JPH06152592A - Cipher communication method and cipher communication system - Google Patents

Abstract

PURPOSE:To share a cipher key with plural communication parties in the multi- address communication by generating a cipher sentence key by means of a master key which is common to the system. CONSTITUTION:A terminal 100 at the side of transmission ciphers a simple sentence 150 by a data key 151. A cipher sentence key 156 is generated based on a data key 151, address information 153 specifying a receiver, and master key 154 common to the system. A communication sentence consisting of the address information 153, cipher sentence key 156, and cipher sentence 152 is sent to a communication network 130. A terminal 101 at the side of reception generates the data key 151 from the address information 153 and cipher sentence key 156 included in the received communication sentence by means of the master key 154. By means of the generated data key 151, the cipher sentence 152 is decoded to generate the simple sentence 150. In short, as master key 154 is common to the system, the same data key 151 can be used between the transmitter and receiver terminals. In addition, the data key 151 is disposable and its safety is dependable.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a cryptographic communication method and a cryptographic communication system in an electronic mail system or the like, and more particularly, a communicator can share a cryptographic key with any one or more communication partners without preliminary communication. The present invention relates to a cryptographic communication method and a cryptographic communication system.

[0002]

2. Description of the Related Art In recent years, with the progress of information processing technology and communication technology, it has become possible to send and receive various information at high speed and at low cost using a communication network. For example, broadcast communication can be easily realized by using a communication satellite or a local area network. Broadcast communication refers to communication of the type in which the same information is transmitted at once to a large number of terminals on a communication network.

By the way, when performing broadcast communication using a communication satellite or a local area network, the transmitted electric or radio wave signal can be received by any terminal. Therefore, as it is, it is not possible to perform limited communication in which the information to be kept secret is transmitted only to limited parties. In broadcast communication, in order to transmit information only to a limited number of parties and keep the information secret to other parties, it is necessary to use a method of encrypting and transmitting the information.

The above-mentioned limited communication method includes, for example, "card security, communication network safety / reliability symposium in the information society (author: Kazuo Takaragi, Neko Fukuzawa, Tsutomu Nakamura; published by The Institute of Electronics, Information and Communication Engineers). ) ”.

The above disclosed example will be briefly described below. This disclosure example relates to a communication system in which an information service center unilaterally communicates with users of the system. In advance, all users are divided into several groups. An IC card is distributed to each user in advance. The IC card stores one (or a plurality of) identification numbers for identifying the user who owns the IC card and a secret numerical value that is different for each group.

FIG. 23 shows a configuration example of the communication system of the above disclosed example. In the figure, 2200 is an information service center transmission system, 2210 is a user reception system, 1
Reference numeral 30 denotes a communication network for transmitting information from the information service center to any one or a plurality of users in a broadcast manner.
Although only one user reception system 2210 is illustrated here, it is assumed that the communication network 130 is connected to another similar reception system.

Information service center transmission system 2200
Includes a transmitter 2201 and a memory 2202 for storing a group seed key list. The group seed key list is a list in which a group identification number for identifying a group and a group seed key that is a secret numerical value of the group are associated with each other. As the group seed key, a different value is used for each group.

The user reception system 2210 includes the terminal 10
0, a reader / writer 110, and an IC card 120. The IC card 120 is removable, and includes a central processing unit (CPU) 401, a reader / writer interface 402, and a memory 403. Memory 40
3 includes a communication program 404 and a key generation program 40.
5, a group identification number 406, a personal identification number 407, and a group seed key 2211 are stored.

The individual identification number 407 is a number for identifying each individual in the group. IC owned by each individual
In addition to various programs, the card 120 stores the group identification number and group seed key of the group to which the individual belongs, and the individual identification number of the individual.

When performing broadcast communication from the information service center, the transmission system 2200 first refers to the group seed key list in the memory 2202, creates the following key generation information, and transmits it to the terminal 100 together with the ciphertext. To do.

Key generation information = group number 1 ‖ distribution destination information 1 ‖ random number 1 ‖
Ciphertext key 1 ‖ Group number 2 ‖ Distribution destination information 2 ‖ Random number 2 ‖ Ciphertext key 2 ‖ ・ ・ ・

Here, ‖ indicates data connection. A set of data in which a group number, distribution destination information, a random number, and a ciphertext key are linked (for example, "group number 1 ‖ distribution destination information 1
‖Random number 1 ‖Ciphertext key 1 ″) is data sent from the center to each terminal to share a data key with a certain individual in a certain group. The group identification number of the group is set in the group number. What is distribution destination information?
It is a bit string with the same length as the number of users belonging to the group specified by the group number immediately before it,
When the bit is "1", a common data key with the user is generated, and when the bit is "0", it is not generated.
The ciphertext key is obtained by the following calculation.

Work key ← H (group seed key, group number ‖ distribution destination information ‖ random number) Ciphertext key ← E (work key, data key)

Here, H (I, M) is an output by a hash function H having an initial value of I and input data of M, that is, a hash total. E is a function for encrypting the data key with the work key. The data key is a key for encrypting plaintext.

