JPH0950236A - Method and device for reproducing secret key - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a method and a device through which a secret key is reproduced even though the key has been disappeared or it has become unusable. SOLUTION: Necessary conditions to reproduce a secret key are beforehand set (S1). Then, a personal portable device, into which the secret key is assembled, is issued to a user (S2). Secret key partial information, which is made by dividing the key, is distributed to a person (a mediator) who makes the judgement on the propriety of the reproducing of the key (S3). If the key is lost (S5), the mediator is asked to supply the secret key partial information (S6). If the reproducing conditions of the key are met (S7), the user's secret key is reproduced (S8).

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a method of reproducing a secret key used for a cryptographic algorithm and its apparatus.

[0002]

2. Description of the Related Art Digital cryptographic algorithms include common key cryptographic algorithms (secret key cryptographic algorithms) and public key cryptographic algorithms.

The common key cryptographic algorithm is capable of high-speed operation, but since the same common key is used for the encryption key and the decryption key, only the communicating parties need to keep the common key secret. is there.

On the other hand, the public key cryptographic algorithm has a large amount of calculation compared to the common key cryptographic algorithm and is not suitable for high speed processing. However, since different keys are used for the encryption key and the decryption key, the encryption key is used. By making it public, it is not necessary to secretly deliver the key unlike the common key of the common key encryption algorithm.

However, in the public key encryption algorithm,
Since the encryption key is open to the public, anyone can generate a ciphertext. For this reason, it is also necessary to prove who encrypted the sent communication text and sent it. Therefore, what has come to be considered is partner authentication using a signature.

RSA encryption is a typical example of public key encryption having a partner authentication function. This is about encrypted communication
Use the encryption key when encrypting, the decryption key when decrypting, and the decryption key when generating a signature,
Use the encryption key to verify the signature.

[0007]

However, no matter what public-key cryptographic algorithm is selected, in order to truly verify each other's parties correctly, the signer and the signer's encryption key must be disclosed truly. The function of the certificate issuing (center) device is required. It is said that the certificate issuing center must satisfy the following points. "The certificate issuing center and the personnel of that center issue a certificate that accurately and truthfully certifies the relationship between the encryption key and the registrant,
Must be made public. (In cryptographic theory, such a certificate issuing center (key management center) is called a trust.)

By the way, the programs and images of the personal computer,
Some products use digital information such as music information, but in the case of digital information, it is generally illegal because the information does not deteriorate even if the copy is repeated for many generations, such as copying from the original and copying from the copy. The copy is endless, and the damage is enormous.

Conventionally, as a method for coping with such illegal copying, (1) a method of applying protection to the information supply medium (such as a floppy disk) which cannot be copied, and (2) copying can be freely performed. Encryption of the digital information that is the product (high-speed decryption and use is required so that a key is required to execute or reproduce the program, video, or music information except for a part of it, so common key encryption There is a method of distributing the key only to those who can confirm the intention to pay the price by using a network or the like and who actually paid the price.

The former is often used in game software for personal computers, but it also becomes an obstacle when a legitimate user makes a legitimate copy, such as installing on a hard disk or creating a backup, which is an advantage. At the same time, the disadvantages are great, so it is rarely used in business software. But the latter
It cannot be used in earnest unless the key is obtained through a formal procedure such as payment, but it can be freely copied and distributed to many people, and a part of it can be tried, so it has high potential and development potential. Has been done.

The above-mentioned technical problems in the method of using the key are the method of confirming the will to pay, the method of distributing the key, and the method of storing the key.

A method using a public key encryption algorithm is effective for distributing a signature function used for confirming a user's willingness to pay and a common key used for decrypting encrypted digital information.

Regarding the key storage method, it is meaningless if the user can copy the digital information after decryption with the common key. Therefore, the decryption is performed inside the personal computer, and the digital information after decryption is stored in the user himself. It is effective to cover it so that it cannot be touched. Similarly,
Since it is not convenient to distribute the common key without permission, there is a method to encrypt it with the private key of the public key encryption algorithm, and to prevent the user himself from extracting the private key of the public key algorithm used for both decryption. It is valid.

