JPS6265150A - Method for storing privacy information - Google Patents

Abstract

PURPOSE:To secure the privacy by forming register elements, certification elements, cipher keys and the cipher original keys by means of the secret keys and therefore unabling the change of the register elements, etc., as long as these secret keys are known by outsiders. CONSTITUTION:A system controller 12 produces an open key K2=M<alpha>modN based on its own secret key alpha. A constant M is raised to alpha-th power by the key K2 and the residue is defined as M<alpha>modN when the division is carried out with a constant N. Then the key K2 is informed to all access operators 13-16 and these access operators produce open keys K2-K4 based on the secret keys beta-epsilon and give M<beta>modN-M<epsilon>modN of keys K2-K4 to the memory file 30 of a storage 11. The file 30 includes a storing area 31 for ciphering storage information, a storing area 32 for register elements, a storing area 33 for table of certification elements and a storing area 34 for table of cipher original keys. Then the register elements, certification elements, cipher keys and cipher original keys are all formed based on the secret keys. Thus the privacy is secured completely.

Description

[Detailed Description of the Invention] [Summary] A method for storing confidential information in a storage device, in which the storage file in the storage device is
It stores encrypted storage information that is the original information to be stored, as well as an encryption key necessary to create a decryption key used when reading out the encrypted storage information.

[Industrial application field]

The present invention relates to a confidential information storage method.

A computer system equipped with a storage device may be used exclusively by an individual or a single company, or may be shared by an unspecified number of people, such as a bank online system. In the former case, the need to keep the memory information secret is not so important, but in the latter case, it is a matter of fact. For this reason, there is an increasing demand for preventing leakage of stored information to third parties, and various concealment techniques are being considered.

[Prior Art] FIG. 6 is a general system diagram to which the present invention is applied. In this figure, 11 is a storage device in which a large amount of information is stored in the form of files. A system administrator 12 manages this storage device 11 as well as other peripheral devices and computers (none of which are shown). On the other hand, this storage device 11 is shared and accessed by a large number of accessors 13, 14, 15, and 16 (four in the figure). This access takes place via individually provided terminal devices. Note that the storage device 11
consists of, for example, a magnetic storage device.

Conventional secret memory uses the following methods. The first method is to use a password. This first
In the method described above, the password is used when reading out the stored information. Therefore, if there is an accessing person who is authorized to read out the stored information, the password is given to that accessing person and the stored information is read out using this.

The second method is to encrypt the stored information and store it in the form of encrypted information. In this second method, only an accessing person who knows the encryption key can decrypt the stored information.

[Problem that the invention seeks to solve]

The first and second conventional methods described above each have a common problem that management of passwords and encryption keys is troublesome. In other words, in the first method described above, once the password has been given to the accesser who is authorized to read the stored information, the password must be changed when storing new information in order to prevent the password from being leaked. Must be. Also, in the second method, it is necessary to change the encryption key, as in the first method. In either method, in the end, it is important to manage the person who has been granted access rights other than the person who stored the information, and the management of withdrawal of the stored information becomes complicated.

c. Means for Solving Problems] FIG. 1 is a format diagram showing the basic structure of a storage file formed based on the present invention. In this figure, the storage file 20 consists of areas 21, 22, 23, and 24. The area 21 is an area where encrypted storage information obtained by encrypting information to be stored secretly is stored. This area 21
is formed within the storage file 20 along with other areas 22-24. Area 22 is an area for storing the registrar, area 2
3 is an area for storing the authenticator table, and area 24 is an area for storing the cryptographic original key table.

[For production]

The registrar is used to create an encryption key necessary for encrypting the information. The authenticator is used to identify an accesser who has been given the right to access the storage file 20, and an original encryption key is obtained from this authenticator and the encryption key. When a certain accessor requests access to the storage file 20, a decryption key corresponding to the encryption key is created from the authentication code and the encryption original key, and the encrypted storage information is decrypted using the decryption key. Read information.

〔Example〕

FIG. 2 is a schematic diagram of a system to which the present invention is applied, and although the basic configuration is the same as that shown in FIG. 6, there are differences in the following points. The first is that each person has a private key that only that person knows. This private key is represented by α, β, T, δ° and ε in the figure.

