, the storage unit 160 in which such a database is configured is also used as a storage area (work area) for temporarily or permanently storing acquired information, calculation results being processed, and the like. In the present embodiment, it is assumed that parameters, functions, and the like necessary for ID-based encryption are stored in the storage unit 160 in advance. Further, it is assumed that a mailer program distributed to each registered entity is also stored in the storage unit 160. The storage device that constitutes the program storage unit 150 and the storage unit 160 is not limited to a hard disk device. For example, a random access memory (RAM), a read only memory (ROM), an electrically erasable programmable ROM (EEPROM), various recording media ( CD-ROM, DVD, etc.) are included as necessary.

  Here, functions realized by the control unit 110 will be described. The control unit 110 functions as an information reception unit 111, an authentication unit 112, an encryption processing unit 113, a charging processing unit 114, and the like as illustrated in FIG. 10 by executing a program stored in the program storage unit 150. To do.

  The information reception unit 111 receives information transmitted from the terminal device 200 via the communication network 10 in cooperation with the communication control unit 120. In the present embodiment, in particular, information related to a secret key issue request from recipient terminal 200B is received and accepted.

Authentication unit 112 performs authentication of the entity X _B which was subjected to issue request of the private key. In this case, the authentication unit 112, for example, a public key provided from the receiving terminal 200B and the entity X _B, based on such predetermined parameters or program ID that is distributed in advance entity X _B, is the entity X _B, It is authenticated whether the user is registered in the secret key issuing device 100.

  The cryptographic processing unit 113 performs processing necessary for ID-based encrypted communication used in this system. Here, the cryptographic processing unit 113 further has a functional configuration as shown in FIG. That is, the encryption processing unit 113 has functional configurations such as a setup processing unit 113a and a secret key generation unit 113b.

  The setup processing unit 113a sets various parameters and definitions necessary for encrypted communication between entities. In the present embodiment, for example, in addition to defining functions for calculating various parameters necessary for the encryption process, public parameters shared by each entity, parameters specific to the entity C, and the like are calculated.

The secret key generation unit 113b generates a secret key for decrypting information (e-mail) encrypted with the public key generated by the sender terminal 200A of the entity X _A , and receives the entity terminal _B of the entity X _B. To provide. In the present embodiment, the secret key generation unit 113b generates a secret key in response to a request from the recipient terminal 200B, and the secret key generated via the communication network 10 is generated in cooperation with the communication control unit 120. It transmits to the recipient terminal 200B.

The billing processing unit 114 performs billing processing for a fee related to the secret key issuing service. As described above, the entity C according to the present embodiment provides a secret key issuance service necessary for decrypting information encrypted with ID-based encryption, and charges the user for this service fee. Get. Therefore, a billing process occurs each time a secret key is generated / provided by the secret key generation unit 113b. In this case, the billing processing unit 114 identifies a charging destination based on the public key provided from the entity X _B at the request of the private key generation. That is, in this embodiment, as described above, since the public key is generated using the ID _XB including the information indicating the charging destination, the information indicating the charging destination is acquired based on the public key. be able to. The entity C charges the generation fee of the secret key to the charging destination specified in this way.

  In order to perform such an operation, the billing processing unit 114 has a functional configuration as shown in FIG. That is, the billing processing unit 114 has a functional configuration such as a billing destination specifying unit 114a, a billing information generation unit 114b, and a billing execution unit 114c.

The billing destination specifying unit 114a specifies the billing destination based on the ID _XB that is the generation source of the public key used for the encrypted communication corresponding to the target secret key issuing process.

  The billing information generation unit 114b generates billing information by recording information on the billing target process recorded in the processing history DB 163 in the specified billing destination table in the billing information DB 164.

  The billing execution unit 114c checks the billing information recorded in the billing information DB 164 every predetermined period, and outputs information that has not been billed. In the present embodiment, it is assumed that a system (hereinafter referred to as “accounting system”) that performs accounting processing or the like in entity C and a secret key issuing device 100 are connected via a communication control unit 120, and a charging execution unit 114 c outputs billing information to an accounting system or the like connected to the secret key issuing device 100.

  In the present embodiment, the control unit 110 executes a program to function as each of the above-described components by software processing. However, any or all of these configurations may be, for example, an ASIC (Application Specific Integrated Circuit) It may be configured by hardware such as an integrated circuit for use).

  An example of the operation of the encrypted communication system 1 configured as described above will be described below. As described above, in the present embodiment, encrypted communication using the public key encryption method is performed. However, any key generation method and encryption / decryption method may be employed. In the present embodiment, an example in which a key generation method using Beil Pairing on an elliptic curve is applied will be described below. In this case, the following setup process is performed in the entity C.