Even if such a method is used, the person who generates the private key of the user's public key cryptographic algorithm can forge the signature of the user's willingness to pay. Strictly speaking, strictly speaking, the user's will. It is not possible to determine whether the signature is a forged signature or a forged signature. Therefore, conventionally, it has been assumed that a person involved in key generation (key manager) never commits fraud.

However, considering that most of the frauds performed so far are such frauds of the key managers, it is possible that the fraud of the key managers will continue to occur in the future. Even if the administrator does not cheat, the key custodian cannot completely eliminate the suspicion.

To summarize the above, the user and the key manager must satisfy the following conditions in order to purchase and use digital information that can be easily copied.

The key for decrypting digital information (the secret key of public key cryptography and the common key of common key cryptography) must not be known (generated) by anyone including the user and the key manager.

The key used for the signature as the proof of willingness to pay (private key of public key cryptography) must be able to prove that it cannot be used by anyone other than the user.

Further, as an operational problem, if the private key owned by only an individual is stored so that it cannot be read (Japanese Patent Application No. 7-155030), the private key may be lost due to force majeure (device failure, etc.). In some cases, it may become unusable because it has disappeared. However, it was not possible to reproduce a secret key that no one knew.

An object of the present invention is to provide a cryptographic system which can prove that only a user can use a secret key of encryption that no one knows, even if the secret key disappears or becomes unusable. Reproduce this (revive)
It is to provide a method and a device for reproducing a private key capable of performing.

[0021]

In order to solve the above problems, the present invention provides a method for reproducing a secret key in the case where it is necessary to reproduce the secret key due to loss of the secret key used for encryption, etc. If there is at least one secret key reproduction judge who determines the validity of key reproduction, and if it is not necessary for all secret key reproduction judges to agree to reproduce the secret key, which secret key reproduction judge agrees Define the condition for determining whether to reproduce the secret key, and distribute the secret key partial information obtained by dividing the information necessary for reproducing the secret key to at least one secret key reproduction judge based on the condition for judging the secret key reproduction. If the need to reproduce the private key arises, the secret key reproduction judge who has decided in advance determines the validity of the reproduction of the secret key and judges that the reproduction of the secret key is proper. Collect the private key part information owned by Satisfies the secret key reproduction condition secret key partial data because obtained is predefined, and wherein the reproducing the secret key.

This makes it possible to reproduce an encrypted secret key that no one should know, and to prevent the loss of all information encrypted by the secret key due to the loss of the secret key or the like. Also, at this time, the reproduced secret key can be used only by the person himself, and the value is not known to anyone, and the encrypted information is known to anyone other than the owner of the secret key. Therefore, it is possible to satisfy the condition of the private key for ensuring that the digital information is not illegally copied and the willingness to pay can be surely proved.

Further, in the method of reproducing the private key when it becomes necessary to reproduce the private key due to the loss of the private key used for encryption, etc., the private key cannot be known by anyone including the person involved in the key generation. Generate a key and store the secret key secretly without anyone knowing it, including the owner of the secret key,
The stored private key can be used only by the owner of the private key, but the value should not be known to anyone including the owner, in case the private key needs to be reproduced due to loss or the like. It is necessary to reproduce the private key by having at least one private key reproduction judge who judges the validity of reproduction of the private key in advance possessing the private key part information which is a part of the information necessary for reproducing the private key. If a secret key reproduction judge judges the validity of the secret key reproduction based on predetermined conditions, and the secret key reproduction judge is judged to be valid, the private key possessed by the secret key reproduction judge According to the one that brings the partial information and reproduces the private key without the knowledge of anyone, if the brought-in private key partial information satisfies the secret key reproduction condition. Generated and owned without the knowledge of anyone It is possible to the same reproduction of the secret key that is used is stored in secret without being known to many people, including.

