WO2015008623A1 - 鍵保管装置、鍵保管方法、及びそのプログラム - Google Patents
鍵保管装置、鍵保管方法、及びそのプログラム Download PDFInfo
- Publication number
- WO2015008623A1 WO2015008623A1 PCT/JP2014/067639 JP2014067639W WO2015008623A1 WO 2015008623 A1 WO2015008623 A1 WO 2015008623A1 JP 2014067639 W JP2014067639 W JP 2014067639W WO 2015008623 A1 WO2015008623 A1 WO 2015008623A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- key
- information
- storage device
- key storage
- ciphertext
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/088—Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/76—Proxy, i.e. using intermediary entity to perform cryptographic operations
Definitions
- the present invention relates to a key storage device, a key storage method, and a program for secretly managing a key used for arithmetic processing.
- Patent Document 1 is known as a prior art of a key storage device that secretly stores a secret key used for arithmetic processing.
- a key storage device receives a ciphertext encrypted according to a public key cryptosystem from a terminal device, decrypts the ciphertext using a secret key, and outputs the decryption result to the terminal device.
- the key storage device shall store the key secretly and must not output it to the outside prior to the end of the period during which calculation processing using the key is provided (hereinafter referred to as the “processing processing provision period”). .
- the key storage device outputs the key to the user who is provided with the arithmetic processing when the arithmetic processing provision period ends.
- This premise is for dealing with the following problems found by the inventors. For example, in the decryption system of Patent Document 1, if the secret key is not distributed to the user when the operation processing provision period ends, the user may lose the technique of decrypting the ciphertext. In order to solve this problem, it is considered necessary to distribute the secret key to the user with the end of the provision of the decryption process in consideration of the convenience of the user.
- an attacker may intrude into the key storage device and restart the service with exactly the same configuration. Even if the secret key is erased from the key storage device after the end of the processing provision period, the attacker uses exactly the same configuration using the secret key distributed directly or indirectly (via a legitimate user). To resume the service. Then, there may arise a problem that a user who does not know the end of the operation processing provision period or a user who thinks that the service has resumed transmits the ciphertext to the key storage device operated by the attacker, and information leaks.
- An object of the present invention is to provide a key storage device, a key storage method, and a program thereof that prevent a service from being restarted with the same configuration as that during the operation processing provision period.
- the key storage device secretly manages the key before the end of the period in which the operation processing using the key is provided, and the period A one-way function unit that generates a key by applying a one-way function to the first information, and a storage unit that secretly stores the first information during the period And an end determination unit that erases the first information from the storage unit and outputs the key when the period ends.
- FIG. 1 is a functional block diagram of the key storage device 100 according to the first embodiment
- FIG. 2 shows a processing flow of the key storage device 100 according to the first embodiment.
- the key storage device 100, the terminal device 20-1, and the terminal device 20-2 are connected to each other via the communication line 30.
- the key storage device 100, the terminal device 20-1, and the terminal device 20-2 are devices having a calculation function and a storage function such as a router device, a server device, a mobile phone, and an IC card, and a CPU loaded with a special program. Or a known or dedicated computer equipped with a RAM.
- the key storage device 100 includes an arithmetic processing unit 101, a one-way function unit 103, a storage unit 105, and an end determination unit 107.
- the key storage device 100 secretly manages the key s before the end of the operation processing provision period, and outputs the key s with the end of the operation processing provision period.
- “management” is a concept including not only storage but also generation, and may include a concept including addition, change, deletion, association with a terminal device and information ⁇ , and the like.
- the key storage device 100 receives the information ⁇ to be subjected to arithmetic processing from the terminal device 20-1 before the end of the arithmetic processing provision period, performs predetermined arithmetic processing using the key s, and outputs the arithmetic result z to the terminal device 20 To -1.
- the storage unit 105 secretly stores the first information s ′ prior to the provision of the arithmetic processing.
- the end determination unit 107 deletes the first information s ′ from the storage unit 105 and outputs the key s to the terminal device 20-1 (represented by a one-dot chain line in the drawing) at the end of the operation processing provision period.
- the end determination unit 107 determines whether or not the operation processing provision period has ended (s1). When the calculation process providing period has ended, the end determination unit 107 transmits an error message to the effect that the calculation process providing period has ended to the terminal device 20-1 (s2). On the other hand, when the calculation processing provision period has not ended, the end determination unit 107 outputs information ⁇ to the calculation processing unit 101 and requests the key s from the one-way function unit 103 (s3).
