WO2010150813A1 - 暗号鍵配布システム - Google Patents
暗号鍵配布システム Download PDFInfo
- Publication number
- WO2010150813A1 WO2010150813A1 PCT/JP2010/060635 JP2010060635W WO2010150813A1 WO 2010150813 A1 WO2010150813 A1 WO 2010150813A1 JP 2010060635 W JP2010060635 W JP 2010060635W WO 2010150813 A1 WO2010150813 A1 WO 2010150813A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- node
- authentication server
- information
- access control
- nonce
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3242—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/76—Proxy, i.e. using intermediary entity to perform cryptographic operations
Definitions
- the present invention relates to an encryption key distribution system that distributes a session key used for communication between nodes in a computer communication from an authentication server to each node.
- 3PKDP 3 Party Key Distribution Protocol
- an authentication server as an authenticator is added to the two responders (for example, see Japanese Patent No. 3078841).
- the initiator node that starts communication requests the responder node to distribute a session key, and the responder node distributes the session key to the initiator node.
- the initiator node and the responder node have a common secret key in advance.
- the initiator node In the 2PKDP technology described in Japanese Patent No. 3078841, the initiator node generates a nonce when requesting the distribution of the session key, and the responder receives the identification information (address, etc.) of the initiator node and the nonce. To the other node.
- the responder node receives a key distribution request from the initiator node, it generates a session key and uses the secret key as a message with the nonce, the session key, and identification information (address, etc.) of the responder node.
- the message authentication code value (MAC value) is calculated, and a ciphertext obtained by encrypting the session key and the MAC value is generated.
- the responder node adds the MAC value to the ciphertext and transmits it to the initiator node, and the initiator node obtains the session key by decrypting the ciphertext using the secret key. Further, since the MAC value is added, it is possible to confirm the authenticity of the ciphertext (that it has not been tampered with).
- 3PKDP one of the node serving as the communication initiator and the node serving as the communication responder relays the other data to communicate with the authentication server, so that the session key generated by the authentication server is communicated between both nodes. It is possible to share.
- 3PKDP a push scenario and a pull scenario are considered depending on which of an initiator node and a responder node communicates with an authentication server.
- the initiator node communicates with the responder node and then communicates with the authentication server, so that the ciphertext addressed to the initiator node and the ciphertext addressed to the responder node are sent from the authentication server.
- the session key is received from the ciphertext addressed to the initiator node, and the ciphertext addressed to the responder node is transferred to the responder node to cause the responder node to acquire the session key.
- the responder node when the initiator node communicates with the responder node, the responder node communicates with the authentication server, so that the ciphertext addressed to the initiator node from the authentication server and the responder node And the session key is obtained from the ciphertext addressed to the responder's node, and the ciphertext addressed to the initiator node is transferred to the initiator node to session to the initiator node. Get a key.
- a MAC value is added to the ciphertext in order to guarantee the authenticity (not tampered) of the ciphertext including the session key, regardless of whether the protocol is a push scenario or a pull scenario. .
- the ciphertext addressed to each node from the authentication server is encrypted and decrypted using a secret key registered in advance in the authentication server and each node.
- the authentication server of 3PKDP calculates the MAC value using the nonce, the session key, and the identification information of each node generated by each node as a message, using the secret key, like the responder node in 2PKDP, An encrypted ciphertext including the session key and MAC value is transmitted to the node.
- node A is the initiator and node B is the responder.
- the nodes A and B respectively have secret keys (common keys) Kas and Kbs that are common to the authentication server S in advance.
- node A generates nonce Nas and nonce Nab, and transmits the generated nonce Nas and Nab together with identification information IDa of node A and identification information IDb of node B to node B (P1).
- the node B generates nonce Nbs and transmits the identification information IDb and nonce Nbs of the node B to the authentication server S in addition to the identification information IDa and nonce Nas received from the node A (P2).
- the authentication server S When the authentication server S receives the nonce Nas and Nbs from the node B, it generates a session key Ks. Further, using the secret key Kas common to the node A, the message authentication code value (MAC value) MAC [Kas] (Nas) including the nonce Nas, the session key Ks, the identification information IDb of the node B, and the required additional information ⁇ . , ⁇ , Ks, IDb). Further, the MAC value is used for the nonce Nsa, and a ciphertext ENC [Kas] (Nsa, Ks) is generated by encrypting the nonce Nsa and the session key Ks.
- MAC value message authentication code value
- the authentication server S uses the secret key Kbs shared with the node B, and uses the nonce Nbs, the session key Ks, the identification information IDa of the node A, and the required additional information ⁇ , the MAC value MAC [Kbs] (Nbs, ( ⁇ , Ks, IDa) is calculated, and the MAC value is used for the nonce Nsb to generate a ciphertext ENC [Kbs] (Nsb, Ks) obtained by encrypting the nonce Nsb and the session key Ks.
- the above-described additional information ⁇ and ⁇ are information addressed to the nodes A and B, and are used as information indicating the validity period of the session key Ks, for example.
- the two ciphertexts including the session key Ks are added to the MAC value and the additional information ⁇ and ⁇ , respectively, and transmitted to the node B (P3).
- the node B decrypts the ciphertext encrypted with the secret key Kbs, and obtains the nonce Nsb and the session key Ks.
- the nonce Nsb is the MAC value MAC [Kbs] (Nbs, ⁇ , Ks, IDa)
- the MAC value is calculated using the known nonce Nbs and the identification information IDa, the acquired session key Ks, and the additional information ⁇ .
- the authenticity of the ciphertext is confirmed by calculating and collating with the received MAC value.
- the node B receives the ciphertext ENC [Kas] (Nsa, Ks), the MAC value MAC [Kas] (Nas, ⁇ , Ks, IDb) and the additional information ⁇ to the node A received from the authentication server S. Forward to node A.
- the node B generates a new nonce Nba, calculates the MAC value MAC [Ks] (Nab, Nba, IDb) based on the session key Ks, and this MAC value And nonce Nba are added and transmitted to node A (P4).
- the node A When the node A receives the ciphertext ENC [Kas] (Nsa, Ks) from the node B, it decrypts it using the encryption key Kas and obtains the nonce Nsa and the session key Ks. Similarly to the node B, the MAC value MAC [Kas] (Nas, ⁇ , Ks, IDb) and MAC [Ks] (Nab, Nba, IDb) are calculated and compared with the received MAC value to obtain the encryption. Check the authenticity of the sentence.
- the node A calculates the MAC value MAC [Kas] (Nas, Ks) based on the secret key Kas and the MAC value MAC [Ks] (Nab, Nba) based on the session key Ks, and returns them to the node B (P5).
- the node B confirms the response from the node A by calculating the MAC value MAC [Ks] (Nab, Nba) (P5).
- the node B calculates the MAC value MAC [Kbs] (Nbs, Ks) using the secret key Kbs, and sends the MAC value to the authentication server S together with the MAC value MAC [Kas] (Nas, Ks) received from the node A. Transmit (P6).
- the authentication server S can confirm that the response is from the node B based on these MAC values.
- a node or an authentication server After a node or an authentication server generates a session key, it calculates a MAC value including a nonce, and encrypts the session key and the MAC value.
- the session key is distributed by adding the MAC value to the encrypted ciphertext.
- the ciphertext includes a MAC value including a nonce and a session key, and when additional information not known to the node receiving the session key is transmitted. Transmits the additional information together with the ciphertext and the MAC value without encryption.
- the additional information is eavesdropped by a third party, and in the case of 3PKDP, the additional information of the other node is acquired in one node that relays communication with the authentication server. The problem arises that it cannot be transmitted secretly.
- the present invention has been made in view of the above reasons, and its purpose is to encrypt the additional information other than the session key as well as to confirm the authenticity when distributing the session key. It is an object of the present invention to provide an encryption key distribution system that can be transmitted.
- An encryption key distribution system includes a first node, a second node, and an authentication server that generates a session key used for encrypted communication between the first node and the second node.
- the first node and the authentication server are configured to hold a first secret key used for encrypted communication between the first node and the authentication server.
- the second node and the authentication server are configured to hold a second secret key used for encrypted communication between the second node and the authentication server.
- the first node is configured to generate and transmit a first nonce to the authentication server when requesting the authentication server to issue the session key.
- the second node is configured to generate a second nonce and transmit it to the authentication server when requesting the authentication server to issue the session key.
- the authentication server When the authentication server receives the first nonce and the second nonce, the authentication server newly generates the session key, the received first nonce, the newly generated session key, and predetermined first additional information, The first message authentication code value is calculated using the first message including the first secret key and the received first nonce, the newly generated session key, and the first additional information.
- the first ciphertext is encrypted by using the first secret key, the first ciphertext and the value of the first message authentication code are transmitted to the first node, and the received second nonce and the received nonce
- a second message authentication code value is calculated using the second message including the newly generated session key and predetermined second additional information and the second secret key, and the received second nonce and the new nonce
- the generated session key and the second additional information are encrypted using the second secret key to create a second ciphertext, and the second ciphertext and the value of the second message authentication code are It is configured to transmit to two nodes.
- the first node When the first node receives the value of the first ciphertext and the first message authentication code, the first node decrypts the first ciphertext using the first secret key, and the session key and the first additional information Using the first nonce stored in the first node, the session key and the first additional information obtained by decrypting the first ciphertext, and the first secret key The value of the first message authentication code is calculated, and it is determined whether or not the value of the first message authentication code calculated by the first node matches the value of the first message authentication code received from the authentication server. By doing so, the session key received from the authentication server is authenticated.
- the second node When the second node receives the second ciphertext and the value of the second message authentication code, the second node decrypts the second ciphertext using the second secret key, and decrypts the session key and the second additional information. Using the second nonce stored in the second node, the session key and the second additional information obtained by decrypting the second ciphertext, and the second secret key. Calculate the value of the second message authentication code and determine whether the value of the second message authentication code calculated by the second node matches the value of the second message authentication code received from the authentication server By doing so, the session key received from the authentication server is authenticated.
- the first additional information and the second additional information are access control permission information.
- the authentication server when the authentication server receives access control request information from the first node or the second node, the authentication server compares the received access control request information with preregistered access control registration information. If the received access control request information is not included in the access control registration information, the access control registration information is used as the access control permission information.
- the encryption key distribution system has a proxy node that relays communication between the first node and the second node.
- the authentication server is configured to transmit the access control permission information to the proxy node.
- the proxy node is configured to relay communication between the first node and the second node based on the access control permission information received from the authentication server.
- a group identifier is assigned to the first node and the second node.
- the first additional information and the second additional information include a group identifier.
- the proxy node is configured to perform access control using the group identifier.
- the authentication server is configured to generate the access control permission information based on changeable access control registration information.
- the authentication server when the authentication server receives the access control request information from the first node or the second node, the authentication server receives the access control request information received and the access control registration information registered in advance.
- the access control permission information is generated by a logical operation.
- FIG. 3 is an operation explanatory diagram of the encryption key distribution system of Embodiment 1.
- FIG. It is a block diagram of an encryption key distribution system same as the above. It is operation
- FIG. 10 is an operation explanatory diagram of the encryption key distribution system according to the second embodiment. It is a block diagram of an encryption key distribution system same as the above.
- FIG. 12 is an operation explanatory diagram of the encryption key distribution system according to the third embodiment. It is a block diagram of an encryption key distribution system same as the above.
- FIG. 10 is an operation explanatory diagram of the encryption key distribution system according to the fourth embodiment. It is operation
- 2PKDP (2 Party Key Distribution Protocol) performed between two parties and 3PKDP (3 Party Key Distribution Protocol) performed between three parties
- session key authentication distribution techniques 2PKDP
- 3PKDP 3 Party Key Distribution Protocol
- a case where the technical idea of the present invention is applied to 3PKDP is exemplified, but the technical idea of the present invention can be applied to the following 2PKDP.
- Each of the authentication server and node described below is configured using a computer having a communication function, and can communicate using a wide area information communication network (such as the Internet) or a local information communication network.
- a case where a session key Ks is shared between two nodes A and B is shown as an example.
- node A requests node B to distribute session key Ks
- node B distributes session key Ks to node A.
