WO2003101040A1 - Gestionnaire de cle secrete - Google Patents
Gestionnaire de cle secrete Download PDFInfo
- Publication number
- WO2003101040A1 WO2003101040A1 PCT/JP2002/005025 JP0205025W WO03101040A1 WO 2003101040 A1 WO2003101040 A1 WO 2003101040A1 JP 0205025 W JP0205025 W JP 0205025W WO 03101040 A1 WO03101040 A1 WO 03101040A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- secret key
- communication
- unit
- encrypted
- key
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
Definitions
- the present invention relates to a secret key management device, a secret key management method, a secret key management program, and a secret key management program.
- the present invention relates to an encryption communication system.
- an object of the present invention is to provide a secret key management device, a secret key management method, a secret key management program, and an encryption communication system that can solve the above-mentioned problems.
- This object is achieved by a combination of features described in the independent claims.
- the dependent claims define further advantageous embodiments of the present invention.
- a secret key management device that manages a secret key for a communication device to perform encrypted communication in an encrypted communication system, A secret key based on the device identification information that identifies the communication device.
- It has an encryption unit for encryption and a transmission unit for transmitting the secret key encrypted by the encryption unit to the communication device.
- a device information storage unit that stores the device identification information of the communication device and the address information in association with each other; the encryption unit encrypts a secret key based on the device identification information stored in the device information storage unit; The transmitting unit may transmit the secret key to the communication device based on the address information stored in the device information storage unit.
- the device information storage unit stores information indicating whether or not the transmission unit has transmitted the secret key to the communication device in association with the device identification information.
- the transmission unit refers to the device information storage unit, and the transmission unit
- the secret key may be transmitted to a communication device that has not transmitted the secret key.
- the encryption unit may encrypt the secret key based on the MAC address that is the device identification information of the communication device.
- the apparatus may further include a key generation unit that generates a secret key, and the encryption unit may encrypt the secret key generated by the key generation unit.
- the key generation unit may further include a random number generation unit that generates a random number, and the key generation unit may generate the secret chain using the random number when the transmission unit does not transmit the secret key to the communication device.
- the key generation unit further generates another secret key different from the secret key when a predetermined time has elapsed after generating the secret key, and the encryption unit further generates another secret key based on the device identification information.
- the encryption unit may further transmit another secret key encrypted by the encryption unit to the communication device.
- the key generation unit further generates another secret key different from the secret key when a predetermined time has elapsed after the generation of the secret key, and the encryption unit encrypts the other secret key using the secret key.
- the transmission unit may further transmit another secret key encrypted by the encryption unit to the communication device.
- the key generation unit may generate a secret key of a common key cryptosystem.
- the key generation unit may generate a secret key and a public key of the public key cryptosystem, and the transmission unit may further transmit the public key generated by the key generation unit to the communication device.
- a secret key management method in a secret key management device that manages a secret key for performing encrypted communication comprising: an encryption step of encrypting a secret key based on device identification information for identifying a communication device; Transmitting the secret key to the communication device.
- a secret key management program for a secret key management device for managing a secret key for a communication device to perform encrypted communication in an encryption communication system comprising: The device functions as encryption means for encrypting a secret key based on device identification information for identifying the communication device, and as transmission means for transmitting the encrypted secret key to the communication device.
- an encrypted communication system for performing encrypted communication, wherein a plurality of communication devices performing encrypted communication in the encrypted communication system and a plurality of communication devices encrypt each other.
- a secret key management device for managing a secret key for performing communication, the secret key management device comprising: an encryption unit for encrypting the secret key based on device identification information for identifying the communication device; and an encryption unit.
- a transmission unit that transmits the encrypted secret key to the communication device.
- the encryption communication system includes, as a plurality of communication devices, a wireless access point that performs wired communication with the secret key management device, and a wireless communication terminal that performs wireless communication with the wireless access point.
- the secret key management device includes an encryption unit.
- the wireless communication terminal further includes a key recording unit that records the encrypted secret key on a removable external recording medium, the transmitting unit transmits the secret key to a wireless access point, and the wireless communication terminal transmits the secret key from the external recording medium.
- FIG. 1 shows an example of a configuration of an encrypted communication system 10 according to the first embodiment.
- FIG. 2 shows an example of the configuration of the secret key management device 100.
- FIG. 3 shows an example of the data format of the device information storage unit 104.
- FIG. 4 shows an example of an operation flow of the secret key management device 100.
- FIG. 5 shows an example of a hardware configuration of the secret key management device 100.
- FIG. 6 shows an example of a configuration of an encrypted communication system 20 according to the second embodiment.
- FIG. 1 shows an example of a configuration of an encrypted communication system 10 according to the first embodiment of the present invention.
- the encryption communication system 10 includes a secret key management device 100 that manages a secret key used in the encryption communication system 10, and a wireless access point (AP) that performs wired communication with the secret key management device 100.