- the one-way function unit 103 takes out the first information s ′ from the storage unit 105 when the key s is requested.
- the arithmetic processing unit 101 performs predetermined arithmetic processing using the key s, and transmits the arithmetic result z to the terminal device 20-1 (s5).
- the arithmetic processing unit 101 may store the key s in a secret manner or delete the key s after performing the arithmetic processing.
- the arithmetic processing unit 101 can omit the above s3 (key request) and s4 (key generation) from the next time.
- the arithmetic processing unit 101 deletes the key s after performing the arithmetic processing, the key s does not exist in the key storage device 100, and the safety is further improved.
- the key storage device 100 may generate the key s in advance and store the key s in a secret manner.
- the key storage device 100 secretly manages the key s before the end of the operation processing provision period, and the first information is received from the key storage device 100 (more specifically, the storage unit 105) with the end of the operation processing provision period.
- the configuration may be such that s ′ is deleted and the key s is output to the user (in this example, the terminal device 20-1).
- Calculation processing can be encryption, decryption, signature generation, and the like. Further, the encryption may be based on a common key cryptosystem. For the decryption, a common key cryptosystem or a public key cryptosystem can be considered. As the common key cryptosystem, AES, DES, and the like can be considered, and the key s is a common key. As public key cryptosystems, RSA cryptography, ElGamal cryptography, elliptical ElGamal cryptography, etc. can be considered, and the key s is a secret key.
- the signature generation may be an RSA signature or the like, and the key s is a signature key.
- an example of the arithmetic processing will be described.
- the key storage device 100 generates first information s ′.
- the terminal device 20-1 requests the key storage device 100 to encrypt plaintext M via the communication line 30.
- the key storage device 100 receives the plaintext M, and performs s1 to s4 (determination of operation processing provision period, key request, key generation).
- the key storage apparatus 100 performs encryption as the predetermined calculation process, receives the plaintext M as the information ⁇ to be the calculation process, and outputs the ciphertext C as the calculation result z.
- the terminal device 20-1 receives the ciphertext C and stores it. In this example, this ciphertext C is transmitted to the terminal device 20-2.
- the terminal device 20-2 receives the ciphertext C and stores it.
- the terminal device 20-2 requests the key storage device 100 to decrypt the ciphertext C via the communication line 30.
- the key storage device 100 receives the ciphertext C, and performs s1 to s4 (determination of operation processing provision period, key request, key generation).
- the key storage apparatus 100 performs decryption as the predetermined computation process, receives the ciphertext C as the information ⁇ to be subjected to the computation process, and outputs the decryption result M ′ as the computation result z.
- the terminal devices 20-1 and 20-2 requesting the arithmetic processing are users of the key storage device 100.
- C M e mod m
- the operation defined by the group is expressed in a multiplicative manner. That is, G is a group, and “ ⁇ b ” for ⁇ G means that the operation defined in group G is applied to ⁇ b times.
- the terminal device 20-1 receives and stores the ciphertext C, and requests the key storage device 100 to decrypt the ciphertext C.
- the key storage device 100 receives the ciphertext C and performs s1 to s4 (determination of the operation processing provision period, key request, and key generation).
- the key storage apparatus 100 performs decryption as the predetermined computation process, receives the ciphertext C as the information ⁇ to be subjected to the computation process, and outputs the decryption result M ′ as the computation result z.
- the terminal device 20-1 requesting the processing is a user of the key storage device 100.
- ElGamal encryption An example of a public key cryptosystem using ElGamal will be described.
- t be the security parameter.
- G generator g is selected.
- x is randomly selected from ⁇ 0, ..., q-1 ⁇ .
- h g x .
- the plaintext space is G, and M is an element of G.
- the ciphertext space is G 2 and (C 1 , C 2 ) ⁇ G ⁇ G.
- C (C 1 , C 2 )
- C 1 g r
- Mh r a random number generated by the terminal device 20-2, and is an integer randomly selected from 0 ⁇ r ⁇ q.
- the operation defined by the group is expressed in a multiplicative manner.
- the terminal device 20-2 transmits the ciphertext C to the terminal device 20-1.
- the terminal device 20-1 receives and stores the ciphertext C, and requests the key storage device 100 to decrypt the ciphertext C.
