JPS6253042A - Distributing system for cryptographic key - Google Patents

Abstract

PURPOSE:To prevent the effect of the processing speed of an RSA cryptology from being given onto the processing time of the session of the user by separating a key distributed in the RSA cryptology from a key distributed by a DES cryptology. CONSTITUTION:A data ciphering key distribution key KN is ciphered by the RSA cryptology and distributed by using a public key PK. A data ciphering key KF is ciphered by a DES cryptology and distributed by using the key KN. The keys KN and KF are distributed independently timewise. The master key KM is used within each node to protect other code in each node. The secret key SK is used to decode the RSA cryptology.

Description

[Detailed Description of the Invention] [Technical Field of the Invention] The present invention involves encrypting communication data between a plurality of information processing devices that perform communication via a communication line, in order to improve communication security. This is related to the encryption key distribution method.

[Technical background of the invention and its problems]

When applying encryption to communications between multiple information processing devices (terminals or centers, hereinafter referred to as nodes) in a communication system, encryption keys (hereinafter referred to simply as keys) are used. ) needs to be distributed between nodes.

It is known that cryptography can be divided into conventional cryptography and public key cryptography. Conventional cryptographic key distribution methods include conventional cryptography [for example, DEN cryptography ("' Data Encryption
ryption 5 standard ” Federa
lInformation Processing 5
Standards Publication46, 19
77, USA), etc.] [for example, S
NA method (R, E, Lennon “Crypto
graphy architecture for
Information ”
.

IBM Systems Journal, V
ol, 17. A 2 +pp-138
-151, (1978)) or the DCNA method (Nippon Telegraph and Telephone Public Corporation "DCNA network management protocol".

Japan Data Communications Association, (1981), etc.] and public key cryptography [e.g., iA cryptography (Rlvast, R,L,
at&1. @A Method for Obtai
ning Digital Signatures an
dPublic-Key Cryptosystem
s'.

Community of the
ACM, Vol. 2L iFa 2
.

PP, 120-126. (1978), etc.]: MIX method (-Specimen (supervised by) "Research on Data Protection and Encryption" 2 Nihon Keizai Shimbun, Inc. (1983), etc.) has been proposed.

The problems with the conventional method are as follows.

In the key distribution method using conventional cryptography, the key for encrypting communication data can be encrypted with the key distribution key and delivered, but the key for key distribution between nodes must be secretly distributed manually in advance. However, there are some drawbacks in terms of operability and safety.

A key distribution method using public key cryptography has a disadvantage that the processing speed is slower than a key distribution method using conventional cryptography, even if public key cryptography is used only for key distribution.

[Purpose of the invention]

The purpose of the present invention is to improve the operability of key distribution by eliminating the need for manual key distribution by using RSA encryption, and to improve the processing speed of key distribution by providing multiple types of keys. An object of the present invention is to provide a cryptographic delivery system that solves the problems of conventional systems by eliminating the influence of RSA cryptographic processing time at the time of processing.

[Summary of the invention]

By using RSA encryption, the present invention eliminates the need for manual intervention in key distribution, and by providing a plurality of types of keys, such as keys to be delivered by RSA encryption and keys to be delivered by DES encryption. By separating, 9. This is a key distribution method in which the processing speed of RSA encryption does not affect the processing time of a user's session (unit of communication processing). This technology differs from the conventional technology in the use of R3A encryption and DES encryption for key distribution, the type of key, and the processing procedure of dWrite for key distribution.

[Embodiments of the invention]

Provide the following types of encryption keys.

(,) Represented as mask key=KM. Conveniently kept within each node and used to protect other keys within the node. D
This is the key to the ES encryption. Each node independently generates and stores it in its respective storage device.

(b) Data encryption key distribution g! : Represented as KN. Protects the data encryption key (KF) when it is distributed between nodes. This is the key for DES encryption. A key is generated by one of a pair of nodes, and both nodes store a key with the same value in their respective storage devices.