First, the system administrator 12 creates a public key 2 based on his own private key α. This public key differs from a private key in that it can be known by any number of people like a telephone number ((it is impossible to determine the private key from the public key). Also, as will be explained later, this public key Otherwise, the encrypted storage information cannot be decrypted.In the present invention, the following (1) is used as the public key Kt.
).

K, = Mα mod N
(Iin Mα11od in (1) above (
Modulo) Of N, M is a predetermined constant, and when this constant M is raised to the α power and divided by the predetermined constant N, the remainder is Mαl1od N, and this is public N K t. . This public key 2 of the system administrator 12 is notified in advance to all accessors 13 to I6 and made public.

Similarly, accessors 13 to 16 use their private keys β to ε to create public keys with 3. Create 4, Ks and . Note that it is not necessary for all accessors to enjoy the private key and the public key, but only those who need to store and read the information possess it. These public keys are created using the same method as +1) above, and (2) to (
5).

Ks””MβmodN f2)K, =
Mγs+odN (31Ks−Mam
odN (4)K, =M' m
odN (5) These public keys are notified to the system administrator 12 in advance and made public. After making such preliminary preparations, the information to be kept confidential is stored.

FIG. 3 is a format diagram showing one embodiment of a storage file according to the present invention, and shows one of the many storage files stored in the storage device 11 of FIG. 2. As shown in this figure, the storage file 30 (first
(corresponding to 20 in the figure) is an area in which encrypted storage information obtained by encrypting information to be stored secretly is stored. According to the invention, this region 31 (corresponding to 21 in FIG. 1) as well as regions 32.33 and 34 (22.23 and 2 in FIG. 1)
4) are formed in the same storage file 30. First, area 32 is an area for storing a register. The registrant is the public key of the registrant who has registered the encrypted storage information, and in this example, it is assumed that the accesser 13 in FIG. 2 is the registrant. Therefore, the registrar is Mβll1odN. Area 33 is an area for storing an authentication code table. The authenticator is the public key of an accesser other than the registrant 13 who is permitted to access and read the encrypted storage information. In this example, it is assumed that access users 14 and 15 in FIG. 2 have been granted access rights. Therefore, the authenticator in this case is MγIIIod
N and MamodN. The area 34 is an area for storing a table of cryptographic original keys.

The cryptographic key is information that should be kept confidential (TXT in Figure 2).
: Text) is a key obtained by further encrypting the encryption key used when converting the data into encrypted storage information (area 31), and in this figure, it is E, (Mαγmod N).

Mαβl1lod N ) and ES (Mαδmod
N, Mαβmod N).

The above-mentioned encryption key (Ktz:+) used when converting the information TXT to be stored secretly into encrypted storage information is the private key β known only to the registrant 13 and the public key 1! of the system administrator 12! Kg (=MamodN) as shown in (6) below.

Kgz3=MαβmodN (61 On the other hand, the system administrator 12 uses the private key α that only he/she knows and the public key Mβmod N that has been notified to the system administrator 12 from the registrant 13 to create the same encryption key K.3 (−Mα
βLIIod N ) can be created. In other words, the encryption key K
. , is a key that can be created independently only by the system administrator 12 and the registrant 13.

As mentioned above, the encryption key (E) is the above encryption key KEt3.
This is obtained by further encrypting this, but I will explain this in a little more detail. The system administrator 12 is the registrant 1
The encryption key K is first obtained by referring to the authenticator table (area 33) of the accessors 14 and 15, that is, the accessors 14 and 15, who have been notified in advance by the accessor 3.

4 and KE□ are created as shown in (7) and (8) below, respectively.

Ktt4 ”MαγmodN (7
) Ktzs = Mα−odN (8)
The system administrator 12 also receives the encryption key K used to encrypt the information TXT. , is encrypted with the above encryption keys KE□4 and Kets, and the above encryption original keys E4 and E,
Create. The details are as shown in (9) and 00) below, and are illustrated in area 34 of FIG.