- the key storage device 100 receives the ciphertext C and performs s1 to s4 (determination of the operation processing provision period, key request, and key generation).
- the terminal device 20-1 may transmit a portion C 1 of the ciphertext C in the key storing device 100.
- the key storage device 100 performs s1 to s4, obtains a decryption result C 1 x using a part C 1 of the ciphertext C and the secret key x, and transmits it to the terminal device 20-1.
- the terminal device 20-1 obtains the decryption result M ′ by the following equation using the other part C 2 of the ciphertext and the decryption result C 1 x .
- M ' C 2 / C 1 x
- E the elliptic curve parameter
- J and H the points on the elliptic curve E
- q the order of the point J on the elliptic curve E.
- the key storage device 100 may store the secret key x secretly or delete it. In this example, it will be deleted.
- C (C 1 , C 2 )
- C 1 rJ
- r is a random number generated by the information storage device 11, and is an integer selected at random from 0 ⁇ r ⁇ q.
- operations defined by groups are expressed additively.
- the terminal device 20-2 transmits the ciphertext C to the terminal device 20-1.
- the terminal device 20-1 receives and stores the ciphertext C, and requests the key storage device 100 to decrypt the ciphertext C.
- the key storage device 100 receives the ciphertext C and performs s1 to s4 (determination of the operation processing provision period, key request, and key generation).
- the terminal device 20-1 may transmit a portion C 1 of the ciphertext C in the key storing device 100.
- the key storage apparatus 100 performs s1 to s4, obtains a decryption result xC 1 using a part C 1 of the ciphertext C and the secret key x, and transmits it to the terminal apparatus 20-1.
- the terminal device 20-1 obtains the decryption result M ′ by the following equation using the other part C 2 of the ciphertext and the decryption result xC 1 .
- M ' C 2 -xC 1
- RSA signature An example of a signature scheme using RSA encryption will be described.
- the terminal device 20-1 requests the key storage device 100 to generate a signature for the plaintext M.
- the key storage apparatus 100 receives the plaintext M and performs s1 to s4.
- the key storage apparatus 100 generates a signature as a predetermined calculation process, receives plaintext M as information ⁇ to be a calculation process target, and outputs a signature ⁇ as a calculation result.
- the terminal device 20-1 receives and stores the signature ⁇ , and transmits the plaintext M and the signature ⁇ to the terminal device 20-2.
- the key s can be obtained from the first information s ′ using the one-way function, but obtaining the first information s ′ from the key s means that the one-way function is inversely operated, Is possible. For this reason, if the first information s ′ is deleted after the operation processing provision period ends, even if the key s is held, the attacker cannot resume the service with the same configuration as that during the operation processing provision period.
- the key storage device 100 includes the arithmetic processing unit 101, but the arithmetic processing unit 101 may be configured as a separate device. In that case, a secret key is requested from the arithmetic processing device to the key storage device 100.
- a certain terminal device transmits a ciphertext to another terminal device, but a certain terminal device stores the ciphertext without transmitting it, and the terminal device
- the device itself may request the key storage device 100 to decrypt the ciphertext. For example, by configuring the information in the terminal device 20-1 so that it cannot be decrypted by the terminal device 20-1 itself, it is possible to prevent the information from being leaked even when the terminal device 20-1 is stolen or lost. it can.
- the administrator of the key storage device 100 can know the decryption result of the ciphertext C. Therefore, when the administrator of the key storage device 100 is different from the user of the terminal device 20-1, there is a possibility that information that should be known only by the user of the terminal device 20-1 is known to the administrator of the key storage device 100. is there.
- the second embodiment is different from the first embodiment in that the key storage device 100 decrypts a ciphertext (disturbance information) that can be randomly returned.
- the encryption method capable of random reduction consists of a randomization algorithm and a restoration algorithm.
- the randomization algorithm is a probability algorithm that outputs another ciphertext using a ciphertext and a random number, and the output follows a probability distribution that cannot be distinguished from a randomly selected ciphertext regardless of input.
- the restoration algorithm is an algorithm that outputs a plaintext obtained by decrypting an original ciphertext by using a result obtained by decrypting another ciphertext as an output of the randomization algorithm and a random number used in the randomization algorithm as inputs.
- Such an encryption method can be configured using a homomorphic encryption method such as ElGamal encryption, elliptical ElGamal encryption, RSA encryption, and Pailler encryption.
