JPH02291740A - Key delivery system with signature function - Google Patents

Abstract

PURPOSE:To disable a person, who steals key information to try the access to a terminal but does not know secret information, to decode a cipher by combining discrimination information and secret information at the time of generating a common key. CONSTITUTION:A center 20 generates two parameters Zi and kk for a user (i) and writes them on a magnetic stripe card 19 corresponding to the user (i) and delivers this card to the user (i). Similar parameters whose subscript is changed to (k) are generated for a user (k) to deliver the card to a user (k). Users (i) and (k) read delivered magnetic stripe cards 19 from a card reader 26 and manage them as a user management file. The parameter Zk which the user (i) receives from the user (k) of the other party includes the reciprocal of an open parameter IDk and a password pwk of the terminal of the other party; and when the user (i) generates the common key, he is requested to input not only IDk of the user (k) of the other party but also a password pwi of the user (i) from a keyboard.

Description

[Detailed Description of the Invention] [Summary] The encryption key and decryption key of two communicating terminals are set as equal common keys, and the communication text and cipher text are encrypted between each terminal using the common key. /Regarding the common key encryption method for decryption,
More specifically, regarding the key distribution method that has a signature function when each terminal exchanges key information and generates a common key before starting communication, it is possible to authenticate each terminal with any other terminal. It realizes a common key with a unique signature, the process of generating the common key is simple, and the secret parameters for each terminal can be
The purpose of this system is to enable safe and easy management of relatively loosely guarded devices, such as magnetic stripe cards, by configuring each of multiple terminals with its own terminal identification information and self-terminal secret information. Store key information included as an element in advance,
A key information control means for transferring the ciphertext to the other party's terminal before starting the ciphertext communication, an input means for inputting the identification information of the other party's terminal and the secret information of the own terminal before the ciphertext starts to be communicated, common key generation means for generating a common key by converting the key information transferred from the partner terminal based on information input from the manual means including identification information of the partner terminal and secret information of the own terminal; It is configured to have the following.

[Industrial application field]

The present invention provides a common key cryptosystem that uses the same common key as the encryption key and decryption key of two communicating terminals, and performs encryption/decryption between the communication text and the ciphertext between each terminal using the common key. More specifically, the present invention relates to a key distribution method having a signature function when each terminal generates a common key by mutually exchanging key information before starting communication.

[Conventional technology]

In recent years, the spread of intra-company communication networks has expanded significantly. However, in corporate communications, personnel information. Internal confidential information. When sending important data such as financial information using a communication network, the third
Encryption technology is becoming more important as there are problems such as wiretapping and interception of communications by those involved in the communication, and erroneous delivery by those involved in the communication.

In encryption technology, a common key is used to set the encryption key and decryption key of two communicating terminals to be the same common key, and to encrypt/decode the communication text and ciphertext between each terminal using the common key. There is an encryption method. As a method for generating a common key, there is a method in which each terminal generates a common key by exchanging key information with each other before starting communication.

In the above encryption technology, it is necessary to manage key information (hereinafter simply referred to as a key) at each terminal to generate a common key, but the number of subscribers to the communication network ranges from tens to tens of thousands. As the number of keys increases, key management becomes complicated and the number of keys to be managed becomes enormous, making it impossible to maintain communication security.

As a conventional key management method, there is a key management method using an ID number (identification number of each terminal). This is a method that uses the ID number of each communicating terminal as common key generation information.

[Problem to be solved by the invention]

However, in the case of the above conventional example, the generated common key does not contain confidential information such as PIN numbers and passwords managed by each person involved in the communication, and problems arise between the parties involved in sending and receiving messages after communication. If this occurs, it will be difficult for a legitimate mediator to prove the fact that the message was sent or received;
The process of generating the common key is complicated, and the secret parameters managed by each user must be managed using something with strong protection, such as an IC card.

The present invention realizes a common key with a unique signature that can authenticate each terminal with any partner terminal, simplifies the process of generating the common key, and magnetically stores secret parameters for each terminal. The purpose is to make it possible to safely and easily manage devices with relatively loose guards such as striped cards.