The terminal 100 compares the group identification number 406 previously read from the IC card 120 with the group number in the key generation information, and only when they match, the distribution destination information in the key generation information is determined. Only the random number and ciphertext key information are transmitted to the IC card 120 via the reader / writer 110.

The IC card 120 refers to the distribution destination information in the key generation information sent from the terminal 100, and whether the bit corresponding to the value of the personal identification number 407 is "0" or "1". inspect. When it is "0", it means that the information is not addressed to the owner of the IC card.
The subsequent processing is not performed. If the bit is "1", it is determined that "there is a right to generate a key", and the subsequent processing is continued.

First, the IC card 120 uses the group seed key 2211 which is a secret number different for each group,
The following calculation is performed, a data key is generated, and it is sent to the terminal 10
Send to 0.

Work key ← H (group seed key, group number ‖ distribution destination information ‖ random number) data key ← D (work key, ciphertext key)

Here, D (K, M) is the output by the decryption function D with K as the key and M as the input data.

As described above, the common data key can be shared between the information service center transmitting system 2200 side and the user receiving system 2210 side. Thereafter, the terminal 100 uses this data key to decrypt the ciphertext transmitted from the communication network 130 together with the key generation information, and obtain the correct plaintext.

[0021]

An electronic mail system using a personal computer or a workstation is very useful for promoting the paperless use of various notification documents in a company, for example, but it may be read by a third party. Therefore, confidential information cannot be sent as it is. Therefore, it is required to increase the security of the information to be transmitted.

However, in the above-mentioned conventional technique, the communication service center that holds the group seed keys of all the groups sends the ciphertext to each user, and each user only has the group seed key of his / her own group. Since they do not have them, there is a problem that users who belong to different groups cannot perform encrypted communication and cannot be directly applied to the electronic mail system.

In view of the problems in the above-described conventional example, an object of the present invention is that a communicator shares an encryption key with any one or a plurality of communication partners when performing broadcast communication by an electronic mail system or the like. An object of the present invention is to provide a cryptographic communication method and a cryptographic communication system.

[0024]

In order to achieve the above object, a cryptographic communication method according to the present invention is a cryptographic communication method applied to communication between a plurality of terminals mutually connected by a communication network. , The terminal on the transmission side encrypts a plaintext with a data key, and a ciphertext that generates a ciphertext key based on the data key, destination information for identifying the recipient, and a master key common to the system. A key generation step and a transmission step of sending a communication text composed of the destination information, a ciphertext key, and a ciphertext to the communication network are executed, and a receiving side terminal sends the communication text sent to the communication network. A receiving step of receiving, a data key generating step of generating a data key using the master key from the destination information and the ciphertext key included in the received communication text, and a data key generated using the generated data key, included in the communication text Decrypt the ciphertext And executes a decoding step of generating a sentence.

The cryptographic communication system according to the present invention is a cryptographic communication system that performs cryptographic communication between a plurality of terminals connected to each other by a communication network, and encrypts plaintext with a data key to create a ciphertext. Encryption processing means, ciphertext key generation processing means for generating a ciphertext key based on the data key, destination information for identifying the recipient, and a master key common to the system, the destination information and the ciphertext key. A transmission-side terminal equipped with a transmission means for transmitting a communication text including a ciphertext to the communication network, a receiving means for receiving the communication text transmitted to the communication network, and a destination included in the received communication text. A data key generation processing unit that generates a data key from the information and the ciphertext key using a master key; and a decryption processing unit that decrypts the ciphertext included in the communication text using the generated data key to generate a plaintext. Receiver with Characterized in that a terminal.

In the above-mentioned encrypted communication method or system, the generation of the ciphertext key in the terminal on the transmitting side is carried out by a storage medium such as an IC card which is removable from the terminal body and has an arithmetic function for performing the ciphertext generation processing. It may be executed internally. In addition, the generation of the data key at the receiving terminal is
It may be executed inside a similar storage medium. When such a storage medium is used, an identification number and a master key unique to each storage medium are stored in the storage medium, and a ciphertext key for transmission and a data key for reception are generated. It is good to do so.

The destination information is, for example, a bit string in which bits having a value of "0" or "1" are arranged in a predetermined length, and each bit is associated with an identification number unique to the storage medium. The data is in the form of a bit string. Further, in the storage medium of the receiving side terminal, the bit of the destination information corresponding to its own identification number is referred to, and the data key is generated only when the bit has a predetermined value (for example, "1"). It is good to perform such a check.

The terminal on the transmission side stores a destination list that associates the name of each user with the identification number of the storage medium owned by the user, and the destination information used when transmitting is the destination list. It is better to use it to create.