In the case of generating a key using Beuille pairing on an elliptic curve, in the secret key issuing device 100 of the entity C, an elliptic curve E in a finite field is set by the setup processing unit 113a, and on the elliptic curve E Set the Beuille pairing algorithm e (,). In addition, a one-way function h (x) for converting the character string into a point on the elliptic curve E is set. These algorithms are published as an entity C public algorithm. That is distributed incorporated into mailer program entity X _A and X _B.

The setup processing unit 113a further calculates system parameters. Here, first, the secret information S _C of the entity _C and the point P (x _p , y _p ) on the elliptic curve are set by generating a random number. Then, the setup processing unit 113a calculates S _C · P obtained by multiplying the secret information S _C and the point P. Points P and S _C · P are published as public parameters of entity C. That is distributed incorporated into mailer program entity X _A and X _B.

  An operation in the case where an e-mail is transmitted from the sender terminal 200A of the entity A to the receiver terminal 200B of the entity B after the above setup is performed in advance will be described below. Here, it is assumed that both the entity A and the entity B are registered in advance in the user information DB 161 of the secret key issuing device 100, and the entity A is registered in advance in the billing destination information DB 162.

  First, “transmission processing” when transmitting an e-mail from the sender terminal 200A of the entity A will be described with reference to the flowchart shown in FIG. This “transmission process” is started when the mailer program distributed from the entity C is executed by the sender terminal 200A of the entity A, and an electronic mail transmission is instructed by the mailer.

  When the processing is started, the interface processing unit 211A generates an e-mail transmission screen and outputs it to the output device 24 such as a display (step S101). A display example of the transmission screen in this case is shown in FIG. As shown in the figure, the send screen has an area for entering the destination (destination), subject, and text as well as a general email send screen, and send the created email. A button for instructing is arranged. In the present embodiment, it is assumed that a send button SB1 for instructing to send the created electronic mail encrypted and a send button SB2 for instructing to send it without encryption are prepared. .

  The user of the entity A operates the input device 23 to input a transmission destination, a subject, a body text, and the like, and selects either the transmission button SB1 or SB2 to instruct transmission of the created e-mail. To do. In this case, information indicating which of the selected transmission buttons is input to the control unit 210 by the input control unit 230.

  The interface processing unit 211A determines whether or not the encrypted transmission is selected based on the input from the input control unit 230 (step S102). If it is determined that encrypted transmission is selected (step S102: Yes), a “public key generation process” for generating a public key used for encryption is executed (step S200). This “public key generation process” will be described with reference to the flowchart shown in FIG.

  When the process is started, the interface processing unit 211A notifies the public key generation unit 212A of ID information (e-mail address) indicating the transmission destination input on the transmission screen. As a result, the public key generation unit 212A obtains an e-mail address that is ID information of the transmission destination (step S201). The interface processing unit 211A generates a “billing destination designation screen” for allowing the user to designate either a sender or a recipient as a billing destination for a fee for issuing a secret key for encrypted communication. It outputs to the output device 24 (step S202). A display example of the billing destination designation screen is shown in FIG. As shown in the figure, for example, an item selection object such as a radio button is arranged to generate and display a screen that allows the user to select whether to designate the sender as the billing destination or the recipient as the billing destination. Is done.

  The user operates the input device 23, selects a desired option, and selects a button for instructing confirmation of the selection contents. In this case, the input control unit 230 inputs information indicating which option has been selected to the control unit 210.

  Based on the input from the input control unit 230, the interface processing unit 211A determines whether the specified billing destination is a sender or a receiver (step S203).

  When the sender is designated as the billing destination (step S203: Yes), the interface processing unit 211A notifies the public key generation unit 212A of information indicating that the sender is designated. In this case, the public key generation unit 212A acquires, from the storage unit 260, information indicating the entity A incorporated in the mailer program (in this case, the name of the entity A) as charging destination information indicating the charging destination. (Step S204).

The public key generation unit 212A generates a character string as a public key generation source based on the information notified from the interface processing unit 211A and the information acquired from the storage unit 260 (step S205). That is, when the recipient is designated as the billing destination, the destination e-mail address acquired in step S201 is set as the public key generation source. On the other hand, when the sender is designated as the billing destination, a character string is generated by combining the destination email address acquired in step S201 and the billing destination information acquired in step S204 in a predetermined format. The character string generated here is assumed to be ID information ID _{B of} entity B which is a transmission destination.

Next, the public key generation unit 212A generates a public key using the ID _B generated in step S205 (step S206), and ends the “public key generation process”. Here, ID _B is hashed with a one-way function h (x) distributed in advance by being incorporated in the mailer program, and calculated as a point H _A (x _ha , y _ha ) on the elliptic curve E. In addition, the public key generation unit 212A generates a random number as the secret information S _A of the entity A. Then, it calculates the S _A · H _A multiplied by the secret information S _A and H _A. Further, the public key generation unit 212A calculates the public parameter S _C · P distributed from the entity C in advance and the calculated S _A · H _A by the Bayer pairing algorithm e (,), thereby obtaining the public key K Generate _A. That is, to calculate the public key K _A as shown in Equation 1.