[Means to solve the problem]

FIG. 1 is a block diagram of the present invention. The present invention sets the encryption key and decryption key of two communicating terminals to be mutually equal common keys, encrypts the communication between each terminal using the common key, transmits it as a ciphertext, and transmits the received ciphertext. A common key encryption method is assumed in which the message is decrypted using a common key and received as a message.

In the present invention, each of the plurality of terminals 11, 1k, . . . has the following key information control means, input means, and common key generation means.

The key information control means 2z, 2k, . . . store key information 3i, 3h, . 11 or 1, via the communication path 11, for example.

Here, the identification information is, for example, ID data, and the secret information of the own terminal is, for example, password data of the own terminal. And key information 3! , 3k... is a data value obtained by raising a predetermined integer to a power, for example, and the power term includes the product term of the reciprocal of the ■D disk of the own terminal and the password data of the own terminal. included. Or key information 3
1, 3k, . . . may be data values obtained by calculating the remainder of a predetermined composite number for the value obtained by exponentiating the above, for example.

The input means 41, 4k, . . . are means for inputting the identification information 5k, 5i, . . . of the other terminal, and the secret information 6t, 6h, . The identification information 51, 5k of the other terminal is, for example, ID data as described above, and the confidential information 61 of the own terminal is
, 6k . . . are, for example, the passwords of the own terminals, as described above.

The common key generation means 71, 7k, . . . receive key information 3k, 3rd shift, which is transferred via the communication path 11, for example, from the partner terminals 1k, .Il, .
is converted based on information including the identification information 5h, 5t, . . . of the other terminals input from the input means 4+, 4k, . . . and the secret information 6I, 6k, . It is a means of generating. The means generates a common key 8 by raising data values 3k, 31, etc., which are key information sent from, for example, the other terminals 1b, It, etc. ID data 5h of the partner terminal 1m, L ... inputted from means 4+, 4h,
5t... and password data of own terminal 6I, 6k...
The product term is included. Alternatively, the common key 8 may be generated by calculating the remainder of the predetermined composite number for the value obtained by the above-mentioned exponentiation. Also,
The power term may further include a product term of message number data and date data. By using the common key 8 generated as described above, encryption or decryption can be performed between the messages 9K and 10+ or between 9k and 10v at each terminal 11, 1+c, as shown in 12t and 12m in the same figure. be exposed.

On the other hand, in the present invention, in addition to the above configurations, each terminal 1+, l
It is possible to have a configuration including a center management section 13 that centrally manages m. The management department handles each terminal 1i, 1k...
The key information 25, 2k, . . . for each terminal is supplied in advance in the form of a magnetic stripe card, for example.

[For production]

When the own terminal, for example 11, receives key information 3k from the key information control means 2l of the other party's terminal, for example 1k, the key information 3k includes identification information of the other party's terminal 1k and secret information of the other party's terminal 1k. When the common key generation means 71 of the own terminal 11 generates the common key 8, it is also required to input the secret information 61 of the own terminal from the input means 41 in addition to the identification information 5k of the other terminal. Therefore, someone else steals the key information 31 for one terminal and manipulates the terminal 11 to
Even if the other person attempts to access k, unless the other person knows the secret information (password, etc.) of the own terminal, the other person cannot generate the same common key 8 as the common key 8 generated on the other party's terminal 1k side. Encryption or decryption cannot be performed, making it possible to achieve highly secure encrypted communication.

In this case, in the common key generation means 7, the common key 8
can be generated, which simplifies the process of creating a common key.

Also, key information 3I, 3k for each terminal 11, 1k...
. . are supplied from the center management unit 13 as indicated by the broken lines 14r, 14h, . . . in FIG. Since the code cannot be deciphered, the above-mentioned supply can be carried out using a relatively loosely guarded card such as a magnetic stripe card.

On the other hand, each common key generation is 1,000 steps! , 1k, the center management unit 13 can generate the common key 8 by including the product term of the communication data and the date data in the power term. By checking the contents, the fact that a telegram (correspondence) was sent and received can be easily verified.