Further, all users are divided into a plurality of groups in advance, and each user is identified by a group identification number designating the group and a personal identification number designating each user in the group. You should do it. Furthermore, in addition to the personal identification number within each group, an identification number for collectively specifying all users belonging to that group, or for specifying a sub-group consisting of multiple users belonging to that group It is convenient to prepare the subgroup identification number. In addition, a group including a plurality of users is appropriately set in advance, and a group identification number designating the group or a personal identification number designating each user in the group is processed as an identification number in the same column. You may

Further, the storage medium according to the present invention is used when cryptographic communication is performed between a plurality of terminal bodies connected to each other by a communication network, is removable from the terminal body, and is capable of operating with a storage means. And a ciphertext key for generating a ciphertext key on the basis of a data key and a master key of destination information and returning the ciphertext key to the terminal body when connected to a terminal on the transmission side. And a data key generation processing means for generating a data key using the master key from the destination information and the ciphertext key and returning the data key to the terminal body when connected to the receiving terminal. Is characterized by.

A unique identification number is stored in the storage medium, and whether or not the destination information and its own identification number have a specific relationship when connected to the receiving terminal, that is, the storage medium stores the information. It is better to determine whether or not the recipient is designated as the recipient. In this case, the data key is generated only when the destination information and the own identification number have a specific relationship.

Further, the encryption communication method and system according to the present invention described above can be applied to a database system. A database system according to the present invention is a database system including a plurality of terminals and a storage device that are mutually connected by a communication network, and an encryption processing unit that creates a ciphertext by encrypting plaintext with a data key. A ciphertext key generation processing means for generating a ciphertext key based on the data key, read permission information indicating a destination permitted to read the plaintext, and a master key common to the system; and the read permission. A data writing side terminal having a writing means for writing information, a ciphertext key, and a communication text including a ciphertext to the storage device via the communication network, and the storage via the communication network. A reading unit that reads a communication text from the device, a data key generation processing unit that generates a data key using the master key from the read permission information and the ciphertext key included in the read communication text, and the generated data. Characterized in that a data read-side terminals and a decoding means for generating plain text by decrypting a ciphertext included in the communication text using the data key.

[0033]

According to the encrypted communication method and system of the present invention, since the master key is common to the system (that is, the same for all groups), the same data key is used for any sender terminal and receiver terminal. Can be shared. In particular, the sender side generates a ciphertext key based on the data key, the destination information and the master key and sends it to the receiver side, and the receiver side uses the master key from the ciphertext key and the destination information to use the data key. Since the data key is generated, the data key can be made disposable and is highly secure.

If a ciphertext key or a data key is generated inside a storage medium such as an IC card, the contents can be read even if a ciphertext is read by a third party who does not have an IC card. Is not deciphered, nor can a third party without an IC card properly encrypt the mail document.

[0035]

Embodiments of the present invention will be described below with reference to the drawings. In the drawings referred to below, the same numbers represent the same or common parts / elements. This does not limit the present invention.

(Example 1)

FIG. 2 is a block diagram showing a schematic configuration of a cryptographic communication system for implementing the cryptographic communication method according to the first embodiment of the present invention. In the figure, 100, 101, 1
Reference numerals 02 and 103 denote terminals such as workstations. These terminals 100 to 103 are connected to the communication network 130 and communicate with each other via the communication network 130. Reference numerals 110, 111, 112 and 113 denote reader / writers connected to the terminals 100, 101, 102 and 103, respectively. Reference numerals 120 and 121 denote IC cards inserted in the reader / writers 110 and 111 for communication.

FIG. 3 is a block diagram showing the internal configuration of the terminal 100 and the reader / writer 110 of FIG. The other terminals 101 to 103 and the reader / writers 111 to 113 have the same configuration. As shown in FIG.
Communication network interface 201, reader / writer interface 202, display 203, keyboard 204,
It has a CPU 205 and a memory 206, which are interconnected by a bus 200.

The communication network interface 201 is the communication network 1.
The reader / writer interface 202 is an interface for exchanging data with the reader / writer 110. The display 203 is a display device that displays a message to the user. The keyboard 204 is an input device for the user to input data and the like. The CPU 205 has an arithmetic function and controls and executes various processes in the terminal 100. Memory 2
A communication program 207, a security program 208, a destination list 209a, and the like are stored in 06.

The communication program 207 is a program for controlling data exchange with another terminal or with the reader / writer 110. The security program 208 is a program that performs encryption and decryption of a mail document, generation of random numbers, selection of a relevant part of key generation information, and the like. Destination list 209a
Is a list in which the names of groups and the names of individuals included in the groups are associated with their identification numbers.

FIG. 4 shows an example of the contents of the destination list 209a. All users of the system of this embodiment are
It is divided into groups such as Human Resources Department, Sales Department, and Advertising Department. A group identification number is assigned to each group. For example, the group identification number of the personnel department is "1", the sales department is "2", and the advertising department is "3". Individual identification numbers are assigned to individuals belonging to each group. The individual identification number is a number unique to each individual in the group, and different individuals in different groups may have the same individual identification number. For example, Mr. A's personal identification number is "1", Mr. B is "2", and Mr. D's personal identification number is "1".