- the second embodiment will be described with reference to an example in which a random self-reducing encryption scheme is configured using a homomorphic encryption scheme.
- the calculation process is performed on the disturbed information using the key s and disturbing the relationship with the original information by the random number r.
- the processing is performed as follows.
- the terminal device 20-1 generates a random number r, and generates disturbance information ⁇ (information to be subjected to calculation processing) that disturbs the relationship with the ciphertext C using the random number r.
- the random number r is stored in a storage unit (not shown).
- the terminal device 20-1 generates the disturbance information ⁇ corresponding to the ciphertext C and the random number r in accordance with a randomization algorithm defined from the random self-reduction of the encryption scheme.
- the ciphertext C is a ciphertext of a homomorphic cryptosystem
- the ciphertext (random ciphertext) obtained by encrypting the random number r with the public key y according to the same homomorphic cryptosystem is represented as Enc (y, r )
- the terminal device 20-1 transmits the disturbance information ⁇ to the key storage device 100 and requests decryption thereof.
- the key storage device 100 receives the disturbance information ⁇ and performs s1 to s4.
- the terminal device 20-1 receives the decryption result z.
- the terminal device 20-1 takes out the random number r from a storage unit (not shown), and uses the decryption result z of the disturbance information ⁇ and the random number r in accordance with a restoration algorithm defined by the random self-reduction of the encryption method, and the ciphertext C
- the decoding result M ′ is obtained.
- the terminal device 20-1 using the inverse element r -1 of the random number r, multiplication of z and the original r -1 M '
- the configuration of the second embodiment may be combined with decryption using another public key encryption method (for example, ElGamal encryption, elliptical ElGamal encryption, etc.), encryption and decryption using a common key encryption method, RSA signature, and the like. .
- another public key encryption method for example, ElGamal encryption, elliptical ElGamal encryption, etc.
- Encryption using a common key encryption method for example, RSA signature, and the like.
- the program describing the processing contents can be recorded on a computer-readable recording medium.
- a computer-readable recording medium any recording medium such as a magnetic recording device, an optical disk, a magneto-optical recording medium, and a semiconductor memory may be used.
- this program is distributed by selling, transferring, or lending a portable recording medium such as a DVD or CD-ROM in which the program is recorded. Further, the program may be distributed by storing the program in a storage device of the server computer and transferring the program from the server computer to another computer via a network.
- a computer that executes such a program first stores a program recorded on a portable recording medium or a program transferred from a server computer in its storage unit. When executing the process, this computer reads the program stored in its own storage unit and executes the process according to the read program.
- a computer may read a program directly from a portable recording medium and execute processing according to the program. Further, each time a program is transferred from the server computer to the computer, processing according to the received program may be executed sequentially.
- the program is not transferred from the server computer to the computer, and the above-described processing is executed by a so-called ASP (Application Service Provider) type service that realizes a processing function only by an execution instruction and result acquisition. It is good.
- the program includes information provided for processing by the electronic computer and equivalent to the program (data that is not a direct command to the computer but has a property that defines the processing of the computer).