(Equation 1)
K _A = (S _A・ H _A , S _C・ P)

When the public key is generated, the public key generation unit 212A calculates S _A · P obtained by multiplying the secret information S _A of the entity _A and the point P on the elliptic curve distributed in advance. Public key generation unit 212A the generated public key K _A and notifies the encryption unit 213A, and notifies the calculated and ID _B generated by S _A · P and step S205 to the transmission processing unit 214A. Then, the “public key generation process” ends, and the process returns to the “transmission process” flow shown in FIG.

In the “transmission process”, the encryption unit 213A encrypts the e-mail text using the public key generated in the “public key generation process” (step S103). Here, the public key generation unit 212A message m (in this case, e-mail text to be transmitted) with the public key K _A which is generated by encrypting the, this is the EK [m]. A method of encrypting a message m with the public key K _A is arbitrary, it is possible to use an encryption method of a known public key cryptography.

The encryption unit 213A sends the encrypted EK [m] to the transmission processing unit 214A. The transmission processing unit 214A sends the S _A / P and ID _B and public key K _A (hereinafter referred to as “additional information”) notified from the public key generation unit 212A to an electronic mail having the encrypted EK [m] as a body. To the entity B that is the designated transmission destination (step S104), and the “transmission process” is terminated. Note that the additional information is added invisible to the user.

  If encrypted transmission is not selected (step S102: No), the text input on the transmission screen is transmitted as plain text (step S104).

  Next, referring to the flowchart shown in FIG. 15, the “reception process” when the e-mail transmitted from the sender terminal 200A of the entity A by the “transmission process” is received by the receiver terminal 200B of the entity B is referred to. I will explain. This “reception process” is started when the reception processing unit 211B receives an email at the recipient terminal 200B (entity B) in which the mailer program according to the present embodiment is executed.

  When the electronic mail transmitted from the entity A is received, the attribute determination unit 212B acquires additional information of the received electronic mail. The attribute determination unit 212B determines the attribute of the received electronic mail based on the acquired additional information. The attribute determination unit 212B first determines whether or not the received electronic mail is encrypted based on whether or not the additional information includes a public key (step S301).

When the received e-mail is encrypted (step S301: Yes), the attribute determination unit 212B determines whether the charging destination of the private key issue fee is the transmission destination based on the ID _B format of the additional information. Is determined (step S302). As described above, the ID _B that is the public key generation source describes information indicating the charging destination based on a predetermined format. Therefore, the attribute determination unit 212B determines that the charging destination is based on this format. It can be determined whether or not it is specified.

Here, when the sender designates the billing destination, information indicating the billing destination is included in ID _B. However, when the sender does not designate the billing destination, ID _B contains Only the ID information (e-mail address) of the entity B that is the transmission destination is included. In the present embodiment, when the billing destination is not specified by the sender, the billing destination for the secret key issue fee is set as the recipient of the e-mail (that is, entity B).

When the information indicating the billing destination is not included in the ID _B included in the additional information and the entity B as the receiver is the billing destination (step S302: Yes), the attribute determination unit 212B This is notified to the interface processing unit 216B. In response to the notification from the attribute determination unit 212B, the interface processing unit 216B generates a “secret key issuance confirmation screen” that inquires the user whether to request issuance of a secret key necessary for decrypting the e-mail, The data is output to the output device 24 such as a display (step S303). A display example of the secret key issuance confirmation screen is shown in FIG. As shown in the figure, the private key issuance confirmation screen shows that the received e-mail is encrypted, that it is necessary to issue a private key to decrypt the e-mail, and that the private key is issued. A message is displayed indicating that the receiver (entity B) will be charged for the fee, and buttons for specifying whether or not to request the issuance of a private key ("Request", "Do not request""), Etc. are arranged.

  The user of the entity B operates the input device 23 and selects one of the buttons to instruct whether or not a secret key is issued. The interface processing unit 216B recognizes which button has been selected in cooperation with the input control unit 230, and determines whether or not the user has instructed a request for issuing a secret key (step S304).

  If the user does not instruct the private key issuance request (step S304: No), the "reception process" is terminated as it is. In this case, the received e-mail is not decrypted.

  On the other hand, when the user instructs a private key issuance request (step S304: Yes), the interface processing unit 216B notifies the private key requesting unit 213B that the issuance request has been instructed via the attribute determining unit 212B. .