〔Example〕

Hereinafter, the operation of the embodiment of the present invention will be explained with reference to the drawings.

FIG. 2 is an overall system configuration diagram of this embodiment.

In the figure, first, users i and k who perform communication by operating the respective personal computer terminals 17▲ and 17h set magnetic stripe cards 191 and 19b provided by the center 20 into the respective communication control devices 16N and 16k.

Thereafter, each user i, k inputs necessary parameters, which will be described later, from each keyboard 1B+, 18k before starting communication. Encrypted communication is then performed between the personal computer terminals 17+ and 17m via the communication control devices 16t and 16m and the communication path 21.

In the embodiment shown in FIG. 2, the communication control devices 161 and 1
6h etc. are shown only for two users i and k, but naturally a large number of devices are connected via the communication path 21.

FIG. 3 is a configuration diagram of the communication control devices 161 and 16* in FIG. 2. In the figure, the communication control device 16 is 16 in FIG.
+ and 16b, the keyboard 18 corresponds to 18 in FIG.
1 and 18K, the magnetic stripe card 19 is
This corresponds to 191 and 19k in FIG.

The card reader 23 reads the contents of the magnetic stripe card 19 supplied from the center 20 in FIG.

The content of the magnetic stripe card 19 is added with its own user ID by the exponentiation remainder calculator 24, and is sent as is to the transmitting/receiving device 26.

On the other hand, the other party's communicating party also has a device with a similar configuration, and the other party's unique ID and the above-mentioned data are sent back, and the data is received by the transmitting/receiving device 26 and sent to the power remainder calculator 24.
is input to.

Along with this, your own ID entered from the keyboard 18
and the password are input to the power remainder calculation unit 24, and the power remainder calculation processing described later is performed. The resulting common key, which will be described later, is stored in the common key storage device 25 and set to the key input of the cryptographic device 27 via the same device.

The encryption device N27 performs encryption or decryption between the 1,000-gram data on the personal computer 17 side and the ciphertext on the communication path 21 side.

On the other hand, after the communication is completed, the other party to whom the communication is requested attaches the date to the common key stored in the common key storage device 25 and sends it via the encryption device 27, the transmitting/receiving device 26, and the communication path 21. The data is sent to the center 20 shown in FIG.

The operation of the embodiment having the configuration shown in FIGS. 2 and 3 above will be explained below.
This will be explained along with the operation diagram shown in FIG.

Note that unless otherwise specified, FIGS. 2 and 4 will be referred to at any time.

First, within the center 20, a center management file 28 shown in FIG. 4 is stored in, for example, a disk storage device (not particularly shown). The same file contains secret parameters c, n=pxq (p, q are prime numbers), e, d,
However, e-d=1mod(LCM (p-1)(q-1)
), secret parameters (password; 1) Wl, pW3, ..., pw+++) registered in advance by each user,
and a public parameter (ID+
, IDz,..., ID. ). Here, LCM
represents the least common multiple. Here, LCM represents the least common multiple.

Then, the center 20 first sets two parameters Zi=
M”””’ *9” (Here, IDi is ID+
X IDt =l nod (LCM ((p
1) (q-1))), and kk=
ce is created for user i, written on the magnetic stripe card 19 corresponding to user i, and distributed to user i. Note that in reality, the remainder of Zi is calculated, but
In the following explanation, for the sake of simplicity, the explanation will first be made assuming that the remainder is not computed, and then the meaning and method of computing the remainder will be explained. Here, the operation "*j" means multiplication.

The center 20 also creates and distributes similar parameters with the subscript k for user k. Similar operations are performed for a plurality of other users not particularly shown.

Each user i, k receives the distributed magnetic stripe card 19.
are read from the card reader 23 and managed as user management files 29▲, 29k in FIG. Note that this file is temporarily stored, for example, in a storage device (not shown) in the exponentiation remainder calculation unit 24.

If user i wants to start communicating with user k, user i
is transmitted from the power remainder calculator 24 through the transmitter/receiver 26,
The parameter Z1 is transferred to the communication control device W 1 6 k of user k. Similarly, user k also transfers parameter Zk to communication control device 161 of user i.