- AP wireless access point
- 200 a and 200 b, and wireless communication terminals 300 a to 300 d that perform wireless communication with the wireless access points 200 a and 200 b.
- the wireless access points 200a and 200b and the wireless communication terminals 300a to 300d are examples of the communication device of the present invention.
- the communication device of the present invention may be a wireless device such as a wireless router, a wireless switch, a wireless media converter, etc., in addition to the wireless access point.
- the wireless communication terminals 300 a to 300 d perform encrypted communication with the wireless access point 200 a or 200 b using the secret key generated by the secret key management device 100, and the wireless access points 200 a and 200 b To send and receive data to and from each other. This can prevent communication data between the wireless access points 200a and 200b and the wireless communication terminals 300a to 300d from being stolen.
- FIG. 2 shows an example of the configuration of the secret chain management device 100.
- the secret key management device 100 includes a random number generation unit 101 that generates a random number, and a random number generated by the random number generation unit 101. Five
- a key generation unit 102 that generates a secret key using the device information; a device information storage unit 104 that stores device identification information and address information for identifying a communication device; and a device identification stored in the device information storage unit 104.
- the encryption unit 106 encrypts the secret key generated by the key generation unit 102 based on the information, and the encryption unit 106 encrypts based on the address information stored in the device information storage unit 104.
- a transmission unit 108 that transmits the secret key to the wireless access points 200a and 200b, and a key record that records the secret key encrypted by the sign unit 106 on a removable external recording medium.
- a timer unit 103 that notifies the key generation unit 102 and the device information storage unit 104 of the timing at which the key generation unit 102 generates a secret key.
- the key recording unit 110 is a floppy disk drive, and records a secret key on a floppy disk that is an external recording medium.
- the wireless communication terminals 300a to 300d read the encrypted secret key from the pop-up disk provided by the administrator of the encrypted communication system 10, and read the device identification information of each wireless communication terminal.
- the wireless access points 2000a and 2000b respectively decrypt the secret key received from the secret key management device 100 using the device identification information of each wireless access point.
- the wireless access points 200a and 200b and the wireless communication terminals 300a to 300d perform encrypted communication using the distributed secret key.
- the key generation unit 110 When the encrypted communication system 10 is constructed so that encrypted communication is performed by the common key encryption method, the key generation unit 110 generates a secret key of the common key encryption method. Further, when the encrypted communication system 10 is constructed so that the encrypted communication is performed by the public key encryption method, the key generation unit 110 generates a secret key and a public key of the secret key encryption method. . In this case, transmitting section 108 transmits the secret key and public key generated by key generating section 102 to radio access points 200a and 200b. Further, the key recording unit 110 records the secret key and the public key on an external recording medium. Then, the wireless communication terminals 300a to 300d read the secret key and the public key from the external recording medium. According to the secret key management apparatus 100 according to the present embodiment, the secret key is encrypted and distributed based on the device identification information. it can. In addition, wireless access point via network
- FIG. 3 shows an example of the data format of the device information storage unit 104.
- the device information storage unit 104 includes an IP address, which is address information of the communication device, a MAC address, which is device identification information of the communication device, and information indicating whether or not a secret key has been transmitted to each of the communication devices. Is stored in association with the distribution history.
- the device information storage unit 104 stores the date and time when the transmission unit 10'8 or the key recording unit 110 distributed the secret key to the communication device as a distribution history. Therefore, the date and time are not stored in the distribution history corresponding to the communication device to which the private key has not been distributed.
- the secret key management device 100 the IP address and the MAC address of the communication device to which the secret key for performing the encrypted communication in the encryption communication system 10 is to be sent are stored in the device information storage unit.
- FIG. 4 shows an example of the operation flow of the secret key management device 100.
- the encrypted communication system 10 is started (S100).
- the key generation unit 102 generates a random number because the secret key has not been transmitted to the communication device.
- the secret key is generated using the random number generated by the unit 101 (S102).
- the encryption unit 106 refers to the distribution history of the device information storage unit 104 (S104), and encrypts the secret key based on the MAC address of the communication device to which the secret key has not been distributed (S104). 1 06).
- the transmitting unit 108 or the key recording unit 110 distributes the secret ⁇ encrypted by the No. unit 106 ⁇ to the communication device identified by the MAC address (S108).
- the device information storage unit 104 stores the date and time as the distribution history in association with the MAC address of the communication device to which the secret key has been distributed (S110).
- the timer unit 103 determines whether or not a predetermined time has elapsed since the key generation unit 102 generated the secret key (S112). If the timer unit 103 determines in S112 that the predetermined time has elapsed, the device information storage unit 104 deletes the distribution history (S114).
- the key generation unit 102 generates another secret key different from the previously generated secret key using the random number generated by the random number generation unit 101 (S 102).