E4 (MαγmodN, MαβmodN)
f9) Es(MαδmodN, MαβmodN)
The OQI symbol E (X: Y) means that Y is encrypted with key X. Using this symbol E, the encrypted storage information in the area 31 can be expressed as E (Mαβ mod N, TXT) Qυ. All the required data is thus stored in the storage file 30.

FIG. 4A is a system outline diagram at the time of information registration, and shows a case where the accessor 13 in FIG. 2 becomes the registrant. Further, FIG. 4B is a formant diagram of data Dw supplied to the storage device 11 at the time of information registration.

In FIG. 4A, the dotted arrow connecting the system administrator 12 and the registrant 13 indicates that each other's public key is 2 (=MαII
Iod N (=Mγmad N ) and Ks
(=MδmodN). Registrant 1
3 is data D shown in FIG. 4B based on these key information.

(W means -rite time), storage device 1
Send to 1. Reference numeral 41 in the storage device 1 is an encryption unit that acts on the information TXT to be stored in a confidential manner, and encrypts the information TXT to obtain encrypted storage information and stores it in the area 31 (FIG. 3) in the storage file 30. Store. Encryption key K at this time
123 (=Mαβmod N) is system administrator 1
2 gives.

In FIG. 4B, data portion 4 forming data D8
2 and 43 are regions 32 and 33, respectively, in FIG.
This is the data stored in Information TXT to be stored in a confidential manner is written in the data portion 44, and a digital signature is written in the data portion 45. This digital signature (45) is effective for preventing tampering of the information TXT, and is also notified to the system administrator 12 in advance.

This digital signature can be formed using a method similar to scrambling, for example, by sequentially reading out the output of a memory that stores information TXT, performing an EXOR (exclusive OR) with a certain data string, and re-inputting it into the memory. By repeating the operation, a data pattern dependent on the information 11TXT is generated, and this is used as a digital signature. If a similar scrambling operation is applied to the information read from the storage file 30 and the same digital signature is obtained, it is confirmed that the information has not been tampered with.

Next, a procedure for reading the encrypted storage information stored in the storage file 30 and obtaining the original information TXT will be described.

In this case, since the registrant 13 can create the encryption flKEzs himself (as described above), he can use this as a decryption key to decrypt the encrypted storage information. However, even if accessor 14 or 15, who has been granted access rights, attempts to read the information, since he does not know the private key β of registrant 13, he cannot create 21 in the encryption key, and therefore cannot decrypt it. .

Therefore, assuming that the accessor 14 requests to read the information, first, the user 14 requests to read the information, first, the user 14 requests to read the information.
Pass N to the system administrator 12. System administrator 12
is this authenticator Mγmod N and a secret key α known only to the self.
MαγIIIodN is created based on the encryption key E4 (M(1γmod
N, Maβl1lodN). Mα here
β...odN, that is, the encryption key K 1t3 (= Mαβsod N ) used to encrypt the information, is reproduced, the encrypted storage information is decrypted using this, and the reproduced original information is handed over to the accessor 14. . User 1 accessed here
4 obtains the desired information TXT. In addition, system administrator 1
2 requests a digital signature in order to confirm whether the accesser who has just requested access is the real accesser 14. If the real accessor 14 is not the public key, (=
Even if the private key T is known, the private key T must not be known. Therefore, first, the system administrator 12 adds a digital signature to the true accessor 1 in advance.
4 (same for other access users with access rights) and keep it aside. This stored digital signature consists of a private key γ known only to the true accessor 14 and a public key Kg (=Mαmod) notified by the system administrator 12.
N), the encryption key Ktza (=
Mα7'a+odN) wo creation shi, ko (D K tza
A digital signature is applied to a message in a fixed frame specified by the system administrator 12 using the system administrator 12.

This digital signature, similar to the scrambling described above, converts the message into Kt! This is the result of the scramble operation in step 4. On the other hand, when the accessing person requests to read the information in the storage file 30, the system administrator 12 passes the message to the accessing person.

Then, the accessor creates an encryption key Ktza using the private key T, which the true accessor 14 should know, and the public key Kg (-MαmodN) known from the system administrator 12, and uses this to create an encryption key Ktza. Scramble the message just given to obtain a digital signature. When the system administrator 12 receives this digital signature, it compares it with the already stored digital signature corresponding to the accessing person 14. If it is the true accessor 14, the original private key γ is used correctly, so the verification results in a match. Seeing this match, the system administrator 12 generates the regenerated encryption key Kits (=MαβmodN
) to start the decryption described above.

Figure 5A is a system overview diagram when reading information;
The case where the accessor 14 in the figure is the read requester is shown.
FIG. 5B is a format diagram of data DI exchanged with the system administrator when reading information. In FIG. 5A, dotted arrows connecting the system administrator 12 and registrant 13 indicate each other's public keys Kz (-Mαsod
N ) and 4(-Mγsod N ).

The first data portion 52 of the data D (R stands for Ro, meaning 4 o'clock) exchanged between the access user 14 and the system administrator 12 is a flag indicating a read request, and following this, the data portion 52 is a flag indicating a read request. 53 has its own authentication code (Mγsod
N). In response to this, system administrator 12
The above-mentioned fixed frame message is placed in the data portion 54 and delivered to the accessing user.The content of the message itself may be anything, but once it is determined, the content is always the same. Upon receiving this message, the private key γ and the public key Mα mod N, which are known only to the true accessor 14, are
The cryptographic key Mαγmod N described above is created, a digital signature is created by a scrambling operation, this is placed on the data portion 55 and returned to the system administrator 12, and the verification described above is performed. After this verification, the system administrator 12 determines the original cryptographic key E4. (Mαrmod
As described above, the decryption key is regenerated from the authenticator MrmodN, MαβmodN) and the authenticator MrmodN. This decryption key is KE! ! If the decryption unit 51 in the storage device 1 decrypts the encrypted storage information using this, the original information T
XT is obtained and handed over to the accessor 14.

〔Effect of the invention〕

As explained above, according to the present invention, whether it is a registrar, an authenticator (public key), an encryption key, or an original encryption key, all are configured using a private key as a medium. As long as the key is not known to a third party, confidentiality can be maintained without changing the above-mentioned registrant etc. This means that it is no longer necessary to change passwords and encryption keys, manage those who have been granted access rights, manage the withdrawal of stored information, etc. as in the past, and greatly simplify key management. bring.

[Brief explanation of drawings]

FIG. 1 is a formant diagram showing the basic structure of a storage file formed based on the present invention, FIG. 2 is a system outline diagram to which the present invention is applied, and FIG. 3 is an example of a storage file based on the present invention. FIG. 4A is a system outline diagram at the time of information registration, FIG. 4B is a format diagram of data D8 supplied to the storage device 11 at the time of information registration, and FIG. 5A is a system outline diagram at the time of information reading. FIG. 5B is a format diagram of data D'R exchanged with a system administrator when reading information, and FIG. 6 is a schematic diagram of a general system to which the present invention is applied. 11...Storage device, 12...System administrator,
13...Accessor (registrant), 14.15.16...Accessor, 20.30...
Storage file, 21.31... Store area for encrypted storage information, 22.32... Store area for registrar, 23.
33... Authenticator table store area, 24.34.
...Storage area for cryptographic key table.

Claims (1)

[Claims] 1. For each of a registrant who requests storage of information to be kept confidential, a system administrator of a system equipped with a storage device that stores the information, and an accessor who accesses the storage device, Set a private key known only to the user, set a public key that is created according to certain rules based on each of the private keys, and create a public key based on the system administrator's public key and the registrant's public key. create an encryption key according to a certain rule, use the encryption key to encrypt the information as encrypted storage information, store this in a storage file in the storage device, and store the encrypted information in the storage file. Along with the storage information, a registrar consisting of the registrant's public key, which is used to create a decryption key necessary for decrypting the encrypted storage information, and the registrant who has been granted access rights to the storage file by the registrant. An authenticator consisting of the accesser's public key used to identify the accesser, and the encryption key further encrypted with each of the authenticators, when one of the accessers requests access to the storage file. A secret information storage method characterized in that a cryptographic original key used for reproducing the decryption key using the authenticator is stored in the cipher.