As described above, when the user approves that the receiver (entity B) is charged for the secret key issuance fee, or when the charging destination is specified in the received e-mail (step S302: No), The secret key request unit 213B cooperates with the communication control unit 220 to request the secret key issuing device 100 to issue a secret key via the communication network 10 (step S305). In this case, the secret key request unit 213B acquires the program ID and user ID incorporated in the mailer program. Then, the acquired information, additional information of the received e-mail (that is, public key K _A , ID _B , and S _A · P), the e-mail address of the entity B (hereinafter, “secret key request information”). ”) To the secret key issuing device 100.

  The secret key issuing apparatus 100 receives the secret key request information transmitted by the entity terminal B receiver terminal 200B, and authenticates the entity B based on the received secret key request information. When entity B is authenticated, a secret key is generated based on the secret key request information. The private key issuing device 100 transmits a part of the generated private key to the recipient terminal 200B of the entity B via the communication network 10. Details of the secret key issuing operation by the secret key issuing device 100 will be described later.

When the secret key issuing apparatus 100 transmits a part of the secret key (hereinafter referred to as “secret key K _B0 ”) to the entity B, the secret key acquiring unit 214B cooperates with the communication control unit 220 to allow the secret key K _B0 to be transmitted. Is acquired (step S306). Here, the secret key acquisition unit 214B decrypts EK [m] of the received e-mail using the acquired secret key K _B0 and S _A · P included in the additional information of the received e-mail. to generate a secret key K _B for. Here, the secret key K _B0 provided by the secret key issuing device 100 is an ellipse obtained by hashing the secret information S _C of the entity C and the ID _B that is the generation source of the public key with a one-way function h (x). It is assumed that S _C · H _C multiplied by a point H _C on the curve E (details will be described later). In this case, the secret key acquisition unit 214B uses the secret key K _B0 provided from the secret key issuing device 100 and S _A · P included in the additional information of the received e-mail, and uses e (,, by calculating in), to generate a secret key K _B. In this case, the secret key K _B for decrypting EK [m] (the e-mail body) encrypted with the public key K _A is obtained by calculating the following formula 2.

(Equation 2)
K _B = (K _B0 , S _A・ P) = (S _C・ H _C , S _A・ P)

Here, the one-way function h (x) for hashing the generation source ID _B on the elliptic curve E is a public algorithm shared by each entity. Therefore, H _A calculated by the entity A and H _C calculated by the entity C have the same value. Therefore, the secret key K _B shown in Equation 2 can be expressed as shown in Formula 3.

(Equation 3)
K _B = (K _B0 , S _A・ P) = (S _C・ H _A , S _A・ P)

  Here, the key generation by the Bayeux pairing uses the bilinear characteristic shown in the following equation (4).

(Equation 4)
(a ・ X, b ・ Y) = (b ・ X, a ・ X)

Since the public key K _A shown in Equation 1 and the secret key K _B shown in Equation 3 apply to the bilinear characteristics in the above-mentioned Bayer pairing, the secret key K _B generated by the secret key acquisition unit 214B, and the entity it comes to same as the public key K _a sender terminal 200A of a was formed. Therefore, it is possible to decode the EK [m] by the private key K _B.

Thus the private key K _B in the generated, the decoding unit 215B, using the generated secret key K _B, decrypts the EK [m] is the received electronic mail text (Step S307). Here, the method of decrypting the ciphertext with the secret key is arbitrary, and a decryption method corresponding to the encryption method in entity A can be used.

  When the text of the received electronic mail is decrypted, the interface processing unit 216B outputs the decrypted information to the output device 24 such as a display (step S308), and the process is terminated. Thereby, the user of the entity B can recognize the text of the electronic mail transmitted from the entity A. If the received e-mail is not encrypted (step S301: No), the interface processing unit 216B outputs the received information to the output device 24 such as a display (step S308), and ends the process. .

  Here, the “secret key issuing process” executed by the secret key issuing device 100 in response to a request from the entity B will be described with reference to the flowchart shown in FIG. This “secret key issuance process” is started when the private key request information transmitted by the recipient terminal 200B in step S305 of the “reception process” is received. That is, when the communication control unit 120 receives the secret key request information via the communication network 10, the process starts when the received secret key request information is input to the control unit 110 and received by the information receiving unit 111. Is done.

  When the process is started, the authentication unit 112 authenticates the entity B that has requested the issuance of a secret key (step S401). Here, by comparing the user ID and program ID of the entity B and the electronic mail address of the entity B included in the secret key request information with the user information stored in the user information DB 161, the entity B Authenticates whether the user can use the encrypted communication provided by this system. Further, based on the additional information of the electronic mail received by the entity B, the sender (entity A) of the electronic mail is also authenticated.