Further, as secret key reproduction conditions, a secret key reproduction essential condition in which even one of the secret key reproduction judging persons cannot reproduce the secret key if it is judged that the secret key reproduction is not accepted, and the secret key reproduction judging person. N out of m (m> n ≧
0) the secret key reproduction threshold value condition that the secret key can be reproduced if the secret key reproduction is accepted, and at least one secret key reproduction essential condition and at least 0 secret key reproduction threshold value condition are satisfied. If it is necessary to determine the order, the order is defined for the conditions that satisfy the condition, and before making a judgment on a certain secret key reproduction essential condition or secret key reproduction threshold condition,
Reproduction of the secret key by arbitrarily combining the three conditions of the secret key reproduction order condition, which allows you to make a judgment after seeing the result of the previous secret key reproduction essential condition or the secret key reproduction threshold condition. It is possible to reproduce the private key with full consideration of the interests of those concerned.

In the secret key reproducing device in the case where it is necessary to reproduce the secret key due to the loss of the secret key used for encryption or the like, the secret key storing means for storing the secret key and the secret key are used as the secret key. Private key dividing means for dividing into partial information, private key reproduction validity judging means for judging validity of reproduction of secret key, means for distributing secret key partial information to secret key reproduction validity judging means, secret key If it is necessary to reproduce the secret key, if the secret key reproduction validity judging means judges that the secret key is properly reproduced, the means for submitting the secret key part information and the submitted secret key part information are used. And a secret key synthesizing means for synthesizing a secret key.

This makes it possible to reproduce a cryptographic secret key that no one should know, and to prevent the loss of all information encrypted by the secret key due to the loss of the secret key.

Further, in the secret key reproducing apparatus in the case where it becomes necessary to reproduce the secret key due to the loss of the secret key used for encryption, etc., the secret key storage for storing the generated secret key without anyone knowing it. Means, a secret key dividing means for dividing the secret key into secret key partial information, a secret key reproduction validity judging means for judging validity of reproduction of the secret key, and a necessity for reproduction of the secret key, Private key reproduction When the reproduction key is judged to be valid by the means, the means for submitting the secret key part information and the secret key for secretly synthesizing the secret key from the submitted secret key part information According to the present invention, which is characterized by comprising the synthesizing means and the means for secretly re-issuing the synthesized secret key, the number of persons including the owner can be changed to a portable device such as an IC card or a PC card. Stored secretly without being known It is possible to reproduce the secret key encryption to be used.

When it is necessary to reproduce the secret key when the secret key and the information encrypted with the secret key are lost due to the destruction of the secret key storage means, the secret key and the encrypted information are stored. A medium, an encrypted information backup means for backing up the encrypted information according to the frequency of use, and a means for writing the content stored in the encrypted information backup means after reissuance of the medium for storing a new secret key and encrypted information According to the device including the above, the storage means including the encrypted information can be reissued together with the reproduction of the secret key.

[0029]

BEST MODE FOR CARRYING OUT THE INVENTION The embodiments of the present invention will be described below with reference to the drawings. Here, the secret in the most widely used RSA cryptosystem, which has both the cryptographic function and the authentication function in the public key cryptographic algorithm, is described. The case of reproducing the key will be described as an example. For details on RSA encryption, see, for example, “Chapter 6 RSA public key encryption” in “Modern Cryptography” edited by The Institute of Electronics, Information and Communication Engineers, co-authored by Ikeno and Koyama.
Are detailed in.

FIG. 1 shows an outline of a first embodiment of the present invention, in which a secret key is a portable secret key storing means such as an IC card or a PC card (hereinafter referred to as a personal portable device). ) Is stored and issued, and the stored private key disappears as an example (for the sake of clarity, a description according to real life is added in []).

First, for the personal portable device 1 manufactured by the device manufacturing apparatus (not shown), the user key issuance /
In the reissue device 2, the private key of each individual is secretly written based on the user public information 3, and the certificate and the like are written without being tampered with.

The personal portable device 1 thus customized for individual use is delivered to the user 4 [corresponding to the fact that a person's family register is completed], and the user 4 receiving the device 1 can use it. As a result, the predetermined service 5 can be received.

Here, it is assumed that the user 4 mistakenly erases the secret key in the device 1 (6) (actually,
Due to security problems, the private key of a person is often stored in a volatile memory, and when the battery in the device 1 is used up, it disappears and cannot be used again. ) [Equivalent to the disappearance of the family register of the person].