- the node B that distributes the session key Ks and the node A that requests distribution of the session key Ks have a common secret key (that is, a common key) Kab in advance.
- the node B is a communication partner of the node A and also functions as an authentication server.
- the node B that distributes the session key Ks has the identification information (address etc.) IDa of the node A that requests distribution of the session key Ks, and the node A It may be held in advance in association with the private key Kab held.
- the node A In requesting the distribution of the session key Ks, the node A generates a nonce Nab and transmits the identification information IDa of the node A and the nonce Nab to the node B (P1).
- the node B when the node B receives a key distribution request from the node A, the node B generates a session key Kba and uses the secret key Kab to encrypt the nonce Nab and the session key Ks, and the encrypted text ENC [Kab] ( Nab, Ks). Further, the node B calculates the value (MAC value) MAC [Kab] (Nab, Ks, IDb) of the message authentication code using the secret key Kab of the node A, adds the MAC value to the ciphertext, and adds the node A (P2).
- MAC value MAC [Kab] (Nab, Ks, IDb)
- the node A Upon receiving the information transmitted from the node B, the node A decrypts the nonce Nab, the session key Ks, and the identification information (address etc.) IDb of the node B using the secret key Kab. Further, the MAC value MAC [Kab] (Nab, Ks) by the secret key Kab is calculated, and the MAC value is returned to the node B (P3).
- the node B Upon receiving the MAC value MAC [Kab] (Nab, Ks) from the node A, the node B calculates the MAC value using the known secret key Kab, nonce Nab, and session key Ks, and the calculated MAC value and By comparing with the MAC value received from the node A, it is confirmed that the session key Ks is securely transmitted to the node A.
- the ciphertext ENC [Kab] (Nab, Ks) including the session key Ks for example, a message obtained by encrypting the result of substituting the nonce Nab into the one-way function with the secret key Kab and the session key Ks are exclusive. A logical sum can be used. Note that the identification information IDb of the node B may be included when the session key Ks is encrypted at the node B.
- 3PKDP Next, in order to show a basic procedure in the case of 3PKDP, two nodes A and B communicate with each other using two nodes A and B and an authentication server S as shown in FIG. The case where the authentication server S distributes the session key Ks used at this time will be described as an example. It is assumed that each node A and B has a secret key (common key) Kas and Kbs common to the authentication server S in advance.
- the authentication server S instead of the authentication server S and each of the nodes A and B having a common secret key Kas and Kab, the authentication server S uses the identification information IDa and IDb of each node A and B and the secret. Information that associates the keys Kas and Kbs may be held in advance.
- the node A is a communication initiator, and the responder node B adopts an operation of relaying communication between the node A and the authentication server S. Therefore, the session key Ks issued by the authentication server S is delivered to the node A via the node B.
- the node A generates a nonce Nas for the authentication server S, and transmits the identification information IDa of the node A and the nonce Nas to the node B (P1).
- the node B when the node B receives the nonce Nas from the node A, the node B generates the nonce Nbs, and in addition to the identification information IDa and nonce Nas received from the node A, the node B receives the identification information IDb and nonce Nbs of the node B. S is sent to S (P2).
- the authentication server S Upon receiving the identification information IDa, IDb and nonce Nas, Nbs from the node B, the authentication server S generates a session key Ks, and uses the secret key Kas corresponding to the node A to obtain the nonce Nas and the session key Ks.
- An encrypted ciphertext ENC [Kas] (Nas, Ks) is generated, and a ciphertext ENC [Kbs] (Nbs) obtained by encrypting the nonce Nbs and the session key Ks using the secret key Kbs corresponding to the node B , Ks).
- the authentication server S calculates the MAC value MAC [Kas] (Nas, Ks, IDb) using the secret key Kas corresponding to the node A, and uses the MAC value MAC using the secret key Kbs corresponding to the node B. [Kbs] (Nbs, Ks, IDa) is calculated.
- the two ciphertexts obtained by encrypting the session key Ks in the authentication server S are each added with a MAC value and transmitted to the node B (P3).
- the node B Upon receiving the ciphertext ENC [Kbs] (Nbs, Ks) from the authentication server S, the node B decrypts the nonce Nbs and the session key Ks using the secret key Kbs, obtains the session key Ks, and obtains the MAC value. Is used to confirm the authenticity of the session key Ks.
- the ciphertext ENC [Kas] (Nas, Ks) and the MAC value MAC [Kas] (Nas, Ks, IDb) from the authentication server S to the node A are transferred to the node A.
- a new nonce Nba is generated, and the MAC value MAC [Ks] (Nas, Nba, IDb) by the session key Ks is calculated, and the MAC value and the nonce are calculated.
- Nba is added and transmitted to node A (P4).
- the node A When the node A receives the ciphertext ENC [Kas] (Nas, Ks) from the node B, it combines the nonce Nas and the session key Ks by using the secret key Kas to obtain the session key Ks and the MAC value. And confirming that the session key Ks is issued by the authentication server S and transmitted via the node B.
- the node A that has received the session key Ks calculates the MAC value MAC [Ks] (Nas, Nba) based on the session key Ks and returns it to the node B (P5).
- the node B can confirm that the node A has received the session key Ks by using the MAC value MAC [Ks] (Nas, Nba).
- the ciphertexts ENC [Kas] (Nas, Ks) and ENC [Kbs] (Nbs, Ks) obtained by encrypting the session key Ks are, for example, the nonce Nas and Nbs, respectively, as one-way functions. It is possible to use an exclusive OR of a message obtained by encrypting the result of substituting with the secret keys Kas and Kbs and the session key Ks.
- FIG. 12 shows an operation example with an option added.
- the identification information IDb of the node B and the nonce Nab from the node A to the node B are added.
- the sentence includes identification information IDa and IDb of the nodes A and B that are communication partners. That is, the ciphertext received by the node A includes the identification information IDb of the node B, and the ciphertext received by the node B includes the identification information IDa of the node A.
- the node B Upon receiving this confirmation response, the node B calculates the MAC value MAC [Kbs] (Nbs, Ks) using the secret key Kbs, and the MAC value MAC [Kas] (Nas, Ks) using the secret key Kas received from the node A. Along with (Ks), the MAC value MAC [Kbs] (Nbs, Ks) is transmitted to the authentication server S (P6). In the authentication server S, these MAC values are received from the node B and collated to confirm that the nodes A and B have received the session key Ks.
- the operation example described below can also be applied to 2PDKP based on the relationship between the operation of FIG. 11 or FIG. 12 and the operation of FIG. That is, in the case of 2PDKP, the node B also functions as the authentication server S. In other words, it can be considered that the processing of the authentication server S is performed inside the node B.
- the operation described based on the procedure shown in FIG. 12 may be an operation in which the option shown in the operation of FIG. 12 is removed based on the relationship between the operation of FIG. 12 and the operation of FIG. Is possible.
- the additional information ⁇ and ⁇ are the expiration date of the session key Ks, the number of times of communication using the session key Ks (number of accesses), and the billing information when the service is enjoyed by communication using the session key Ks. Is used as at least one piece of information.
- the validity period of the session key Ks is determined by using the time stamp and validity period when the session key Ks is distributed as additional information ⁇ and ⁇ , and when the validity period has elapsed from the date and time described by the time stamp, Disable Ks.
- the access count is information that defines the lifetime of the session key Ks, similarly to the expiration date of the session key Ks.
- the effective count of communication using the session key Ks is used as the additional information ⁇ , ⁇ , and the session key Ks. When the number of communications performed using exceeds the valid number, the session key Ks is invalidated.
- the charging amount is used as the charging information.
- the session key Ks is compared with the budget held by the nodes A and B. It is determined whether or not the used communication is performed. Further, by using the charge amount together with the validity period of the session key Ks as the additional information ⁇ , ⁇ , it is possible to notify the charge amount collected at the expiration of the validity period.
- the additional information ⁇ and ⁇ can be used as appropriate in addition to the above-described uses, and if the handling of the additional information ⁇ and ⁇ is defined according to the operation of the system constructed using the nodes A and B. Good.
- the encryption key distribution system is used for encrypted communication between a node (first node) A, a node (second node) B, and a node A and a node B, as shown in FIG. And an authentication server S that generates a session key.
- the node A includes a communication unit (first communication unit) 10, a storage unit (first storage unit) 11, a nonce generation unit (first nonce generation unit) 12, and a session key request unit (first session key request unit). 13).
- the communication unit 10 is configured to communicate with the authentication server S and the node B through the information communication network.
- the storage unit 11 is configured to store a secret key (first secret key) Kas.
- the storage unit 11 is configured to store the identification information IDa of the node A.
- the nonce generation unit 12 is configured to generate a nonce (first nonce) Nas.
- the session key request unit 13 is configured to cause the nonce generation unit 12 to generate the first nonce Nas when requesting the authentication server S to issue the session key Ks.
- the session key request unit 13 is configured to store the first nonce Nas generated by the nonce generation unit 12 in the storage unit 11. The first nonce Nas is stored in the storage unit 11 until the node A receives the session key Ks from the authentication server S.
- the session key request unit 13 controls the communication unit 10 to transmit the first nonce Nas generated by the nonce generation unit 12 to the authentication server S. Composed.
- the session key request unit 13 sends the first nonce Nas generated by the nonce generation unit 12 and the identification information IDa stored in the storage unit 11 to the authentication server S via the node B. Configured to transmit. In other words, the session key request unit 13 is configured to transmit the first nonce Nas generated by the nonce generation unit 12 and the identification information IDa stored in the storage unit 11 to the node B.
- the node B includes a communication unit (second communication unit) 20, a storage unit (second storage unit) 21, a nonce generation unit (second nonce generation unit) 22, and a session key request unit (second session key request unit). 23).
- the communication unit 20 is configured to communicate with the authentication server S and the node A through the information communication network.
- the storage unit 21 is configured to store a secret key (second secret key) Kbs.
- the storage unit 21 is configured to store the identification information IDb of the node B.
- the nonce generating unit 22 is configured to generate nonce (second nonce) Nbs.
- the session key request unit 23 is configured to cause the nonce generation unit 22 to generate the second nonce Nbs when requesting the authentication server S to issue the session key Ks.
- the session key request unit 23 is configured to store the second nonce Nbs generated by the nonce generation unit 22 in the storage unit 21. The second nonce Nbs is stored in the storage unit 21 until the node B receives the session key Ks from the authentication server S.
- the session key request unit 23 controls the communication unit 20 to transmit the second nonce Nbs generated by the nonce generation unit 22 to the authentication server S. Composed.
- the session key request unit 23 when the session key request unit 23 receives the first nonce Nas and the identification information IDa from the node A, the second nonce Nbs generated by the nonce generation unit 22 and the identification stored in the storage unit 21.
- the information IDb is configured to be transmitted to the authentication server S together with the first nonce Nas received from the node A and the identification information IDa.
- the authentication server S includes a communication unit (third communication unit) 30, a secret key storage unit 31, a session key generation unit 32, an arithmetic unit (third arithmetic unit) 33, a ciphertext generation unit 34, a ciphertext A transmission unit 35.
- the communication unit 30 is configured to communicate with the nodes A and B through the information communication network.
- the secret key storage unit 31 is configured to store the secret key (first secret key) Kas of the node A and the secret key (second secret key) Kbs of the node B. More specifically, the secret key storage unit 31 stores a key database in which the correspondence between the identification information and the secret key is registered for each node. For example, the secret key Kas is associated with the identification information IDa for the node A, and the secret key Kbs is associated with the identification information IDb for the node B.
- the node A and the authentication server S hold the first secret key Kas used for encrypted communication between the node A and the authentication server S.
- the node B and the authentication server S hold a second secret key Kbs used for encrypted communication between the node B and the authentication server S.
- the session key generation unit 32 is configured to newly generate a session key Ks when the communication unit 30 receives the first nonce Nas and the second nonce Nbs.
- the arithmetic unit 33 stores a message (first message) including a first nonce Nas received by the communication unit 30, a session key Ks newly generated by the session key generation unit 32, and predetermined first additional information ⁇ , and a secret key storage.