- each device is configured by executing a predetermined program on a computer, at least a part of these processing contents may be realized by hardware.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Storage Device Security (AREA)
Abstract
Description
図1及び図2を用いて、第一実施形態に係る鍵保管装置100を説明する。図1は第一実施形態に係る鍵保管装置100の機能ブロック図を、図2は第一実施形態に係る鍵保管装置100の処理フローを示す。
共通鍵暗号方式の一例について説明する。まず、鍵保管装置100は、第一情報s’を生成する。
RSA暗号を用いた公開鍵暗号方式の一例について説明する。まず、tをセキュリティパラメータとする。p,q(p≠q)をt/2ビットの素数とし、m=pqとする。eをφ(m)未満の正の整数で、φ(m)と互いに素な数とし、dをφ(m)を法としたeの逆数(de≡1(modφ(m)))とする。ここでφ(m)はmのオイラー関数で、この場合は(p-1)(q-1)に等しい。0以上m未満の整数の集合をZmで表す。Mを平文空間Zmの元とする。
C=Me mod m
ここでは、群で定義された演算を乗法的に表現する。すなわちGを群とし、α∈Gに対する「αb」は、群Gで定義された演算をαに対してb回作用させることを意味する。
ElGamalを用いた公開鍵暗号方式の一例について説明する。tをセキュリティパラメータとする。巡回群Gで、位数qが素数であり、かつqのビット数がtであるものが選ばれる。Gの生成元gが選ばれる。xが{0,…,q-1}からランダムに選ばれる。h=gxとする。平文空間はGであり、MはGの元である。暗号文空間はG2であり、(C1,C2)∈G×Gである。
C=(C1,C2)
C1=gr
C2=Mhr
ただし、rは端末装置20-2によって生成される乱数であり、0<r<qからランダムに選ばれる整数である。ここでは、群で定義された演算を乗法的に表現する。
M'=C2/C1 x
Eを楕円曲線パラメータ、J及びHを楕円曲線E上の点、qを楕円曲線E上の点Jの位数とする。楕円ElGamal暗号を用いた公開鍵暗号方式では、公開鍵y=(E,q,J,H=xJ)、秘密鍵x(=s)とする。例えば、鍵保管装置100は、第一情報s’を生成し、第一情報s’に対して一方向性ハッシュ関数Hash()を作用させて秘密鍵x=Hash(s’)を生成する。さらに、鍵保管装置100は、ElGamalを用いた公開鍵暗号方式に則って、秘密鍵xに対応する公開鍵y=(E,q,J,H=xJ)を生成する。鍵保管装置100は、秘密鍵xを秘密に保管してもよいし、削除してもよい。この例では、削除するものとする。また、鍵保管装置100は、公開鍵y=(E,q,J,H=xJ)を公開する。
C=(C1,C2)
C1=rJ
C2=M+rH
ただし、rは情報記憶装置11によって生成される乱数であり、0<r<qからランダムに選ばれる整数である。ここでは、群で定義された演算を加法的に表現する。
M'=C2-xC1
RSA暗号を用いた署名方式の一例について説明する。
RSA暗号を用いた公開鍵暗号方式では、公開鍵y=(e,m)、署名鍵v(=s)とする。例えば、鍵保管装置100は、第一情報s’を生成し、第一情報s’に対して一方向性ハッシュ関数Hash()を作用させて署名鍵v=Hash(s’)を生成する。さらに、鍵保管装置100は、RSA暗号を用いた公開鍵暗号方式に則って、署名鍵vに対応する公開鍵y=(e,m)を生成する。鍵保管装置100は、署名鍵vを秘密に保管してもよいし、削除してもよい。この例では、削除するものとする。また、鍵保管装置100は、公開鍵y=(e,m)を公開する。
M=σe mod m
一方向性関数を用いて、第一情報s'から鍵sを求めることはできるが、鍵sから第一情報s'を求めることは一方向性関数の逆演算を行うことを意味し、不可能である。そのため、演算処理提供期間終了後に、第一情報s'を消去すると、仮に鍵sを持っていたとしても、攻撃者が演算処理提供期間中の構成と同じ構成でサービスを再開することはできない。
本実施形態では、鍵保管装置100が演算処理部101を備えているが、演算処理部101を別装置として構成してもよい。その場合には、演算処理装置から鍵保管装置100に対して秘密鍵が要求される。
第一実施形態と異なる部分を中心に説明する。第二実施形態では、クラウド鍵管理型暗号方式(特許文献1参照)を利用して、対象となる情報の復号を依頼する。
このような構成により、第一実施形態と同様の効果を得ることができる。さらに本実施形態では、鍵保管装置100で復号されるのは暗号文Cと乱数rとに対応するかく乱情報τであり、暗号文Cそのものではない。鍵保管装置100はかく乱情報τの復号結果zを得ることができても、鍵保管装置100は乱数rを知らないため復号結果zから暗号文Cの復号結果M'を復元することはできない。これにより、鍵保管装置100の管理者に暗号文Cの復号結果M'が知られることを防止できる。なお、第二実施形態の構成と、他の公開鍵暗号方式(例えば、ElGamal暗号、楕円ElGamal暗号等)による復号や、共通鍵暗号方式による暗号化及び復号、RSA署名等とを組み合わせてもよい。
本発明は上記の実施形態及び変形例に限定されるものではない。例えば、上述の各種の処理は、記載に従って時系列に実行されるのみならず、処理を実行する装置の処理能力あるいは必要に応じて並列的にあるいは個別に実行されてもよい。その他、本発明の趣旨を逸脱しない範囲で適宜変更が可能である。
また、上記の実施形態及び変形例で説明した各装置における各種の処理機能をコンピュータによって実現してもよい。その場合、各装置が有すべき機能の処理内容はプログラムによって記述される。そして、このプログラムをコンピュータで実行することにより、上記各装置における各種の処理機能がコンピュータ上で実現される。
100 鍵保管装置
101 演算処理部
103 一方向性関数部
105 保管部
107 終了判定部
Claims (5)
- 鍵を用いた演算処理を提供している期間の終了前は前記鍵を秘密に管理し、その期間の終了に伴い前記鍵を出力するものとし、
第一情報に対して一方向性関数を作用させて前記鍵を生成する一方向性関数部と、
前記期間において、前記第一情報を秘密に保管する保管部と、