In such a situation, conventionally, the private key cannot be used, and all the information of the service 5 received up to that point and all of the right to receive the service 5 in the future are required. It is lost [corresponding to the person not existing in the family register]. If the user key is issued
Even if the reissue device 2 reissues the personal portable device, it is not possible to prove the association with the previous device 1 (because the lost private key is associated with the newly issued private key). Is possible, because it means that it is possible for another person to impersonate that person.) [When a person is in the family register, he is the same person as himself before he was lost again. Equivalent to being unable to prove].

FIG. 2 shows a flow of the reproducing method when the secret key is extinguished according to the present invention, which will be described below.

First, the conditions necessary for reproducing the secret key are set in advance (step S1). Then personal mobile device 1
Is issued by the user key issuing / re-issuing device 2 (step S2), and at the same time, the secret key partial information 7 obtained by dividing the secret key is provided to the person (arbitrator) who judges the validity of reproducing the secret key.
Is distributed (step S3). The user can receive the service by receiving the personal mobile device 1 (step S4).

In the present invention, when the secret key is lost (step S5), the secret key partial information 7 is submitted together with the personal portable device 1 (step S6) so that the secret key reproduction condition is satisfied (step S6). In step S7), the user private key can be reproduced (step S8).

On the other hand, if the arbitrator (institution) does not submit the secret key part information 7 due to the history of unauthorized use and the conditions for reproducing the secret key are not satisfied, the secret key is reproduced at this point. It can be disabled (step S9).

At this time, the secret key part information 7 must satisfy the following conditions. That is, the private key part information 7 is a part of the private key for generating the private key, and should not be the whole. The secret key partial information 7 is distributed and distributed to all persons involved in personal authentication when the personal portable device 1 is issued, and secretly managed. -Each person may know the value of the secret key partial information 7 managed by each person. -Calculating a private key from some private key partial information 7 requires a cryptographic strength equivalent to guessing the private key from the public information of the public key (corresponding to the fact that some people cannot collude) . When the secret key reproduction condition agreed upon and issued at the time of issuing the personal portable device 1 is satisfied, the secret key can be secretly reproduced only in the user key issuing / reissuing device 2 which is a tamper device.

Next, a method of distributing the secret key part information of the secret key will be described.

The private key partial information used in the present invention is a part of the private key as described above, and the private key can be generated by collecting a certain number or more of the private key partial information.

Specifically, it can be basically divided into three pieces of information (conditions) as shown in FIG. (1) If there is no such information, the private key cannot be reproduced, and it is a mandatory condition to reproduce the private key. (2) Of the j pieces of information, the secret key can be reproduced by collecting k or more pieces of threshold information, and the secret key reproduction threshold condition is set. (3) The order in which the information is collected is also determined, and the private key cannot be reproduced unless the private key is collected in that order, which is the secret key reproduction order condition.

In practice, an arbitrary combination of these three conditions as elements becomes the actual secret key reproduction condition.

Here, what is important as a method of selecting a person who distributes the secret key is that all persons and institutions involved in the interest of the person who tries to reproduce the secret key are included.
This is because if one of the people involved is missing, it means that he or she has colluded and reproduced the private key.

The owner of the personal portable device whose private key can no longer be used, that is, the user, naturally wants to reproduce the private key. Therefore, the secret key reproduction essential condition 11 is set. Regardless of the will, the private key can be reproduced without permission.). The user sends the private key partial information held by the user to the user key issuing / reissuing device 2.

Next, in response to a request from the user to reproduce the secret key, a credit card company or the like checks whether the user has made any unauthorized use or has delayed payment of the price when using the service in the past. Since the so-called blacklist will be referred to and the reproduction of the secret key will be accepted if there is no problem, this condition is the secret key reproduction order condition 12.
Becomes

After that, the service provider A's approval 13-1, the service provider B's approval 13-2, the service provider C's approval 13-3, ... If any one of the consents 13-4 of the provider I has only to approve the secret key reproduction, this condition becomes the secret key reproduction order condition 13. Then, the approved service provider sends the same private key partial information as the user to the user key issuing / reissuing device 2.