- the message authentication code value (value of the first message authentication code) MAC [Kas] (Nas, ⁇ , Ks, IDb) is calculated using the first secret key Kas stored in the unit 31. .
- the first message includes the first nonce Nas, the session key Ks, the first additional information ⁇ , and the identification information IDb of the node B communicating with the node A.
- the arithmetic unit 33 also transmits a message (second message) including a second nonce Nbs received by the communication unit 10, a session key Ks newly generated by the session key generation unit 32, and predetermined second additional information ⁇ , and a secret.
- the message authentication code value (second message authentication code value) MAC [Kbs] (Nbs, ⁇ , Ks, IDa) is calculated using the second secret key Kbs stored in the key storage unit 31. Is done.
- the first message includes the second nonce Nbs, the session key Ks, the second additional information ⁇ , and the identification information IDb of the node A that communicates with the node B.
- the ciphertext generation unit 34 stores the first nonce Nas received by the communication unit 30, the session key Ks newly generated by the session key generation unit 32, and the first additional information ⁇ stored in the secret key storage unit 31.
- the ciphertext (first ciphertext) ENC [Kas] (Nas, ⁇ , Ks) is generated by encryption using the secret key Kas.
- the ciphertext generation unit 34 stores the second nonce Nbs received by the communication unit 30, the session key Ks newly generated by the session key generation unit 32, and the second additional information ⁇ in the secret key storage unit 31.
- the ciphertext (second ciphertext) ENC [Kbs] (Nbs, ⁇ , Ks) is generated by encryption using the second secret key Kbs.
- the ciphertext transmission unit 35 controls the communication unit 30 to generate the first ciphertext ENC [Kas] (Nas, ⁇ , Ks) generated by the ciphertext generation unit 34 and the first message authentication code calculated by the arithmetic unit 33.
- the value MAC [Kas] (Nas, ⁇ , Ks, IDb) is transmitted to the node A.
- the ciphertext transmission unit 35 controls the communication unit 30 to generate the second ciphertext ENC [Kbs] (Nbs, ⁇ , Ks) generated by the ciphertext generation unit 34 and the second message calculated by the arithmetic unit 33.
- the authentication code value MAC [Kbs] (Nbs, ⁇ , Ks, IDa) is configured to be transmitted to the node B.
- the node A further includes a decryption unit (first decryption unit) 14, a computation unit (first computation unit) 15, and an authentication unit (first authentication unit) 16.
- decryption unit first decryption unit
- computation unit first computation unit
- authentication unit first authentication unit
- the decryption unit 14 stores The first ciphertext ENC [Kas] (Nas, ⁇ , Ks) is decrypted using the first secret key Kas stored in the unit 11 to obtain the first nonce Nas, the session key Ks, and the first additional information ⁇ . Configured to do.
- the arithmetic unit 15 includes the first nonce Nas stored in the storage unit 11, the session key Ks obtained by the decryption unit 14 decrypting the first ciphertext ENC [Kas] (Nas, ⁇ , Ks), and the first The additional message ⁇ and the first secret key Kas stored in the storage unit 11 are used to calculate the value MAC [Kas] (Nas, ⁇ , Ks, IDb) of the first message authentication code.
- the authentication unit 16 receives the first message authentication code value MAC [Kas] (Nas, ⁇ , Ks, IDb) calculated by the arithmetic unit 15 from the authentication server S. It is configured to authenticate the session key Ks received from the authentication server S by determining whether or not it matches Nas, ⁇ , Ks, IDb).
- the authentication unit 16 receives the first message authentication code value MAC [Kas] (Nas, ⁇ , Ks, IDb) calculated by the arithmetic unit 15 from the authentication server S. If it does not match Nas, ⁇ , Ks, IDb), it is determined that the session key Ks is abnormal. In this case, the authentication unit 16 discards the session key Ks, for example.
- the authentication unit 16 receives the first message authentication code value MAC [Kas] (Nas, ⁇ , Ks, IDb) calculated by the arithmetic unit 15 from the authentication server S. If it matches Nas, ⁇ , Ks, IDb), it is determined that the session key Ks is normal. In this case, the authentication unit 16 is configured to store the session key Ks received from the authentication server S in the storage unit 11, for example.
- the authentication unit 16 is configured to compare the first nonce Nas obtained by the decryption unit 14 with the first nonce Nas stored in the storage unit 11.
- the authentication unit 16 is configured not to authenticate the session key Ks if the first nonce Nas obtained by the decryption unit 14 does not match the first nonce Nas stored in the storage unit 11.
- the communication unit 10 transmits to the node B using the session key Ks received from the authentication server S when communicating with the node B. It is configured to encrypt the data and decrypt the message (data) received from the Node B.
- Node B further includes a decryption unit (second decryption unit) 24, a computation unit (second computation unit) 25, and an authentication unit (second authentication unit) 26.
- decryption unit second decryption unit
- computation unit second computation unit
- authentication unit second authentication unit
- the decryption unit 24 stores The second ciphertext ENC [Kbs] (Nbs, ⁇ , Ks) is decrypted using the second secret key Kbs stored in the unit 21 to obtain the second nonce Nbs, the session key Ks, and the second additional information ⁇ . Configured to do.
- the arithmetic unit 25 includes the second nonce Nbs stored in the storage unit 21, the session key Ks obtained by the decryption unit 24 decrypting the second ciphertext ENC [Kbs] (Nbs, ⁇ , Ks), and the second A value MAC [Kbs] (Nbs, ⁇ , Ks, IDa) of the second message authentication code is calculated using the additional information ⁇ and the second secret key Kbs stored in the storage unit 21.
- the authentication unit 26 receives the second message authentication code value MAC [Kbs] (Nbs, ⁇ , Ks, IDa) calculated by the arithmetic unit 25 from the authentication server S. It is configured to authenticate the session key Ks received from the authentication server S by determining whether or not it matches Nbs, ⁇ , Ks, IDa).
- the authentication unit 26 receives the second message authentication code value MAC [Kbs] (Nbs, ⁇ , Ks, IDa) calculated by the arithmetic unit 25 from the authentication server S. If it does not match Nbs, ⁇ , Ks, IDa), it is determined that the session key Ks is abnormal. In this case, the authentication unit 26 discards the session key Ks, for example.
- the authentication unit 26 receives the second message authentication code value MAC [Kbs] (Nbs, ⁇ , Ks, IDa) calculated by the arithmetic unit 25 from the authentication server S. If it matches Nbs, ⁇ , Ks, IDa), it is determined that the session key Ks is normal. In this case, the authentication unit 26 is configured to store the session key Ks received from the authentication server S in the storage unit 21, for example.
- the authentication unit 26 is configured to compare the second nonce Nbs obtained by the decryption unit 24 with the second nonce Nbs stored in the storage unit 21.
- the authentication unit 26 is configured not to authenticate the session key Ks unless the second nonce Nbs obtained by the decryption unit 24 matches the second nonce Nbs stored in the storage unit 21.
- the communication unit 20 transmits to the node A using the session key Ks received from the authentication server S when communicating with the node A. It is configured to perform data encryption and decryption of a message (data) received from the node A.
- subject subject
- object object
- nodes A and B between the subject and the object can communicate with each other by using a message encrypted by distributing the session key Ks, the subject (node A) can control the object (node B).
- a common secret key (session key Ks) is obtained from the authentication server S between the nodes A and B, and the session key Ks is used for the message.
- session key Ks a common secret key obtained from the authentication server S between the nodes A and B, and the session key Ks is used for the message.
- the session key Ks is used for the message.
- the nodes A and B In order to receive the session key Ks from the authentication server S, the nodes A and B first transmit the identification information IDa of the node A and the nonce Nas from the node A to the node B as in the operation illustrated in FIG. (P1).
- the identification information IDb of the node B and the nonce Nab generated for the node B may be added as options (see FIG. 3).
- the nonce Nas and the nonce Nab are generated each time the node A requests distribution of the session key Ks (by the nonce generation unit 12), and temporarily (in the storage unit 11) until the distribution procedure of the session key Ks is completed.
- the node A adds the identification information IDb of the node B as an option
- the node A performs broadcast communication.
- other nodes other than node B also receive messages from node A. Therefore, in order to distinguish node B from other nodes and have node B receive the message,
- the identification information IDb is used as an option.
- the node A uses the nonce Nas to guarantee the response from the authentication server S. Even in the procedure of checking the session key Ks between the node A and the node B, the nonce Nas is used by using the nonce Nas. However, it is desirable to use a different nonce for each route to make key distribution more secure.
- nonce is the principle of nonce, and it is ideal not to transmit the same nonce repeatedly, but in reality, the same nonce may be retransmitted by retransmission due to a failure in the communication path or nodes A and B, etc. Therefore, there are cases where a failure occurs in key distribution due to a replay attack (replay attack). Therefore, in order to increase the resistance against replay attacks and increase the security of key distribution, the node A responds from the authentication server S to the nonce Nab used in the procedure for confirming the session key Ks between the node A and the node B. It is desirable to generate it as an option separately from the nonce Nas used for guaranteeing, and to use nonce Nab and Nas for each path.
- the node B When the node B receives the message of the procedure P1 from the node A, the node B extracts the identification information IDa and nonce Nas of the node A (if the option is added, the identification information IDb and nonce Nab of the node B), and the nonce Nbs Is generated. Further, a message (key distribution request) in which the identification information IDb and nonce Nbs of the node B are added to the identification information IDa and nonce Nas of the node A (if the option is added, the identification information IDb and nonce Nab of the node B) Is transmitted to the authentication server S (P2).
- the nonce Nbs is generated every time the node B requests the authentication server S to distribute the session key Ks (by the nonce generation unit 22), and temporarily (in the storage unit 21) until the session key Ks distribution procedure is completed. ) Memorized.
- the procedures P1 and P2 are the same as the basic procedure of 3PKDP shown in FIG.
- the authentication server S When the authentication server S receives the message of the procedure P2 from the node B, the node A and B generate a session key Ks used for communication.
- the authentication server S includes a key database (not shown) in which identification information IDa, IDb and secret keys Kas, Kbs are stored in association with each node A, B.
- the identification information IDa and IDb of the nodes A and B extracted from the message are collated with the key database, and the secret keys Kas and Kbs for each of the nodes A and B are extracted.
- the authentication server S uses the secret keys Kas and Kbs corresponding to the nodes A and B, respectively, to generate the nonce Nas and Nbs, the additional information ⁇ and ⁇ , and the session key Ks generated by the nodes A and B, respectively.
- Encrypted ciphertexts ENC [Kas] (Nas, ⁇ , Ks) and ENC [Kbs] (Nbs, ⁇ , Ks) are generated.
- MAC [Kbs] (NBs, ⁇ , Ks) using secret keys Kas, Kbs corresponding to the nodes A, B are used.
- IDa) is also generated.
- a set of the ciphertext ENC [Kas] (Nas, ⁇ , Ks) and the MAC value MAC [Kas] (Nas, ⁇ , Ks, IDb) is transmitted to the node A via the node B.
- a set of ciphertext ENC [Kbs] (Nbs, ⁇ , Ks) and MAC value MAC [Kbs] (NBs, ⁇ , Ks, IDa) is data transmitted to the node B . Therefore, the data arrangement order is determined so that the data can be received for each of the nodes A and B.
- the group arranged in the front is the data addressed to the node A
- the group arranged in the rear is the data addressed to the node B.
- the data generated in the authentication server S as described above is transmitted to the node B (P3).
- the identification of the nodes A and B with which the nodes A and B communicate with each other using the session key Ks Information IDa and IDb may be optionally included (see FIG. 3). That is, a message addressed to the node A is ENC [Kas] (Nas, ⁇ , Ks, IDb), and a message addressed to the node B is ENC [Kbs] (Nbs, ⁇ , Ks, IDa).
- the node A can make a key distribution request without recognizing the identification information IDb of the node B in advance. That is, the node A can know the identification information IDb of the node B as the communication partner by receiving a message including the session key Ks from the authentication server S. In addition, it is possible to determine whether or not to continue the subsequent communication by determining whether or not the other party is a suitable counterpart based on the identification information IDb.
