WO2015050030A1 - Procédé de traitement cryptographique, système cryptographique, et serveur - Google Patents

Procédé de traitement cryptographique, système cryptographique, et serveur Download PDF

Info

Publication number
WO2015050030A1
WO2015050030A1 PCT/JP2014/075428 JP2014075428W WO2015050030A1 WO 2015050030 A1 WO2015050030 A1 WO 2015050030A1 JP 2014075428 W JP2014075428 W JP 2014075428W WO 2015050030 A1 WO2015050030 A1 WO 2015050030A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
terminal
predetermined
conversion
message
Prior art date
Application number
PCT/JP2014/075428
Other languages
English (en)
Japanese (ja)
Inventor
尚生 坂崎
安細 康介
健三 森本
Original Assignee
株式会社日立製作所
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 株式会社日立製作所 filed Critical 株式会社日立製作所
Priority to CN201480050943.3A priority Critical patent/CN105556890B/zh
Publication of WO2015050030A1 publication Critical patent/WO2015050030A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • H04L9/16Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms the keys or algorithms being changed during operation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/76Proxy, i.e. using intermediary entity to perform cryptographic operations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy

Definitions

  • the present invention relates to a cryptographic processing method, a cryptographic system, and a server.
  • the cryptographic technique is excellent in reducing the burden of managing confidential information on each user while ensuring appropriate high speed of cryptographic processing. About.
  • the common key cryptosystem has a higher cryptographic processing speed than the public key cryptosystem, but each user must manage the same number of secret keys as the number of communication partners “n”. Therefore, in the entire system using the common key cryptosystem, there are “n (n ⁇ 1) / 2” secret keys, and the risk of secret key leakage increases depending on the number of keys. . In the common key cryptosystem, each user needs to distribute the secret key and share the key with all communication partners in advance. large.
  • each user only needs to manage one private key regardless of the number “n” of communication partners, and the key management is easy.
  • the encryption processing speed is not high, and it is not suitable for a situation where large size data is encrypted.
  • the encryption of the corresponding data is encrypted with the common key encryption, and the secret key (the data size is small) used there is encrypted with the public key encryption,
  • a hybrid method is used in which the encrypted data and the secret key are transmitted to the communication partner as described above.
  • the hybrid method although it is true that only the secret key with a small data size is to be encrypted with the public key, compared to the case where the encryption process is performed using only the common key encryption method, It cannot be denied that the hybrid method takes more time for cryptographic processing.
  • an object of the present invention is to provide an encryption technique that is excellent in reducing the burden of managing confidential information for each user while ensuring an appropriate high speed of encryption processing.
  • the encryption processing method of the present invention that solves the above-mentioned problems is based on the output value of a one-way function related to the public information of the communication partner and its own secret information as a key at each terminal that communicates with each other.
  • the message is encrypted with the key and transmitted to the predetermined server, and when the message is received, the message re-encrypted with commutability for the terminal is received from the server, and the received message is transmitted to the own server. It is characterized by decrypting with a key.
  • the encryption system of the present invention provides a one-way communication device that communicates with other terminals, a storage device that stores its own secret information, public information relating to a communication partner, and the secret information read from the storage device.
  • Arithmetic apparatus for receiving a message re-encrypted with commutability from the server and receiving the message from the partner terminal and decrypting the received message with the key Including a terminal.
  • the server of the present invention when transmitting and receiving a message, a communication device that communicates with a terminal that uses a key that is an output value of a one-way function related to public information of a communication partner and its own secret information for encryption and decryption of the message;
  • the conversion key stored for the combination of the process received from the terminal, the predetermined terminal, and the destination terminal indicated by the received message is specified in the storage device, and the corresponding conversion key is used for the destination terminal.
  • An arithmetic device that executes re-encryption of the message and executes processing for transmitting the re-encrypted message to the destination terminal. And features.
  • FIG. 1 is a network configuration diagram including the cryptographic system 1 of the present embodiment.
  • the cryptographic system 1 shown in FIG. 1 is a computer system that implements a cryptographic technique that is excellent in reducing the burden of managing confidential information for each user while ensuring appropriate high-speed encryption processing.
  • the encryption system 1 in the present embodiment includes a user terminal A10_1, a user terminal B10_2, a user terminal C10_3 (hereinafter simply referred to as the user terminal 10 when these user terminals are collectively shown), and a conversion server 20 ( Server) are connected to each other via a communication network (hereinafter referred to as a network) 30 such as the Internet.
  • a communication network hereinafter referred to as the Internet.
  • the conversion server 20 and the user terminal 10 are included as an example of the encryption system 1, but only the conversion server 20 or only the user terminal 10 can be regarded as the encryption system 1.
  • FIG. 2 is a diagram illustrating a configuration example of the conversion server 20 included in the cryptographic system 1 of the present embodiment.
  • the conversion server 20 reads out a storage device 201 configured with an appropriate non-volatile storage device such as a hard disk drive, a memory 203 configured with a volatile storage device such as a RAM, and a program 202 held in the storage device 201 to the memory 203.
  • a central processing unit 204 such as a CPU for performing overall control of the server device itself and performing various determinations, computations and control processing, and a communication device 207 connected to the network 30 and responsible for communication processing with the user terminal 10, Is provided.
  • a conversion key storage unit 225 that holds a conversion key, and re-encryption using the conversion key
  • At least a re-ciphertext storage unit 226 that stores the converted message is stored.
  • the conversion server 20 receives a message encrypted with the encryption key from the user terminal 10 and converts the conversion key of the storage device 201 with respect to the combination of the user terminal 10 and the destination user terminal 10 indicated by the above message.
  • the conversion key stored in the storage unit 225 is identified, and the corresponding message is re-encrypted with the corresponding conversion key for the destination user terminal 10 indicated by the message received from the user terminal 10 described above.
  • the above-mentioned encryption key is an output value obtained by the user terminal 10 applying the public information of the other user terminal 10 as the communication partner and its own secret key to the hash function (one-way function). .
  • the conversion server 20 generates a random number (predetermined value) in response to a conversion key registration request from a predetermined user terminal 10, returns the random number to the user terminal 10, and masks it with the random number.