- the encryption unit 106 refers to the distribution history of the device information storage unit 104 (S 104), and determines the MAC address of the communication device to which the secret key has not been distributed, or the secret generated by the key generation unit 102 last time.
- the other secret key is encrypted based on the key (S106).
- the transmitting unit 108 or the key recording unit 110 distributes another secret key encrypted by the encrypting unit 106 to the communication device identified by the MAC address (S108).
- the transmitting unit 108 sends the wireless communication terminal 300a to 300d by wireless communication via the wireless access point 200a or 200b. It is preferable to distribute by sending another secret key. If communication cannot be performed because the power of the wireless communication terminals 300a to 300d is turned off or the like, the administrator later uses the external recording medium to connect the wireless communication terminals 300a to 300d to other wireless communication terminals 300a to 300d. A private key may be distributed. Then, the device information storage unit 104 stores the date and time as the distribution history in association with the MAC address of the communication device to which the other secret key has been distributed (S110).
- the process proceeds to S120, and the timer unit 103 determines that the key generation unit 102 has generated the secret key. It is determined whether or not a predetermined time has elapsed (S120). If the timer unit 103 determines in S120 that the predetermined time has elapsed, the device information storage unit 104 deletes the distribution history (S114), and returns to S102.
- the process returns to S118, and determines whether the encryption communication system 10 has been stopped (S111). 8). If it is determined in S118 that the encryption communication system 100 has been stopped, the operation flow of the secret key management device 100 ends.
- FIG. 5 shows an example of a hardware configuration of the secret key management device 100.
- the functions of the secret key management device 100 are as follows: CPU 810, ROM 820, RAM 830, communication interface 840, and computer 800 equipped with hard disk drive 850. This is realized in cooperation with a program executed on the computer 800.
- PC Ranko 25 is realized in cooperation with a program executed on the computer 800.
- the computer 800 may further include a floppy disk drive 860 and a Z or CD-ROM drive 870.
- the program for realizing the function of the secret key management device 100 includes a random number generation module, a key generation module, a timer module, an encryption module, a device information storage module, a transmission module, and a key recording module.
- These modules include a computer 800, a random number generation unit 101, a key generation unit 102, a timer unit 103, an encryption unit 106, a device information storage unit 104, and a transmission unit 108.
- a program that operates as the key recording unit 110 includes a program that operates as the key recording unit 110.
- FIG. 6 shows an example of the configuration of an encrypted communication system 20 according to the second embodiment of the present invention.
- the same components as those in the encrypted communication system 10 of the first embodiment are denoted by the same reference numerals as in the first embodiment.
- the description of the same configuration and operation as in the first embodiment will be partially omitted, and the configuration and operation different from the first embodiment will be particularly described.
- the encryption communication system 200 includes a secret key management device 100 connected to the Internet network 400 and managing a secret key used in the encryption communication system 100, and an Internet network 400.
- Wireless access points (APs) 200a and 200 that perform wired communication with the secret key management device 100 via the router 500 connected to the Internet, the Internet network 400 and the router 500.
- APs Wireless access points
- the secret key management device 100 is an M of the wireless access point 200a or 200b.
- the secret key is encrypted based on the AC address, and transmitted to the wireless access point 200a or 200b via the Internet network 400.
- the wireless access point According to the encrypted communication system 20 according to the present embodiment, the wireless access point
- a secret key management device As is apparent from the above description, according to the present invention, it is possible to provide a secret key management device, a secret key management method, a secret key management program, and an encryption communication system that realize encrypted communication with high security. .
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Description
Claims
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2004507198A JPWO2003101040A1 (ja) | 2002-05-23 | 2002-05-23 | 秘密鍵管理装置 |
AU2002308882A AU2002308882A1 (en) | 2002-05-23 | 2002-05-23 | Secret key manager |
PCT/JP2002/005025 WO2003101040A1 (fr) | 2002-05-23 | 2002-05-23 | Gestionnaire de cle secrete |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/JP2002/005025 WO2003101040A1 (fr) | 2002-05-23 | 2002-05-23 | Gestionnaire de cle secrete |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2003101040A1 true WO2003101040A1 (fr) | 2003-12-04 |
Family
ID=29561073
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2002/005025 WO2003101040A1 (fr) | 2002-05-23 | 2002-05-23 | Gestionnaire de cle secrete |
Country Status (3)
Country | Link |
---|---|
JP (1) | JPWO2003101040A1 (ja) |
AU (1) | AU2002308882A1 (ja) |
WO (1) | WO2003101040A1 (ja) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2437432A1 (en) | 2010-10-01 | 2012-04-04 | Mitsumi Electric Co., Ltd. | Communication device setting apparatus, communication device setting method, and recording medium. |
JP2014078875A (ja) * | 2012-10-11 | 2014-05-01 | Mitsubishi Electric Corp | 暗号通信システム、暗号通信中継装置、暗号通信端末および暗号通信方法 |
JP2018511952A (ja) * | 2015-02-13 | 2018-04-26 | インターナショナル・ビジネス・マシーンズ・コーポレーションInternational Business Machines Corporation | 組織ユーザ識別管理を使用した自動鍵管理 |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2001044985A (ja) * | 1999-08-02 | 2001-02-16 | Hitachi Ltd | 通信装置における暗号鍵格納方式 |
JP2001111543A (ja) * | 1999-10-07 | 2001-04-20 | Nec Corp | 無線lanの暗号鍵更新システム及びその更新方法 |
-
2002
- 2002-05-23 WO PCT/JP2002/005025 patent/WO2003101040A1/ja active Application Filing
- 2002-05-23 JP JP2004507198A patent/JPWO2003101040A1/ja active Pending
- 2002-05-23 AU AU2002308882A patent/AU2002308882A1/en not_active Abandoned
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2001044985A (ja) * | 1999-08-02 | 2001-02-16 | Hitachi Ltd | 通信装置における暗号鍵格納方式 |
JP2001111543A (ja) * | 1999-10-07 | 2001-04-20 | Nec Corp | 無線lanの暗号鍵更新システム及びその更新方法 |
Non-Patent Citations (1)
Title |
---|
DAVIES D.W., PRICE W.L./ TRANSLATED UNDER THE SUPERVISION OF TADAHIRO UEZONO: "Network Security", 5 December 1985, pages: 145 - 146, XP002956638 * |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2437432A1 (en) | 2010-10-01 | 2012-04-04 | Mitsumi Electric Co., Ltd. | Communication device setting apparatus, communication device setting method, and recording medium. |
US8775582B2 (en) | 2010-10-01 | 2014-07-08 | Mitsumi Electric Co., Ltd. | Communication device setting apparatus, communication device setting method, and recording medium |
JP2014078875A (ja) * | 2012-10-11 | 2014-05-01 | Mitsubishi Electric Corp | 暗号通信システム、暗号通信中継装置、暗号通信端末および暗号通信方法 |
JP2018511952A (ja) * | 2015-02-13 | 2018-04-26 | インターナショナル・ビジネス・マシーンズ・コーポレーションInternational Business Machines Corporation | 組織ユーザ識別管理を使用した自動鍵管理 |
Also Published As
Publication number | Publication date |
---|---|
JPWO2003101040A1 (ja) | 2005-09-29 |
AU2002308882A1 (en) | 2003-12-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR100888472B1 (ko) | 이중키를 이용한 암호화방법 및 이를 위한 무선 랜 시스템 | |
US8635456B2 (en) | Remote secure authorization | |
CN1949765B (zh) | 获得被管设备的ssh主机公开密钥的方法和系统 | |
CN1708942B (zh) | 设备特定安全性数据的安全实现及利用 | |
CN1326349C (zh) | 内容分配系统 | |
EP1749389B1 (en) | Method and system for authentication in a computer network | |
US6988198B1 (en) | System and method for initializing operation for an information security operation | |
JPH1013399A (ja) | 通信ノードで暗号キーを生成する回路とその方法 | |
RU95119858A (ru) | Способ эфирной перенастройки по ключу множества групп связи | |
KR102609578B1 (ko) | 양자 암호키 관리 장치, 방법 및 컴퓨터 프로그램 | |
CN112436936B (zh) | 一种具备量子加密功能的云存储方法及系统 | |
CN112187450A (zh) | 密钥管理通信的方法、装置、设备及存储介质 | |
WO2008095367A1 (fr) | Procédé, dispositif et système d'émission de cartes | |
JP2001237818A (ja) | プロキシ暗号通信システム及び方法並びにプログラムを記録した記録媒体 | |
CN114125831B (zh) | 基于代理重加密的5g智能电网用户侧数据获取方法及系统 | |
JP2001103045A (ja) | 暗号鍵バックアップ記憶装置 | |
CN114422189A (zh) | 一种基于区块链技术的园区安防管理系统及方法 | |
US20070098156A1 (en) | Digital rights management | |
JP2009141674A (ja) | Idベース暗号システム、方法 | |
CN116049851B (zh) | 一种基于全同态加密的密文处理系统及方法 | |
Ramkumar | The subset keys and identity tickets (SKIT) key distribution scheme | |
WO2003101040A1 (fr) | Gestionnaire de cle secrete | |
CN111818521B (zh) | 一种基于数据中心5g网络加密组播的权限认证方法与系统 | |
KR20030050881A (ko) | 무선랜 시스템에서의 암호키 관리 방법 | |
CN111930325B (zh) | 一种基于量子密钥的安全打印方法 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 2004507198 Country of ref document: JP |
|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG UZ VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
122 | Ep: pct application non-entry in european phase |