前記期間の終了に伴い、前記保管部から前記第一情報を消去し、前記鍵を出力する終了判定部と、を含む、
鍵保管装置。 - 請求項1記載の鍵保管装置であって、
前記演算処理が、前記鍵を用いて、乱数rによって元の情報との関係をかく乱させたかく乱情報に対して行われるものである、
鍵保管装置。 - 鍵を用いた演算処理を提供している期間の終了前は前記鍵を秘密に管理し、その期間の終了に伴い前記鍵を出力するものとし、
一方向性関数部が、第一情報に対して一方向性関数を作用させて前記鍵を生成する一方向性関数ステップと、
保管部が、前記期間において、前記第一情報を秘密に保管する保管ステップと、
終了判定部が、前記期間の終了に伴い、前記第一情報を消去し、前記鍵を出力する終了判定ステップと、を含む、
鍵保管方法。 - 請求項3記載の鍵保管方法であって、
前記演算処理が、前記鍵を用いて、乱数rによって元の情報との関係をかく乱させたかく乱情報に対して行われるものである、
鍵保管方法。 - 請求項1または請求項2記載の鍵保管装置として、コンピュータを機能させるためのプログラム。
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201480039716.0A CN105409159B (zh) | 2013-07-18 | 2014-07-02 | 密钥保管装置、密钥保管方法、以及其记录介质 |
US14/904,314 US20160148002A1 (en) | 2013-07-18 | 2014-07-02 | Key storage apparatus, key storage method and program therefor |
JP2015527247A JP6294882B2 (ja) | 2013-07-18 | 2014-07-02 | 鍵保管装置、鍵保管方法、及びそのプログラム |
EP14826095.3A EP3010173B1 (en) | 2013-07-18 | 2014-07-02 | Key storage device, key storage method, and program therefor |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2013-149153 | 2013-07-18 | ||
JP2013149153 | 2013-07-18 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2015008623A1 true WO2015008623A1 (ja) | 2015-01-22 |
Family
ID=52346092
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2014/067639 WO2015008623A1 (ja) | 2013-07-18 | 2014-07-02 | 鍵保管装置、鍵保管方法、及びそのプログラム |
Country Status (5)
Country | Link |
---|---|
US (1) | US20160148002A1 (ja) |
EP (1) | EP3010173B1 (ja) |
JP (1) | JP6294882B2 (ja) |
CN (1) | CN105409159B (ja) |
WO (1) | WO2015008623A1 (ja) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10523440B2 (en) | 2015-09-22 | 2019-12-31 | Securerf Corporation | Signature generation and verification system |
US10700870B2 (en) * | 2015-09-22 | 2020-06-30 | Veridify Security Inc. | Signature generation and verification system |
EP3490189B1 (en) * | 2016-07-19 | 2022-04-06 | Nippon Telegraph and Telephone Corporation | Communication terminals, server devices, and programs |
JP6719339B2 (ja) * | 2016-08-30 | 2020-07-08 | 三菱電機株式会社 | 暗号システム、暗号方法及び暗号プログラム |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH10301491A (ja) * | 1997-04-28 | 1998-11-13 | Ibm Japan Ltd | 暗号通信方法とシステム |
JPH11122240A (ja) * | 1997-10-17 | 1999-04-30 | Fuji Xerox Co Ltd | 復号装置および方法ならびにアクセス資格認証装置および方法 |
JP2002208216A (ja) * | 2001-01-12 | 2002-07-26 | Victor Co Of Japan Ltd | コンテンツ記録再生装置 |
JP2005122359A (ja) * | 2003-10-15 | 2005-05-12 | Sanyo Electric Co Ltd | コンテンツ処理装置 |
US20120017095A1 (en) * | 2010-07-19 | 2012-01-19 | Coreguard | Software Service for Encrypting and Decrypting Data |
JP2012151756A (ja) | 2011-01-20 | 2012-08-09 | Nippon Telegr & Teleph Corp <Ntt> | 復号システム、鍵装置、復号方法、及びプログラム |
Family Cites Families (21)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2001237817A (ja) * | 2000-02-24 | 2001-08-31 | Nippon Telegr & Teleph Corp <Ntt> | 鍵寄託方法及びシステム及び鍵寄託プログラムを格納した記憶媒体 |