  • a masked conversion key obtained by further masking the reciprocal of the processed encryption key of the predetermined user terminal 10 with the encryption key of the other user terminal 10;
  • the exchange rule based on the above random number is applied to the received masked conversion key, and the reciprocal number of the encryption key of the user terminal 10 that issued the above registration request is the encryption key of the above other user terminal 10. It has a function of calculating the masked conversion key and storing the conversion key in the conversion key storage unit 225 of the storage device 201.
  • the conversion server 20 is a predetermined other user who is paired with the corresponding user terminal 10 among the conversion keys held in the conversion key storage unit 225 from any one of the user terminals 10.
  • a deletion request related to the terminal 10 is received, a search is performed in the conversion key storage unit 225 of the storage device 201 using the combination information of the user terminal 10 and the other user terminal 10 indicated by the deletion request as a key, A function of deleting the conversion key specified by the search from the conversion key storage unit 225 is provided.
  • the conversion server 20 generates a random number in response to a request for registering a conversion key related to the other user terminal 10 that the user terminal 10 recognizes as a proxy, that is, the proxy user terminal 10, from the user terminal 10.
  • the random number is returned to the above-described user terminal 10, and the encryption key (the first key of the user terminal 10 based on the public information of the proxy user terminal 10 and the secret key of the user terminal 10 masked with the random number).
  • the masked conversion key obtained by further masking the reciprocal of 1 key) with the encryption key (second key) of the proxy user terminal 10 based on the public information of the user terminal 10 and the secret information of the proxy user terminal 10 (Third key) is received from the proxy user terminal 10 and the exchange rule based on the random number is applied to the received masked conversion key, and the encryption key (first key) of the user terminal 10 is applied.
  • An agent for conversion key which is masked calculated in, has a function of storing the agent for conversion key to the conversion key storage unit 225 of the storage device 201.
  • the conversion server 20 holds the combination of the proxy user terminal 10 and the above-described user terminal 10 in response to a request for browsing the message addressed to the above-described user terminal 10 from the proxy user terminal 10.
  • the conversion key storage unit 225 of the storage device 201 is identified, and the message re-encrypted for the above-described user terminal 10 is exchanged with the conversion key storage unit 225 for the user terminal 10 described above. Further, it has a function of encrypting and transmitting the re-re-encrypted message to the proxy user terminal 10.
  • the conversion server 20 is a proxy user who is paired with the corresponding user terminal 10 among the conversion keys held in the conversion key storage unit 225 from any one of the user terminals 10.
  • a deletion request related to the terminal 10 is received, a search is performed in the conversion key storage unit 225 using the combination information of the user terminal 10 and the proxy user terminal 10 indicated by the deletion request as a key, and the search is specified
  • the agent conversion key is deleted from the conversion key storage unit 225.
  • FIG. 3 is a diagram illustrating a configuration example of the user terminal 10 included in the encryption system 1 of the present embodiment.
  • the user terminal 10 reads out to the memory 103 a storage device 101 composed of a suitable non-volatile storage device such as a hard disk drive, a memory 103 composed of a volatile storage device such as a RAM, and a program 102 held in the storage device 101.
  • a CPU 104 for performing various determinations, calculations and control processing, an input device 105 for receiving key input and voice input from a user, and a display for displaying processing data.
  • an output device 106 such as a communication device 107 connected to a network and responsible for communication processing with the conversion server 20.
  • the ID for each user terminal disclosed for each user terminal 10 is disclosed. At least a public ID storage unit 125 that holds the secret key and a key storage unit 126 that holds the secret key of the user terminal 10 are stored.
  • Each user terminal 10 holds a program 110 corresponding to a hash function as one of the programs 102 in the storage device 101, and can be called and executed as necessary.
  • the user terminal 10 extracts the ID (public information) of the other user terminal 10 to be a communication partner from the public ID storage unit 125, and this ID and its own private key (secret information) held in the key storage unit 126. ) To a hash function (one-way function) to generate an encryption key.
  • the user terminal 10 has a function of encrypting a target message with the above encryption key and transmitting it to the conversion server 20 when transmitting a message addressed to the other user terminal 10 described above.
  • the user terminal 10 when receiving a message addressed to the user terminal 10, the user terminal 10 receives a message re-encrypted from the conversion server 20 for the user terminal 10 and receives the message. It has a function to decrypt a message with its own encryption key.
  • the user terminal 10 has a function of transmitting a conversion key registration request to the conversion server 20 regarding the combination of the predetermined user terminal 10 and another user terminal 10 that can be a communication partner.
  • the user terminal 10 masks the reciprocal number of the encryption key generated for the user terminal 10 and the other user terminal 10 that is the communication partner with the random number sent from the conversion server 20.
  • a function of transmitting the masked encryption key to another user terminal 10 that is a communication partner is provided.
  • the other user terminal 10 generates a decryption key by applying the ID of the user terminal 10 as a communication partner and its own secret key to the hash function, and the above-described user terminal 10 with the decryption key.
  • the masked encryption key sent from the server is masked to generate a masked conversion key, and the masked conversion key is transmitted to the conversion server 20.
  • the user terminal 10 has a function of transmitting to the conversion server 20 an erasure request related to a predetermined other user terminal 10 paired with the corresponding user terminal 10 among the conversion keys managed by the conversion server 20. It has.
  • the user terminal 10 transmits a conversion key registration request regarding the proxy user terminal 10 of the predetermined user terminal 10 to the conversion server 20, and uses the random number transmitted from the conversion server 20 in response to the registration request. Has the ability to get.
  • the proxy user terminal 10 is also one of the user terminals 10 and can be in any position depending on the situation. Therefore, even if the function or configuration described as the proxy user terminal 10 is provided as a function or configuration common to the user terminal 10 (hereinafter the same).
  • the user terminal 10 generates a masked encryption key by masking the reciprocal of the encryption key based on the ID of the proxy user terminal 10 and the secret key of the predetermined user terminal 10 with the above random number, A function of transmitting the masked encryption key to the proxy user terminal 10 is provided.
  • the proxy user terminal 10 receives the masked encryption key from the user terminal 10 described above, and uses the masked encryption key as the ID of the user terminal 10 and the secret key of the proxy user terminal 10.
  • a masking conversion key is generated by performing a mask process with a decryption key based on the above and a function of transmitting the masking conversion key to the conversion server 20 is provided.
  • the proxy user terminal 10 transmits a browsing record request to the conversion server 20 for a message addressed to the user terminal 10 that is permitted to browse messages on the proxy.
  • the conversion key storage unit 225 specifies the conversion key for the agent held for the combination of the proxy user terminal 10 and the user terminal 10 described above, and the conversion key for the agent uses the conversion key for the agent.
  • the message re-encrypted with commutability for the above-described user terminal 10 is further encrypted, and the re-encrypted message is transmitted to the proxy user terminal 10. Therefore, the proxy user terminal 10 has a function of receiving the re-re-encrypted message transmitted from the conversion server 20 and decrypting the received re-re-encrypted message with its own decryption key.
  • FIG. 4 is a diagram illustrating a specific example of an operator used for processing by the cryptographic system 1 according to the present embodiment.
  • the first operator is the “ ⁇ ” operator.
  • the operator “ ⁇ ” is an operator for commutative mask processing, and is an operator that performs processing for masking data A with data B. This calculation is referred to as “B • A”. Note that the mask processing here refers to processing in which data B is applied to data A and converted to another value.
  • the operator “ ⁇ ” has the following properties.
  • the second operator is an “f (,)” operator.
  • the operator “f (,)” is an encryption processing operator that is commutative with respect to the encryption key, and is an operator that encrypts the data A with the encryption key K. This calculation is referred to as “f (K, A)”.
  • the operator “f (,)” has the following properties.
  • the operator “ ⁇ ” and the operator “f (,)” may perform the same arithmetic processing, or may perform different arithmetic processing satisfying the above-described properties.
  • the data A can be decrypted by re-encrypting the ciphertext using the reciprocal of the encryption key due to the property (c).
  • the third operator is the “h (,)” operator.
  • “H (,)” is a hash function with one piece of data as an input, for example, “SHA256”.
  • FIG. 5 is a sequence diagram showing a processing procedure example 1 of the cryptographic processing method according to the present embodiment. Specifically, in order to send a message from the user terminal C10_3 to the user terminal A10_1, the conversion server 20 is notified in advance. It is a sequence diagram which shows the flow until registering a conversion key. As shown in the sequence diagram of FIG. 5, the user terminal 10 can make a conversion key registration request to the conversion server 20. The start timing of this process may be any time before the corresponding user terminal 10 starts communication with the communication partner.
  • the user terminal C10_3 sends a message to the other user terminal A10_1.
  • a conversion key registration application is made to notify that the conversion key with the terminal A10_1 is to be registered (S001).
  • the conversion server 20 receives the above-described conversion key registration application via the network 30, and generates a random number p triggered by this reception (S002).
  • An existing technique may be adopted as a random number generation method.
  • the conversion server 20 sends the generated random number p to the transmission source of the conversion key registration application, that is, the above-described user terminal C10_3 (S003).
  • the user terminal C10_3 that has received the random number p from the conversion server 20 generates its own private key managed by the key storage unit 126 in order to generate an encryption key with the user terminal A10_1 that is the communication partner.
  • “K c ” and “ID a ”, which is the public ID of the user terminal A10_1 managed in the public ID storage unit 125, are input to the hash function, and the hash value “h (K c , ID a )” is input. Is calculated (S004). This hash value becomes an encryption key when the user terminal C10_3 uses the user terminal A10_1 as a communication partner.
  • the user terminal C10_3 that has calculated the encryption key in this way uses the random number p transmitted by the conversion server 20 in step S003 described above, and masks the reciprocal number of the encryption key “p ⁇ h (K c , ID a ) -1 "is calculated and transmitted to the user terminal A10_1 as a masked encryption key (S005).
  • the user terminal A10_1 receives the above-described masked encryption key, the user terminal A10_1 has its own private key managed by its own key storage unit 126 in order to generate a decryption key with the user terminal C10_3.
  • “K a ” and “ID c ” which is the public ID of the user terminal C10_3 managed by the public ID storage unit 125 are input to the hash function, and the hash value “h (K a , ID c )” is input. Is calculated (S006). This hash value becomes a decryption key when the user terminal A10_1 uses the user terminal C10_3 as a communication partner.
  • the user terminal A10_1 that has calculated the decryption key as described above masks the masked encryption key sent from the user terminal C10_3 using the decryption key to obtain “h (K a , ID c ) ⁇ p ⁇ h (K c , ID a ) -1 "is calculated and sent to the conversion server 20 as a masked conversion key (S007).
  • the conversion server 20 that has calculated the conversion key registers the conversion key in the conversion key storage unit 225 of the storage device 201 as “a conversion key from the user terminal C10_3 to the user terminal A10_1” (S009).
  • the conversion key is registered in the conversion server 20, but after that, the conversion key registered in the conversion server 20 may be unnecessary for the user. For example, when there is a request to quickly delete a conversion key related to a contract partner whose previous business relationship has been canceled and the future contact schedule has disappeared, or a communication partner suspected of information leakage, etc. Is applicable.
  • FIG. 6 is a sequence diagram showing a processing procedure example 2 of the cryptographic processing method of the present embodiment. Specifically, the conversion key registered in the conversion server 20 by the conversion key deletion application from the user terminal A10_1.
  • FIG. 6 is a sequence diagram showing a flow until deleting a conversion key and a flow until deleting a conversion key by a conversion key deletion application from a user terminal C10_3.
  • the user terminal A10_1 has transmitted to the conversion server 20 a conversion key deletion application including a request to delete the “conversion key for the user terminal A10_1 from the user terminal C10_3” ( S101).
  • the conversion server 20 that has received this conversion key deletion application from the user terminal A10_1 searches the conversion key storage unit 225 for a corresponding conversion key corresponding to the combination of the user terminal C10_3 and the user terminal A10_1,
  • the corresponding conversion key “h (K a , ID c ) ⁇ h (K c , ID a ) ⁇ 1 ” is identified and deleted (S102).
  • the user terminal C10_3 transmits to the conversion server 20 a conversion key deletion application including a request to delete the “conversion key for the user terminal A10_1 from the user terminal C10_3” ( S103).
  • the conversion server 20 that has received the conversion key deletion application from the user terminal C10_3 searches the conversion key storage unit 225 for a corresponding conversion key corresponding to the combination of the user terminal A10_1 and the user terminal C10_3, and The corresponding conversion key “h (K a , ID c ) ⁇ h (K c , ID a ) ⁇ 1 ” is identified and deleted (S104).
  • FIG. 7 is a schematic diagram showing the overall flow of the process described above until the message M is sent from the user terminal C10_3 via the conversion server 20 to the user terminal A10_1.
  • FIG. 8 is a sequence diagram showing a processing procedure example 3 of the encryption processing method according to the present embodiment. Specifically, an encryption message addressed to the user terminal A10_1 is uploaded from the user terminal C10_3 to the conversion server 20.
  • FIG. 10 is a sequence diagram showing a flow until the conversion server 20 re-encrypts the encrypted message for the user terminal A10_1.
  • the user terminal C10_3 that has received a communication start instruction or the like by the user with the input device 105 creates a message M addressed to the user terminal A10_1 that is the communication partner indicated by the above instruction (S201).
  • the message M is created by processing the user-derived text data or text file received by the input device 105 in accordance with a predetermined communication protocol in the network 30, and processing the communication packet. It corresponds to the process to generate.
  • the user terminal C10_3 generates its own private key “K c ” managed by the key storage unit 126 and the public ID storage unit 125 in order to generate an encryption key used for communication with the user terminal A10_1.
  • “ID a ”, which is the public ID of the user terminal A10_1 managed in FIG. 1, is input to the hash function, and a hash value “h (K c , ID a )” as an encryption key is calculated (S202). .
  • the user terminal C10_3 encrypts the message M created in step S201 described above using the encryption key “h (K c , ID a )” calculated in step S202, and the ciphertext “f (h (K ( c , ID a ), M) "are generated (S203).
  • the user terminal C10_3 sends the ciphertext “f (h (K c , ID a ), M)” addressed to the user terminal A10_1 generated in step S203 described above to the conversion server 20 (S204).
  • the conversion server 20 that has received the ciphertext “f (h (K c , ID a ), M)” uses the combination of the user terminal C10_3 and the user terminal A10_1 as a key, and the conversion key storage unit 225 converts the conversion key. And a “conversion key h (K a , ID c ) ⁇ h (K c , ID a ) ⁇ 1 ” from the user terminal C10_3 to the user terminal A10_1 is specified (S205).
  • the conversion server 20 re-encrypts the ciphertext sent from the user terminal C10_3 using the conversion key specified in step S205 described above (S206).
  • the recipher text obtained by this re-encryption has the following configuration due to the nature of each operator.
  • the conversion server 20 that has obtained the re-ciphertext saves the re-ciphertext in the re-ciphertext storage unit 226 in the storage device 201 and prepares for transfer to the user terminal A10_1 that is the communication partner of the user terminal C10_3.
  • FIG. 9 is a sequence diagram showing a processing procedure example 4 of the cryptographic processing method of the present embodiment. Specifically, the user terminal A10_1 decrypts the re-encrypted text re-encrypted for the user terminal A10_1.
  • FIG. 11 is a sequence diagram showing a flow until a message is acquired.
  • the user terminal A10_1 transmits a confirmation request as to whether or not there is a new message addressed to itself to the conversion server 20 (S300).
  • This confirmation request may be transmitted when the user terminal A10_1 receives an instruction from the user through the input device 105, or when the arrival of a predetermined period is detected by a clock function or the like. Good.
  • the conversion server 20 that has received the confirmation request from the user terminal A10_1 searches the re-ciphertext storage unit 226 of the storage device 201 for a message addressed to the user terminal A10_1 based on the ID of the user terminal A10_1.
  • the search result is returned (S301).
  • the user terminal A10_1 that has received the search result from the conversion server 20 notifies the conversion server 20 of an acquisition instruction for the corresponding message when the search result indicates the presence of a new message addressed to the user terminal A10_1. Then, the re-ciphertext “f (h (K a , ID c ), M)” from the user terminal C10_3 is acquired (S302).
  • the user terminal A10_1 that has obtained the re-encrypted text from the user terminal C10_3 generates its own private key “K a that is managed by the key storage unit 126 in order to generate a decryption key with the user terminal C10_3.
  • “ID c ”, which is the public ID of the user terminal C10_3 managed by the public ID storage unit 125, is input to the hash function, and the hash value “h (K a , ID c )” is used as the decryption key. Is calculated (S303).
  • the user terminal C10_3 uses the reciprocal “h (K a , ID c ) ⁇ 1 ” of the decryption key obtained in step S303 described above to use the re-ciphertext “f (h) obtained in step S302 described above.
  • the message M is acquired by decrypting (K a , ID c ), M) ”(S304).
  • the decoding process is as follows.
  • the encryption system 1 of the present embodiment is also used in a situation where the user terminal B10_2 browses a re-encrypted text addressed to the user terminal A10_1 as a proxy for the user terminal A10_1 at the receiving destination, that is, a situation where proxy browsing is required. Is available. Therefore, processing relating to such proxy browsing will be described with reference to FIGS.
  • FIG. 10 is a sequence diagram illustrating a processing procedure example 5 of the cryptographic processing method according to the present embodiment. Specifically, the user terminal B10_2 browses the re-ciphertext sent to the user terminal A10_1 as a proxy.
  • FIG. 6 is a sequence diagram showing a flow until registration of a conversion key for proxy browsing in the conversion server 20 in order to do so.
  • the user terminal A10_1 makes an agent registration application to notify the conversion server 20 that the user terminal B10_2 is a proxy user terminal (S401).
  • This agent registration application is for granting authority that the user terminal B10_2 can perform proxy browsing for messages addressed to the user terminal A10_1 from the user terminal C10_3.
  • the conversion server 20 that has received such agent registration application information generates a random number p '(S402) and sends the random number p' to the user terminal A10_1 (S403).
  • the user terminal A10_1 that has received the random number p ′ described above has its own secret key “K a ” managed by the key storage unit 126 in order to generate an encryption key with the user terminal B10_2, “ID c ”, which is the public ID of the user terminal C10_3 managed by the public ID storage unit 125, is input to the hash function, and a hash value “h (K_a, ID_c)”, which is a decryption key, is calculated ( S404).
  • This hash value becomes a decryption key when the user terminal A10_1 uses the user terminal C10_3 as a communication partner.
  • the user terminal A10_1 that has calculated the decryption key masks the reciprocal number of the decryption key using the random number p ′ sent from the conversion server 20, and uses the masked encryption key “p ′ ⁇ h ( K a , ID c ) -1 "is calculated and sent to the user terminal B10_2 (S405).
  • the user terminal B10_2 that has received the masked encryption key described above has its own private key “K” managed by the key storage unit 126 in order to generate a decryption key used for communication with the user terminal A10_1.
  • b ”and“ ID a ” which is the public ID of the user terminal A10_1 managed by the public ID storage unit 125 are input to the hash function, and the hash value“ h (K b , ID a) which is the decryption key is input. ) "Is calculated (S406).
  • This hash value becomes a decryption key when the user terminal B10_2 uses the user terminal A10_1 as a communication partner.
  • the user terminal B10_2 that has calculated the decryption key in this way uses the decryption key to mask the masked encryption key sent from the user terminal A10_1, and the value “h (K b , ID a ) ⁇ .
  • p ′ ⁇ h (K a , ID c ) ⁇ 1 ” is calculated and sent to the conversion server 20 as a masked conversion key (S407).
  • the conversion server 20 receives the above-described masked conversion key from the user terminal B10_2, performs a mask process on the masked conversion key using the reciprocal number of the random number p ′, and converts the conversion key “p ′ ⁇ 1 ”.
  • the conversion server 20 registers the conversion key (agent conversion key) calculated in this way in the conversion key storage unit 225 of the storage device 201 as a “conversion key for the user terminal A10_1 to the user terminal B10_2” (S409). ). The process of deleting the conversion key for proxy browsing from the conversion server 20 will be described later.
  • FIG. 11 is a sequence diagram showing a processing procedure example 6 of the cryptographic processing method according to the present embodiment. Specifically, the user terminal B10_2 browses the re-ciphertext sent to the user terminal A10_1 as a proxy. It is a sequence diagram which shows the flow until it does.
  • the user terminal B10_2 having the authority of proxy browsing makes a proxy browsing application including a confirmation request as to whether there is a new message addressed to the user terminal A10_1 to the conversion server 20 (S501).
  • the transmission of the proxy browsing application including the confirmation request may be executed by the user terminal B10_2 in response to the user's instruction at the input device 105, or the arrival of a predetermined period is detected by a clock function or the like. May be executed.
  • the conversion server 20 that has received the proxy browsing application from the user terminal B10_2 searches the re-ciphertext storage unit 226 of the storage device 201 for a message addressed to the user terminal A10_1 based on the ID of the user terminal A10_1. (S502).
  • the conversion server 20 reads from the conversion key storage unit 225 "the conversion key for the user terminal A10_1 to the user terminal B10_2" h ( K b , ID a ) ⁇ h (K a , ID c ) -1 "is searched (S502).
  • the conversion server 20 further re-encrypts, that is, re-re-encrypts the re-encrypted text addressed to the user terminal A10_1 searched for as a new arrival message using the conversion key searched in step S502 (S503). .
  • the re-re-ciphertext obtained in this way is as follows due to the nature of each operator.
  • the user terminal B10_2 requests the conversion server 20 for a re-re-encrypted text “f (h (K b , ID a ), M)” addressed to the user terminal A10_1 and acquires it (S504).
  • the user terminal B10_2 manages its own private key “K b ” managed by the key storage unit 126 and the public ID storage unit 125 in order to generate a decryption key for the user terminal A10_1.
  • the public ID “ID a ” of the user terminal A10_1 is input to the hash function, and the hash value “h (K b , ID a )” that is the decryption key is calculated (S505).
  • the user terminal B10_2 that has calculated the decryption key decrypts the above-mentioned re-re-encrypted text using the reciprocal number “h (K b , ID a ) ⁇ 1 ” of the decryption key, and acquires the message M (S506). .
  • This decoding process is as follows.
  • FIG. 12 is a sequence diagram showing a processing procedure example 7 of the cryptographic processing method according to the present embodiment. Specifically, it is registered in the conversion server 20 by an agent conversion key deletion application from the user terminal A10_1. From the flow until the agent conversion key related to the user terminal B10_2 as the proxy terminal is deleted and the application for deleting the agent conversion key from the user terminal B10_2, It is a sequence diagram which shows a flow.
  • the user terminal A10_1 sends a conversion key deletion application including a request to delete the “conversion key for the agent relating to the combination of the user terminal B10_2 and the user terminal A10_1” to the conversion server 20. (S601).
  • the conversion server 20 that has received the conversion key deletion application from the user terminal A10_1 searches the conversion key storage unit 225 for a corresponding conversion key corresponding to the combination of the user terminal B10_2 and the user terminal A10_1.
  • the corresponding conversion key “h (K b , ID a ) ⁇ h (K a , ID c ) ⁇ 1 ” is identified and deleted (S602).
  • the conversion terminal 20 applies a conversion key deletion application including a request for the user terminal B10_2 to delete the “conversion key for the agent relating to the combination of the user terminal A10_1 and the user terminal B10_2”. (S603).
  • the conversion server 20 that has received the conversion key deletion application from the user terminal B10_2 searches the conversion key storage unit 225 for a corresponding conversion key corresponding to the combination of the user terminal B10_2 and the user terminal A10_1.
  • the corresponding conversion key “h (K b , ID a ) ⁇ h (K a , ID c ) ⁇ 1 ” is identified and deleted (S604).
  • the present invention can be applied to the My Portal system in the social security / tax number system that the Japanese government is considering.
  • the function of the conversion server 20 of the present invention may be built on the same physical device as one function of My Portal, or physically separated from My Portal.
  • the function of the conversion server 20 of the present invention may be constructed on another device simply by bridging data.
  • the encryption key and the decryption key for encrypting and decrypting data are dynamically generated from the user's own private key and the public ID information of the communication partner.
  • Each user can have only one secret information (secret key) that should be constantly managed.
  • secret key secret key
  • the confidential information (secret key) to be managed by each user is made one as in the case of the public key encryption-based protocol. Can be improved.
  • the server receives a message encrypted with the key from the terminal, and uses the conversion key that is a commutative function held for each combination of terminals, The message may be re-encrypted for the destination terminal indicated by the received message, and the re-encrypted message may be transmitted to the destination terminal.
  • the server can efficiently mediate secure communication between terminals, and the number of secret keys managed as secret information at each terminal can be minimized.
  • the server itself is configured not to decrypt messages from the intermediary terminal, and the risk of information leakage on the server side is also suppressed.
  • the server returns a predetermined value to the predetermined terminal in response to the conversion key registration request from the predetermined terminal, and the predetermined terminal masked with the predetermined value.
  • a predetermined key obtained by further masking the reciprocal number of the key with the key of the other terminal is received from the other terminal, and an exchange law based on the predetermined value is applied to the received predetermined key to obtain the key of the predetermined terminal.
  • a conversion key obtained by masking the reciprocal with the key of the other terminal may be calculated, and the conversion key may be stored in the storage device.
  • the server it is possible to hold a conversion key for each combination according to the request of the terminal user for each terminal that is a communication mediation target. Accordingly, the server does not hold unnecessary conversion keys between terminals that are not scheduled to perform communication, and waste of resources used for conversion key management in the server can be eliminated, and efficient conversion key management can be realized.
  • the predetermined terminal transmits a conversion key registration request to the server regarding the combination of the predetermined terminal and another terminal that can be a communication partner, and the server
  • the server When a value is returned to the predetermined terminal, a random number corresponding to the predetermined value is generated in response to a registration request from the predetermined terminal, the random number is returned to the predetermined terminal, and the predetermined terminal is the other terminal serving as a communication partner
  • the public information and its own secret information are applied to a one-way function to generate an output value as an encryption key, and a masked encryption key obtained by masking the reciprocal of the encryption key with the random number is transmitted to the other terminal.
  • the other terminal applies the public information of the predetermined terminal as a communication partner and its own secret information to a one-way function, generates an output value as a decryption key, and masks the masked encryption key with the decryption key Process
  • the masked conversion key is transmitted to the server, and the server applies an exchange law using the random number to the masked conversion key received from the other terminal, and masks the encryption key with the decryption key. It is also possible to calculate the converted key and store the converted key in a storage device.
  • the server receives a deletion request regarding a predetermined other terminal paired with the corresponding terminal among the conversion keys from any one of the terminals
  • a search may be executed in the storage device using the combination information of the terminal indicated by the deletion request and the predetermined other terminal as a key, and the conversion key specified in the search may be deleted from the storage device.
  • the risk of information leakage is not in line with user intentions due to holding unnecessary conversion keys. You can avoid the risk of intermediary of invited communications.
  • the server returns a predetermined value to the predetermined terminal in response to a registration request for the commutative function related to the proxy terminal of the predetermined terminal from the predetermined terminal, and the predetermined terminal
  • the reciprocal number of the first key based on the public information of the proxy terminal and the secret information of the predetermined terminal, masked with a value, is the second key based on the public information of the predetermined terminal and the secret information of the proxy terminal.
  • the masked third key is received from the proxy terminal, an exchange law based on the predetermined value is applied to the received third key, and the reciprocal of the first key is masked by the third key.
  • Calculate the processed agent commutability function store the agent commutability function in a storage device, and in response to a request for browsing the message addressed to the predetermined terminal from the proxy terminal, A combination of a proxy terminal and the predetermined terminal
  • the proxy commutability function that is stored in relation to the message is specified in the storage device, and the re-encrypted message having the commutability for the predetermined terminal is further encrypted by the agent commutability function.
  • the re-encrypted message is transmitted to the proxy terminal, the proxy terminal receives the re-re-encrypted message transmitted from the server, and the received re-re-encrypted message is transmitted to the proxy terminal. It is also possible to decrypt with two keys.
  • the predetermined terminal transmits a registration request for the agent commutability function to the server regarding the combination of the proxy predetermined terminal and the proxy terminal, and the server When the predetermined value is returned to the predetermined terminal, a random number corresponding to the predetermined value is generated in response to the registration request, and the random number is returned to the predetermined terminal.
  • the predetermined terminal receives the public information of the proxy terminal and Applying its own secret information to a one-way function, generating an encryption key as the first key, transmitting a masked encryption key obtained by masking the reciprocal of the encryption key with the random number to the proxy terminal, and
  • the terminal applies public information of the predetermined terminal and its own secret information to a one-way function, generates a decryption key as the second key, and performs masking conversion by masking the masked encryption key with the decryption key Key to the server
  • the server applies the exchange rule using the random number to the masked conversion key received from the proxy terminal, and masks the encryption key with the decryption key.
  • the proxy conversion key may be calculated, and the proxy conversion key may be stored in the storage device.
  • the conversion key generation and registration processing relating to the proxy terminal in response to the user request can be performed securely, and the overall encryption processing method can be improved while allowing message browsing by the proxy terminal. .
  • the server receives, from any one of the terminals, a deletion request related to the proxy terminal associated with the corresponding terminal among the conversion keys, and A search may be performed in the storage device using the combination information of the terminal and the proxy terminal indicated by the deletion request as a key, and the conversion key specified in the search may be deleted from the storage device.
  • the conversion key that is no longer needed is securely deleted between the proxy terminal and the terminal of the party that has permitted message browsing by the proxy terminal, and the unnecessary conversion key is retained in the server. Accordingly, it is possible to avoid the risk of mediating communication by a proxy terminal that does not follow the user's intention and invites even the risk of information leakage. In addition, it is possible to realize efficient conversion key management by eliminating waste of resources used for conversion key management in the server.
  • a message encrypted with the key is received from a storage device storing a conversion key that is a commutative function corresponding to each combination of terminals, and the predetermined terminal, and the predetermined
  • the storage device identifies a conversion key stored for the combination of the terminal and the destination terminal indicated by the received message, and re-encrypts the message for the destination terminal using the corresponding conversion key.
  • the server may further include an arithmetic unit that executes and transmits the re-encrypted message to the destination terminal.
  • secure communication between terminals can be efficiently mediated by the server, and the number of secret keys managed as secret information at each terminal can be suppressed to the minimum.
  • the server itself is configured not to decrypt messages from the intermediary terminal, and the risk of information leakage on the server side is also suppressed.
  • the server returns a predetermined value to the predetermined terminal in response to the conversion key registration request from the predetermined terminal, and the key of the predetermined terminal masked with the predetermined value.
  • a predetermined key obtained by further masking the reciprocal number of the key with the key of the other terminal is received from the other terminal, and the reciprocal number of the key of the predetermined terminal is applied to the received predetermined key based on the exchange rule based on the predetermined value.
  • the conversion key obtained by masking with the key of the other terminal may be calculated, and the conversion key may be stored in the storage device.
  • the server can hold the conversion key for each combination according to the request of the terminal user with respect to each terminal that is a communication mediation target. Accordingly, the server does not hold unnecessary conversion keys between terminals that are not scheduled to perform communication, and waste of resources used for conversion key management in the server can be eliminated, and efficient conversion key management can be realized.
  • the arithmetic device returns a predetermined value to the predetermined terminal in response to the conversion key registration request from the predetermined terminal, and the key of the predetermined terminal masked with the predetermined value.
  • a predetermined key obtained by further masking the reciprocal number of the key with the key of the other terminal is received from the other terminal, and the reciprocal number of the key of the predetermined terminal is applied to the received predetermined key based on the exchange rule based on the predetermined value.
  • the conversion key obtained by masking with the key of the other terminal may be calculated, and the conversion key may be stored in the storage device.

Abstract

La présente invention concerne une technologie cryptographique qui présente d'excellentes propriétés de réduction de la charge de gestion d'informations confidentielles sur chaque utilisateur tout en assurant des performances appropriées de traitement cryptographique à haute vitesse. L'invention porte ainsi sur un procédé de traitement cryptographique, chacun des terminaux (10) communiquant entre eux utilisant, en tant que clé , une valeur de sortie d'une fonction de chiffrement unidirectionnelle par rapport à des informations publiques relatives à un partenaire de communication et à des informations secrètes relatives au propre terminal, lors d'une émission de message, chiffre un message d'objet au moyen de la clé et émet le message vers un serveur (20) prédéfini, et, lors d'une réception de message, reçoit le message à nouveau chiffré au moyen d'une commutativité pour le terminal en provenance du serveur (20), et déchiffre le message reçu au moyen de sa propre clé.
PCT/JP2014/075428 2013-10-04 2014-09-25 Procédé de traitement cryptographique, système cryptographique, et serveur WO2015050030A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201480050943.3A CN105556890B (zh) 2013-10-04 2014-09-25 加密处理方法、加密系统以及服务器

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2013-208917 2013-10-04
JP2013208917A JP6058514B2 (ja) 2013-10-04 2013-10-04 暗号処理方法、暗号システム、およびサーバ

Publications (1)

Publication Number Publication Date
WO2015050030A1 true WO2015050030A1 (fr) 2015-04-09

Family

ID=52778621

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2014/075428 WO2015050030A1 (fr) 2013-10-04 2014-09-25 Procédé de traitement cryptographique, système cryptographique, et serveur

Country Status (3)

Country Link
JP (1) JP6058514B2 (fr)
CN (1) CN105556890B (fr)
WO (1) WO2015050030A1 (fr)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP6385721B2 (ja) * 2014-06-04 2018-09-05 株式会社日立製作所 再暗号化鍵生成方法、再暗号化方法、再暗号化鍵生成システム及び再暗号化システム
KR102290605B1 (ko) * 2016-12-20 2021-08-18 니폰 덴신 덴와 가부시끼가이샤 메시지 송신 시스템, 통신 단말, 서버 장치, 메시지 송신 방법 및 프로그램
US10846302B1 (en) * 2018-03-02 2020-11-24 Amazon Technologies, Inc. Replication event ordering using an external data store
JP7212697B2 (ja) * 2018-10-24 2023-01-25 日本電信電話株式会社 通信端末、通信システム、及びプログラム
CN111046047B (zh) * 2019-12-17 2023-05-09 支付宝(杭州)信息技术有限公司 保护隐私的数据查询方法及装置

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004147277A (ja) * 2002-08-28 2004-05-20 Ricoh Co Ltd ファクシミリ装置及びファクシミリネットワークシステム
JP2012237881A (ja) * 2011-05-12 2012-12-06 Nippon Telegr & Teleph Corp <Ntt> 情報提供システム、仲介装置、情報提供装置、仲介方法、情報提供方法、及びプログラム

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2414144B (en) * 2004-04-19 2006-07-26 Matsushita Electric Ind Co Ltd Fast and secure connectivity for a mobile node
CN102299795A (zh) * 2010-06-23 2011-12-28 航天信息股份有限公司 基于身份的签密方法和系统
CN102025505A (zh) * 2010-12-16 2011-04-20 浪潮(北京)电子信息产业有限公司 一种基于aes算法的加密、解密方法及装置
US8873754B2 (en) * 2011-12-20 2014-10-28 Huawei Technologies Co., Ltd. Proxy-based encryption method, proxy-based decryption method, network equipment, network device and system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004147277A (ja) * 2002-08-28 2004-05-20 Ricoh Co Ltd ファクシミリ装置及びファクシミリネットワークシステム
JP2012237881A (ja) * 2011-05-12 2012-12-06 Nippon Telegr & Teleph Corp <Ntt> 情報提供システム、仲介装置、情報提供装置、仲介方法、情報提供方法、及びプログラム

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
EIJI OKAMOTO: "Cryptogram technology for realization of a bright information society 5. Distribution management of a cipher key", BIT, vol. 23, no. 12, 1 November 1991 (1991-11-01), pages 51 - 59 *
HISAO SAKAZAKI ET AL.: "Kyotsu Kagi Ango Base no Sai Ango Hoshiki no Kento", 2014 NEN SYMPOSIUM ON CRYPTOGRAPHY AND INFORMATION SECURITY SCIS2014, 21 January 2014 (2014-01-21), pages 1 - 8 *
KAZUKI TAKAYAMA ET AL.: "A Re- encryption Method on a Distributed Storage without Generating Cleartexts", IPSJ SIG NOTES, vol. 2008, no. 88, 14 September 2008 (2008-09-14), pages 169 - 174 *

Also Published As

Publication number Publication date
CN105556890B (zh) 2018-11-13
CN105556890A (zh) 2016-05-04
JP2015073238A (ja) 2015-04-16
JP6058514B2 (ja) 2017-01-11

Similar Documents

Publication Publication Date Title
KR102432299B1 (ko) 양자 키 분배에 기초하는 암호화 및 복호화를 위한 시스템 및 방법
US11146391B2 (en) Orthogonal access control for groups via multi-hop transform encryption
JP6363032B2 (ja) 鍵付替え方向制御システムおよび鍵付替え方向制御方法
US10735186B2 (en) Revocable stream ciphers for upgrading encryption in a shared resource environment
CN105610793A (zh) 一种外包数据加密存储与密文查询系统及其应用方法
JP6058514B2 (ja) 暗号処理方法、暗号システム、およびサーバ
KR20160114624A (ko) 연관된 개인 키 부분을 사용하는 보다 빠른 공개 키 암호화를 위한 시스템들 및 방법들
WO2018017168A2 (fr) Système et procédé de chiffrement et de déchiffrement sur la base d&#39;une distribution de clés quantiques
US9479330B2 (en) Method, information service system and program for information encryption/decryption
CN103986723A (zh) 一种保密通信控制、保密通信方法及装置
JP6302851B2 (ja) 再暗号化方法、再暗号化システム、および再暗号化装置
US20210194694A1 (en) Data processing system
JP2006279269A (ja) 情報管理装置、情報管理システム、ネットワークシステム、ユーザ端末、及びこれらのプログラム
WO2015156145A1 (fr) Procédé de re-chiffrement, système de re-chiffrement et dispositif de re-chiffrement
KR102526114B1 (ko) 암호화 및 복호화를 위한 장치 및 방법
JP2014099727A (ja) 鍵共有システム、鍵共有方法、プログラム
KR20200131688A (ko) 비밀키 생성 장치 및 방법, 연산키 생성 장치 및 방법
KR20150101896A (ko) 인터클라우드 환경에서의 데이터 공유 시스템 및 공유 방법
JP2019129490A (ja) 暗号化処理装置、暗号化処理システムおよび暗号化処理方法
JP6385721B2 (ja) 再暗号化鍵生成方法、再暗号化方法、再暗号化鍵生成システム及び再暗号化システム
Raina et al. A Framework for Security Management in Cloud Based on Quantum Cryptography
CN113343281A (zh) 面向数据交易的otp加密即服务云计算方法及系统
JP2002149608A (ja) 暗号の複合化による機密管理システム、暗号の複合化による機密管理方法及びその方法をコンピュータに実行させるプログラムを記録したコンピュータ読み取り可能な記録媒体
JP2006067412A (ja) 暗号伝送システム、送信装置、受信装置、送信方法、受信方法、ならびに、プログラム
JP2016090603A (ja) 暗号化処理装置、暗号化処理システムおよび暗号化処理方法

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 201480050943.3

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14850970

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14850970

Country of ref document: EP

Kind code of ref document: A1