- the authentication server S can confirm the identification information IDa and IDb of the communication partner to which the session key Ks has been distributed, the nodes A and B confirm the identification information IDa and IDb of the communication partner with each other. It is possible to confirm whether or not the message from A to the node B or the message from the node B to the authentication server S is falsified.
- the node B uses the data order to set a ciphertext pair (ciphertext ENC [Kbs] (Nbs, ⁇ , Ks) and MAC value MAC [ Kbs] (a pair with NBs, ⁇ , Ks, IDa) is extracted, and the ciphertext ENC [Kbs] (Nbs, ⁇ , Ks) is decrypted to extract the session key Ks and the like.
- ciphertext ENC [Kbs] Nbs, ⁇ , Ks
- MAC value MAC [ Kbs] a pair with NBs, ⁇ , Ks, IDa
- the nonce Nbs stored in the node B, the additional information ⁇ decrypted from the message, the session key Ks decrypted from the message, the identification information IDa of the node A as the communication partner, and the node B possessed
- the MAC value MAC [Kbs] (Nbs, ⁇ , Ks, IDa) is calculated using the secret key Kbs and the same algorithm as the authentication server S, and the MAC value MAC [Kbs] (Nbs) received from the authentication server S is calculated. , ⁇ , Ks, IDa) to confirm whether the message has been tampered with. Again, if the received MAC value does not match the calculated MAC value, it is regarded as abnormal and the subsequent processing is not performed.
- the identification information IDa of the communication partner node A may be stored in advance in the node B, but when the identification information IDa is included as an option in the message, the identification information IDa extracted from the message is used (FIG. 3). reference).
- the node B When the node B can receive data from the authentication server S without any abnormality, the session key Ks received from the authentication server S, the nonce Nas received from the node A in step P1, and the nonce Nbs generated by the node B Then, the MAC value MAC [Ks] (Nas, Nbs, IDb) is calculated (by the arithmetic unit 25) using the identification information IDb of the node B.
- a pair of the ciphertext ENC [Kas] (Nas, ⁇ , Ks) addressed to the node A received from the authentication server S and the MAC value MAC [Kas] (Nas, ⁇ , Ks, IDb) is set.
- the MAC value MAC [Ks] (Nas, Nbs, IDb) and the nonce Nbs generated by the node B are added to the data and transmitted to the node A (P4).
- the nonce Nbs is added because it is necessary when the MAC value is calculated in the node A.
- the node A A nonce Nba that is used only for data transmission to the terminal may be newly generated (by the nonce generation unit 22), and the nonce Nba may be used in place of the nonce Nbs in the procedure P4.
- the nonce Nab can be used in the procedure P4 instead of the nonce Nas in the MAC [Ks] (Nas, Nbs, IDb). That is, MAC [Ks] (Nab, Nba, IDb) is used as the MAC value.
- node B transmits to node A with nonce Nba added instead of nonce Nbs.
- the node A When the node A receives the data according to the procedure P4 from the node B, the node A extracts the ciphertext ENC [Kas] (Nas, ⁇ , Ks) and decrypts it, thereby extracting the session key Ks and the like.
- the message to be decoded is recognized according to the data arrangement order.
- the nonce Nas extracted from the message with the nonce Nas stored in the node A, it is confirmed whether or not the message has been tampered with. If the received nonce Nas does not match the stored nonce Nas. If this is the case, it is regarded as abnormal and the subsequent processing is not performed.
- the node A holds the nonce Nas stored in the node A, the additional information ⁇ decrypted from the message, the session key Ks decrypted from the message, the identification information IDb of the node B as the communication partner, and the node A.
- the MAC value MAC [Kas] (Nas, ⁇ , Ks, IDb) is calculated using the same algorithm as the authentication server S using the secret key Kas, and the MAC value MAC [Kas] (Nas, By comparing with ( ⁇ , Ks, IDb), it is confirmed whether the message has been tampered with. Again, if the received MAC value does not match the calculated MAC value, it is regarded as abnormal and the subsequent processing is not performed.
- the identification information IDb of the node B as the communication partner may be stored in advance in the node A. However, when the identification information IDb is included as an option in the message, the identification information IDb extracted from the message is used.
- the MAC value MAC [using the nonce Nas stored in the node A, the nonce Nbs transmitted from the node B, the identification information IDb of the node B as the communication partner, and the session key Ks decrypted from the message is used.
- Ks] (Nas, Nbs, IDb) is calculated (in the arithmetic unit 15) and compared with the MAC value MAC [Ks] (Nas, Nbs, IDb) received from the node B (in the authentication unit 16) Check for tampering. Also in this case, if the received MAC value does not match the calculated MAC value, it is regarded as abnormal and the subsequent processing is not performed.
- the node A when the node A receives the session key Ks from the node B without any abnormality, the node A holds the session key Ks received from the node B. Further, the MAC value MAC [Ks] (Nas, Nbs) for the confirmation response to the node B is generated (by the arithmetic unit 15) by the nonce Nas, the nonce Nbs, and the session key Ks, and this MAC value is transmitted to the node B. Send to address (P5).
- MAC [Ks] (Nab, Nba, IDb) is used as the MAC value, and the nonce Nba is received at the node A ( In the node A, the MAC value MAC [Ks] (Nab, Nba, IDb) is also used for detecting an abnormality.
- the authentication server S can end the key distribution procedure by receiving a response from the node B after distributing the session key Ks to the nodes A and B. As shown, the nodes A and B may make a confirmation response to the authentication server S. In this case, the authentication server S returns a receipt confirmation to the nodes A and B after receiving the confirmation response.
- the operation when the authentication server S receives the confirmation response will be described.
- the MAC value transmitted to the node B is set to MAC [Ks] (Nas, In place of Nbs), MAC [Ks] (Nab, Nba) is used, and a MAC value MAC [Kas] (Nas, Ks) for an acknowledgment addressed to the authentication server S is added (see procedure P5 in FIG. 3). ).
- a new nonce Nas ′ is generated (at the nonce generation unit 12) in the node A, and the nonce Nas ′ is temporarily stored until a response from the authentication server S is obtained. It is desirable to store (in the storage unit 11).
- the nonce Nas ′ is also transmitted to the node B.
- the MAC value MAC [Ks] (Nas, Nbs) addressed to the node B is separated based on the data arrangement order, and the held session key Ks And the MAC value MAC [Ks] (Nas, Nbs) is calculated (by the arithmetic unit 25) using the nonce Nbs and the nonce Nas temporarily stored, and the received MAC value and the calculated MAC value are calculated. Compare (with authentication unit 26). If both MAC values match, the session key Ks is held as it is.
- the node B generates a new nonce Nbs ′ (in the nonce generation unit 22) and calculates a MAC value MAC [Kbs] (Nbs, Ks) addressed to the authentication server S (in the arithmetic unit 25).
- the MAC value MAC [Kbs] (Nbs, Ks) and the nonce Nbs ′ are transmitted to the authentication server S together with the MAC value MAC [Kas] (Nas, Ks) and the nonce value Nas ′ addressed from the node A to the authentication server S ( P6).
- the nonce Nbs ′ is temporarily held (in the storage unit 21) until receipt confirmation from the authentication server S is received.
- nonce Nas ′ and nonce Nbs ′ are newly generated for the confirmation response to the authentication server S is the same as the reason described for the procedure P1, and communication is performed while ensuring nonce nonce. This is to increase safety.
- the nonce Nas and Nbs received in the procedure P2 may be used for the confirmation response.
- the authentication server S (arithmetic unit 33) receives the confirmation response from the node B by the procedure P6, the secret key Kas, Kbs stored in the key database, the held session key Ks, the nonce Nas, Nbs, Is used to calculate MAC values MAC [Kas] (Nas, Ks), MAC [Kbs] (Nbs, Ks).
- the MAC value received in step P6 is compared with the calculated MAC value, and if they do not match, it is determined that there is an abnormality in the distribution of the session key Ks (by the arithmetic unit 33). The process ends without performing a receipt response to the nodes A and B.
- the nodes A and B determine that the reception of the session key Ks has failed (by the authentication units 16 and 26).
- the held session key Ks is discarded, and if necessary, the distribution of the session key Ks is requested again. If no receipt response is obtained from the authentication server S within the specified time limit, the authentication units 16 and 26 determine that reception of the session key Ks has failed.
- the secret keys Kas and Kbs of the nodes A and B and the nodes A and B are generated.
- the MAC values MAC [Kas] (Nas ′) and MAC [Kbs] (Nbs ′) addressed to the nodes A and B are calculated (in the arithmetic unit 33). Then, a receipt confirmation is transmitted to the node B (P7).
- the node B When the node B receives the data according to the procedure P7 from the authentication server S, the node B separates and extracts the MAC value MAC [Kbs] (Nbs ′) corresponding to the node B according to the data arrangement order. Also, the MAC value MAC [Kbs] (Nbs ′) is calculated (by the arithmetic unit 25) using the secret key Kbs and the nonce Nbs ′ temporarily stored, and the received MAC value and the calculated MAC value are calculated. Compare (by authentication unit 26).
- the process ends without transmitting the MAC value to the node A.
- the node A When the node A receives the MAC value MAC [Kas] (Nas ′) from the node B by the procedure P8, the node A uses the secret key Kas and the nonce Nas to obtain the MAC value MAC [Kas] (Nas ′) (by the arithmetic unit 15). ) Calculate and compare the received MAC value with the calculated MAC value (by the authentication unit 16), and if both MAC values match, the session key Ks held by the node A is communicated with the node B Confirm that it will be used for
- the MAC value MAC [Kas] (Nas ′) according to the procedure P8 is sent from the node B within the specified time limit. If not received, the held session key Ks is discarded, and a request for distributing the session key Ks is made again if necessary.
- the session key Ks can be securely distributed by using the procedures P1 to P5 shown in FIG. 1 or the procedures P1 to P8 shown in FIG.
- FIG. 1 shows an example of operation that does not include options
- FIG. 3 shows an example of operation when all options are included.
- the options can be appropriately selected as necessary according to the above description.
- an encryption method called AES-CCM proposed in RFC 4309 is used, and AES is used for message encryption.
- the CCM MAC may be used as the MAC value.
- the key distribution method employed by the encryption key distribution system of the present embodiment described above is a method of distributing a session key used for communication within a group of a plurality of nodes within a computer communication system.
- an authentication server having a function for generating a session key and a function for distributing the session key to each node in the group shares the secret key with each node.
- the key distribution method includes the steps of transmitting the identification information of any node in the group, the nonce generated by the node and the identification information of other nodes in the group to the authentication server, and the authentication server
- a message authentication code is generated using a step of generating a session key commonly used by the nodes, a nonce received from the first node by the authentication server, the generated session key and appropriate additional information as a message, and using the secret key of each node.
- a ciphertext addressed to each node obtained by encrypting the nonce received by the authentication server from at least the first node, the generated session key, and the additional information using the secret key of each node; Adding a value of a message authentication code generated using a secret key for each node and sending the value to each node; Extracting the session key by decrypting the encrypted data received from the authentication server at each node; and using the secret key and the decrypted data by each node in the group Calculating a value, and determining that the extracted session key is authenticated when the calculated value of the message authentication code matches the value of the message authentication code received from the authentication server.
- the encryption key distribution system of this embodiment is used for encrypted communication between the first node A, the second node B, and the first node A and the second node B. And an authentication server S that generates a session key to be executed.
- the first node A and the authentication server S are configured to hold a first secret key used for encrypted communication between the first node A and the authentication server S.
- the second node B and the authentication server S are configured to hold a second secret key used for encrypted communication between the second node B and the authentication server S.
- the first node A is configured to generate a first nonce and send it to the authentication server S when requesting the authentication server S to issue a session key.
- the second node B is configured to generate a second nonce and transmit it to the authentication server S when requesting the authentication server S to issue a session key.
- the authentication server S is configured to newly generate a session key upon receiving the first nonce and the second nonce.
- the authentication server S calculates the value of the first message authentication code using the first message including the received first nonce, the newly generated session key, and the predetermined first additional information, and the first secret key. Configured as follows.
- the authentication server S is configured to encrypt the received first nonce, the newly generated session key, and the first additional information using the first secret key to create a first ciphertext.