(c) Data encryption key distribution Key distribution key: This is a key for RSA encryption, and the public key is expressed as PK and the private key as SK.

Protects the data encryption key distribution key (KN) when it is distributed between nodes. The public key is a key used in the RSA encryption device, and the private key is a key used in the RSA encryption decryption device. The public key and private key are generated at the center or terminal and stored in the memory IT of the node where they were generated.

(d) Data encryption key is expressed as KF. It is the key to protecting communication data. This is an encryption key of any type of encryption specified by the user of the session, and the type of encryption is not limited in the present invention. The data encryption key is
One of the pair of nodes generates it for each session, both nodes store it in their respective storage devices, and both nodes discard it when the session ends.

FIG. 6 shows the interrelationship of each key, with the arrow pointing from X to y, indicating that X is used to encrypt/decrypt y.

The PK and SK by RSA encryption are as follows. R
Let M be the condolence message in the SA cipher and C be the ciphertext, then CmiEXP (M, @) (nod n)
(1)MmiE)G)(C,d) (mod n
) (2). Here, arbitrary integers U, V
For EXP(U,V)=Uv,! One definition. any integer a.

Regarding b and m, the fact that a and b are congruent modulo m is expressed as a9b (modm). In formulas (1) and (2), C, M, e, and d+n are all integers. In this case, e and n are PK and d is SK. n+dt· is selected so as to satisfy the following expression.

n ” p Iq (3
) GCD (d, (p-1) (q-1)) = 1
(4) @, d=l (mod(p-1)(q 1))
(5) Equation (3) 1 In Equation (4) and Equation (5), p and q must be different prime numbers, and GCD (K
, L) is the greatest common divisor of any integer and L.

Encryption is performed by an encryption device, and decryption is performed by a decryption device. The functions of the encryption device and decryption device are expressed by the following functions.

In other words, let E(x : y) be the arbitrary information y as the key
The value is encrypted using the cryptographic method of key X. D(z;
Let w) be a value obtained by decrypting arbitrary information W using fiz and using the key 2 encryption method. The encryption method is R3A encryption,
There are DES encryption and other encryption methods. Random numbers are generated by a random number generator. The encryption device, decryption device, and random number generator can be devices independent of the information processing device, or can be a part of the information processing device. Further, these devices are configured with IK using hardware, software, or a combination of hardware and software.

That is, FIG. 1(,) is an explanatory diagram of the conversion function of the encryption device 1 using the DES encryption, in which arbitrary input information y is encrypted using the encryption method of the key X, and output information g(x: y) is obtained. Figure 1) is an explanatory diagram of the conversion function of the decryption device 2 using DES encryption, in which arbitrary input information W is decrypted using the cryptographic method of key 2 and output information D(z;w) is obtained. obtain. FIG. 2 (&) is an explanatory diagram of the conversion function of the encryption device 3 using RSA encryption, in which arbitrary input information y is encrypted using the encryption method of the key PK and output information E (PK; y
). FIG. 2(b) is an explanatory diagram of the conversion function of the decryption device 4 using RSA encryption, in which arbitrary input information W is converted into a key S.
From KK, the output information D (
SK ; w ) is obtained.

The key distribution method is as follows. That is, as shown in FIG. 6, the PK is encrypted using υRSA encryption and delivered. KF encrypts it with DES encryption and delivers it.

Store delivery and KF delivery can be performed independently in terms of time. Also, any node can initiate a procedure for delivery processing of a cave or KF. Each node is given node identification information Ul (l is the node name) that can uniquely identify that node. Any node can learn the node identification information of other nodes.

Let the names of two nodes that start communication be A and B, node A has no data encryption key distribution key distribution key, and node B has no key distribution key.
It is assumed that the data encryption key distribution key is present. The node names A and B may be arbitrary names. Node A and node B are different nodes. PKb and SKb are the public key and private key of node B, respectively, and are set in node B before starting communication. KMa and KMb are the master keys of node A and node B, respectively, and are set in each node before the start of communication. A cave shared by node A and node B,
Let's call it KNab.