Similarly, as the secret key reproduction threshold condition, the secret key reproduction manager (responsible person) A's approval 14-1, the secret key reproduction device manager B's approval 14-2, and the secret key reproduction device manager C
Approval 14-3, ... Approval 1 of secret key reproduction device administrator J
If it is sufficient that any two of 4-4 accept the secret key reproduction, this condition becomes the secret key reproduction order condition 14. Then, the approved administrator sends the same private key portion information as the user to the user key issuing / reissuing device 2.

Finally, it will be necessary to record who approves the reproduction of the secret key in case someone later complains about the reproduction of the secret key. Create a list (including the list creator itself), that is, the secret key reproduction order condition 15, and issue this to the user key issue /
Send to the reissue device 2.

It is desirable that these private key partial information is encrypted by a private key cryptographic algorithm or a public key cryptographic algorithm (if it is not encrypted, all private key partial information about the user should be eavesdropped. That is because there is a high possibility that the private key can be reproduced.

If the secret key reproduction essential condition, the secret key reproduction threshold condition and the secret key reproduction order condition of the secret key partial information collected as described above are satisfied, the secret key can be reproduced.

FIG. 4 shows an example of the secret key reproducing device. This secret key reproducing device, for example, 20 is a tampering device as a whole and is constructed in the above-mentioned user key issuing / reissuing device. . In the figure, 21 is a user key synthesizing unit, 22 is a synthetic key verifying unit, 23 is a user public information storage unit, and 24 is a personal portable device secret ID storage unit.

If the above-mentioned conditions are satisfied, the user's secret key is synthesized by the user key synthesis section 21. The combined key verification unit 22 checks whether the combined private key is consistent with the public key used by the user before.

This checking method generates a random number,
The random number is encrypted with the public key stored in the user public information storage unit 23, the value is decrypted with the private key, and if it matches the first random number, the relationship between the public key and the reproduced private key It turns out that there is no contradiction. If this check is performed several times, the reliability with a practically sufficient probability can be obtained. (If this check is incorrect, the condition for accepting the reproduction of the secret key with 100% probability is satisfied, It can be detected that there is fraud of somebody.)

Further, the synthetic key verification unit 22 collates the device unique ID and the user ID value stored in the personal portable device secret ID storage unit 24 in order to prevent a plurality of personal portable devices 1 from being reissued. If there is no contradiction, the private key is actually written.

How the secret key reproduction essential condition, the secret key reproduction threshold condition and the secret key reproduction order condition of the secret key information used in the present invention can be actually configured will be concretely shown below.

(1) Secret key reproduction essential condition Regarding the key k to be reproduced, k = f (k ₁ ) ● f (k ₂ ) ● f (k ₃ ) ● …… ● f (k _i ) ● …… ● Let f (k _n ). ● is an operator. This operator ● and function f
Must satisfy the following conditions.・ The exchange condition holds. ・ It is difficult to know k even if all but k _i are known. As an example of a function satisfying such a condition, k = α ^{k1 ・ k2 ・ k3} …… ^ki …… There is ^kn modp. Here, p is a prime number of about 600 bits or more,
Let α be the primitive root of p.

(2) Secret Key Reproduction Threshold Condition If k out of n people have only to approve, a k-th order simultaneous congruence equation regarding the remainder may be given to all n people. y≡x ₁ ^a modq ₁ · q ₂ …… q _i …… q _n y≡x ₂ ^a modq ₁ · q ₂ …… q _i …… q _n : y≡x _i ^a modq ₁ · q ₂ …… q _i ...... q _n : y ≡ x _n ^a mod q ₁ · q ₂ …… q _i …… q _n where q _i is a prime number of about 300 bits or more, and q ₁ · q ₂ …… q _i …. ... q _n is equal to or greater than about 600 bits. Since a and y have no meaning to be disclosed to the public, they are possessed by the user or stored as personal data in the private key reproduction device. Then, each x _i is secretly distributed. If k or more congruential expressions in the simultaneous congruential expressions are gathered, it is possible to solve them using the superremainder theorem.

(3) Secret Key Reproduction Order Condition Here, the reason for discussing the ordering is only to know whether or not the reproduction of the secret key has been approved before myself.
It is enough to confirm the signature of the person who approves. If you forgive someone else's consent when you don't, you can fool at this point,
A correct value cannot be synthesized when the secret key is synthesized in the private key reproduction device.

As described above, according to the present invention, in the cryptosystem in which it is possible to prove that only the user can use the secret key of the cipher that no one knows, even if the secret key disappears, it can be reproduced. Therefore, you will not lose all the encrypted information that has been stored. In addition,
The feature is that there is no difference in security before and after the reproduction of the private key.

The case where the private key is deleted from the personal portable device 1 has been described above as an example. However, when a large number of people actually use the personal mobile device 1 for various purposes, it is highly conceivable that the personal mobile device 1 is accidentally dropped or stomped and destroyed. Personal mobile device 1
When the device is destroyed (it can no longer function as a device), the personal portable device 1
Will need to be reissued. Note that this method is effective when the user also stores the encrypted information stored by the individual in the volatile memory in the device.

FIG. 5 shows the outline of the second embodiment of the present invention corresponding to the case where the personal portable device in which the private key is stored is destroyed, and FIG. 6 shows the reproduction when the device is destroyed. 3 illustrates a method flow. The difference from the first embodiment is that the personal encrypted data is backed up according to the frequency of use of the individual so that the user does not lose all the encrypted information stored by the individual.
(Step S10 in the flow of FIG. 6) is performed, and after the card is reissued (Step S11 in the flow of FIG. 6), restoration 9 of personal encrypted data (Step S12 in the flow of FIG. 6) is performed. Is.

Another difference from the case of the first embodiment is the handling of the device unique ID stored in the personal portable device secret ID storage unit 24. In the case of device reissue, the secret key cannot be written as it is because it is different from the device unique ID stored in the personal portable device secret ID storage unit 24. Therefore, in this case, the device unique ID is re-registered in the personal portable device secret ID storage unit 24 to enable reissue.

According to the present invention, even if the personal portable device is destroyed and cannot be used, the private key can be reproduced and the private private information can be restored. You will never lose all your information. As in the first embodiment, there is no difference in security before and after the reproduction of the private key.

Further, it is apparent that the present invention can be applied to the secret key of the common key cryptographic algorithm.

[0066]

As described above, according to the present invention, in a cryptosystem in which it is possible to prove that only a user can use a secret key of a cipher that no one knows, the secret key is erased or unusable. This can be reproduced even when the secret key is lost, and it is possible to prevent the loss of all the information encrypted by the secret key due to the loss of the secret key.

[Brief description of drawings]

FIG. 1 is a diagram showing an outline of a first embodiment of the present invention.

FIG. 2 is a flowchart showing a method for reproducing a secret key when it disappears according to the present invention.

FIG. 3 is a diagram showing an example of each condition for reproducing a secret key.

FIG. 4 is a configuration diagram showing an example of a user secret key reproduction device.

FIG. 5 is a diagram showing an outline of a second embodiment of the present invention.

FIG. 6 is a flowchart showing a reproducing method when a device is destroyed according to the present invention.

[Explanation of symbols]

1 ... Personal portable device, 2 ... User key issuing / reissuing device, 3 ... User public information, 4 ... User, 5 ... Service,
6 ... Lost secret key, 7 ... Secret key partial information, 8 ... Data backup, 9 ... Data restore, 11 ... Secret key reproduction essential condition, 12, 13, 14, 15 ... Secret key reproduction order condition,
13-1 to 13-4, 14-1 to 14-4 ... Secret key reproduction threshold condition, 20 ... Secret key reproducing device, 21 ... User key synthesizing unit, 22 ... Synthetic key verifying unit, 23 ... User public information storage unit , 24 ... Private mobile device secret ID storage unit.