- the authentication server S is configured to transmit the first ciphertext and the value of the first message authentication code to the first node.
- the authentication server S calculates the value of the second message authentication code using the second message including the received second nonce, the newly generated session key, and the predetermined second additional information, and the second secret key. Configured as follows.
- the authentication server S is configured to encrypt the received second nonce, the newly generated session key, and the second additional information using the second secret key to create a second ciphertext.
- the authentication server S is configured to transmit the second ciphertext and the value of the second message authentication code to the second node.
- the first node A Upon receiving the first ciphertext and the value of the first message authentication code, the first node A decrypts the first ciphertext using the first secret key to obtain the session key and the first additional information. Composed. The first node A uses the first nonce stored in the first node A, the session key and first additional information obtained by decrypting the first ciphertext, and the first message authentication using the first secret key. Configured to calculate code values. The first node A receives the session received from the authentication server by determining whether or not the value of the first message authentication code calculated by the first node matches the value of the first message authentication code received from the authentication server S. Configured to perform key authentication.
- the second node B When receiving the second ciphertext and the value of the second message authentication code, the second node B decrypts the second ciphertext using the second secret key so as to obtain the session key and the second additional information. Composed.
- the second node B authenticates the second message by using the second nonce stored in the second node B, the session key obtained by decrypting the second ciphertext, the second additional information, and the second secret key. Configured to calculate code values.
- the second node B received from the authentication server S by determining whether or not the value of the second message authentication code calculated by the second node matches the value of the second message authentication code received from the authentication server S Configured to authenticate session keys.
- the authentication server S encrypts at least the nonce received from the first node, the generated session key, and additional information using the secret key of each node, and the ciphertext addressed to each node. Since the message authentication code value calculated from the nonce received from the first node, the generated session key, and the additional information is added to the node and the ciphertext and the message authentication code are transmitted to each node, the authentication server When distributing the session key to each node, the authenticity can be confirmed using the value of the message authentication code, and additional information other than the session key can be encrypted and transmitted. . In other words, when the authentication server transmits the additional information to each node, the additional information is encrypted, so that the additional information is not wiretapped by other nodes.
- the node receiving the session key may calculate the value of the message authentication code including additional information. It is possible to confirm that the session key and the additional information are not falsified (that is, authenticity).
- the encryption key distribution system mainly includes an authentication server S that includes an access information generation unit 36 and an access information storage unit 37. And different.
- access control request information (access request information), access control registration information (access registration information), and access control information (information indicating whether access is possible between nodes)
- Access control permission information (access permission information) is used.
- the access request information is information indicating the access authority requested by the node.
- the access registration information is information indicating the access authority previously given to the node by the node manufacturer or administrator.
- the access permission information is information indicating the access authority actually given to the node. In this embodiment, access permission information is generated based on access request information and access registration information.
- the access information storage unit 37 is configured to store access control registration information.
- the access information generation unit 36 is configured to generate access control permission information. For example, when the access information generation unit 36 receives the access control request information Pas (Pbs) from the node A (B), the access information generation unit 36 shares the received access control request information Pas (Pbs) with the access control registration information. It is configured to find a part (in other words, a product set). The access information generation unit 36 is configured to use the obtained common part as access control permission information Psa (Psb).
- Psa access control permission information
- the ciphertext generation unit 34 is configured to use the access control permission information regarding the node A generated by the access information generation unit 36 as the first additional information ⁇ .
- the ciphertext generation unit 34 is configured to use access control permission information regarding the Node B generated by the access information generation unit 36 as the second additional information ⁇ .
- the session key request unit 13 uses the nonce Nas and Nab generated by the nonce generation unit 12, the identification information IDa and IDb stored in the storage unit 11, and the access request information Pas as the node B. And configured to be transmitted to the authentication server S. That is, the session key request unit 13 is configured to transmit nonce Nas, Nab, identification information IDa, IDb, and access request information Pas to the node B.
- the session key request unit 23 When the session key request unit 23 receives the nonce Nas and Nab, the identification information IDa and IDb, and the access request information Pas from the node A, the second nonce Nbs generated by the nonce generation unit 22 and the access request information Pbs Are transmitted to the authentication server S together with the nonce Nas received from the node A, the identification information IDa, IDb, and the access request information Pas.
- the access control information determines which information can be provided from the information held by each of the nodes A and B, and determines what operation is performed on the provided information.
- FIG. 3 including options in the first embodiment is modified so as to enable access control.
- the operation example shown in FIG. 1 can be modified to enable access control.
- the operation can be changed to the operation excluding the authentication server S according to FIG.
- the data transmitted from the node A to the node B in the procedure P1 includes access control request information (access request information) Pas, and in the procedure P2, the node B
- the access control request information Pas and Pbs is included in the data transmitted from the server to the authentication server S.
- the access control request information Pas and Pbs are options that are adopted as necessary.
- the operation for performing access control will be described. Only the operation used will be described.
- authentication server S Upon receiving access control request information Pas and Pbs from node B, authentication server S generates access control permission information Psa for node A and access control permission information Psb for node B (by access information generation unit 36).
- the contents of the additional information ⁇ and ⁇ used in the procedures P3 and P4 are referred to as access control permission information Psa and Psb, respectively.
- request information Pbs for access control from the node B to the authentication server S is used in the procedure P4, and request information Pas and Pbs for access control are included in the MAC values in the procedures P5 and P6.
- the authentication server S not only has a function of permitting communication between the nodes A and B by issuing a session key Ks to the nodes A and B, but also the information held by the nodes A and B from one to the other.
- the function to restrict access to is provided.
- the authentication server S receives the access control request information Pas and Pbs, any one of the following is determined according to a predetermined rule.
- the permission information Psa and Psb are issued (by the access information generation unit 36).
- the authentication server S (access) is used to restrict the types of information that can be accessed by the node A with respect to the plurality of types of information held by the node B.
- An example in which the information generation unit 36) issues access control permission information Psa and Psb is illustrated. That is, the authentication server S issues access control permission information Psa and Psb for the nodes A and B based on a request for access from the node A to the node B and information that the node B permits to provide.
- the node B holds three types of information RB1 to RB3, the node A accesses all the information RB1 to RB3 of the node B and requests all operations of reading, writing, and execution. The case where only provision of one kind of information RB1 is permitted is illustrated.
- the request information Pas for access control from the node A is “A read
- the node B transmits “B provide RB1” to the authentication server S as the access control request information Pbs (P2).
- the authentication server S has registration information (access control registration information) regarding access control for each of the nodes A and B.
- the access control registration information is registered in advance in the access information storage unit (access information storage unit) 37 provided in the authentication server S by the manufacturer or administrator of the nodes A and B for each of the nodes A and B. .
- the access control registration information is “A ⁇ ⁇ ⁇ ⁇ read
- the access control request information Pas and Pbs when the access control request information Pas and Pbs is received from the node B, the common part (product) of the access control request information Pas and Pbs and the access control registration information is obtained for each of the nodes A and B. Set) (by the access information generation unit 36).
- the access control request information Pas from the node A is “A read
- the authentication server S sets the common parts obtained for the nodes A and B as access control permission information Psa and Psb, respectively. That is, the access control permission information Psa for the node A is “A read
- these access control permission information Psa and Psb are used as additional information ⁇ and ⁇ in the procedures P3 and P4 (by the ciphertext generation unit 34), and are also used in the procedures P4 to P6. That is, the authentication server S delivers access control permission information Psa and Psb to the nodes A and B, respectively.
- the access control request from the node B that is the communication responder is included in the access control request information from the node A that is the communication initiator. Only operations within the range corresponding to the request information are possible.
- the access control permission information Psa delivered from the authentication server S to the node A is “A read
- the access control permission information Psb delivered to the node B is “B provide RB1”, and the services that the node A can receive from the node B are the information RB1 provided by the node B. Limited to. That is, the node A can read, write, and execute only the information RB1 held by the node B.
- the access control permission information Psa and Psb are registered in the access control request information Pas and Pbs received by the authentication server S from the nodes A and B, and the access control registered in the authentication server S in advance.
- it is generated as a common part (product set) with information, it is also possible to use a composite (union set) instead of the common part.
- intersection set provides a stricter policy because the restriction is stronger than the request information from the nodes A and B, but using the union sets makes it more demanding than the request information from the nodes A and B. The limit will be weakened.
- the access control registration information registered in the authentication server S may be updated as appropriate, and the nodes A and B may not recognize that the access control registration information has been updated.
- the access control registration information is converted into the access control registration information.
- the permission information is included in the additional information ⁇ and ⁇ to the nodes A and B and transmitted to the nodes A and B. Therefore, the nodes A and B can receive new access control permission information registered in the authentication server S as access control registration information.
- the access control permission information is included in the ciphertexts to the nodes A and B, and is also used to calculate the value of the message authentication code, and the access control permission information is not known to other nodes. , B, and the authenticity can be confirmed by the message authentication code, so that the nodes A and B can safely receive the access control permission information.
- the access control registration information is changed in the authentication server S, the access control permission information given to the nodes A and B can be changed, so that the access control can be easily changed. .
- the access control request information Pas from the node A is “A read
- the access control request information Pbs from the node B is “B provide RB1” and the access control registration information regarding the node B is “B provide RB1, RB2”, the access control permission information Psb for the node B Becomes “B provide RB1, RB2”.
- the node A can read, write, and execute the information RB1 and RB2 held by the node B.
- the authentication server S it is effective to use the union of the access control request information Psa and Psb and the access control registration information as the access control permission information Psa and Psb provided to the nodes A and B. For example, a case where the operation on all information is enabled by the node A can be considered.
- an authentication server S sets a wild card (*) that specifies all information as access control registration information for the node A (that is, “A read
- a wild card (*) may be used to specify the information. For example, it is necessary to use a wild card (*) for both the access control request information Pas and the access control registration information. On the other hand, by using the union as described above, the wild card (*) is used only for the access control registration information held by the authentication server S, so that the access control permission information Psa for the node A is wild. It becomes possible to use a card (*).
- information that can be operated by the node A is limited to information within a range provided by other nodes.
- the access control permission information Pas and Pbs from the nodes A and B in the authentication server S and the access control registration information held by the authentication server S is used as the access control permission information.
- the example used for Psa and Psb has been described, it is also possible to use a difference set. Further, a combination of a plurality of types of sets can be used, and different sets can be used for each of the nodes A and B. Which set is used as permission information Psa and Psb for access control to which nodes A and B can be arbitrarily selected.
- the data transmitted from the nodes A and B to the authentication server S include the access control request information Pas and Pbs in the procedures P1 and P2, but the nodes A and B in the procedures P1 and P2.
- the server S transmits the access control registration information to the nodes A and B as the access control permission information Psa and Psb.
- the nodes A and B receive the access control permission information Psa and Psb when receiving the session key Ks, and then access is performed when communication using the session key Ks is performed. Operations on the information specified by the control permission information Psa and Psb can be performed. If the additional information ⁇ , ⁇ described in the first embodiment is necessary, the additional information ⁇ , ⁇ may be added before or after the access control permission information Psa, Psb. Other configurations and operations are the same as those of the first embodiment.
- the access control request information Pas and Pbs are transmitted as additional information from the nodes A and B to the authentication server S in the procedures P1 and P2, the access control permission information Psa and Psb are encrypted. It will be a secret.
- the access control request information Pas and Pbs need not be transmitted if not necessary.
- the key distribution method employed by the encryption key distribution system of the present embodiment described above is a method of distributing a session key used for communication within a group of a plurality of nodes within a computer communication system.
- an authentication server having a function for generating a session key and a function for distributing the session key to each node in the group shares the secret key with each node.
- the key distribution method includes the steps of transmitting the identification information of any node in the group, the nonce generated by the node and the identification information of other nodes in the group to the authentication server, and the authentication server Using the secret key of each node as a message with the step of generating a session key used in common by the nodes, the nonce received from the first node by the authentication server, and the generated session key and additional information including access control permission information
- the first additional information ⁇ and the second additional information ⁇ are access control permission information.
- the configuration of the present embodiment is the same as the configuration of the first embodiment except that the additional information includes access control permission information, and provides the same effects.