JP2003069547A (ja) * | 2001-08-29 | 2003-03-07 | Fujitsu Ltd | マルチキャスト通信システム |
WO2004008676A2 (en) * | 2002-07-12 | 2004-01-22 | Ingrian Networks, Inc. | Network attached encryption |
JP2004186814A (ja) * | 2002-11-29 | 2004-07-02 | Fujitsu Ltd | 共通鍵暗号化通信システム |
JP3927151B2 (ja) * | 2003-05-30 | 2007-06-06 | 株式会社東芝 | 記憶装置 |
US20050157872A1 (en) * | 2003-11-12 | 2005-07-21 | Takatoshi Ono | RSA public key generation apparatus, RSA decryption apparatus, and RSA signature apparatus |
JP2006246359A (ja) * | 2005-03-07 | 2006-09-14 | Nec Corp | 一時的なvpnサービスの提供方法、vpnシステム、vpn装置、及び、プログラム |
JP4566060B2 (ja) * | 2005-05-02 | 2010-10-20 | 株式会社日立製作所 | 映像記録システム |
JP2006318291A (ja) * | 2005-05-13 | 2006-11-24 | Fujitsu Ltd | 無線タグ管理プログラム |
JP4522327B2 (ja) * | 2005-06-14 | 2010-08-11 | 三洋電機株式会社 | 家庭内コンテンツ共同利用システム、ホームサーバ、ホーム機器および家庭内コンテンツ共同利用方法 |
JP2008103988A (ja) * | 2006-10-19 | 2008-05-01 | Fujitsu Ltd | 暗号通信システム、装置、方法及びプログラム |
TWI375447B (en) * | 2008-06-27 | 2012-10-21 | Ind Tech Res Inst | Multi-layer encryption and decryption system and method thereof |
KR101584987B1 (ko) * | 2009-06-08 | 2016-01-13 | 삼성전자주식회사 | 데이터 송수신 장치 및 방법 |
KR101046992B1 (ko) * | 2009-10-29 | 2011-07-06 | 한국인터넷진흥원 | 센서데이터 보안유지 방법, 시스템 및 기록매체 |
JP5489775B2 (ja) * | 2010-02-23 | 2014-05-14 | 株式会社インテック | 秘密鍵共有システム、方法、データ処理装置、管理サーバ、及びプログラム |
KR101503581B1 (ko) * | 2010-06-04 | 2015-03-17 | 후지쯔 가부시끼가이샤 | 처리 장치, 처리 방법 및 처리 프로그램을 기록한 컴퓨터 판독 가능한 기록 매체 |
US8631460B2 (en) * | 2011-03-23 | 2014-01-14 | CipherPoint Software, Inc. | Systems and methods for implementing transparent encryption |
US20120311317A1 (en) * | 2011-06-02 | 2012-12-06 | David Elrod | Access-controlled customer data offloading to blind public utility-managed device |
US10237060B2 (en) * | 2011-06-23 | 2019-03-19 | Microsoft Technology Licensing, Llc | Media agnostic, distributed, and defendable data retention |
US8862889B2 (en) * | 2011-07-02 | 2014-10-14 | Eastcliff LLC | Protocol for controlling access to encryption keys |
JP5973224B2 (ja) * | 2012-05-10 | 2016-08-23 | 株式会社東海理化電機製作所 | 電子キー登録方法 |
-
2014
- 2014-07-02 EP EP14826095.3A patent/EP3010173B1/en active Active
- 2014-07-02 JP JP2015527247A patent/JP6294882B2/ja active Active
- 2014-07-02 CN CN201480039716.0A patent/CN105409159B/zh active Active
- 2014-07-02 US US14/904,314 patent/US20160148002A1/en not_active Abandoned
- 2014-07-02 WO PCT/JP2014/067639 patent/WO2015008623A1/ja active Application Filing
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH10301491A (ja) * | 1997-04-28 | 1998-11-13 | Ibm Japan Ltd | 暗号通信方法とシステム |
JPH11122240A (ja) * | 1997-10-17 | 1999-04-30 | Fuji Xerox Co Ltd | 復号装置および方法ならびにアクセス資格認証装置および方法 |
JP2002208216A (ja) * | 2001-01-12 | 2002-07-26 | Victor Co Of Japan Ltd | コンテンツ記録再生装置 |
JP2005122359A (ja) * | 2003-10-15 | 2005-05-12 | Sanyo Electric Co Ltd | コンテンツ処理装置 |