By the group identification number and the individual identification number,
Users can be specified. The IC card distributed to all users stores a group identification number and an individual identification number that identify the user. For example, Mr. A in the Human Resources Department has an IC card with a group identification number of "1" and an individual identification number of "1", and Mr. B has an IC card with a group identification number of "1" and an individual identification number of "2". The card
An IC card with a group identification number of "2" and a personal identification number of "2" is distributed to Mr. E of the sales department.
The structure of the IC card will be described later with reference to FIG.

Referring again to FIG. 3, the reader / writer 110
Is an IC card interface 211, a memory 212,
It has a terminal interface 214 and a CPU 215, which are interconnected by a bus 210. The IC card interface 211 is an interface for exchanging data with the inserted IC card. The memory 212 stores a communication program 213 and the like. The terminal interface 214 is an interface for exchanging data with the terminal 100. The CPU 215 has an arithmetic function and controls and executes various processes in the reader / writer 110.

A cable 215 is connected between the terminal 100 and the reader / writer 110 for exchanging data.

FIG. 5 is a block diagram showing the internal structure of the IC card 120. I distributed to system users
All C cards have a similar configuration. As shown in the figure, the IC card 120 has a CPU 401, a reader / writer interface 402, and a memory 403, which are interconnected by a bus 400.

The CPU 401 has an arithmetic function,
Controls and executes various processes in the IC card 120. The reader / writer interface 402 is an interface for exchanging data with the reader / writer in which the IC card 120 is inserted. The memory 403 has a communication program 404 and a key generation program 4
Programs such as 05 and group identification number 406,
Data such as a personal identification number 407 and a master key 408 is stored.

The group identification number 406 and the personal identification number 407 stored in the memory 403 are individual numerical values for identifying the owner of the IC card 120, as described with reference to FIG. 4, and the master key 408 is the entire IC. It is a secret number common to all cards. In addition, the key generation program 405 checks whether or not there is a right to generate a data key from the information sent from the terminal 100 via the reader / writer 110, and generates a data key only when there is a right. Is.

Next, a procedure for performing cryptographic communication in the system of this embodiment having the above-mentioned configuration will be briefly described.

FIG. 1 is a diagram showing a procedure for performing encrypted communication in the system of this embodiment according to a data flow. In the figure, the IC card 120 is provided in the reader / writer 110 of the terminal 100 on the transmitting side,
It is assumed that the IC card 121 is inserted in each reader / writer 111.

First, in the terminal 100 and the IC card 120 on the transmitting side, the plaintext 150 which is the data to be encrypted and transmitted, the data key 151 for encrypting the plaintext 150, and the number of persons sending the plaintext 150 The destination information 153 for designating the other party is prepared. Then, the encryption process 1
60, the ciphertext 152 is generated from the plaintext 150 and the data key 151. Also, the key generation processing 161 generates a ciphertext key 156 from the data key 151, the destination information 153, and the master key 154. The generated destination information 153, the ciphertext key 156, and the ciphertext 152 are the communication text 14
0 is transmitted to the communication network 130.

In the terminal 101 and the IC card 121 that have received the communication text 140, it is first confirmed whether or not there is a relationship between the destination information 153 and the identification number (group identification number and individual identification number) 155. Only when the two have a specific relationship, that is, when the identification number 155 is included as the receiving party specified by the destination information 153, the key generation processing 161 performs the destination information 153, the ciphertext key 156, and the master key 154. The data key 151 is generated from Furthermore, the ciphertext 152 is decrypted with the generated data key 151,
The plain text 150 is generated, and the communication ends.

Next, the procedure on the sender side and the receiver side in this embodiment will be described in more detail with reference to FIGS. 6 to 10.

FIG. 6 is a flow chart showing the procedure on the sender side in this embodiment.

This procedure is started when the sender inserts his / her own IC card 120 into the reader / writer 110 of the terminal 100 (step 500). First, the terminal 100 randomly generates a data key and encrypts the mail document with the data key (step 501).
A random number is generated separately from the data key (step 502).

The sender refers to the destination list 209a (FIG. 4) displayed on the display 203 (FIG. 3) and inputs the group identification number and the personal identification number of the recipient he / she desires from the keyboard 204 (step). 503a). If it is desired to send the same mail to a plurality of parties, a plurality of group identification numbers and individual identification numbers are input.

The terminal 100 generates a group number (same value as the input group identification number) and distribution destination information from the input group identification number and personal identification number, and the data key generated in step 501 and the step 502. The generated random number is transmitted to the IC card 120 (step 504).

Next, the IC card 120 generates a ciphertext key based on the sent information and sends it back to the terminal 100 (step 505). The detailed procedure will be described later.

The terminal 100 generates key generation information from the group number, distribution destination information, random number and ciphertext key (step 506).

FIG. 7 shows an example of the key generation information. The key generation information is configured by connecting one or more sets of data in which a group number, distribution destination information, a random number, and a ciphertext key are connected. In the key generation information 700 in the figure, the group number "1" is set at the beginning, the distribution destination information "110 ..." And the random number and the ciphertext key are concatenated next to the data. Further next, a similar set of data for the group number “2” and a similar set of data for the group number “3” are linked.

For the group number and the distribution destination information, see step 5.
It is generated based on the designation of 03a. Random number is step 5
The key generated in 02 and the ciphertext key are those generated in step 505. The random number and ciphertext key use one value generated in these steps. That is, the same value is set in the random number column of different groups, and the same value is set in the ciphertext key column of different groups.

Reference numeral 701 represents a list of who in which group is given the data key generation right by the key generation information 700. In other words, it is also a list of users indicating who the sender specified and who did not specify in step 503a. Since the first bit of the distribution destination information following the group number “1” of the key generation information 700 is “1”, Mr. A (personal identification) of the personnel department (group identification number “1”) corresponding to this bit. The number "1") has a key generation right. Second distribution destination information for group number "1"
Since the bit is also "1", Mr. B (personal identification number is "2") in the human resources department also has a key generation right. Since the third bit of the distribution destination information of the group number “1” is “0”, Mr. C (personal identification number “3”) in the personnel department has no key generation right. With respect to the group numbers “2”, “3”, ... Also, the presence or absence of the key generation right of each user is determined according to each bit of the distribution destination information.

Referring again to FIG. 6, after step 506, a series of data obtained by concatenating the generated key generation information with the mail document encrypted in step 501 is transmitted to the recipient (step 507). The series of data transmitted here is the message 140 shown in FIG. Message 1 in Figure 1
The “destination information” and “ciphertext key” of 40 correspond to the key generation information 700 of FIG. 7, and the “ciphertext” of the communication text 140 of FIG. 1 corresponds to the mail document encrypted in step 501. Finally, the sender sends the IC card 120 from the reader / writer 110.
And the processing on the sender side is completed (step 5).
08).

FIG. 8 is a flow chart showing the procedure of the process of generating the ciphertext key inside the IC card 120 in step 505 of FIG.

In this procedure, the IC card 120 sets the terminal 10
The process is started by receiving the group number, the distribution destination information, the random number, and the data key from 0 (step 60).
0). First, the numerical value 1 is stored as an initial value in the counter i indicating the number of times the hash process is repeated (step 60).
1). Next, among the information transmitted from the terminal 100, the group number, the distribution destination information, and the random number are concatenated with each other and then divided into n blocks of the same length (step 602a). However, the value of n is a numerical value determined by the data length of the linked information and the input data length of the hash function. That is, since the input data length of the hash function is determined for each hash function,
According to it, it divides into n.

Next, the hash total of the master key 408 stored in the memory 403 and the first block (first among the n divided blocks) is calculated and stored as the first work key (step 603). . Then, it is determined whether the value of the counter i is equal to n (step 604). If the value of the counter i does not reach n yet, the counter i is counted up, the hash total of the current work key and the i-th block is calculated, and stored as a new work key (step 606). Return to step 604.

Then, such processing is repeated until the nth block is input, and when the counter i becomes equal to n (step 604), the work key (n
The data key is encrypted with the (th work key) to generate a ciphertext key (step 607), the ciphertext key is transmitted to the terminal 100, and the process is terminated (step 608).

FIG. 9 is a flow chart showing the procedure on the receiver side in this embodiment.

This procedure is started by inserting the IC card 121 possessed by the receiver into the reader / writer 111 of the terminal 101 (step 800). The communication text 140 (key generation information and ciphertext) sent to the communication network 130 by the procedure described in FIGS. 6 to 8 is received by the terminal on the receiving side. The received terminal 101 first reads the group identification number 406 stored in the memory 403 in the IC card 121, and checks whether the received key generation information includes the same group number as the group identification number 406. To do. Then, the group number of the group to which the recipient belongs, the distribution destination information, the random number, and the ciphertext key are extracted from the received key generation information, and the IC card 1
20 (step 801).

In the IC card 120, the sent group number and the group identification number 406 stored in the memory 403 are compared and inspected (step 802). If they match, the process is continued, and if they do not match, the process ends (step 803). Although the terminal performs the comparative inspection of the group number and the group identification number, it also inspects the inside of the IC card 120 in order to enhance safety.

Next, the bit at the position indicated by the personal identification number 407 stored in the memory 403 in the sent distribution destination information is inspected (step 804a). If the bit is "1", the processing is continued,
If it is "0", the process ends (step 805). The bit being “1” means that the sender is the IC card 12
This means that the owner of 0 has been designated as the data transmission partner, and the IC card 120 has the right to generate a data key. On the contrary, if the bit is “0”, it means that the sender does not specify the owner of the IC card 120 as a data transmission partner, and the IC card 120 has the right to generate a data key. It is not.

After the above inspection, a data key is generated and transmitted to the terminal 101 (step 806). Upon receiving the data key sent from the IC card, the terminal 101 decrypts the encrypted mail document with the data key (step 807). Then, the receiver takes out the IC card 120 from the reader / writer 110 and ends the processing (step 808).

FIG. 10 is a flow chart showing the procedure of a process for generating a data key inside the IC card 120 in step 806 of FIG. This flowchart is basically the same as that of FIG. 8, and the procedure for generating a work key in steps 601 to 606 is exactly the same. However, in step 607a in FIG. 8, the data key is encrypted with the work key to generate the ciphertext key, but in step 607b in FIG. 10, conversely, the ciphertext key is decrypted with the work key to generate the data key. They are different.

According to the above-described embodiment, the correct data key is generated only when the receiver specified by the sender inserts his / her own IC card into the reader / writer connected to the terminal. Documents are more confidential. I
If the confidentiality of the master key stored in the C card is guaranteed, it is obvious that a third party who does not have an IC card cannot decrypt the encrypted mail document or send a fake mail document. is there. Further, the person who owns the IC card can send a mail document to any one or a plurality of users who own the IC card. further,
Since the destination information and the encrypted document are transmitted together, the preliminary communication for sharing the key is unnecessary.

It is also possible to apply this embodiment to a database system and store the encrypted information in the database so that only a designated user can see the predetermined information.

FIG. 11 shows an example in which a large capacity storage device 1000 is connected to one terminal connected to the communication network 130 to form a database system. In this system, the storage device 100 can be accessed from any terminal connected to the communication network.
Data can be written to 0 and read from any terminal.

When writing data, first, write data is encrypted with a data key to create a ciphertext. Then, the ciphertext key is generated based on the data key, the read permission information indicating the destination permitted to read the write data, and the master key common to the system. After that, the data consisting of the read permission information, ciphertext key and ciphertext,
Write to the storage device 1000 via the communication network 130. The read permission information corresponds to the destination information in the above embodiment.

When reading data from the storage device, first, data (read permission information, ciphertext key and ciphertext) is read from the storage device 1000 via the communication network 130. Next, the master key is used to generate a data key from the read permission information and the ciphertext key included in the read data. And
The original data may be obtained by decrypting the ciphertext using the generated data key.

(Example 2)

Next, a second embodiment of the present invention will be described.
The system configuration in the second embodiment is similar to that in FIG. The internal configurations of the terminal, reader / writer, and IC card are the same as those in FIGS. 3 and 5.

FIG. 12 shows an example of the destination list 209b used in the system of the second embodiment. Destination list 2
09b is the destination list 20 of FIG. 4 used in the first embodiment.
Although it is almost the same as 9a, in addition to the identification number of each individual, an identification number indicating all the users belonging to the group (in the figure, the name column is "all") is provided. When the sender inputs this identification number when designating the recipient, the same distribution destination information as that when all the personal identification numbers of the group are designated in the first embodiment is generated.

The procedure of the encrypted communication in this embodiment is the same as that in FIG. 1, and the procedure on the sender side and the procedure on the receiver side are the same as those in FIGS. 6 and 9, respectively.

In this embodiment, the same effect as that of the first embodiment can be obtained, and in addition to the large number of users belonging to each group, mail is frequently sent to all users in the group. In such cases, it is possible to reduce the burden on the user and make it easier to use. In addition, if an identification number indicating all users of the system is provided, the ease of use can be further increased.

(Example 3)

Next, a third embodiment of the present invention will be described.
The system configuration of the third embodiment is similar to that of FIG. Further, the internal configurations of the terminal and the reader / writer are the same as those in FIG.

FIG. 13 shows an example of the destination list 209c used in the system of the third embodiment. Destination list 2
09c is the destination list 20 of FIG. 4 used in the first embodiment.
9a, which is almost the same as that of 9a, but in addition to the identification number of each individual, an identification number indicating a subgroup (“subgroup a” or “subgroup b”) composed of users belonging to the group Has been. Further, as shown in FIG. 14, the memory 403 of the IC card 120 is provided with an area for storing the subgroup identification number 1300 to which the user belongs. The areas for storing the subgroup identification numbers are prepared in advance for the number of subgroups to which the user belongs.

FIG. 15 is a flow chart showing the procedure on the sender side in this embodiment. This flow chart is basically the same as FIG. However, it is different in that the recipient can be designated by a subgroup identification number in addition to the personal identification number (step 503).
b).

FIG. 16 is a flow chart showing the procedure on the receiver side in this embodiment. This flow chart is basically the same as FIG. However, the difference is that the inspection of the distribution destination information is performed not only by the personal identification number but also by the subgroup identification number (step 804b).

In this embodiment, the same effect as that of the first embodiment can be obtained, and the users who frequently send the same mail are subgrouped in advance to reduce the burden on the users. And can be made easier to use.

(Example 4)

Next, a fourth embodiment of the present invention will be described.
The system configuration of the fourth embodiment is similar to that of FIG. Further, the internal configurations of the terminal and the reader / writer are the same as those in FIG. However, as shown in FIG. 17, the destination list 209d used in this embodiment does not have a hierarchical structure, and individuals and groups are not distinguished, and individual / group identification numbers are assigned in the same row.

Further, as shown in FIG. 18, the IC card 1
In the memory 403 of 20, the individual / group identification number 17
An area for storing 00 is provided. The area for storing the individual / group identification number is prepared in advance for the number of groups to which the user belongs + 1.

FIG. 19 is a flow chart showing the procedure on the sender side in this embodiment. This flow chart is basically the same as FIG. However, it is different in that the recipient is designated by the individual / group identification number (step 503c), and only the data key, the random number, and the distribution destination information are transmitted to the IC card (step 504b). That is, the key generation information does not include the group number.

FIG. 20 is a flow chart showing a procedure for generating a ciphertext key inside the IC card 120 in this embodiment. This flow chart is basically the same as FIG. However, the difference is that the group number is not included (step 60).
2b).

FIG. 21 is a flow chart showing the procedure on the receiver side in this embodiment. This flow chart is basically the same as FIG. However, the difference is that the group number is not inspected, and the distribution destination information is inspected using the individual / group identification number (step 804c).

FIG. 22 is a flow chart showing a procedure for generating a data key inside the IC card 120 in this embodiment. This flow chart is basically the same as FIG. However, the difference is that the group number is not included (step 60).
2b).

In this embodiment, the same effect as in the first embodiment can be obtained, and the degree of freedom of the group structure can be increased. However, when the number of users and the number of groups of the system are large, the number of bits of the distribution destination information increases, so in this respect, it is preferable to adopt the first embodiment.

[0097]

As described above, according to the present invention,
When a broadcast communication is carried out by an electronic mail system or the like, the encrypted communication can be carried out in such a manner that only the person who desires can understand the correct contents, and the security of the mail document can be improved.

[Brief description of drawings]

FIG. 1 is a schematic diagram showing a processing procedure in a cryptographic communication system according to a first embodiment of the present invention.

FIG. 2 is a system configuration diagram of the encryption communication system of the embodiment.

FIG. 3 is an internal configuration diagram of a terminal and a reader / writer in the embodiment.

FIG. 4 is a configuration diagram of a destination list in the embodiment.

FIG. 5 is an internal configuration diagram of the IC card in the embodiment.

FIG. 6 is a flowchart showing a procedure on the sender side in the embodiment.

FIG. 7 is a configuration diagram of key generation information in the example.

FIG. 8 is a flowchart showing a procedure for generating a key on the sender's IC card in the embodiment.

FIG. 9 is a flowchart showing a procedure on the receiver side in the embodiment.

FIG. 10 is a flowchart showing a procedure of key generation for the IC card on the receiver side in the embodiment.

FIG. 11 is a block diagram showing a system configuration in a modified example of the same embodiment.

FIG. 12 is a configuration diagram of a destination list in the second embodiment of the present invention.

FIG. 13 is a configuration diagram of a destination list in the third embodiment of the present invention.

FIG. 14 is an internal configuration diagram of the IC card in the example.

FIG. 15 is a flowchart showing a procedure on the sender side in the embodiment.

FIG. 16 is a flowchart showing a procedure on the receiver side in the embodiment.

FIG. 17 is a configuration diagram of a destination list in the fourth embodiment of the present invention.

FIG. 18 is an internal configuration diagram of the IC card in the example.

FIG. 19 is a flowchart showing a procedure on the sender side in the embodiment.

FIG. 20 is a flowchart showing a procedure for generating a key on the sender's IC card in the embodiment.

FIG. 21 is a flowchart showing a procedure on the receiver side in the embodiment.

FIG. 22 is a flow chart showing a procedure of key generation for the IC card on the receiver side in the embodiment.

FIG. 23 is a block diagram showing a configuration example of a conventional cryptographic communication system.

[Explanation of symbols]

100-103 ... Terminal, 110-113 ... Reader / writer, 120, 121 ... IC card, 130 ... Communication network, 1000 ... Storage device.

 ─────────────────────────────────────────────────── ─── Continuation of the front page (72) Kazuo Takaragi, Kazuo Takaragi 1099, Ozenji, Aso-ku, Kawasaki-shi, Kanagawa Hitachi, Ltd. Systems Development Laboratory (72) Inventor Kenichi Funakubo 6 Onoue-cho, Naka-ku, Yokohama, Kanagawa 81-chome Hitachi Software Engineering Co., Ltd. (72) Inventor Teruo Nakamura 6-81 Onoue-cho, Naka-ku, Yokohama-shi Kanagawa Hitachi Software Engineering Co., Ltd. In-house

Claims (20)