User i uses user k in the exponentiation remainder calculation unit 24.
The parameter Zk received via the transmitting/receiving device 26 from
, the parameter kk that user i received from the center 20, his own password pWi entered in advance from the keyboard 18, and user kOIDk (name of user k,
As shown in Figure 4, z, kk*IDk+bPWl
Perform the calculation.

As a result of this calculation, from the relationship with 29k in Fig. 4, M C
A common key ( )P Wi * P W k is obtained. Note that the remainder is actually calculated for this value as well, but this will be described later. The common key is stored in the common key storage device 25.

On the other hand, the user k side also performs the same operation as the user i. That is, in the exponentiation remainder calculator 24, the parameter kk that the user k received from the center 20, the user's own password pwk entered manually from the keyboard 18, and the IDt (i
(Public information indicating i's identity such as name, address, telephone number, etc.), etc., to perform the calculation Z, kk*lD1umbrella PI+lk. As a result of this operation, M
A common key C P Wi P W k is obtained. This common key is stored in the common key storage device 25.

After the above operations, the common key in the common key storage device 25 is input to the encryption device 27, and is used as a key for the encryption device to realize confidential communication.

After the communication is completed, the user k attaches a date to the common key and notifies the center 20 of this information from the encryption device 27, for example, via the transmitting/receiving device 26 and the communication path 2l.

In the above operation, the parameters Z1, Zk, etc. provided from the center 20 to each user i and k, and the common tIIMc calculated by the power remainder calculator 24 for each user i and k.
*P"l*PWk is actually used by calculating their remainders. This is because if you simply calculate the power, the value of the parameter may overflow, and by taking the remainder, the password This is because the confidentiality of the data can be improved, etc. These remainder calculations are realized as follows.

Zi at the center 20 (also i and k for Zi=
The remainder operation Zi (mod n) for the composite number n of
is calculated, then the value is raised to the power of (■Di)-', nod n is calculated again, and finally the value is raised to the power of pW4. This gives Z, = Md* (lDil
Rate pwi? The remainder mod n is calculated.

Remainder operation z for composite number n of zkkk*IDk*PW1 for user i, kk*IDk*PWI
(H d 1) is calculated by first calculating Zkkk (modn), then multiplying the sono value by IDk, and then mod again.
n is calculated and its value is raised to the power of PWs. As a result, the remainder mad n of zkkk*lDk*PW1 is calculated.

As shown above, the parameter Zk that the user i receives from the other party user k includes the public parameter ID. , and the password PWh.

When user i generates a common key, he is required to input user i's password PW{ in addition to the ID of the other user k from the keyboard 1B. Therefore, for example, even if someone steals the magnetic stripe card 19 of user i and tries to access user k, if the other person does not know the password PWi of user i, the common key Mc*PW1 generated on the other party's user k side *Since it is not possible to generate the same common key as PWk, the encryption cannot be decrypted. Therefore, highly secure encrypted communication can be realized.

Furthermore, as mentioned above, the encryption cannot be deciphered only if the contents of the Z amount, Zk, etc. are stolen, so the above parameters are not supplied from the center 20 to each user using the magnetic stripe card 1.
A loosely guarded medium means such as No. 9 will suffice.

Furthermore, if a problem occurs later, for example, the center 20
By analyzing the content of the common key notified from each user after the end of the communication, it is possible to easily prove which users communicated with each other.

Next, FIG. 5 is an explanatory diagram of the operation of another embodiment of the present invention based on the configurations of FIGS. 2 and 3.

The difference from Fig. 4 is that when user i generates a common key from the parameter Z, sent from the other party, Zk in the figure
The point is that the information on the document number N and date T to be communicated is combined into a power term, as shown as kk"IDkiit'W1*N*T.

By doing this, for example, if a problem occurs later and the center 20 analyzes the common key notified from each user after communication ends, it will be possible to analyze the accessed document and the information on that date. .