- access control permission information is transmitted to the node without being encrypted, whereas access control permission information is included in the ciphertext and transmitted. Since the value of the message authentication code is added, it is possible to prevent the access control permission information from leaking to others, and it is possible to confirm the authenticity of the access control permission information.
- the authentication server When receiving the access control request information from the node, the authentication server compares the access control request information with the access control registration information registered in advance, and the access control request information is included in the access control registration information. If not registered, the access control registration information may be used as access control permission information, and the value of the message authentication code may be added to the ciphertext including the access control permission information and transmitted to each node in the group. .
- the authentication server S access information generation unit 36
- receives access control request information from the first node A or the second node B the received access control request information and pre-registered access control registration information. If the received access control request information is not included in the access control registration information, the access control registration information may be used as access control permission information.
- the access control registration information is used as access control permission information.
- the access control registration information is kept up-to-date in the authentication server.
- the access control permission information can be updated to the latest information. In other words, the access control permission information can be easily changed simply by changing the access control registration information in the authentication server.
- the authentication server S (access information generation unit 36) may be configured to generate access control permission information based on changeable access control registration information.
- the authentication server S When the authentication server S (access information generation unit 36) receives the access control request information from the node, the authentication server S (access information generation unit 36) performs access control by performing a logical operation on the received access control request information and the previously registered access control registration information. It may be configured to generate permission information.
- the access control can be easily changed by changing the access control registration information at the authentication server without changing the access control information at the node. It can be carried out.
- the authentication server has access control registration information and adopts a technique for generating access control permission information by logical operation of access control request information from the node and access control registration information
- the node Even if the access control information is not changed in step 1, the access control can be changed simply by changing either the access control registration information registered in the authentication server or the contents of the logical operation in the authentication server. .
- the encryption key distribution system mainly includes a proxy node C that relays communication between the first node A and the second node B. And different.
- the node is configured to communicate with another node indirectly through the proxy node C.
- the authentication server S is configured to transmit access control permission information to the proxy node C.
- the proxy node C includes a communication unit (fourth communication unit) 40, a permission information storage unit 41, and an access control unit 42.
- the communication unit 40 is configured to be able to communicate with the nodes A and B and the authentication server S through the information communication network.
- the permission information storage unit 41 is configured to store access control permission information received from the authentication server S.
- the access control unit 42 is configured to perform access control between the nodes A and B with reference to the access control permission information stored in the permission information storage unit 41.
- the proxy node C has a function of relaying communication between the node A that is a communication initiator and the node B that is a responder of communication.
- node A and node B do not communicate directly, but communicate via proxy node C.
- the node A that is the initiator does not communicate directly with the authentication server S, and the proxy node C communicates with the authentication server S.
- the responding node B directly communicates with both the authentication server S and the proxy node C.
- proxy node C accesses authentication server S (the arrow in FIG. 6 indicates the transmission of data).
- the access control request information from the node A is “A read
- the access control request information from the node B is “B provide RB1”
- the proxy node C Assume that the access control request information is “C read
- the access control registration information possessed by the authentication server S is “Aread
- provide * ” is assumed.
- access control permission information for each of the nodes A and B and the proxy node C, and access control request information for each of the nodes A and B and the proxy node C are provided. And the access control registration information are generated as a common part (product set).
- the upper eight arrows and the lower eight arrows in FIG. 6 correspond to procedures P1 to P8 in FIG. 4, respectively. That is, the upper eight arrows indicate the node A, the proxy node C, and the authentication server S in the relationship between the node A, the node B, and the authentication server S in FIG. Further, the lower eight arrows indicate the proxy node C, the node B, and the authentication server S in relation to the node A, the node B, and the authentication server S in FIG.
- the access control permission information for node A is “A read
- the access control permission information for the proxy node C is “C read
- execute * may be transmitted from the authentication server S to the proxy node C in the procedure P3
- the access control permission information for the proxy node C may finally be “C read
- the proxy node C (access control unit 42) permits the access control permission stored in the permission information storage unit 41. Relay access from node A to node B (see information). That is, when the node A accesses the proxy node C, the proxy node C accesses the node B, and a response from the node B is returned to the node A via the proxy node C.
- the proxy node C has no access restriction, but the access from the node A to the node B has a restriction of “A read
- the node A makes a request for the operation (read, write, execute) of the information RB1. If so, the proxy node C takes over the operation on the information RB1, and the proxy node C makes a request for the operation to the information RB1 of the node B on behalf of the node A, so that the node B has access control permission information. Based on this, information RB1 is provided. Therefore, the proxy node C can acquire the information RB1. The information RB1 acquired by the proxy node C is provided from the proxy node C to the node A.
- the proxy node C makes a request to the node B even when the node A requests the operation of the information RB2, but the access control permission information for the node B does not include the provision of the information RB2.
- Information RB2 is not provided from the node B to the proxy node C, and the node A cannot operate the information RB2.
- the access control request information by the node B is “B provide RB1, RB2,” the operation of the information RB2 by the node A becomes possible.
- the node B when the access set permission information uses a union instead of the common part (product set) of the access control request information and the access control registration information, the node B also receives the information RB2 Can be provided. Except that the proxy node C is provided, other configurations and operations are the same as those in the second embodiment.
- the encryption key distribution system of the present embodiment employs a configuration in which the proxy node C that relays communication between the nodes in the group is provided and access control permission information is transmitted from the authentication server to the proxy node. Yes.
- the encryption key distribution system of this embodiment has a proxy node C that relays communication between the first node A and the second node B.
- the authentication server S is configured to transmit access control permission information to the proxy node C.
- the proxy node C is configured to relay communication between the first node A and the second node B based on the access control permission information received from the authentication server S.
- Nodes A, B, D, and E need to be divided into a plurality of groups when an identifier is set for each type of information and there are a plurality of nodes that provide the same type of information. For example, when the identifier RB1 is associated with the temperature information and both the nodes B and D can provide the temperature information, when the two nodes A and E request the operation on the information RB1, The proxy node C cannot distinguish between the information request RB1 of the nodes B and D.
- nodes A and B and nodes D and E are divided into different groups, when node A requests information RB1, it is provided from node B, and node E requests information RB1. It is possible to provide it from the node D.
- the group identifier for classifying the group is included in the additional information ⁇ and ⁇ transmitted in the procedures P3 and P4 described in the first embodiment.
- nodes A and B and nodes D and E are set as different groups, and G1 and G2 are assigned as group identifiers for each group.
- the group identifier G1 is transmitted as additional information.
- the proxy node C stores group identifiers G1 and G2 for each node to which the same session key Ks is distributed from the authentication server S, and the groups stored by the group identifiers G1 and G2 included in the data received by the proxy node C If the identifiers G1 and G2 do not match or the group identifiers G1 and G2 are not included in the data received by the proxy node C, the received data is not relayed.
- the permission information storage unit 41 is configured to store the group identifiers G1 and G2 for each node to which the same session key Ks is distributed from the authentication server S. Further, the access control unit 42 determines whether the group identifiers G1 and G2 included in the data received by the communication unit 40 do not match the group identifiers G1 and G2 stored in the permission information storage unit 41, or the communication unit 40 When the group identifiers G1 and G2 are not included in the data, the received data is not relayed.
- the authentication server S When one node belongs to a plurality of groups, it is possible to specify which group it belongs to using the group identifier in the procedures P1 and P2. In this case, when one node belongs to a plurality of groups, the authentication server S generates access control permission information as a union of group identifiers, so that the proxy node C has all the nodes included in the union. You can grant access to the group.
- the proxy node C communicates with the node A.
- the group identifier G1 is set during P1
- the group identifier G2 is set during the procedure P2 for communicating with the node D
- the group identifier G1 during the procedure P3 for communicating with the node B.
- Is set, and the group identifier G2 is set during the procedure P4 for communicating with the node E.
- the proxy node C (access control unit 42) has a data table in which which group identifier is set in which procedure (for example, in the permission information storage unit 41), and by referring to the data table Determine whether to relay data between nodes. Similarly, it is also possible to associate a group identifier for each piece of information and to sort the information by the group identifier at the node that has received the information.
- FIG. 8 illustrates an example in which the node A acquires the information RB1 from the node B, and the node E acquires the information RB1 from the node D.
- the authentication server S transmits “C provide *” to the proxy node C in step P3, and “A ⁇ read
- RB1 is transmitted to node A.
- authentication server S transmits “B provide RB1” to node B in step P3, and “C ⁇ read
- the authentication server S transmits “C provide *” to the proxy node C in step P3, and “E read
- RB1 is transmitted to node E.
- the authentication server S transmits “D provide RB1” to the node D in the procedure P3, and “C read
- “*” Is transmitted to the proxy node C.
- the proxy node C relays the access from the node A to the node B, and the node E Access to the node D is relayed. That is, when node A accesses proxy node C, proxy node C accesses node B, and a response from node B is returned to node A via proxy node C, while node E accesses proxy node C. Then, the proxy node C accesses the node D, and a response from the node D is returned to the node E via the proxy node C.
- the group identifier is registered in the proxy node C in association with the session key, and when the node A requests access control to the information RB1, the information RB1 of the node B having the same group identifier G1 is stored in the node. Returned to A. Further, when the node E requests access control to the information RB1, the information RB1 of the node D having the same group identifier G2 is returned to the node E.
- FIG. 9 is associated with the operation example of FIG. 3 to which options are added in the first embodiment, but can be associated with the operation example of FIG. 1 having no options.
- a group identifier is assigned to a node, the group identifier is included in the additional information, and access control is performed using the group identifier.
- each node A, B, D, E is given a group identifier.
- the first additional information ⁇ and the second additional information ⁇ include a group identifier.
- the proxy node C (access control unit 42) is configured to perform access control using a group identifier.