US20120017095A1 (en) * | 2010-07-19 | 2012-01-19 | Coreguard | Software Service for Encrypting and Decrypting Data |
JP2012151756A (ja) | 2011-01-20 | 2012-08-09 | Nippon Telegr & Teleph Corp <Ntt> | 復号システム、鍵装置、復号方法、及びプログラム |
Non-Patent Citations (1)
Title |
---|
"Focus on the News", NTT GIJUTSU JOURNAL, vol. 24, no. 5, 1 May 2012 (2012-05-01), pages 46 - 47, XP055311669 * |
Also Published As
Publication number | Publication date |
---|---|
CN105409159A (zh) | 2016-03-16 |
JPWO2015008623A1 (ja) | 2017-03-02 |
JP6294882B2 (ja) | 2018-03-14 |
EP3010173A1 (en) | 2016-04-20 |
EP3010173B1 (en) | 2019-01-16 |
US20160148002A1 (en) | 2016-05-26 |
CN105409159B (zh) | 2019-09-06 |
EP3010173A4 (en) | 2017-03-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10785019B2 (en) | Data transmission method and apparatus | |
US10361841B2 (en) | Proxy computing system, computing apparatus, capability providing apparatus, proxy computing method, capability providing method, program, and recording medium | |
US8429408B2 (en) | Masking the output of random number generators in key generation protocols | |
US20160127128A1 (en) | Management of cryptographic keys | |
JP6363032B2 (ja) | 鍵付替え方向制御システムおよび鍵付替え方向制御方法 | |
JP2017517979A (ja) | 署名生成および暗号化/暗号解読のための共通法rsa鍵対 | |
US10826694B2 (en) | Method for leakage-resilient distributed function evaluation with CPU-enclaves | |
US9917695B2 (en) | Authenticated encryption method using working blocks | |
CN111404952B (zh) | 变电站数据加密传输方法、装置、计算机设备和存储介质 | |
CN109921905B (zh) | 基于私钥池的抗量子计算密钥协商方法和系统 | |
CN113411345A (zh) | 一种安全会话的方法和装置 | |
JP6294882B2 (ja) | 鍵保管装置、鍵保管方法、及びそのプログラム | |
US8954728B1 (en) | Generation of exfiltration-resilient cryptographic keys | |
CN113645235A (zh) | 分布式数据加解密系统及加解密方法 | |
Mohammed et al. | Secure third party auditor (tpa) for ensuring data integrity in fog computing | |
EP2395698B1 (en) | Implicit certificate generation in the case of weak pseudo-random number generators | |
CN109361506B (zh) | 信息处理方法 | |
JP5850888B2 (ja) | 情報記憶システム、情報記憶装置、その方法、及びプログラム | |
Shaikh et al. | Secure cloud auditing over encrypted data | |
JP5752751B2 (ja) | 復号システム、端末装置、署名システム、その方法、及びプログラム | |
CN110249334B (zh) | 设备间高效安全通信的系统和方法 | |
Usha et al. | Multiple attribute authority based access control and anonymous authentication in decentralized cloud | |
JP5860420B2 (ja) | 安全性評価装置、およびプログラム | |
CN116226933A (zh) | 电力数据的安全管理方法、装置、设备及存储介质 | |
CN110572256A (zh) | 基于非对称密钥池和隐式证书的抗量子计算非对称密钥管理方法和系统 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 201480039716.0 Country of ref document: CN |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 14826095 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2015527247 Country of ref document: JP Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 14904314 Country of ref document: US |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2014826095 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |