WO2015050030A1 - Cryptographic processing method, cryptographic system, and server - Google Patents

Cryptographic processing method, cryptographic system, and server Download PDF

Info

Publication number
WO2015050030A1
WO2015050030A1 PCT/JP2014/075428 JP2014075428W WO2015050030A1 WO 2015050030 A1 WO2015050030 A1 WO 2015050030A1 JP 2014075428 W JP2014075428 W JP 2014075428W WO 2015050030 A1 WO2015050030 A1 WO 2015050030A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
terminal
predetermined
conversion
message
Prior art date
Application number
PCT/JP2014/075428
Other languages
French (fr)
Japanese (ja)
Inventor
尚生 坂崎
安細 康介
健三 森本
Original Assignee
株式会社日立製作所
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 株式会社日立製作所 filed Critical 株式会社日立製作所
Priority to CN201480050943.3A priority Critical patent/CN105556890B/en
Publication of WO2015050030A1 publication Critical patent/WO2015050030A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • H04L9/16Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms the keys or algorithms being changed during operation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/76Proxy, i.e. using intermediary entity to perform cryptographic operations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy

Definitions

  • the present invention relates to a cryptographic processing method, a cryptographic system, and a server.
  • the cryptographic technique is excellent in reducing the burden of managing confidential information on each user while ensuring appropriate high speed of cryptographic processing. About.
  • the common key cryptosystem has a higher cryptographic processing speed than the public key cryptosystem, but each user must manage the same number of secret keys as the number of communication partners “n”. Therefore, in the entire system using the common key cryptosystem, there are “n (n ⁇ 1) / 2” secret keys, and the risk of secret key leakage increases depending on the number of keys. . In the common key cryptosystem, each user needs to distribute the secret key and share the key with all communication partners in advance. large.
  • each user only needs to manage one private key regardless of the number “n” of communication partners, and the key management is easy.
  • the encryption processing speed is not high, and it is not suitable for a situation where large size data is encrypted.
  • the encryption of the corresponding data is encrypted with the common key encryption, and the secret key (the data size is small) used there is encrypted with the public key encryption,
  • a hybrid method is used in which the encrypted data and the secret key are transmitted to the communication partner as described above.
  • the hybrid method although it is true that only the secret key with a small data size is to be encrypted with the public key, compared to the case where the encryption process is performed using only the common key encryption method, It cannot be denied that the hybrid method takes more time for cryptographic processing.
  • an object of the present invention is to provide an encryption technique that is excellent in reducing the burden of managing confidential information for each user while ensuring an appropriate high speed of encryption processing.
  • the encryption processing method of the present invention that solves the above-mentioned problems is based on the output value of a one-way function related to the public information of the communication partner and its own secret information as a key at each terminal that communicates with each other.
  • the message is encrypted with the key and transmitted to the predetermined server, and when the message is received, the message re-encrypted with commutability for the terminal is received from the server, and the received message is transmitted to the own server. It is characterized by decrypting with a key.
  • the encryption system of the present invention provides a one-way communication device that communicates with other terminals, a storage device that stores its own secret information, public information relating to a communication partner, and the secret information read from the storage device.
  • Arithmetic apparatus for receiving a message re-encrypted with commutability from the server and receiving the message from the partner terminal and decrypting the received message with the key Including a terminal.
  • the server of the present invention when transmitting and receiving a message, a communication device that communicates with a terminal that uses a key that is an output value of a one-way function related to public information of a communication partner and its own secret information for encryption and decryption of the message;
  • the conversion key stored for the combination of the process received from the terminal, the predetermined terminal, and the destination terminal indicated by the received message is specified in the storage device, and the corresponding conversion key is used for the destination terminal.
  • An arithmetic device that executes re-encryption of the message and executes processing for transmitting the re-encrypted message to the destination terminal. And features.
  • FIG. 1 is a network configuration diagram including the cryptographic system 1 of the present embodiment.
  • the cryptographic system 1 shown in FIG. 1 is a computer system that implements a cryptographic technique that is excellent in reducing the burden of managing confidential information for each user while ensuring appropriate high-speed encryption processing.
  • the encryption system 1 in the present embodiment includes a user terminal A10_1, a user terminal B10_2, a user terminal C10_3 (hereinafter simply referred to as the user terminal 10 when these user terminals are collectively shown), and a conversion server 20 ( Server) are connected to each other via a communication network (hereinafter referred to as a network) 30 such as the Internet.
  • a communication network hereinafter referred to as the Internet.
  • the conversion server 20 and the user terminal 10 are included as an example of the encryption system 1, but only the conversion server 20 or only the user terminal 10 can be regarded as the encryption system 1.
  • FIG. 2 is a diagram illustrating a configuration example of the conversion server 20 included in the cryptographic system 1 of the present embodiment.
  • the conversion server 20 reads out a storage device 201 configured with an appropriate non-volatile storage device such as a hard disk drive, a memory 203 configured with a volatile storage device such as a RAM, and a program 202 held in the storage device 201 to the memory 203.
  • a central processing unit 204 such as a CPU for performing overall control of the server device itself and performing various determinations, computations and control processing, and a communication device 207 connected to the network 30 and responsible for communication processing with the user terminal 10, Is provided.
  • a conversion key storage unit 225 that holds a conversion key, and re-encryption using the conversion key
  • At least a re-ciphertext storage unit 226 that stores the converted message is stored.
  • the conversion server 20 receives a message encrypted with the encryption key from the user terminal 10 and converts the conversion key of the storage device 201 with respect to the combination of the user terminal 10 and the destination user terminal 10 indicated by the above message.
  • the conversion key stored in the storage unit 225 is identified, and the corresponding message is re-encrypted with the corresponding conversion key for the destination user terminal 10 indicated by the message received from the user terminal 10 described above.
  • the above-mentioned encryption key is an output value obtained by the user terminal 10 applying the public information of the other user terminal 10 as the communication partner and its own secret key to the hash function (one-way function). .
  • the conversion server 20 generates a random number (predetermined value) in response to a conversion key registration request from a predetermined user terminal 10, returns the random number to the user terminal 10, and masks it with the random number.
  • a masked conversion key obtained by further masking the reciprocal of the processed encryption key of the predetermined user terminal 10 with the encryption key of the other user terminal 10;
  • the exchange rule based on the above random number is applied to the received masked conversion key, and the reciprocal number of the encryption key of the user terminal 10 that issued the above registration request is the encryption key of the above other user terminal 10. It has a function of calculating the masked conversion key and storing the conversion key in the conversion key storage unit 225 of the storage device 201.
  • the conversion server 20 is a predetermined other user who is paired with the corresponding user terminal 10 among the conversion keys held in the conversion key storage unit 225 from any one of the user terminals 10.
  • a deletion request related to the terminal 10 is received, a search is performed in the conversion key storage unit 225 of the storage device 201 using the combination information of the user terminal 10 and the other user terminal 10 indicated by the deletion request as a key, A function of deleting the conversion key specified by the search from the conversion key storage unit 225 is provided.
  • the conversion server 20 generates a random number in response to a request for registering a conversion key related to the other user terminal 10 that the user terminal 10 recognizes as a proxy, that is, the proxy user terminal 10, from the user terminal 10.
  • the random number is returned to the above-described user terminal 10, and the encryption key (the first key of the user terminal 10 based on the public information of the proxy user terminal 10 and the secret key of the user terminal 10 masked with the random number).
  • the masked conversion key obtained by further masking the reciprocal of 1 key) with the encryption key (second key) of the proxy user terminal 10 based on the public information of the user terminal 10 and the secret information of the proxy user terminal 10 (Third key) is received from the proxy user terminal 10 and the exchange rule based on the random number is applied to the received masked conversion key, and the encryption key (first key) of the user terminal 10 is applied.
  • An agent for conversion key which is masked calculated in, has a function of storing the agent for conversion key to the conversion key storage unit 225 of the storage device 201.
  • the conversion server 20 holds the combination of the proxy user terminal 10 and the above-described user terminal 10 in response to a request for browsing the message addressed to the above-described user terminal 10 from the proxy user terminal 10.
  • the conversion key storage unit 225 of the storage device 201 is identified, and the message re-encrypted for the above-described user terminal 10 is exchanged with the conversion key storage unit 225 for the user terminal 10 described above. Further, it has a function of encrypting and transmitting the re-re-encrypted message to the proxy user terminal 10.
  • the conversion server 20 is a proxy user who is paired with the corresponding user terminal 10 among the conversion keys held in the conversion key storage unit 225 from any one of the user terminals 10.
  • a deletion request related to the terminal 10 is received, a search is performed in the conversion key storage unit 225 using the combination information of the user terminal 10 and the proxy user terminal 10 indicated by the deletion request as a key, and the search is specified
  • the agent conversion key is deleted from the conversion key storage unit 225.
  • FIG. 3 is a diagram illustrating a configuration example of the user terminal 10 included in the encryption system 1 of the present embodiment.
  • the user terminal 10 reads out to the memory 103 a storage device 101 composed of a suitable non-volatile storage device such as a hard disk drive, a memory 103 composed of a volatile storage device such as a RAM, and a program 102 held in the storage device 101.
  • a CPU 104 for performing various determinations, calculations and control processing, an input device 105 for receiving key input and voice input from a user, and a display for displaying processing data.
  • an output device 106 such as a communication device 107 connected to a network and responsible for communication processing with the conversion server 20.
  • the ID for each user terminal disclosed for each user terminal 10 is disclosed. At least a public ID storage unit 125 that holds the secret key and a key storage unit 126 that holds the secret key of the user terminal 10 are stored.
  • Each user terminal 10 holds a program 110 corresponding to a hash function as one of the programs 102 in the storage device 101, and can be called and executed as necessary.
  • the user terminal 10 extracts the ID (public information) of the other user terminal 10 to be a communication partner from the public ID storage unit 125, and this ID and its own private key (secret information) held in the key storage unit 126. ) To a hash function (one-way function) to generate an encryption key.
  • the user terminal 10 has a function of encrypting a target message with the above encryption key and transmitting it to the conversion server 20 when transmitting a message addressed to the other user terminal 10 described above.
  • the user terminal 10 when receiving a message addressed to the user terminal 10, the user terminal 10 receives a message re-encrypted from the conversion server 20 for the user terminal 10 and receives the message. It has a function to decrypt a message with its own encryption key.
  • the user terminal 10 has a function of transmitting a conversion key registration request to the conversion server 20 regarding the combination of the predetermined user terminal 10 and another user terminal 10 that can be a communication partner.
  • the user terminal 10 masks the reciprocal number of the encryption key generated for the user terminal 10 and the other user terminal 10 that is the communication partner with the random number sent from the conversion server 20.
  • a function of transmitting the masked encryption key to another user terminal 10 that is a communication partner is provided.
  • the other user terminal 10 generates a decryption key by applying the ID of the user terminal 10 as a communication partner and its own secret key to the hash function, and the above-described user terminal 10 with the decryption key.
  • the masked encryption key sent from the server is masked to generate a masked conversion key, and the masked conversion key is transmitted to the conversion server 20.
  • the user terminal 10 has a function of transmitting to the conversion server 20 an erasure request related to a predetermined other user terminal 10 paired with the corresponding user terminal 10 among the conversion keys managed by the conversion server 20. It has.
  • the user terminal 10 transmits a conversion key registration request regarding the proxy user terminal 10 of the predetermined user terminal 10 to the conversion server 20, and uses the random number transmitted from the conversion server 20 in response to the registration request. Has the ability to get.
  • the proxy user terminal 10 is also one of the user terminals 10 and can be in any position depending on the situation. Therefore, even if the function or configuration described as the proxy user terminal 10 is provided as a function or configuration common to the user terminal 10 (hereinafter the same).
  • the user terminal 10 generates a masked encryption key by masking the reciprocal of the encryption key based on the ID of the proxy user terminal 10 and the secret key of the predetermined user terminal 10 with the above random number, A function of transmitting the masked encryption key to the proxy user terminal 10 is provided.
  • the proxy user terminal 10 receives the masked encryption key from the user terminal 10 described above, and uses the masked encryption key as the ID of the user terminal 10 and the secret key of the proxy user terminal 10.
  • a masking conversion key is generated by performing a mask process with a decryption key based on the above and a function of transmitting the masking conversion key to the conversion server 20 is provided.
  • the proxy user terminal 10 transmits a browsing record request to the conversion server 20 for a message addressed to the user terminal 10 that is permitted to browse messages on the proxy.
  • the conversion key storage unit 225 specifies the conversion key for the agent held for the combination of the proxy user terminal 10 and the user terminal 10 described above, and the conversion key for the agent uses the conversion key for the agent.
  • the message re-encrypted with commutability for the above-described user terminal 10 is further encrypted, and the re-encrypted message is transmitted to the proxy user terminal 10. Therefore, the proxy user terminal 10 has a function of receiving the re-re-encrypted message transmitted from the conversion server 20 and decrypting the received re-re-encrypted message with its own decryption key.
  • FIG. 4 is a diagram illustrating a specific example of an operator used for processing by the cryptographic system 1 according to the present embodiment.
  • the first operator is the “ ⁇ ” operator.
  • the operator “ ⁇ ” is an operator for commutative mask processing, and is an operator that performs processing for masking data A with data B. This calculation is referred to as “B • A”. Note that the mask processing here refers to processing in which data B is applied to data A and converted to another value.
  • the operator “ ⁇ ” has the following properties.
  • the second operator is an “f (,)” operator.
  • the operator “f (,)” is an encryption processing operator that is commutative with respect to the encryption key, and is an operator that encrypts the data A with the encryption key K. This calculation is referred to as “f (K, A)”.
  • the operator “f (,)” has the following properties.
  • the operator “ ⁇ ” and the operator “f (,)” may perform the same arithmetic processing, or may perform different arithmetic processing satisfying the above-described properties.
  • the data A can be decrypted by re-encrypting the ciphertext using the reciprocal of the encryption key due to the property (c).
  • the third operator is the “h (,)” operator.
  • “H (,)” is a hash function with one piece of data as an input, for example, “SHA256”.
  • FIG. 5 is a sequence diagram showing a processing procedure example 1 of the cryptographic processing method according to the present embodiment. Specifically, in order to send a message from the user terminal C10_3 to the user terminal A10_1, the conversion server 20 is notified in advance. It is a sequence diagram which shows the flow until registering a conversion key. As shown in the sequence diagram of FIG. 5, the user terminal 10 can make a conversion key registration request to the conversion server 20. The start timing of this process may be any time before the corresponding user terminal 10 starts communication with the communication partner.
  • the user terminal C10_3 sends a message to the other user terminal A10_1.
  • a conversion key registration application is made to notify that the conversion key with the terminal A10_1 is to be registered (S001).
  • the conversion server 20 receives the above-described conversion key registration application via the network 30, and generates a random number p triggered by this reception (S002).
  • An existing technique may be adopted as a random number generation method.
  • the conversion server 20 sends the generated random number p to the transmission source of the conversion key registration application, that is, the above-described user terminal C10_3 (S003).
  • the user terminal C10_3 that has received the random number p from the conversion server 20 generates its own private key managed by the key storage unit 126 in order to generate an encryption key with the user terminal A10_1 that is the communication partner.
  • “K c ” and “ID a ”, which is the public ID of the user terminal A10_1 managed in the public ID storage unit 125, are input to the hash function, and the hash value “h (K c , ID a )” is input. Is calculated (S004). This hash value becomes an encryption key when the user terminal C10_3 uses the user terminal A10_1 as a communication partner.
  • the user terminal C10_3 that has calculated the encryption key in this way uses the random number p transmitted by the conversion server 20 in step S003 described above, and masks the reciprocal number of the encryption key “p ⁇ h (K c , ID a ) -1 "is calculated and transmitted to the user terminal A10_1 as a masked encryption key (S005).
  • the user terminal A10_1 receives the above-described masked encryption key, the user terminal A10_1 has its own private key managed by its own key storage unit 126 in order to generate a decryption key with the user terminal C10_3.
  • “K a ” and “ID c ” which is the public ID of the user terminal C10_3 managed by the public ID storage unit 125 are input to the hash function, and the hash value “h (K a , ID c )” is input. Is calculated (S006). This hash value becomes a decryption key when the user terminal A10_1 uses the user terminal C10_3 as a communication partner.
  • the user terminal A10_1 that has calculated the decryption key as described above masks the masked encryption key sent from the user terminal C10_3 using the decryption key to obtain “h (K a , ID c ) ⁇ p ⁇ h (K c , ID a ) -1 "is calculated and sent to the conversion server 20 as a masked conversion key (S007).
  • the conversion server 20 that has calculated the conversion key registers the conversion key in the conversion key storage unit 225 of the storage device 201 as “a conversion key from the user terminal C10_3 to the user terminal A10_1” (S009).
  • the conversion key is registered in the conversion server 20, but after that, the conversion key registered in the conversion server 20 may be unnecessary for the user. For example, when there is a request to quickly delete a conversion key related to a contract partner whose previous business relationship has been canceled and the future contact schedule has disappeared, or a communication partner suspected of information leakage, etc. Is applicable.
  • FIG. 6 is a sequence diagram showing a processing procedure example 2 of the cryptographic processing method of the present embodiment. Specifically, the conversion key registered in the conversion server 20 by the conversion key deletion application from the user terminal A10_1.
  • FIG. 6 is a sequence diagram showing a flow until deleting a conversion key and a flow until deleting a conversion key by a conversion key deletion application from a user terminal C10_3.
  • the user terminal A10_1 has transmitted to the conversion server 20 a conversion key deletion application including a request to delete the “conversion key for the user terminal A10_1 from the user terminal C10_3” ( S101).
  • the conversion server 20 that has received this conversion key deletion application from the user terminal A10_1 searches the conversion key storage unit 225 for a corresponding conversion key corresponding to the combination of the user terminal C10_3 and the user terminal A10_1,
  • the corresponding conversion key “h (K a , ID c ) ⁇ h (K c , ID a ) ⁇ 1 ” is identified and deleted (S102).
  • the user terminal C10_3 transmits to the conversion server 20 a conversion key deletion application including a request to delete the “conversion key for the user terminal A10_1 from the user terminal C10_3” ( S103).
  • the conversion server 20 that has received the conversion key deletion application from the user terminal C10_3 searches the conversion key storage unit 225 for a corresponding conversion key corresponding to the combination of the user terminal A10_1 and the user terminal C10_3, and The corresponding conversion key “h (K a , ID c ) ⁇ h (K c , ID a ) ⁇ 1 ” is identified and deleted (S104).
  • FIG. 7 is a schematic diagram showing the overall flow of the process described above until the message M is sent from the user terminal C10_3 via the conversion server 20 to the user terminal A10_1.
  • FIG. 8 is a sequence diagram showing a processing procedure example 3 of the encryption processing method according to the present embodiment. Specifically, an encryption message addressed to the user terminal A10_1 is uploaded from the user terminal C10_3 to the conversion server 20.
  • FIG. 10 is a sequence diagram showing a flow until the conversion server 20 re-encrypts the encrypted message for the user terminal A10_1.
  • the user terminal C10_3 that has received a communication start instruction or the like by the user with the input device 105 creates a message M addressed to the user terminal A10_1 that is the communication partner indicated by the above instruction (S201).
  • the message M is created by processing the user-derived text data or text file received by the input device 105 in accordance with a predetermined communication protocol in the network 30, and processing the communication packet. It corresponds to the process to generate.
  • the user terminal C10_3 generates its own private key “K c ” managed by the key storage unit 126 and the public ID storage unit 125 in order to generate an encryption key used for communication with the user terminal A10_1.
  • “ID a ”, which is the public ID of the user terminal A10_1 managed in FIG. 1, is input to the hash function, and a hash value “h (K c , ID a )” as an encryption key is calculated (S202). .
  • the user terminal C10_3 encrypts the message M created in step S201 described above using the encryption key “h (K c , ID a )” calculated in step S202, and the ciphertext “f (h (K ( c , ID a ), M) "are generated (S203).
  • the user terminal C10_3 sends the ciphertext “f (h (K c , ID a ), M)” addressed to the user terminal A10_1 generated in step S203 described above to the conversion server 20 (S204).
  • the conversion server 20 that has received the ciphertext “f (h (K c , ID a ), M)” uses the combination of the user terminal C10_3 and the user terminal A10_1 as a key, and the conversion key storage unit 225 converts the conversion key. And a “conversion key h (K a , ID c ) ⁇ h (K c , ID a ) ⁇ 1 ” from the user terminal C10_3 to the user terminal A10_1 is specified (S205).
  • the conversion server 20 re-encrypts the ciphertext sent from the user terminal C10_3 using the conversion key specified in step S205 described above (S206).
  • the recipher text obtained by this re-encryption has the following configuration due to the nature of each operator.
  • the conversion server 20 that has obtained the re-ciphertext saves the re-ciphertext in the re-ciphertext storage unit 226 in the storage device 201 and prepares for transfer to the user terminal A10_1 that is the communication partner of the user terminal C10_3.
  • FIG. 9 is a sequence diagram showing a processing procedure example 4 of the cryptographic processing method of the present embodiment. Specifically, the user terminal A10_1 decrypts the re-encrypted text re-encrypted for the user terminal A10_1.
  • FIG. 11 is a sequence diagram showing a flow until a message is acquired.
  • the user terminal A10_1 transmits a confirmation request as to whether or not there is a new message addressed to itself to the conversion server 20 (S300).
  • This confirmation request may be transmitted when the user terminal A10_1 receives an instruction from the user through the input device 105, or when the arrival of a predetermined period is detected by a clock function or the like. Good.
  • the conversion server 20 that has received the confirmation request from the user terminal A10_1 searches the re-ciphertext storage unit 226 of the storage device 201 for a message addressed to the user terminal A10_1 based on the ID of the user terminal A10_1.
  • the search result is returned (S301).
  • the user terminal A10_1 that has received the search result from the conversion server 20 notifies the conversion server 20 of an acquisition instruction for the corresponding message when the search result indicates the presence of a new message addressed to the user terminal A10_1. Then, the re-ciphertext “f (h (K a , ID c ), M)” from the user terminal C10_3 is acquired (S302).
  • the user terminal A10_1 that has obtained the re-encrypted text from the user terminal C10_3 generates its own private key “K a that is managed by the key storage unit 126 in order to generate a decryption key with the user terminal C10_3.
  • “ID c ”, which is the public ID of the user terminal C10_3 managed by the public ID storage unit 125, is input to the hash function, and the hash value “h (K a , ID c )” is used as the decryption key. Is calculated (S303).
  • the user terminal C10_3 uses the reciprocal “h (K a , ID c ) ⁇ 1 ” of the decryption key obtained in step S303 described above to use the re-ciphertext “f (h) obtained in step S302 described above.
  • the message M is acquired by decrypting (K a , ID c ), M) ”(S304).
  • the decoding process is as follows.
  • the encryption system 1 of the present embodiment is also used in a situation where the user terminal B10_2 browses a re-encrypted text addressed to the user terminal A10_1 as a proxy for the user terminal A10_1 at the receiving destination, that is, a situation where proxy browsing is required. Is available. Therefore, processing relating to such proxy browsing will be described with reference to FIGS.
  • FIG. 10 is a sequence diagram illustrating a processing procedure example 5 of the cryptographic processing method according to the present embodiment. Specifically, the user terminal B10_2 browses the re-ciphertext sent to the user terminal A10_1 as a proxy.
  • FIG. 6 is a sequence diagram showing a flow until registration of a conversion key for proxy browsing in the conversion server 20 in order to do so.
  • the user terminal A10_1 makes an agent registration application to notify the conversion server 20 that the user terminal B10_2 is a proxy user terminal (S401).
  • This agent registration application is for granting authority that the user terminal B10_2 can perform proxy browsing for messages addressed to the user terminal A10_1 from the user terminal C10_3.
  • the conversion server 20 that has received such agent registration application information generates a random number p '(S402) and sends the random number p' to the user terminal A10_1 (S403).
  • the user terminal A10_1 that has received the random number p ′ described above has its own secret key “K a ” managed by the key storage unit 126 in order to generate an encryption key with the user terminal B10_2, “ID c ”, which is the public ID of the user terminal C10_3 managed by the public ID storage unit 125, is input to the hash function, and a hash value “h (K_a, ID_c)”, which is a decryption key, is calculated ( S404).
  • This hash value becomes a decryption key when the user terminal A10_1 uses the user terminal C10_3 as a communication partner.
  • the user terminal A10_1 that has calculated the decryption key masks the reciprocal number of the decryption key using the random number p ′ sent from the conversion server 20, and uses the masked encryption key “p ′ ⁇ h ( K a , ID c ) -1 "is calculated and sent to the user terminal B10_2 (S405).
  • the user terminal B10_2 that has received the masked encryption key described above has its own private key “K” managed by the key storage unit 126 in order to generate a decryption key used for communication with the user terminal A10_1.
  • b ”and“ ID a ” which is the public ID of the user terminal A10_1 managed by the public ID storage unit 125 are input to the hash function, and the hash value“ h (K b , ID a) which is the decryption key is input. ) "Is calculated (S406).
  • This hash value becomes a decryption key when the user terminal B10_2 uses the user terminal A10_1 as a communication partner.
  • the user terminal B10_2 that has calculated the decryption key in this way uses the decryption key to mask the masked encryption key sent from the user terminal A10_1, and the value “h (K b , ID a ) ⁇ .
  • p ′ ⁇ h (K a , ID c ) ⁇ 1 ” is calculated and sent to the conversion server 20 as a masked conversion key (S407).
  • the conversion server 20 receives the above-described masked conversion key from the user terminal B10_2, performs a mask process on the masked conversion key using the reciprocal number of the random number p ′, and converts the conversion key “p ′ ⁇ 1 ”.
  • the conversion server 20 registers the conversion key (agent conversion key) calculated in this way in the conversion key storage unit 225 of the storage device 201 as a “conversion key for the user terminal A10_1 to the user terminal B10_2” (S409). ). The process of deleting the conversion key for proxy browsing from the conversion server 20 will be described later.
  • FIG. 11 is a sequence diagram showing a processing procedure example 6 of the cryptographic processing method according to the present embodiment. Specifically, the user terminal B10_2 browses the re-ciphertext sent to the user terminal A10_1 as a proxy. It is a sequence diagram which shows the flow until it does.
  • the user terminal B10_2 having the authority of proxy browsing makes a proxy browsing application including a confirmation request as to whether there is a new message addressed to the user terminal A10_1 to the conversion server 20 (S501).
  • the transmission of the proxy browsing application including the confirmation request may be executed by the user terminal B10_2 in response to the user's instruction at the input device 105, or the arrival of a predetermined period is detected by a clock function or the like. May be executed.
  • the conversion server 20 that has received the proxy browsing application from the user terminal B10_2 searches the re-ciphertext storage unit 226 of the storage device 201 for a message addressed to the user terminal A10_1 based on the ID of the user terminal A10_1. (S502).
  • the conversion server 20 reads from the conversion key storage unit 225 "the conversion key for the user terminal A10_1 to the user terminal B10_2" h ( K b , ID a ) ⁇ h (K a , ID c ) -1 "is searched (S502).
  • the conversion server 20 further re-encrypts, that is, re-re-encrypts the re-encrypted text addressed to the user terminal A10_1 searched for as a new arrival message using the conversion key searched in step S502 (S503). .
  • the re-re-ciphertext obtained in this way is as follows due to the nature of each operator.
  • the user terminal B10_2 requests the conversion server 20 for a re-re-encrypted text “f (h (K b , ID a ), M)” addressed to the user terminal A10_1 and acquires it (S504).
  • the user terminal B10_2 manages its own private key “K b ” managed by the key storage unit 126 and the public ID storage unit 125 in order to generate a decryption key for the user terminal A10_1.
  • the public ID “ID a ” of the user terminal A10_1 is input to the hash function, and the hash value “h (K b , ID a )” that is the decryption key is calculated (S505).
  • the user terminal B10_2 that has calculated the decryption key decrypts the above-mentioned re-re-encrypted text using the reciprocal number “h (K b , ID a ) ⁇ 1 ” of the decryption key, and acquires the message M (S506). .
  • This decoding process is as follows.
  • FIG. 12 is a sequence diagram showing a processing procedure example 7 of the cryptographic processing method according to the present embodiment. Specifically, it is registered in the conversion server 20 by an agent conversion key deletion application from the user terminal A10_1. From the flow until the agent conversion key related to the user terminal B10_2 as the proxy terminal is deleted and the application for deleting the agent conversion key from the user terminal B10_2, It is a sequence diagram which shows a flow.
  • the user terminal A10_1 sends a conversion key deletion application including a request to delete the “conversion key for the agent relating to the combination of the user terminal B10_2 and the user terminal A10_1” to the conversion server 20. (S601).
  • the conversion server 20 that has received the conversion key deletion application from the user terminal A10_1 searches the conversion key storage unit 225 for a corresponding conversion key corresponding to the combination of the user terminal B10_2 and the user terminal A10_1.
  • the corresponding conversion key “h (K b , ID a ) ⁇ h (K a , ID c ) ⁇ 1 ” is identified and deleted (S602).
  • the conversion terminal 20 applies a conversion key deletion application including a request for the user terminal B10_2 to delete the “conversion key for the agent relating to the combination of the user terminal A10_1 and the user terminal B10_2”. (S603).
  • the conversion server 20 that has received the conversion key deletion application from the user terminal B10_2 searches the conversion key storage unit 225 for a corresponding conversion key corresponding to the combination of the user terminal B10_2 and the user terminal A10_1.
  • the corresponding conversion key “h (K b , ID a ) ⁇ h (K a , ID c ) ⁇ 1 ” is identified and deleted (S604).
  • the present invention can be applied to the My Portal system in the social security / tax number system that the Japanese government is considering.
  • the function of the conversion server 20 of the present invention may be built on the same physical device as one function of My Portal, or physically separated from My Portal.
  • the function of the conversion server 20 of the present invention may be constructed on another device simply by bridging data.
  • the encryption key and the decryption key for encrypting and decrypting data are dynamically generated from the user's own private key and the public ID information of the communication partner.
  • Each user can have only one secret information (secret key) that should be constantly managed.
  • secret key secret key
  • the confidential information (secret key) to be managed by each user is made one as in the case of the public key encryption-based protocol. Can be improved.
  • the server receives a message encrypted with the key from the terminal, and uses the conversion key that is a commutative function held for each combination of terminals, The message may be re-encrypted for the destination terminal indicated by the received message, and the re-encrypted message may be transmitted to the destination terminal.
  • the server can efficiently mediate secure communication between terminals, and the number of secret keys managed as secret information at each terminal can be minimized.
  • the server itself is configured not to decrypt messages from the intermediary terminal, and the risk of information leakage on the server side is also suppressed.
  • the server returns a predetermined value to the predetermined terminal in response to the conversion key registration request from the predetermined terminal, and the predetermined terminal masked with the predetermined value.
  • a predetermined key obtained by further masking the reciprocal number of the key with the key of the other terminal is received from the other terminal, and an exchange law based on the predetermined value is applied to the received predetermined key to obtain the key of the predetermined terminal.
  • a conversion key obtained by masking the reciprocal with the key of the other terminal may be calculated, and the conversion key may be stored in the storage device.
  • the server it is possible to hold a conversion key for each combination according to the request of the terminal user for each terminal that is a communication mediation target. Accordingly, the server does not hold unnecessary conversion keys between terminals that are not scheduled to perform communication, and waste of resources used for conversion key management in the server can be eliminated, and efficient conversion key management can be realized.
  • the predetermined terminal transmits a conversion key registration request to the server regarding the combination of the predetermined terminal and another terminal that can be a communication partner, and the server
  • the server When a value is returned to the predetermined terminal, a random number corresponding to the predetermined value is generated in response to a registration request from the predetermined terminal, the random number is returned to the predetermined terminal, and the predetermined terminal is the other terminal serving as a communication partner
  • the public information and its own secret information are applied to a one-way function to generate an output value as an encryption key, and a masked encryption key obtained by masking the reciprocal of the encryption key with the random number is transmitted to the other terminal.
  • the other terminal applies the public information of the predetermined terminal as a communication partner and its own secret information to a one-way function, generates an output value as a decryption key, and masks the masked encryption key with the decryption key Process
  • the masked conversion key is transmitted to the server, and the server applies an exchange law using the random number to the masked conversion key received from the other terminal, and masks the encryption key with the decryption key. It is also possible to calculate the converted key and store the converted key in a storage device.
  • the server receives a deletion request regarding a predetermined other terminal paired with the corresponding terminal among the conversion keys from any one of the terminals
  • a search may be executed in the storage device using the combination information of the terminal indicated by the deletion request and the predetermined other terminal as a key, and the conversion key specified in the search may be deleted from the storage device.
  • the risk of information leakage is not in line with user intentions due to holding unnecessary conversion keys. You can avoid the risk of intermediary of invited communications.
  • the server returns a predetermined value to the predetermined terminal in response to a registration request for the commutative function related to the proxy terminal of the predetermined terminal from the predetermined terminal, and the predetermined terminal
  • the reciprocal number of the first key based on the public information of the proxy terminal and the secret information of the predetermined terminal, masked with a value, is the second key based on the public information of the predetermined terminal and the secret information of the proxy terminal.
  • the masked third key is received from the proxy terminal, an exchange law based on the predetermined value is applied to the received third key, and the reciprocal of the first key is masked by the third key.
  • Calculate the processed agent commutability function store the agent commutability function in a storage device, and in response to a request for browsing the message addressed to the predetermined terminal from the proxy terminal, A combination of a proxy terminal and the predetermined terminal
  • the proxy commutability function that is stored in relation to the message is specified in the storage device, and the re-encrypted message having the commutability for the predetermined terminal is further encrypted by the agent commutability function.
  • the re-encrypted message is transmitted to the proxy terminal, the proxy terminal receives the re-re-encrypted message transmitted from the server, and the received re-re-encrypted message is transmitted to the proxy terminal. It is also possible to decrypt with two keys.
  • the predetermined terminal transmits a registration request for the agent commutability function to the server regarding the combination of the proxy predetermined terminal and the proxy terminal, and the server When the predetermined value is returned to the predetermined terminal, a random number corresponding to the predetermined value is generated in response to the registration request, and the random number is returned to the predetermined terminal.
  • the predetermined terminal receives the public information of the proxy terminal and Applying its own secret information to a one-way function, generating an encryption key as the first key, transmitting a masked encryption key obtained by masking the reciprocal of the encryption key with the random number to the proxy terminal, and
  • the terminal applies public information of the predetermined terminal and its own secret information to a one-way function, generates a decryption key as the second key, and performs masking conversion by masking the masked encryption key with the decryption key Key to the server
  • the server applies the exchange rule using the random number to the masked conversion key received from the proxy terminal, and masks the encryption key with the decryption key.
  • the proxy conversion key may be calculated, and the proxy conversion key may be stored in the storage device.
  • the conversion key generation and registration processing relating to the proxy terminal in response to the user request can be performed securely, and the overall encryption processing method can be improved while allowing message browsing by the proxy terminal. .
  • the server receives, from any one of the terminals, a deletion request related to the proxy terminal associated with the corresponding terminal among the conversion keys, and A search may be performed in the storage device using the combination information of the terminal and the proxy terminal indicated by the deletion request as a key, and the conversion key specified in the search may be deleted from the storage device.
  • the conversion key that is no longer needed is securely deleted between the proxy terminal and the terminal of the party that has permitted message browsing by the proxy terminal, and the unnecessary conversion key is retained in the server. Accordingly, it is possible to avoid the risk of mediating communication by a proxy terminal that does not follow the user's intention and invites even the risk of information leakage. In addition, it is possible to realize efficient conversion key management by eliminating waste of resources used for conversion key management in the server.
  • a message encrypted with the key is received from a storage device storing a conversion key that is a commutative function corresponding to each combination of terminals, and the predetermined terminal, and the predetermined
  • the storage device identifies a conversion key stored for the combination of the terminal and the destination terminal indicated by the received message, and re-encrypts the message for the destination terminal using the corresponding conversion key.
  • the server may further include an arithmetic unit that executes and transmits the re-encrypted message to the destination terminal.
  • secure communication between terminals can be efficiently mediated by the server, and the number of secret keys managed as secret information at each terminal can be suppressed to the minimum.
  • the server itself is configured not to decrypt messages from the intermediary terminal, and the risk of information leakage on the server side is also suppressed.
  • the server returns a predetermined value to the predetermined terminal in response to the conversion key registration request from the predetermined terminal, and the key of the predetermined terminal masked with the predetermined value.
  • a predetermined key obtained by further masking the reciprocal number of the key with the key of the other terminal is received from the other terminal, and the reciprocal number of the key of the predetermined terminal is applied to the received predetermined key based on the exchange rule based on the predetermined value.
  • the conversion key obtained by masking with the key of the other terminal may be calculated, and the conversion key may be stored in the storage device.
  • the server can hold the conversion key for each combination according to the request of the terminal user with respect to each terminal that is a communication mediation target. Accordingly, the server does not hold unnecessary conversion keys between terminals that are not scheduled to perform communication, and waste of resources used for conversion key management in the server can be eliminated, and efficient conversion key management can be realized.
  • the arithmetic device returns a predetermined value to the predetermined terminal in response to the conversion key registration request from the predetermined terminal, and the key of the predetermined terminal masked with the predetermined value.
  • a predetermined key obtained by further masking the reciprocal number of the key with the key of the other terminal is received from the other terminal, and the reciprocal number of the key of the predetermined terminal is applied to the received predetermined key based on the exchange rule based on the predetermined value.
  • the conversion key obtained by masking with the key of the other terminal may be calculated, and the conversion key may be stored in the storage device.

Abstract

Provided is cryptographic technology that is excellent in reducing the burden of management of confidential information on each user while ensuring appropriate high-speed performance of cryptographic processing. A cryptographic processing method, wherein each of terminals (10) which communicate with each other uses, as a key, an output value of a one-way function with respect to public information relating to a communication partner and secret information relating to the terminal itself, in message transmission, encrypts an object message with the key and transmits the message to a predetermined server (20), and in message reception, receives the message re-encrypted with commutativity for the terminal from the server (20), and decrypts the received message with its own key.

Description

暗号処理方法、暗号システム、およびサーバCryptographic processing method, cryptographic system, and server
 本発明は、暗号処理方法、暗号システム、およびサーバに関するものであり、具体的には、暗号処理の適宜な高速性を担保しつつ、各利用者における秘匿情報の管理負担低減に優れた暗号技術に関する。 The present invention relates to a cryptographic processing method, a cryptographic system, and a server. Specifically, the cryptographic technique is excellent in reducing the burden of managing confidential information on each user while ensuring appropriate high speed of cryptographic processing. About.
 インターネット等のネットワークを介して、他者に盗聴されること無く安全にデータを送受信する仕組みとして、鍵を用いたデータの暗号化技術がある。こうした暗号化技術は、大きく分けて、公開鍵暗号をベースとしたプロトコルと、共通鍵暗号をベースとしたプロトコルの2種が存在する。 There is a data encryption technique using a key as a mechanism for safely sending and receiving data via a network such as the Internet without eavesdropping by others. Such encryption technologies are roughly classified into two types: a protocol based on public key cryptography and a protocol based on common key cryptography.
 一般に、共通鍵暗号方式は公開鍵暗号方式と比べて暗号処理速度が早いが、通信相手数“n”と同じ数だけの秘密鍵を各利用者で管理しなければならない。そのため、共通鍵暗号方式を利用したシステム全体では、秘密鍵の数が“n(n-1)/2”個存在することになり、少なくない鍵数に応じて秘密鍵漏洩のリスクが高くなる。また、共通鍵暗号方式では、各利用者が、事前に全通信相手との間で、秘密鍵の配送を行って鍵の共有を行っておく必要があり、暗号通信に先立つ事前準備の手間が大きい。 Generally, the common key cryptosystem has a higher cryptographic processing speed than the public key cryptosystem, but each user must manage the same number of secret keys as the number of communication partners “n”. Therefore, in the entire system using the common key cryptosystem, there are “n (n−1) / 2” secret keys, and the risk of secret key leakage increases depending on the number of keys. . In the common key cryptosystem, each user needs to distribute the secret key and share the key with all communication partners in advance. large.
 一方、公開鍵暗号方式では、通信相手の数“n”に依らず、各利用者は自身の秘密鍵を1つだけ管理すればよく、鍵管理が容易である。しかしながら、暗号処理速度が高速ではなく、大きなサイズのデータを暗号化する状況には不向きである。 On the other hand, in the public key cryptosystem, each user only needs to manage one private key regardless of the number “n” of communication partners, and the key management is easy. However, the encryption processing speed is not high, and it is not suitable for a situation where large size data is encrypted.
 そこで一般的には、大きなサイズのデータを暗号化する状況に際し、該当データの暗号化を共通鍵暗号にて暗号化し、そこで用いた秘密鍵(データサイズが小さい)を公開鍵暗号により暗号化し、上述のように暗号化したデータ及び秘密鍵を通信相手に送信する、というハイブリッド方式が用いられるケースが多い。 Therefore, in general, in the situation of encrypting large size data, the encryption of the corresponding data is encrypted with the common key encryption, and the secret key (the data size is small) used there is encrypted with the public key encryption, In many cases, a hybrid method is used in which the encrypted data and the secret key are transmitted to the communication partner as described above.
 一方、ハイブリッド方式では、確かに、公開鍵による暗号化対象を小さなデータサイズである秘密鍵のみとするにせよ、純粋に共通鍵暗号方式のみを用いて暗号処理を行うケースと比較すれば、やはりハイブリッド方式の方が余計に暗号処理に時間がかかることは否定出来ない。 On the other hand, in the hybrid method, although it is true that only the secret key with a small data size is to be encrypted with the public key, compared to the case where the encryption process is performed using only the common key encryption method, It cannot be denied that the hybrid method takes more time for cryptographic processing.
 そこで、共通鍵暗号ベースで鍵管理を容易にし、且つシステム全体で秘密鍵が漏洩するリスクを抑える方式が提案されている。このような技術としては、例えば、システム全体で保有する秘匿情報が少なく、通信毎に異なった暗号鍵の設定が可能となる暗号鍵管理方式(特許文献1参照)などが提案されている。 Therefore, a method has been proposed that facilitates key management based on a common key cryptosystem and suppresses the risk of secret key leakage in the entire system. As such a technique, for example, an encryption key management system (see Patent Document 1) that has a small amount of confidential information held in the entire system and that allows different encryption keys to be set for each communication has been proposed.
特開平2-122745号公報Japanese Patent Laid-Open No. 2-122745
 しかしながら、上述の従来技術等においては、以下のような課題が残されている。すなわち、通信相手の数が“n≧4”の場合、システム全体での秘匿情報の数を、従来の“n(n-1)/2”から“n+1”まで低減可能ではあるが、各ユーザは全ユーザ分の“n”個の秘匿情報とシステム共通の秘密の規則を管理する必要がある。その場合、各ユーザが管理しなければならない秘匿情報の数は“n+1”個となる。それ故、ユーザの秘匿情報管理に関する負担軽減は十分ではない。 However, the following problems remain in the above-described conventional technology. That is, when the number of communication partners is “n ≧ 4”, the number of confidential information in the entire system can be reduced from “n (n−1) / 2” to “n + 1”. Each user needs to manage “n” secret information for all users and secret rules common to the system. In this case, the number of confidential information that each user must manage is “n + 1”. Therefore, the burden on the user's confidential information management is not sufficiently reduced.
 そこで本発明の目的は、暗号処理の適宜な高速性を担保しつつ、各利用者における秘匿情報の管理負担低減に優れた暗号技術を提供することにある。 Therefore, an object of the present invention is to provide an encryption technique that is excellent in reducing the burden of managing confidential information for each user while ensuring an appropriate high speed of encryption processing.
 上記課題を解決する本発明の暗号処理方法は、互いに通信を行う各端末において、通信相手の公開情報と自身の秘密情報とに関する一方向関数の出力値を鍵とし、メッセージ送信に際しては、対象となるメッセージを前記鍵で暗号化して所定サーバに送信し、メッセージ受信に際しては、当該端末向けに可換性を持って再暗号化されたメッセージを前記サーバから受信し、当該受信したメッセージを自身の鍵で復号化することを特徴とする。 The encryption processing method of the present invention that solves the above-mentioned problems is based on the output value of a one-way function related to the public information of the communication partner and its own secret information as a key at each terminal that communicates with each other. The message is encrypted with the key and transmitted to the predetermined server, and when the message is received, the message re-encrypted with commutability for the terminal is received from the server, and the received message is transmitted to the own server. It is characterized by decrypting with a key.
 また、本発明の暗号システムは、他端末と通信を行う通信装置と、自身の秘密情報を格納した記憶装置と、通信相手に関する公開情報と、前記記憶装置から読み出した前記秘密情報とを一方向関数に入力し、当該一方向関数の出力値を鍵として取得する処理と、通信相手の端末へのメッセージ送信に際し、対象となるメッセージを前記鍵で暗号化して所定サーバに送信する処理と、通信相手の端末からのメッセージ受信に際し、当該端末向けに可換性を持って再暗号化されたメッセージを前記サーバから受信し、当該受信したメッセージを前記鍵で復号化する処理とを実行する演算装置と、を備える端末を含むことを特徴とする。 In addition, the encryption system of the present invention provides a one-way communication device that communicates with other terminals, a storage device that stores its own secret information, public information relating to a communication partner, and the secret information read from the storage device. A process of inputting to the function and acquiring the output value of the one-way function as a key, a process of encrypting a target message with the key and transmitting the message to a predetermined server when transmitting a message to a communication partner terminal, and communication. Arithmetic apparatus for receiving a message re-encrypted with commutability from the server and receiving the message from the partner terminal and decrypting the received message with the key Including a terminal.
 また、本発明のサーバは、メッセージ送受信に際し、通信相手の公開情報と自身の秘密情報とに関する一方向関数の出力値たる鍵をメッセージの暗号化及び復号化に用いる端末と通信する通信装置と、端末の各組み合わせに対応した可換性関数たる変換鍵を格納した記憶装置と、所定端末の通信相手の公開情報と前記所定端末自身の秘密情報とに関する前記鍵によって暗号化されたメッセージを、所定端末から受信する処理と、前記所定端末と、前記受信したメッセージが示す宛先の端末との組み合わせに関して格納している変換鍵を記憶装置にて特定し、該当変換鍵により、前記宛先の端末向けに、前記メッセージの再暗号化を実行し、当該再暗号化メッセージを、前記宛先の端末に送信する処理とを実行する演算装置と、を備えることを特徴とする。 Further, the server of the present invention, when transmitting and receiving a message, a communication device that communicates with a terminal that uses a key that is an output value of a one-way function related to public information of a communication partner and its own secret information for encryption and decryption of the message; A message stored with a storage device storing a conversion key that is a commutative function corresponding to each combination of terminals, and public information of a communication partner of the predetermined terminal and the secret information of the predetermined terminal itself. The conversion key stored for the combination of the process received from the terminal, the predetermined terminal, and the destination terminal indicated by the received message is specified in the storage device, and the corresponding conversion key is used for the destination terminal. An arithmetic device that executes re-encryption of the message and executes processing for transmitting the re-encrypted message to the destination terminal. And features.
 本発明によれば、暗号処理の適宜な高速性を担保しつつ、各利用者における秘匿情報の管理負担低減に優れた暗号技術を提供出来る。 According to the present invention, it is possible to provide an encryption technique that is excellent in reducing the burden of managing confidential information for each user while ensuring an appropriate high-speed encryption process.
本実施形態の暗号システムを含むネットワーク構成図である。It is a network block diagram containing the encryption system of this embodiment. 本実施形態の暗号システムが含む変換サーバの構成例を示す図である。It is a figure which shows the structural example of the conversion server which the encryption system of this embodiment contains. 本実施形態の暗号システムが含む利用者端末の構成例を示す図である。It is a figure which shows the structural example of the user terminal which the encryption system of this embodiment contains. 本実施形態における演算記号を説明する図である。It is a figure explaining the arithmetic symbol in this embodiment. 本実施形態の暗号処理方法の処理手順例1を示すシーケンス図である。It is a sequence diagram which shows process sequence example 1 of the encryption processing method of this embodiment. 本実施形態の暗号処理方法の処理手順例2を示すシーケンス図である。It is a sequence diagram which shows process sequence example 2 of the encryption processing method of this embodiment. 本実施形態の暗号処理方法の概念例を示す図である。It is a figure which shows the conceptual example of the encryption processing method of this embodiment. 本実施形態の暗号処理方法の処理手順例3を示すシーケンス図である。It is a sequence diagram which shows process sequence example 3 of the encryption processing method of this embodiment. 本実施形態の暗号処理方法の処理手順例4を示すシーケンス図である。It is a sequence diagram which shows process sequence example 4 of the encryption processing method of this embodiment. 本実施形態の暗号処理方法の処理手順例5を示すシーケンス図である。It is a sequence diagram which shows process sequence example 5 of the encryption processing method of this embodiment. 本実施形態の暗号処理方法の処理手順例6を示すシーケンス図である。It is a sequence diagram which shows process sequence example 6 of the encryption processing method of this embodiment. 本実施形態の暗号処理方法の処理手順例7を示すシーケンス図である。It is a sequence diagram which shows process sequence example 7 of the encryption processing method of this embodiment.
 以下に本発明の実施形態について図面を用いて詳細に説明する。図1は、本実施形態の暗号システム1を含むネットワーク構成図である。図1に示す暗号システム1は、暗号処理の適宜な高速性を担保しつつ、各利用者における秘匿情報の管理負担低減に優れた暗号技術を実装したコンピュータシステムである。 Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. FIG. 1 is a network configuration diagram including the cryptographic system 1 of the present embodiment. The cryptographic system 1 shown in FIG. 1 is a computer system that implements a cryptographic technique that is excellent in reducing the burden of managing confidential information for each user while ensuring appropriate high-speed encryption processing.
 本実施形態における暗号システム1は、利用者端末A10_1、利用者端末B10_2、利用者端末C10_3(以下、これらの利用者端末を纏めて示す場合、単に利用者端末10という)と、変換サーバ20(サーバ)とがインターネットなどの通信網(以下、ネットワークという)30を介して互いに接続されて構成されている。なお、図1にて例示した構成では、3つの利用者端末10がネットワーク30に接続された形態となっているが、それ以上の数の利用者端末10がネットワーク30に接続されているとしても問題無い。また、本実施形態では変換サーバ20と利用者端末10とを含めて暗号システム1として例示するが、変換サーバ20のみ、或いは利用者端末10のみ、を暗号システム1ととらえることもできる。 The encryption system 1 in the present embodiment includes a user terminal A10_1, a user terminal B10_2, a user terminal C10_3 (hereinafter simply referred to as the user terminal 10 when these user terminals are collectively shown), and a conversion server 20 ( Server) are connected to each other via a communication network (hereinafter referred to as a network) 30 such as the Internet. In the configuration illustrated in FIG. 1, three user terminals 10 are connected to the network 30, but even if a larger number of user terminals 10 are connected to the network 30. No problem. In the present embodiment, the conversion server 20 and the user terminal 10 are included as an example of the encryption system 1, but only the conversion server 20 or only the user terminal 10 can be regarded as the encryption system 1.
 また、暗号システム1を構成する変換サーバ20のハードウェア構成は以下の如くとなる。図2は本実施形態の暗号システム1が含む変換サーバ20の構成例を示す図である。変換サーバ20は、ハードディスクドライブなど適宜な不揮発性記憶装置で構成される記憶装置201、RAMなど揮発性記憶装置で構成されるメモリ203、記憶装置201に保持されるプログラム202をメモリ203に読み出すなどして実行しサーバ装置自体の統括制御を行なうとともに各種判定、演算及び制御処理を行なうCPUなどの演算装置204、および、ネットワーク30と接続し利用者端末10との通信処理を担う通信装置207、を備える。なお、記憶装置201内には、本実施形態の暗号システム1を構成するサーバとして必要な機能を実装する為のプログラム102の他、変換鍵を保持する変換鍵記憶部225、変換鍵により再暗号化されたメッセージを保持する再暗号文記憶部226が少なくとも格納されている。 Further, the hardware configuration of the conversion server 20 constituting the encryption system 1 is as follows. FIG. 2 is a diagram illustrating a configuration example of the conversion server 20 included in the cryptographic system 1 of the present embodiment. The conversion server 20 reads out a storage device 201 configured with an appropriate non-volatile storage device such as a hard disk drive, a memory 203 configured with a volatile storage device such as a RAM, and a program 202 held in the storage device 201 to the memory 203. A central processing unit 204 such as a CPU for performing overall control of the server device itself and performing various determinations, computations and control processing, and a communication device 207 connected to the network 30 and responsible for communication processing with the user terminal 10, Is provided. In the storage device 201, in addition to the program 102 for implementing functions necessary as a server constituting the encryption system 1 of the present embodiment, a conversion key storage unit 225 that holds a conversion key, and re-encryption using the conversion key At least a re-ciphertext storage unit 226 that stores the converted message is stored.
 続いて、本実施形態における変換サーバ20が備える機能について説明する。以下に説明する機能は、例えば変換サーバ20が記憶装置201にて備えるプログラム202を実行することで実装される機能と言える。 Subsequently, functions provided in the conversion server 20 in the present embodiment will be described. The functions described below can be said to be functions that are implemented, for example, by executing the program 202 provided in the storage device 201 by the conversion server 20.
 変換サーバ20は、利用者端末10から、暗号鍵で暗号化されたメッセージを受信し、該当利用者端末10と上述のメッセージが示す宛先の利用者端末10との組み合わせに関して記憶装置201の変換鍵記憶部225にて格納している変換鍵を特定し、該当変換鍵により、上述の利用者端末10から受信したメッセージが示す宛先の利用者端末10向けに、該当メッセージの再暗号化を実行し、当該再暗号化メッセージを、宛先の利用者端末10に送信する機能を備えている。なお、上述の暗号鍵は、利用者端末10が、通信相手たる他の利用者端末10の公開情報と自身の秘密鍵とをハッシュ関数(一方向関数)に適用して得た出力値である。 The conversion server 20 receives a message encrypted with the encryption key from the user terminal 10 and converts the conversion key of the storage device 201 with respect to the combination of the user terminal 10 and the destination user terminal 10 indicated by the above message. The conversion key stored in the storage unit 225 is identified, and the corresponding message is re-encrypted with the corresponding conversion key for the destination user terminal 10 indicated by the message received from the user terminal 10 described above. And a function of transmitting the re-encrypted message to the destination user terminal 10. The above-mentioned encryption key is an output value obtained by the user terminal 10 applying the public information of the other user terminal 10 as the communication partner and its own secret key to the hash function (one-way function). .
 また、変換サーバ20は、所定の利用者端末10からの変換鍵の登録要求に応じて乱数(所定値)を生成し、この乱数を上述の利用者端末10に返信し、上述の乱数でマスク処理された上述の所定利用者端末10の暗号鍵の逆数を、他の利用者端末10の暗号鍵で更にマスク処理されたマスク化変換鍵を、上述の他の利用者端末10から受信し、当該受信したマスク化変換鍵に対し上述の乱数に基づく交換法則を適用して、上述の登録要求を発した利用者端末10の暗号鍵の逆数を上述の他の利用者端末10の暗号鍵でマスク処理した変換鍵を計算し、当該変換鍵を記憶装置201の変換鍵記憶部225に格納する機能を備えている。 Also, the conversion server 20 generates a random number (predetermined value) in response to a conversion key registration request from a predetermined user terminal 10, returns the random number to the user terminal 10, and masks it with the random number. Received from the other user terminal 10 is a masked conversion key obtained by further masking the reciprocal of the processed encryption key of the predetermined user terminal 10 with the encryption key of the other user terminal 10; The exchange rule based on the above random number is applied to the received masked conversion key, and the reciprocal number of the encryption key of the user terminal 10 that issued the above registration request is the encryption key of the above other user terminal 10. It has a function of calculating the masked conversion key and storing the conversion key in the conversion key storage unit 225 of the storage device 201.
 また、変換サーバ20は、各利用者端末10のうちいずれかの利用者端末10から、変換鍵記憶部225に保持する変換鍵のうち該当利用者端末10と組みになった所定の他利用者端末10に関するものに関する抹消要求を受信し、当該抹消要求が示す利用者端末10と他利用者端末10との組み合わせ情報をキーにして記憶装置201の変換鍵記憶部225で検索を実行し、当該検索で特定した変換鍵を変換鍵記憶部225から削除する機能を備えている。 Moreover, the conversion server 20 is a predetermined other user who is paired with the corresponding user terminal 10 among the conversion keys held in the conversion key storage unit 225 from any one of the user terminals 10. A deletion request related to the terminal 10 is received, a search is performed in the conversion key storage unit 225 of the storage device 201 using the combination information of the user terminal 10 and the other user terminal 10 indicated by the deletion request as a key, A function of deleting the conversion key specified by the search from the conversion key storage unit 225 is provided.
 また、変換サーバ20は、利用者端末10からの、当該利用者端末10が代理と認める他の利用者端末10、すなわち代理利用者端末10に関する変換鍵の登録要求に応じ、乱数を発生させ、当該乱数を上述の利用者端末10に返信し、この乱数でマスク処理された、代理利用者端末10の公開情報と利用者端末10の秘密鍵とに基づく、利用者端末10の暗号鍵(第1鍵)の逆数を、利用者端末10の公開情報と代理利用者端末10の秘密情報とに基づく、代理利用者端末10の暗号鍵(第2鍵)で更にマスク処理されたマスク化変換鍵(第3鍵)を、代理利用者端末10から受信し、当該受信したマスク化変換鍵に対し上述の乱数に基づく交換法則を適用して、上述の利用者端末10の暗号鍵(第1鍵)の逆数をマスク化変換鍵(第3鍵)でマスク処理した代理人用変換鍵を計算し、当該代理人用変換鍵を記憶装置201の変換鍵記憶部225に格納する機能を備えている。 Further, the conversion server 20 generates a random number in response to a request for registering a conversion key related to the other user terminal 10 that the user terminal 10 recognizes as a proxy, that is, the proxy user terminal 10, from the user terminal 10. The random number is returned to the above-described user terminal 10, and the encryption key (the first key of the user terminal 10 based on the public information of the proxy user terminal 10 and the secret key of the user terminal 10 masked with the random number). The masked conversion key obtained by further masking the reciprocal of 1 key) with the encryption key (second key) of the proxy user terminal 10 based on the public information of the user terminal 10 and the secret information of the proxy user terminal 10 (Third key) is received from the proxy user terminal 10 and the exchange rule based on the random number is applied to the received masked conversion key, and the encryption key (first key) of the user terminal 10 is applied. ) Is converted into a masked conversion key (third ) An agent for conversion key which is masked calculated in, has a function of storing the agent for conversion key to the conversion key storage unit 225 of the storage device 201.
 また、変換サーバ20は、代理利用者端末10からの、上述の利用者端末10に宛てられたメッセージの閲覧録要求に応じ、代理利用者端末10と上述の利用者端末10の組み合わせに関して保持している代理人用変換鍵を記憶装置201の変換鍵記憶部225で特定し、当該代理人用変換鍵により、上述の利用者端末10向けに可換性を持って再暗号化されたメッセージを更に暗号化して、当該再再暗号化メッセージを、代理利用者端末10に送信する機能を備えている。 Further, the conversion server 20 holds the combination of the proxy user terminal 10 and the above-described user terminal 10 in response to a request for browsing the message addressed to the above-described user terminal 10 from the proxy user terminal 10. The conversion key storage unit 225 of the storage device 201 is identified, and the message re-encrypted for the above-described user terminal 10 is exchanged with the conversion key storage unit 225 for the user terminal 10 described above. Further, it has a function of encrypting and transmitting the re-re-encrypted message to the proxy user terminal 10.
 また、変換サーバ20は、各利用者端末10のうちいずれかの利用者端末10から、変換鍵記憶部225にて保持する変換鍵のうち、該当利用者端末10と組みになった代理利用者端末10に関するものに関する抹消要求を受信し、当該抹消要求が示す利用者端末10と代理利用者端末10との組み合わせ情報をキーにして変換鍵記憶部225にて検索を実行し、当該検索で特定した代理人用変換鍵を変換鍵記憶部225から削除する機能を備えている。 Moreover, the conversion server 20 is a proxy user who is paired with the corresponding user terminal 10 among the conversion keys held in the conversion key storage unit 225 from any one of the user terminals 10. A deletion request related to the terminal 10 is received, a search is performed in the conversion key storage unit 225 using the combination information of the user terminal 10 and the proxy user terminal 10 indicated by the deletion request as a key, and the search is specified The agent conversion key is deleted from the conversion key storage unit 225.
 また、暗号システム1を構成する利用者端末10らのハードウェア構成は以下の如くとなる。図3は本実施形態の暗号システム1が含む利用者端末10の構成例を示す図である。利用者端末10は、ハードディスクドライブなど適宜な不揮発性記憶装置で構成される記憶装置101、RAMなど揮発性記憶装置で構成されるメモリ103、記憶装置101に保持されるプログラム102をメモリ103に読み出すなどして実行し装置自体の統括制御を行なうとともに各種判定、演算及び制御処理を行なうCPUなどの演算装置104、ユーザからのキー入力や音声入力を受け付ける入力装置105、処理データの表示を行うディスプレイ等の出力装置106、ネットワークと接続し変換サーバ20との通信処理を担う通信装置107、を備える。なお、記憶装置101内には、本実施形態の暗号システム1を構成する端末として必要な機能を実装する為のプログラム102の他、各利用者端末10に関して公開されている利用者端末別のIDを保持する公開ID記憶部125、当該利用者端末10の秘密鍵を保持する鍵記憶部126が少なくとも格納されている。また、各利用者端末10は、プログラム102の1つとしてハッシュ関数に対応したプログラム110を記憶装置101にて保持しており、必要に応じて呼び出して実行可能である。 Also, the hardware configuration of the user terminals 10 constituting the cryptographic system 1 is as follows. FIG. 3 is a diagram illustrating a configuration example of the user terminal 10 included in the encryption system 1 of the present embodiment. The user terminal 10 reads out to the memory 103 a storage device 101 composed of a suitable non-volatile storage device such as a hard disk drive, a memory 103 composed of a volatile storage device such as a RAM, and a program 102 held in the storage device 101. For example, a CPU 104 for performing various determinations, calculations and control processing, an input device 105 for receiving key input and voice input from a user, and a display for displaying processing data. And an output device 106 such as a communication device 107 connected to a network and responsible for communication processing with the conversion server 20. In addition, in the storage device 101, in addition to the program 102 for implementing functions necessary as a terminal constituting the encryption system 1 of the present embodiment, the ID for each user terminal disclosed for each user terminal 10 is disclosed. At least a public ID storage unit 125 that holds the secret key and a key storage unit 126 that holds the secret key of the user terminal 10 are stored. Each user terminal 10 holds a program 110 corresponding to a hash function as one of the programs 102 in the storage device 101, and can be called and executed as necessary.
 続いて、本実施形態における利用者端末10が備える機能について説明する。上述したように、以下に説明する機能は、例えば利用者端末10が備えるプログラム102を実行することで実装される機能と言える。 Subsequently, functions provided in the user terminal 10 in the present embodiment will be described. As described above, the functions described below can be said to be functions implemented by executing the program 102 provided in the user terminal 10, for example.
 利用者端末10は、通信相手となる他の利用者端末10のID(公開情報)を公開ID記憶部125から抽出し、このIDと、鍵記憶部126で保持する自身の秘密鍵(秘密情報)とを、ハッシュ関数(一方向関数)に入力して暗号鍵を生成する機能を備えている。 The user terminal 10 extracts the ID (public information) of the other user terminal 10 to be a communication partner from the public ID storage unit 125, and this ID and its own private key (secret information) held in the key storage unit 126. ) To a hash function (one-way function) to generate an encryption key.
 また、利用者端末10は、上述の他の利用者端末10宛のメッセージ送信に際し、対象となるメッセージを上述の暗号鍵で暗号化して変換サーバ20に送信する機能を備えている。 Also, the user terminal 10 has a function of encrypting a target message with the above encryption key and transmitting it to the conversion server 20 when transmitting a message addressed to the other user terminal 10 described above.
 また、利用者端末10は、当該利用者端末10宛てのメッセージ受信に際しては、当該利用者端末10向けに可換性を持って再暗号化されたメッセージを変換サーバ20から受信し、当該受信したメッセージを自身の暗号鍵で復号化する機能を備えている。 Further, when receiving a message addressed to the user terminal 10, the user terminal 10 receives a message re-encrypted from the conversion server 20 for the user terminal 10 and receives the message. It has a function to decrypt a message with its own encryption key.
 また、利用者端末10は、当該所定利用者端末10と通信相手となりうる他の利用者端末10との組み合わせに関して、変換鍵の登録要求を変換サーバ20に送信する機能を備えている。 Also, the user terminal 10 has a function of transmitting a conversion key registration request to the conversion server 20 regarding the combination of the predetermined user terminal 10 and another user terminal 10 that can be a communication partner.
 また、利用者端末10は、当該利用者端末10と上述の通信相手たる他の利用者端末10とに関して生成している暗号鍵の逆数を、変換サーバ20から送られてきた乱数でマスク処理したマスク化暗号鍵を、通信相手である他の利用者端末10に送信する機能を備えている。この場合、他の利用者端末10は、通信相手たる利用者端末10のIDと自身の秘密鍵とをハッシュ関数に適用して復号鍵を生成し、当該復号鍵で、上述の利用者端末10から送られてきたマスク化暗号鍵をマスク処理してマスク化変換鍵を生成し、このマスク化変換鍵を変換サーバ20に送信する機能を備えている。 Further, the user terminal 10 masks the reciprocal number of the encryption key generated for the user terminal 10 and the other user terminal 10 that is the communication partner with the random number sent from the conversion server 20. A function of transmitting the masked encryption key to another user terminal 10 that is a communication partner is provided. In this case, the other user terminal 10 generates a decryption key by applying the ID of the user terminal 10 as a communication partner and its own secret key to the hash function, and the above-described user terminal 10 with the decryption key. The masked encryption key sent from the server is masked to generate a masked conversion key, and the masked conversion key is transmitted to the conversion server 20.
 また、利用者端末10は、変換サーバ20が管理する変換鍵のうち、該当利用者端末10と組みになった所定の他利用者端末10に関するものに関する抹消要求を、変換サーバ20に送信する機能を備えている。 In addition, the user terminal 10 has a function of transmitting to the conversion server 20 an erasure request related to a predetermined other user terminal 10 paired with the corresponding user terminal 10 among the conversion keys managed by the conversion server 20. It has.
 また、利用者端末10は、当該所定利用者端末10の代理利用者端末10に関する変換鍵の登録要求を変換サーバ20に送信し、この登録要求に応じて変換サーバ20から送信されてきた乱数を取得する機能を備えている。なお、代理利用者端末10も利用者端末10の1つであり、状況によっていずれの立場にもなりうるものである。従って、代理利用者端末10として記載した機能や構成であっても、利用者端末10に共通の機能や構成として備わっているものとする(以下、同様)。 In addition, the user terminal 10 transmits a conversion key registration request regarding the proxy user terminal 10 of the predetermined user terminal 10 to the conversion server 20, and uses the random number transmitted from the conversion server 20 in response to the registration request. Has the ability to get. The proxy user terminal 10 is also one of the user terminals 10 and can be in any position depending on the situation. Therefore, even if the function or configuration described as the proxy user terminal 10 is provided as a function or configuration common to the user terminal 10 (hereinafter the same).
 また、利用者端末10は、代理利用者端末10のIDと当該所定利用者端末10の秘密鍵とに基づく暗号鍵の逆数を、上述の乱数でマスク処理してマスク化暗号鍵を生成し、このマスク化暗号鍵を代理利用者端末10に送信する機能を備えている。この場合、代理利用者端末10は、上述の利用者端末10からマスク化暗号鍵を受信し、このマスク化暗号鍵を、上述の利用者端末10のIDと当該代理利用者端末10の秘密鍵とに基づく復号鍵で更にマスク処理することで、マスク化変換鍵を生成し、このマスク化変換鍵を、変換サーバ20に送信する機能を備えている。 Further, the user terminal 10 generates a masked encryption key by masking the reciprocal of the encryption key based on the ID of the proxy user terminal 10 and the secret key of the predetermined user terminal 10 with the above random number, A function of transmitting the masked encryption key to the proxy user terminal 10 is provided. In this case, the proxy user terminal 10 receives the masked encryption key from the user terminal 10 described above, and uses the masked encryption key as the ID of the user terminal 10 and the secret key of the proxy user terminal 10. Further, a masking conversion key is generated by performing a mask process with a decryption key based on the above and a function of transmitting the masking conversion key to the conversion server 20 is provided.
 また、代理利用者端末10は、代理でのメッセージ閲覧が許容されている利用者端末10に宛てられたメッセージについて、その閲覧録要求を変換サーバ20に送信する。この場合、変換サーバ20では、当該代理利用者端末10と上述の利用者端末10の組み合わせに関して保持している代理人用変換鍵を変換鍵記憶部225で特定し、当該代理人用変換鍵により、上述の利用者端末10向けに可換性を持って再暗号化されたメッセージを更に暗号化して、当該再再暗号化メッセージを代理利用者端末10に送信することとなる。そのため、代理利用者端末10は、変換サーバ20から送信された再再暗号化メッセージを受信し、当該受信した再再暗号化メッセージを自身の復号鍵で復号化する機能を備えている。 Further, the proxy user terminal 10 transmits a browsing record request to the conversion server 20 for a message addressed to the user terminal 10 that is permitted to browse messages on the proxy. In this case, in the conversion server 20, the conversion key storage unit 225 specifies the conversion key for the agent held for the combination of the proxy user terminal 10 and the user terminal 10 described above, and the conversion key for the agent uses the conversion key for the agent. Then, the message re-encrypted with commutability for the above-described user terminal 10 is further encrypted, and the re-encrypted message is transmitted to the proxy user terminal 10. Therefore, the proxy user terminal 10 has a function of receiving the re-re-encrypted message transmitted from the conversion server 20 and decrypting the received re-re-encrypted message with its own decryption key.
 ここで、暗号システム1における可換性に基づく各種処理に対応した演算子の例を示す。図4は、本実施形態の暗号システム1が処理に用いる演算子の具体例を説明する図である。本実施形態においては三つの演算子を用いることとする。一つ目の演算子は、“●”演算子である。当該演算子“●”は、可換性のあるマスク処理用の演算子であり、データAをデータBでマスクする処理を行う演算子である。この演算を“B●A”と記す。なお、ここでいうマスク処理とは、データAにデータBを作用させ、別の値に変換する処理を言う。また、当該演算子“●”は、以下の性質を持つ。 Here, examples of operators corresponding to various processes based on commutability in the cryptographic system 1 are shown. FIG. 4 is a diagram illustrating a specific example of an operator used for processing by the cryptographic system 1 according to the present embodiment. In this embodiment, three operators are used. The first operator is the “●” operator. The operator “●” is an operator for commutative mask processing, and is an operator that performs processing for masking data A with data B. This calculation is referred to as “B • A”. Note that the mask processing here refers to processing in which data B is applied to data A and converted to another value. The operator “●” has the following properties.
(a)B●A=A●B
(b)C●(B●A)=(C●B)●A
(c)A-1●A=1(但し、“1”は単位元)
 この様な性質を持つ演算子として、例えば、”xor”がある。 (A) B ● A = A ● B
(B) C ● (B ● A) = (C ● B) ● A
(C) A −1 ● A = 1 (where “1” is the unit element)
As an operator having such a property, for example, there is “xor”.
 また、二つ目の演算子は、“f(,)”演算子である。当該演算子“f(,)”は、暗号鍵に関して可換性のある暗号処理演算子であり、データAを暗号化鍵Kで暗号化を行う演算子である。この演算を“f(K,A)”と記す。当該演算子“f(,)”は、以下の性質を持つ。 The second operator is an “f (,)” operator. The operator “f (,)” is an encryption processing operator that is commutative with respect to the encryption key, and is an operator that encrypts the data A with the encryption key K. This calculation is referred to as “f (K, A)”. The operator “f (,)” has the following properties.
(a)f(K1,f(K2,A))=f((K1●K2),A)=f((K2●K1),A)=f(K2,f(K1,A))
(b)f(K1●K2,f(K3,A))=f(K1●K2●K3,A)=f(K1,f(K2●K3,A)
(c)f(K-1,f(K,A))=f(K-1●K,A)=f(1,A)=A
 この様な性質を持つ演算子として、例えば、“xor”がある。 (A) f (K 1 , f (K 2 , A)) = f ((K 1 * K 2 ), A) = f ((K 2 * K 1 ), A) = f (K 2 , f ( K 1, A))
(B) f (K 1 KK 2 , f (K 3 , A)) = f (K 1 KK 2 KK 3 , A) = f (K 1 , f (K 2 KK 3 , A)
(C) f (K −1 , f (K, A)) = f (K −1 ● K, A) = f (1, A) = A
As an operator having such a property, for example, there is “xor”.
 尚、演算子“●”と演算子“f(,)”は、同じ演算処理を行っても良いし、夫々、上述の性質を満たす別々の演算処理を行っても良い。なお、復号化処理に関しては、性質(c)により、暗号化鍵の逆数を用いて暗号文を再暗号化することにより、データAを復号することができる。 Note that the operator “●” and the operator “f (,)” may perform the same arithmetic processing, or may perform different arithmetic processing satisfying the above-described properties. Regarding the decryption process, the data A can be decrypted by re-encrypting the ciphertext using the reciprocal of the encryption key due to the property (c).
 また、三つ目の演算子は“h(,)”演算子である。当該演算子“h(,)”は、2つのデータを入力とするハッシュ関数を表す演算子であり、データAとデータBとのハッシュ値を生成する演算子である。この演算を“(h(A,B)”と記す。例えば、データAとデータBとをxorした値に対するハッシュ値を出力する場合、“h(A,B)=H((AxorB))”となる。但し“H(,)”は1つのデータを入力とするハッシュ関数であり、例えば”SHA256”がある。 Also, the third operator is the “h (,)” operator. The operator “h (,)” is an operator representing a hash function having two data as inputs, and is an operator that generates a hash value of data A and data B. This calculation is written as “(h (A, B)”. For example, when outputting a hash value for a value obtained by xoring data A and data B, “h (A, B) = H ((AxorB))” However, “H (,)” is a hash function with one piece of data as an input, for example, “SHA256”.
 以下、本実施形態における暗号処理方法の実際手順について図に基づき説明する。以下で説明する暗号処理方法に対応する各種動作は、暗号システム1を構成する変換サーバ20、および各利用者端末10らが、それぞれメモリ等に読み出して実行するプログラムによって実現される。そして、このプログラムは、以下に説明される各種の動作を行うためのコードから構成されている。 Hereinafter, the actual procedure of the cryptographic processing method according to this embodiment will be described with reference to the drawings. Various operations corresponding to the cryptographic processing method described below are realized by programs that are read and executed by the conversion server 20 and each user terminal 10 constituting the cryptographic system 1 in a memory or the like. And this program is comprised from the code | cord | chord for performing the various operation | movement demonstrated below.
 図5は、本実施形態の暗号処理方法の処理手順例1を示すシーケンス図であり、具体的には、利用者端末C10_3から利用者端末A10_1へメッセージを送る為に、事前に変換サーバ20に変換鍵を登録するまでの流れを示すシーケンス図である。この図5のシーケンス図にて示すように、利用者端末10は変換サーバ20に対して、変換鍵の登録要求を行うことが可能である。この処理の開始契機は、該当利用者端末10が通信相手と通信を開始する以前であればいつでもよい。 FIG. 5 is a sequence diagram showing a processing procedure example 1 of the cryptographic processing method according to the present embodiment. Specifically, in order to send a message from the user terminal C10_3 to the user terminal A10_1, the conversion server 20 is notified in advance. It is a sequence diagram which shows the flow until registering a conversion key. As shown in the sequence diagram of FIG. 5, the user terminal 10 can make a conversion key registration request to the conversion server 20. The start timing of this process may be any time before the corresponding user terminal 10 starts communication with the communication partner.
 この場合、暗号システム1に含まれる複数の利用者端末10のうち、例えば利用者端末C10_3が、他の利用者端末A10_1へメッセージを送る為に、変換サーバ20に対し、通信相手である利用者端末A10_1との変換鍵を登録したい旨を伝える変換鍵登録申請を行う(S001)。 In this case, among the plurality of user terminals 10 included in the encryption system 1, for example, the user terminal C10_3 sends a message to the other user terminal A10_1. A conversion key registration application is made to notify that the conversion key with the terminal A10_1 is to be registered (S001).
 一方、変換サーバ20は、ネットワーク30を介して上述の変換鍵登録申請を受信し、この受信を契機にして乱数pを生成する(S002)。乱数の生成手法は既存技術を採用すればよい。また、変換サーバ20は、生成した乱数pを、変換鍵登録申請の発信元、すなわち上述の利用者端末C10_3に送付する(S003)。 On the other hand, the conversion server 20 receives the above-described conversion key registration application via the network 30, and generates a random number p triggered by this reception (S002). An existing technique may be adopted as a random number generation method. The conversion server 20 sends the generated random number p to the transmission source of the conversion key registration application, that is, the above-described user terminal C10_3 (S003).
 他方、当該乱数pを変換サーバ20から受信した利用者端末C10_3は、通信相手となる利用者端末A10_1との暗号鍵を生成する為に、鍵記憶部126にて管理されている自身の秘密鍵“Kc”と、公開ID記憶部125にて管理されている利用者端末A10_1の公開IDである“IDa”とをハッシュ関数に入力し、ハッシュ値“h(Kc,IDa)”を計算する(S004)。このハッシュ値は、利用者端末C10_3が利用者端末A10_1を通信相手とする際の暗号鍵となる。 On the other hand, the user terminal C10_3 that has received the random number p from the conversion server 20 generates its own private key managed by the key storage unit 126 in order to generate an encryption key with the user terminal A10_1 that is the communication partner. “K c ” and “ID a ”, which is the public ID of the user terminal A10_1 managed in the public ID storage unit 125, are input to the hash function, and the hash value “h (K c , ID a )” is input. Is calculated (S004). This hash value becomes an encryption key when the user terminal C10_3 uses the user terminal A10_1 as a communication partner.
 また、こうして暗号鍵を計算した利用者端末C10_3は、上述のステップS003にて変換サーバ20が送信した乱数pを用いて、当該暗号鍵の逆数をマスクした値“p●h(Kc,IDa-1”を計算し、これをマスク化暗号鍵として利用者端末A10_1へ送信する(S005)。 Further, the user terminal C10_3 that has calculated the encryption key in this way uses the random number p transmitted by the conversion server 20 in step S003 described above, and masks the reciprocal number of the encryption key “p ● h (K c , ID a ) -1 "is calculated and transmitted to the user terminal A10_1 as a masked encryption key (S005).
 一方、利用者端末A10_1は、上述のマスク化暗号鍵を受信するに伴い、利用者端末C10_3との復号鍵を生成する為に、自身の鍵記憶部126にて管理している自身の秘密鍵“Ka”と、公開ID記憶部125にて管理している利用者端末C10_3の公開IDである“IDc”とをハッシュ関数に入力し、ハッシュ値“h(Ka,IDc)”を計算する(S006)。このハッシュ値は、利用者端末A10_1が利用者端末C10_3を通信相手とする際の復号鍵となる。 On the other hand, as the user terminal A10_1 receives the above-described masked encryption key, the user terminal A10_1 has its own private key managed by its own key storage unit 126 in order to generate a decryption key with the user terminal C10_3. “K a ” and “ID c ” which is the public ID of the user terminal C10_3 managed by the public ID storage unit 125 are input to the hash function, and the hash value “h (K a , ID c )” is input. Is calculated (S006). This hash value becomes a decryption key when the user terminal A10_1 uses the user terminal C10_3 as a communication partner.
 また、上述のように復号鍵を計算した利用者端末A10_1は、その復号鍵を用いて、利用者端末C10_3から送られてきたマスク化暗号鍵をマスク処理して、”h(Ka,IDc)●p●h(Kc,IDa-1”を計算し、これをマスク化変換鍵として変換サーバ20へ送付する(S007)。 In addition, the user terminal A10_1 that has calculated the decryption key as described above masks the masked encryption key sent from the user terminal C10_3 using the decryption key to obtain “h (K a , ID c ) ● p ● h (K c , ID a ) -1 "is calculated and sent to the conversion server 20 as a masked conversion key (S007).
 他方、変換サーバ20は、利用者端末A10_1が送信した情報処理装置マスク化変換鍵を受信し、このマスク化変換鍵に対して上述の乱数pの逆数を用いてマスク処理し、変換鍵”p-1●h(Ka,IDc)●p●h(Kc,IDa-1=h(Ka,IDc)●h(Kc,IDa-1”を計算する(S008)。 On the other hand, the conversion server 20 receives the information processing apparatus masked conversion key transmitted from the user terminal A10_1, masks the masked conversion key using the reciprocal of the random number p, and converts the conversion key “p -1 ● h (K a , ID c ) ● p ● h (K c , ID a ) −1 = h (K a , ID c ) ● h (K c , ID a ) −1 ”is calculated (S008) ).
 こうして変換鍵を計算した変換サーバ20は、当該変換鍵を、“利用者端末C10_3から利用者端末A10_1向けの変換鍵”として、記憶装置201における変換鍵記憶部225に登録する(S009)。 Thus, the conversion server 20 that has calculated the conversion key registers the conversion key in the conversion key storage unit 225 of the storage device 201 as “a conversion key from the user terminal C10_3 to the user terminal A10_1” (S009).
 こうして変換サーバ20における変換鍵の登録がなされるが、その後、変換サーバ20に登録されている変換鍵のうち、利用者にとって不要なものが生じる場合もある。例えば、それまでの取引関係が解消されて今後の連絡予定が消滅した契約相手、或いは、情報漏洩が疑われる通信相手、などに関する変換鍵を、迅速に抹消したいとの要望が生じた場合、などが該当する。 In this way, the conversion key is registered in the conversion server 20, but after that, the conversion key registered in the conversion server 20 may be unnecessary for the user. For example, when there is a request to quickly delete a conversion key related to a contract partner whose previous business relationship has been canceled and the future contact schedule has disappeared, or a communication partner suspected of information leakage, etc. Is applicable.
 そこで、このように変換鍵の抹消に関する処理について図に基づき説明する。図6は、本実施形態の暗号処理方法の処理手順例2を示すシーケンス図であり、具体的には、利用者端末A10_1からの変換鍵抹消申請により、変換サーバ20に登録されている変換鍵を削除するまでの流れと、利用者端末C10_3からの変換鍵抹消申請により、変換鍵を削除するまでの流れとを示すシーケンス図である。 Therefore, the processing related to the deletion of the conversion key will be described with reference to the drawings. FIG. 6 is a sequence diagram showing a processing procedure example 2 of the cryptographic processing method of the present embodiment. Specifically, the conversion key registered in the conversion server 20 by the conversion key deletion application from the user terminal A10_1. FIG. 6 is a sequence diagram showing a flow until deleting a conversion key and a flow until deleting a conversion key by a conversion key deletion application from a user terminal C10_3.
 この場合、例えば利用者端末A10_1が、“利用者端末C10_3から利用者端末A10_1向けの変換鍵”を削除したいとの要求を含んだ、変換鍵抹消申請を、変換サーバ20に送信したとする(S101)。 In this case, for example, it is assumed that the user terminal A10_1 has transmitted to the conversion server 20 a conversion key deletion application including a request to delete the “conversion key for the user terminal A10_1 from the user terminal C10_3” ( S101).
 一方、この変換鍵抹消申請を利用者端末A10_1から受信した変換サーバ20は、利用者端末C10_3および利用者端末A10_1の組み合わせに対応した該当変換鍵を、変換鍵記憶部225にて検索して、該当変換鍵“h(Ka,IDc)●h(Kc,IDa-1”を特定し、これを削除する(S102)。 On the other hand, the conversion server 20 that has received this conversion key deletion application from the user terminal A10_1 searches the conversion key storage unit 225 for a corresponding conversion key corresponding to the combination of the user terminal C10_3 and the user terminal A10_1, The corresponding conversion key “h (K a , ID c ) ● h (K c , ID a ) −1 ” is identified and deleted (S102).
 また同様に、利用者端末C10_3が、“利用者端末C10_3から利用者端末A10_1向けの変換鍵”を削除したいとの要求を含んだ、変換鍵抹消申請を、変換サーバ20に送信したとする(S103)。 Similarly, it is assumed that the user terminal C10_3 transmits to the conversion server 20 a conversion key deletion application including a request to delete the “conversion key for the user terminal A10_1 from the user terminal C10_3” ( S103).
 他方、利用者端末C10_3からの変換鍵抹消申請を受信した変換サーバ20は、利用者端末A10_1および利用者端末C10_3の組み合わせに対応した該当変換鍵を、変換鍵記憶部225にて検索して、該当変換鍵“h(Ka,IDc)●h(Kc,IDa-1”を特定し、これを削除する(S104)。 On the other hand, the conversion server 20 that has received the conversion key deletion application from the user terminal C10_3 searches the conversion key storage unit 225 for a corresponding conversion key corresponding to the combination of the user terminal A10_1 and the user terminal C10_3, and The corresponding conversion key “h (K a , ID c ) ● h (K c , ID a ) −1 ” is identified and deleted (S104).
 次に、利用者端末10の間で上述の変換サーバ20を介したセキュアな通信を実行する際の処理について説明する。図7は、利用者端末C10_3から変換サーバ20を経由して、利用者端末A10_1へメッセージMを送るまでの、前記にて説明した処理の全体的な流れを示す概要図である。また、図8は、本実施形態の暗号処理方法の処理手順例3を示すシーケンス図であり、具体的には、利用者端末C10_3から利用者端末A10_1宛ての暗号メッセージを変換サーバ20へアップロードし、変換サーバ20にて、当該暗号メッセージを利用者端末A10_1向けに再暗号処理をするまでの流れを示すシーケンス図である。 Next, processing when performing secure communication between the user terminals 10 via the above-described conversion server 20 will be described. FIG. 7 is a schematic diagram showing the overall flow of the process described above until the message M is sent from the user terminal C10_3 via the conversion server 20 to the user terminal A10_1. FIG. 8 is a sequence diagram showing a processing procedure example 3 of the encryption processing method according to the present embodiment. Specifically, an encryption message addressed to the user terminal A10_1 is uploaded from the user terminal C10_3 to the conversion server 20. FIG. 10 is a sequence diagram showing a flow until the conversion server 20 re-encrypts the encrypted message for the user terminal A10_1.
 この場合、利用者による通信開始指示等を入力装置105で受けた利用者端末C10_3は、上述の指示が示す通信相手である、利用者端末A10_1宛てのメッセージMを作成する(S201)。このメッセージMの作成処理は、例えば、利用者端末10が、入力装置105で受け付けた利用者由来のテキストデータないしテキストファイルを、ネットワーク30での所定の通信プロトコルに沿って処理し、通信パケットを生成する処理、などに該当する。 In this case, the user terminal C10_3 that has received a communication start instruction or the like by the user with the input device 105 creates a message M addressed to the user terminal A10_1 that is the communication partner indicated by the above instruction (S201). For example, the message M is created by processing the user-derived text data or text file received by the input device 105 in accordance with a predetermined communication protocol in the network 30, and processing the communication packet. It corresponds to the process to generate.
 次に利用者端末C10_3は、利用者端末A10_1との通信に用いる暗号鍵を生成する為に、鍵記憶部126にて管理している自身の秘密鍵“Kc”と、公開ID記憶部125にて管理している利用者端末A10_1の公開IDである“IDa”とを、ハッシュ関数に入力し、暗号鍵としてのハッシュ値“h(Kc,IDa)”を計算する(S202)。 Next, the user terminal C10_3 generates its own private key “K c ” managed by the key storage unit 126 and the public ID storage unit 125 in order to generate an encryption key used for communication with the user terminal A10_1. “ID a ”, which is the public ID of the user terminal A10_1 managed in FIG. 1, is input to the hash function, and a hash value “h (K c , ID a )” as an encryption key is calculated (S202). .
 また、利用者端末C10_3は、上述のステップS201で作成したメッセージMを、ステップS202で計算した暗号鍵“h(Kc,IDa)”を用いて暗号化し、暗号文“f(h(Kc,IDa),M)”を生成する(S203)。 Further, the user terminal C10_3 encrypts the message M created in step S201 described above using the encryption key “h (K c , ID a )” calculated in step S202, and the ciphertext “f (h (K ( c , ID a ), M) "are generated (S203).
 利用者端末C10_3は、上述のステップS203で生成した利用者端末A10_1宛ての暗号文“f(h(Kc,IDa),M)”を、変換サーバ20に送付する(S204)。 The user terminal C10_3 sends the ciphertext “f (h (K c , ID a ), M)” addressed to the user terminal A10_1 generated in step S203 described above to the conversion server 20 (S204).
 一方、暗号文“f(h(Kc,IDa),M)”を受信した変換サーバ20は、利用者端末C10_3および利用者端末A10_1の組み合わせをキーとして、変換鍵記憶部225で変換鍵の検索を実行し、“利用者端末C10_3から利用者端末A10_1向けの変換鍵h(Ka,IDc)●h(Kc,IDa-1”を特定する(S205)。 On the other hand, the conversion server 20 that has received the ciphertext “f (h (K c , ID a ), M)” uses the combination of the user terminal C10_3 and the user terminal A10_1 as a key, and the conversion key storage unit 225 converts the conversion key. And a “conversion key h (K a , ID c ) ● h (K c , ID a ) −1 ” from the user terminal C10_3 to the user terminal A10_1 is specified (S205).
 また、変換サーバ20は、上述のステップS205で特定した変換鍵を用いて、利用者端末C10_3から送られてきた暗号文を再暗号化する(S206)。この再暗号化で得られる再暗号文は、各演算子の性質より、以下の構成となる。 Also, the conversion server 20 re-encrypts the ciphertext sent from the user terminal C10_3 using the conversion key specified in step S205 described above (S206). The recipher text obtained by this re-encryption has the following configuration due to the nature of each operator.
 再暗号文:f(h(Ka,IDc)●h(Kc,IDa-1,f(h(Kc,IDa),M))=f(((h(Ka,IDc)●h(Kc,IDa-1)●h(Kc,IDa)),M)=f(h(Ka,IDc),M)
 こうして再暗号文を得た変換サーバ20は、当該再暗号文を記憶装置201における再暗号文記憶部226に保存し、利用者端末C10_3の通信相手である利用者端末A10_1への転送に備える。 Reciphertext: f (h (K a , ID c ) h (K c , ID a ) −1 , f (h (K c , ID a ), M)) = f ((((h (K a , ID c ) ● h (K c , ID a ) −1 ) ● h (K c , ID a )), M) = f (h (K a , ID c ), M)
The conversion server 20 that has obtained the re-ciphertext saves the re-ciphertext in the re-ciphertext storage unit 226 in the storage device 201 and prepares for transfer to the user terminal A10_1 that is the communication partner of the user terminal C10_3.
 そこで、利用者端末A10_1向けに変換サーバ20で保存された再暗号文を、利用者端末A10_1が復号し、メッセージを取得する流れについて説明する。図9は、本実施形態の暗号処理方法の処理手順例4を示すシーケンス図であり、具体的には、利用者端末A10_1向けに再暗号処理された再暗号文を利用者端末A10_1が復号し、メッセージを取得するまでの流れを示すシーケンス図である。 Therefore, the flow in which the user terminal A10_1 decrypts the re-ciphertext stored in the conversion server 20 for the user terminal A10_1 and acquires the message will be described. FIG. 9 is a sequence diagram showing a processing procedure example 4 of the cryptographic processing method of the present embodiment. Specifically, the user terminal A10_1 decrypts the re-encrypted text re-encrypted for the user terminal A10_1. FIG. 11 is a sequence diagram showing a flow until a message is acquired.
 この場合、利用者端末A10_1は、変換サーバ20に対し、自分宛の新着メッセージが存在するか否かの確認要求を送信する(S300)。この確認要求の送信は、利用者端末A10_1が入力装置105にて利用者の指示を受けて実行するとしてもよいし、予め定めた所定周期の到来をクロック機能等で検知して実行するとしてもよい。 In this case, the user terminal A10_1 transmits a confirmation request as to whether or not there is a new message addressed to itself to the conversion server 20 (S300). This confirmation request may be transmitted when the user terminal A10_1 receives an instruction from the user through the input device 105, or when the arrival of a predetermined period is detected by a clock function or the like. Good.
 一方、利用者端末A10_1からの確認要求を受信した変換サーバ20は、記憶装置201の再暗号文記憶部226において、利用者端末A10_1宛のメッセージを利用者端末A10_1のID等に基づいて検索し、検索結果を返信する(S301)。 On the other hand, the conversion server 20 that has received the confirmation request from the user terminal A10_1 searches the re-ciphertext storage unit 226 of the storage device 201 for a message addressed to the user terminal A10_1 based on the ID of the user terminal A10_1. The search result is returned (S301).
 この検索結果を変換サーバ20から受信した利用者端末A10_1は、当該検索結果が、自分宛の新着メッセージの存在を示していた場合、変換サーバ20に対して該当メッセージの取得指示を通知し、例えば、利用者端末C10_3からの再暗号文“f(h(Ka,IDc),M)”を取得する(S302)。 The user terminal A10_1 that has received the search result from the conversion server 20 notifies the conversion server 20 of an acquisition instruction for the corresponding message when the search result indicates the presence of a new message addressed to the user terminal A10_1. Then, the re-ciphertext “f (h (K a , ID c ), M)” from the user terminal C10_3 is acquired (S302).
 利用者端末C10_3からの再暗号文を取得した利用者端末A10_1は、この利用者端末C10_3との復号鍵を生成する為に、鍵記憶部126にて管理している自身の秘密鍵“Ka”と、公開ID記憶部125にて管理している利用者端末C10_3の公開IDである“IDc”とをハッシュ関数に入力し、復号鍵としてハッシュ値“h(Ka,IDc)”を計算する(S303)。 The user terminal A10_1 that has obtained the re-encrypted text from the user terminal C10_3 generates its own private key “K a that is managed by the key storage unit 126 in order to generate a decryption key with the user terminal C10_3. And “ID c ”, which is the public ID of the user terminal C10_3 managed by the public ID storage unit 125, is input to the hash function, and the hash value “h (K a , ID c )” is used as the decryption key. Is calculated (S303).
 また、利用者端末C10_3は、上述のステップS303で得た復号鍵の逆数“h(Ka,IDc-1”を用いて、上述のステップS302で得ている再暗号文“f(h(Ka,IDc),M)”を復号することで、メッセージMを取得する(S304)。この時、復号処理は以下の様になる。 In addition, the user terminal C10_3 uses the reciprocal “h (K a , ID c ) −1 ” of the decryption key obtained in step S303 described above to use the re-ciphertext “f (h) obtained in step S302 described above. The message M is acquired by decrypting (K a , ID c ), M) ”(S304). At this time, the decoding process is as follows.
 f(h(Ka,IDc-1,f(h(Ka,IDc),M))=f(h(Ka,IDc-1●h(Ka,IDc)),M)=f(1,M)=M
 上述では、メッセージ送信元の利用者端末C10_3と、該当メッセージの受信先の利用者端末A10_1との2者間のデータ通信について説明した。一方で、受信先の利用者端末A10_1の代理として、利用者端末B10_2が利用者端末A10_1宛ての再暗号文を閲覧する状況、すなわち代理閲覧が要求される状況にも本実施形態の暗号システム1は対応可能である。そこで、図10、11を用いて、こうした代理閲覧に関する処理について説明する。 f (h (K a , ID c ) −1 , f (h (K a , ID c ), M)) = f (h (K a , ID c ) −1 ● h (K a , ID c )) , M) = f (1, M) = M
In the above description, the data communication between the two parties, the user terminal C10_3 that is the message transmission source and the user terminal A10_1 that is the reception destination of the message, has been described. On the other hand, the encryption system 1 of the present embodiment is also used in a situation where the user terminal B10_2 browses a re-encrypted text addressed to the user terminal A10_1 as a proxy for the user terminal A10_1 at the receiving destination, that is, a situation where proxy browsing is required. Is available. Therefore, processing relating to such proxy browsing will be described with reference to FIGS.
 図10は、本実施形態の暗号処理方法の処理手順例5を示すシーケンス図であり、具体的には、利用者端末A10_1向けに送られてきた再暗号文を利用者端末B10_2が代理として閲覧する為に、代理閲覧用の変換鍵を変換サーバ20に登録するまでの流れを示すシーケンス図である。 FIG. 10 is a sequence diagram illustrating a processing procedure example 5 of the cryptographic processing method according to the present embodiment. Specifically, the user terminal B10_2 browses the re-ciphertext sent to the user terminal A10_1 as a proxy. FIG. 6 is a sequence diagram showing a flow until registration of a conversion key for proxy browsing in the conversion server 20 in order to do so.
 この場合、利用者端末A10_1は、変換サーバ20に対し、利用者端末B10_2が代理利用者端末であるとの旨を伝える、代理人登録申請を行う(S401)。この代理人登録申請は、利用者端末C10_3から利用者端末A10_1に宛てられたメッセージについては、利用者端末B10_2が代理閲覧できる権限を付与するためのものである。 In this case, the user terminal A10_1 makes an agent registration application to notify the conversion server 20 that the user terminal B10_2 is a proxy user terminal (S401). This agent registration application is for granting authority that the user terminal B10_2 can perform proxy browsing for messages addressed to the user terminal A10_1 from the user terminal C10_3.
 一方、こうした代理人登録申請情報を受信した変換サーバ20は、乱数p’を生成し(S402)、当該乱数p’を利用者端末A10_1に送付する(S403)。 On the other hand, the conversion server 20 that has received such agent registration application information generates a random number p '(S402) and sends the random number p' to the user terminal A10_1 (S403).
 他方、上述の乱数p’を受信した利用者端末A10_1は、利用者端末B10_2との暗号鍵を生成する為に、鍵記憶部126にて管理している自身の秘密鍵“Ka”と、公開ID記憶部125にて管理している利用者端末C10_3の公開IDである“IDc”とをハッシュ関数に入力し、復号鍵であるハッシュ値“h(K_a,ID_c)”を計算する(S404)。このハッシュ値は、利用者端末A10_1が利用者端末C10_3を通信相手とする際の復号鍵となる。
 上述の復号鍵を計算した利用者端末A10_1は、変換サーバ20から送られてきた上述の乱数p’を用いて上述の復号鍵の逆数をマスクして、マスク化暗号鍵“p’●h(Ka,IDc-1”を算定し、これを利用者端末B10_2へ送付する(S405)。 On the other hand, the user terminal A10_1 that has received the random number p ′ described above has its own secret key “K a ” managed by the key storage unit 126 in order to generate an encryption key with the user terminal B10_2, “ID c ”, which is the public ID of the user terminal C10_3 managed by the public ID storage unit 125, is input to the hash function, and a hash value “h (K_a, ID_c)”, which is a decryption key, is calculated ( S404). This hash value becomes a decryption key when the user terminal A10_1 uses the user terminal C10_3 as a communication partner.
The user terminal A10_1 that has calculated the decryption key masks the reciprocal number of the decryption key using the random number p ′ sent from the conversion server 20, and uses the masked encryption key “p ′ ● h ( K a , ID c ) -1 "is calculated and sent to the user terminal B10_2 (S405).
 他方、上述のマスク化暗号鍵を受信した利用者端末B10_2では、利用者端末A10_1との通信に用いる復号鍵を生成する為に、鍵記憶部126にて管理している自身の秘密鍵“Kb”と、公開ID記憶部125にて管理している利用者端末A10_1の公開IDである“IDa”とをハッシュ関数に入力し、復号鍵であるハッシュ値“h(Kb,IDa)”を計算する(S406)。このハッシュ値は、利用者端末B10_2が利用者端末A10_1を通信相手とする際の復号鍵となる。 On the other hand, the user terminal B10_2 that has received the masked encryption key described above has its own private key “K” managed by the key storage unit 126 in order to generate a decryption key used for communication with the user terminal A10_1. b ”and“ ID a ”which is the public ID of the user terminal A10_1 managed by the public ID storage unit 125 are input to the hash function, and the hash value“ h (K b , ID a) which is the decryption key is input. ) "Is calculated (S406). This hash value becomes a decryption key when the user terminal B10_2 uses the user terminal A10_1 as a communication partner.
 こうして復号鍵を計算した利用者端末B10_2は、当該復号鍵を用いて、上述の利用者端末A10_1から送られてきたマスク化暗号鍵をマスク処理し、値”h(Kb,IDa)●p’●h(Ka,IDc-1”を計算し、これをマスク化変換鍵として変換サーバ20へ送付する(S407)。 The user terminal B10_2 that has calculated the decryption key in this way uses the decryption key to mask the masked encryption key sent from the user terminal A10_1, and the value “h (K b , ID a ) ●. p ′ ● h (K a , ID c ) −1 ”is calculated and sent to the conversion server 20 as a masked conversion key (S407).
 一方、変換サーバ20は、上述のマスク化変換鍵を利用者端末B10_2から受信し、このマスク化変換鍵に対し、乱数p’の逆数を用いてマスク処理を行い、変換鍵“p’-1●h(Kb,IDa)●p’●h(Ka,IDc-1=h(Kb,IDa)●h(Ka,IDc-1”を計算する(S408)。 On the other hand, the conversion server 20 receives the above-described masked conversion key from the user terminal B10_2, performs a mask process on the masked conversion key using the reciprocal number of the random number p ′, and converts the conversion key “p ′ −1 ”. ● h (K b , ID a ) ● p ′ ● h (K a , ID c ) −1 = h (K b , ID a ) ● h (K a , ID c ) −1 ”is calculated (S408) .
 変換サーバ20は、こうして計算した変換鍵(代理人用変換鍵)を、“利用者端末A10_1から利用者端末B10_2向けの変換鍵”として、記憶装置201における変換鍵記憶部225に登録する(S409)。なお、代理閲覧用の当該変換鍵を変換サーバ20より削除する処理については後述する。 The conversion server 20 registers the conversion key (agent conversion key) calculated in this way in the conversion key storage unit 225 of the storage device 201 as a “conversion key for the user terminal A10_1 to the user terminal B10_2” (S409). ). The process of deleting the conversion key for proxy browsing from the conversion server 20 will be described later.
 次に、代理閲覧の権限を有する代理利用者端末である、上述の利用者端末B10_2が、利用者端末A10_1宛のメッセージを代理閲覧する処理について図に基づき説明する。図11は、本実施形態の暗号処理方法の処理手順例6を示すシーケンス図であり、具体的には、利用者端末A10_1向けに送られてきた再暗号文を利用者端末B10_2が代理として閲覧するまでの流れを示すシーケンス図である。 Next, a process in which the above-described user terminal B10_2, which is a proxy user terminal having proxy browsing authority, performs proxy browsing of a message addressed to the user terminal A10_1 will be described with reference to the drawings. FIG. 11 is a sequence diagram showing a processing procedure example 6 of the cryptographic processing method according to the present embodiment. Specifically, the user terminal B10_2 browses the re-ciphertext sent to the user terminal A10_1 as a proxy. It is a sequence diagram which shows the flow until it does.
 この場合、代理閲覧の権限を有する利用者端末B10_2は、変換サーバ20に対し、利用者端末A10_1宛ての新着メッセージが存在するか否かの確認要求を含む、代理閲覧申請を行う(S501)。この確認要求の含む代理閲覧申請の送信は、利用者端末B10_2が入力装置105にて利用者の指示を受けて実行するとしてもよいし、予め定めた所定周期の到来をクロック機能等で検知して実行するとしてもよい。 In this case, the user terminal B10_2 having the authority of proxy browsing makes a proxy browsing application including a confirmation request as to whether there is a new message addressed to the user terminal A10_1 to the conversion server 20 (S501). The transmission of the proxy browsing application including the confirmation request may be executed by the user terminal B10_2 in response to the user's instruction at the input device 105, or the arrival of a predetermined period is detected by a clock function or the like. May be executed.
 一方、利用者端末B10_2からの代理閲覧申請を受信した変換サーバ20は、記憶装置201の再暗号文記憶部226において、利用者端末A10_1宛のメッセージを利用者端末A10_1のID等に基づいて検索する(S502)。 On the other hand, the conversion server 20 that has received the proxy browsing application from the user terminal B10_2 searches the re-ciphertext storage unit 226 of the storage device 201 for a message addressed to the user terminal A10_1 based on the ID of the user terminal A10_1. (S502).
 この検索の結果、再暗号文記憶部226にて該当新着メッセージが存在した場合、変換サーバ20は、変換鍵記憶部225から、“利用者端末A10_1から利用者端末B10_2向けの変換鍵“h(Kb,IDa)●h(Ka,IDc-1”を検索する(S502)。 As a result of this search, if there is a corresponding new message in the re-ciphertext storage unit 226, the conversion server 20 reads from the conversion key storage unit 225 "the conversion key for the user terminal A10_1 to the user terminal B10_2" h ( K b , ID a ) ● h (K a , ID c ) -1 "is searched (S502).
 また、変換サーバ20は、上述のステップS502で検索した変換鍵を用いて、新着メッセージとして検索した、利用者端末A10_1宛ての再暗号文を更に再暗号化、すなわち再再暗号化する(S503)。これにより得られる再再暗号文は、各演算子の性質より、以下の様になる。 The conversion server 20 further re-encrypts, that is, re-re-encrypts the re-encrypted text addressed to the user terminal A10_1 searched for as a new arrival message using the conversion key searched in step S502 (S503). . The re-re-ciphertext obtained in this way is as follows due to the nature of each operator.
 f(h(Kb,IDa)●h(Ka,IDc-1,f(h(Ka,IDc),M))=f(((h(Kb,IDa)●h(Ka,IDc-1)●h(Ka,IDc)),M)=f(h(Kb,IDa),M)
 一方、利用者端末B10_2は、変換サーバ20に対して、利用者端末A10_1宛ての再再暗号文“f(h(Kb,IDa),M)”を要求し、これを取得する(S504)。また、利用者端末B10_2は、利用者端末A10_1との復号鍵を生成する為に、鍵記憶部126にて管理している自身の秘密鍵“Kb”と、公開ID記憶部125にて管理している利用者端末A10_1の公開IDである“IDa”とをハッシュ関数に入力し、復号鍵であるハッシュ値“h(Kb,IDa)”を計算する(S505)。 f (h (K b , ID a ) ● h (K a , ID c ) −1 , f (h (K a , ID c ), M)) = f ((((h (K b , ID a ) ● h (K a , ID c ) −1 ) • h (K a , ID c )), M) = f (h (K b , ID a ), M)
On the other hand, the user terminal B10_2 requests the conversion server 20 for a re-re-encrypted text “f (h (K b , ID a ), M)” addressed to the user terminal A10_1 and acquires it (S504). ). Also, the user terminal B10_2 manages its own private key “K b ” managed by the key storage unit 126 and the public ID storage unit 125 in order to generate a decryption key for the user terminal A10_1. The public ID “ID a ” of the user terminal A10_1 is input to the hash function, and the hash value “h (K b , ID a )” that is the decryption key is calculated (S505).
 復号鍵を計算した利用者端末B10_2は、当該復号鍵の逆数“h(Kb,IDa-1”を用いて、上述の再再暗号文を復号し、メッセージMを取得する(S506)。この復号処理は以下の様になる。 The user terminal B10_2 that has calculated the decryption key decrypts the above-mentioned re-re-encrypted text using the reciprocal number “h (K b , ID a ) −1 ” of the decryption key, and acquires the message M (S506). . This decoding process is as follows.
 f(h(Kb,IDa-1,f(h(Kb,IDa),M))=f(h(Kb,IDa-1●h(Kb,IDa)),M)=f(1,M)=M
 こうして代理閲覧の権限を有する利用者端末B10_2が、利用者端末A10_1宛のメッセージをセキュアに閲覧することができる。 f (h (K b , ID a ) −1 , f (h (K b , ID a ), M)) = f (h (K b , ID a ) −1 ● h (K b , ID a )) , M) = f (1, M) = M
In this way, the user terminal B10_2 having proxy browsing authority can securely browse the message addressed to the user terminal A10_1.
 次に、代理人用変換鍵の抹消処理について説明する。図12は、本実施形態の暗号処理方法の処理手順例7を示すシーケンス図であり、具体的には、利用者端末A10_1からの代理人用変換鍵抹消申請により、変換サーバ20に登録されている、代理端末たる利用者端末B10_2に関する代理人用変換鍵を削除するまでの流れと、利用者端末B10_2からの代理人用変換鍵抹消申請により、上述の代理人用変換鍵を削除するまでの流れとを示すシーケンス図である。 Next, the agent conversion key deletion process will be described. FIG. 12 is a sequence diagram showing a processing procedure example 7 of the cryptographic processing method according to the present embodiment. Specifically, it is registered in the conversion server 20 by an agent conversion key deletion application from the user terminal A10_1. From the flow until the agent conversion key related to the user terminal B10_2 as the proxy terminal is deleted and the application for deleting the agent conversion key from the user terminal B10_2, It is a sequence diagram which shows a flow.
 この場合、例えば利用者端末A10_1が、“利用者端末B10_2と利用者端末A10_1との組み合わせに関する代理人用の変換鍵”を削除したいとの要求を含んだ、変換鍵抹消申請を、変換サーバ20に送信したとする(S601)。 In this case, for example, the user terminal A10_1 sends a conversion key deletion application including a request to delete the “conversion key for the agent relating to the combination of the user terminal B10_2 and the user terminal A10_1” to the conversion server 20. (S601).
 一方、この変換鍵抹消申請を利用者端末A10_1から受信した変換サーバ20は、利用者端末B10_2および利用者端末A10_1の組み合わせに対応した該当変換鍵を、変換鍵記憶部225にて検索して、該当変換鍵“h(Kb,IDa)●h(Ka,IDc-1”を特定し、これを削除する(S602)。 On the other hand, the conversion server 20 that has received the conversion key deletion application from the user terminal A10_1 searches the conversion key storage unit 225 for a corresponding conversion key corresponding to the combination of the user terminal B10_2 and the user terminal A10_1. The corresponding conversion key “h (K b , ID a ) ● h (K a , ID c ) −1 ” is identified and deleted (S602).
 また同様に、利用者端末B10_2が、“利用者端末A10_1と利用者端末B10_2との組み合わせに関する代理人用の変換鍵”を削除したいとの要求を含んだ、変換鍵抹消申請を、変換サーバ20に送信したとする(S603)。 Similarly, the conversion terminal 20 applies a conversion key deletion application including a request for the user terminal B10_2 to delete the “conversion key for the agent relating to the combination of the user terminal A10_1 and the user terminal B10_2”. (S603).
 他方、利用者端末B10_2からの変換鍵抹消申請を受信した変換サーバ20は、利用者端末B10_2および利用者端末A10_1の組み合わせに対応した該当変換鍵を、変換鍵記憶部225にて検索して、該当変換鍵“h(Kb,IDa)●h(Ka,IDc-1”を特定し、これを削除する(S604)。 On the other hand, the conversion server 20 that has received the conversion key deletion application from the user terminal B10_2 searches the conversion key storage unit 225 for a corresponding conversion key corresponding to the combination of the user terminal B10_2 and the user terminal A10_1. The corresponding conversion key “h (K b , ID a ) ● h (K a , ID c ) −1 ” is identified and deleted (S604).
 以上、本発明を実施するための最良の形態などについて具体的に説明したが、本発明はこれに限定されるものではなく、その要旨を逸脱しない範囲で種々変更可能である。例えば本発明は、日本政府が検討している社会保障・税番号制度におけるマイ・ポータルシステムへの適用も可能である。マイ・ポータルへの適用の際、本発明の変換サーバ20の機能をマイ・ポータルの一機能として物理的に同一の機器上に構築しても良いし、物理的には切り離してマイ・ポータルはデータを橋渡しするだけで、本発明の変換サーバ20の機能を別機器上に構築してもよい。 The best mode for carrying out the present invention has been specifically described above. However, the present invention is not limited to this, and various modifications can be made without departing from the scope of the present invention. For example, the present invention can be applied to the My Portal system in the social security / tax number system that the Japanese government is considering. When applying to My Portal, the function of the conversion server 20 of the present invention may be built on the same physical device as one function of My Portal, or physically separated from My Portal. The function of the conversion server 20 of the present invention may be constructed on another device simply by bridging data.
 こうした本実施形態によれば、データを暗号化、復号化する為の暗号鍵、復号鍵は、ユーザ自身の秘密鍵と通信相手の公開ID情報とから動的に生成されるものとなり、実際に各利用者が恒常的に管理すべき秘匿情報(秘密鍵)の数は1つのみとできる。つまり、暗号処理が比較的高速である共通鍵暗号ベースのプロトコルにおいても、各利用者が管理すべき秘匿情報(秘密鍵)を公開鍵暗号ベースのプロトコルと同様に1個にし、ユーザの利便性を向上させることができる。 According to the present embodiment, the encryption key and the decryption key for encrypting and decrypting data are dynamically generated from the user's own private key and the public ID information of the communication partner. Each user can have only one secret information (secret key) that should be constantly managed. In other words, even in a common key encryption-based protocol where encryption processing is relatively fast, the confidential information (secret key) to be managed by each user is made one as in the case of the public key encryption-based protocol. Can be improved.
 従って、暗号処理の適宜な高速性を担保しつつ、各利用者における秘匿情報の管理負担低減に優れた暗号技術を提供可能となる。 Therefore, it is possible to provide an encryption technology excellent in reducing the burden of managing confidential information for each user while ensuring an appropriate high speed of the encryption processing.
 本明細書の記載により、少なくとも次のことが明らかにされる。すなわち、本実施形態の暗号処理方法において、前記サーバは、前記端末から、前記鍵で暗号化されたメッセージを受信し、端末の組み合わせ毎に保持している可換性関数たる変換鍵により、前記受信したメッセージが示す宛先の端末向けに、前記メッセージの再暗号化を実行し、当該再暗号化メッセージを、前記宛先の端末に送信するとしてもよい。 記載 At least the following will be made clear by the description in this specification. That is, in the cryptographic processing method of the present embodiment, the server receives a message encrypted with the key from the terminal, and uses the conversion key that is a commutative function held for each combination of terminals, The message may be re-encrypted for the destination terminal indicated by the received message, and the re-encrypted message may be transmitted to the destination terminal.
 これによれば、サーバが、端末間のセキュアな通信を効率的に仲介し、なおかつ、各端末での秘匿情報たる秘密鍵の管理数を最低限度に抑制可能となる。しかも、サーバ自体は仲介する端末からのメッセージを復号化しない構成となっており、サーバ側での情報漏洩のリスクも抑制される。 According to this, the server can efficiently mediate secure communication between terminals, and the number of secret keys managed as secret information at each terminal can be minimized. In addition, the server itself is configured not to decrypt messages from the intermediary terminal, and the risk of information leakage on the server side is also suppressed.
 また、本実施形態の暗号処理方法において、前記サーバは、所定端末からの前記変換鍵の登録要求に応じて所定値を前記所定端末に返信し、前記所定値でマスク処理された前記所定端末の鍵の逆数を他端末の鍵で更にマスク処理された所定鍵を、前記他端末から受信し、当該受信した所定鍵に対し前記所定値に基づく交換法則を適用して、前記所定端末の鍵の逆数を前記他端末の鍵でマスク処理した変換鍵を計算し、当該変換鍵を記憶装置に格納する、としてもよい。 Further, in the cryptographic processing method according to the present embodiment, the server returns a predetermined value to the predetermined terminal in response to the conversion key registration request from the predetermined terminal, and the predetermined terminal masked with the predetermined value. A predetermined key obtained by further masking the reciprocal number of the key with the key of the other terminal is received from the other terminal, and an exchange law based on the predetermined value is applied to the received predetermined key to obtain the key of the predetermined terminal. A conversion key obtained by masking the reciprocal with the key of the other terminal may be calculated, and the conversion key may be stored in the storage device.
 これによれば、サーバにおいて、通信の仲介対象である各端末に関して、端末ユーザの要求に応じた組み合わせ毎に変換鍵を保持することが可能となる。従って、通信を行う予定の無い端末間に関して、不要な変換鍵をサーバが保持することもなく、サーバでの変換鍵管理に係る使用リソースの無駄を省き、効率的な変換鍵管理を実現できる。 According to this, in the server, it is possible to hold a conversion key for each combination according to the request of the terminal user for each terminal that is a communication mediation target. Accordingly, the server does not hold unnecessary conversion keys between terminals that are not scheduled to perform communication, and waste of resources used for conversion key management in the server can be eliminated, and efficient conversion key management can be realized.
 また、本実施形態の暗号処理方法において、前記所定端末は、当該所定端末と通信相手となりうる他端末との組み合わせに関して、前記変換鍵の登録要求を前記サーバに送信し、前記サーバは、前記所定値を前記所定端末に返信する際、前記所定端末からの登録要求に応じて前記所定値たる乱数を生成し、当該乱数を前記所定端末に返信し、前記所定端末は、通信相手たる前記他端末の公開情報と自身の秘密情報とを一方向関数に適用し、暗号鍵としての出力値を生成し、当該暗号鍵の逆数を前記乱数でマスク処理したマスク化暗号鍵を前記他端末に送信し、前記他端末は、通信相手たる前記所定端末の公開情報と自身の秘密情報とを一方向関数に適用し、復号鍵としての出力値を生成し、当該復号鍵で前記マスク化暗号鍵をマスク処理したマスク化変換鍵を前記サーバに送信し、前記サーバは、前記他端末から受信したマスク化変換鍵に対し、前記乱数を用いた交換法則を適用して、前記暗号鍵を前記復号鍵でマスク処理した変換鍵を計算し、当該変換鍵を記憶装置に格納する、としてもよい。 Further, in the cryptographic processing method according to the present embodiment, the predetermined terminal transmits a conversion key registration request to the server regarding the combination of the predetermined terminal and another terminal that can be a communication partner, and the server When a value is returned to the predetermined terminal, a random number corresponding to the predetermined value is generated in response to a registration request from the predetermined terminal, the random number is returned to the predetermined terminal, and the predetermined terminal is the other terminal serving as a communication partner The public information and its own secret information are applied to a one-way function to generate an output value as an encryption key, and a masked encryption key obtained by masking the reciprocal of the encryption key with the random number is transmitted to the other terminal. The other terminal applies the public information of the predetermined terminal as a communication partner and its own secret information to a one-way function, generates an output value as a decryption key, and masks the masked encryption key with the decryption key Process The masked conversion key is transmitted to the server, and the server applies an exchange law using the random number to the masked conversion key received from the other terminal, and masks the encryption key with the decryption key. It is also possible to calculate the converted key and store the converted key in a storage device.
 これによれば、ユーザ要求に応じた変換鍵の生成と登録の処理自体をセキュアに行うことが可能となり、暗号処理方法全体としてのセキュア度も向上できる。 According to this, it is possible to securely perform the process of generating and registering the conversion key according to the user request, and it is possible to improve the degree of security as a whole encryption processing method.
 また、本実施形態の暗号処理方法において、前記サーバは、前記各端末のうちいずれかの端末から、前記変換鍵のうち該当端末と組みになった所定他端末に関するものに関する抹消要求を受信し、当該抹消要求が示す前記端末と前記所定他端末との組み合わせ情報をキーにして記憶装置で検索を実行し、当該検索で特定した変換鍵を記憶装置から削除する、としてもよい。 Further, in the cryptographic processing method of the present embodiment, the server receives a deletion request regarding a predetermined other terminal paired with the corresponding terminal among the conversion keys from any one of the terminals, A search may be executed in the storage device using the combination information of the terminal indicated by the deletion request and the predetermined other terminal as a key, and the conversion key specified in the search may be deleted from the storage device.
 これによれば、サーバにおいて、通信を行う予定の無い端末間に関して、或いは端末ユーザとして通信を遮断したい他ユーザに関し、不要な変換鍵の保持に伴う、ユーザ意向に沿わず、情報漏洩のリスクさえ招来する通信の仲介を行ってしまうリスクを回避出来る。また、サーバでの変換鍵管理に係る使用リソースの無駄を省き、効率的な変換鍵管理を実現できる。 According to this, in the server, between terminals that are not scheduled to communicate or other users who want to cut off communication as a terminal user, the risk of information leakage is not in line with user intentions due to holding unnecessary conversion keys. You can avoid the risk of intermediary of invited communications. In addition, it is possible to realize efficient conversion key management by eliminating waste of resources used for conversion key management in the server.
 また、本実施形態の暗号処理方法において、前記サーバは、所定端末からの、当該所定端末の代理端末に関する前記可換性関数の登録要求に応じ、所定値を前記所定端末に返信し、前記所定値でマスク処理された、前記代理端末の公開情報と前記所定端末の秘密情報とに基づく第1鍵の逆数を、前記所定端末の公開情報と前記代理端末の秘密情報とに基づく第2鍵で更にマスク処理された第3鍵を、前記代理端末から受信し、当該受信した第3鍵に対し前記所定値に基づく交換法則を適用して、前記第1鍵の逆数を前記第3鍵でマスク処理した代理人用可換性関数を計算し、当該代理人用可換性関数を記憶装置に格納し、前記代理端末からの、前記所定端末に宛てられたメッセージの閲覧録要求に応じ、前記代理端末と前記所定端末の組み合わせに関して保持している代理人用可換性関数を記憶装置で特定し、当該代理人用可換性関数により、前記所定端末向けに可換性を持って再暗号化されたメッセージを更に暗号化して、当該再再暗号化メッセージを、前記代理端末に送信し、前記代理端末は、前記サーバから送信された前記再再暗号化メッセージを受信し、当該受信した再再暗号化メッセージを前記第2鍵で復号化する、としてもよい。 Further, in the cryptographic processing method of the present embodiment, the server returns a predetermined value to the predetermined terminal in response to a registration request for the commutative function related to the proxy terminal of the predetermined terminal from the predetermined terminal, and the predetermined terminal The reciprocal number of the first key based on the public information of the proxy terminal and the secret information of the predetermined terminal, masked with a value, is the second key based on the public information of the predetermined terminal and the secret information of the proxy terminal. Further, the masked third key is received from the proxy terminal, an exchange law based on the predetermined value is applied to the received third key, and the reciprocal of the first key is masked by the third key. Calculate the processed agent commutability function, store the agent commutability function in a storage device, and in response to a request for browsing the message addressed to the predetermined terminal from the proxy terminal, A combination of a proxy terminal and the predetermined terminal The proxy commutability function that is stored in relation to the message is specified in the storage device, and the re-encrypted message having the commutability for the predetermined terminal is further encrypted by the agent commutability function. The re-encrypted message is transmitted to the proxy terminal, the proxy terminal receives the re-re-encrypted message transmitted from the server, and the received re-re-encrypted message is transmitted to the proxy terminal. It is also possible to decrypt with two keys.
 これによれば、本来の通信相手同士となる当事者の端末間のみならず、代理者が操作する端末による、該当当事者宛てメッセージのセキュアな閲覧も可能となる。 According to this, it is possible to securely view a message addressed to the relevant party not only between the terminals of the parties that are the original communication partners but also by the terminal operated by the agent.
 また、本実施形態の暗号処理方法において、前記所定端末は、当該代所定端末と前記代理端末との組み合わせに関して、前記代理人用可換性関数の登録要求を前記サーバに送信し、前記サーバは、前記所定値を前記所定端末に返信する際、前記登録要求に応じて前記所定値たる乱数を生成し、当該乱数を前記所定端末に返信し、前記所定端末は、前記代理端末の公開情報と自身の秘密情報とを一方向関数に適用し、前記第1鍵たる暗号鍵を生成し、当該暗号鍵の逆数を前記乱数でマスク処理したマスク化暗号鍵を前記代理端末に送信し、前記代理端末は、前記所定端末の公開情報と自身の秘密情報とを一方向関数に適用し、前記第2鍵たる復号鍵を生成し、当該復号鍵で前記マスク化暗号鍵をマスク処理したマスク化変換鍵を前記サーバに送信し、前記サーバは、前記代理端末から受信したマスク化変換鍵に対し、前記乱数を用いた交換法則を適用して、前記暗号鍵を前記復号鍵でマスク処理した代理人用可換性関数たる代理人用変換鍵を計算し、当該代理人用変換鍵を記憶装置に格納する、としてもよい。 Further, in the cryptographic processing method of the present embodiment, the predetermined terminal transmits a registration request for the agent commutability function to the server regarding the combination of the proxy predetermined terminal and the proxy terminal, and the server When the predetermined value is returned to the predetermined terminal, a random number corresponding to the predetermined value is generated in response to the registration request, and the random number is returned to the predetermined terminal. The predetermined terminal receives the public information of the proxy terminal and Applying its own secret information to a one-way function, generating an encryption key as the first key, transmitting a masked encryption key obtained by masking the reciprocal of the encryption key with the random number to the proxy terminal, and The terminal applies public information of the predetermined terminal and its own secret information to a one-way function, generates a decryption key as the second key, and performs masking conversion by masking the masked encryption key with the decryption key Key to the server And the server applies the exchange rule using the random number to the masked conversion key received from the proxy terminal, and masks the encryption key with the decryption key. Alternatively, the proxy conversion key may be calculated, and the proxy conversion key may be stored in the storage device.
 これによれば、本来の通信相手同士となる当事者の端末間のみならず、代理者が操作する端末と該当当事者との組み合わせに関しても、サーバにて変換鍵を生成、管理することが可能となる。従って、ユーザ要求に応じた代理端末に関する変換鍵の生成と登録の処理自体をセキュアに行うことが可能となり、代理端末によるメッセージ閲覧を許容しつつも、暗号処理方法全体としてのセキュア度も向上できる。 According to this, it becomes possible to generate and manage the conversion key in the server not only between the terminals of the parties that are the original communication partners but also the combination of the terminal operated by the agent and the corresponding party. . Therefore, the conversion key generation and registration processing relating to the proxy terminal in response to the user request can be performed securely, and the overall encryption processing method can be improved while allowing message browsing by the proxy terminal. .
 また、本実施形態の暗号処理方法において、前記サーバは、前記各端末のうちいずれかの端末から、前記変換鍵のうち該当端末と組みになった代理端末に関するものに関する抹消要求を受信し、当該抹消要求が示す前記端末と前記代理端末との組み合わせ情報をキーにして記憶装置で検索を実行し、当該検索で特定した変換鍵を記憶装置から削除する、としてもよい。 Further, in the cryptographic processing method according to the present embodiment, the server receives, from any one of the terminals, a deletion request related to the proxy terminal associated with the corresponding terminal among the conversion keys, and A search may be performed in the storage device using the combination information of the terminal and the proxy terminal indicated by the deletion request as a key, and the conversion key specified in the search may be deleted from the storage device.
 これによれば、サーバにおいて、代理端末と当該代理端末によるメッセージ閲覧を許容していた当事者の端末との間に関して、不要となった変換鍵を確実に抹消し、サーバにおける不要な変換鍵の保持に伴う、ユーザ意向に沿わず、情報漏洩のリスクさえ招来する代理端末による通信の仲介を行ってしまうリスクを回避出来る。また、サーバでの変換鍵管理に係る使用リソースの無駄を省き、効率的な変換鍵管理を実現できる。 According to this, in the server, the conversion key that is no longer needed is securely deleted between the proxy terminal and the terminal of the party that has permitted message browsing by the proxy terminal, and the unnecessary conversion key is retained in the server. Accordingly, it is possible to avoid the risk of mediating communication by a proxy terminal that does not follow the user's intention and invites even the risk of information leakage. In addition, it is possible to realize efficient conversion key management by eliminating waste of resources used for conversion key management in the server.
 また、本実施形態の暗号システムにおいて、端末の各組み合わせに対応した可換性関数たる変換鍵を格納した記憶装置と、所定の端末から、前記鍵で暗号化されたメッセージを受信し、前記所定の端末と、前記受信したメッセージが示す宛先の端末との組み合わせに関して格納している変換鍵を記憶装置にて特定し、該当変換鍵により、前記宛先の端末向けに、前記メッセージの再暗号化を実行し、当該再暗号化メッセージを、前記宛先の端末に送信する演算装置と、を備えるサーバを更に含むとしてもよい。 Further, in the encryption system of the present embodiment, a message encrypted with the key is received from a storage device storing a conversion key that is a commutative function corresponding to each combination of terminals, and the predetermined terminal, and the predetermined The storage device identifies a conversion key stored for the combination of the terminal and the destination terminal indicated by the received message, and re-encrypts the message for the destination terminal using the corresponding conversion key. The server may further include an arithmetic unit that executes and transmits the re-encrypted message to the destination terminal.
 これによれば、暗号システムにおいては、サーバによって端末間のセキュアな通信を効率的に仲介し、なおかつ、各端末での秘匿情報たる秘密鍵の管理数を最低限度に抑制可能となる。しかも、サーバ自体は仲介する端末からのメッセージを復号化しない構成となっており、サーバ側での情報漏洩のリスクも抑制される。 According to this, in the cryptographic system, secure communication between terminals can be efficiently mediated by the server, and the number of secret keys managed as secret information at each terminal can be suppressed to the minimum. In addition, the server itself is configured not to decrypt messages from the intermediary terminal, and the risk of information leakage on the server side is also suppressed.
 また、本実施形態の暗号システムにおいて、前記サーバは、所定端末からの前記変換鍵の登録要求に応じて所定値を前記所定端末に返信し、前記所定値でマスク処理された前記所定端末の鍵の逆数を他端末の鍵で更にマスク処理された所定鍵を、前記他端末から受信し、当該受信した所定鍵に対し前記所定値に基づく交換法則を適用して、前記所定端末の鍵の逆数を前記他端末の鍵でマスク処理した変換鍵を計算し、当該変換鍵を記憶装置に格納するものである、としてもよい。 In the encryption system according to the present embodiment, the server returns a predetermined value to the predetermined terminal in response to the conversion key registration request from the predetermined terminal, and the key of the predetermined terminal masked with the predetermined value. A predetermined key obtained by further masking the reciprocal number of the key with the key of the other terminal is received from the other terminal, and the reciprocal number of the key of the predetermined terminal is applied to the received predetermined key based on the exchange rule based on the predetermined value. The conversion key obtained by masking with the key of the other terminal may be calculated, and the conversion key may be stored in the storage device.
 これによれば、暗号システムにおいては、サーバが、通信の仲介対象である各端末に関して、端末ユーザの要求に応じた組み合わせ毎に変換鍵を保持することが可能となる。従って、通信を行う予定の無い端末間に関して、不要な変換鍵をサーバが保持することもなく、サーバでの変換鍵管理に係る使用リソースの無駄を省き、効率的な変換鍵管理を実現できる。 According to this, in the cryptographic system, the server can hold the conversion key for each combination according to the request of the terminal user with respect to each terminal that is a communication mediation target. Accordingly, the server does not hold unnecessary conversion keys between terminals that are not scheduled to perform communication, and waste of resources used for conversion key management in the server can be eliminated, and efficient conversion key management can be realized.
 また、本実施形態のサーバにおいて、前記演算装置は、所定端末からの前記変換鍵の登録要求に応じて所定値を前記所定端末に返信し、前記所定値でマスク処理された前記所定端末の鍵の逆数を他端末の鍵で更にマスク処理された所定鍵を、前記他端末から受信し、当該受信した所定鍵に対し前記所定値に基づく交換法則を適用して、前記所定端末の鍵の逆数を前記他端末の鍵でマスク処理した変換鍵を計算し、当該変換鍵を記憶装置に格納するものである、としてもよい。 Further, in the server according to the present embodiment, the arithmetic device returns a predetermined value to the predetermined terminal in response to the conversion key registration request from the predetermined terminal, and the key of the predetermined terminal masked with the predetermined value. A predetermined key obtained by further masking the reciprocal number of the key with the key of the other terminal is received from the other terminal, and the reciprocal number of the key of the predetermined terminal is applied to the received predetermined key based on the exchange rule based on the predetermined value. The conversion key obtained by masking with the key of the other terminal may be calculated, and the conversion key may be stored in the storage device.
 これによれば、ユーザ要求に応じた変換鍵の生成と登録の処理自体をセキュアに行うことが可能となり、暗号処理方法全体としてのセキュア度も向上できる。 According to this, it is possible to securely perform the process of generating and registering the conversion key according to the user request, and it is possible to improve the degree of security as a whole encryption processing method.

Claims (13)

  1.  互いに通信を行う各端末において、通信相手の公開情報と自身の秘密情報とに関する一方向関数の出力値を鍵とし、メッセージ送信に際しては、対象となるメッセージを前記鍵で暗号化して所定サーバに送信し、メッセージ受信に際しては、当該端末向けに可換性を持って再暗号化されたメッセージを前記サーバから受信し、当該受信したメッセージを自身の鍵で復号化する暗号処理方法。 At each terminal that communicates with each other, the output value of the one-way function related to the public information of the communication partner and its own secret information is used as a key. When sending a message, the target message is encrypted with the key and transmitted to a predetermined server. And, when receiving a message, an encryption processing method for receiving a message re-encrypted for the terminal from the server and decrypting the received message with its own key.
  2.  前記サーバにおいて、前記端末から、前記鍵で暗号化されたメッセージを受信し、端末の組み合わせ毎に保持している可換性関数たる変換鍵により、前記受信したメッセージが示す宛先の端末向けに、前記メッセージの再暗号化を実行し、当該再暗号化メッセージを、前記宛先の端末に送信する請求項1に記載の暗号処理方法。 In the server, a message encrypted with the key is received from the terminal, and a conversion key that is a commutative function held for each combination of terminals is used for a destination terminal indicated by the received message. The cryptographic processing method according to claim 1, wherein re-encryption of the message is executed, and the re-encrypted message is transmitted to the destination terminal.
  3.  前記サーバにおいて、所定端末からの前記変換鍵の登録要求に応じて所定値を前記所定端末に返信し、前記所定値でマスク処理された前記所定端末の鍵の逆数を他端末の鍵で更にマスク処理された所定鍵を、前記他端末から受信し、当該受信した所定鍵に対し前記所定値に基づく交換法則を適用して、前記所定端末の鍵の逆数を前記他端末の鍵でマスク処理した変換鍵を計算し、当該変換鍵を記憶装置に格納する、
     請求項2に記載の暗号処理方法。     In the server, a predetermined value is returned to the predetermined terminal in response to the conversion key registration request from the predetermined terminal, and the reciprocal number of the key of the predetermined terminal masked with the predetermined value is further masked with the key of the other terminal The processed predetermined key is received from the other terminal, the exchange rule based on the predetermined value is applied to the received predetermined key, and the reciprocal number of the key of the predetermined terminal is masked with the key of the other terminal Calculating a conversion key and storing the conversion key in a storage device;
    The cryptographic processing method according to claim 2.
  4.  前記所定端末において、当該所定端末と通信相手となりうる他端末との組み合わせに関して、前記変換鍵の登録要求を前記サーバに送信し、
     前記サーバにおいて、前記所定値を前記所定端末に返信する際、前記所定端末からの登録要求に応じて前記所定値たる乱数を生成し、当該乱数を前記所定端末に返信し、
     前記所定端末において、通信相手たる前記他端末の公開情報と自身の秘密情報とを一方向関数に適用し、暗号鍵としての出力値を生成し、当該暗号鍵の逆数を前記乱数でマスク処理したマスク化暗号鍵を前記他端末に送信し、
     前記他端末において、通信相手たる前記所定端末の公開情報と自身の秘密情報とを一方向関数に適用し、復号鍵としての出力値を生成し、当該復号鍵で前記マスク化暗号鍵をマスク処理したマスク化変換鍵を前記サーバに送信し、
     前記サーバにおいて、前記他端末から受信したマスク化変換鍵に対し、前記乱数を用いた交換法則を適用して、前記暗号鍵を前記復号鍵でマスク処理した変換鍵を計算し、当該変換鍵を記憶装置に格納する、
     請求項3に記載の暗号処理方法。     In the predetermined terminal, regarding the combination of the predetermined terminal and another terminal that can be a communication partner, the registration request for the conversion key is transmitted to the server,
    In the server, when returning the predetermined value to the predetermined terminal, a random number corresponding to the predetermined value is generated in response to a registration request from the predetermined terminal, and the random number is returned to the predetermined terminal.
    In the predetermined terminal, the public information of the other terminal as a communication partner and its own secret information are applied to a one-way function, an output value as an encryption key is generated, and the reciprocal number of the encryption key is masked with the random number. Send the masked encryption key to the other terminal,
    In the other terminal, the public information of the predetermined terminal as a communication partner and its own secret information are applied to a one-way function, an output value is generated as a decryption key, and the masked encryption key is masked with the decryption key Send the masked conversion key to the server,
    In the server, the conversion key using the random number is applied to the masked conversion key received from the other terminal, the conversion key obtained by masking the encryption key with the decryption key is calculated, and the conversion key is Store in storage device,
    The encryption processing method according to claim 3.
  5.  前記サーバにおいて、前記各端末のうちいずれかの端末から、前記変換鍵のうち該当端末と組みになった所定他端末に関するものに関する抹消要求を受信し、当該抹消要求が示す前記端末と前記所定他端末との組み合わせ情報をキーにして記憶装置で検索を実行し、当該検索で特定した変換鍵を記憶装置から削除する、請求項4に記載の暗号処理方法。 In the server, from one of the terminals, a deletion request related to a predetermined other terminal that is paired with the corresponding terminal among the conversion keys is received, and the terminal indicated by the deletion request and the predetermined other 5. The encryption processing method according to claim 4, wherein a search is executed in the storage device using the combination information with the terminal as a key, and the conversion key specified in the search is deleted from the storage device.
  6.  前記サーバにおいて、
     所定端末からの、当該所定端末の代理端末に関する前記可換性関数の登録要求に応じ、所定値を前記所定端末に返信し、前記所定値でマスク処理された、前記代理端末の公開情報と前記所定端末の秘密情報とに基づく第1鍵の逆数を、前記所定端末の公開情報と前記代理端末の秘密情報とに基づく第2鍵で更にマスク処理された第3鍵を、前記代理端末から受信し、当該受信した第3鍵に対し前記所定値に基づく交換法則を適用して、前記第1鍵の逆数を前記第3鍵でマスク処理した代理人用可換性関数を計算し、当該代理人用可換性関数を記憶装置に格納し、
     前記代理端末からの、前記所定端末に宛てられたメッセージの閲覧録要求に応じ、前記代理端末と前記所定端末の組み合わせに関して保持している代理人用可換性関数を記憶装置で特定し、当該代理人用可換性関数により、前記所定端末向けに可換性を持って再暗号化されたメッセージを更に暗号化して、当該再再暗号化メッセージを、前記代理端末に送信し、
     前記代理端末において、
     前記サーバから送信された前記再再暗号化メッセージを受信し、当該受信した再再暗号化メッセージを前記第2鍵で復号化する、
     請求項1に記載の暗号処理方法。     In the server,
    In response to a registration request for the commutability function related to the proxy terminal of the predetermined terminal from the predetermined terminal, a predetermined value is returned to the predetermined terminal, and the public information of the proxy terminal masked with the predetermined value and the public information Receive from the proxy terminal a third key further masked with a second key based on the public information of the predetermined terminal and the second key based on the secret information of the proxy terminal, based on the reciprocal of the first key based on the secret information of the predetermined terminal Then, an exchange law based on the predetermined value is applied to the received third key, and a proxy commutability function for masking the reciprocal of the first key with the third key is calculated. Storing the human commutative function in a storage device;
    In response to a request for a record of a message addressed to the predetermined terminal from the proxy terminal, a proxy function for the proxy held for the combination of the proxy terminal and the predetermined terminal is specified in the storage device, Further encrypt the message re-encrypted with commutability for the predetermined terminal by the agent commutability function, and send the re-encrypted message to the proxy terminal.
    In the proxy terminal,
    Receiving the re-re-encrypted message sent from the server and decrypting the received re-re-encrypted message with the second key;
    The cryptographic processing method according to claim 1.
  7.  前記所定端末において、当該代所定端末と前記代理端末との組み合わせに関して、前記代理人用可換性関数の登録要求を前記サーバに送信し、
     前記サーバにおいて、前記所定値を前記所定端末に返信する際、前記登録要求に応じて前記所定値たる乱数を生成し、当該乱数を前記所定端末に返信し、
     前記所定端末において、前記代理端末の公開情報と自身の秘密情報とを一方向関数に適用し、前記第1鍵たる暗号鍵を生成し、当該暗号鍵の逆数を前記乱数でマスク処理したマスク化暗号鍵を前記代理端末に送信し、
     前記代理端末において、前記所定端末の公開情報と自身の秘密情報とを一方向関数に適用し、前記第2鍵たる復号鍵を生成し、当該復号鍵で前記マスク化暗号鍵をマスク処理したマスク化変換鍵を前記サーバに送信し、
     前記サーバにおいて、前記代理端末から受信したマスク化変換鍵に対し、前記乱数を用いた交換法則を適用して、前記暗号鍵を前記復号鍵でマスク処理した代理人用可換性関数たる代理人用変換鍵を計算し、当該代理人用変換鍵を記憶装置に格納する、
     請求項6に記載の暗号処理方法。     In the predetermined terminal, regarding the combination of the proxy predetermined terminal and the proxy terminal, a registration request for the proxy commutability function is transmitted to the server,
    In the server, when the predetermined value is returned to the predetermined terminal, a random number corresponding to the predetermined value is generated in response to the registration request, and the random number is returned to the predetermined terminal.
    In the predetermined terminal, the public information of the proxy terminal and its own secret information are applied to a one-way function, an encryption key as the first key is generated, and masking is performed by masking the reciprocal number of the encryption key with the random number. Send the encryption key to the proxy terminal;
    In the proxy terminal, a mask obtained by applying the public information of the predetermined terminal and its own secret information to a one-way function, generating a decryption key as the second key, and masking the masked encryption key with the decryption key Send the conversion key to the server,
    In the server, an agent that is a commutative function for an agent that masks the encryption key with the decryption key by applying an exchange rule using the random number to the masked conversion key received from the agent terminal Calculate the conversion key for the agent and store the conversion key for the agent in the storage device.
    The cryptographic processing method according to claim 6.
  8.  前記サーバにおいて、前記各端末のうちいずれかの端末から、前記変換鍵のうち該当端末と組みになった代理端末に関するものに関する抹消要求を受信し、当該抹消要求が示す前記端末と前記代理端末との組み合わせ情報をキーにして記憶装置で検索を実行し、当該検索で特定した代理人用変換鍵を記憶装置から削除する、請求項7に記載の暗号処理方法。 In the server, from one of the terminals, a deletion request related to a proxy terminal associated with the corresponding terminal among the conversion keys is received, and the terminal indicated by the deletion request and the proxy terminal The cryptographic processing method according to claim 7, wherein a search is executed in the storage device using the combination information as a key, and the agent conversion key specified in the search is deleted from the storage device.
  9.  他端末と通信を行う通信装置と、
     自身の秘密情報を格納した記憶装置と、
     通信相手に関する公開情報と、前記記憶装置から読み出した前記秘密情報とを一方向関数に入力し、当該一方向関数の出力値を鍵として取得する処理と、
     通信相手の端末へのメッセージ送信に際し、対象となるメッセージを前記鍵で暗号化して所定サーバに送信する処理と、
     通信相手の端末からのメッセージ受信に際し、当該端末向けに可換性を持って再暗号化されたメッセージを前記サーバから受信し、当該受信したメッセージを前記鍵で復号化する処理とを実行する演算装置と、
     を備える端末を含む暗号システム。     A communication device for communicating with other terminals;
    A storage device storing its own secret information;
    A process of inputting public information about a communication partner and the secret information read from the storage device into a one-way function, and obtaining an output value of the one-way function as a key;
    When transmitting a message to a communication partner terminal, a process of encrypting a target message with the key and transmitting it to a predetermined server;
    When receiving a message from a terminal of a communication partner, an operation for receiving a message re-encrypted for the terminal from the server and decrypting the received message with the key Equipment,
    A cryptographic system including a terminal comprising:
  10.  端末の各組み合わせに対応した可換性関数たる変換鍵を格納した記憶装置と、
     所定の端末から、前記鍵で暗号化されたメッセージを受信し、前記所定の端末と、前記受信したメッセージが示す宛先の端末との組み合わせに関して格納している変換鍵を記憶装置にて特定し、該当変換鍵により、前記宛先の端末向けに、前記メッセージの再暗号化を実行し、当該再暗号化メッセージを、前記宛先の端末に送信する演算装置と、
     を備えるサーバを更に含む請求項9に記載の暗号システム     A storage device that stores a conversion key that is a commutative function corresponding to each combination of terminals;
    A message encrypted with the key is received from a predetermined terminal, and a conversion key stored for a combination of the predetermined terminal and a destination terminal indicated by the received message is specified in a storage device, An arithmetic device that performs re-encryption of the message for the destination terminal with the corresponding conversion key, and transmits the re-encrypted message to the destination terminal;
    The encryption system according to claim 9, further comprising a server comprising:
  11.  前記サーバは、所定端末からの前記変換鍵の登録要求に応じて所定値を前記所定端末に返信し、前記所定値でマスク処理された前記所定端末の鍵の逆数を他端末の鍵で更にマスク処理された所定鍵を、前記他端末から受信し、当該受信した所定鍵に対し前記所定値に基づく交換法則を適用して、前記所定端末の鍵の逆数を前記他端末の鍵でマスク処理した変換鍵を計算し、当該変換鍵を記憶装置に格納するものである、
     請求項10に記載の暗号システム。     The server returns a predetermined value to the predetermined terminal in response to the conversion key registration request from the predetermined terminal, and further masks the reciprocal number of the key of the predetermined terminal masked with the predetermined value with the key of the other terminal. The processed predetermined key is received from the other terminal, the exchange rule based on the predetermined value is applied to the received predetermined key, and the reciprocal number of the key of the predetermined terminal is masked with the key of the other terminal A conversion key is calculated and the conversion key is stored in a storage device.
    The cryptographic system according to claim 10.
  12.  メッセージ送受信に際し、通信相手の公開情報と自身の秘密情報とに関する一方向関数の出力値たる鍵をメッセージの暗号化及び復号化に用いる端末と通信する通信装置と、
     端末の各組み合わせに対応した可換性関数たる変換鍵を格納した記憶装置と、
     所定端末の通信相手の公開情報と前記所定端末自身の秘密情報とに関する前記鍵によって暗号化されたメッセージを、所定端末から受信する処理と、
     前記所定端末と、前記受信したメッセージが示す宛先の端末との組み合わせに関して格納している変換鍵を記憶装置にて特定し、該当変換鍵により、前記宛先の端末向けに、前記メッセージの再暗号化を実行し、当該再暗号化メッセージを、前記宛先の端末に送信する処理とを実行する演算装置と、
     を備えるサーバ。     A communication device that communicates with a terminal that uses a key, which is an output value of a one-way function related to the public information of the communication partner and its own secret information, for message encryption and decryption,
    A storage device that stores a conversion key that is a commutative function corresponding to each combination of terminals;
    A process of receiving, from the predetermined terminal, a message encrypted with the key relating to the public information of the communication partner of the predetermined terminal and the secret information of the predetermined terminal itself;
    The storage device identifies a conversion key stored for the combination of the predetermined terminal and the destination terminal indicated by the received message, and re-encrypts the message for the destination terminal using the corresponding conversion key And a processing unit that executes processing for transmitting the re-encrypted message to the destination terminal;
    A server comprising
  13.  前記演算装置は、所定端末からの前記変換鍵の登録要求に応じて所定値を前記所定端末に返信し、前記所定値でマスク処理された前記所定端末の鍵の逆数を他端末の鍵で更にマスク処理された所定鍵を、前記他端末から受信し、当該受信した所定鍵に対し前記所定値に基づく交換法則を適用して、前記所定端末の鍵の逆数を前記他端末の鍵でマスク処理した変換鍵を計算し、当該変換鍵を記憶装置に格納するものである、
     請求項12に記載のサーバ。     The computing device returns a predetermined value to the predetermined terminal in response to the conversion key registration request from the predetermined terminal, and further uses the key of the other terminal for the reciprocal number of the key of the predetermined terminal masked with the predetermined value. Receiving the masked predetermined key from the other terminal, applying an exchange law based on the predetermined value to the received predetermined key, and masking the reciprocal of the key of the predetermined terminal with the key of the other terminal The calculated conversion key is calculated, and the conversion key is stored in the storage device.
    The server according to claim 12.
PCT/JP2014/075428 2013-10-04 2014-09-25 Cryptographic processing method, cryptographic system, and server WO2015050030A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201480050943.3A CN105556890B (en) 2013-10-04 2014-09-25 Cipher processing method, encryption system and server

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2013208917A JP6058514B2 (en) 2013-10-04 2013-10-04 Cryptographic processing method, cryptographic system, and server
JP2013-208917 2013-10-04

Publications (1)

Publication Number Publication Date
WO2015050030A1 true WO2015050030A1 (en) 2015-04-09

Family

ID=52778621

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2014/075428 WO2015050030A1 (en) 2013-10-04 2014-09-25 Cryptographic processing method, cryptographic system, and server

Country Status (3)

Country Link
JP (1) JP6058514B2 (en)
CN (1) CN105556890B (en)
WO (1) WO2015050030A1 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP6385721B2 (en) * 2014-06-04 2018-09-05 株式会社日立製作所 Re-encryption key generation method, re-encryption method, re-encryption key generation system, and re-encryption system
EP3561797B1 (en) * 2016-12-20 2022-02-09 Nippon Telegraph And Telephone Corporation Message transmission system, communication terminal, server device, message transmission method, and program
US10846302B1 (en) * 2018-03-02 2020-11-24 Amazon Technologies, Inc. Replication event ordering using an external data store
WO2020085151A1 (en) * 2018-10-24 2020-04-30 日本電信電話株式会社 Server device, communication terminal, communication system, and program
CN111046047B (en) * 2019-12-17 2023-05-09 支付宝(杭州)信息技术有限公司 Privacy-protecting data query method and device

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004147277A (en) * 2002-08-28 2004-05-20 Ricoh Co Ltd Facsimile equipment and facsimile network work system
JP2012237881A (en) * 2011-05-12 2012-12-06 Nippon Telegr & Teleph Corp <Ntt> Information provision system, mediation device, information provision device, mediation method, information provision method, and program

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2414144B (en) * 2004-04-19 2006-07-26 Matsushita Electric Ind Co Ltd Fast and secure connectivity for a mobile node
CN102299795A (en) * 2010-06-23 2011-12-28 航天信息股份有限公司 Identity-based signcryption method and system
CN102025505A (en) * 2010-12-16 2011-04-20 浪潮(北京)电子信息产业有限公司 Advanced encryption standard (AES) algorithm-based encryption/decryption method and device
US8873754B2 (en) * 2011-12-20 2014-10-28 Huawei Technologies Co., Ltd. Proxy-based encryption method, proxy-based decryption method, network equipment, network device and system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004147277A (en) * 2002-08-28 2004-05-20 Ricoh Co Ltd Facsimile equipment and facsimile network work system
JP2012237881A (en) * 2011-05-12 2012-12-06 Nippon Telegr & Teleph Corp <Ntt> Information provision system, mediation device, information provision device, mediation method, information provision method, and program

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
EIJI OKAMOTO: "Cryptogram technology for realization of a bright information society 5. Distribution management of a cipher key", BIT, vol. 23, no. 12, 1 November 1991 (1991-11-01), pages 51 - 59 *
HISAO SAKAZAKI ET AL.: "Kyotsu Kagi Ango Base no Sai Ango Hoshiki no Kento", 2014 NEN SYMPOSIUM ON CRYPTOGRAPHY AND INFORMATION SECURITY SCIS2014, 21 January 2014 (2014-01-21), pages 1 - 8 *
KAZUKI TAKAYAMA ET AL.: "A Re- encryption Method on a Distributed Storage without Generating Cleartexts", IPSJ SIG NOTES, vol. 2008, no. 88, 14 September 2008 (2008-09-14), pages 169 - 174 *

Also Published As

Publication number Publication date
CN105556890A (en) 2016-05-04
JP2015073238A (en) 2015-04-16
CN105556890B (en) 2018-11-13
JP6058514B2 (en) 2017-01-11

Similar Documents

Publication Publication Date Title
KR102432299B1 (en) Systems and methods for encryption and decryption based on quantum key distribution
US11146391B2 (en) Orthogonal access control for groups via multi-hop transform encryption
JP6363032B2 (en) Key change direction control system and key change direction control method
US10735186B2 (en) Revocable stream ciphers for upgrading encryption in a shared resource environment
CN105610793A (en) Outsourced data encrypted storage and cryptograph query system and application method therefor
JP6058514B2 (en) Cryptographic processing method, cryptographic system, and server
KR20160114624A (en) Systems and methods for faster public key encryption using the associated private key portion
WO2018017168A2 (en) System and method for encryption and decryption based on quantum key distribution
US9479330B2 (en) Method, information service system and program for information encryption/decryption
CN103986723A (en) Secret communication control and secret communication method and device
JP6302851B2 (en) Re-encryption method, re-encryption system, and re-encryption device
US11290277B2 (en) Data processing system
JP2006279269A (en) Information management device, information management system, network system, user terminal, and their programs
WO2015156145A1 (en) Re-encryption method, re-encryption system, and re-encryption device
KR102526114B1 (en) Apparatus and method for encryption and decryption
JP2014099727A (en) Key sharing system, key sharing method, and program
KR20200131688A (en) Apparatus and method for generating secret key, apparatus and method for genrating evaluation key
KR20150101896A (en) System and method for data sharing of intercloud enviroment
JP2019129490A (en) Encryption processing device, encryption processing system and encryption processing method
JP6385721B2 (en) Re-encryption key generation method, re-encryption method, re-encryption key generation system, and re-encryption system
Raina et al. A Framework for Security Management in Cloud Based on Quantum Cryptography
CN113343281A (en) OTP encryption as a service cloud computing method and system oriented to data transaction
JP2002149608A (en) System/method for managing secrecy by deciphering and computer-readable recording medium with program for making computer perform the method recorded thereon
JP2006067412A (en) Encryption transmission system, transmitter, receiver, transmitting method, receiving method and program
JP2016090603A (en) Encryption processing device, encryption processing system, and encryption processing method

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 201480050943.3

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14850970

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14850970

Country of ref document: EP

Kind code of ref document: A1