Abstract
Description
(1)2PKDP
まず、2PKDPの場合について、基本的な手順を示すために、図10に示すように、2個のノードA,Bの間でセッション鍵Ksを共有する場合を例として示す。ここでは、ノードAがノードBに対してセッション鍵Ksの配布を要求し、ノードBがセッション鍵KsをノードAに配布するものとする。また、セッション鍵Ksを配布するノードBと、セッション鍵Ksの配布を要求するノードAとは、共通の秘密鍵(すなわち、共通鍵)Kabを事前に保有しているものとする。言い換えると、ノードBはノードAの通信相手であるとともに、認証サーバとしても機能していることになる。
(2)3PKDP
次に、3PKDPの場合について、基本的な手順を示すために、図11に示すように、2個のノードA,Bと認証サーバSとを用い、2個のノードA,Bが互いに通信する際に用いるセッション鍵Ksを、認証サーバSが配布する場合を例として説明する。各ノードA,Bは、それぞれ認証サーバSと共通の秘密鍵(共通鍵)Kas,Kbsを事前に保有しているものとする。
本例では、まず、図1に示すように、図11に示した基本の動作に加え、各ノードA,Bへのセッション鍵Ksの配布に伴って、各ノードA,Bに対する付加情報α,βも併せて送信する例について説明する。付加情報α,βとしては、鍵の有効期限、アクセス回数、課金などの情報を持たせることができ、セッション鍵Ksの配布と同様に付加情報α,βも暗号化して送信される。
から取り出したノンスNasをノードAが記憶しているノンスNasと比較することにより、メッセージの改竄の有無を確認し、受信したノンスNasと記憶しているノンスNasとが不一致であれば、異常とみなして以後の処理を行わない。
本実施形態の暗号鍵配布システムは、図5に示すように、主に認証サーバSがアクセス情報生成ユニット36と、アクセス情報記憶ユニット37とを備えている点で実施形態1の暗号鍵配布システムと異なる。
本実施形態の暗号鍵配布システムは、図7に示すように、主として第1ノードAと第2ノードBとの間の通信を中継するプロキシノードCを有する点で実施形態2の暗号鍵配布システムと異なる。
本動作例は、複数個のノードに対してグループを設定し、グループ別にノードのアクセス制御を行う場合について説明する。説明を簡単にするために、図8のように、4台のノードA,B,D,EとプロキシノードCとが通信可能であって、上述した実施形態3と同様に、鍵配布の機能を有した認証サーバSを用いるものとする。図8に示す動作は、上から8本ずつの矢印が、それぞれ図4における手順P1~P8に対応している。また、以下では、ノードA,BとノードD,Eとを別のグループに区分する技術について説明する。ここでは、ノードEがノードAと同様に情報の要求を行い、ノードDがノードBと同様に情報の提供を行う場合を想定する。
Claims (7)
- 第1ノードと、
第2ノードと、
上記第1ノードと上記第2ノードとの間の暗号化通信に使用されるセッション鍵を生成する認証サーバと、を備え、
上記第1ノードと上記認証サーバとは、上記第1ノードと上記認証サーバとの間の暗号化通信に使用される第1秘密鍵を保持するように構成され、
上記第2ノードと上記認証サーバとは、上記第2ノードと上記認証サーバとの間の暗号化通信に使用される第2秘密鍵を保持するように構成され、
上記第1ノードは、上記セッション鍵の発行を上記認証サーバに要求するにあたっては、第1ノンスを生成して上記認証サーバに送信するように構成され、
上記第2ノードは、上記セッション鍵の発行を上記認証サーバに要求するにあたっては、第2ノンスを生成して上記認証サーバに送信するように構成され、
上記認証サーバは、
上記第1ノンスと上記第2ノンスとを受け取ると上記セッション鍵を新たに生成し、
上記受け取った第1ノンスと上記新たに生成されたセッション鍵と所定の第1付加情報とを含む第1メッセージと上記第1秘密鍵とを用いて第1メッセージ認証コードの値を計算し、
上記受け取った第1ノンスと上記新たに生成されたセッション鍵と上記第1付加情報とを上記第1秘密鍵を用いて暗号化して第1暗号文を作成し、
上記第1暗号文と上記第1メッセージ認証コードの値とを上記第1ノードに送信し、
上記受け取った第2ノンスと上記新たに生成されたセッション鍵と所定の第2付加情報とを含む第2メッセージと上記第2秘密鍵とを用いて第2メッセージ認証コードの値を計算し、
上記受け取った第2ノンスと上記新たに生成されたセッション鍵と上記第2付加情報とを上記第2秘密鍵を用いて暗号化して第2暗号文を作成し、
上記第2暗号文と上記第2メッセージ認証コードの値とを上記第2ノードに送信するように構成され、
上記第1ノードは、
上記第1暗号文および上記第1メッセージ認証コードの値を受け取ると、上記第1秘密鍵を用いて上記第1暗号文を復号して上記セッション鍵と上記第1付加情報とを取得し、
上記第1ノードが記憶する上記第1ノンスと、上記第1暗号文を復号して得られた上記セッション鍵および上記第1付加情報と、上記第1秘密鍵とを用いて上記第1メッセージ認証コードの値を計算し、
上記第1ノードが計算した上記第1メッセージ認証コードの値が上記認証サーバから受け取った上記第1メッセージ認証コードの値に一致するか否かを判定することで上記認証サーバから受け取った上記セッション鍵の認証を行うように構成され、
上記第2ノードは、
上記第2暗号文および上記第2メッセージ認証コードの値を受け取ると、上記第2秘密鍵を用いて上記第2暗号文を復号して上記セッション鍵と上記第2付加情報とを取得し、
上記第2ノードが記憶する上記第2ノンスと、上記第2暗号文を復号して得られた上記セッション鍵および上記第2付加情報と、上記第2秘密鍵とを用いて上記第2メッセージ認証コードの値を計算し、
上記第2ノードが計算した上記第2メッセージ認証コードの値が上記認証サーバから受け取った上記第2メッセージ認証コードの値に一致するか否かを判定することで上記認証サーバから受け取った上記セッション鍵の認証を行うように構成される
ことを特徴とする暗号鍵配布システム。 - 上記第1付加情報および上記第2付加情報は、アクセス制御の許可情報である
ことを特徴とする請求項1記載の暗号鍵配布システム。 - 上記認証サーバは、
上記第1ノードまたは上記第2ノードからアクセス制御の要求情報を受け取ると、受け取った上記アクセス制御の要求情報とあらかじめ登録されたアクセス制御の登録情報とを比較し、上記受け取ったアクセス制御の要求情報が上記アクセス制御の登録情報に含まれていない場合、上記アクセス制御の登録情報を上記アクセス制御の許可情報として用いるように構成される
ことを特徴とする請求項2記載の暗号鍵配布システム。 - 上記第1ノードと上記第2ノードとの間の通信を中継するプロキシノードを有し、
上記認証サーバは、上記プロキシノードに上記アクセス制御の許可情報を送信するように構成され、
上記プロキシノードは、上記認証サーバから受け取った上記アクセス制御の許可情報に基づいて上記第1ノードと上記第2ノードとの間の通信を中継するように構成される
ことを特徴とする請求項2記載の暗号鍵配布システム。 - 上記第1ノードおよび上記第2ノードにはグループ識別子が付与され、
上記第1付加情報および上記第2付加情報は、グループ識別子を含み、
上記プロキシノードは、上記グループ識別子を用いてアクセス制御を行うように構成される
ことを特徴とする請求項4記載の暗号鍵配布システム。 - 上記認証サーバは、変更可能なアクセス制御の登録情報に基づいて上記アクセス制御の許可情報を生成するように構成される
ことを特徴とする請求項2記載の暗号鍵配布システム。 - 上記認証サーバは、上記第1ノードまたは上記第2ノードからアクセス制御の要求情報を受信すると、受け取ったアクセス制御の要求情報とあらかじめ登録されたアクセス制御の登録情報との論理演算により上記アクセス制御の許可情報を生成するように構成される
ことを特徴とする請求項2記載の暗号鍵配布システム。
Priority Applications (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP10792131.4A EP2448170A4 (en) | 2009-06-23 | 2010-06-23 | CLEF-CRYPTOGRAM DISTRIBUTION SYSTEM |
SG2011095544A SG178015A1 (en) | 2009-06-23 | 2010-06-23 | Encryption key distribution system |
JP2011519917A JP5432999B2 (ja) | 2009-06-23 | 2010-06-23 | 暗号鍵配布システム |
CN2010800282101A CN102804676A (zh) | 2009-06-23 | 2010-06-23 | 加密密钥发布系统 |
US13/380,742 US8817985B2 (en) | 2009-06-23 | 2010-06-23 | Encryption key distribution system |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2009-148961 | 2009-06-23 | ||
JP2009148961 | 2009-06-23 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2010150813A1 true WO2010150813A1 (ja) | 2010-12-29 |
Family
ID=43386582
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2010/060635 WO2010150813A1 (ja) | 2009-06-23 | 2010-06-23 | 暗号鍵配布システム |
Country Status (6)
Country | Link |
---|---|
US (1) | US8817985B2 (ja) |
EP (1) | EP2448170A4 (ja) |
JP (1) | JP5432999B2 (ja) |
CN (1) | CN102804676A (ja) |
SG (1) | SG178015A1 (ja) |
WO (1) | WO2010150813A1 (ja) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2013168326A1 (ja) * | 2012-05-11 | 2013-11-14 | パナソニック株式会社 | 暗号鍵設定システム、端末装置 |
JP2015076018A (ja) * | 2013-10-10 | 2015-04-20 | 株式会社オートネットワーク技術研究所 | 通信システム及び照合方法 |
JP2015532818A (ja) * | 2012-09-06 | 2015-11-12 | コニンクリーケ・ケイピーエヌ・ナムローゼ・フェンノートシャップ | デバイス・ツー・デバイス通信セッションの確立 |
US9444851B2 (en) | 2012-10-29 | 2016-09-13 | Koninklijke Kpn N.V. | Intercepting device-to-device communication |
JP2018142823A (ja) * | 2017-02-27 | 2018-09-13 | Kddi株式会社 | 通信システム、及び、通信方法 |
JP2018152796A (ja) * | 2017-03-14 | 2018-09-27 | Kddi株式会社 | 遠隔機器制御システム、及び、遠隔機器制御方法 |
JP2018530280A (ja) * | 2015-09-15 | 2018-10-11 | グローバル リスク アドバイザーズ | 共振暗号化のためのデバイス及び方法 |
US10382430B2 (en) | 2014-07-28 | 2019-08-13 | Encryptier Co., Ltd. | User information management system; user information management method; program, and recording medium on which it is recorded, for management server; program, and recording medium on which it is recorded, for user terminal; and program, and recording medium on which it is recorded, for service server |
Families Citing this family (48)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10181953B1 (en) | 2013-09-16 | 2019-01-15 | Amazon Technologies, Inc. | Trusted data verification |
US9237155B1 (en) | 2010-12-06 | 2016-01-12 | Amazon Technologies, Inc. | Distributed policy enforcement with optimizing policy transformations |
US8769642B1 (en) | 2011-05-31 | 2014-07-01 | Amazon Technologies, Inc. | Techniques for delegation of access privileges |
US9197409B2 (en) | 2011-09-29 | 2015-11-24 | Amazon Technologies, Inc. | Key derivation techniques |
US9203613B2 (en) | 2011-09-29 | 2015-12-01 | Amazon Technologies, Inc. | Techniques for client constructed sessions |
US9178701B2 (en) | 2011-09-29 | 2015-11-03 | Amazon Technologies, Inc. | Parameter based key derivation |
DE102012201164B4 (de) * | 2012-01-26 | 2017-12-07 | Infineon Technologies Ag | Vorrichtung und verfahren zur erzeugung eines nachrichtenauthentifizierungscodes |
US8739308B1 (en) | 2012-03-27 | 2014-05-27 | Amazon Technologies, Inc. | Source identification for unauthorized copies of content |
US8892865B1 (en) | 2012-03-27 | 2014-11-18 | Amazon Technologies, Inc. | Multiple authority key derivation |
US9215076B1 (en) | 2012-03-27 | 2015-12-15 | Amazon Technologies, Inc. | Key generation for hierarchical data access |
US9258118B1 (en) | 2012-06-25 | 2016-02-09 | Amazon Technologies, Inc. | Decentralized verification in a distributed system |
US9660972B1 (en) | 2012-06-25 | 2017-05-23 | Amazon Technologies, Inc. | Protection from data security threats |
US9407440B2 (en) | 2013-06-20 | 2016-08-02 | Amazon Technologies, Inc. | Multiple authority data security and access |
US9521000B1 (en) | 2013-07-17 | 2016-12-13 | Amazon Technologies, Inc. | Complete forward access sessions |
US9237019B2 (en) | 2013-09-25 | 2016-01-12 | Amazon Technologies, Inc. | Resource locators with keys |
US9311500B2 (en) | 2013-09-25 | 2016-04-12 | Amazon Technologies, Inc. | Data security using request-supplied keys |
US10243945B1 (en) | 2013-10-28 | 2019-03-26 | Amazon Technologies, Inc. | Managed identity federation |
US9420007B1 (en) | 2013-12-04 | 2016-08-16 | Amazon Technologies, Inc. | Access control using impersonization |
US9374368B1 (en) | 2014-01-07 | 2016-06-21 | Amazon Technologies, Inc. | Distributed passcode verification system |
US9369461B1 (en) | 2014-01-07 | 2016-06-14 | Amazon Technologies, Inc. | Passcode verification using hardware secrets |
US9292711B1 (en) | 2014-01-07 | 2016-03-22 | Amazon Technologies, Inc. | Hardware secret usage limits |
US9270662B1 (en) | 2014-01-13 | 2016-02-23 | Amazon Technologies, Inc. | Adaptive client-aware session security |
US10771255B1 (en) | 2014-03-25 | 2020-09-08 | Amazon Technologies, Inc. | Authenticated storage operations |
US9369474B2 (en) * | 2014-03-27 | 2016-06-14 | Adobe Systems Incorporated | Analytics data validation |
US10148736B1 (en) * | 2014-05-19 | 2018-12-04 | Amazon Technologies, Inc. | Executing parallel jobs with message passing on compute clusters |
GB2526367A (en) * | 2014-05-23 | 2015-11-25 | Ibm | Password-based authentication |
CN103997405B (zh) * | 2014-05-28 | 2017-10-17 | 大唐移动通信设备有限公司 | 一种密钥生成方法及装置 |
CN103986723B (zh) * | 2014-05-28 | 2017-12-05 | 大唐移动通信设备有限公司 | 一种保密通信控制、保密通信方法及装置 |