〔Effect of the invention〕

According to the present invention, when generating a common key, by intertwining identification information and secret information, it is possible for someone else to steal the key information.
Even if you try to access a certain terminal, you can't decipher the code unless you know the secret information, making it possible to achieve highly secure encrypted communication.

In this case, the common key can be generated, for example, by simply calculating the power of a predetermined integer or the remainder, which simplifies the process of creating the common key.

In addition, when supplying key information to each terminal, as mentioned above, if the key information is stolen, the encryption cannot be deciphered, so the supply can be done using something with relatively loose protection, such as a magnetic stripe card, and the supply cost is high. can be made very cheap.

In addition, when generating a common key using each common key generation means, by including a term for the product of correspondence data and date data in the exponentiation term, for example, if a problem occurs later, the center management unit can By checking the contents of the key, it becomes possible to easily prove the fact that a telegram (correspondence) has been sent and received.

[Brief explanation of the drawing]

FIG. 1 is a block diagram of the present invention, FIG. 2 is an overall system configuration diagram of this embodiment, and FIG. 3 is a block diagram of the present invention.
FIG. 4 is a block diagram of the communication control device according to this embodiment. FIG. 4 is an explanatory diagram of the operation of this embodiment. FIG. 5 is an explanatory diagram of the operation of another embodiment. 1 1k...Terminal, 2, 2k...Key information control means, 3, 3k...Key information, 4, 4,...Input means, 5 5k...Identification information of partner terminal, 6) ,6k
... Secret information of own terminal, 7I, 7k ... Common key generation means, 8 ・ ・ 91 , 1 0 ・ 1 l ・ 1 3 ・ Common key, , ... Correspondence, ・Ciphertext, ・Communication・Center Management Department.

Claims (1)

[Claims] 1) An encryption key and a decryption key of two communicating terminals are set as mutually equal common keys, and a communication is encrypted between the respective terminals using the common key and transmitted as a cipher text, In a common key encryption method in which the received ciphertext is decrypted using the common key and received as a message, each of the plurality of terminals (1) is provided with identification information of its own terminal and secret information of its own terminal as constituent elements. The key information (3) including the key information (3) is held in advance, and the ciphertext (10)
Key information control means (2) that is transferred to the other party's terminal before the start of communication
), and the identification information (5
) and the secret information (6) of the own terminal, and inputting the key information (3) transferred from the partner terminal before starting communication of the ciphertext (10) from the input means (4). and a common key generation means (7) for generating a common key (8) by converting information including the identification information (5) of the partner terminal and the secret information (6) of the own terminal. A key distribution method with a distinctive signature function. 2) The identification information is ID data, the secret information of the own terminal is password data of the own terminal, and the key information is a data value obtained by raising a predetermined integer to a power, and the key information is a data value obtained by raising a predetermined integer to a power. The term includes a product term of the reciprocal of the ID data of the own terminal and the password data of the own terminal, and the common key generation means generates a data value that is the key information sent from the partner terminal. The common key is generated by exponentiation, and the exponentiation term includes a product term of the ID data of the partner terminal input from the input means and the password data of the own terminal. A key distribution system having a signature function according to claim 1. 3) The identification information is ID data, the secret information of the self-terminal is password data of the self-terminal, and the key information is a value obtained by raising a predetermined integer to a power with a remainder of a predetermined composite number. It is a data value obtained by calculation, and the power term includes a product term of the reciprocal of the ID data of the own terminal and the password data of the own terminal, and the common key generation means is a data value obtained from the other party. The common key is generated by calculating the remainder of the predetermined composite number for the value obtained by exponentiating the data value that is the key information sent from the terminal, and the exponentiation term contains the input 2. The key distribution system having a signature function according to claim 1, further comprising a product term of the ID data of the partner terminal inputted from the means and the password data of the own terminal. 4) Claim 1, 2 or 3, further comprising a center management unit that centrally manages each of the terminals, wherein the center management unit supplies each terminal with the key information for each terminal in advance.
A key distribution method with the noted features listed. 5) The signature according to claim 2, 3 or 4, wherein the power term calculated by the common key generation means further includes a product term of message number data and date data. A key distribution method with functions.