  When the sender / receiver is authenticated (step S402: Yes), the authentication unit 112 acquires a new process ID indicating the secret key issuance process and creates a new record with the process ID as a primary key in the process history DB 163. The information acquired from the entity B is recorded (step S403). Here, based on the received secret key request information, information indicating the requested entity B (for example, an e-mail address) is recorded in the “requester” column, and the reception date / time of the secret key request information is recorded in the “request date / time” column. The additional information included in the secret key request information is recorded in the “additional information” column. Then, based on the additional information recorded in the processing history DB 163, the secret key generation unit 113b generates a secret key (step S404).

Here, a secret key is generated using ID _B and S _A · P included in the additional information. In this case, the secret key generation unit 113b hashes ID _B to a point H _C on the elliptic curve E with h (x) of the public algorithm. The secret key generation unit 113b multiplies S _C and H _C which are the secret information of the entity C, and uses S _C · H _C obtained thereby and S _A · P included in the additional information, A secret key is generated by calculating with e (,) which is a public algorithm. That is, the secret key K _B shown by the number 2 is generated.

After generating the secret key K _B, the secret key generating unit 113b, based on bilinear characteristics of Weil pairing described above, the secret key K _B that generated, and the public key K _A, which is included in the additional information same It is verified whether or not the encryption process for the electronic mail received by the entity B is appropriate (step S405). That is, for example, the ID _B that is generated by the entity A, if the entity B are different and ID _B that is provided during a secret key request, and the secret key K _B generated secret key generation unit 113b, which is generated by the entity A It will not match the public key K _A. Thereby, for example, when the billing destination designated by the sender is falsified, this can be detected.

If the secret key K _B and the public key K _A which generated is validated with the same and are proper encryption process (step S406: Yes), the secret key generating unit 113b is the secret information entity C S transmitting and _C, and the ID _B h a S _C · H _C obtained by multiplying the H _C that hash (x), as a secret key K _B0 which is part of the secret key K _B, the receiver terminal 200B of the entity B (Step S407). In this case, the secret key generation unit 113b cooperates with the communication control unit 120 to transmit the secret key K _B0 to the recipient terminal 200B of the entity B via the communication network 10.

Here, the secret key K _B0 is transmitted from the entity C to the entity B in a secure manner. In the present embodiment, since the entity B is a user registered in the entity C, the private key of the entity B used between the entity C and the entity B can be prepared in advance. In this case, for example, the user ID assigned to each user by the entity C can be kept secret except for the entity C, whereby the user ID can be used as the user's secret key. Then, the private key K _B0 may be encrypted and sent by a public key encryption method with the entity C as the sender and the entity B as the receiver.

On the other hand, if the private key K _B and the public key K _A which generated are not identical, but are not verified as proper encryption process (step S406: No), it ends the "private key issuing process". That is, no secret key is issued to entity B. In this case, information indicating that the encrypted communication related to the email received by the entity B is not appropriate may be transmitted to the entity B. In the entity B, for example, based on this information, the receiver terminal 200B displays that fact and notifies the user, and ends the reception process. As a result, transmission / reception of an electronic mail whose encryption processing is not appropriate is not established.

When the secret key K _B0 is transmitted to the entity B, the secret key generation unit 113b accesses the processing history DB 163 and records the date and time when the secret key K _B0 is transmitted to the entity B in the “issue history” column. That is, the process history information related to the issuance of the secret key is recorded in the process history DB 163 (step S408).

  When the processing history information is recorded, the secret key generation unit 113b notifies the charging processing unit 114 that the secret key issuance processing is completed (step S409), and ends the “secret key issuance processing”.

  Upon completion of the “secret key issuing process”, the charging processing unit 114 executes the “charging information generation process”. This “billing information generation process” will be described with reference to the flowchart shown in FIG.

Here, the processing is started based on the secret key issue completion notification from the secret key generation unit 113b. When the process is started, the billing destination specifying unit 114a accesses the process history DB 163 to acquire the information recorded in the record created in step S403 of the “secret key issue process” (step S501). From the information obtained, ID _B , which is the generation source of the public key used for the encrypted communication targeted in the processing (issue of the secret key), is acquired (step S502).

The charging destination specifying unit 114a determines whether or not the acquired ID _B (public key generation source) includes charging destination information based on a predetermined format (step S503). As described above, when a billing destination is specified when an e-mail is transmitted from the entity A, a character string including information indicating the billing destination is generated by the operation of the sender terminal 200A. The public key is generated as When the sender does not specify a billing destination, a public key is generated using a character string composed only of ID information (e-mail) of the destination as a generation source.

Therefore, when the billing destination information is included in ID _B that is the public key generation source (step S503: Yes), the billing destination specifying unit 114a charges the entity A (sender) indicated by the billing destination information. The destination is specified (step S504). On the other hand, when charging destination information is not specified in ID _B (step S503: No), the charging destination specifying unit 114a specifies the recipient (entity B) of the e-mail as a charging destination (step S505).