An example of the procedure for starting the hidden delivery process from node A in this case is shown in procedure 1. Further, the procedure for starting the cave delivery process from node B uses a part of procedure 1, and is shown in procedure 2.

The fourth delivery can be performed independently of the user's session.

(Procedure 1) The procedure for starting the cave delivery process from node A will be explained with reference to FIG.

Step 1: Node A is node B
K Sends a message 301 including a PK delivery request. After that, node A generates KNab by a random number generator,
E (KMa; KNab) is stored in node A's storage device.

5tep 2: Upon receiving the PK delivery request from node A, node B sends a message 302 containing PKb to node A.
Send.

5tep3: When node A receives PKb from node B, it sends message 3 containing E(PKb; KNab■Ua).
03 to node B and performs f#S. (■ represents concatenation (combining two or more pieces of data with their original values).U
s represents the identification information of node A\) Step 4: Node B transfers information from node A to E (PKb:KNa b■Un
) is decrypted using the key SKb to obtain KNab. Then, E(KMb; KNab) is node B
The note i1 is saved in the device.

(Step 2) The procedure for starting the island delivery process from node B will be explained with reference to FIG.

5topl: Node B transmits message 401 including PKb to node A.

5tep2: Upon receiving PKb from node B, node A generates KNa b using a random number generator.

E(KMa:KNab) is stored in the storage device of node A. Then, the 'telegram 402 containing E(PKb; KN*b■Us) is transmitted to the node B.

5top3: Node B connects nodes A to E (PKb;
When receiving KNab■Us), it decrypts it using key SKb to obtain KNab. And E(KMb: KNa
b) in Node B's storage.

Next, node A and node B have no data encryption key distribution key distribution key. It is assumed that node C has a data encryption key distribution key distribution key.

Let PKe and SKe be the public key and private key of node C, respectively. No) A, node B, and node C are different nodes. When node B starts a session with node A, it will receive a PK and SK from node C. In this case, station delivery can be achieved by using procedure 1 and procedure 2 together. An example of this procedure is shown in Step 3.

(Step 3) Step: 5to of step 1 between node B and node C
p 1 , 5top 2 , 5tep 3 , and 5te
By executing P 4 (the node names change for nodes A and B in step 1, node A changes to node B, node B changes to node CK, etc.), node B becomes P
Obtain Ke and KNbc. 1cNbc is the darkness shared by node B and node C. And Node B has PKc
and E(KMb;KNbc) are held in the storage device.

Moyuel: Node C is node B K g (piece bc
;SKc '■Uc) is sent. After node C sends E()GJbe ; SKc■Uc) to node B,
Discard node C's PKc and SKc. (Uc represents the identification information of node C.) - Lj: node B is E(KNbe: SKe
■When Uc) is received, SKc is obtained from it, and E(K
Mb:SKc) is saved in the storage device.

5tep7: Node B executes 5tep l, 5tep 2, and 5tep 3 of procedure 2 for node A by treating PKc and SKc as PKb and SKb, respectively.

A method known as a conventional secret key distribution procedure is used for the KF distribution process.

An example is shown in step 4.

(Step 4) The procedure of the KF delivery process will be explained with reference to FIG.

Let ``k'' be information specifying the type of commonly used cipher used to encrypt data.

5topl: Node A generates KFab and E(KM
a :KFab) in the storage device of node A. And E(IGJab: KFab■I-AX■Ua
) is sent to the node B.

...nノ: Node B is E (KNab: KFab
■I-AX■Us) to obtain KFab, E(KMb
; KFab) in Node B's memory! ! Save it to the location. Then, a random number RN is generated by a random number generator, and the RN is stored in the storage device of the node B. Furthermore, E(KFab:
RN■Ub) is transmitted to node A.

(Ub represents the identification information of node B.) Step 3: Node A is E (KFab: RN■U
Obtain the RN from b) and save it in the storage of node A.

Then, the function f (conflict) which is determined in advance by both nodes
By applying to RN, we obtain f(RN) = RNI. Further, a message 503 including E(KFab; RNI■Ua) is transmitted to the node B. f(·) is, for example, a function that inverts a pit at a certain bit position.

5tep4: Node B is E (KFab: RNI■
RN obtained from Ua) and stored in Node B
5f(RN) is calculated and compared with RNI.

As a result, when f(RN) = RNI, K
The delivery procedure for F is ended normally, and if not, the delivery procedure for KF is ended abnormally.

〔Effect of the invention〕

(1) Performance effects We will compare the performance of the following two methods.

[Method 1] Encryption key distribution method according to the embodiment of the present invention.

[Method 2] A method in which KF is directly delivered using the RSA method without using measurement.

For one session, the sum of the increases in processing time of two nodes due to encrypted communication is calculated as follows for method 1 and method 2.
Zl and Z2 respectively (considering excluding communication time)
Then, Z1 = Encryption and decryption time of KF using DES encryption + Encryption and decryption time of communication data using user's encryption (common cipher) Z2 = Encryption and decryption time of KF using RSA encryption +
Because of the time it takes to encrypt and decrypt communication data using the user's cipher (common cipher), the encryption key distribution method of the present invention does not affect the processing time of the user's session, so the processing speed of the RSA cipher does not affect the processing time of the user's session. A key distribution system can be configured.

(2) Operability The method of the present invention does not require manual intervention for key delivery. Furthermore, since the key distribution process can be started from any node, the process when adding or deleting a node is easy.

As described above, the present invention has the advantage that the processing speed of public key cryptography does not affect the processing of a user's session, and that manual intervention is not required for key distribution.

[Brief explanation of drawings]

1 to 6 are diagrams for explaining one embodiment of the present invention. FIG. 1 is an explanatory diagram of the conversion function of an encryption device and a decryption device using DES encryption, and FIG. 2 is an illustration of an encryption device using RSA encryption. Fig. 3 is an explanatory diagram of the conversion function of the encoding device and the decoding device. Fig. 3 is an explanatory diagram of the procedure of rice delivery (step 1).
An explanatory diagram of step 2), Fig. 5 is an explanatory diagram of the KF delivery procedure (step 4).
), and FIG. 6 is an explanatory diagram of the mutual relationship of keys. 1... Encryption device (DES encryption), 2... Decryption device (DES encryption), 3... Encryption device (RSA encryption)
, 4...Decryption device @ (RSA encryption), 301...
Message containing “PK delivery request”, 302...″PKb
Telegram containing ``3 (73''・'' E (PKb: K
401..."PKb"
Telegram containing 402...-E (PKb: KNa
501-...''E (KNa
b; Telegram containing “KFa b■I-AX■Ua)”,
502...Telegram containing ``E(KFab; RN■Ub)'', 503...'E(KFab; RN
Telegram containing 'I■Us)'. Applicant's agent Patent attorney Suzu, E Takehiko Gun X (a) (b) Figure 1 Sakaki P (a) (b) No)
Node Bノ；-゛Pano-1-・B 4th cause Nohi A
2-B Figure 5

Claims (1)

[Claims] In a system that communicates between multiple information processing devices via a communication line, an encryption key (meaning a key used for encryption or decryption) for encrypting communication data and communicating between the information processing devices. The delivery is carried out using an encryption device and a decryption device for RSA encryption and DES encryption, and as the type of encryption key, the key for DES encryption is a data encryption key (arbitrarily selected to protect communication data). A "data encryption key distribution key" is used as a key to protect the data encryption key distribution key (encryption key for conventional encryption), and a "data encryption key distribution key" is used as the key for RSA encryption. In order to deliver the data encryption key, the data encryption key is encrypted and decrypted using the data encryption key delivery key as a key. An encryption key distribution method characterized in that the encryption key distribution key is distributed using encryption and decryption using a data encryption key distribution key distribution key.