[Claims] 1. A cryptographic communication method applied to communication between a plurality of terminals connected to each other by a communication network, wherein a terminal on the transmitting side encrypts plaintext with a data key, A ciphertext key generation step for generating a ciphertext key based on a data key, destination information for identifying a recipient, and a master key common to the system, and a communication text including the destination information, the ciphertext key, and the ciphertext. The terminal on the receiving side executes the transmitting step of transmitting to the communication network, the receiving step of receiving the communication text transmitted to the communication network, and the destination information and the ciphertext key included in the received communication text. A data key generation step of generating a data key using the master key, and a decryption step of decrypting the ciphertext included in the communication text to generate a plaintext using the generated data key are performed. Cryptographic communication method . 2. The ciphertext key generation step in the terminal on the transmitting side is executed inside a storage medium which is removable from the terminal body and has an arithmetic function for performing ciphertext key generation processing. The cryptographic communication method according to item 1. 3. The data key generating step in the receiving side terminal is executed inside a storage medium which is removable from the terminal body and has an arithmetic function for performing the data key generating process. The encrypted communication method described in. 4. The storage medium is an IC card.
Alternatively, the encrypted communication method described in 3 above. 5. The encryption communication method according to claim 2, wherein the storage medium stores an identification number unique to each storage medium and the master key. 6. The destination information is a bit string in which bits having a value of “0” or “1” are arranged in a predetermined length,
Each bit consists of a bit string associated with an identification number unique to the storage medium, and in the storage medium of the receiving terminal, the bit of the destination information corresponding to its own identification number has a predetermined value. 6. The cryptographic communication method according to claim 5, wherein the data key is generated only in the above. 7. The terminal on the transmission side stores a destination list that associates the name of each user with the identification number of the storage medium owned by the user, and uses the destination list as the destination information. The encrypted communication method according to claim 6, wherein the encrypted communication method is created. 8. All the users are divided into a plurality of groups in advance, and the identification number includes a group identification number designating the group and a personal identification number designating each user in the group. The encrypted communication method according to claim 5, further comprising: 9. In addition to the personal identification numbers in each group,
9. The encrypted communication method according to claim 8, further comprising an identification number for collectively designating all the users belonging to the group. 10. The personal identification number in each group, and a subgroup identification number for designating a subgroup composed of a plurality of users belonging to the group. The encrypted communication method described in. 11. A group including a plurality of users is appropriately set in advance, and the identification number is a group identification number designating the group or a personal identification number designating each user in the group. 8. The encrypted communication method according to claim 5, wherein the encrypted communication method is present. 12. A cryptographic communication system for performing cryptographic communication between a plurality of terminals mutually connected by a communication network, the encryption processing means for encrypting plaintext with a data key to create a ciphertext, and the data. A ciphertext key generation processing unit that generates a ciphertext key based on a key, destination information that identifies a recipient, and a master key common to the system, and a communication text that includes the destination information, the ciphertext key, and the ciphertext. A terminal on the transmission side, which comprises a transmitting means for transmitting to the communication network, and a receiving means for receiving the communication text transmitted to the communication network,
A data key generation processing unit that generates a data key using the master key from the destination information and the ciphertext key included in the received communication text, and decrypts the ciphertext included in the communication text using the generated data key. A cryptographic communication system comprising: a receiving-side terminal provided with decryption processing means for generating plaintext. 13. The terminal on the transmitting side includes a terminal body having the encryption processing means and the transmitting means, a ciphertext key generation processing means, and a storage medium detachable from the terminal body. It provided, It has characterized by the above-mentioned.
The encrypted communication system described in. 14. The terminal on the receiving side includes a terminal main body having the receiving unit and the decryption processing unit, a storage medium having the data key generating unit and detachable from the terminal main unit. The cryptographic communication system according to claim 12, wherein: 15. The cryptographic communication system according to claim 13, wherein the storage medium is an IC card. 16. The cryptographic communication system according to claim 13, wherein the storage medium stores an identification number unique to each storage medium and the master key. 17. The destination information is a bit string in which bits having a value of “0” or “1” are arranged in a predetermined length, and each bit is associated with an identification number unique to the storage medium. In the storage medium of the receiving side terminal, the data key is generated only when the bit of the destination information corresponding to its own identification number has a predetermined value. Item 16. The encrypted communication system according to Item 16. 18. A storage medium, which is used when performing cryptographic communication between a plurality of terminal bodies connected to each other by a communication network, is removable from the terminal bodies, and has a storage means and a calculation means. Then, when connected to the sending side terminal, a ciphertext key generation processing means for generating a ciphertext key based on the data key and the master key of the destination information and returning it to the terminal body; A storage medium, comprising: a data key generation processing unit that, when connected to a terminal, generates a data key using a master key from destination information and a ciphertext key and returns the data key to the terminal body. 19. Further, a unique identification number is stored, and it is determined whether or not the destination information and its own identification number have a specific relationship when connected to the receiving terminal. 19. The storage medium according to claim 18, wherein the data key is generated only in the case of the relationship. 20. A database system comprising a plurality of terminals and a storage device mutually connected by a communication network, the encryption processing means for encrypting plaintext with a data key to create a ciphertext, and the data. A ciphertext key generation processing unit that generates a ciphertext key based on a key, read permission information indicating a destination permitted to read the plaintext, and a master key common to the system; the read permission information and the encryption. A terminal on the data writing side having a writing means for writing a communication text composed of a text key and a ciphertext to the storage device via the communication network, and communication from the storage device via the communication network. A reading means for reading a sentence, a data key generation processing means for generating a data key using the master key from the read permission information and the ciphertext key included in the read communication text, and communication using the generated data key Database system is characterized in that a data read-side terminals and a decoding means for generating decrypts the plaintext a ciphertext included in the.