  When the billing destination is specified, the billing information generation unit 114b accesses the billing information DB 164. Then, a new record is created in the identified billing destination table, and the billing information is generated by recording the processing history information acquired in step S501 in the created record (step S506). finish. Here, the processing ID of the acquired processing history information is recorded as a primary key, and the issue date / time information of the target private key, information indicating the sender and receiver of the target e-mail, etc. are created in the created record. Record.

  When the billing information is accumulated in the billing information DB 164 by the “billing information generation process”, the “billing process” is executed by the billing execution unit 114c. This “billing process” is executed every predetermined period, and is started when the date and time scheduled in advance is reached. In the present embodiment, it is assumed that an execution schedule for “charging process” is set for each charging destination. In this case, the execution schedule is set based on, for example, a billing closing date designated for each billing destination.

  Such “billing processing” will be described with reference to the flowchart shown in FIG. When the process is started, the charging execution unit 114c accesses the charging information DB 164, refers to the target charging destination table, and identifies a record in which the charging date and time information is not recorded. That is, an object for which charging has not been executed is specified (step S601).

  The charging execution unit 114c generates charging notification information for the charging destination based on the information recorded in the record specified in step S601 (step S602). Here, for example, a charge amount based on the number of services to be processed is calculated, and information indicating the calculated charge amount and its breakdown is generated as the charge notification information. In this case, it is assumed that the billing notification information is created in a format that can be read by an accounting system connected to the secret key issuing device 100.

  The billing execution unit 114c transmits the created billing notification information to the accounting system connected to the secret key issuing device 100 in cooperation with the communication control unit 120 (step S603). In the accounting system, processing for charging is executed by a predetermined method based on the charging notification information transmitted from the secret key issuing device 100.

  When the billing notification information is transmitted to the accounting system, the billing execution unit 114c accesses the billing information DB 164, records the billing date / time information in the record targeted for billing this time (step S604), and ends the “billing process”. .

  As described above, according to the above embodiment, the sender can specify the billing destination for the fee for issuing the secret key when performing ID-based encrypted communication. In this case, since a recipient other than the recipient can be designated as the billing destination, it is possible to realize encrypted communication in which the recipient does not bear a fee. This makes it possible to actively incorporate encrypted communication using ID-based encryption, for example, for information transmission from a company to a customer. As a result, the spread of encrypted communication is promoted and the safety of information communication is improved. Can contribute. In addition, since the billing destination is indicated by the generation source of the public key used for encryption, falsification of billing destination information can be detected by performing verification using the generated private key and public key, and transmission The billing destination designated by the person can be charged reliably.

  The above embodiment is an example, and the scope of application of the present invention is not limited to this. That is, various applications are possible, and all embodiments are included in the scope of the present invention.

  For example, in the above embodiment, encrypted communication is performed using a dedicated mailer program on each of the sender side and the receiver side. For example, so-called web mail provided by an ASP (Application Service Provider) is provided. You may make it implement | achieve this invention by systems, such as. In this case, for example, the secret key issuing device 100 in the above embodiment also serves as an ASP server that provides a webmail service, thereby providing the terminal device 200 with an interface for sending and receiving emails by webmail. Then, the ASP server encrypts information input as a transmission mail, thereby performing encrypted communication from the sender side to the receiver side. In this case, as in the above-described embodiment, the sender side specifies information indicating the charging destination, but the generation of a character string including the specified charging destination information and the generation of a public key having the generated character string as a generation source. The generation is performed by the ASP server. Thereby, encrypted communication can be performed without performing processing such as public key generation in the terminal device 200.

  In the above-described embodiment, the case where the present invention is applied to transmission / reception of electronic mail has been described as an example. However, target information is not limited to electronic mail but is arbitrary. For example, not only the text of the email but also various information attached to the email may be encrypted by the method described in the above embodiment. In this case, the public key generation source may include the billing destination of the secret key issue fee for the encrypted communication of the attached information.

  In the above embodiment, the case where the sender or the receiver who is the party of the encrypted communication is specified when the charging destination is specified is exemplified. However, the secret key issuer appropriately charges the fee. If possible, a third party may be designated as the billing destination.

  Further, in the above embodiment, the case where the public key is generated using the character string including the transmission destination e-mail address as the transmission destination ID information is illustrated, but the character string used as the ID information is the e-mail address. It is not limited. For example, a user ID assigned to each user may be used. Similarly, the information indicating the billing destination is not limited to the name of the billing destination, and a user ID, an e-mail address, or the like may be used.

  The secret key issuing device 100 and the terminal device 200 (the sender terminal 200A and the receiver terminal 200B) according to the above-described embodiment can be configured using a general-purpose computer device or the like as well as being configured from a dedicated device. You can also. In other words, by installing and executing the above-described program in such a general-purpose device, the private key issuing device 100 and the terminal device 200 (sender terminal 200A and receiver terminal 200B) according to the above-described embodiment are caused to function. Can do.

  Such a program providing method is arbitrary. For example, the program data can be stored and distributed in a storage medium such as a CD-ROM, and the program data can be superposed on a carrier wave so that a predetermined communication medium (for example, It can also be distributed via the Internet).

It is a figure which shows the structure of the encryption communication system concerning embodiment of this invention. It is a block diagram which shows the structure of the terminal device shown in FIG. It is a functional block diagram which shows the function structure implement | achieved by the control part of the sender terminal shown in FIG. It is a functional block diagram which shows the function structure implement | achieved by the control part of the receiver terminal shown in FIG. It is a block diagram which shows the structure of the private key issuing apparatus shown in FIG. It is a figure which shows the example of the database comprised by the memory | storage part shown in FIG. FIG. 7 is a diagram illustrating an example of information recorded in the database illustrated in FIG. 6, where (a) illustrates an example of information recorded in the user information DB, and (b) illustrates an example of information recorded in the billing destination information DB. Indicates. It is a figure which shows the example of the information recorded on process history DB shown in FIG. 7 shows an example of information recorded in the billing information DB shown in FIG. It is a functional block diagram which shows the function structure implement | achieved by the control part shown in FIG. It is a functional block diagram which shows the function structure of the encryption processing part shown in FIG. It is a functional block diagram which shows the function structure of the accounting process part shown in FIG. It is a flowchart for demonstrating the "transmission process" concerning embodiment of this invention. It is a flowchart for demonstrating the "public key generation process" performed by the transmission process shown in FIG. It is a flowchart for demonstrating the "reception process" concerning embodiment of this invention. It is a figure which shows the example of a display of the screen displayed with a terminal device, (a) shows the example of a display of a "transmission screen", (b) shows the example of a display of a "billing destination designation | designated screen", (c) is A display example of the “secret key issue confirmation screen” is shown. It is a flowchart for demonstrating the "secret key issue process" concerning embodiment of this invention. It is a flowchart for demonstrating the "billing information generation process" concerning embodiment of this invention. It is a flowchart for demonstrating the "billing process" concerning embodiment of this invention.

Explanation of symbols

DESCRIPTION OF SYMBOLS 10 Communication network 100 Secret key issuing apparatus 111 Information reception part 112 Authentication part 113 Cryptographic process part 113a Setup process part 113b Secret key generation part 114 Charge process part 114a Charge destination specific | specification part 114b Charge information generation part 114c Charge execution part 161 User information DB
162 Billing destination information DB
163 Processing history DB
164 Accounting information DB
200 terminal apparatus 200A sender terminal 211A interface processing unit 212A public key generation unit 213A encryption unit 214A transmission processing unit 200B receiver terminal 211B reception processing unit 212B attribute determination unit 213B secret key request unit 214B secret key acquisition unit 215B decryption unit 216B Interface processing section

Claims (10)

An encryption communication system configured by a sender terminal, a receiver terminal, and a secret key issuing device connected to each other via a communication network and performing ID-based encrypted communication,
The sender terminal is
Public key generation means for generating a public key using ID information related to a transmission destination and information indicating a charging destination of a private key issue fee;
Encrypted transmission means for encrypting information with the public key generated by the public key generation means and transmitting the information via the communication network, and
The recipient terminal is
Receiving means for receiving information encrypted by the sender terminal via the communication network;
Requests the secret key issuing device to issue a secret key for decrypting the information received by the receiving means via the communication network, and sends the secret key issued in response to the request via the communication network. A secret key acquisition means for acquiring
Decrypting means for decrypting the information received by the receiving means, using the secret key acquired by the secret key acquiring means,
The secret key issuing device
A secret key issuing means for generating a secret key in response to a request from the receiver terminal and transmitting the secret key to the receiver terminal via the communication network;
Charging means for determining a charging destination of the secret key issuing fee based on a public key corresponding to the secret key generated by the secret key issuing means, and performing a charging process to the determined charging destination,
An encrypted communication system. A secret key issuing device that issues a secret key used for ID-based encrypted communication between a sender terminal and a receiver terminal connected to each other via a communication network ,
A user information database that pre-stores user information related to encrypted communication users;
And ID information about the destination of the encrypted information in the ID-based cryptographic communication, the public key the sender terminal has generated by using the information indicating the charging destination of the secret key issuing rates, said the public key Charging destination determination means for determining a charging destination of a secret key issuance fee based on the public key acquired from the receiver terminal received from the sender terminal ;
It generates a private key used for decoding of the ID-based cryptographic communication, and a secret key issuing means a private key, and issues and transmitted to the receiver terminal performs the decoding thus generated,
A processing history database for recording processing history information indicating a secret key issuing history by the secret key issuing means for each user;
Charging destination specifying means for specifying a user as a charging destination of the secret key issuance fee based on the determination result of the charging destination determination means and the user information stored in the user information database;
Charging information generating means for generating charging information related to charging processing based on user information of the user specified by the charging destination specifying means and processing history information related to the user recorded in the processing history database;
A charging unit for performing a charging process of a secret key issue fee based on the charging information generated by the charging information generating unit;
A secret key issuing device comprising: The charging destination determination means determines whether or not the ID information that is the generation source of the public key includes charging destination designation information that specifies a target to be a charging destination;
If the charging destination information is included, the target indicated by the charging destination designation information is set as the charging destination,
If the billing destination information is not included, the private key issuance requester is the billing destination.
The secret key issuing apparatus according to claim 2. Whether the secret key generating means has altered the information indicating the billing destination by determining whether the generated secret key and the public key are the same based on the bilinear characteristics of Bayer pairing . A verification means for verifying whether or not,
The secret key issuing means issues a secret key for encrypted communication that has been verified by the verification means to have not been tampered with;
The secret key issuing apparatus according to claim 2 or 3, On the computer,
A function for storing parameters related to ID-based encrypted communication in a storage device in advance;
A function of specifying the charging destination of the destination and the secret key issuing rates of the ID-based cryptographic communication to the user,
Generates a character string that is a generation source of a public key used for the ID-based encrypted communication and is used to determine a charging destination at the transmission destination from information indicating a transmission destination and a charging destination designated by the user Function to
Using said parameters generated character string, a function of generating the public key,
A function of encrypting predetermined information using the generated public key;
And predetermined information the encrypted, the character string and the public key generated, a function via a communication network, and transmits to the designated destination,
A program characterized by realizing. In the computer,
A function that allows the user to specify whether or not to charge the private key issuance fee,
A function for generating a public string using the character string and the parameter when generating a character string including ID information indicating the transmission destination when the destination is designated as a billing destination;
When it is specified that a charging destination other than the transmission destination is specified, a character string including ID information indicating the transmission destination and information indicating the charging destination is generated, and the disclosure is performed using the character string and the parameter. The ability to generate keys,
The program according to claim 5, further realizing the above. On the computer,
A function for storing parameters related to ID-based encrypted communication in a storage device in advance;
And the encrypted information in the ID-based cryptographic communication, a function of the string of a generator of the public key and the public key used in the encryption, receives via the communications network,
A function of determining whether or not the received character string includes information specifying a billing destination of a fee for issuing a secret key used in the ID-based encrypted communication ;
When it is determined that the information specifying the billing destination is included in the character string , a secret key is issued, and the secret key issuing device that charges the billing destination for the fee is issued via the communication network. and the ability to request the issue of the secret key Te,
A function of acquiring a secret key issued in response to the request from the secret key issuing device via the communication network;
A function of decrypting and outputting the encrypted information using the acquired secret key and the parameter;
A program characterized by realizing. In the computer,
A function that allows the user to specify whether or not to request the issuance of a secret key when it is determined that the information specifying the billing destination is not included in the character string;
A function for requesting the secret key issuance device to issue a secret key via the communication network when the user specifies to request issuance of a secret key;
The program according to claim 7, further comprising: On the computer,
A function of preliminarily storing, in a storage device, user information related to a user of ID-based encrypted communication and parameters related to the ID-based encrypted communication ;
And the encrypted information in the ID-based cryptographic communication, a string of a generator of the public key and the public key used to this encryption, ID information of the receiver for receiving the encrypted information And a function of receiving from the recipient's terminal via a communication network;
Using the received information and the parameter, generate a private key corresponding to the received public key, and use the private key to decrypt the encrypted information to the recipient's terminal to the communication network With the ability to send via
A function of recording processing history information indicating a secret key generation history in the storage device;
A function of determining whether or not the received character string includes charging destination information indicating a charging destination of a secret key issue fee;
A function for identifying a billing destination based on the billing destination information and the user information when the billing destination information is included in the received character string;
A function of specifying a billing destination based on the ID information of the recipient and the user information when the billing destination information is not included in the received character string;
A function for executing a charging process for a secret key issue fee based on the processing history information regarding the specified charging destination and the user information of the charging destination;
A program characterized by realizing. In the computer,
A function to verify whether or not the billing destination information has been tampered with by determining whether or not the generated secret key and the public key are the same based on bilinear characteristics of Bayer pairing ;
A function of issuing the secret key to the recipient when it is verified that the billing destination information is not falsified ;
The program according to claim 9, further realizing.

Images