US9258117B1 (en) | 2014-06-26 | 2016-02-09 | Amazon Technologies, Inc. | Mutual authentication with symmetric secrets and signatures |
US10326597B1 (en) | 2014-06-27 | 2019-06-18 | Amazon Technologies, Inc. | Dynamic response signing capability in a distributed system |
KR20160056551A (ko) * | 2014-11-12 | 2016-05-20 | 삼성전자주식회사 | 잠금 해제 수행 방법 및 사용자 단말 |
US10285053B2 (en) * | 2015-04-10 | 2019-05-07 | Futurewei Technologies, Inc. | System and method for reducing authentication signaling in a wireless network |
EP3286871B1 (en) * | 2015-04-24 | 2020-07-22 | PCMS Holdings, Inc. | Systems, methods, and devices for device credential protection |
US10122689B2 (en) | 2015-06-16 | 2018-11-06 | Amazon Technologies, Inc. | Load balancing with handshake offload |
US10122692B2 (en) | 2015-06-16 | 2018-11-06 | Amazon Technologies, Inc. | Handshake offload |
CN106161449A (zh) * | 2016-07-19 | 2016-11-23 | 青松智慧(北京)科技有限公司 | 无密钥认证传输方法及系统 |
US10116440B1 (en) | 2016-08-09 | 2018-10-30 | Amazon Technologies, Inc. | Cryptographic key management for imported cryptographic keys |
EP3282638A1 (en) * | 2016-08-11 | 2018-02-14 | Gemalto Sa | A method for provisioning a first communication device by using a second communication device |
US10419226B2 (en) | 2016-09-12 | 2019-09-17 | InfoSci, LLC | Systems and methods for device authentication |
US9722803B1 (en) * | 2016-09-12 | 2017-08-01 | InfoSci, LLC | Systems and methods for device authentication |
US11012428B1 (en) * | 2017-03-02 | 2021-05-18 | Apple Inc. | Cloud messaging system |
US11463439B2 (en) | 2017-04-21 | 2022-10-04 | Qwerx Inc. | Systems and methods for device authentication and protection of communication on a system on chip |
CN108200104A (zh) * | 2018-03-23 | 2018-06-22 | 网宿科技股份有限公司 | 一种进行ssl握手的方法和系统 |
US20190378121A1 (en) * | 2018-05-25 | 2019-12-12 | Finco Services, Inc. | Cryptographic technology platform and methods for providers to enable users to monetize their data |
US20200394651A1 (en) * | 2019-06-13 | 2020-12-17 | Gridplus, Inc. | Dynamic off-chain digital currency transaction processing |
CN113498514A (zh) | 2020-02-06 | 2021-10-12 | 谷歌有限责任公司 | 校验第三方内容在客户端设备上的显示 |
WO2021158227A1 (en) * | 2020-02-06 | 2021-08-12 | Google, Llc | Verifying user interactions on a content platform |
CN115348583B (zh) * | 2022-10-18 | 2023-01-03 | 中国民航信息网络股份有限公司 | 一种高速移动场景下的通信方法及系统 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH0378841B2 (ja) | 1984-07-27 | 1991-12-17 | Mitsui Petrochemical Ind | |
JP3078841B2 (ja) * | 1993-07-27 | 2000-08-21 | インターナシヨナル・ビジネス・マシーンズ・コーポレーシヨン | 通信システムの安全なキー配布を提供するための方法およびシステム |
JP2002051036A (ja) * | 2000-08-01 | 2002-02-15 | Advanced Mobile Telecommunications Security Technology Research Lab Co Ltd | キーエスクロー方式 |
JP2004015813A (ja) * | 2002-06-10 | 2004-01-15 | Microsoft Corp | 相互認証を使用した安全な鍵交換方法およびコンピュータ読取り可能媒体 |
JP2004253967A (ja) * | 2003-02-19 | 2004-09-09 | Nippon Telegr & Teleph Corp <Ntt> | セッション制御サーバおよび通信装置と通信方法、ならびにそのプログラムと記録媒体 |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2002108710A (ja) * | 2000-07-24 | 2002-04-12 | Sony Corp | 情報処理システム、情報処理方法、および情報処理装置、並びにプログラム提供媒体 |
US7233664B2 (en) * | 2003-03-13 | 2007-06-19 | New Mexico Technical Research Foundation | Dynamic security authentication for wireless communication networks |
WO2007004051A1 (en) * | 2005-07-06 | 2007-01-11 | Nokia Corporation | Secure session keys context |
US8023478B2 (en) * | 2006-03-06 | 2011-09-20 | Cisco Technology, Inc. | System and method for securing mesh access points in a wireless mesh network, including rapid roaming |
WO2009094731A1 (en) * | 2008-01-30 | 2009-08-06 | Honeywell International Inc. | Systems and methods for managing building services |
KR20090126166A (ko) * | 2008-06-03 | 2009-12-08 | 엘지전자 주식회사 | 트래픽 암호화 키 생성 방법 및 갱신 방법 |
-
2010
- 2010-06-23 JP JP2011519917A patent/JP5432999B2/ja not_active Expired - Fee Related
- 2010-06-23 SG SG2011095544A patent/SG178015A1/en unknown
- 2010-06-23 WO PCT/JP2010/060635 patent/WO2010150813A1/ja active Application Filing
- 2010-06-23 EP EP10792131.4A patent/EP2448170A4/en not_active Withdrawn
- 2010-06-23 US US13/380,742 patent/US8817985B2/en not_active Expired - Fee Related
- 2010-06-23 CN CN2010800282101A patent/CN102804676A/zh active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH0378841B2 (ja) | 1984-07-27 | 1991-12-17 | Mitsui Petrochemical Ind | |
JP3078841B2 (ja) * | 1993-07-27 | 2000-08-21 | インターナシヨナル・ビジネス・マシーンズ・コーポレーシヨン | 通信システムの安全なキー配布を提供するための方法およびシステム |
JP2002051036A (ja) * | 2000-08-01 | 2002-02-15 | Advanced Mobile Telecommunications Security Technology Research Lab Co Ltd | キーエスクロー方式 |
JP2004015813A (ja) * | 2002-06-10 | 2004-01-15 | Microsoft Corp | 相互認証を使用した安全な鍵交換方法およびコンピュータ読取り可能媒体 |
JP2004253967A (ja) * | 2003-02-19 | 2004-09-09 | Nippon Telegr & Teleph Corp <Ntt> | セッション制御サーバおよび通信装置と通信方法、ならびにそのプログラムと記録媒体 |
Non-Patent Citations (2)
Title |
---|
"HANDBOOK of APPLIED CRYPTOGRAPHY", 1997, CRC PRESS, article A. J. MENEZES ET AL., pages: 497 - 504, XP008148231 * |
See also references of EP2448170A4 * |
Cited By (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2013168326A1 (ja) * | 2012-05-11 | 2013-11-14 | パナソニック株式会社 | 暗号鍵設定システム、端末装置 |
JP2013239773A (ja) * | 2012-05-11 | 2013-11-28 | Panasonic Corp | 暗号鍵設定システム、端末装置 |
JP2017098981A (ja) * | 2012-09-06 | 2017-06-01 | コニンクリーケ・ケイピーエヌ・ナムローゼ・フェンノートシャップ | デバイス・ツー・デバイス通信セッションの確立 |
JP2015532818A (ja) * | 2012-09-06 | 2015-11-12 | コニンクリーケ・ケイピーエヌ・ナムローゼ・フェンノートシャップ | デバイス・ツー・デバイス通信セッションの確立 |
US9438572B2 (en) | 2012-09-06 | 2016-09-06 | Koninklijke Kpn N.V. | Establishing a device-to-device communication session |
US9699820B2 (en) | 2012-09-06 | 2017-07-04 | Koninklijke Kpn N.V. | Establishing a device-to-device communication session |
US9444851B2 (en) | 2012-10-29 | 2016-09-13 | Koninklijke Kpn N.V. | Intercepting device-to-device communication |
JP2015076018A (ja) * | 2013-10-10 | 2015-04-20 | 株式会社オートネットワーク技術研究所 | 通信システム及び照合方法 |
US10382430B2 (en) | 2014-07-28 | 2019-08-13 | Encryptier Co., Ltd. | User information management system; user information management method; program, and recording medium on which it is recorded, for management server; program, and recording medium on which it is recorded, for user terminal; and program, and recording medium on which it is recorded, for service server |
JP2018530280A (ja) * | 2015-09-15 | 2018-10-11 | グローバル リスク アドバイザーズ | 共振暗号化のためのデバイス及び方法 |
US10778413B2 (en) | 2015-09-15 | 2020-09-15 | Global Risk Advisors | Device and method for resonant cryptography |
US10903984B2 (en) | 2015-09-15 | 2021-01-26 | Global Risk Advisors | Device and method for resonant cryptography |
JP2018142823A (ja) * | 2017-02-27 | 2018-09-13 | Kddi株式会社 | 通信システム、及び、通信方法 |
JP2018152796A (ja) * | 2017-03-14 | 2018-09-27 | Kddi株式会社 | 遠隔機器制御システム、及び、遠隔機器制御方法 |
Also Published As
Publication number | Publication date |
---|---|
JP5432999B2 (ja) | 2014-03-05 |
CN102804676A (zh) | 2012-11-28 |
JPWO2010150813A1 (ja) | 2012-12-10 |
EP2448170A4 (en) | 2015-06-24 |
US20120106735A1 (en) | 2012-05-03 |
SG178015A1 (en) | 2012-03-29 |
US8817985B2 (en) | 2014-08-26 |
EP2448170A1 (en) | 2012-05-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP5432999B2 (ja) | 暗号鍵配布システム | |
US11722314B2 (en) | Digital transaction signing for multiple client devices using secured encrypted private keys | |
CN113691560B (zh) | 数据传送方法、控制数据使用的方法以及密码设备 | |
CN108683501B (zh) | 基于量子通信网络的以时间戳为随机数的多次身份认证系统和方法 | |
CN108650028B (zh) | 基于量子通信网络与真随机数的多次身份认证系统和方法 | |
US20200320178A1 (en) | Digital rights management authorization token pairing | |
EP2140605A1 (en) | Secure electronic messaging system requiring key retrieval for deriving decryption key | |
CN108964897B (zh) | 基于群组通信的身份认证系统和方法 | |
CN102036242A (zh) | 一种移动通讯网络中的接入认证方法和系统 | |
CN108964896B (zh) | 一种基于群组密钥池的Kerberos身份认证系统和方法 | |
CN108600152B (zh) | 基于量子通信网络的改进型Kerberos身份认证系统和方法 | |
CN111080299B (zh) | 一种交易信息的防抵赖方法及客户端、服务器 | |
CN102884756A (zh) | 通信装置和通信方法 | |
CN108964895B (zh) | 基于群组密钥池和改进Kerberos的User-to-User身份认证系统和方法 | |
CN113572795B (zh) | 一种车辆安全通信方法、系统及车载终端 | |
CN106549858A (zh) | 一种基于标识密码的即时通信加密方法 | |
CN104468074A (zh) | 应用程序之间认证的方法及设备 | |
CN100450305C (zh) | 一种基于通用鉴权框架的安全业务通信方法 | |
US8782406B2 (en) | Secure digital communications | |
CN115174277B (zh) | 基于区块链的数据通信和档案交换方法 | |
CN110995671A (zh) | 一种通信方法及系统 | |
CN112035820B (zh) | 一种用于Kerberos加密环境下的数据解析方法 | |
CN114866244A (zh) | 基于密文分组链接加密的可控匿名认证方法、系统及装置 | |
CN108965266B (zh) | 一种基于群组密钥池和Kerberos的User-to-User身份认证系统和方法 | |
WO2021019782A1 (ja) | 所有者同一性確認システムおよび所有者同一性確認方法 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 201080028210.1 Country of ref document: CN |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 10792131 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 9620/CHENP/2011 Country of ref document: IN |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2011519917 Country of ref document: JP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2010792131 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 13380742 Country of ref document: US |