Claims (6)

[Claims] 1. A method of reproducing a private key when it is necessary to reproduce the private key due to loss of the private key used for encryption, etc., and at least one private key reproduction for judging the validity of the reproduction of the private key. If a judge is set and it is not necessary to agree with all the secret key reproduction judges to reproduce the secret key, define the secret key reproduction judgment condition which secret key reproduction judge should agree. Based on the secret key reproduction judgment condition, distribute the secret key partial information obtained by dividing the information necessary for reproducing the secret key to at least one secret key reproduction judgment person, and if it is necessary to reproduce the secret key, set it in advance. The secret key reproduction judge judges the validity of reproduction of the secret key, and the private key reproduction judger judges that the reproduction of the secret key is valid. Pre-defined private key with partial information A method for reproducing a private key, which is characterized by reproducing the private key if the current conditions are met. 2. In a method of reproducing a private key when it becomes necessary to reproduce the private key due to loss of the private key used for encryption, etc., the secret is kept secret without the knowledge of anyone including those involved in key generation. Generate a key and store the private key in secret without anyone knowing it, including the owner of the private key, the stored private key being used only by the owner of the private key, but including the owner At least one secret key reproduction judge who judges the validity of the reproduction of the private key in case that the private key needs to be reproduced due to loss, etc. When the secret key partial information, which is a part of the information necessary for reproducing the secret key, is possessed in advance and it becomes necessary to reproduce the secret key, the secret key reproduction judge judges the secret key based on the predetermined conditions. The validity of the reproduction is judged, and the reproduction of the private key is reasonable. Reproducing the private key, which is determined to be, brings in the private key partial information owned by the judge, and if the private key partial information brought in satisfies the private key reproduction condition, the private key is reproduced without anyone knowing. How to reproduce the private key. 3. A secret key reproduction essential condition in which even one of the secret key reproduction judgment persons cannot reproduce the secret key if it is judged that the secret key reproduction is not accepted, and n out of m among the secret key reproduction judgment persons. A secret key reproduction threshold condition that enables a person (m> n ≧ 0) to reproduce the secret key if the secret key is reproduced, and at least one secret key reproduction essential condition and at least 0
If it is necessary to set the order of the satisfied condition among the individual secret key reproduction threshold conditions, the order is defined for the satisfied condition, and before the judgment of a certain secret key reproduction essential condition or the secret key reproduction threshold condition is made. In addition, the secret key reproduction condition can be determined by seeing the result of the previous secret key reproduction essential condition or the secret key reproduction threshold condition, and the secret key reproduction condition can be arbitrarily combined as necessary. The secret key reproducing method according to claim 1 or 2, characterized in that. 4. A secret key storage device for storing a secret key, and a secret key for storing a secret key in a secret key reproducing device when it becomes necessary to reproduce the secret key due to loss of the secret key used for encryption. Private key dividing means for dividing into partial information, secret key reproduction validity judging means for judging validity of reproduction of secret key, means for distributing secret key partial information to secret key reproduction validity judging means, secret key When it is necessary to reproduce the secret key, if the secret key reproduction validity judging means judges that the secret key is properly reproduced, the means for submitting the secret key part information and the submitted secret key part information are used. A secret key reproducing device comprising: a secret key synthesizing means for synthesizing a secret key. 5. A secret key storage device for storing a generated secret key without anyone knowing it in a secret key reproducing device when it becomes necessary to reproduce the secret key due to loss of the secret key used for encryption. Means, a secret key dividing means for dividing the secret key into secret key partial information, a secret key reproduction validity judging means for judging the validity of reproduction of the secret key, and a necessity for reproduction of the secret key, Private key reproduction When the validity judgment means determines that the reproduction of the private key is valid, the means for submitting the private key part information and the secret key for secretly synthesizing the private key from the submitted private key part information A secret key reproducing device comprising a synthesizing means and a means for secretly reissuing the synthesized secret key. 6. The secret key and the encrypted information are stored when it is necessary to reproduce the secret key when the secret key and the information encrypted with the secret key are lost due to the destruction of the secret key storage means. A medium, an encrypted information backup means for backing up the encrypted information according to the frequency of use, and a means for writing the content stored in the encrypted information backup means after reissuing the medium for storing a new secret key and encrypted information. The secret key reproducing device according to claim 4 or 5, further comprising: